From fc93f2b404a74472e1be6c842462019a22756cf2 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Mon, 24 Jun 2024 21:21:44 +0200 Subject: [PATCH] Merge -base and -contrib Contrib was merged to main repo long time ago. Makes the build process simpler. Modules enabled in minimum lives in %{_datadir}/selinux/minimum/modules.lst now. Fixes: RPM build warnings: File listed twice: /var/lib/selinux/mls/active/modules/100/unprivuser File listed twice: /var/lib/selinux/mls/active/modules/100/unprivuser/cil File listed twice: /var/lib/selinux/mls/active/modules/100/unprivuser/hll File listed twice: /var/lib/selinux/mls/active/modules/100/unprivuser/lang_ext [skip changelog] Related: RHEL-54303 --- modules-minimum.lst | 50 + modules-mls-base.conf | 380 -- modules-mls-contrib.conf => modules-mls.conf | 396 ++- modules-targeted-base.conf | 393 --- modules-targeted-contrib.conf | 2806 --------------- modules-targeted.conf | 3253 +++++++++++------- selinux-policy.spec | 51 +- 7 files changed, 2387 insertions(+), 4942 deletions(-) create mode 100644 modules-minimum.lst delete mode 100644 modules-mls-base.conf rename modules-mls-contrib.conf => modules-mls.conf (79%) delete mode 100644 modules-targeted-base.conf delete mode 100644 modules-targeted-contrib.conf diff --git a/modules-minimum.lst b/modules-minimum.lst new file mode 100644 index 00000000..c4252c84 --- /dev/null +++ b/modules-minimum.lst @@ -0,0 +1,50 @@ +apache +application +auditadm +authlogin +base +bootloader +clock +dbus +dmesg +fstools +getty +hostname +inetd +init +ipsec +iptables +kerberos +libraries +locallogin +logadm +logging +lvm +miscfiles +modutils +mount +mta +netlabel +netutils +nis +postgresql +secadm +selinuxutil +setrans +seunshare +ssh +staff +su +sudo +sysadm +sysadm_secadm +sysnetwork +systemd +udev +unconfined +unconfineduser +unlabelednet +unprivuser +userdomain +usermanage +xserver diff --git a/modules-mls-base.conf b/modules-mls-base.conf deleted file mode 100644 index 5b21a3eb..00000000 --- a/modules-mls-base.conf +++ /dev/null @@ -1,380 +0,0 @@ -# Layer: kernel -# Module: bootloader -# -# Policy for the kernel modules, kernel image, and bootloader. -# -bootloader = module - -# Layer: kernel -# Module: corenetwork -# Required in base -# -# Policy controlling access to network objects -# -corenetwork = base - -# Layer: admin -# Module: dmesg -# -# Policy for dmesg. -# -dmesg = module - -# Layer: admin -# Module: netutils -# -# Network analysis utilities -# -netutils = module - -# Layer: admin -# Module: sudo -# -# Execute a command with a substitute user -# -sudo = module - -# Layer: admin -# Module: su -# -# Run shells with substitute user and group -# -su = module - -# Layer: admin -# Module: usermanage -# -# Policy for managing user accounts. -# -usermanage = module - -# Layer: apps -# Module: seunshare -# -# seunshare executable -# -seunshare = module - -# Layer: kernel -# Module: corecommands -# Required in base -# -# Core policy for shells, and generic programs -# in /bin, /sbin, /usr/bin, and /usr/sbin. -# -corecommands = base - -# Module: devices -# Required in base -# -# Device nodes and interfaces for many basic system devices. -# -devices = base - -# Module: domain -# Required in base -# -# Core policy for domains. -# -domain = base - -# Layer: system -# Module: userdomain -# -# Policy for user domains -# -userdomain = module - -# Module: files -# Required in base -# -# Basic filesystem types and interfaces. -# -files = base - -# Module: filesystem -# Required in base -# -# Policy for filesystems. -# -filesystem = base - -# Module: kernel -# Required in base -# -# Policy for kernel threads, proc filesystem,and unlabeled processes and objects. -# -kernel = base - -# Module: mcs -# Required in base -# -# MultiCategory security policy -# -mcs = base - -# Module: mls -# Required in base -# -# Multilevel security policy -# -mls = base - -# Module: selinux -# Required in base -# -# Policy for kernel security interface, in particular, selinuxfs. -# -selinux = base - -# Layer: kernel -# Module: storage -# -# Policy controlling access to storage devices -# -storage = base - -# Module: terminal -# Required in base -# -# Policy for terminals. -# -terminal = base - -# Layer: kernel -# Module: ubac -# -# -# -ubac = base - -# Layer: kernel -# Module: unlabelednet -# -# The unlabelednet module. -# -unlabelednet = module - -# Layer: role -# Module: auditadm -# -# auditadm account on tty logins -# -auditadm = module - -# Layer: role -# Module: logadm -# -# Minimally prived root role for managing logging system -# -logadm = module - -# Layer: role -# Module: secadm -# -# secadm account on tty logins -# -secadm = module - -# Layer:role -# Module: staff -# -# admin account -# -staff = module - -# Layer:role -# Module: sysadm_secadm -# -# System Administrator with Security Admin rules -# -sysadm_secadm = module - -# Layer:role -# Module: sysadm -# -# System Administrator -# -sysadm = module - -# Layer: role -# Module: unprivuser -# -# Minimally privs guest account on tty logins -# -unprivuser = module - -# Layer: services -# Module: postgresql -# -# PostgreSQL relational database -# -postgresql = module - -# Layer: services -# Module: ssh -# -# Secure shell client and server policy. -# -ssh = module - -# Layer: services -# Module: xserver -# -# X windows login display manager -# -xserver = module - -# Module: application -# Required in base -# -# Defines attributs and interfaces for all user applications -# -application = module - -# Layer: system -# Module: authlogin -# -# Common policy for authentication and user login. -# -authlogin = module - -# Layer: system -# Module: clock -# -# Policy for reading and setting the hardware clock. -# -clock = module - -# Layer: system -# Module: fstools -# -# Tools for filesystem management, such as mkfs and fsck. -# -fstools = module - -# Layer: system -# Module: getty -# -# Policy for getty. -# -getty = module - -# Layer: system -# Module: hostname -# -# Policy for changing the system host name. -# -hostname = module - -# Layer: system -# Module: init -# -# System initialization programs (init and init scripts). -# -init = module - -# Layer: system -# Module: ipsec -# -# TCP/IP encryption -# -ipsec = module - -# Layer: system -# Module: iptables -# -# Policy for iptables. -# -iptables = module - -# Layer: system -# Module: libraries -# -# Policy for system libraries. -# -libraries = module - -# Layer: system -# Module: locallogin -# -# Policy for local logins. -# -locallogin = module - -# Layer: system -# Module: logging -# -# Policy for the kernel message logger and system logging daemon. -# -logging = module - -# Layer: system -# Module: lvm -# -# Policy for logical volume management programs. -# -lvm = module - -# Layer: system -# Module: miscfiles -# -# Miscelaneous files. -# -miscfiles = module - -# Layer: system -# Module: modutils -# -# Policy for kernel module utilities -# -modutils = module - -# Layer: system -# Module: mount -# -# Policy for mount. -# -mount = module - -# Layer: system -# Module: netlabel -# -# Basic netlabel types and interfaces. -# -netlabel = module - -# Layer: system -# Module: selinuxutil -# -# Policy for SELinux policy and userland applications. -# -selinuxutil = module - -# Module: setrans -# Required in base -# -# Policy for setrans -# -setrans = module - -# Layer: system -# Module: sysnetwork -# -# Policy for network configuration: ifconfig and dhcp client. -# -sysnetwork = module - -# Layer: system -# Module: systemd -# -# Policy for systemd components -# -systemd = module - -# Layer: system -# Module: udev -# -# Policy for udev. -# -udev = module diff --git a/modules-mls-contrib.conf b/modules-mls.conf similarity index 79% rename from modules-mls-contrib.conf rename to modules-mls.conf index bfa841fb..b6349876 100644 --- a/modules-mls-contrib.conf +++ b/modules-mls.conf @@ -1,3 +1,383 @@ +# Layer: kernel +# Module: bootloader +# +# Policy for the kernel modules, kernel image, and bootloader. +# +bootloader = module + +# Layer: kernel +# Module: corenetwork +# Required in base +# +# Policy controlling access to network objects +# +corenetwork = base + +# Layer: admin +# Module: dmesg +# +# Policy for dmesg. +# +dmesg = module + +# Layer: admin +# Module: netutils +# +# Network analysis utilities +# +netutils = module + +# Layer: admin +# Module: sudo +# +# Execute a command with a substitute user +# +sudo = module + +# Layer: admin +# Module: su +# +# Run shells with substitute user and group +# +su = module + +# Layer: admin +# Module: usermanage +# +# Policy for managing user accounts. +# +usermanage = module + +# Layer: apps +# Module: seunshare +# +# seunshare executable +# +seunshare = module + +# Layer: kernel +# Module: corecommands +# Required in base +# +# Core policy for shells, and generic programs +# in /bin, /sbin, /usr/bin, and /usr/sbin. +# +corecommands = base + +# Module: devices +# Required in base +# +# Device nodes and interfaces for many basic system devices. +# +devices = base + +# Module: domain +# Required in base +# +# Core policy for domains. +# +domain = base + +# Layer: system +# Module: userdomain +# +# Policy for user domains +# +userdomain = module + +# Module: files +# Required in base +# +# Basic filesystem types and interfaces. +# +files = base + +# Module: filesystem +# Required in base +# +# Policy for filesystems. +# +filesystem = base + +# Module: kernel +# Required in base +# +# Policy for kernel threads, proc filesystem,and unlabeled processes and objects. +# +kernel = base + +# Module: mcs +# Required in base +# +# MultiCategory security policy +# +mcs = base + +# Module: mls +# Required in base +# +# Multilevel security policy +# +mls = base + +# Module: selinux +# Required in base +# +# Policy for kernel security interface, in particular, selinuxfs. +# +selinux = base + +# Layer: kernel +# Module: storage +# +# Policy controlling access to storage devices +# +storage = base + +# Module: terminal +# Required in base +# +# Policy for terminals. +# +terminal = base + +# Layer: kernel +# Module: ubac +# +# +# +ubac = base + +# Layer: kernel +# Module: unlabelednet +# +# The unlabelednet module. +# +unlabelednet = module + +# Layer: role +# Module: auditadm +# +# auditadm account on tty logins +# +auditadm = module + +# Layer: role +# Module: logadm +# +# Minimally prived root role for managing logging system +# +logadm = module + +# Layer: role +# Module: secadm +# +# secadm account on tty logins +# +secadm = module + +# Layer:role +# Module: staff +# +# admin account +# +staff = module + +# Layer:role +# Module: sysadm_secadm +# +# System Administrator with Security Admin rules +# +sysadm_secadm = module + +# Layer:role +# Module: sysadm +# +# System Administrator +# +sysadm = module + +# Layer: role +# Module: unprivuser +# +# Minimally privs guest account on tty logins +# +unprivuser = module + +# Layer: services +# Module: postgresql +# +# PostgreSQL relational database +# +postgresql = module + +# Layer: services +# Module: ssh +# +# Secure shell client and server policy. +# +ssh = module + +# Layer: services +# Module: xserver +# +# X windows login display manager +# +xserver = module + +# Module: application +# Required in base +# +# Defines attributs and interfaces for all user applications +# +application = module + +# Layer: system +# Module: authlogin +# +# Common policy for authentication and user login. +# +authlogin = module + +# Layer: system +# Module: clock +# +# Policy for reading and setting the hardware clock. +# +clock = module + +# Layer: system +# Module: fstools +# +# Tools for filesystem management, such as mkfs and fsck. +# +fstools = module + +# Layer: system +# Module: getty +# +# Policy for getty. +# +getty = module + +# Layer: system +# Module: hostname +# +# Policy for changing the system host name. +# +hostname = module + +# Layer: system +# Module: init +# +# System initialization programs (init and init scripts). +# +init = module + +# Layer: system +# Module: ipsec +# +# TCP/IP encryption +# +ipsec = module + +# Layer: system +# Module: iptables +# +# Policy for iptables. +# +iptables = module + +# Layer: system +# Module: libraries +# +# Policy for system libraries. +# +libraries = module + +# Layer: system +# Module: locallogin +# +# Policy for local logins. +# +locallogin = module + +# Layer: system +# Module: logging +# +# Policy for the kernel message logger and system logging daemon. +# +logging = module + +# Layer: system +# Module: lvm +# +# Policy for logical volume management programs. +# +lvm = module + +# Layer: system +# Module: miscfiles +# +# Miscelaneous files. +# +miscfiles = module + +# Layer: system +# Module: modutils +# +# Policy for kernel module utilities +# +modutils = module + +# Layer: system +# Module: mount +# +# Policy for mount. +# +mount = module + +# Layer: system +# Module: netlabel +# +# Basic netlabel types and interfaces. +# +netlabel = module + +# Layer: system +# Module: selinuxutil +# +# Policy for SELinux policy and userland applications. +# +selinuxutil = module + +# Module: setrans +# Required in base +# +# Policy for setrans +# +setrans = module + +# Layer: system +# Module: sysnetwork +# +# Policy for network configuration: ifconfig and dhcp client. +# +sysnetwork = module + +# Layer: system +# Module: systemd +# +# Policy for systemd components +# +systemd = module + +# Layer: system +# Module: udev +# +# Policy for udev. +# +udev = module # Layer: services # Module: accountsd # @@ -523,6 +903,13 @@ glance = module # gnome = module +# Layer: apps +# Module: gnome_remote_desktop +# +# gnome-remote-desktop +# +gnome_remote_desktop = module + # Layer: apps # Module: gpg # @@ -1004,8 +1391,6 @@ ppp = module # prelink = module -unprivuser = module - # Layer: services # Module: privoxy # @@ -1034,13 +1419,6 @@ psad = module # ptchown = module -# Layer: services -# Module: publicfile -# -# publicfile supplies files to the public through HTTP and FTP -# -publicfile = module - # Layer: apps # Module: pulseaudio # diff --git a/modules-targeted-base.conf b/modules-targeted-base.conf deleted file mode 100644 index e7456ef9..00000000 --- a/modules-targeted-base.conf +++ /dev/null @@ -1,393 +0,0 @@ -# Layer: kernel -# Module: bootloader -# -# Policy for the kernel modules, kernel image, and bootloader. -# -bootloader = module - -# Layer: kernel -# Module: corecommands -# Required in base -# -# Core policy for shells, and generic programs -# in /bin, /sbin, /usr/bin, and /usr/sbin. -# -corecommands = base - -# Layer: kernel -# Module: corenetwork -# Required in base -# -# Policy controlling access to network objects -# -corenetwork = base - -# Layer: admin -# Module: dmesg -# -# Policy for dmesg. -# -dmesg = module - -# Layer: admin -# Module: netutils -# -# Network analysis utilities -# -netutils = module - -# Layer: admin -# Module: sudo -# -# Execute a command with a substitute user -# -sudo = module - -# Layer: admin -# Module: su -# -# Run shells with substitute user and group -# -su = module - -# Layer: admin -# Module: usermanage -# -# Policy for managing user accounts. -# -usermanage = module - -# Layer: apps -# Module: seunshare -# -# seunshare executable -# -seunshare = module - -# Module: devices -# Required in base -# -# Device nodes and interfaces for many basic system devices. -# -devices = base - -# Module: domain -# Required in base -# -# Core policy for domains. -# -domain = base - -# Layer: system -# Module: userdomain -# -# Policy for user domains -# -userdomain = module - -# Module: files -# Required in base -# -# Basic filesystem types and interfaces. -# -files = base - -# Layer: system -# Module: miscfiles -# -# Miscelaneous files. -# -miscfiles = module - -# Module: filesystem -# Required in base -# -# Policy for filesystems. -# -filesystem = base - -# Module: kernel -# Required in base -# -# Policy for kernel threads, proc filesystem,and unlabeled processes