rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

trunk: whitespace fixes in xml blocks.

Browse Source
This commit is contained in:
Chris PeBenito 2008-12-03 19:16:20 +00:00
parent 6073ea1e13
commit ff8f0a63f4
38 changed files with 336 additions and 336 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
policy/modules/apps/awstats.if
View File

@ -5,12 +5,12 @@
########################################
## <summary>
## Read and write awstats unnamed pipes.
## Read and write awstats unnamed pipes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`awstats_rw_pipes',`
@ -23,12 +23,12 @@ interface(`awstats_rw_pipes',`
########################################
## <summary>
## Execute awstats cgi scripts in the caller domain.
## Execute awstats cgi scripts in the caller domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`awstats_cgi_exec',`

8
policy/modules/apps/gpg.if
View File

@ -53,11 +53,11 @@ interface(`gpg_role',`
########################################
## <summary>
## Transition to a user gpg domain.
## Transition to a user gpg domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
#
@ -71,11 +71,11 @@ interface(`gpg_domtrans',`
########################################
## <summary>
## Send generic signals to user gpg processes.
## Send generic signals to user gpg processes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
#

8
policy/modules/apps/userhelper.if
View File

@ -176,7 +176,7 @@ template(`userhelper_role_template',`
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
#
@ -195,7 +195,7 @@ interface(`userhelper_search_config',`
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## Domain to not audit.
## </summary>
## </param>
#
@ -213,7 +213,7 @@ interface(`userhelper_dontaudit_search_config',`
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
#
@ -231,7 +231,7 @@ interface(`userhelper_use_fd',`
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
#

40
policy/modules/kernel/corecommands.if
View File

@ -410,35 +410,35 @@ interface(`corecmd_bin_spec_domtrans',`
########################################
## <summary>
## Execute a file in a bin directory
## in the specified domain.
## Execute a file in a bin directory
## in the specified domain.
## </summary>
## <desc>
## <p>
## Execute a file in a bin directory
## in the specified domain. This allows
## the specified domain to execute any file
## on these filesystems in the specified
## domain. This is not suggested.
## </p>
## <p>
## No interprocess communication (signals, pipes,
## etc.) is provided by this interface since
## the domains are not owned by this module.
## </p>
## <p>
## This interface was added to handle
## the ssh-agent policy.
## </p>
## <p>
## Execute a file in a bin directory
## in the specified domain. This allows
## the specified domain to execute any file
## on these filesystems in the specified
## domain. This is not suggested.
## </p>
## <p>
## No interprocess communication (signals, pipes,
## etc.) is provided by this interface since
## the domains are not owned by this module.
## </p>
## <p>
## This interface was added to handle
## the ssh-agent policy.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
## <param name="target_domain">
## <summary>
## The type of the new process.
## The type of the new process.
## </summary>
## </param>
#

