diff --git a/refpolicy/build.conf b/refpolicy/build.conf index 916a0636..5a22b479 100644 --- a/refpolicy/build.conf +++ b/refpolicy/build.conf @@ -14,7 +14,7 @@ # strict, targeted, # strict-mls, targeted-mls, # strict-mcs, targeted-mcs -TYPE = targeted-mcs +TYPE = strict # Policy Name # If set, this will be used as the policy @@ -29,14 +29,14 @@ NAME = refpolicy # for the distribution. # redhat, gentoo, debian, and suse are current options. # Fedora users should enable redhat. -DISTRO = redhat +#DISTRO = redhat # Direct admin init # Setting this will allow sysadm to directly # run init scripts, instead of requring run_init. # This is a build option, as role transitions do # not work in conditional policy. -DIRECT_INITRC=y +#DIRECT_INITRC=n # Build monolithic policy. Putting n here # will build a loadable module policy. diff --git a/refpolicy/policy/modules.conf b/refpolicy/policy/modules.conf deleted file mode 100644 index c5c447d8..00000000 --- a/refpolicy/policy/modules.conf +++ /dev/null @@ -1,875 +0,0 @@ -# -# This file contains a listing of available modules. -# To prevent a module from being used in policy -# creation, set the module name to "off". -# -# For monolithic policies, modules set to "base" and "module" -# will be built into the policy. -# -# For modular policies, modules set to "base" will be -# included in the base module. "module" will be compiled -# as individual loadable modules. -# - -# Layer: kernel -# Module: filesystem -# Required in base -# -# Policy for filesystems. -# -filesystem = base - -# Layer: kernel -# Module: selinux -# Required in base -# -# Policy for kernel security interface, in particular, selinuxfs. -# -selinux = base - -# Layer: kernel -# Module: mls -# Required in base -# -# Multilevel security policy -# -mls = base - -# Layer: kernel -# Module: terminal -# Required in base -# -# Policy for terminals. -# -terminal = base - -# Layer: kernel -# Module: kernel -# Required in base -# -# Policy for kernel threads, proc filesystem,and unlabeled processes and objects. -# -kernel = base - -# Layer: kernel -# Module: devices -# Required in base -# -# Device nodes and interfaces for many basic system devices. -# -devices = base - -# Layer: kernel -# Module: corenetwork -# Required in base -# -# Policy controlling access to network objects -# -corenetwork = base - -# Layer: system -# Module: corecommands -# Required in base -# -# Core policy for shells, and generic programs -# in /bin, /sbin, /usr/bin, and /usr/sbin. -# -corecommands = base - -# Layer: system -# Module: files -# Required in base -# -# Basic filesystem types and interfaces. -# -files = base - -# Layer: system -# Module: domain -# Required in base -# -# Core policy for domains. -# -domain = base - -# Layer: admin -# Module: usermanage -# -# Policy for managing user accounts. -# -usermanage = base - -# Layer: admin -# Module: rpm -# -# Policy for the RPM package manager. -# -rpm = base - -# Layer: admin -# Module: tmpreaper -# -# Manage temporary directory sizes and file ages -# -tmpreaper = off - -# Layer: admin -# Module: kudzu -# -# Hardware detection and configuration tools -# -kudzu = base - -# Layer: admin -# Module: anaconda -# -# Policy for the Anaconda installer. -# -anaconda = base - -# Layer: admin -# Module: netutils -# -# Network analysis utilities -# -netutils = base - -# Layer: admin -# Module: acct -# -# Berkeley process accounting -# -acct = base - -# Layer: admin -# Module: sudo -# -# Execute a command with a substitute user -# -sudo = off - -# Layer: admin -# Module: firstboot -# -# Final system configuration run during the first boot -# after installation of Red Hat/Fedora systems. -# -firstboot = base - -# Layer: admin -# Module: su -# -# Run shells with substitute user and group -# -su = base - -# Layer: admin -# Module: quota -# -# File system quota management -# -quota = off - -# Layer: admin -# Module: dmesg -# -# Policy for dmesg. -# -dmesg = base - -# Layer: admin -# Module: logrotate -# -# Rotate and archive system logs -# -logrotate = off - -# Layer: admin -# Module: vpn -# -# Virtual Private Networking client -# -vpn = off - -# Layer: admin -# Module: consoletype -# -# Determine of the console connected to the controlling terminal. -# -consoletype = base - -# Layer: admin -# Module: updfstab -# -# Red Hat utility to change /etc/fstab. -# -updfstab = base - -# Layer: admin -# Module: dmidecode -# -# Decode DMI data for x86/ia64 bioses. -# -dmidecode = base - -# Layer: admin -# Module: amanda -# -# Automated backup program. -# -amanda = base - -# Layer: apps -# Module: webalizer -# -# Web server log analysis -# -webalizer = base - -# Layer: apps -# Module: loadkeys -# -# Load keyboard mappings. -# -loadkeys = base - -# Layer: apps -# Module: gpg -# -# Policy for GNU Privacy Guard and related programs. -# -gpg = off - -# Layer: kernel -# Module: bootloader -# -# Policy for the kernel modules, kernel image, and bootloader. -# -bootloader = base - -# Layer: kernel -# Module: storage -# -# Policy controlling access to storage devices -# -storage = base - -# Layer: services -# Module: portmap -# -# RPC port mapping service. -# -portmap = base - -# Layer: services -# Module: remotelogin -# -# Policy for rshd, rlogind, and telnetd. -# -remotelogin = base - -# Layer: services -# Module: ntp -# -# Network time protocol daemon -# -ntp = base - -# Layer: services -# Module: rlogin -# -# Remote login daemon -# -rlogin = base - -# Layer: services -# Module: inetd -# -# Internet services daemon. -# -inetd = base - -# Layer: services -# Module: ktalk -# -# KDE Talk daemon -# -ktalk = base - -# Layer: services -# Module: finger -# -# Finger user information service. -# -finger = base - -# Layer: services -# Module: howl -# -# Port of Apple Rendezvous multicast DNS -# -howl = base - -# Layer: services -# Module: tftp -# -# Trivial file transfer protocol daemon -# -tftp = base - -# Layer: services -# Module: kerberos -# -# MIT Kerberos admin and KDC -# -kerberos = base - -# Layer: services -# Module: gpm -# -# General Purpose Mouse driver -# -gpm = off - -# Layer: services -# Module: uucp -# -# Unix to Unix Copy -# -uucp = base - -# Layer: services -# Module: apache -# -# Apache web server -# -apache = base - -# Layer: services -# Module: dhcp -# -# Dynamic host configuration protocol (DHCP) server -# -dhcp = base - -# Layer: services -# Module: inn -# -# Internet News NNTP server -# -inn = base - -# Layer: services -# Module: sendmail -# -# Policy for sendmail. -# -sendmail = base - -# Layer: services -# Module: dbus -# -# Desktop messaging bus -# -dbus = base - -# Layer: services -# Module: rshd -# -# Remote shell service. -# -rshd = base - -# Layer: services -# Module: radvd -# -# IPv6 router advertisement daemon -# -radvd = base - -# Layer: services -# Module: sasl -# -# SASL authentication server -# -sasl = base - -# Layer: services -# Module: postgresql -# -# PostgreSQL relational database -# -postgresql = base - -# Layer: services -# Module: hal -# -# Hardware abstraction layer -# -hal = base - -# Layer: services -# Module: zebra -# -# Zebra border gateway protocol network routing service -# -zebra = base - -# Layer: services -# Module: ldap -# -# OpenLDAP directory server -# -ldap = base - -# Layer: services -# Module: mysql -# -# Policy for MySQL -# -mysql = base - -# Layer: services -# Module: bind -# -# Berkeley internet name domain DNS server. -# -bind = base - -# Layer: services -# Module: snmp -# -# Simple network management protocol services -# -snmp = base - -# Layer: services -# Module: squid -# -# Squid caching http proxy server -# -squid = base - -# Layer: services -# Module: mailman -# -# Mailman is for managing electronic mail discussion and e-newsletter lists -# -mailman = base - -# Layer: services -# Module: dictd -# -# Dictionary daemon -# -dictd = base - -# Layer: services -# Module: privoxy -# -# Privacy enhancing web proxy. -# -privoxy = base - -# Layer: services -# Module: nis -# -# Policy for NIS (YP) servers and clients -# -nis = base - -# Layer: services -# Module: telnet -# -# Telnet daemon -# -telnet = base - -# Layer: services -# Module: comsat -# -# Comsat, a biff server. -# -comsat = base - -# Layer: services -# Module: ssh -# -# Secure shell client and server policy. -# -ssh = base - -# Layer: services -# Module: cvs -# -# Concurrent versions system -# -cvs = base - -# Layer: services -# Module: ppp -# -# Point to Point Protocol daemon creates links in ppp networks -# -ppp = base - -# Layer: services -# Module: arpwatch -# -# Ethernet activity monitor. -# -arpwatch = base - -# Layer: services -# Module: bluetooth -# -# Bluetooth tools and system services. -# -bluetooth = base - -# Layer: services -# Module: apm -# -# Advanced power management daemon -# -apm = base - -# Layer: services -# Module: mta -# -# Policy common to all email tranfer agents. -# -mta = base - -# Layer: services -# Module: nscd -# -# Name service cache daemon -# -nscd = base - -# Layer: services -# Module: stunnel -# -# SSL Tunneling Proxy -# -stunnel = base - -# Layer: services -# Module: distcc -# -# Distributed compiler daemon -# -distcc = off - -# Layer: services -# Module: samba -# -# SMB