selinux-policy/modules-targeted.conf
Daniel J Walsh a1341a85df - Update to upstream
- Allow httpd_sys_script_t to search users homedirs
2007-12-06 21:37:36 +00:00

1561 lines
20 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#
# This file contains a listing of available modules.
# To prevent a module from being used in policy
# creation, set the module name to "off".
#
# For monolithic policies, modules set to "base" and "module"
# will be built into the policy.
#
# For modular policies, modules set to "base" will be
# included in the base module. "module" will be compiled
# as individual loadable modules.
#
# Layer: admin
# Module: acct
#
# Berkeley process accounting
#
acct = base
# Layer: admin
# Module: alsa
#
# Ainit ALSA configuration tool
#
alsa = base
# Layer: apps
# Module: ada
#
# ada executable
#
ada = base
# Layer: modules
# Module: awstats
#
# awstats executable
#
awstats = module
# Layer: admin
# Module: amanda
#
# Automated backup program.
#
amanda = base
# Layer: services
# Module: amavis
#
# Anti-virus
#
amavis = module
# Layer: admin
# Module: anaconda
#
# Policy for the Anaconda installer.
#
anaconda = base
# Layer: services
# Module: apache
#
# Apache web server
#
apache = base
# Layer: services
# Module: apm
#
# Advanced power management daemon
#
apm = base
# Layer: system
# Module: application
# Required in base
#
# Defines attributs and interfaces for all user applications
#
application = base
# Layer: services
# Module: arpwatch
#
# Ethernet activity monitor.
#
arpwatch = base
# Layer: services
# Module: audioentropy
#
# Generate entropy from audio input
#
audioentropy = module
# Layer: system
# Module: authlogin
#
# Common policy for authentication and user login.
#
authlogin = base
# Layer: services
# Module: automount
#
# Filesystem automounter service.
#
automount = base
# Layer: services
# Module: avahi
#
# mDNS/DNS-SD daemon implementing Apple ZeroConf architecture
#
avahi = base
# Layer: services
# Module: bind
#
# Berkeley internet name domain DNS server.
#
bind = base
# Layer: services
# Module: dnsmasq
#
# A lightweight DHCP and caching DNS server.
#
dnsmasq = base
# Layer: services
# Module: bluetooth
#
# Bluetooth tools and system services.
#
bluetooth = base
# Layer: kernel
# Module: bootloader
#
# Policy for the kernel modules, kernel image, and bootloader.
#
bootloader = base
# Layer: services
# Module: canna
#
# Canna - kana-kanji conversion server
#
canna = base
# Layer: services
# Module: ccs
#
# policy for ccs
#
ccs = module
# Layer: apps
# Module: calamaris
#
#
# Squid log analysis
#
calamaris = module
# Layer: apps
# Module: cdrecord
#
# Policy for cdrecord
#
cdrecord = module
# Layer: admin
# Module: certwatch
#
# Digital Certificate Tracking
#
certwatch = module
# Layer: services
# Module: cipe
#
# Encrypted tunnel daemon
#
cipe = module
# Layer: services
# Module: comsat
#
# Comsat, a biff server.
#
comsat = base
# Layer: services
# Module: clamav
#
# ClamAV Virus Scanner
#
clamav = module
# Layer: system
# Module: clock
#
# Policy for reading and setting the hardware clock.
#
clock = base
# Layer: services
# Module: consolekit
#
# ConsoleKit is a system daemon for tracking what users are logged
#
consolekit = module
# Layer: admin
# Module: consoletype
#
# Determine of the console connected to the controlling terminal.
#
consoletype = base
# Layer: kernel
# Module: corecommands
# Required in base
#
# Core policy for shells, and generic programs
# in /bin, /sbin, /usr/bin, and /usr/sbin.
#
corecommands = base
# Layer: kernel
# Module: corenetwork
# Required in base
#
# Policy controlling access to network objects
#
corenetwork = base
# Layer: services
# Module: cpucontrol
#
# Services for loading CPU microcode and CPU frequency scaling.
#
cpucontrol = base
# Layer: services
# Module: cron
#
# Periodic execution of scheduled commands.
#
cron = base
# Layer: services
# Module: cups
#
# Common UNIX printing system
#
cups = base
# Layer: services
# Module: cvs
#
# Concurrent versions system
#
cvs = base
# Layer: services
# Module: cyrus
#
# Cyrus is an IMAP service intended to be run on sealed servers
#
cyrus = base