72
policy/modules/kernel/corenetwork.if.in
View File

@ -1467,11 +1467,11 @@ interface(`corenet_udp_bind_all_unreserved_ports',`
########################################
## <summary>
## Connect TCP sockets to reserved ports.
## Connect TCP sockets to reserved ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## The type of the process performing this action.
## </summary>
## </param>
#
@ -1504,11 +1504,11 @@ interface(`corenet_dontaudit_tcp_connect_all_reserved_ports',`
########################################
## <summary>
## Connect TCP sockets to rpc ports.
## Connect TCP sockets to rpc ports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## The type of the process performing this action.
## </summary>
## </param>
#
@ -1709,7 +1709,7 @@ interface(`corenet_dontaudit_non_ipsec_sendrecv',`
########################################
## <summary>
## Receive TCP packets from a NetLabel connection.
## Receive TCP packets from a NetLabel connection.
## </summary>
## <param name="domain">
## <summary>
@ -1724,7 +1724,7 @@ interface(`corenet_tcp_recv_netlabel',`
########################################
## <summary>
## Receive TCP packets from a NetLabel connection.
## Receive TCP packets from a NetLabel connection.
## </summary>
## <param name="domain">
## <summary>
@ -1743,7 +1743,7 @@ interface(`corenet_tcp_recvfrom_netlabel',`
########################################
## <summary>
## Receive TCP packets from an unlabled connection.
## Receive TCP packets from an unlabled connection.
## </summary>
## <param name="domain">
## <summary>
@ -1763,8 +1763,8 @@ interface(`corenet_tcp_recvfrom_unlabeled',`
########################################
## <summary>
## Do not audit attempts to receive TCP packets from a NetLabel
## connection.
## Do not audit attempts to receive TCP packets from a NetLabel
## connection.
## </summary>
## <param name="domain">
## <summary>
@ -1779,8 +1779,8 @@ interface(`corenet_dontaudit_tcp_recv_netlabel',`
########################################
## <summary>
## Do not audit attempts to receive TCP packets from a NetLabel
## connection.
## Do not audit attempts to receive TCP packets from a NetLabel
## connection.
## </summary>
## <param name="domain">
## <summary>
@ -1799,8 +1799,8 @@ interface(`corenet_dontaudit_tcp_recvfrom_netlabel',`
########################################
## <summary>
## Do not audit attempts to receive TCP packets from an unlabeled
## connection.
## Do not audit attempts to receive TCP packets from an unlabeled
## connection.
## </summary>
## <param name="domain">
## <summary>
@ -1820,7 +1820,7 @@ interface(`corenet_dontaudit_tcp_recvfrom_unlabeled',`
########################################
## <summary>
## Receive UDP packets from a NetLabel connection.
## Receive UDP packets from a NetLabel connection.
## </summary>
## <param name="domain">
## <summary>
@ -1835,7 +1835,7 @@ interface(`corenet_udp_recv_netlabel',`
########################################
## <summary>
## Receive UDP packets from a NetLabel connection.
## Receive UDP packets from a NetLabel connection.
## </summary>
## <param name="domain">
## <summary>
@ -1854,7 +1854,7 @@ interface(`corenet_udp_recvfrom_netlabel',`
########################################
## <summary>
## Receive UDP packets from an unlabeled connection.
## Receive UDP packets from an unlabeled connection.
## </summary>
## <param name="domain">
## <summary>
@ -1874,8 +1874,8 @@ interface(`corenet_udp_recvfrom_unlabeled',`
########################################
## <summary>
## Do not audit attempts to receive UDP packets from a NetLabel
## connection.
## Do not audit attempts to receive UDP packets from a NetLabel
## connection.
## </summary>
## <param name="domain">
## <summary>
@ -1890,8 +1890,8 @@ interface(`corenet_dontaudit_udp_recv_netlabel',`
########################################
## <summary>
## Do not audit attempts to receive UDP packets from a NetLabel
## connection.
## Do not audit attempts to receive UDP packets from a NetLabel
## connection.
## </summary>
## <param name="domain">
## <summary>
@ -1910,8 +1910,8 @@ interface(`corenet_dontaudit_udp_recvfrom_netlabel',`
########################################
## <summary>
## Do not audit attempts to receive UDP packets from an unlabeled
## connection.
## Do not audit attempts to receive UDP packets from an unlabeled
## connection.
## </summary>
## <param name="domain">
## <summary>
@ -1931,7 +1931,7 @@ interface(`corenet_dontaudit_udp_recvfrom_unlabeled',`
########################################
## <summary>
## Receive Raw IP packets from a NetLabel connection.
## Receive Raw IP packets from a NetLabel connection.
## </summary>
## <param name="domain">
## <summary>
@ -1946,7 +1946,7 @@ interface(`corenet_raw_recv_netlabel',`
########################################
## <summary>
## Receive Raw IP packets from a NetLabel connection.
## Receive Raw IP packets from a NetLabel connection.
## </summary>
## <param name="domain">
## <summary>
@ -1965,7 +1965,7 @@ interface(`corenet_raw_recvfrom_netlabel',`
########################################
## <summary>
## Receive Raw IP packets from an unlabeled connection.
## Receive Raw IP packets from an unlabeled connection.
## </summary>
## <param name="domain">
## <summary>
@ -1985,8 +1985,8 @@ interface(`corenet_raw_recvfrom_unlabeled',`
########################################
## <summary>
## Do not audit attempts to receive Raw IP packets from a NetLabel
## connection.
## Do not audit attempts to receive Raw IP packets from a NetLabel
## connection.
## </summary>
## <param name="domain">
## <summary>
@ -2001,8 +2001,8 @@ interface(`corenet_dontaudit_raw_recv_netlabel',`
########################################
## <summary>
## Do not audit attempts to receive Raw IP packets from a NetLabel
## connection.
## Do not audit attempts to receive Raw IP packets from a NetLabel
## connection.
## </summary>
## <param name="domain">
## <summary>
@ -2021,8 +2021,8 @@ interface(`corenet_dontaudit_raw_recvfrom_netlabel',`
########################################
## <summary>
## Do not audit attempts to receive Raw IP packets from an unlabeled
## connection.
## Do not audit attempts to receive Raw IP packets from an unlabeled
## connection.
## </summary>
## <param name="domain">
## <summary>
@ -2042,7 +2042,7 @@ interface(`corenet_dontaudit_raw_recvfrom_unlabeled',`
########################################
## <summary>
## Receive packets from an unlabeled connection.
## Receive packets from an unlabeled connection.
## </summary>
## <param name="domain">
## <summary>
@ -2064,7 +2064,7 @@ interface(`corenet_all_recvfrom_unlabeled',`
########################################
## <summary>
## Receive packets from a NetLabel connection.
## Receive packets from a NetLabel connection.
## </summary>
## <param name="domain">
## <summary>
@ -2083,7 +2083,7 @@ interface(`corenet_all_recvfrom_netlabel',`
########################################
## <summary>
## Do not audit attempts to receive packets from an unlabeled connection.
## Do not audit attempts to receive packets from an unlabeled connection.
## </summary>
## <param name="domain">
## <summary>
@ -2105,8 +2105,8 @@ interface(`corenet_dontaudit_all_recvfrom_unlabeled',`
########################################
## <summary>
## Do not audit attempts to receive packets from a NetLabel
## connection.
## Do not audit attempts to receive packets from a NetLabel
## connection.
## </summary>
## <param name="domain">
## <summary>

