|
|
b4e7ac |
# Layer: kernel
|
|
|
b4e7ac |
# Module: bootloader
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Policy for the kernel modules, kernel image, and bootloader.
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
bootloader = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: kernel
|
|
|
b4e7ac |
# Module: corenetwork
|
|
|
b4e7ac |
# Required in base
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Policy controlling access to network objects
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
corenetwork = base
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: admin
|
|
|
b4e7ac |
# Module: dmesg
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Policy for dmesg.
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
dmesg = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: admin
|
|
|
b4e7ac |
# Module: netutils
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Network analysis utilities
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
netutils = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: admin
|
|
|
b4e7ac |
# Module: sudo
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Execute a command with a substitute user
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
sudo = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: admin
|
|
|
b4e7ac |
# Module: su
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Run shells with substitute user and group
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
su = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: admin
|
|
|
b4e7ac |
# Module: usermanage
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Policy for managing user accounts.
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
usermanage = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: apps
|
|
|
b4e7ac |
# Module: seunshare
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# seunshare executable
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
seunshare = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: kernel
|
|
|
b4e7ac |
# Module: corecommands
|
|
|
b4e7ac |
# Required in base
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Core policy for shells, and generic programs
|
|
|
b4e7ac |
# in /bin, /sbin, /usr/bin, and /usr/sbin.
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
corecommands = base
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Module: devices
|
|
|
b4e7ac |
# Required in base
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Device nodes and interfaces for many basic system devices.
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
devices = base
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Module: domain
|
|
|
b4e7ac |
# Required in base
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Core policy for domains.
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
domain = base
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: system
|
|
|
b4e7ac |
# Module: userdomain
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Policy for user domains
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
userdomain = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Module: files
|
|
|
b4e7ac |
# Required in base
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Basic filesystem types and interfaces.
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
files = base
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Module: filesystem
|
|
|
b4e7ac |
# Required in base
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Policy for filesystems.
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
filesystem = base
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Module: kernel
|
|
|
b4e7ac |
# Required in base
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Policy for kernel threads, proc filesystem,and unlabeled processes and objects.
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
kernel = base
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Module: mcs
|
|
|
b4e7ac |
# Required in base
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# MultiCategory security policy
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
mcs = base
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Module: mls
|
|
|
b4e7ac |
# Required in base
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Multilevel security policy
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
mls = base
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Module: selinux
|
|
|
b4e7ac |
# Required in base
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Policy for kernel security interface, in particular, selinuxfs.
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
selinux = base
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: kernel
|
|
|
b4e7ac |
# Module: storage
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Policy controlling access to storage devices
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
storage = base
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Module: terminal
|
|
|
b4e7ac |
# Required in base
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Policy for terminals.
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
terminal = base
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: kernel
|
|
|
b4e7ac |
# Module: ubac
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
ubac = base
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: kernel
|
|
|
b4e7ac |
# Module: unlabelednet
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# The unlabelednet module.
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
unlabelednet = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: role
|
|
|
b4e7ac |
# Module: auditadm
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# auditadm account on tty logins
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
auditadm = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: role
|
|
|
b4e7ac |
# Module: logadm
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Minimally prived root role for managing logging system
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
logadm = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: role
|
|
|
b4e7ac |
# Module: secadm
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# secadm account on tty logins
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
secadm = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer:role
|
|
|
b4e7ac |
# Module: staff
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# admin account
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
staff = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer:role
|
|
|
b4e7ac |
# Module: sysadm_secadm
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# System Administrator with Security Admin rules
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
sysadm_secadm = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer:role
|
|
|
b4e7ac |
# Module: sysadm
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# System Administrator
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
sysadm = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: role
|
|
|
b4e7ac |
# Module: unprivuser
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Minimally privs guest account on tty logins
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
unprivuser = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: services
|
|
|
b4e7ac |
# Module: postgresql
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# PostgreSQL relational database
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
postgresql = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: services
|
|
|
b4e7ac |
# Module: ssh
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Secure shell client and server policy.
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
ssh = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: services
|
|
|
b4e7ac |
# Module: xserver
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# X windows login display manager
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
xserver = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Module: application
|
|
|
b4e7ac |
# Required in base
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Defines attributs and interfaces for all user applications
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
application = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: system
|
|
|
b4e7ac |
# Module: authlogin
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Common policy for authentication and user login.
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
authlogin = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: system
|
|
|
b4e7ac |
# Module: clock
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Policy for reading and setting the hardware clock.
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
clock = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: system
|
|
|
b4e7ac |
# Module: fstools
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Tools for filesystem management, such as mkfs and fsck.
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
fstools = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: system
|
|
|
b4e7ac |
# Module: getty
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Policy for getty.
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
getty = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: system
|
|
|
b4e7ac |
# Module: hostname
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Policy for changing the system host name.
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
hostname = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: system
|
|
|
b4e7ac |
# Module: init
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# System initialization programs (init and init scripts).
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
init = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: system
|
|
|
b4e7ac |
# Module: ipsec
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# TCP/IP encryption
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
ipsec = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: system
|
|
|
b4e7ac |
# Module: iptables
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Policy for iptables.
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
iptables = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: system
|
|
|
b4e7ac |
# Module: libraries
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Policy for system libraries.
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
libraries = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: system
|
|
|
b4e7ac |
# Module: locallogin
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Policy for local logins.
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
locallogin = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: system
|
|
|
b4e7ac |
# Module: logging
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Policy for the kernel message logger and system logging daemon.
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
logging = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: system
|
|
|
b4e7ac |
# Module: lvm
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Policy for logical volume management programs.
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
lvm = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: system
|
|
|
b4e7ac |
# Module: miscfiles
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Miscelaneous files.
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
miscfiles = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: system
|
|
|
b4e7ac |
# Module: modutils
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Policy for kernel module utilities
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
modutils = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: system
|
|
|
b4e7ac |
# Module: mount
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Policy for mount.
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
mount = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: system
|
|
|
b4e7ac |
# Module: netlabel
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Basic netlabel types and interfaces.
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
netlabel = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: system
|
|
|
b4e7ac |
# Module: selinuxutil
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Policy for SELinux policy and userland applications.
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
selinuxutil = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Module: setrans
|
|
|
b4e7ac |
# Required in base
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Policy for setrans
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
setrans = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: system
|
|
|
b4e7ac |
# Module: sysnetwork
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Policy for network configuration: ifconfig and dhcp client.
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
sysnetwork = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: system
|
|
|
b4e7ac |
# Module: systemd
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Policy for systemd components
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
systemd = module
|
|
|
b4e7ac |
|
|
|
b4e7ac |
# Layer: system
|
|
|
b4e7ac |
# Module: udev
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
# Policy for udev.
|
|
|
b4e7ac |
#
|
|
|
b4e7ac |
udev = module
|