# Layer: system
# Module: daemontools
#
# Collection of tools for managing UNIX services
#
daemontools = module
# Layer: services
# Module: dbskk
#
# Dictionary server for the SKK Japanese input method system.
#
dbskk = base
# Layer: services
# Module: dbus
#
# Desktop messaging bus
#
dbus = base
# Layer: services
# Module: dcc
#
# A distributed, collaborative, spam detection and filtering network.
#
dcc = module
# Layer: admin
# Module: ddcprobe
#
# ddcprobe retrieves monitor and graphics card information
#
ddcprobe = off
# Layer: kernel
# Module: devices
# Required in base
#
# Device nodes and interfaces for many basic system devices.
#
devices = base
# Layer: services
# Module: dhcp
#
# Dynamic host configuration protocol (DHCP) server
#
dhcp = base
# Layer: services
# Module: dictd
#
# Dictionary daemon
#
dictd = base
# Layer: services
# Module: distcc
#
# Distributed compiler daemon
#
distcc = off
# Layer: admin
# Module: dmesg
#
# Policy for dmesg.
#
dmesg = base
# Layer: admin
# Module: dmidecode
#
# Decode DMI data for x86/ia64 bioses.
#
dmidecode = base
# Layer: system
# Module: domain
# Required in base
#
# Core policy for domains.
#
domain = base
# Layer: services
# Module: dovecot
#
# Dovecot POP and IMAP mail server
#
dovecot = base
# Layer: apps
# Module: gpg
#
# Policy for GNU Privacy Guard and related programs.
#
gpg = off
# Layer: services
# Module: gpm
#
# General Purpose Mouse driver
#
gpm = base
# Layer: apps
# Module: ethereal
#
# Ethereal packet capture tool.
#
ethereal = module
# Layer: services
# Module: fail2ban
#
# daiemon that bans IP that makes too many password failures
#
fail2ban = module
# Layer: services
# Module: fetchmail
#
# Remote-mail retrieval and forwarding utility
#
fetchmail = base
# Layer: kernel
# Module: files
# Required in base
#
# Basic filesystem types and interfaces.
#
files = base
# Layer: kernel
# Module: filesystem
# Required in base
#
# Policy for filesystems.
#
filesystem = base
# Layer: services
# Module: finger
#
# Finger user information service.
#
finger = base
# Layer: admin
# Module: firstboot
#
# Final system configuration run during the first boot
# after installation of Red Hat/Fedora systems.
#
firstboot = base
# Layer: system
# Module: fstools
#
# Tools for filesystem management, such as mkfs and fsck.
#
fstools = base
# Layer: services
# Module: ftp
#
# File transfer protocol service
#
ftp = base
# Layer: apps
# Module: games
#
# The Open Group Pegasus CIM/WBEM Server.
#
games = module
# Layer: system
# Module: getty
#
# Policy for getty.
#
getty = base
# Layer: apps
# Module: gnome
#
# gnome session and gconf
#
gnome = module
# Layer: services
# Module: hal
#
# Hardware abstraction layer
#
hal = module
# Layer: system
# Module: hostname
#
# Policy for changing the system host name.
#
hostname = base
# Layer: system
# Module: hotplug
#
# Policy for hotplug system, for supporting the
# connection and disconnection of devices at runtime.
#
hotplug = base
# Layer: services
# Module: howl
#
# Port of Apple Rendezvous multicast DNS
#
howl = base
# Layer: services
# Module: inetd
#
# Internet services daemon.
#
inetd = base
# Layer: system
# Module: init
#
# System initialization programs (init and init scripts).
#
init = base
# Layer: services
# Module: inn
#
# Internet News NNTP server
#
inn = base
# Layer: system
# Module: iptables
#
# Policy for iptables.
#
iptables = base
# Layer: system
# Module: ipsec
#
# TCP/IP encryption
#
ipsec = module
# Layer: apps
# Module: irc
#
# IRC client policy
#
irc = module
# Layer: services
# Module: irqbalance
#
# IRQ balancing daemon
#
irqbalance = base
# Layer: system
# Module: iscsi
#
# Open-iSCSI daemon
#
iscsi = module
# Layer: services
# Module: i18n_input
#
# IIIMF htt server
#
i18n_input = off
# Layer: apps
# Module: java
#
# java executable
#
java = base
# Layer: services
# Module: kerberos
#
# MIT Kerberos admin and KDC
#
kerberos = base
# Layer: kernel
# Module: kernel
# Required in base
#
# Policy for kernel threads, proc filesystem,and unlabeled processes and objects.
#
kernel = base