4
policy/modules/kernel/devices.if
View File

@ -1842,11 +1842,11 @@ interface(`dev_read_mouse',`
########################################
## <summary>
## Read and write to mouse devices.
## Read and write to mouse devices.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
#

8
policy/modules/kernel/domain.if
View File

@ -1221,7 +1221,7 @@ interface(`domain_mmap_all_entry_files',`
## </param>
## <param name="target_domain">
## <summary>
## The type of the new process.
## The type of the new process.
## </summary>
## </param>
#
@ -1237,9 +1237,9 @@ interface(`domain_entry_file_spec_domtrans',`
########################################
## <summary>
## Ability to mmap a low area of the address space,
## as configured by /proc/sys/kernel/mmap_min_addr.
## Preventing such mappings helps protect against
## exploiting null deref bugs in the kernel.
## as configured by /proc/sys/kernel/mmap_min_addr.
## Preventing such mappings helps protect against
## exploiting null deref bugs in the kernel.
## </summary>
## <param name="domain">
## <summary>

8
policy/modules/kernel/files.if
View File

@ -1544,12 +1544,12 @@ interface(`files_manage_boot_symlinks',`
########################################
## <summary>
## Read kernel files in the /boot directory.
## Read kernel files in the /boot directory.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`files_read_kernel_img',`

18
policy/modules/kernel/filesystem.if
View File

@ -1250,12 +1250,12 @@ interface(`fs_read_eventpollfs',`
########################################
## <summary>
## Mount a FUSE filesystem.
## Mount a FUSE filesystem.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`fs_mount_fusefs',`
@ -1268,12 +1268,12 @@ interface(`fs_mount_fusefs',`
########################################
## <summary>
## Unmount a FUSE filesystem.
## Unmount a FUSE filesystem.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`fs_unmount_fusefs',`
@ -1722,7 +1722,7 @@ interface(`fs_read_nfs_named_sockets',`
#########################################
## <summary>
## Read named pipes on a NFS network filesystem.
## Read named pipes on a NFS network filesystem.
## </summary>
## <param name="domain">
## <summary>