and objects. -# -kernel = base - -# Module: mcs -# Required in base -# -# MultiCategory security policy -# -mcs = base - -# Module: mls -# Required in base -# -# Multilevel security policy -# -mls = base - -# Module: selinux -# Required in base -# -# Policy for kernel security interface, in particular, selinuxfs. -# -selinux = base - -# Layer: kernel -# Module: storage -# -# Policy controlling access to storage devices -# -storage = base - -# Module: terminal -# Required in base -# -# Policy for terminals. -# -terminal = base - -# Layer: kernel -# Module: ubac -# -# -# -ubac = base - -# Layer: kernel -# Module: unconfined -# -# The unlabelednet module. -# -unlabelednet = module - -# Layer: role -# Module: auditadm -# -# auditadm account on tty logins -# -auditadm = module - -# Layer: role -# Module: logadm -# -# Minimally prived root role for managing logging system -# -logadm = module - -# Layer: role -# Module: secadm -# -# secadm account on tty logins -# -secadm = module - -# Layer:role -# Module: sysadm_secadm -# -# System Administrator with Security Admin rules -# -sysadm_secadm = module - -# Module: staff -# -# admin account -# -staff = module - -# Layer:role -# Module: sysadm -# -# System Administrator -# -sysadm = module - -# Layer: role -# Module: unconfineduser -# -# The unconfined user domain. -# -unconfineduser = module - -# Layer: role -# Module: unprivuser -# -# Minimally privs guest account on tty logins -# -unprivuser = module - -# Layer: services -# Module: postgresql -# -# PostgreSQL relational database -# -postgresql = module - -# Layer: services -# Module: ssh -# -# Secure shell client and server policy. -# -ssh = module - -# Layer: services -# Module: xserver -# -# X windows login display manager -# -xserver = module - -# Module: application -# Required in base -# -# Defines attributs and interfaces for all user applications -# -application = module - -# Layer: system -# Module: authlogin -# -# Common policy for authentication and user login. -# -authlogin = module - -# Layer: system -# Module: clock -# -# Policy for reading and setting the hardware clock. -# -clock = module - -# Layer: system -# Module: fstools -# -# Tools for filesystem management, such as mkfs and fsck. -# -fstools = module - -# Layer: system -# Module: getty -# -# Policy for getty. -# -getty = module - -# Layer: system -# Module: hostname -# -# Policy for changing the system host name. -# -hostname = module - -# Layer: system -# Module: init -# -# System initialization programs (init and init scripts). -# -init = module - -# Layer: system -# Module: ipsec -# -# TCP/IP encryption -# -ipsec = module - -# Layer: system -# Module: iptables -# -# Policy for iptables. -# -iptables = module - -# Layer: system -# Module: libraries -# -# Policy for system libraries. -# -libraries = module - -# Layer: system -# Module: locallogin -# -# Policy for local logins. -# -locallogin = module - -# Layer: system -# Module: logging -# -# Policy for the kernel message logger and system logging daemon. -# -logging = module - -# Layer: system -# Module: lvm -# -# Policy for logical volume management programs. -# -lvm = module - -# Layer: system -# Module: modutils -# -# Policy for kernel module utilities -# -modutils = module - -# Layer: system -# Module: mount -# -# Policy for mount. -# -mount = module - -# Layer: system -# Module: netlabel -# -# Basic netlabel types and interfaces. -# -netlabel = module - -# Layer: system -# Module: selinuxutil -# -# Policy for SELinux policy and userland applications. -# -selinuxutil = module - -# Module: setrans -# Required in base -# -# Policy for setrans -# -setrans = module - -# Layer: system -# Module: sysnetwork -# -# Policy for network configuration: ifconfig and dhcp client. -# -sysnetwork = module - -# Layer: system -# Module: systemd -# -# Policy for systemd components -# -systemd = module - -# Layer: system -# Module: udev -# -# Policy for udev. -# -udev = module - -# Layer: system -# Module: unconfined -# -# The unconfined domain. -# -unconfined = module diff --git a/modules-targeted-contrib.conf b/modules-targeted-contrib.conf deleted file mode 100644 index 10bd9b86..00000000 --- a/modules-targeted-contrib.conf +++ /dev/null @@ -1,2806 +0,0 @@ -# Layer: services -# Module: abrt -# -# Automatic bug detection and reporting tool -# -abrt = module - -# Layer: services -# Module: accountsd -# -# An application to view and modify user accounts information -# -accountsd = module - -# Layer: admin -# Module: acct -# -# Berkeley process accounting -# -acct = module - -# Layer: services -# Module: afs -# -# Andrew Filesystem server -# -afs = module - -# Layer: services -# Module: aiccu -# -# SixXS Automatic IPv6 Connectivity Client Utility -# -aiccu = module - -# Layer: services -# Module: aide -# -# Policy for aide -# -aide = module - -# Layer: services -# Module: ajaxterm -# -# Web Based Terminal -# -ajaxterm = module - -# Layer: admin -# Module: alsa -# -# Ainit ALSA configuration tool -# -alsa = module - -# Layer: admin -# Module: amanda -# -# Automated backup program. -# -amanda = module - -# Layer: admin -# Module: amtu -# -# Abstract Machine Test Utility (AMTU) -# -amtu = module - -# Layer: admin -# Module: anaconda -# -# Policy for the Anaconda installer. -# -anaconda = module - -# Layer: contrib -# Module: antivirus -# -# SELinux policy for antivirus programs -# -antivirus = module - -# Layer: services -# Module: apache -# -# Apache web server -# -apache = module - -# Layer: services -# Module: apcupsd -# -# daemon for most APC’s UPS for Linux -# -apcupsd = module - -# Layer: services -# Module: apm -# -# Advanced power management daemon -# -apm = module - -# Layer: services -# Module: arpwatch -# -# Ethernet activity monitor. -# -arpwatch = module - -# Layer: services -# Module: asterisk -# -# Asterisk IP telephony server -# -asterisk = module - -# Layer: contrib -# Module: authconfig -# -# Authorization configuration tool -# -authconfig = module - -# Layer: services -# Module: automount -# -# Filesystem automounter service. -# -automount = module - -# Layer: services -# Module: avahi -# -# mDNS/DNS-SD daemon implementing Apple ZeroConf architecture -# -avahi = module - -# Layer: module -# Module: awstats -# -# awstats executable -# -awstats = module - -# Layer: services -# Module: bcfg2 -# -# Configuration management server -# -bcfg2 = module - -# Layer: services -# Module: bind -# -# Berkeley internet name domain DNS server. -# -bind = module - -# Layer: contrib -# Module: rngd -# -# Daemon used to feed random data from hardware device to kernel random device -# -rngd = module - -# Layer: services -# Module: bitlbee -# -# An IRC to other chat networks gateway -# -bitlbee = module - -# Layer: services -# Module: blueman -# -# Blueman tools and system services. -# -blueman = module - -# Layer: services -# Module: bluetooth -# -# Bluetooth tools and system services. -# -bluetooth = module - -# Layer: services -# Module: boinc -# -# Berkeley Open Infrastructure for Network Computing -# -boinc = module - -# Layer: system -# Module: brctl -# -# Utilities for configuring the linux ethernet bridge -# -brctl = module - -# Layer: services -# Module: bugzilla -# -# Bugzilla server -# -bugzilla = module - -# Layer: services -# Module: bumblebee -# -# Support NVIDIA Optimus technology under Linux -# -bumblebee = module - -# Layer: services -# Module: cachefilesd -# -# CacheFiles userspace management daemon -# -cachefilesd = module - -# Module: calamaris -# -# -# Squid log analysis -# -calamaris = module - -# Layer: services -# Module: callweaver -# -# callweaver telephony sever -# -callweaver = module - -# Layer: services -# Module: canna -# -# Canna - kana-kanji conversion server -# -canna = module - -# Layer: services -# Module: ccs -# -# policy for ccs -# -ccs = module - -# Layer: apps -# Module: cdrecord -# -# Policy for cdrecord -# -cdrecord = module - -# Layer: admin -# Module: certmaster -# -# Digital Certificate master -# -certmaster = module - -# Layer: services -# Module: certmonger -# -# Certificate status monitor and PKI enrollment client -# -certmonger = module - -# Layer: admin -# Module: certwatch -# -# Digital Certificate Tracking -# -certwatch = module - -# Layer: services -# Module: cfengine -# -# cfengine -# -cfengine = module - -# Layer: services -# Module: cgroup -# -# Tools and libraries to control and monitor control groups -# -cgroup = module - -# Layer: apps -# Module: chrome -# -# chrome sandbox -# -chrome = module - -# Layer: services -# Module: chronyd -# -# Daemon for maintaining clock time -# -chronyd = module - -# Layer: services -# Module: cipe -# -# Encrypted tunnel daemon -# -cipe = module - - -# Layer: services -# Module: clogd -# -# clogd - clustered mirror log server -# -clogd = module - -# Layer: services -# Module: cloudform -# -# cloudform daemons -# -cloudform = module - -# Layer: services -# Module: cmirrord -# -# cmirrord - daemon providing device-mapper-base mirrors in a shared-storege cluster -# -cmirrord = module - -# Layer: services -# Module: cobbler -# -# cobbler -# -cobbler = module - -# Layer: services -# Module: collectd -# -# Statistics collection daemon for filling RRD files -# -collectd = module - -# Layer: services -# Module: colord -# -# color device daemon -# -colord = module - -# Layer: services -# Module: comsat -# -# Comsat, a biff server. -# -comsat = module - -# Layer: services -# Module: condor -# -# policy for condor -# -condor = module - -# Layer: services -# Module: conman -# -# Conman is a program for connecting to remote consoles being managed by conmand -# -conman = module - -# Layer: services -# Module: consolekit -# -# ConsoleKit is a system daemon for tracking what users are logged -# -consolekit = module - -# Layer: services -# Module: couchdb -# -# Apache CouchDB database server -# -couchdb = module - -# Layer: services -# Module: courier -# -# IMAP and POP3 email servers -# -courier = module - -# Layer: services -# Module: cpucontrol -# -# Services for loading CPU microcode and CPU frequency scaling. -# -cpucontrol = module - -# Layer: apps -# Module: cpufreqselector -# -# cpufreqselector executable -# -cpufreqselector = module - -# Layer: services -# Module: cron -# -# Periodic execution of scheduled commands. -# -cron = module - -# Layer: services -# Module: ctdbd -# -# Cluster Daemon -# -ctdb = module - -# Layer: services -# Module: cups -# -# Common UNIX printing system -# -cups = module - -# Layer: services -# Module: cvs -# -# Concurrent versions system -# -cvs = module - -# Layer: services -# Module: cyphesis -# -# cyphesis game server -# -cyphesis = module - -# Layer: services -# Module: cyrus -# -# Cyrus is an IMAP service intended to be run on sealed servers -# -cyrus = module - -# Layer: system -# Module: daemontools -# -# Collection of tools for managing UNIX services -# -daemontools = module - -# Layer: role -# Module: dbadm -# -# Minimally prived root role for managing databases -# -dbadm = module - -# Layer: services -# Module: dbskk -# -# Dictionary server for the SKK Japanese input method system. -# -dbskk = module - -# Layer: services -# Module: dbus -# -# Desktop messaging bus -# -dbus = module - -# Layer: services -# Module: dcc -# -# A distributed, collaborative, spam detection and filtering network. -# -dcc = module - -# Layer: services -# Module: ddclient -# -# Update dynamic IP address at DynDNS.org -# -ddclient = module - -# Layer: admin -# Module: ddcprobe -# -# ddcprobe retrieves monitor and graphics card information -# -ddcprobe = off - -# Layer: services -# Module: denyhosts -# -# script to help thwart ssh server attacks -# -denyhosts = module - -# Layer: services -# Module: devicekit -# -# devicekit-daemon -# -devicekit = module - -# Layer: services -# Module: dhcp -# -# Dynamic host configuration protocol (DHCP) server -# -dhcp = module - -# Layer: services -# Module: dictd -# -# Dictionary daemon -# -dictd = module - -# Layer: services -# Module: dirsrv-admin -# -# An 309 directory admin server -# -dirsrv-admin = module - -# Layer: services -# Module: dirsrv -# -# An 309 directory server -# -dirsrv = module - -# Layer: services -# Module: distcc -# -# Distributed compiler daemon -# -distcc = off - -# Layer: admin -# Module: dmidecode -# -# Decode DMI data for x86/ia64 bioses. -# -dmidecode = module - -# Layer: services -# Module: dnsmasq -# -# A lightweight DHCP and caching DNS server. -# -dnsmasq = module - -# Layer: services -# Module: dnssec -# -# A dnssec server application -# -dnssec = module - -# Layer: services -# Module: dovecot -# -# Dovecot POP and IMAP mail server -# -dovecot = module - -# Layer: services -# Module: drbd -# -# DRBD mirrors a block device over the network to another machine. -# -drbd = module - -# Layer: services -# Module: dspam -# -# dspam - library and Mail Delivery Agent for Bayesian SPAM filtering -# -dspam = module - -# Layer: services -# Module: entropy -# -# Generate entropy from audio input -# -entropyd = module - -# Layer: services -# Module: exim -# -# exim mail server -# -exim = module - -# Layer: services -# Module: fail2ban -# -# daiemon that bans IP that makes too many password failures -# -fail2ban = module - -# Layer: services -# Module: fcoe -# -# fcoe -# -fcoe = module - -# Layer: services -# Module: fetchmail -# -# Remote-mail retrieval and forwarding utility -# -fetchmail = module - -# Layer: services -# Module: finger -# -# Finger user information service. -# -finger = module - -# Layer: services -# Module: firewalld -# -# firewalld is firewall service daemon that provides dynamic customizable -# -firewalld = module - -# Layer: apps -# Module: firewallgui -# -# policy for system-config-firewall -# -firewallgui = module - -# Module: firstboot -# -# Final system configuration run during the first boot -# after installation of Red Hat/Fedora systems. -# -firstboot = module - -# Layer: services -# Module: fprintd -# -# finger print server -# -fprintd = module - -# Layer: services -# Module: freqset -# -# Utility for CPU frequency scaling -# -freqset = module - -# Layer: services -# Module: ftp -# -# File transfer protocol service -# -ftp = module - -# Layer: apps -# Module: games -# -# The Open Group Pegasus CIM/WBEM Server. -# -games = module - -# Layer: apps -# Module: gitosis -# -# Policy for gitosis -# -gitosis = module - -# Layer: services -# Module: git -# -# Policy for the stupid content tracker -# -git = module - -# Layer: services -# Module: glance -# -# Policy for glance -# -glance = module - -# Layer: contrib -# Module: glusterd -# -# policy for glusterd service -# -glusterd = module - -# Layer: apps -# Module: gnome -# -# gnome session and gconf -# -gnome = module - -# Layer: apps -# Module: gnome_remote_desktop -# -# gnome-remote-desktop -# -gnome_remote_desktop = module - -# Layer: apps -# Module: gpg -# -# Policy for GNU Privacy Guard and related programs. -# -gpg = module - -# Layer: services -# Module: gpm -# -# General Purpose Mouse driver -# -gpm = module - -# Module: gpsd -# -# gpsd monitor daemon -# -# -gpsd = module - -# Module: gssproxy -# -# A proxy for GSSAPI credential handling -# -# -gssproxy = module - -# Layer: role -# Module: guest -# -# Minimally privs guest account on tty logins -# -guest = module - -# Layer: role -# Module: xguest -# -# Minimally privs guest account on X Windows logins -# -xguest = module - -# Layer: services -# Module: hddtemp -# -# hddtemp hard disk temperature tool running as a daemon -# -hddtemp = module - -# Layer: services -# Module: hostapd -# -# hostapd - IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator -# -hostapd = module - -# Layer: services -# Module: i18n_input -# -# IIIMF htt server -# -i18n_input = off - -# Layer: services -# Module: icecast -# -# ShoutCast compatible streaming media server -# -icecast = module - -# Layer: services -# Module: inetd -# -# Internet services daemon. -# -inetd = module - -# Layer: services -# Module: inn -# -# Internet News NNTP server -# -inn = module - -# Layer: services -# Module: lircd -# -# LIRC daemon - decodes infrared signals and provides them on a Unix domain socket. -# -lircd = module - -# Layer: apps -# Module: irc -# -# IRC client policy -# -irc = module - -# Layer: services -# Module: irqbalance -# -# IRQ balancing daemon -# -irqbalance = module - -# Layer: system -# Module: iscsi -# -# Open-iSCSI daemon -# -iscsi = module - -# Layer: system -# Module: isnsd -# -# -# -isns = module - -# Layer: services -# Module: jabber -# -# Jabber instant messaging server -# -jabber = module - -# Layer: services -# Module: jetty -# -# Java based http server -# -jetty = module - -# Layer: apps -# Module: jockey -# -# policy for jockey-backend -# -jockey = module - -# Layer: apps -# Module: kdumpgui -# -# system-config-kdump policy -# -kdumpgui = module - -# Layer: admin -# Module: kdump -# -# kdump is kernel crash dumping mechanism -# -kdump = module - -# Layer: services -# Module: kerberos -# -# MIT Kerberos admin and KDC -# -kerberos = module - -# Layer: services -# Module: keepalived -# -# keepalived - load-balancing and high-availability service -# -keepalived = module - -# Module: keyboardd -# -# system-setup-keyboard is a keyboard layout daemon that monitors -# /etc/sysconfig/keyboard and writes out an xorg.conf.d snippet -# -keyboardd = module - -# Layer: services -# Module: keystone -# -# openstack-keystone -# -keystone = module - -# Layer: services -# Module: kismet -# -# Wireless sniffing and monitoring -# -kismet = module - -# Layer: services -# Module: ksmtuned -# -# Kernel Samepage Merging (KSM) Tuning Daemon -# -ksmtuned = module - -# Layer: services -# Module: ktalk -# -# KDE Talk daemon -# -ktalk = module - -# Layer: services -# Module: l2ltpd -# -# Layer 2 Tunnelling Protocol Daemon -# -l2tp = module - -# Layer: services -# Module: ldap -# -# OpenLDAP directory server -# -ldap = module - -# Layer: services -# Module: likewise -# -# Likewise Active Directory support for UNIX -# -likewise = module - -# Layer: apps -# Module: livecd -# -# livecd creator -# -livecd = module - -# Layer: services -# Module: lldpad -# -# lldpad - Link Layer Discovery Protocol (LLDP) agent daemon -# -lldpad = module - -# Layer: apps -# Module: loadkeys -# -# Load keyboard mappings. -# -loadkeys = module - -# Layer: apps -# Module: lockdev -# -# device locking policy for lockdev -# -lockdev = module - -# Layer: admin -# Module: logrotate -# -# Rotate and archive system logs -# -logrotate = module - -# Layer: services -# Module: logwatch -# -# logwatch executable -# -logwatch = module - -# Layer: services -# Module: lpd -# -# Line printer daemon -# -lpd = module - -# Layer: services -# Module: mailman -# -# Mailman is for managing electronic mail discussion and e-newsletter lists -# -mailman = module - -# Layer: services -# Module: mailman -# -# Policy for mailscanner -# -mailscanner = module - -# Layer: apps -# Module: man2html -# -# policy for man2html apps -# -man2html = module - -# Layer: admin -# Module: mcelog -# -# Policy for mcelog. -# -mcelog = module - -# Layer: apps -# Module: mediawiki -# -# mediawiki -# -mediawiki = module - -# Layer: services -# Module: memcached -# -# high-performance memory object caching system -# -memcached = module - -# Layer: services -# Module: milter -# -# -# -milter = module - -# Layer: services -# Module: mip6d -# -# UMIP Mobile IPv6 and NEMO Basic Support protocol implementation -# -mip6d = module - -# Layer: services -# Module: mock -# -# Policy for mock rpm builder -# -mock = module - -# Layer: services -# Module: modemmanager -# -# Manager for dynamically switching between modems. -# -modemmanager = module - -# Layer: services -# Module: mojomojo -# -# Wiki server -# -mojomojo = module - -# Layer: apps -# Module: mozilla -# -# Policy for Mozilla and related web browsers -# -mozilla = module - -# Layer: services -# Module: mpd -# -# mpd - daemon for playing music -# -mpd = module - -# Layer: apps -# Module: mplayer -# -# Policy for Mozilla and related web browsers -# -mplayer = module - -# Layer: admin -# Module: mrtg -# -# Network traffic graphing -# -mrtg = module - -# Layer: services -# Module: mta -# -# Policy common to all email tranfer agents. -# -mta = module - -# Layer: services -# Module: munin -# -# Munin -# -munin = module - -# Layer: services -# Module: mysql -# -# Policy for MySQL -# -mysql = module - -# Layer: contrib -# Module: mythtv -# -# Policy for Mythtv (Web Server) -# -mythtv = module - -# Layer: services -# Module: nagios -# -# policy for nagios Host/service/network monitoring program -# -nagios = module - -# Layer: apps -# Module: namespace -# -# policy for namespace.init script -# -namespace = module - -# Layer: admin -# Module: ncftool -# -# Tool to modify the network configuration of a system -# -ncftool = module - -# Layer: services -# Module: networkmanager -# -# Manager for dynamically switching between networks. -# -networkmanager = module - -# Layer: services -# Module: ninfod -# -# Respond to IPv6 Node Information Queries -# -ninfod = module - -# Layer: services -# Module: nis -# -# Policy for NIS (YP) servers and clients -# -nis = module - -# Layer: services -# Module: nova -# -# openstack-nova -# -nova = module - -# Layer: services -# Module: nscd -# -# Name service cache daemon -# -nscd = module - -# Layer: services -# Module: nslcd -# -# Policy for nslcd -# -nslcd = module - -# Layer: services -# Module: ntop -# -# Policy for ntop -# -ntop = module - -# Layer: services -# Module: ntp -# -# Network time protocol daemon -# -ntp = module - -# Layer: services -# Module: numad -# -# numad - user-level daemon that provides advice and managment for optimum use of CPUs and memory on systems with NUMA topology -# -numad = module - -# Layer: services -# Module: nut -# -# nut - Network UPS Tools -# -nut = module - -# Layer: services -# Module: nx -# -# NX Remote Desktop -# -nx = module - -# Layer: services -# Module: obex -# -# policy for obex-data-server -# -obex = module - -# Layer: services -# Module: oddjob -# -# policy for oddjob -# -oddjob = module - -# Layer: services -# Module: openct -# -# Service for handling smart card readers. -# -openct = off - -# Layer: service -# Module: openct -# -# Middleware framework for smart card terminals -# -openct = module - -# Layer: contrib -# Module: openshift-origin -# -# Origin version of openshift policy -# -openshift-origin = module -# Layer: contrib -# Module: openshift -# -# Core openshift policy -# -openshift = module - -# Layer: services -# Module: opensm -# -# InfiniBand subnet manager and administration (SM/SA) -# -opensm = module - -# Layer: services -# Module: openvpn -# -# Policy for OPENVPN full-featured SSL VPN solution -# -openvpn = module - -# Layer: contrib -# Module: openvswitch -# -# SELinux policy for openvswitch programs -# -openvswitch = module - -# Layer: services -# Module: openwsman -# -# WS-Management Server -# -openwsman = module - -# Layer: services -# Module: osad -# -# Client-side service written in Python that responds to pings -# -osad = module - -# Layer: contrib -# Module: prelude -# -# SELinux policy for prelude -# -prelude = module - -# Layer: contrib -# Module: prosody -# -# SELinux policy for prosody flexible communications server for Jabber/XMPP -# -prosody = module - -# Layer: services -# Module: pads -# -pads = module - -# Layer: services -# Module: passenger -# -# Passenger -# -passenger = module - -# Layer: system -# Module: pcmcia -# -# PCMCIA card management services -# -pcmcia = module - -# Layer: service -# Module: pcscd -# -# PC/SC Smart Card Daemon -# -pcscd = module - -# Layer: services -# Module: pdns -# -# PowerDNS DNS server -# -pdns = module - -# Layer: services -# Module: pegasus -# -# The Open Group Pegasus CIM/WBEM Server. -# -pegasus = module - -# Layer: services -# Module: pingd -# -# -pingd = module - -# Layer: services -# Module: piranha -# -# piranha - various tools to administer and configure the Linux Virtual Server -# -piranha = module - -# Layer: contrib -# Module: pkcs -# -# daemon manages PKCS#11 objects between PKCS#11-enabled applications -# -pkcs = module - -# Layer: services -# Module: plymouthd -# -# Plymouth -# -plymouthd = module - -# Layer: apps -# Module: podsleuth -# -# Podsleuth probes, identifies, and exposes properties and metadata bound to iPods. -# -podsleuth = module - -# Layer: services -# Module: policykit -# -# Hardware abstraction layer -# -policykit = module - -# Layer: services -# Module: polipo -# -# polipo -# -polipo = module - -# Layer: services -# Module: portmap -# -# RPC port mapping service. -# -portmap = module - -# Layer: services -# Module: portreserve -# -# reserve ports to prevent portmap mapping them -# -portreserve = module - -# Layer: services -# Module: postfix -# -# Postfix email server -# -postfix = module - -# Layer: services -# Module: postgrey -# -# email scanner -# -postgrey = module - -# Layer: services -# Module: ppp -# -# Point to Point Protocol daemon creates links in ppp networks -# -ppp = module - -# Layer: admin -# Module: prelink -# -# Manage temporary directory sizes and file ages -# -prelink = module - -# Layer: services -# Module: privoxy -# -# Privacy enhancing web proxy. -# -privoxy = module - -# Layer: services -# Module: procmail -# -# Procmail mail delivery agent -# -procmail = module - -# Layer: services -# Module: psad -# -# Analyze iptables log for hostile traffic -# -psad = module - -# Layer: apps -# Module: ptchown -# -# helper function for grantpt(3), changes ownship and permissions of pseudotty -# -ptchown = module - -# Layer: services -# Module: publicfile -# -# publicfile supplies files to the public through HTTP and FTP -# -publicfile = module - -# Layer: apps -# Module: pulseaudio -# -# The PulseAudio Sound System -# -pulseaudio = module - -# Layer: services -# Module: puppet -# -# A network tool for managing many disparate systems -# -puppet = module - -# Layer: apps -# Module: pwauth -# -# External plugin for mod_authnz_external authenticator -# -pwauth = module - -# Layer: services -# Module: qmail -# -# Policy for qmail -# -qmail = module - -# Layer: services -# Module: qpidd -# -# Policy for qpidd -# -qpid = module - -# Layer: services -# Module: quantum -# -# Quantum is a virtual network service for Openstack -# -quantum = module - -# Layer: admin -# Module: quota -# -# File system quota management -# -quota = module - -# Layer: services -# Module: rabbitmq -# -# rabbitmq daemons -# -rabbitmq = module - -# Layer: services -# Module: radius -# -# RADIUS authentication and accounting server. -# -radius = module - -# Layer: services -# Module: radvd -# -# IPv6 router advertisement daemon -# -radvd = module - -# Layer: system -# Module: raid -# -# RAID array management tools -# -raid = module - -# Layer: services -# Module: rasdaemon -# -# The rasdaemon program is a daemon with monitors the RAS trace events from /sys/kernel/debug/tracing -# -rasdaemon = module - -# Layer: services -# Module: rdisc -# -# Network router discovery daemon -# -rdisc = module - -# Layer: admin -# Module: readahead -# -# Readahead, read files into page cache for improved performance -# -readahead = module - -# Layer: contrib -# Module: stapserver -# -# dbus system service which manages discovery and enrollment in realms and domains like Active Directory or IPA -# -realmd = module - -# Layer: services -# Module: remotelogin -# -# Policy for rshd, rlogind, and telnetd. -# -remotelogin = module - -# Layer: services -# Module: rhcs -# -# RHCS - Red Hat Cluster Suite -# -rhcs = module - -# Layer: services -# Module: rhev -# -# rhev policy module contains policies for rhev apps -# -rhev = module - -# Layer: services -# Module: rhgb -# -# X windows login display manager -# -rhgb = module - -# Layer: services -# Module: rhsmcertd -# -# Subscription Management Certificate Daemon policy -# -rhsmcertd = module - -# Layer: services -# Module: ricci -# -# policy for ricci -# -ricci = module - -# Layer: services -# Module: rlogin -# -# Remote login daemon -# -rlogin = module - -# Layer: services -# Module: roundup -# -# Roundup Issue Tracking System policy -# -roundup = module - -# Layer: services -# Module: rpcbind -# -# universal addresses to RPC program number mapper -# -rpcbind = module - -# Layer: services -# Module: rpc -# -# Remote Procedure Call Daemon for managment of network based process communication -# -rpc = module - -# Layer: admin -# Module: rpm -# -# Policy for the RPM package manager. -# -rpm = module - -# Layer: services -# Module: rshd -# -# Remote shell service. -# -rshd = module - -# Layer: apps -# Module: rssh -# -# Restricted (scp/sftp) only shell -# -rssh = module - -# Layer: services -# Module: rsync -# -# Fast incremental file transfer for synchronization -# -rsync = module - -# Layer: services -# Module: rtkit -# -# Real Time Kit Daemon -# -rtkit = module - -# Layer: services -# Module: rwho -# -# who is logged in on local machines -# -rwho = module - -# Layer: apps -# Module: sambagui -# -# policy for system-config-samba -# -sambagui = module - -# -# SMB and CIFS client/server programs for UNIX and -# name Service Switch daemon for resolving names -# from Windows NT servers. -# -samba = module - -# Layer: apps -# Module: sandbox -# -# Policy for running apps within a sandbox -# -sandbox = module - -# Layer: apps -# Module: sandbox -# -# Policy for running apps within a X sandbox -# -sandboxX = module - -# Layer: services -# Module: sanlock -# -# sanlock policy -# -sanlock = module - -# Layer: services -# Module: sasl -# -# SASL authentication server -# -sasl = module - -# Layer: services -# Module: sblim -# -# sblim -# -sblim = module - -# Layer: apps -# Module: screen -# -# GNU terminal multiplexer -# -screen = module - -# Layer: admin -# Module: sectoolm -# -# Policy for sectool-mechanism -# -sectoolm = module - -# Layer: services -# Module: sendmail -# -# Policy for sendmail. -# -sendmail = module - -# Layer: contrib -# Module: sensord -# -# Sensor information logging daemon -# -sensord = module - -# Layer: services -# Module: setroubleshoot -# -# Policy for the SELinux troubleshooting utility -# -setroubleshoot = module - -# Layer: services -# Module: sge -# -# policy for grindengine MPI jobs -# -sge = module - -# Layer: admin -# Module: shorewall -# -# Policy for shorewall -# -shorewall = module - -# Layer: apps -# Module: slocate -# -# Update database for mlocate -# -slocate = module - -# Layer: contrib -# Module: slpd -# -# OpenSLP server daemon to dynamically register services -# -slpd = module - -# Layer: services -# Module: slrnpull -# -# Service for downloading news feeds the slrn newsreader. -# -slrnpull = off - -# Layer: services -# Module: smartmon -# -# Smart disk monitoring daemon policy -# -smartmon = module - -# Layer: services -# Module: smokeping -# -# Latency Logging and Graphing System -# -smokeping = module - -# Layer: admin -# Module: smoltclient -# -#The Fedora hardware profiler client -# -smoltclient = module - -# Layer: services -# Module: snmp -# -# Simple network management protocol services -# -snmp = module - -# Layer: services -# Module: snort -# -# Snort network intrusion detection system -# -snort = module - -# Layer: admin -# Module: sosreport -# -# sosreport debuggin information generator -# -sosreport = module - -# Layer: services -# Module: soundserver -# -# sound server for network audio server programs, nasd, yiff, etc -# -soundserver = module - -# Layer: services -# Module: spamassassin -# -# Filter used for removing unsolicited email. -# -spamassassin = module - -# Layer: services -# Module: speech-dispatcher -# -# speech-dispatcher - server process managing speech requests in Speech Dispatcher -# -speech-dispatcher = module - -# Layer: services -# Module: squid -# -# Squid caching http proxy server -# -squid = module - -# Layer: services -# Module: sssd -# -# System Security Services Daemon -# -sssd = module - -# Layer: services -# Module: sslh -# -# Applicative protocol(SSL/SSH) multiplexer -# -sslh = module - -# Layer: contrib -# Module: stapserver -# -# Instrumentation System Server -# -stapserver = module - -# Layer: services -# Module: stunnel -# -# SSL Tunneling Proxy -# -stunnel = module - -# Layer: services -# Module: svnserve -# -# policy for subversion service -# -svnserve = module - -# Layer: services -# Module: swift -# -# openstack-swift -# -swift = module - -# Layer: services -# Module: sysstat -# -# Policy for sysstat. Reports on various system states -# -sysstat = module - -# Layer: services -# Module: tcpd -# -# Policy for TCP daemon. -# -tcpd = module - -# Layer: services -# Module: tcsd -# -# tcsd - daemon that manages Trusted Computing resources -# -tcsd = module - -# Layer: apps -# Module: telepathy -# -# telepathy - Policy for Telepathy framework -# -telepathy = module - -# Layer: services -# Module: telnet -# -# Telnet daemon -# -telnet = module - -# Layer: services -# Module: tftp -# -# Trivial file transfer protocol daemon -# -tftp = module - -# Layer: services -# Module: tgtd -# -# Linux Target Framework Daemon. -# -tgtd = module - -# Layer: apps -# Module: thumb -# -# Thumbnailer confinement -# -thumb = module - -# Layer: services -# Module: timidity -# -# MIDI to WAV converter and player configured as a service -# -timidity = off - -# Layer: admin -# Module: tmpreaper -# -# Manage temporary directory sizes and file ages -# -tmpreaper = module - -# Layer: contrib -# Module: glusterd -# -# policy for tomcat service -# -tomcat = module -# Layer: services -# Module: tor -# -# TOR, the onion router -# -tor = module - -# Layer: services -# Module: tuned -# -# Dynamic adaptive system tuning daemon -# -tuned = module - -# Layer: apps -# Module: tvtime -# -# tvtime - a high quality television application -# -tvtime = module - -# Layer: services -# Module: ulogd -# -# netfilter/iptables ULOG daemon -# -ulogd = module - -# Layer: apps -# Module: uml -# -# Policy for UML -# -uml = module - -# Layer: admin -# Module: updfstab -# -# Red Hat utility to change /etc/fstab. -# -updfstab = module - -# Layer: admin -# Module: usbmodules -# -# List kernel modules of USB devices -# -usbmodules = module - -# Layer: services -# Module: usbmuxd -# -# Daemon for communicating with Apple's iPod Touch and iPhone -# -usbmuxd = module - -# Layer: apps -# Module: userhelper -# -# A helper interface to pam. -# -userhelper = module - -# Layer: apps -# Module: usernetctl -# -# User network interface configuration helper -# -usernetctl = module - -# Layer: services -# Module: uucp -# -# Unix to Unix Copy -# -uucp = module - -# Layer: services -# Module: uuidd -# -# UUID generation daemon -# -uuidd = module - -# Layer: services -# Module: varnishd -# -# Varnishd http accelerator daemon -# -varnishd = module - -# Layer: services -# Module: vdagent -# -# vdagent -# -vdagent = module - -# Layer: services -# Module: vhostmd -# -# vhostmd - spice guest agent daemon. -# -vhostmd = module - -# Layer: services -# Module: virt -# -# Virtualization libraries -# -virt = module - -# Layer: apps -# Module: vhostmd -# -# vlock - Virtual Console lock program -# -vlock = module - -# Layer: services -# Module: vmtools -# -# VMware Tools daemon -# -vmtools = module - -# Layer: apps -# Module: vmware -# -# VMWare Workstation virtual machines -# -vmware = module - -# Layer: services -# Module: vnstatd -# -# Network traffic Monitor -# -vnstatd = module - -# Layer: admin -# Module: vpn -# -# Virtual Private Networking client -# -vpn = module - -# Layer: services -# Module: w3c -# -# w3c -# -w3c = module - -# Layer: services -# Module: wdmd -# -# wdmd policy -# -wdmd = module - -# Layer: role -# Module: webadm -# -# Minimally prived root role for managing apache -# -webadm = module - -# Layer: apps -# Module: webalizer -# -# Web server log analysis -# -webalizer = module - -# Layer: apps -# Module: wine -# -# wine executable -# -wine = module - -# Layer: apps -# Module: wireshark -# -# wireshark executable -# -wireshark = module - -# Layer: system -# Module: xen -# -# virtualization software -# -xen = module - -# Layer: services -# Module: zabbix -# -# Open-source monitoring solution for your IT infrastructure -# -zabbix = module - -# Layer: services -# Module: zarafa -# -# Zarafa Collaboration Platform -# -zarafa = module - -# Layer: services -# Module: zebra -# -# Zebra border gateway protocol network routing service -# -zebra = module - -# Layer: services -# Module: zoneminder -# -# Zoneminder Camera Security Surveillance Solution -# -zoneminder = module - -# Layer: services -# Module: zosremote -# -# policy for z/OS Remote-services Audit dispatcher plugin -# -zosremote = module - -# Layer: contrib -# Module: thin -# -# Policy for thin -# -thin = module - -# Layer: contrib -# Module: mandb -# -# Policy for mandb -# -mandb = module - -# Layer: services -# Module: pki -# -# policy for pki -# -pki = module - -# Layer: services -# Module: smsd -# -# policy for smsd -# -smsd = module - -# Layer: contrib -# Module: pesign -# -# policy for pesign -# -pesign = module - -# Layer: contrib -# Module: nsd -# -# Fast and lean authoritative DNS Name Server -# -nsd = module - -# Layer: contrib -# Module: iodine -# -# Fast and lean authoritative DNS Name Server -# -iodine = module - -# Layer: contrib -# Module: openhpid -# -# OpenHPI daemon runs as a background process and accepts connecti -# -openhpid = module - -# Layer: contrib -# Module: watchdog -# -# Watchdog policy -# -watchdog = module - -# Layer: contrib -# Module: oracleasm -# -# oracleasm policy -# -oracleasm = module - -# Layer: contrib -# Module: redis -# -# redis policy -# -redis = module - -# Layer: contrib -# Module: hypervkvp -# -# hypervkvp policy -# -hypervkvp = module - -# Layer: contrib -# Module: lsm -# -# lsm policy -# -lsm = module - -# Layer: contrib -# Module: motion -# -# Daemon for detect motion using a video4linux device -motion = module - -# Layer: contrib -# Module: rtas -# -# rtas policy -# -rtas = module - -# Layer: contrib -# Module: journalctl -# -# journalctl policy -# -journalctl = module - -# Layer: contrib -# Module: gdomap -# -# gdomap policy -# -gdomap = module - -# Layer: contrib -# Module: minidlna -# -# minidlna policy -# -minidlna = module - -# Layer: contrib -# Module: minissdpd -# -# minissdpd policy -# -minissdpd = module - -# Layer: contrib -# Module: freeipmi -# -# Remote-Console (out-of-band) and System Management Software (in-band) -# based on IntelligentPlatform Management Interface specification -# -freeipmi = module - -# Layer: contrib -# Module: mirrormanager -# -# mirrormanager policy -# -mirrormanager = module - -# Layer: contrib -# Module: snapper -# -# snapper policy -# -snapper = module - -# Layer: contrib -# Module: pcp -# -# pcp policy -# -pcp = module - -# Layer: contrib -# Module: geoclue -# -# Add policy for Geoclue. Geoclue is a D-Bus service that provides location information -# -geoclue = module - -# Layer: contrib -# Module: rkhunter -# -# rkhunter policy for /var/lib/rkhunter -# -rkhunter = module - -# Layer: contrib -# Module: bacula -# -# bacula policy -# -bacula = module - -# Layer: contrib -# Module: rhnsd -# -# rhnsd policy -# -rhnsd = module - -# Layer: contrib -# Module: mongodb -# -# mongodb policy -# - -mongodb = module - -# Layer: contrib -# Module: iotop -# -# iotop policy -# - -iotop = module - -# Layer: contrib -# Module: kmscon -# -# kmscon policy -# - -kmscon = module - -# Layer: contrib -# Module: naemon -# -# naemon policy -# -naemon = module - -# Layer: contrib -# Module: brltty -# -# brltty policy -# -brltty = module - -# Layer: contrib -# Module: cpuplug -# -# cpuplug policy -# -cpuplug = module - -# Layer: contrib -# Module: mon_statd -# -# mon_statd policy -# -mon_statd = module - -# Layer: contrib -# Module: cinder -# -# openstack-cinder policy -# -cinder = module - -# Layer: contrib -# Module: linuxptp -# -# linuxptp policy -# -linuxptp = module - -# Layer: contrib -# Module: rolekit -# -# rolekit policy -# -rolekit = module - -# Layer: contrib -# Module: targetd -# -# targetd policy -# -targetd = module - -# Layer: contrib -# Module: hsqldb -# -# Hsqldb is transactional database engine with in-memory and disk-based tables, supporting embedded and server modes. -# -hsqldb = module - -# Layer: contrib -# Module: blkmapd -# -# The blkmapd daemon performs device discovery and mapping for pNFS block layout client. -# -blkmapd = module - -# Layer: contrib -# Module: pkcs11proxyd -# -# pkcs11proxyd policy -# -pkcs11proxyd = module - -# Layer: contrib -# Module: ipmievd -# -# IPMI event daemon for sending events to syslog -# -ipmievd = module - -# Layer: contrib -# Module: openfortivpn -# -# Fortinet compatible SSL VPN daemons. -# -openfortivpn = module - -# Layer: contrib -# Module: fwupd -# -# fwupd is a daemon to allow session software to update device firmware. -# -fwupd = module - -# Layer: contrib -# Module: lttng-tools -# -# LTTng 2.x central tracing registry session daemon. -# -lttng-tools = module - -# Layer: contrib -# Module: rkt -# -# CLI for running app containers -# -rkt = module - -# Layer: contrib -# Module: opendnssec -# -# opendnssec -# -opendnssec = module - -# Layer: contrib -# Module: hwloc -# -# hwloc -# -hwloc = module - -# Layer: contrib -# Module: sbd -# -# sbd -# -sbd = module - -# Layer: contrib -# Module: tlp -# -# tlp -# -tlp = module - -# Layer: contrib -# Module: conntrackd -# -# conntrackd -# -conntrackd = module - -# Layer: contrib -# Module: tangd -# -# tangd -# -tangd = module - -# Layer: contrib -# Module: ibacm -# -# ibacm -# -ibacm = module - -# Layer: contrib -# Module: opafm -# -# opafm -# -opafm = module - -# Layer: contrib -# Module: boltd -# -# boltd -# -boltd = module - -# Layer: contrib -# Module: kpatch -# -# kpatch -# -kpatch = module - -# Layer: contrib -# Module: timedatex -# -# timedatex -# -timedatex = module - -# Layer: contrib -# Module: rrdcached -# -# rrdcached -# -rrdcached = module - -# Layer: contrib -# Module: stratisd -# -# stratisd -# -stratisd = module - -# Layer: contrib -# Module: ica -# -# ica -# -ica = module - -# Layer: contrib -# Module: fedoratp -# -# fedoratp -# -fedoratp = module - -# Layer: contrib -# Module: insights_client -# -# insights_client -# -insights_client = module - -# Layer: contrib -# Module: stalld -# -# stalld -# -stalld = module - -# Layer: contrib -# Module: rhcd -# -# rhcd -# -rhcd = module - -# Layer: contrib -# Module: wireguard -# -# wireguard -# -wireguard = module - -# Layer: contrib -# Module: mptcpd -# -# mptcpd -# -mptcpd = module - -# Layer: contrib -# Module: rshim -# -# rshim -# -rshim = module - -# Layer: contrib -# Module: keyutils -# -# keyutils -# -keyutils = module - -# Layer: contrib -# Module: cifsutils -# -# cifsutils - Utilities for managing CIFS mounts -# -cifsutils = module - -# Layer: contrib -# Module: boothd -# -# boothd - Booth cluster ticket manager -# -boothd = module - -# Layer: contrib -# Module: kafs -# -# kafs - Tools for kAFS -# -kafs = module - -# Layer: contrib -# Module: bootupd -# -# bootupd - bootloader update daemon -# -bootupd = module - -# Layer: contrib -# Module: fdo -# -# fdo - fido device onboard protocol for IoT devices -# -fdo = module - -# Layer: contrib -# Module: qatlib -# -# qatlib - Intel QuickAssist technology library and resources management -# -qatlib = module - -# Layer: services -# Module: virt_supplementary -# -# non-libvirt virtualization libraries -# -virt_supplementary = module - -# Layer: contrib -# Module: nvme_stas -# -# nvme_stas -# -nvme_stas = module - -# Layer: contrib -# Module: coreos_installer -# -# coreos_installer -# -coreos_installer = module - -# Layer: contrib -# Module: afterburn -# -# afterburn -# -afterburn = module - -# Layer: contrib -# Module: iiosensorproxy -# -# Policy for iio-sensor-proxy - IIO sensors to D-Bus proxy -# -iiosensorproxy = module - -# Layer: contrib -# Module: pcm -# -# Policy for pcm - Intel(r) Performance Counter Monitor -# -# -pcm = module diff --git a/modules-targeted.conf b/modules-targeted.conf index 16f8f799..bc5edff6 100644 --- a/modules-targeted.conf +++ b/modules-targeted.conf @@ -1,15 +1,402 @@ +# Layer: kernel +# Module: bootloader # -# This file contains a listing of available modules. -# To prevent a module from being used in policy -# creation, set the module name to "off". +# Policy for the kernel modules, kernel image, and bootloader. +# +bootloader = module + +# Layer: kernel +# Module: corecommands +# Required in base # -# For monolithic policies, modules set to "base" and "module" -# will be built into the policy. +# Core policy for shells, and generic programs +# in /bin, /sbin, /usr/bin, and /usr/sbin. # -# For modular policies, modules set to "base" will be -# included in the base module. "module" will be compiled -# as individual loadable modules. +corecommands = base + +# Layer: kernel +# Module: corenetwork +# Required in base # +# Policy controlling access to network objects +# +corenetwork = base + +# Layer: admin +# Module: dmesg +# +# Policy for dmesg. +# +dmesg = module + +# Layer: admin +# Module: netutils +# +# Network analysis utilities +# +netutils = module + +# Layer: admin +# Module: sudo +# +# Execute a command with a substitute user +# +sudo = module + +# Layer: admin +# Module: su +# +# Run shells with substitute user and group +# +su = module + +# Layer: admin +# Module: usermanage +# +# Policy for managing user accounts. +# +usermanage = module + +# Layer: apps +# Module: seunshare +# +# seunshare executable +# +seunshare = module + +# Module: devices +# Required in base +# +# Device nodes and interfaces for many basic system devices. +# +devices = base + +# Module: domain +# Required in base +# +# Core policy for domains. +# +domain = base + +# Layer: system +# Module: userdomain +# +# Policy for user domains +# +userdomain = module + +# Module: files +# Required in base +# +# Basic filesystem types and interfaces. +# +files = base + +# Layer: system +# Module: miscfiles +# +# Miscelaneous files. +# +miscfiles = module + +# Module: filesystem +# Required in base +# +# Policy for filesystems. +# +filesystem = base + +# Module: kernel +# Required in base +# +# Policy for kernel threads, proc filesystem,and unlabeled processes and objects. +# +kernel = base + +# Module: mcs +# Required in base +# +# MultiCategory security policy +# +mcs = base + +# Module: mls +# Required in base +# +# Multilevel security policy +# +mls = base + +# Module: selinux +# Required in base +# +# Policy for kernel security interface, in particular, selinuxfs. +# +selinux = base + +# Layer: kernel +# Module: storage +# +# Policy controlling access to storage devices +# +storage = base + +# Module: terminal +# Required in base +# +# Policy for terminals. +# +terminal = base + +# Layer: kernel +# Module: ubac +# +# +# +ubac = base + +# Layer: kernel +# Module: unconfined +# +# The unlabelednet module. +# +unlabelednet = module + +# Layer: role +# Module: auditadm +# +# auditadm account on tty logins +# +auditadm = module + +# Layer: role +# Module: logadm +# +# Minimally prived root role for managing logging system +# +logadm = module + +# Layer: role +# Module: secadm +# +# secadm account on tty logins +# +secadm = module + +# Layer:role +# Module: sysadm_secadm +# +# System Administrator with Security Admin rules +# +sysadm_secadm = module + +# Module: staff +# +# admin account +# +staff = module + +# Layer:role +# Module: sysadm +# +# System Administrator +# +sysadm = module + +# Layer: role +# Module: unconfineduser +# +# The unconfined user domain. +# +unconfineduser = module + +# Layer: role +# Module: unprivuser +# +# Minimally privs guest account on tty logins +# +unprivuser = module + +# Layer: services +# Module: postgresql +# +# PostgreSQL relational database +# +postgresql = module + +# Layer: services +# Module: ssh +# +# Secure shell client and server policy. +# +ssh = module + +# Layer: services +# Module: xserver +# +# X windows login display manager +# +xserver = module + +# Module: application +# Required in base +# +# Defines attributs and interfaces for all user applications +# +application = module + +# Layer: system +# Module: authlogin +# +# Common policy for authentication and user login. +# +authlogin = module + +# Layer: system +# Module: clock +# +# Policy for reading and setting the hardware clock. +# +clock = module + +# Layer: system +# Module: fstools +# +# Tools for filesystem management, such as mkfs and fsck. +# +fstools = module + +# Layer: system +# Module: getty +# +# Policy for getty. +# +getty = module + +# Layer: system +# Module: hostname +# +# Policy for changing the system host name. +# +hostname = module + +# Layer: system +# Module: init +# +# System initialization programs (init and init scripts). +# +init = module + +# Layer: system +# Module: ipsec +# +# TCP/IP encryption +# +ipsec = module + +# Layer: system +# Module: iptables +# +# Policy for iptables. +# +iptables = module + +# Layer: system +# Module: libraries +# +# Policy for system libraries. +# +libraries = module + +# Layer: system +# Module: locallogin +# +# Policy for local logins. +# +locallogin = module + +# Layer: system +# Module: logging +# +# Policy for the kernel message logger and system logging daemon. +# +logging = module + +# Layer: system +# Module: lvm +# +# Policy for logical volume management programs. +# +lvm = module + +# Layer: system +# Module: modutils +# +# Policy for kernel module utilities +# +modutils = module + +# Layer: system +# Module: mount +# +# Policy for mount. +# +mount = module + +# Layer: system +# Module: netlabel +# +# Basic netlabel types and interfaces. +# +netlabel = module + +# Layer: system +# Module: selinuxutil +# +# Policy for SELinux policy and userland applications. +# +selinuxutil = module + +# Module: setrans +# Required in base +# +# Policy for setrans +# +setrans = module + +# Layer: system +# Module: sysnetwork +# +# Policy for network configuration: ifconfig and dhcp client. +# +sysnetwork = module + +# Layer: system +# Module: systemd +# +# Policy for systemd components +# +systemd = module + +# Layer: system +# Module: udev +# +# Policy for udev. +# +udev = module + +# Layer: system +# Module: unconfined +# +# The unconfined domain. +# +unconfined = module +# Layer: services +# Module: abrt +# +# Automatic bug detection and reporting tool +# +abrt = module # Layer: services # Module: accountsd @@ -25,6 +412,27 @@ accountsd = module # acct = module +# Layer: services +# Module: afs +# +# Andrew Filesystem server +# +afs = module + +# Layer: services +# Module: aiccu +# +# SixXS Automatic IPv6 Connectivity Client Utility +# +aiccu = module + +# Layer: services +# Module: aide +# +# Policy for aide +# +aide = module + # Layer: services # Module: ajaxterm # @@ -39,76 +447,6 @@ ajaxterm = module # alsa = module -# Layer: services -# Module: callweaver -# -# callweaver telephony sever -# -callweaver = module - -# Layer: services -# Module: cachefilesd -# -# CacheFiles userspace management daemon -# -cachefilesd = module - -# Layer: services -# Module: collectd -# -# Statistics collection daemon for filling RRD files -# -collectd = module - -# Layer: services -# Module: colord -# -# color device daemon -# -colord = module - -# Layer: services -# Module: couchdb -# -# Apache CouchDB database server -# -couchdb = module - -# Layer: apps -# Module: cpufreqselector -# -# cpufreqselector executable -# -cpufreqselector = module - -# Layer: apps -# Module: chrome -# -# chrome sandbox -# -chrome = module - -# Layer: module -# Module: awstats -# -# awstats executable -# -awstats = module - -# Layer: services -# Module: abrt -# -# Automatic bug detection and reporting tool -# -abrt = module - -# Layer: services -# Module: aiccu -# -# SixXS Automatic IPv6 Connectivity Client Utility -# -aiccu = module - # Layer: admin # Module: amanda # @@ -116,19 +454,12 @@ aiccu = module # amanda = module -# Layer: services -# Module: afs +# Layer: admin +# Module: amtu # -# Andrew Filesystem server +# Abstract Machine Test Utility (AMTU) # -afs = module - -# Layer: services -# Module: amavis -# -# Anti-virus -# -amavis = module +amtu = module # Layer: admin # Module: anaconda @@ -137,6 +468,13 @@ amavis = module # anaconda = module +# Layer: contrib +# Module: antivirus +# +# SELinux policy for antivirus programs +# +antivirus = module + # Layer: services # Module: apache # @@ -144,6 +482,13 @@ anaconda = module # apache = module +# Layer: services +# Module: apcupsd +# +# daemon for most APC’s UPS for Linux +# +apcupsd = module + # Layer: services # Module: apm # @@ -151,14 +496,6 @@ apache = module # apm = module -# Layer: system -# Module: application -# Required in base -# -# Defines attributs and interfaces for all user applications -# -application = module - # Layer: services # Module: arpwatch # @@ -166,20 +503,6 @@ application = module # arpwatch = module -# Layer: services -# Module: entropy -# -# Generate entropy from audio input -# -entropyd = module - -# Layer: system -# Module: authlogin -# -# Common policy for authentication and user login. -# -authlogin = module - # Layer: services # Module: asterisk # @@ -187,6 +510,13 @@ authlogin = module # asterisk = module +# Layer: contrib +# Module: authconfig +# +# Authorization configuration tool +# +authconfig = module + # Layer: services # Module: automount # @@ -201,6 +531,13 @@ automount = module # avahi = module +# Layer: module +# Module: awstats +# +# awstats executable +# +awstats = module + # Layer: services # Module: bcfg2 # @@ -208,13 +545,6 @@ avahi = module # bcfg2 = module -# Layer: services -# Module: boinc -# -# Berkeley Open Infrastructure for Network Computing -# -boinc = module - # Layer: services # Module: bind # @@ -222,40 +552,19 @@ boinc = module # bind = module -# Layer: services -# Module: bugzilla +# Layer: contrib +# Module: rngd # -# Bugzilla server +# Daemon used to feed random data from hardware device to kernel random device # -bugzilla = module +rngd = module # Layer: services -# Module: dirsrv +# Module: bitlbee # -# An 309 directory server +# An IRC to other chat networks gateway # -dirsrv = module - -# Layer: services -# Module: dirsrv-admin -# -# An 309 directory admin server -# -dirsrv-admin = module - -# Layer: services -# Module: dnsmasq -# -# A lightweight DHCP and caching DNS server. -# -dnsmasq = module - -# Layer: services -# Module: dnssec -# -# A dnssec server application -# -dnssec = module +bitlbee = module # Layer: services # Module: blueman @@ -271,20 +580,54 @@ blueman = module # bluetooth = module -# Layer: kernel -# Module: ubac +# Layer: services +# Module: boinc # -# -# -ubac = base +# Berkeley Open Infrastructure for Network Computing +# +boinc = module +# Layer: system +# Module: brctl # -# Layer: kernel -# Module: bootloader -# -# Policy for the kernel modules, kernel image, and bootloader. +# Utilities for configuring the linux ethernet bridge # -bootloader = module +brctl = module + +# Layer: services +# Module: bugzilla +# +# Bugzilla server +# +bugzilla = module + +# Layer: services +# Module: bumblebee +# +# Support NVIDIA Optimus technology under Linux +# +bumblebee = module + +# Layer: services +# Module: cachefilesd +# +# CacheFiles userspace management daemon +# +cachefilesd = module + +# Module: calamaris +# +# +# Squid log analysis +# +calamaris = module + +# Layer: services +# Module: callweaver +# +# callweaver telephony sever +# +callweaver = module # Layer: services # Module: canna @@ -300,14 +643,6 @@ canna = module # ccs = module -# Layer: apps -# Module: calamaris -# -# -# Squid log analysis -# -calamaris = module - # Layer: apps # Module: cdrecord # @@ -315,13 +650,6 @@ calamaris = module # cdrecord = module -# Layer: admin -# Module: certwatch -# -# Digital Certificate Tracking -# -certwatch = module - # Layer: admin # Module: certmaster # @@ -336,12 +664,33 @@ certmaster = module # certmonger = module -# Layer: services -# Module: cipe +# Layer: admin +# Module: certwatch # -# Encrypted tunnel daemon +# Digital Certificate Tracking # -cipe = module +certwatch = module + +# Layer: services +# Module: cfengine +# +# cfengine +# +cfengine = module + +# Layer: services +# Module: cgroup +# +# Tools and libraries to control and monitor control groups +# +cgroup = module + +# Layer: apps +# Module: chrome +# +# chrome sandbox +# +chrome = module # Layer: services # Module: chronyd @@ -350,6 +699,35 @@ cipe = module # chronyd = module +# Layer: services +# Module: cipe +# +# Encrypted tunnel daemon +# +cipe = module + + +# Layer: services +# Module: clogd +# +# clogd - clustered mirror log server +# +clogd = module + +# Layer: services +# Module: cloudform +# +# cloudform daemons +# +cloudform = module + +# Layer: services +# Module: cmirrord +# +# cmirrord - daemon providing device-mapper-base mirrors in a shared-storege cluster +# +cmirrord = module + # Layer: services # Module: cobbler # @@ -357,6 +735,20 @@ chronyd = module # cobbler = module +# Layer: services +# Module: collectd +# +# Statistics collection daemon for filling RRD files +# +collectd = module + +# Layer: services +# Module: colord +# +# color device daemon +# +colord = module + # Layer: services # Module: comsat # @@ -365,56 +757,39 @@ cobbler = module comsat = module # Layer: services -# Module: corosync -# -# Corosync Cluster Engine Executive +# Module: condor # -corosync = module +# policy for condor +# +condor = module # Layer: services -# Module: clamav +# Module: conman # -# ClamAV Virus Scanner -# -clamav = module - -# Layer: system -# Module: clock +# Conman is a program for connecting to remote consoles being managed by conmand # -# Policy for reading and setting the hardware clock. -# -clock = module +conman = module # Layer: services # Module: consolekit # # ConsoleKit is a system daemon for tracking what users are logged # -#consolekit = module +consolekit = module -# Layer: admin -# Module: consoletype +# Layer: services +# Module: couchdb # -# Determine of the console connected to the controlling terminal. +# Apache CouchDB database server # -consoletype = module +couchdb = module -# Layer: kernel -# Module: corecommands -# Required in base +# Layer: services +# Module: courier # -# Core policy for shells, and generic programs -# in /bin, /sbin, /usr/bin, and /usr/sbin. +# IMAP and POP3 email servers # -corecommands = base - -# Layer: kernel -# Module: corenetwork -# Required in base -# -# Policy controlling access to network objects -# -corenetwork = base +courier = module # Layer: services # Module: cpucontrol @@ -423,6 +798,13 @@ corenetwork = base # cpucontrol = module +# Layer: apps +# Module: cpufreqselector +# +# cpufreqselector executable +# +cpufreqselector = module + # Layer: services # Module: cron # @@ -435,7 +817,7 @@ cron = module # # Cluster Daemon # -ctdbd = module +ctdb = module # Layer: services # Module: cups @@ -472,6 +854,13 @@ cyrus = module # daemontools = module +# Layer: role +# Module: dbadm +# +# Minimally prived root role for managing databases +# +dbadm = module + # Layer: services # Module: dbskk # @@ -493,6 +882,13 @@ dbus = module # dcc = module +# Layer: services +# Module: ddclient +# +# Update dynamic IP address at DynDNS.org +# +ddclient = module + # Layer: admin # Module: ddcprobe # @@ -500,6 +896,13 @@ dcc = module # ddcprobe = off +# Layer: services +# Module: denyhosts +# +# script to help thwart ssh server attacks +# +denyhosts = module + # Layer: services # Module: devicekit # @@ -507,14 +910,6 @@ ddcprobe = off # devicekit = module -# Layer: kernel -# Module: devices -# Required in base -# -# Device nodes and interfaces for many basic system devices. -# -devices = base - # Layer: services # Module: dhcp # @@ -529,6 +924,20 @@ dhcp = module # dictd = module +# Layer: services +# Module: dirsrv-admin +# +# An 309 directory admin server +# +dirsrv-admin = module + +# Layer: services +# Module: dirsrv +# +# An 309 directory server +# +dirsrv = module + # Layer: services # Module: distcc # @@ -536,13 +945,6 @@ dictd = module # distcc = off -# Layer: admin -# Module: dmesg -# -# Policy for dmesg. -# -dmesg = module - # Layer: admin # Module: dmidecode # @@ -550,13 +952,26 @@ dmesg = module # dmidecode = module -# Layer: kernel -# Module: domain -# Required in base +# Layer: services +# Module: dnsmasq # -# Core policy for domains. +# A lightweight DHCP and caching DNS server. # -domain = base +dnsmasq = module + +# Layer: services +# Module: dnssec +# +# A dnssec server application +# +dnssec = module + +# Layer: services +# Module: dovecot +# +# Dovecot POP and IMAP mail server +# +dovecot = module # Layer: services # Module: drbd @@ -566,61 +981,25 @@ domain = base drbd = module # Layer: services -# Module: ddclient +# Module: dspam # -# Update dynamic IP address at DynDNS.org +# dspam - library and Mail Delivery Agent for Bayesian SPAM filtering # -ddclient = module +dspam = module # Layer: services -# Module: dovecot +# Module: entropy # -# Dovecot POP and IMAP mail server +# Generate entropy from audio input # -dovecot = module - -# Layer: apps -# Module: gitosis -# -# Policy for gitosis -# -gitosis = module - -# Layer: services -# Module: glance -# -# Policy for glance -# -glance = module - -# Layer: apps -# Module: gpg -# -# Policy for GNU Privacy Guard and related programs. -# -gpg = module +entropyd = module # Layer: services -# Module: gpsd -# -# gpsd monitor daemon +# Module: exim # +# exim mail server # -gpsd = module - -# Layer: services -# Module: git -# -# Policy for the stupid content tracker -# -git = module - -# Layer: services -# Module: gpm -# -# General Purpose Mouse driver -# -gpm = module +exim = module # Layer: services # Module: fail2ban @@ -629,6 +1008,13 @@ gpm = module # fail2ban = module +# Layer: services +# Module: fcoe +# +# fcoe +# +fcoe = module + # Layer: services # Module: fetchmail # @@ -636,22 +1022,6 @@ fail2ban = module # fetchmail = module -# Layer: kernel -# Module: files -# Required in base -# -# Basic filesystem types and interfaces. -# -files = base - -# Layer: kernel -# Module: filesystem -# Required in base -# -# Policy for filesystems. -# -filesystem = base - # Layer: services # Module: finger # @@ -659,13 +1029,12 @@ filesystem = base # finger = module -# Layer: admin -# Module: firstboot +# Layer: services +# Module: firewalld # -# Final system configuration run during the first boot -# after installation of Red Hat/Fedora systems. +# firewalld is firewall service daemon that provides dynamic customizable # -firstboot = module +firewalld = module # Layer: apps # Module: firewallgui @@ -674,6 +1043,13 @@ firstboot = module # firewallgui = module +# Module: firstboot +# +# Final system configuration run during the first boot +# after installation of Red Hat/Fedora systems. +# +firstboot = module + # Layer: services # Module: fprintd # @@ -681,12 +1057,12 @@ firewallgui = module # fprintd = module -# Layer: system -# Module: fstools +# Layer: services +# Module: freqset # -# Tools for filesystem management, such as mkfs and fsck. -# -fstools = module +# Utility for CPU frequency scaling +# +freqset = module # Layer: services # Module: ftp @@ -702,12 +1078,33 @@ ftp = module # games = module -# Layer: system -# Module: getty +# Layer: apps +# Module: gitosis # -# Policy for getty. +# Policy for gitosis # -getty = module +gitosis = module + +# Layer: services +# Module: git +# +# Policy for the stupid content tracker +# +git = module + +# Layer: services +# Module: glance +# +# Policy for glance +# +glance = module + +# Layer: contrib +# Module: glusterd +# +# policy for glusterd service +# +glusterd = module # Layer: apps # Module: gnome @@ -716,6 +1113,48 @@ getty = module # gnome = module +# Layer: apps +# Module: gpg +# +# Policy for GNU Privacy Guard and related programs. +# +gpg = module + +# Layer: services +# Module: gpm +# +# General Purpose Mouse driver +# +gpm = module + +# Module: gpsd +# +# gpsd monitor daemon +# +# +gpsd = module + +# Module: gssproxy +# +# A proxy for GSSAPI credential handling +# +# +gssproxy = module + +# Layer: role +# Module: guest +# +# Minimally privs guest account on tty logins +# +guest = module + +# Layer: role +# Module: xguest +# +# Minimally privs guest account on X Windows logins +# +xguest = module + # Layer: services # Module: hddtemp # @@ -724,60 +1163,25 @@ gnome = module hddtemp = module # Layer: services -# Module: passenger +# Module: hostapd # -# Passenger +# hostapd - IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator # -passenger = module +hostapd = module # Layer: services -# Module: policykit +# Module: i18n_input # -# Hardware abstraction layer +# IIIMF htt server # -policykit = module +i18n_input = off # Layer: services -# Module: puppet +# Module: icecast # -# A network tool for managing many disparate systems +# ShoutCast compatible streaming media server # -puppet = module - -# Layer: apps -# Module: ptchown -# -# helper function for grantpt(3), changes ownship and permissions of pseudotty -# -ptchown = module - -# Layer: services -# Module: psad -# -# Analyze iptables log for hostile traffic -# -psad = module - -# Layer: apps -# Module: pwauth -# -# External plugin for mod_authnz_external authenticator -# -pwauth = module - -# Layer: services -# Module: quantum -# -# Quantum is a virtual network service for Openstack -# -quantum = module - -# Layer: system -# Module: hostname -# -# Policy for changing the system host name. -# -hostname = module +icecast = module # Layer: services # Module: inetd @@ -786,13 +1190,6 @@ hostname = module # inetd = module -# Layer: system -# Module: init -# -# System initialization programs (init and init scripts). -# -init = module - # Layer: services # Module: inn # @@ -800,19 +1197,12 @@ init = module # inn = module -# Layer: system -# Module: iptables +# Layer: services +# Module: lircd # -# Policy for iptables. +# LIRC daemon - decodes infrared signals and provides them on a Unix domain socket. # -iptables = module - -# Layer: system -# Module: ipsec -# -# TCP/IP encryption -# -ipsec = module +lircd = module # Layer: apps # Module: irc @@ -835,19 +1225,12 @@ irqbalance = module # iscsi = module -# Layer: services -# Module: icecast +# Layer: system +# Module: isnsd # -# ShoutCast compatible streaming media server # -icecast = module - -# Layer: services -# Module: i18n_input -# -# IIIMF htt server # -i18n_input = off +isns = module # Layer: services # Module: jabber @@ -863,12 +1246,12 @@ jabber = module # jetty = module -# Layer: admin -# Module: kdump -# -# kdump is kernel crash dumping mechanism +# Layer: apps +# Module: jockey # -kdump = module +# policy for jockey-backend +# +jockey = module # Layer: apps # Module: kdumpgui @@ -877,12 +1260,12 @@ kdump = module # kdumpgui = module -# Layer: services -# Module: ksmtuned +# Layer: admin +# Module: kdump # -# Kernel Samepage Merging (KSM) Tuning Daemon +# kdump is kernel crash dumping mechanism # -ksmtuned = module +kdump = module # Layer: services # Module: kerberos @@ -891,13 +1274,40 @@ ksmtuned = module # kerberos = module -# Layer: kernel -# Module: kernel -# Required in base +# Layer: services +# Module: keepalived # -# Policy for kernel threads, proc filesystem,and unlabeled processes and objects. +# keepalived - load-balancing and high-availability service +# +keepalived = module + +# Module: keyboardd +# +# system-setup-keyboard is a keyboard layout daemon that monitors +# /etc/sysconfig/keyboard and writes out an xorg.conf.d snippet +# +keyboardd = module + +# Layer: services +# Module: keystone +# +# openstack-keystone +# +keystone = module + +# Layer: services +# Module: kismet +# +# Wireless sniffing and monitoring # -kernel = base +kismet = module + +# Layer: services +# Module: ksmtuned +# +# Kernel Samepage Merging (KSM) Tuning Daemon +# +ksmtuned = module # Layer: services # Module: ktalk @@ -911,7 +1321,7 @@ ktalk = module # # Layer 2 Tunnelling Protocol Daemon # -l2tpd = module +l2tp = module # Layer: services # Module: ldap @@ -927,12 +1337,19 @@ ldap = module # likewise = module -# Layer: system -# Module: libraries +# Layer: apps +# Module: livecd # -# Policy for system libraries. +# livecd creator # -libraries = module +livecd = module + +# Layer: services +# Module: lldpad +# +# lldpad - Link Layer Discovery Protocol (LLDP) agent daemon +# +lldpad = module # Layer: apps # Module: loadkeys @@ -941,13 +1358,6 @@ libraries = module # loadkeys = module -# Layer: system -# Module: locallogin -# -# Policy for local logins. -# -locallogin = module - # Layer: apps # Module: lockdev # @@ -955,13 +1365,6 @@ locallogin = module # lockdev = module -# Layer: system -# Module: logging -# -# Policy for the kernel message logger and system logging daemon. -# -logging = module - # Layer: admin # Module: logrotate # @@ -983,20 +1386,6 @@ logwatch = module # lpd = module -# Layer: services -# Module: lircd -# -# LIRC daemon - decodes infrared signals and provides them on a Unix domain socket. -# -lircd = module - -# Layer: system -# Module: lvm -# -# Policy for logical volume management programs. -# -lvm = module - # Layer: services # Module: mailman # @@ -1004,7 +1393,6 @@ lvm = module # mailman = module - # Layer: services # Module: mailman # @@ -1012,12 +1400,12 @@ mailman = module # mailscanner = module -# Layer: services -# Module: matahari -# -# Matahari system maangement tools +# Layer: apps +# Module: man2html +# +# policy for man2html apps # -matahari = module +man2html = module # Layer: admin # Module: mcelog @@ -1026,14 +1414,6 @@ matahari = module # mcelog = module -# Layer: kernel -# Module: mcs -# Required in base -# -# MultiCategory security policy -# -mcs = base - # Layer: apps # Module: mediawiki # @@ -1041,20 +1421,26 @@ mcs = base # mediawiki = module -# Layer: system -# Module: miscfiles +# Layer: services +# Module: memcached # -# Miscelaneous files. +# high-performance memory object caching system # -miscfiles = module +memcached = module -# Layer: kernel -# Module: mls -# Required in base +# Layer: services +# Module: milter # -# Multilevel security policy # -mls = base +# +milter = module + +# Layer: services +# Module: mip6d +# +# UMIP Mobile IPv6 and NEMO Basic Support protocol implementation +# +mip6d = module # Layer: services # Module: mock @@ -1063,6 +1449,13 @@ mls = base # mock = module +# Layer: services +# Module: modemmanager +# +# Manager for dynamically switching between modems. +# +modemmanager = module + # Layer: services # Module: mojomojo # @@ -1070,20 +1463,6 @@ mock = module # mojomojo = module -# Layer: system -# Module: modutils -# -# Policy for kernel module utilities -# -modutils = module - -# Layer: system -# Module: mount -# -# Policy for mount. -# -mount = module - # Layer: apps # Module: mozilla # @@ -1091,27 +1470,6 @@ mount = module # mozilla = module -# Layer: services -# Module: ntop -# -# Policy for ntop -# -ntop = module - -# Layer: services -# Module: nslcd -# -# Policy for nslcd -# -nslcd = module - -# Layer: services -# Module: modemmanager -# -# Manager for dynamically switching between modems. -# -modemmanager = module - # Layer: services # Module: mpd # @@ -1126,13 +1484,6 @@ mpd = module # mplayer = module -# Layer: apps -# Module: gpg -# -# Policy for Mozilla and related web browsers -# -gpg = module - # Layer: admin # Module: mrtg # @@ -1147,6 +1498,13 @@ mrtg = module # mta = module +# Layer: services +# Module: munin +# +# Munin +# +munin = module + # Layer: services # Module: mysql # @@ -1154,6 +1512,13 @@ mta = module # mysql = module +# Layer: contrib +# Module: mythtv +# +# Policy for Mythtv (Web Server) +# +mythtv = module + # Layer: services # Module: nagios # @@ -1161,12 +1526,12 @@ mysql = module # nagios = module -# Layer: admin -# Module: ncftool +# Layer: apps +# Module: namespace # -# Tool to modify the network configuration of a system -# -ncftool = module +# policy for namespace.init script +# +namespace = module # Layer: admin # Module: ncftool @@ -1175,13 +1540,6 @@ ncftool = module # ncftool = module -# Layer: admin -# Module: netutils -# -# Network analysis utilities -# -netutils = module - # Layer: services # Module: networkmanager # @@ -1189,6 +1547,13 @@ netutils = module # networkmanager = module +# Layer: services +# Module: ninfod +# +# Respond to IPv6 Node Information Queries +# +ninfod = module + # Layer: services # Module: nis # @@ -1196,6 +1561,12 @@ networkmanager = module # nis = module +# Layer: services +# Module: nova +# +# openstack-nova +# +nova = module # Layer: services # Module: nscd @@ -1204,6 +1575,19 @@ nis = module # nscd = module +# Layer: services +# Module: nslcd +# +# Policy for nslcd +# +nslcd = module + +# Layer: services +# Module: ntop +# +# Policy for ntop +# +ntop = module # Layer: services # Module: ntp @@ -1212,6 +1596,13 @@ nscd = module # ntp = module +# Layer: services +# Module: numad +# +# numad - user-level daemon that provides advice and managment for optimum use of CPUs and memory on systems with NUMA topology +# +numad = module + # Layer: services # Module: nut # @@ -1226,6 +1617,12 @@ nut = module # nx = module +# Layer: services +# Module: obex +# +# policy for obex-data-server +# +obex = module # Layer: services # Module: oddjob @@ -1241,6 +1638,33 @@ oddjob = module # openct = off +# Layer: service +# Module: openct +# +# Middleware framework for smart card terminals +# +openct = module + +# Layer: contrib +# Module: openshift-origin +# +# Origin version of openshift policy +# +openshift-origin = module +# Layer: contrib +# Module: openshift +# +# Core openshift policy +# +openshift = module + +# Layer: services +# Module: opensm +# +# InfiniBand subnet manager and administration (SM/SA) +# +opensm = module + # Layer: services # Module: openvpn # @@ -1248,6 +1672,59 @@ openct = off # openvpn = module +# Layer: contrib +# Module: openvswitch +# +# SELinux policy for openvswitch programs +# +openvswitch = module + +# Layer: services +# Module: openwsman +# +# WS-Management Server +# +openwsman = module + +# Layer: services +# Module: osad +# +# Client-side service written in Python that responds to pings +# +osad = module + +# Layer: contrib +# Module: prelude +# +# SELinux policy for prelude +# +prelude = module + +# Layer: contrib +# Module: prosody +# +# SELinux policy for prosody flexible communications server for Jabber/XMPP +# +prosody = module + +# Layer: services +# Module: pads +# +pads = module + +# Layer: services +# Module: passenger +# +# Passenger +# +passenger = module + +# Layer: system +# Module: pcmcia +# +# PCMCIA card management services +# +pcmcia = module # Layer: service # Module: pcscd @@ -1256,19 +1733,12 @@ openvpn = module # pcscd = module -# Layer: service -# Module: openct -# -# Middleware framework for smart card terminals +# Layer: services +# Module: pdns # -openct = module - -# Layer: system -# Module: pcmcia -# -# PCMCIA card management services +# PowerDNS DNS server # -pcmcia = module +pdns = module # Layer: services # Module: pegasus @@ -1277,6 +1747,12 @@ pcmcia = module # pegasus = module +# Layer: services +# Module: pingd +# +# +pingd = module + # Layer: services # Module: piranha # @@ -1284,12 +1760,40 @@ pegasus = module # piranha = module -# Layer: services -# Module: postgresql +# Layer: contrib +# Module: pkcs +# +# daemon manages PKCS#11 objects between PKCS#11-enabled applications # -# PostgreSQL relational database +pkcs = module + +# Layer: services +# Module: plymouthd +# +# Plymouth # -postgresql = module +plymouthd = module + +# Layer: apps +# Module: podsleuth +# +# Podsleuth probes, identifies, and exposes properties and metadata bound to iPods. +# +podsleuth = module + +# Layer: services +# Module: policykit +# +# Hardware abstraction layer +# +policykit = module + +# Layer: services +# Module: polipo +# +# polipo +# +polipo = module # Layer: services # Module: portmap @@ -1298,6 +1802,13 @@ postgresql = module # portmap = module +# Layer: services +# Module: portreserve +# +# reserve ports to prevent portmap mapping them +# +portreserve = module + # Layer: services # Module: postfix # @@ -1326,13 +1837,6 @@ ppp = module # prelink = module -# Layer: services -# Module: procmail -# -# Procmail mail delivery agent -# -procmail = module - # Layer: services # Module: privoxy # @@ -1341,11 +1845,25 @@ procmail = module privoxy = module # Layer: services -# Module: publicfile +# Module: procmail # -# publicfile supplies files to the public through HTTP and FTP +# Procmail mail delivery agent # -publicfile = module +procmail = module + +# Layer: services +# Module: psad +# +# Analyze iptables log for hostile traffic +# +psad = module + +# Layer: apps +# Module: ptchown +# +# helper function for grantpt(3), changes ownship and permissions of pseudotty +# +ptchown = module # Layer: apps # Module: pulseaudio @@ -1354,6 +1872,20 @@ publicfile = module # pulseaudio = module +# Layer: services +# Module: puppet +# +# A network tool for managing many disparate systems +# +puppet = module + +# Layer: apps +# Module: pwauth +# +# External plugin for mod_authnz_external authenticator +# +pwauth = module + # Layer: services # Module: qmail # @@ -1368,6 +1900,13 @@ qmail = module # qpid = module +# Layer: services +# Module: quantum +# +# Quantum is a virtual network service for Openstack +# +quantum = module + # Layer: admin # Module: quota # @@ -1375,12 +1914,12 @@ qpid = module # quota = module -# Layer: system -# Module: raid +# Layer: services +# Module: rabbitmq # -# RAID array management tools -# -raid = module +# rabbitmq daemons +# +rabbitmq = module # Layer: services # Module: radius @@ -1396,6 +1935,27 @@ radius = module # radvd = module +# Layer: system +# Module: raid +# +# RAID array management tools +# +raid = module + +# Layer: services +# Module: rasdaemon +# +# The rasdaemon program is a daemon with monitors the RAS trace events from /sys/kernel/debug/tracing +# +rasdaemon = module + +# Layer: services +# Module: rdisc +# +# Network router discovery daemon +# +rdisc = module + # Layer: admin # Module: readahead # @@ -1403,12 +1963,19 @@ radvd = module # readahead = module +# Layer: contrib +# Module: stapserver +# +# dbus system service which manages discovery and enrollment in realms and domains like Active Directory or IPA +# +realmd = module + # Layer: services -# Module: rgmanager +# Module: remotelogin # -# Red Hat Resource Group Manager -# -rgmanager = module +# Policy for rshd, rlogind, and telnetd. +# +remotelogin = module # Layer: services # Module: rhcs @@ -1418,33 +1985,12 @@ rgmanager = module rhcs = module # Layer: services -# Module: aisexec +# Module: rhev # -# RHCS - Red Hat Cluster Suite +# rhev policy module contains policies for rhev apps # -aisexec = module - -# Layer: services -# Module: rgmanager -# -# rgmanager -# -rgmanager = module +rhev = module -# Layer: services -# Module: clogd -# -# clogd - clustered mirror log server -# -clogd = module - -# Layer: services -# Module: cmirrord -# -# cmirrord - daemon providing device-mapper-base mirrors in a shared-storege cluster -# -cmirrord = module - # Layer: services # Module: rhgb # @@ -1453,18 +1999,11 @@ cmirrord = module rhgb = module # Layer: services -# Module: rdisc +# Module: rhsmcertd # -# Network router discovery daemon -# -rdisc = module - -# Layer: services -# Module: remotelogin +# Subscription Management Certificate Daemon policy # -# Policy for rshd, rlogind, and telnetd. -# -remotelogin = module +rhsmcertd = module # Layer: services # Module: ricci @@ -1487,6 +2026,13 @@ rlogin = module # roundup = module +# Layer: services +# Module: rpcbind +# +# universal addresses to RPC program number mapper +# +rpcbind = module + # Layer: services # Module: rpc # @@ -1501,7 +2047,6 @@ rpc = module # rpm = module - # Layer: services # Module: rshd # @@ -1509,6 +2054,13 @@ rpm = module # rshd = module +# Layer: apps +# Module: rssh +# +# Restricted (scp/sftp) only shell +# +rssh = module + # Layer: services # Module: rsync # @@ -1530,8 +2082,13 @@ rtkit = module # rwho = module -# Layer: services -# Module: samba +# Layer: apps +# Module: sambagui +# +# policy for system-config-samba +# +sambagui = module + # # SMB and CIFS client/server programs for UNIX and # name Service Switch daemon for resolving names @@ -1540,18 +2097,18 @@ rwho = module samba = module # Layer: apps -# Module: sambagui +# Module: sandbox # -# policy for system-config-samba +# Policy for running apps within a sandbox # -sambagui = module +sandbox = module # Layer: apps # Module: sandbox # -# Experimental policy for running apps within a sandbox +# Policy for running apps within a X sandbox # -sandbox = module +sandboxX = module # Layer: services # Module: sanlock @@ -1567,6 +2124,13 @@ sanlock = module # sasl = module +# Layer: services +# Module: sblim +# +# sblim +# +sblim = module + # Layer: apps # Module: screen # @@ -1574,49 +2138,6 @@ sasl = module # screen = module -# Layer: kernel -# Module: selinux -# Required in base -# -# Policy for kernel security interface, in particular, selinuxfs. -# -selinux = base - -# Layer: system -# Module: selinuxutil -# -# Policy for SELinux policy and userland applications. -# -selinuxutil = module - -# Layer: services -# Module: sendmail -# -# Policy for sendmail. -# -sendmail = module - -# Layer: apps -# Module: seunshare -# -# seunshare executable -# -seunshare = module - -# Layer: admin -# Module: shorewall -# -# Policy for shorewall -# -shorewall = module - -# Layer: admin -# Module: shutdown -# -# Policy for shutdown -# -shutdown = module - # Layer: admin # Module: sectoolm # @@ -1624,13 +2145,19 @@ shutdown = module # sectoolm = module -# Layer: system -# Module: setrans -# Required in base +# Layer: services +# Module: sendmail # -# Policy for setrans +# Policy for sendmail. # -setrans = module +sendmail = module + +# Layer: contrib +# Module: sensord +# +# Sensor information logging daemon +# +sensord = module # Layer: services # Module: setroubleshoot @@ -1640,11 +2167,18 @@ setrans = module setroubleshoot = module # Layer: services -# Module: slrnpull -# -# Service for downloading news feeds the slrn newsreader. +# Module: sge # -slrnpull = off +# policy for grindengine MPI jobs +# +sge = module + +# Layer: admin +# Module: shorewall +# +# Policy for shorewall +# +shorewall = module # Layer: apps # Module: slocate @@ -1653,6 +2187,20 @@ slrnpull = off # slocate = module +# Layer: contrib +# Module: slpd +# +# OpenSLP server daemon to dynamically register services +# +slpd = module + +# Layer: services +# Module: slrnpull +# +# Service for downloading news feeds the slrn newsreader. +# +slrnpull = off + # Layer: services # Module: smartmon # @@ -1681,6 +2229,27 @@ smoltclient = module # snmp = module +# Layer: services +# Module: snort +# +# Snort network intrusion detection system +# +snort = module + +# Layer: admin +# Module: sosreport +# +# sosreport debuggin information generator +# +sosreport = module + +# Layer: services +# Module: soundserver +# +# sound server for network audio server programs, nasd, yiff, etc +# +soundserver = module + # Layer: services # Module: spamassassin # @@ -1688,6 +2257,13 @@ snmp = module # spamassassin = module +# Layer: services +# Module: speech-dispatcher +# +# speech-dispatcher - server process managing speech requests in Speech Dispatcher +# +speech-dispatcher = module + # Layer: services # Module: squid # @@ -1695,13 +2271,6 @@ spamassassin = module # squid = module -# Layer: services -# Module: ssh -# -# Secure shell client and server policy. -# -ssh = module - # Layer: services # Module: sssd # @@ -1709,12 +2278,19 @@ ssh = module # sssd = module -# Layer: kernel -# Module: storage +# Layer: services +# Module: sslh # -# Policy controlling access to storage devices +# Applicative protocol(SSL/SSH) multiplexer # -storage = base +sslh = module + +# Layer: contrib +# Module: stapserver +# +# Instrumentation System Server +# +stapserver = module # Layer: services # Module: stunnel @@ -1723,34 +2299,19 @@ storage = base # stunnel = module -# Layer: admin -# Module: su -# -# Run shells with substitute user and group +# Layer: services +# Module: svnserve +# +# policy for subversion service # -su = module +svnserve = module -# Layer: admin -# Module: sudo +# Layer: services +# Module: swift # -# Execute a command with a substitute user -# -sudo = module - -# Layer: system -# Module: systemd +# openstack-swift # -# Policy for systemd components -# -systemd = module - -# Layer: system -# Module: sysnetwork -# -# Policy for network configuration: ifconfig and dhcp client. -# -sysnetwork = module - +swift = module # Layer: services # Module: sysstat @@ -1773,6 +2334,27 @@ tcpd = module # tcsd = module +# Layer: apps +# Module: telepathy +# +# telepathy - Policy for Telepathy framework +# +telepathy = module + +# Layer: services +# Module: telnet +# +# Telnet daemon +# +telnet = module + +# Layer: services +# Module: tftp +# +# Trivial file transfer protocol daemon +# +tftp = module + # Layer: services # Module: tgtd # @@ -1787,105 +2369,26 @@ tgtd = module # thumb = module -# Layer: system -# Module: udev -# -# Policy for udev. -# -udev = module - # Layer: services -# Module: usbmuxd +# Module: timidity # -# Daemon for communicating with Apple's iPod Touch and iPhone +# MIDI to WAV converter and player configured as a service # -usbmuxd = module +timidity = off -# Layer: system -# Module: userdomain +# Layer: admin +# Module: tmpreaper # -# Policy for user domains +# Manage temporary directory sizes and file ages # -userdomain = module +tmpreaper = module -# Layer: system -# Module: unconfined +# Layer: contrib +# Module: glusterd +# +# policy for tomcat service # -# The unconfined domain. -# -unconfined = module - - -# Layer: kernel -# Module: unconfined -# -# The unlabelednet module. -# -unlabelednet = module - -# Layer: services -# Module: ulogd -# -# netfilter/iptables ULOG daemon -# -ulogd = module - -# Layer: services -# Module: vdagent -# -# vdagent -# -vdagent = module - -# Layer: services -# Module: vhostmd -# -# vhostmd - spice guest agent daemon. -# -vhostmd = module - -# Layer: apps -# Module: vhostmd -# -# vlock - Virtual Console lock program -# -vlock = module - -# Layer: services -# Module: wdmd -# -# wdmd policy -# -wdmd = module - -# Layer: apps -# Module: wine -# -# wine executable -# -wine = module - -# Layer: apps -# Module: wireshark -# -# wireshark executable -# -wireshark = module - -# Layer: apps -# Module: telepathy -# -# telepathy - Policy for Telepathy framework -# -telepathy = module - -# Layer: apps -# Module: userhelper -# -# A helper interface to pam. -# -userhelper = module - +tomcat = module # Layer: services # Module: tor # @@ -1893,6 +2396,13 @@ userhelper = module # tor = module +# Layer: services +# Module: tuned +# +# Dynamic adaptive system tuning daemon +# +tuned = module + # Layer: apps # Module: tvtime # @@ -1900,6 +2410,13 @@ tor = module # tvtime = module +# Layer: services +# Module: ulogd +# +# netfilter/iptables ULOG daemon +# +ulogd = module + # Layer: apps # Module: uml # @@ -1907,6 +2424,13 @@ tvtime = module # uml = module +# Layer: admin +# Module: updfstab +# +# Red Hat utility to change /etc/fstab. +# +updfstab = module + # Layer: admin # Module: usbmodules # @@ -1914,6 +2438,20 @@ uml = module # usbmodules = module +# Layer: services +# Module: usbmuxd +# +# Daemon for communicating with Apple's iPod Touch and iPhone +# +usbmuxd = module + +# Layer: apps +# Module: userhelper +# +# A helper interface to pam. +# +userhelper = module + # Layer: apps # Module: usernetctl # @@ -1921,69 +2459,6 @@ usbmodules = module # usernetctl = module -# Layer: system -# Module: xen -# -# virtualization software -# -xen = module - -# Layer: services -# Module: varnishd -# -# Varnishd http accelerator daemon -# -varnishd = module - -# Layer: services -# Module: virt -# -# Virtualization libraries -# -virt = module - -# Layer: services -# Module: vnstatd -# -# Network traffic Monitor -# -vnstatd = module - -# Layer: system -# Module: brctl -# -# Utilities for configuring the linux ethernet bridge -# -brctl = module - -# Layer: services -# Module: telnet -# -# Telnet daemon -# -telnet = module - -# Layer: services -# Module: timidity -# -# MIDI to WAV converter and player configured as a service -# -timidity = off - -# Layer: services -# Module: tftp -# -# Trivial file transfer protocol daemon -# -tftp = module - -# Layer: services -# Module: tuned -# -# Dynamic adaptive system tuning daemon -# -tuned = module - # Layer: services # Module: uucp # @@ -1998,6 +2473,90 @@ uucp = module # uuidd = module +# Layer: services +# Module: varnishd +# +# Varnishd http accelerator daemon +# +varnishd = module + +# Layer: services +# Module: vdagent +# +# vdagent +# +vdagent = module + +# Layer: services +# Module: vhostmd +# +# vhostmd - spice guest agent daemon. +# +vhostmd = module + +# Layer: services +# Module: virt +# +# Virtualization libraries +# +virt = module + +# Layer: apps +# Module: vhostmd +# +# vlock - Virtual Console lock program +# +vlock = module + +# Layer: services +# Module: vmtools +# +# VMware Tools daemon +# +vmtools = module + +# Layer: apps +# Module: vmware +# +# VMWare Workstation virtual machines +# +vmware = module + +# Layer: services +# Module: vnstatd +# +# Network traffic Monitor +# +vnstatd = module + +# Layer: admin +# Module: vpn +# +# Virtual Private Networking client +# +vpn = module + +# Layer: services +# Module: w3c +# +# w3c +# +w3c = module + +# Layer: services +# Module: wdmd +# +# wdmd policy +# +wdmd = module + +# Layer: role +# Module: webadm +# +# Minimally prived root role for managing apache +# +webadm = module + # Layer: apps # Module: webalizer # @@ -2005,12 +2564,33 @@ uuidd = module # webalizer = module -# Layer: services -# Module: xserver +# Layer: apps +# Module: wine # -# X windows login display manager +# wine executable # -xserver = module +wine = module + +# Layer: apps +# Module: wireshark +# +# wireshark executable +# +wireshark = module + +# Layer: system +# Module: xen +# +# virtualization software +# +xen = module + +# Layer: services +# Module: zabbix +# +# Open-source monitoring solution for your IT infrastructure +# +zabbix = module # Layer: services # Module: zarafa @@ -2033,306 +2613,6 @@ zebra = module # zoneminder = module -# Layer: admin -# Module: usermanage -# -# Policy for managing user accounts. -# -usermanage = module - -# Layer: admin -# Module: updfstab -# -# Red Hat utility to change /etc/fstab. -# -updfstab = module - -# Layer: admin -# Module: vpn -# -# Virtual Private Networking client -# -vpn = module - -# Layer: kernel -# Module: terminal -# Required in base -# -# Policy for terminals. -# -terminal = base - -# Layer: admin -# Module: tmpreaper -# -# Manage temporary directory sizes and file ages -# -tmpreaper = module - -# Layer: admin -# Module: amtu -# -# Abstract Machine Test Utility (AMTU) -# -amtu = module - -# Layer: services -# Module: zabbix -# -# Open-source monitoring solution for your IT infrastructure -# -zabbix = module - -# Layer: services -# Module: apcupsd -# -# daemon for most APC’s UPS for Linux -# -apcupsd = module - -# Layer: services -# Module: aide -# -# Policy for aide -# -aide = module - -# Layer: services -# Module: w3c -# -# w3c -# -w3c = module - -# Layer: services -# Module: plymouthd -# -# Plymouth -# -plymouthd = module - -# Layer: services -# Module: portreserve -# -# reserve ports to prevent portmap mapping them -# -portreserve = module - -# Layer: services -# Module: rpcbind -# -# universal addresses to RPC program number mapper -# -rpcbind = module - -# Layer: apps -# Module: rssh -# -# Restricted (scp/sftp) only shell -# -rssh = module - -# Layer: apps -# Module: vmware -# -# VMWare Workstation virtual machines -# -vmware = module - -# Layer: role -# Module: dbadm -# -# Minimally prived root role for managing databases -# -dbadm = module - -# Layer: role -# Module: logadm -# -# Minimally prived root role for managing logging system -# -logadm = module - -# Layer: role -# Module: secadm -# -# secadm account on tty logins -# -secadm = module - -# Layer: role -# Module: auditadm -# -# auditadm account on tty logins -# -auditadm = module - - -# Layer: role -# Module: webadm -# -# Minimally prived root role for managing apache -# -webadm = module - -# -# Layer: services -# Module: exim -# -# exim mail server -# -exim = module - - -# Layer: services -# Module: kismet -# -# Wireless sniffing and monitoring -# -kismet = module - -# Layer: services -# Module: munin -# -# Munin -# -munin = module - -# Layer: services -# Module: bitlbee -# -# An IRC to other chat networks gateway -# -bitlbee = module - -# Layer: admin -# Module: sosreport -# -# sosreport debuggin information generator -# -sosreport = module - -# Layer: services -# Module: soundserver -# -# sound server for network audio server programs, nasd, yiff, etc -# -soundserver = module - -# Layer: role -# Module: unconfineduser -# -# The unconfined user domain. -# -unconfineduser = module - -# Module: staff -# -# admin account -# -staff = module - -# Layer:role -# Module: sysadm -# -# System Administrator -# -sysadm = module - -# Layer:role -# Module: sysadm_secadm -# -# System Administrator with Security Admin rules -# -sysadm_secadm = module - -# Layer: role -# Module: unprivuser -# -# Minimally privs guest account on tty logins -# -unprivuser = module - -# Layer: services -# Module: prelude -# -prelude = module - -# Layer: services -# Module: pads -# -pads = module - -# Layer: apps -# Module: podsleuth -# -# Podsleuth probes, identifies, and exposes properties and metadata bound to iPods. -# -podsleuth = module - -# Layer: role -# Module: guest -# -# Minimally privs guest account on tty logins -# -guest = module - -# Layer: role -# Module: xguest -# -# Minimally privs guest account on X Windows logins -# -xguest = module - -# Layer: services -# Module: cgroup -# -# Tools and libraries to control and monitor control groups -# -cgroup = module - -# Layer: services -# Module: courier -# -# IMAP and POP3 email servers -# -courier = module - -# Layer: services -# Module: denyhosts -# -# script to help thwart ssh server attacks -# -denyhosts = module - -# Layer: apps -# Module: livecd -# -# livecd creator -# -livecd = module - -# Layer: services -# Module: snort -# -# Snort network intrusion detection system -# -snort = module - -# Layer: services -# Module: memcached -# -# high-performance memory object caching system -# -memcached = module - -# Layer: system -# Module: netlabel -# -# Basic netlabel types and interfaces. -# -netlabel = module - # Layer: services # Module: zosremote # @@ -2340,229 +2620,421 @@ netlabel = module # zosremote = module -# Layer: services -# Module: pingd -# +# Layer: contrib +# Module: thin # -pingd = module - -# Layer: services -# Module: milter -# +# Policy for thin # -# -milter = module - -# Layer: services -# Module: keyboardd -# -# system-setup-keyboard is a keyboard layout daemon that monitors -# /etc/sysconfig/keyboard and writes out an xorg.conf.d snippet -# -keyboardd = module - -# Layer: services -# Module: keystone -# -# openstack-keystone -# -keystone = module - -# Layer: services -# Module: firewalld -# -# firewalld is firewall service daemon that provides dynamic customizable -# -firewalld = module - -# Layer: apps -# Module: namespace -# -# policy for namespace.init script -# -namespace = module - -# Layer: services -# Module: rhev -# -# rhev policy