# Layer: services
# Module: ktalk
#
# KDE Talk daemon
#
ktalk = base
# Layer: admin
# Module: kudzu
#
# Hardware detection and configuration tools
#
kudzu = base
# Layer: services
# Module: ldap
#
# OpenLDAP directory server
#
ldap = base
# Layer: system
# Module: libraries
#
# Policy for system libraries.
#
libraries = base
# Layer: apps
# Module: loadkeys
#
# Load keyboard mappings.
#
loadkeys = base
# Layer: system
# Module: locallogin
#
# Policy for local logins.
#
locallogin = base
# Layer: apps
# Module: lockdev
#
# device locking policy for lockdev
#
lockdev = module
# Layer: system
# Module: logging
#
# Policy for the kernel message logger and system logging daemon.
#
logging = base
# Layer: admin
# Module: logrotate
#
# Rotate and archive system logs
#
logrotate = base
# Layer: services
# Module: logwatch
#
# logwatch executable
#
logwatch = base
# Layer: services
# Module: lpd
#
# Line printer daemon
#
lpd = base
# Layer: system
# Module: lvm
#
# Policy for logical volume management programs.
#
lvm = base
# Layer: services
# Module: mailman
#
# Mailman is for managing electronic mail discussion and e-newsletter lists
#
mailman = base
# Layer: services
# Module: mailscanner
#
# Anti-Virus and Anti-Spam Filter
#
mailscanner = module
# Layer: kernel
# Module: mcs
# Required in base
#
# MultiCategory security policy
#
mcs = base
# Layer: system
# Module: miscfiles
#
# Miscelaneous files.
#
miscfiles = base
# Layer: kernel
# Module: mls
# Required in base
#
# Multilevel security policy
#
mls = base
# Layer: system
# Module: modutils
#
# Policy for kernel module utilities
#
modutils = base
# Layer: apps
# Module: mono
#
# mono executable
#
mono = base
# Layer: system
# Module: mount
#
# Policy for mount.
#
mount = base
# Layer: apps
# Module: mozilla
#
# Policy for Mozilla and related web browsers
#
mozilla = module
# Layer: apps
# Module: mplayer
#
# Policy for Mozilla and related web browsers
#
mplayer = module
# Layer: admin
# Module: mrtg
#
# Network traffic graphing
#
mrtg = module
# Layer: services
# Module: mta
#
# Policy common to all email tranfer agents.
#
mta = base
# Layer: services
# Module: mysql
#
# Policy for MySQL
#
mysql = base
# Layer: services
# Module: nagios
#
# policy for nagios Host/service/network monitoring program
#
nagios = module
# Layer: admin
# Module: netutils
#
# Network analysis utilities
#
netutils = base
# Layer: services
# Module: networkmanager
#
# Manager for dynamically switching between networks.
#
networkmanager = base
# Layer: services
# Module: nis
#
# Policy for NIS (YP) servers and clients
#
nis = base
# Layer: services
# Module: nscd
#
# Name service cache daemon
#
nscd = base
# Layer: services
# Module: ntp
#
# Network time protocol daemon
#
ntp = base
# Layer: services
# Module: nx
#
# NX Remote Desktop
#
nx = module
# Layer: services
# Module: oddjob
#
# policy for oddjob
#
oddjob = module
# Layer: services
# Module: openct
#
# Service for handling smart card readers.
#
openct = off
# Layer: services
# Module: openvpn
#
# Policy for OPENVPN full-featured SSL VPN solution
#
openvpn = base
# Layer: service
# Module: pcscd
#
# PC/SC Smart Card Daemon
#
pcscd = module
# Layer: service
# Module: openct
#
# Middleware framework for smart card terminals
#
openct = module
# Layer: system
# Module: pcmcia
#
# PCMCIA card management services
#
pcmcia = base
# Layer: services
# Module: pegasus
#
# The Open Group Pegasus CIM/WBEM Server.
#
pegasus = base
# Layer: services
# Module: postgresql
#
# PostgreSQL relational database
#
postgresql = base
# Layer: services
# Module: portmap
#
# RPC port mapping service.
#
portmap = base
# Layer: services
# Module: postfix
#
# Postfix email server
#
postfix = base
o# Layer: services
# Module: postgrey
#
# email scanner
#
postgrey = base
# Layer: services
# Module: ppp
#
# Point to Point Protocol daemon creates links in ppp networks
#
ppp = base
# Layer: admin
# Module: prelink
#
# Manage temporary directory sizes and file ages
#
prelink = base
# Layer: services
# Module: procmail
#
# Procmail mail delivery agent
#
procmail = base