48
policy/modules/kernel/kernel.if
View File

@ -2297,12 +2297,12 @@ interface(`kernel_dontaudit_sendrecv_unlabeled_association',`
########################################
## <summary>
## Receive TCP packets from an unlabeled connection.
## Receive TCP packets from an unlabeled connection.
## </summary>
## <desc>
## <p>
## Receive TCP packets from an unlabeled connection.
## </p>
## Receive TCP packets from an unlabeled connection.
## </p>
## <p>
## The corenetwork interface corenet_tcp_recv_unlabeled() should
## be used instead of this one.
@ -2324,14 +2324,14 @@ interface(`kernel_tcp_recvfrom_unlabeled',`
########################################
## <summary>
## Do not audit attempts to receive TCP packets from an unlabeled
## Do not audit attempts to receive TCP packets from an unlabeled
## connection.
## </summary>
## <desc>
## <p>
## Do not audit attempts to receive TCP packets from an unlabeled
## Do not audit attempts to receive TCP packets from an unlabeled
## connection.
## </p>
## </p>
## <p>
## The corenetwork interface corenet_dontaudit_tcp_recv_unlabeled()
## should be used instead of this one.
@ -2353,12 +2353,12 @@ interface(`kernel_dontaudit_tcp_recvfrom_unlabeled',`
########################################
## <summary>
## Receive UDP packets from an unlabeled connection.
## Receive UDP packets from an unlabeled connection.
## </summary>
## <desc>
## <p>
## Receive UDP packets from an unlabeled connection.
## </p>
## Receive UDP packets from an unlabeled connection.
## </p>
## <p>
## The corenetwork interface corenet_udp_recv_unlabeled() should
## be used instead of this one.
@ -2380,14 +2380,14 @@ interface(`kernel_udp_recvfrom_unlabeled',`
########################################
## <summary>
## Do not audit attempts to receive UDP packets from an unlabeled
## Do not audit attempts to receive UDP packets from an unlabeled
## connection.
## </summary>
## <desc>
## <p>
## Do not audit attempts to receive UDP packets from an unlabeled
## Do not audit attempts to receive UDP packets from an unlabeled
## connection.
## </p>
## </p>
## <p>
## The corenetwork interface corenet_dontaudit_udp_recv_unlabeled()
## should be used instead of this one.
@ -2409,12 +2409,12 @@ interface(`kernel_dontaudit_udp_recvfrom_unlabeled',`
########################################
## <summary>
## Receive Raw IP packets from an unlabeled connection.
## Receive Raw IP packets from an unlabeled connection.
## </summary>
## <desc>
## <p>
## Receive Raw IP packets from an unlabeled connection.
## </p>
## Receive Raw IP packets from an unlabeled connection.
## </p>
## <p>
## The corenetwork interface corenet_raw_recv_unlabeled() should
## be used instead of this one.
@ -2436,14 +2436,14 @@ interface(`kernel_raw_recvfrom_unlabeled',`
########################################
## <summary>
## Do not audit attempts to receive Raw IP packets from an unlabeled
## Do not audit attempts to receive Raw IP packets from an unlabeled
## connection.
## </summary>
## <desc>
## <p>
## Do not audit attempts to receive Raw IP packets from an unlabeled
## Do not audit attempts to receive Raw IP packets from an unlabeled
## connection.
## </p>
## </p>
## <p>
## The corenetwork interface corenet_dontaudit_raw_recv_unlabeled()
## should be used instead of this one.
@ -2500,7 +2500,7 @@ interface(`kernel_sendrecv_unlabeled_packets',`
## <desc>
## <p>
## Receive packets from an unlabeled peer, these packets do not have any
## peer labeling information present.
## peer labeling information present.
## </p>
## <p>
## The corenetwork interface corenet_recvfrom_unlabeled_peer() should
@ -2528,7 +2528,7 @@ interface(`kernel_recvfrom_unlabeled_peer',`
## <desc>
## <p>
## Do not audit attempts to receive packets from an unlabeled peer,
## these packets do not have any peer labeling information present.
## these packets do not have any peer labeling information present.
## </p>
## <p>
## The corenetwork interface corenet_dontaudit_*_recvfrom_unlabeled()
@ -2551,12 +2551,12 @@ interface(`kernel_dontaudit_recvfrom_unlabeled_peer',`
########################################
## <summary>
## Relabel from unlabeled database objects.
## Relabel from unlabeled database objects.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`kernel_relabelfrom_unlabeled_database',`

2
policy/modules/kernel/kernel.te
View File

@ -304,7 +304,7 @@ optional_policy(`
')
optional_policy(`
# nfs kernel server needs kernel UDP access. It is less risky and painful
# nfs kernel server needs kernel UDP access. It is less risky and painful
# to just give it everything.
allow kernel_t self:tcp_socket create_stream_socket_perms;
allow kernel_t self:udp_socket create_socket_perms;

60
policy/modules/kernel/mls.if
View File

@ -822,13 +822,13 @@ interface(`mls_context_translate_all_levels',`
########################################
## <summary>
## Make specified domain MLS trusted
## for reading from databases at any level.
## Make specified domain MLS trusted
## for reading from databases at any level.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
@ -842,13 +842,13 @@ interface(`mls_db_read_all_levels',`
########################################
## <summary>
## Make specified domain MLS trusted
## for writing to databases at any level.
## Make specified domain MLS trusted
## for writing to databases at any level.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
@ -862,13 +862,13 @@ interface(`mls_db_write_all_levels',`
########################################
## <summary>
## Make specified domain MLS trusted
## for raising the level of databases.
## Make specified domain MLS trusted
## for raising the level of databases.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
@ -882,13 +882,13 @@ interface(`mls_db_upgrade',`
########################################
## <summary>
## Make specified domain MLS trusted
## for lowering the level of databases.
## Make specified domain MLS trusted
## for lowering the level of databases.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
@ -901,14 +901,14 @@ interface(`mls_db_downgrade',`
')
########################################
## <summary>
## Make specified domain MLS trusted
## for sending dbus messages to
## Make specified domain MLS trusted
## for sending dbus messages to
## all levels.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
@ -922,14 +922,14 @@ interface(`mls_dbus_send_all_levels',`
########################################
## <summary>
## Make specified domain MLS trusted
## for receiving dbus messages from
## Make specified domain MLS trusted
## for receiving dbus messages from
## all levels.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#

14
policy/modules/kernel/storage.if
View File

@ -172,15 +172,15 @@ interface(`storage_dontaudit_write_fixed_disk',`
########################################
## <summary>
## Allow the caller to directly read and write to a fixed disk.
## This is extremly dangerous as it can bypass the
## SELinux protections for filesystem objects, and
## should only be used by trusted domains.
## Allow the caller to directly read and write to a fixed disk.
## This is extremly dangerous as it can bypass the
## SELinux protections for filesystem objects, and
## should only be used by trusted domains.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`storage_raw_rw_fixed_disk',`