and CIFS client/server programs for UNIX and -# name Service Switch daemon for resolving names -# from Windows NT servers. -# -samba = base - -# Layer: services -# Module: cyrus -# -# Cyrus is an IMAP service intended to be run on sealed servers -# -cyrus = base - -# Layer: services -# Module: ftp -# -# File transfer protocol service -# -ftp = base - -# Layer: services -# Module: cpucontrol -# -# Services for loading CPU microcode and CPU frequency scaling. -# -cpucontrol = base - -# Layer: services -# Module: dovecot -# -# Dovecot POP and IMAP mail server -# -dovecot = base - -# Layer: services -# Module: rsync -# -# Fast incremental file transfer for synchronization -# -rsync = base - -# Layer: services -# Module: canna -# -# Canna - kana-kanji conversion server -# -canna = base - -# Layer: services -# Module: cron -# -# Periodic execution of scheduled commands. -# -cron = base - -# Layer: services -# Module: tcpd -# -# Policy for TCP daemon. -# -tcpd = off - -# Layer: services -# Module: xdm -# -# X windows login display manager -# -xdm = base - -# Layer: services -# Module: networkmanager -# -# Manager for dynamically switching between networks. -# -networkmanager = base - -# Layer: services -# Module: dbskk -# -# Dictionary server for the SKK Japanese input method system. -# -dbskk = base - -# Layer: services -# Module: pegasus -# -# The Open Group Pegasus CIM/WBEM Server. -# -pegasus = base - -# Layer: services -# Module: radius -# -# RADIUS authentication and accounting server. -# -radius = base - -# Layer: services -# Module: spamassassin -# -# Filter used for removing unsolicited email. -# -spamassassin = base - -# Layer: services -# Module: postfix -# -# Postfix email server -# -postfix = base - -# Layer: services -# Module: cups -# -# Common UNIX printing system -# -cups = base - -# Layer: services -# Module: rpc -# -# Remote Procedure Call Daemon for managment of network based process communication -# -rpc = base - -# Layer: services -# Module: lpd -# -# Line printer daemon -# -lpd = base - -# Layer: services -# Module: avahi -# -# mDNS/DNS-SD daemon implementing Apple ZeroConf architecture -# -avahi = base - -# Layer: services -# Module: procmail -# -# Procmail mail delivery agent -# -procmail = base - -# Layer: system -# Module: unconfined -# -# The unconfined domain. -# -unconfined = base - -# Layer: system -# Module: selinuxutil -# -# Policy for SELinux policy and userland applications. -# -selinuxutil = base - -# Layer: system -# Module: getty -# -# Policy for getty. -# -getty = base - -# Layer: system -# Module: mount -# -# Policy for mount. -# -mount = base - -# Layer: system -# Module: ipsec -# -# TCP/IP encryption -# -ipsec = off - -# Layer: system -# Module: locallogin -# -# Policy for local logins. -# -locallogin = base - -# Layer: system -# Module: logging -# -# Policy for the kernel message logger and system logging daemon. -# -logging = base - -# Layer: system -# Module: sysnetwork -# -# Policy for network configuration: ifconfig and dhcp client. -# -sysnetwork = base - -# Layer: system -# Module: fstools -# -# Tools for filesystem management, such as mkfs and fsck. -# -fstools = base - -# Layer: system -# Module: pcmcia -# -# PCMCIA card management services -# -pcmcia = base - -# Layer: system -# Module: iptables -# -# Policy for iptables. -# -iptables = off - -# Layer: system -# Module: userdomain -# -# Policy for user domains -# -userdomain = base - -# Layer: system -# Module: hotplug -# -# Policy for hotplug system, for supporting the -# connection and disconnection of devices at runtime. -# -hotplug = base - -# Layer: system -# Module: clock -# -# Policy for reading and setting the hardware clock. -# -clock = base - -# Layer: system -# Module: lvm -# -# Policy for logical volume management programs. -# -lvm = off - -# Layer: system -# Module: modutils -# -# Policy for kernel module utilities -# -modutils = base - -# Layer: system -# Module: init -# -# System initialization programs (init and init scripts). -# -init = base - -# Layer: system -# Module: udev -# -# Policy for udev. -# -udev = base - -# Layer: system -# Module: hostname -# -# Policy for changing the system host name. -# -hostname = base - -# Layer: system -# Module: raid -# -# RAID array management tools -# -raid = off - -# Layer: system -# Module: libraries -# -# Policy for system libraries. -# -libraries = base - -# Layer: system -# Module: miscfiles -# -# Miscelaneous files. -# -miscfiles = base - -# Layer: system -# Module: authlogin -# -# Common policy for authentication and user login. -# -authlogin = base -