# Layer: services
# Module: privoxy
#
# Privacy enhancing web proxy.
#
privoxy = base
# Layer: services
# Module: publicfile
#
# publicfile supplies files to the public through HTTP and FTP
#
publicfile = module
# Layer: services
# Module: pyzor
#
# Spam Blocker
#
pyzor = module
# Layer: services
# Module: qmail
#
# Policy for sendmail.
#
qmail = off
# Layer: admin
# Module: quota
#
# File system quota management
#
quota = off
# Layer: system
# Module: raid
#
# RAID array management tools
#
raid = base
# Layer: services
# Module: radius
#
# RADIUS authentication and accounting server.
#
radius = base
# Layer: services
# Module: radius
#
# RADIUS authentication and accounting server.
#
radius = base
# Layer: services
# Module: radvd
#
# IPv6 router advertisement daemon
#
radvd = base
# Layer: services
# Module: razor
#
# A distributed, collaborative, spam detection and filtering network.
#
razor = module
# Layer: admin
# Module: readahead
#
# Readahead, read files into page cache for improved performance
#
readahead = base
# Layer: services
# Module: rhgb
#
# X windows login display manager
#
rhgb = base
# Layer: services
# Module: rdisc
#
# Network router discovery daemon
#
rdisc = base
# Layer: services
# Module: remotelogin
#
# Policy for rshd, rlogind, and telnetd.
#
remotelogin = base
# Layer: services
# Module: ricci
#
# policy for ricci
#
ricci = module
# Layer: services
# Module: rlogin
#
# Remote login daemon
#
rlogin = base
# Layer: services
# Module: roundup
#
# Roundup Issue Tracking System policy
#
roundup = module
# Layer: services
# Module: rpc
#
# Remote Procedure Call Daemon for managment of network based process communication
#
rpc = base
# Layer: admin
# Module: rpm
#
# Policy for the RPM package manager.
#
rpm = base
# Layer: services
# Module: rshd
#
# Remote shell service.
#
rshd = base
# Layer: services
# Module: rsync
#
# Fast incremental file transfer for synchronization
#
rsync = base
# Layer: services
# Module: rwho
#
# who is logged in on local machines
#
rwho = module
# Layer: services
# Module: sasl
#
# SASL authentication server
#
sasl = base
# Layer: services
# Module: sendmail
#
# Policy for sendmail.
#
sendmail = base
# Layer: services
# Module: samba
#
# SMB and CIFS client/server programs for UNIX and
# name Service Switch daemon for resolving names
# from Windows NT servers.
#
samba = base
# Layer: apps
# Module: screen
#
# GNU terminal multiplexer
#
screen = module
# Layer: kernel
# Module: selinux
# Required in base
#
# Policy for kernel security interface, in particular, selinuxfs.
#
selinux = base
# Layer: system
# Module: selinuxutil
#
# Policy for SELinux policy and userland applications.
#
selinuxutil = base
# Layer: system
# Module: setrans
# Required in base
#
# Policy for setrans
#
setrans = base
# Layer: services
# Module: setroubleshoot
#
# Policy for the SELinux troubleshooting utility
#
setroubleshoot = base
# Layer: services
# Module: slrnpull
#
# Service for downloading news feeds the slrn newsreader.
#
slrnpull = off
# Layer: apps
# Module: slocate
#
# Update database for mlocate
#
slocate = module
# Layer: services
# Module: smartmon
#
# Smart disk monitoring daemon policy
#
smartmon = module
# Layer: services
# Module: snmp
#
# Simple network management protocol services
#
snmp = base
# Layer: services
# Module: spamassassin
#
# Filter used for removing unsolicited email.
#
spamassassin = base
# Layer: services
# Module: squid
#
# Squid caching http proxy server
#
squid = base
# Layer: services
# Module: ssh
#
# Secure shell client and server policy.
#
ssh = base
# Layer: kernel
# Module: storage
#
# Policy controlling access to storage devices
#
storage = base
# Layer: services
# Module: stunnel
#
# SSL Tunneling Proxy
#
stunnel = base
# Layer: admin
# Module: su
#
# Run shells with substitute user and group
#
su = base
# Layer: admin
# Module: sudo
#
# Execute a command with a substitute user
#
sudo = base
# Layer: system
# Module: sysnetwork
#
# Policy for network configuration: ifconfig and dhcp client.
#
sysnetwork = base