8
policy/modules/services/aide.if
View File

@ -2,12 +2,12 @@
########################################
## <summary>
## Execute aide in the aide domain
## Execute aide in the aide domain
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`aide_domtrans',`

2
policy/modules/services/bind.te
View File

@ -174,7 +174,7 @@ optional_policy(`
optional_policy(`
# this seems like fds that arent being
# closed. these should probably be
# closed. these should probably be
# dontaudits instead.
networkmanager_rw_udp_sockets(named_t)
networkmanager_rw_packet_sockets(named_t)

8
policy/modules/services/bitlbee.if
View File

@ -2,12 +2,12 @@
########################################
## <summary>
## Read bitlbee configuration files
## Read bitlbee configuration files
## </summary>
## <param name="domain">
## <summary>
## Domain allowed accesss.
## </summary>
## <summary>
## Domain allowed accesss.
## </summary>
## </param>
#
interface(`bitlbee_read_config',`

8
policy/modules/services/clockspeed.if
View File

@ -2,12 +2,12 @@
########################################
## <summary>
## Execute clockspeed utilities in the clockspeed_cli domain.
## Execute clockspeed utilities in the clockspeed_cli domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`clockspeed_domtrans_cli',`

2
policy/modules/services/cyrus.if
View File

@ -7,7 +7,7 @@
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
#

4
policy/modules/services/djbdns.if
View File

@ -2,12 +2,12 @@
########################################
## <summary>
## Create a set of derived types for djbdns
## Create a set of derived types for djbdns
## components that are directly supervised by daemontools.
## </summary>
## <param name="prefix">
## <summary>
## The prefix to be used for deriving type names.
## The prefix to be used for deriving type names.
## </summary>
## </param>
#

8
policy/modules/services/dovecot.if
View File

@ -21,12 +21,12 @@ interface(`dovecot_manage_spool',`
########################################
## <summary>
## Do not audit attempts to delete dovecot lib files.
## Do not audit attempts to delete dovecot lib files.
## </summary>
## <param name="domain">
## <summary>
## Domain to not audit.
## </summary>
## <summary>
## Domain to not audit.
## </summary>
## </param>
#
interface(`dovecot_dontaudit_unlink_lib_files',`

24
policy/modules/services/ftp.if
View File

@ -2,11 +2,11 @@
########################################
## <summary>
## Use ftp by connecting over TCP. (Deprecated)
## Use ftp by connecting over TCP. (Deprecated)
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
#
@ -16,11 +16,11 @@ interface(`ftp_tcp_connect',`
########################################
## <summary>
## Read ftpd etc files
## Read ftpd etc files
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
#
@ -35,11 +35,11 @@ interface(`ftp_read_config',`
########################################
## <summary>
## Execute FTP daemon entry point programs.
## Execute FTP daemon entry point programs.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
#
@ -54,11 +54,11 @@ interface(`ftp_check_exec',`
########################################
## <summary>
## Read FTP transfer logs
## Read FTP transfer logs
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
#
@ -73,12 +73,12 @@ interface(`ftp_read_log',`
########################################
## <summary>
## Execute the ftpdctl program in the ftpdctl domain.
## Execute the ftpdctl program in the ftpdctl domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`ftp_domtrans_ftpdctl',`

4
policy/modules/services/lpd.if
View File

@ -177,11 +177,11 @@ interface(`lpd_read_config',`
########################################
## <summary>
## Transition to a user lpr domain.
## Transition to a user lpr domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
#

14
policy/modules/services/mta.if
View File

@ -374,14 +374,14 @@ interface(`mta_send_mail',`
## Execute send mail in a specified domain.
## </summary>
## <desc>
## <p>
## <p>
## Execute send mail in a specified domain.
## </p>
## <p>
## No interprocess communication (signals, pipes,
## etc.) is provided by this interface since
## the domains are not owned by this module.
## </p>
## </p>
## <p>
## No interprocess communication (signals, pipes,
## etc.) is provided by this interface since
## the domains are not owned by this module.
## </p>
## </desc>
## <param name="source_domain">
## <summary>

2
policy/modules/services/nscd.if
View File

@ -108,7 +108,7 @@ interface(`nscd_shm_use',`
allow $1 nscd_t:fd use;
# cjp: these were originally inherited from the
# nscd_socket_domain macro. need to investigate
# nscd_socket_domain macro. need to investigate
# if they are all actually required
allow $1 self:unix_stream_socket create_stream_socket_perms;
allow $1 nscd_t:unix_stream_socket connectto;