module contains policies for rhev apps -# -rhev = module - -# Layer: services -# Module: dspam -# -# dspam - library and Mail Delivery Agent for Bayesian SPAM filtering -# -dspam = module - -# Layer: services -# Module: lldpad -# -# lldpad - Link Layer Discovery Protocol (LLDP) agent daemon -# -lldpad = module - -# Layer: services -# Module: rhsmcertd -# -# Subscription Management Certificate Daemon policy -# -rhsmcertd = module - -# Layer: services -# Module: ctdbd -# -# ctdbd - The CTDB cluster daemon -# -ctdbd = module - -# Layer: services -# Module: fcoemon -# -# fcoemon -# -fcoemon = module - -# Layer: services -# Module: sblim -# -# sblim -# -sblim = module - -# Layer: services -# Module: cfengine -# -# cfengine -# -cfengine = module - -# Layer: services -# Module: pacemaker -# -# pacemaker -# -pacemaker = module - -# Layer: services -# Module: polipo -# -# polipo -# -polipo = module - -# Layer: services -# Module: nova -# -# openstack-nova -# -nova = module - -# Layer: services -# Module: rabbitmq -# -# rabbitmq daemons -# -rabbitmq = module - -# Layer: services -# Module: cloudform -# -# cloudform daemons -# -cloudform = module - -# Layer: services -# Module: obex -# -# policy for obex-data-server -# -obex = module - -# Layer: services -# Module: sge -# -# policy for grindengine MPI jobs -# -sge = module - -# Layer: apps -# Module: jockey -# -# policy for jockey-backend -# -jockey = module - -# Layer: services -# Module: numad -# -# numad - user-level daemon that provides advice and managment for optimum use of CPUs and memory on systems with NUMA topology -# -numad = module - -# Layer: services -# Module: condor -# -# policy for condor -# -condor = module - -# Layer: services -# Module: svnserve -# -# policy for subversion service -# -svnserve = module - -# Layer: apps -# Module: man2html -# -# policy for man2html apps -# -man2html = module +thin = module # Layer: contrib -# Module: glusterd -# -# policy for glusterd service +# Module: mandb +# +# Policy for mandb +# +mandb = module + +# Layer: services +# Module: pki # -glusterd = module +# policy for pki +# +pki = module + +# Layer: services +# Module: smsd +# +# policy for smsd +# +smsd = module # Layer: contrib -# Module: glusterd -# -# policy for tomcat service +# Module: pesign # -tomcat = module +# policy for pesign +# +pesign = module # Layer: contrib -# Module: php-fpm -# -# PHP-FPM is an alternative PHP FastCGI implementation +# Module: nsd # -phpfpm = module +# Fast and lean authoritative DNS Name Server +# +nsd = module # Layer: contrib -# Module: stapserver -# -# Instrumentation System Server +# Module: iodine # -stapserver = module +# Fast and lean authoritative DNS Name Server +# +iodine = module # Layer: contrib -# Module: stapserver -# -# dbus system service which manages discovery and enrollment in realms and domains like Active Directory or IPA +# Module: openhpid +# +# OpenHPI daemon runs as a background process and accepts connecti # -realmd = module +openhpid = module # Layer: contrib -# Module: docker -# -# The open-source application container engine +# Module: watchdog +# +# Watchdog policy # -docker = module +watchdog = module + +# Layer: contrib +# Module: oracleasm +# +# oracleasm policy +# +oracleasm = module + +# Layer: contrib +# Module: redis +# +# redis policy +# +redis = module + +# Layer: contrib +# Module: hypervkvp +# +# hypervkvp policy +# +hypervkvp = module + +# Layer: contrib +# Module: lsm +# +# lsm policy +# +lsm = module + +# Layer: contrib +# Module: motion +# +# Daemon for detect motion using a video4linux device +motion = module + +# Layer: contrib +# Module: rtas +# +# rtas policy +# +rtas = module + +# Layer: contrib +# Module: journalctl +# +# journalctl policy +# +journalctl = module + +# Layer: contrib +# Module: gdomap +# +# gdomap policy +# +gdomap = module + +# Layer: contrib +# Module: minidlna +# +# minidlna policy +# +minidlna = module + +# Layer: contrib +# Module: minissdpd +# +# minissdpd policy +# +minissdpd = module + +# Layer: contrib +# Module: freeipmi +# +# Remote-Console (out-of-band) and System Management Software (in-band) +# based on IntelligentPlatform Management Interface specification +# +freeipmi = module + +# Layer: contrib +# Module: mirrormanager +# +# mirrormanager policy +# +mirrormanager = module + +# Layer: contrib +# Module: snapper +# +# snapper policy +# +snapper = module + +# Layer: contrib +# Module: pcp +# +# pcp policy +# +pcp = module + +# Layer: contrib +# Module: geoclue +# +# Add policy for Geoclue. Geoclue is a D-Bus service that provides location information +# +geoclue = module + +# Layer: contrib +# Module: rkhunter +# +# rkhunter policy for /var/lib/rkhunter +# +rkhunter = module + +# Layer: contrib +# Module: bacula +# +# bacula policy +# +bacula = module + +# Layer: contrib +# Module: rhnsd +# +# rhnsd policy +# +rhnsd = module + +# Layer: contrib +# Module: mongodb +# +# mongodb policy +# + +mongodb = module + +# Layer: contrib +# Module: iotop +# +# iotop policy +# + +iotop = module + +# Layer: contrib +# Module: kmscon +# +# kmscon policy +# + +kmscon = module + +# Layer: contrib +# Module: naemon +# +# naemon policy +# +naemon = module + +# Layer: contrib +# Module: brltty +# +# brltty policy +# +brltty = module + +# Layer: contrib +# Module: cpuplug +# +# cpuplug policy +# +cpuplug = module + +# Layer: contrib +# Module: mon_statd +# +# mon_statd policy +# +mon_statd = module + +# Layer: contrib +# Module: cinder +# +# openstack-cinder policy +# +cinder = module + +# Layer: contrib +# Module: linuxptp +# +# linuxptp policy +# +linuxptp = module + +# Layer: contrib +# Module: rolekit +# +# rolekit policy +# +rolekit = module + +# Layer: contrib +# Module: targetd +# +# targetd policy +# +targetd = module + +# Layer: contrib +# Module: hsqldb +# +# Hsqldb is transactional database engine with in-memory and disk-based tables, supporting embedded and server modes. +# +hsqldb = module + +# Layer: contrib +# Module: blkmapd +# +# The blkmapd daemon performs device discovery and mapping for pNFS block layout client. +# +blkmapd = module + +# Layer: contrib +# Module: pkcs11proxyd +# +# pkcs11proxyd policy +# +pkcs11proxyd = module + +# Layer: contrib +# Module: ipmievd +# +# IPMI event daemon for sending events to syslog +# +ipmievd = module + +# Layer: contrib +# Module: openfortivpn +# +# Fortinet compatible SSL VPN daemons. +# +openfortivpn = module + +# Layer: contrib +# Module: fwupd +# +# fwupd is a daemon to allow session software to update device firmware. +# +fwupd = module + +# Layer: contrib +# Module: lttng-tools +# +# LTTng 2.x central tracing registry session daemon. +# +lttng-tools = module + +# Layer: contrib +# Module: rkt +# +# CLI for running app containers +# +rkt = module + +# Layer: contrib +# Module: opendnssec +# +# opendnssec +# +opendnssec = module + +# Layer: contrib +# Module: hwloc +# +# hwloc +# +hwloc = module + +# Layer: contrib +# Module: sbd +# +# sbd +# +sbd = module + +# Layer: contrib +# Module: tlp +# +# tlp +# +tlp = module + +# Layer: contrib +# Module: conntrackd +# +# conntrackd +# +conntrackd = module + +# Layer: contrib +# Module: tangd +# +# tangd +# +tangd = module + +# Layer: contrib +# Module: ibacm +# +# ibacm +# +ibacm = module + +# Layer: contrib +# Module: opafm +# +# opafm +# +opafm = module + +# Layer: contrib +# Module: boltd +# +# boltd +# +boltd = module + +# Layer: contrib +# Module: kpatch +# +# kpatch +# +kpatch = module + +# Layer: contrib +# Module: timedatex +# +# timedatex +# +timedatex = module + +# Layer: contrib +# Module: rrdcached +# +# rrdcached +# +rrdcached = module + +# Layer: contrib +# Module: stratisd +# +# stratisd +# +stratisd = module # Layer: contrib # Module: ica @@ -2570,3 +3042,136 @@ docker = module # ica # ica = module + +# Layer: contrib +# Module: fedoratp +# +# fedoratp +# +fedoratp = module + +# Layer: contrib +# Module: insights_client +# +# insights_client +# +insights_client = module + +# Layer: contrib +# Module: stalld +# +# stalld +# +stalld = module + +# Layer: contrib +# Module: rhcd +# +# rhcd +# +rhcd = module + +# Layer: contrib +# Module: wireguard +# +# wireguard +# +wireguard = module + +# Layer: contrib +# Module: mptcpd +# +# mptcpd +# +mptcpd = module + +# Layer: contrib +# Module: rshim +# +# rshim +# +rshim = module + +# Layer: contrib +# Module: keyutils +# +# keyutils +# +keyutils = module + +# Layer: contrib +# Module: cifsutils +# +# cifsutils - Utilities for managing CIFS mounts +# +cifsutils = module + +# Layer: contrib +# Module: boothd +# +# boothd - Booth cluster ticket manager +# +boothd = module + +# Layer: contrib +# Module: kafs +# +# kafs - Tools for kAFS +# +kafs = module + +# Layer: contrib +# Module: bootupd +# +# bootupd - bootloader update daemon +# +bootupd = module + +# Layer: contrib +# Module: fdo +# +# fdo - fido device onboard protocol for IoT devices +# +fdo = module + +# Layer: contrib +# Module: qatlib +# +# qatlib - Intel QuickAssist technology library and resources management +# +qatlib = module + +# Layer: services +# Module: virt_supplementary +# +# non-libvirt virtualization libraries +# +virt_supplementary = module + +# Layer: contrib +# Module: nvme_stas +# +# nvme_stas +# +nvme_stas = module + +# Layer: contrib +# Module: coreos_installer +# +# coreos_installer +# +coreos_installer = module + +# Layer: contrib +# Module: afterburn +# +# afterburn +# +afterburn = module + +# Layer: contrib +# Module: sap +# +# sap +# +sap = module diff --git a/selinux-policy.spec b/selinux-policy.spec index a848eb0b..f0ff5917 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -21,18 +21,16 @@ Version: 40.13.13 Release: 1%{?dist} License: GPL-2.0-or-later Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz -Source1: modules-targeted-base.conf -Source31: modules-targeted-contrib.conf +Source1: modules-targeted.conf Source2: booleans-targeted.conf Source3: Makefile.devel Source4: setrans-targeted.conf -Source5: modules-mls-base.conf -Source32: modules-mls-contrib.conf +Source5: modules-mls.conf Source6: booleans-mls.conf Source8: setrans-mls.conf Source14: securetty_types-targeted Source15: securetty_types-mls -#Source16: modules-minimum.conf +Source16: modules-minimum.lst Source17: booleans-minimum.conf Source18: setrans-minimum.conf Source19: securetty_types-minimum @@ -182,12 +180,7 @@ cp -f selinux_config/users-%1 ./policy/users \ #cp -f selinux_config/modules-%1-base.conf ./policy/modules.conf \ %define makeModulesConf() \ -cp -f selinux_config/modules-%1-%2.conf ./policy/modules-base.conf \ -cp -f selinux_config/modules-%1-%2.conf ./policy/modules.conf \ -if [ %3 == "contrib" ];then \ - cp selinux_config/modules-%1-%3.conf ./policy/modules-contrib.conf; \ - cat selinux_config/modules-%1-%3.conf >> ./policy/modules.conf; \ -fi; \ +cp -f selinux_config/modules-%1.conf ./policy/modules.conf %define installCmds() \ %make_build %common_params UNK_PERMS=%3 NAME=%1 TYPE=%2 base.pp \ @@ -263,8 +256,7 @@ rm -f %{buildroot}%{_sharedstatedir}/selinux/%1/active/*.linked \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/staff_u \ %dir %{_datadir}/selinux/%1 \ %{_datadir}/selinux/%1/base.lst \ -%{_datadir}/selinux/%1/modules-base.lst \ -%{_datadir}/selinux/%1/modules-contrib.lst \ +%{_datadir}/selinux/%1/modules.lst \ %{_datadir}/selinux/%1/nonbasemodules.lst \ %dir %{_sharedstatedir}/selinux/%1 \ %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/commit_num \ @@ -337,16 +329,12 @@ else \ fi; %define modulesList() \ -awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "%%s ", $1 }' ./policy/modules-base.conf > %{buildroot}%{_datadir}/selinux/%1/modules-base.lst \ -awk '$1 !~ "/^#/" && $2 == "=" && $3 == "base" { printf "%%s ", $1 }' ./policy/modules-base.conf > %{buildroot}%{_datadir}/selinux/%1/base.lst \ -if [ -e ./policy/modules-contrib.conf ];then \ - awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "%%s ", $1 }' ./policy/modules-contrib.conf > %{buildroot}%{_datadir}/selinux/%1/modules-contrib.lst; \ -fi; +awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "%%s ", $1 }' ./policy/modules.conf > %{buildroot}%{_datadir}/selinux/%1/modules.lst \ +awk '$1 !~ "/^#/" && $2 == "=" && $3 == "base" { printf "%%s ", $1 }' ./policy/modules.conf > %{buildroot}%{_datadir}/selinux/%1/base.lst \ %define nonBaseModulesList() \ -contrib_modules=`cat %{buildroot}%{_datadir}/selinux/%1/modules-contrib.lst` \ -base_modules=`cat %{buildroot}%{_datadir}/selinux/%1/modules-base.lst` \ -for i in $contrib_modules $base_modules; do \ +modules=`cat %{buildroot}%{_datadir}/selinux/%1/modules.lst` \ +for i in $modules; do \ if [ $i != "sandbox" ];then \ echo "%verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/modules/100/$i" >> %{buildroot}%{_datadir}/selinux/%1/nonbasemodules.lst \ fi; \ @@ -419,7 +407,7 @@ end tar -C policy/modules/contrib -xf %{SOURCE35} mkdir selinux_config -for i in %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} %{SOURCE8} %{SOURCE14} %{SOURCE15} %{SOURCE17} %{SOURCE18} %{SOURCE19} %{SOURCE20} %{SOURCE22} %{SOURCE23} %{SOURCE25} %{SOURCE26} %{SOURCE31} %{SOURCE32};do +for i in %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} %{SOURCE8} %{SOURCE14} %{SOURCE15} %{SOURCE17} %{SOURCE18} %{SOURCE19} %{SOURCE20} %{SOURCE22} %{SOURCE23} %{SOURCE25} %{SOURCE26};do cp $i selinux_config done @@ -452,7 +440,7 @@ make clean %if %{with targeted} # Build targeted policy %makeCmds targeted mcs allow -%makeModulesConf targeted base contrib +%makeModulesConf targeted %installCmds targeted mcs allow # install permissivedomains.cil %{_sbindir}/semodule -p %{buildroot} -X 100 -s targeted -i %{SOURCE28} @@ -467,9 +455,10 @@ mv sandbox.pp %{buildroot}%{_datadir}/selinux/packages/sandbox.pp %if %{with minimum} # Build minimum policy %makeCmds minimum mcs allow -%makeModulesConf targeted base contrib +%makeModulesConf targeted %installCmds minimum mcs allow rm -rf %{buildroot}%{_sharedstatedir}/selinux/minimum/active/modules/100/sandbox +install -m 644 %{SOURCE16} %{buildroot}%{_datadir}/selinux/minimum/modules-enabled.lst %modulesList minimum %nonBaseModulesList minimum %endif @@ -477,7 +466,7 @@ rm -rf %{buildroot}%{_sharedstatedir}/selinux/minimum/active/modules/100/sandbox %if %{with mls} # Build mls policy %makeCmds mls mls deny -%makeModulesConf mls base contrib +%makeModulesConf mls %installCmds mls mls deny %modulesList mls %nonBaseModulesList mls @@ -697,16 +686,17 @@ fi %post minimum %checkConfigConsistency minimum -contribpackages=`cat %{_datadir}/selinux/minimum/modules-contrib.lst` -basepackages=`cat %{_datadir}/selinux/minimum/modules-base.lst` +modules=`cat %{_datadir}/selinux/minimum/modules.lst` +basemodules=`cat %{_datadir}/selinux/minimum/base.lst` +enabledmodules=`cat %{_datadir}/selinux/minimum/modules-enabled.lst` if [ ! -d %{_sharedstatedir}/selinux/minimum/active/modules/disabled ]; then mkdir %{_sharedstatedir}/selinux/minimum/active/modules/disabled fi if [ $1 -eq 1 ]; then -for p in $contribpackages; do +for p in $modules; do touch %{_sharedstatedir}/selinux/minimum/active/modules/disabled/$p done -for p in $basepackages apache dbus inetd kerberos mta nis; do +for p in $basemodules $enabledmodules; do rm -f %{_sharedstatedir}/selinux/minimum/active/modules/disabled/$p done %{_sbindir}/semanage import -S minimum -f - << __eof @@ -717,7 +707,7 @@ __eof %{_sbindir}/semodule -B -s minimum 2> /dev/null else instpackages=`cat %{_datadir}/selinux/minimum/instmodules.lst` -for p in $contribpackages; do +for p in $packages; do touch %{_sharedstatedir}/selinux/minimum/active/modules/disabled/$p done for p in $instpackages apache dbus inetd kerberos mta nis; do @@ -774,6 +764,7 @@ exit 0 %config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/unconfined_u %config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/sysadm_u %fileList minimum +%{_datadir}/selinux/minimum/modules-enabled.lst %endif %if %{with mls}