# Layer: services
# Module: sysstat
#
# Policy for sysstat. Reports on various system states
#
sysstat = base
# Layer: services
# Module: tcpd
#
# Policy for TCP daemon.
#
tcpd = base
# Layer: system
# Module: udev
#
# Policy for udev.
#
udev = base
# Layer: system
# Module: userdomain
#
# Policy for user domains
#
userdomain = base
# Layer: system
# Module: unconfined
#
# The unconfined domain.
#
unconfined = module
# Layer: apps
# Module: wine
#
# wine executable
#
wine = base
# Layer: admin
# Module: tzdata
#
# Policy for tzdata-update
#
tzdata = base
# Layer: apps
# Module: userhelper
#
# A helper interface to pam.
#
userhelper = module
# Layer: services
# Module: tor
#
# TOR, the onion router
#
tor = module
# Layer: apps
# Module: tvtime
#
# tvtime - a high quality television application
#
tvtime = module
# Layer: apps
# Module: uml
#
# Policy for UML
#
uml = module
# Layer: admin
# Module: usbmodules
#
# List kernel modules of USB devices
#
usbmodules = module
# Layer: apps
# Module: usernetctl
#
# User network interface configuration helper
#
usernetctl = module
# Layer: system
# Module: xen
#
# virtualization software
#
xen = base
# Layer: system
# Module: virt
#
# Virtualization libraries
#
virt = base
# Layer: system
# Module: brctl
#
# Utilities for configuring the linux ethernet bridge
#
brctl = base
# Layer: services
# Module: telnet
#
# Telnet daemon
#
telnet = base
# Layer: services
# Module: timidity
#
# MIDI to WAV converter and player configured as a service
#
timidity = off
# Layer: services
# Module: tftp
#
# Trivial file transfer protocol daemon
#
tftp = base
# Layer: services
# Module: uucp
#
# Unix to Unix Copy
#
uucp = base
# Layer: services
# Module: vbetool
#
# run real-mode video BIOS code to alter hardware state
#
vbetool = base
# Layer: apps
# Module: webalizer
#
# Web server log analysis
#
webalizer = base
# Layer: services
# Module: xfs
#
# X Windows Font Server
#
xfs = base
# Layer: services
# Module: xserver
#
# X windows login display manager
#
xserver = base
# Layer: services
# Module: zebra
#
# Zebra border gateway protocol network routing service
#
zebra = base
# Layer: admin
# Module: usermanage
#
# Policy for managing user accounts.
#
usermanage = base
# Layer: admin
# Module: updfstab
#
# Red Hat utility to change /etc/fstab.
#
updfstab = base
# Layer: admin
# Module: vpn
#
# Virtual Private Networking client
#
vpn = base
# Layer: admin
# Module: vbetool
#
# run real-mode video BIOS code to alter hardware state
#
vbetool = base
# Layer: kernel
# Module: terminal
# Required in base
#
# Policy for terminals.
#
terminal = base
# Layer: admin
# Module: tmpreaper
#
# Manage temporary directory sizes and file ages
#
tmpreaper = module
# Layer: admin
# Module: amtu
#
# Abstract Machine Test Utility (AMTU)
#
amtu = module
# Layer: services
# Module: zabbix
#
# Open-source monitoring solution for your IT infrastructure
#
zabbix = module
# Layer: services
# Module: apcupsd
#
# daemon for most APCs UPS for Linux
#
apcupsd = module
# Layer: services
# Module: aide
#
# Policy for aide
#
aide = base
# Layer: services
# Module: aide
#
# Policy for aide
#
aide = base
# Layer: services
# Module: w3c
#
# w3c
#
w3c = module
# Layer: services
# Module: rpcbind
#
# universal addresses to RPC program number mapper
#
rpcbind = module
# Layer: apps
# Module: vmware
#
# VMWare Workstation virtual machines
#
vmware = module
# Layer: users
# Module: guest
#
# Minimally privs guest account on tty logins
#
guest = module
# Layer: users
# Module: xguest
#
# Minimally privs guest account on X Windows logins
#
xguest = module
# Layer: users
# Module: logadm
#
# Minimally prived root role for managing logging system
#
logadm = module
# Layer: users
# Module: webadm
#
# Minimally prived root role for managing apache
#
webadm = module
#
# Layer: services
# Module: exim
#
# exim mail server
#
exim = module
# Layer: services
# Module: kismet
#
# Wireless sniffing and monitoring
#
kismet = module
# Layer: services
# Module: munin
#
# Munin
#
munin = module
# Layer: services
# Module: bitlbee
#
# An IRC to other chat networks gateway
#
bitlbee = module