76
policy/modules/services/postgresql.if
View File

@ -2,17 +2,17 @@
#######################################
## <summary>
## Role access for SE-PostgreSQL.
## Role access for SE-PostgreSQL.
## </summary>
## <param name="user_role">
## <summary>
## The role associated with the user domain.
## </summary>
## <summary>
## The role associated with the user domain.
## </summary>
## </param>
## <param name="user_domain">
## <summary>
## The type of the user domain.
## </summary>
## The type of the user domain.
## </summary>
## </param>
#
interface(`postgresql_role',`
@ -72,12 +72,12 @@ interface(`postgresql_role',`
########################################
## <summary>
## Marks as a SE-PostgreSQL loadable shared library module
## Marks as a SE-PostgreSQL loadable shared library module
## </summary>
## <param name="type">
## <summary>
## Type marked as a database object type.
## </summary>
## <summary>
## Type marked as a database object type.
## </summary>
## </param>
#
interface(`postgresql_loadable_module',`
@ -90,12 +90,12 @@ interface(`postgresql_loadable_module',`
########################################
## <summary>
## Marks as a SE-PostgreSQL database object type
## Marks as a SE-PostgreSQL database object type
## </summary>
## <param name="type">
## <summary>
## Type marked as a database object type.
## </summary>
## <summary>
## Type marked as a database object type.
## </summary>
## </param>
#
interface(`postgresql_database_object',`
@ -108,12 +108,12 @@ interface(`postgresql_database_object',`
########################################
## <summary>
## Marks as a SE-PostgreSQL table/column/tuple object type
## Marks as a SE-PostgreSQL table/column/tuple object type
## </summary>
## <param name="type">
## <summary>
## Type marked as a table/column/tuple object type.
## </summary>
## <summary>
## Type marked as a table/column/tuple object type.
## </summary>
## </param>
#
interface(`postgresql_table_object',`
@ -126,12 +126,12 @@ interface(`postgresql_table_object',`
########################################
## <summary>
## Marks as a SE-PostgreSQL system table/column/tuple object type
## Marks as a SE-PostgreSQL system table/column/tuple object type
## </summary>
## <param name="type">
## <summary>
## Type marked as a table/column/tuple object type.
## </summary>
## <summary>
## Type marked as a table/column/tuple object type.
## </summary>
## </param>
#
interface(`postgresql_system_table_object',`
@ -145,12 +145,12 @@ interface(`postgresql_system_table_object',`
########################################
## <summary>
## Marks as a SE-PostgreSQL procedure object type
## Marks as a SE-PostgreSQL procedure object type
## </summary>
## <param name="type">
## <summary>
## Type marked as a database object type.
## </summary>
## <summary>
## Type marked as a database object type.
## </summary>
## </param>
#
interface(`postgresql_procedure_object',`
@ -163,12 +163,12 @@ interface(`postgresql_procedure_object',`
########################################
## <summary>
## Marks as a SE-PostgreSQL binary large object type
## Marks as a SE-PostgreSQL binary large object type
## </summary>
## <param name="type">
## <summary>
## Type marked as a database binary large object type.
## </summary>
## <summary>
## Type marked as a database binary large object type.
## </summary>
## </param>
#
interface(`postgresql_blob_object',`
@ -302,13 +302,13 @@ interface(`postgresql_stream_connect',`
########################################
## <summary>
## Allow the specified domain unprivileged accesses to unifined database objects
## Allow the specified domain unprivileged accesses to unifined database objects
## managed by SE-PostgreSQL,
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`postgresql_unpriv_client',`
@ -335,13 +335,13 @@ interface(`postgresql_unpriv_client',`
########################################
## <summary>
## Allow the specified domain unconfined accesses to any database objects
## Allow the specified domain unconfined accesses to any database objects
## managed by SE-PostgreSQL,
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`postgresql_unconfined',`

16
policy/modules/services/postgrey.if
View File

@ -2,12 +2,12 @@
########################################
## <summary>
## Write to postgrey socket
## Write to postgrey socket
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to talk to postgrey
## </summary>
## <summary>
## Domain allowed to talk to postgrey
## </summary>
## </param>
#
interface(`postgrey_stream_connect',`
@ -22,12 +22,12 @@ interface(`postgrey_stream_connect',`
########################################
## <summary>
## Search the spool directory
## Search the spool directory
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access
## </summary>
## <summary>
## Domain allowed access
## </summary>
## </param>
#
interface(`postgrey_search_spool',`

42
policy/modules/services/rpc.if
View File

@ -118,11 +118,11 @@ template(`rpc_domain_template', `
########################################
## <summary>
## Send UDP network traffic to rpc and recieve UDP traffic from rpc. (Deprecated)
## Send UDP network traffic to rpc and recieve UDP traffic from rpc. (Deprecated)
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## The type of the process performing this action.
## </summary>
## </param>
#
@ -132,12 +132,12 @@ interface(`rpc_udp_send',`
########################################
## <summary>
## Do not audit attempts to get the attributes
## Do not audit attempts to get the attributes
## of the NFS export file.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## The type of the process performing this action.
## </summary>
## </param>
#
@ -151,11 +151,11 @@ interface(`rpc_dontaudit_getattr_exports',`
########################################
## <summary>
## Allow read access to exports.
## Allow read access to exports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## The type of the process performing this action.
## </summary>
## </param>
#
@ -169,11 +169,11 @@ interface(`rpc_read_exports',`
########################################
## <summary>
## Allow write access to exports.
## Allow write access to exports.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## The type of the process performing this action.
## </summary>
## </param>
#
@ -187,11 +187,11 @@ interface(`rpc_write_exports',`
########################################
## <summary>
## Execute domain in nfsd domain.
## Execute domain in nfsd domain.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## The type of the process performing this action.
## </summary>
## </param>
#
@ -205,11 +205,11 @@ interface(`rpc_domtrans_nfsd',`
########################################
## <summary>
## Read NFS exported content.
## Read NFS exported content.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
@ -226,11 +226,11 @@ interface(`rpc_read_nfs_content',`
########################################
## <summary>
## Allow domain to create read and write NFS directories.
## Allow domain to create read and write NFS directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
@ -247,11 +247,11 @@ interface(`rpc_manage_nfs_rw_content',`
########################################
## <summary>
## Allow domain to create read and write NFS directories.
## Allow domain to create read and write NFS directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
@ -268,11 +268,11 @@ interface(`rpc_manage_nfs_ro_content',`
########################################
## <summary>
## Allow domain to read and write to an NFS UDP socket.
## Allow domain to read and write to an NFS UDP socket.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
#
@ -290,7 +290,7 @@ interface(`rpc_udp_rw_nfs_sockets',`
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
#
@ -304,7 +304,7 @@ interface(`rpc_udp_send_nfs',`
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
#
@ -323,7 +323,7 @@ interface(`rpc_search_nfs_state_data',`
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
#

28
policy/modules/services/rsync.if
View File

@ -24,14 +24,14 @@ interface(`rsync_entry_type',`
## Execute a rsync in a specified domain.
## </summary>
## <desc>
## <p>
## <p>
## Execute a rsync in a specified domain.
## </p>
## <p>
## No interprocess communication (signals, pipes,
## etc.) is provided by this interface since
## the domains are not owned by this module.
## </p>
## </p>
## <p>
## No interprocess communication (signals, pipes,
## etc.) is provided by this interface since
## the domains are not owned by this module.
## </p>
## </desc>
## <param name="source_domain">
## <summary>
@ -57,14 +57,14 @@ interface(`rsync_entry_spec_domtrans',`
## Execute a rsync in a specified domain.
## </summary>
## <desc>
## <p>
## <p>
## Execute a rsync in a specified domain.
## </p>
## <p>
## No interprocess communication (signals, pipes,
## etc.) is provided by this interface since
## the domains are not owned by this module.
## </p>
## </p>
## <p>
## No interprocess communication (signals, pipes,
## etc.) is provided by this interface since
## the domains are not owned by this module.
## </p>
## </desc>
## <param name="source_domain">
## <summary>

20
policy/modules/services/spamassassin.if
View File

@ -63,9 +63,9 @@ interface(`spamassassin_exec',`
## Singnal the spam assassin daemon
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`spamassassin_signal_spamd',`
@ -97,7 +97,7 @@ interface(`spamassassin_exec_spamd',`
########################################
## <summary>
## Execute spamassassin client in the spamassassin client domain.
## Execute spamassassin client in the spamassassin client domain.
## </summary>
## <param name="domain">
## <summary>
@ -191,12 +191,12 @@ interface(`spamassassin_manage_lib_files',`
########################################
## <summary>
## Read temporary spamd file.
## Read temporary spamd file.
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## </summary>
## <summary>
## The type of the process performing this action.
## </summary>
## </param>
#
interface(`spamassassin_read_spamd_tmp_files',`
@ -213,9 +213,9 @@ interface(`spamassassin_read_spamd_tmp_files',`
## spamd sockets/
## </summary>
## <param name="domain">
## <summary>
## <summary>
## Domain to not audit.
## </summary>
## </summary>
## </param>
#
interface(`spamassassin_dontaudit_getattr_spamd_tmp_sockets',`

6
policy/modules/services/ucspitcp.if
View File

@ -7,16 +7,16 @@
########################################
## <summary>
## Define a specified domain as a ucspitcp service.
## Define a specified domain as a ucspitcp service.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
## <param name="entrypoint">
## <summary>
## The type associated with the process program.
## The type associated with the process program.
## </summary>
## </param>
#

8
policy/modules/services/xserver.if
View File

@ -761,12 +761,12 @@ interface(`xserver_read_xdm_pid',`
########################################
## <summary>
## Read XDM var lib files.
## Read XDM var lib files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`xserver_read_xdm_lib_files',`

26
policy/modules/system/daemontools.if
View File

@ -28,16 +28,16 @@ interface(`daemontools_ipc_domain',`
########################################
## <summary>
## Define a specified domain as a supervised service.
## Define a specified domain as a supervised service.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
## <param name="entrypoint">
## <summary>
## The type associated with the process program.
## The type associated with the process program.
## </summary>
## </param>
#
@ -55,11 +55,11 @@ interface(`daemontools_service_domain',`
########################################
## <summary>
## Execute in the svc_start_t domain.
## Execute in the svc_start_t domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
#
@ -73,11 +73,11 @@ interface(`daemontools_domtrans_start',`
########################################
## <summary>
## Execute in the svc_run_t domain.
## Execute in the svc_run_t domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
#
@ -91,11 +91,11 @@ interface(`daemontools_domtrans_run',`
########################################
## <summary>
## Execute in the svc_multilog_t domain.
## Execute in the svc_multilog_t domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
#
@ -109,11 +109,11 @@ interface(`daemontools_domtrans_multilog',`
########################################
## <summary>
## Allow a domain to read svc_svc_t files.
## Allow a domain to read svc_svc_t files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
@ -129,11 +129,11 @@ interface(`daemontools_read_svc',`
########################################
## <summary>
## Allow a domain to create svc_svc_t files.
## Allow a domain to create svc_svc_t files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>

20
policy/modules/system/init.if
View File

@ -666,14 +666,14 @@ interface(`init_domtrans_script',`
## Execute a init script in a specified domain.
## </summary>
## <desc>
## <p>
## <p>
## Execute a init script in a specified domain.
## </p>
## <p>
## No interprocess communication (signals, pipes,
## etc.) is provided by this interface since
## the domains are not owned by this module.
## </p>
## </p>
## <p>
## No interprocess communication (signals, pipes,
## etc.) is provided by this interface since
## the domains are not owned by this module.
## </p>
## </desc>
## <param name="source_domain">
## <summary>
@ -1133,7 +1133,7 @@ interface(`init_rw_script_stream_sockets',`
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
#
@ -1451,11 +1451,11 @@ interface(`init_dontaudit_rw_utmp',`
########################################
## <summary>
## Create, read, write, and delete utmp.
## Create, read, write, and delete utmp.
## </summary>
## <param name="domain">
## <summary>
## Domain access allowed.
## Domain access allowed.
## </summary>
## </param>
#

2
policy/modules/system/libraries.te
View File

@ -113,7 +113,7 @@ optional_policy(`
optional_policy(`
# When you install a kernel the postinstall builds a initrd image in tmp
# and executes ldconfig on it. If you dont allow this kernel installs
# and executes ldconfig on it. If you dont allow this kernel installs
# blow up.
rpm_manage_script_tmp_files(ldconfig_t)
')

8
policy/modules/system/logging.if
View File

@ -533,12 +533,12 @@ interface(`logging_search_logs',`
#######################################
## <summary>
## Do not audit attempts to search the var log directory.
## Do not audit attempts to search the var log directory.
## </summary>
## <param name="domain">
## <summary>
## Domain not to audit.
## </summary>
## <summary>
## Domain not to audit.
## </summary>
## </param>
#
interface(`logging_dontaudit_search_logs',`

18
policy/modules/system/netlabel.if
View File

@ -2,12 +2,12 @@
########################################
## <summary>
## Execute netlabel_mgmt in the netlabel_mgmt domain.
## Execute netlabel_mgmt in the netlabel_mgmt domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`netlabel_domtrans_mgmt',`
@ -21,13 +21,13 @@ interface(`netlabel_domtrans_mgmt',`
########################################
## <summary>
## Execute netlabel_mgmt in the netlabel_mgmt domain, and
## allow the specified role the netlabel_mgmt domain.
## Execute netlabel_mgmt in the netlabel_mgmt domain, and
## allow the specified role the netlabel_mgmt domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>

2
policy/modules/system/sysnetwork.if
View File

@ -6,7 +6,7 @@
## </summary>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## The type of the process performing this action.
## </summary>
## </param>
#

10
policy/modules/system/userdomain.if
View File

@ -78,7 +78,7 @@ template(`userdom_base_user_template',`
dev_dontaudit_getattr_all_chr_files($1_t)
# When the user domain runs ps, there will be a number of access
# denials when ps tries to search /proc. Do not audit these denials.
# denials when ps tries to search /proc. Do not audit these denials.
domain_dontaudit_read_all_domains_state($1_t)
domain_dontaudit_getattr_all_domains($1_t)
domain_dontaudit_getsession_all_domains($1_t)
@ -1405,11 +1405,11 @@ interface(`userdom_dontaudit_search_user_home_dirs',`
########################################
## <summary>
## List user home directories.
## List user home directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
#
@ -1979,11 +1979,11 @@ interface(`userdom_user_home_dir_filetrans_user_home_content',`
########################################
## <summary>
## Write to user temporary named sockets.
## Write to user temporary named sockets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## Domain allowed access.
## </summary>
## </param>
#