From 2a724571c9bfcc2b7af682f067ed4d1b03a4bfdc Mon Sep 17 00:00:00 2001 From: Dominick Grift Date: Sep 21 2010 11:49:58 +0000 Subject: Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. --- diff --git a/policy/modules/services/postfix.if b/policy/modules/services/postfix.if index aed3720..7391f7e 100644 --- a/policy/modules/services/postfix.if +++ b/policy/modules/services/postfix.if @@ -710,8 +710,8 @@ interface(`postfix_admin',` allow $1 postfix_smtpd_t:process { ptrace signal_perms }; ps_process_pattern($1, postfix_smtpd_t) - postfix_run_map($1,$2) - postfix_run_postdrop($1,$2) + postfix_run_map($1, $2) + postfix_run_postdrop($1, $2) postfix_initrc_domtrans($1) domain_system_change_exemption($1) diff --git a/policy/modules/services/postgresql.if b/policy/modules/services/postgresql.if index d78db2c..9284534 100644 --- a/policy/modules/services/postgresql.if +++ b/policy/modules/services/postgresql.if @@ -10,7 +10,7 @@ ## ## ## -## +## ## The type of the user domain. ## ## @@ -312,7 +312,7 @@ interface(`postgresql_stream_connect',` files_search_pids($1) files_search_tmp($1) - stream_connect_pattern($1, { postgresql_var_run_t postgresql_tmp_t}, { postgresql_var_run_t postgresql_tmp_t}, postgresql_t) + stream_connect_pattern($1, { postgresql_var_run_t postgresql_tmp_t }, { postgresql_var_run_t postgresql_tmp_t }, postgresql_t) ') ######################################## diff --git a/policy/modules/services/ppp.if b/policy/modules/services/ppp.if index 0cb9b4e..19d9b59 100644 --- a/policy/modules/services/ppp.if +++ b/policy/modules/services/ppp.if @@ -355,7 +355,7 @@ interface(`ppp_admin',` type pppd_t, pppd_tmp_t, pppd_log_t, pppd_lock_t; type pppd_etc_t, pppd_secret_t, pppd_var_run_t; type pptp_t, pptp_log_t, pptp_var_run_t; - type pppd_initrc_exec_t, pppd_etc_rw_t; + type pppd_initrc_exec_t, pppd_etc_rw_t; ') allow $1 pppd_t:process { ptrace signal_perms }; diff --git a/policy/modules/services/prelude.if b/policy/modules/services/prelude.if index 737aa10..77ef768 100644 --- a/policy/modules/services/prelude.if +++ b/policy/modules/services/prelude.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run prelude. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`prelude_domtrans',` @@ -23,9 +23,9 @@ interface(`prelude_domtrans',` ## Execute a domain transition to run prelude_audisp. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`prelude_domtrans_audisp',` @@ -41,9 +41,9 @@ interface(`prelude_domtrans_audisp',` ## Signal the prelude_audisp domain. ## ## -## +## ## Domain allowed acccess. -## +## ## # interface(`prelude_signal_audisp',` @@ -78,9 +78,9 @@ interface(`prelude_read_spool',` ## Manage to prelude-manager spool files. ## ## -## +## ## Domain allowed access. -## +## ## # interface(`prelude_manage_spool',` diff --git a/policy/modules/services/procmail.if b/policy/modules/services/procmail.if index 5bfbd7b..166e9c3 100644 --- a/policy/modules/services/procmail.if +++ b/policy/modules/services/procmail.if @@ -93,7 +93,6 @@ interface(`procmail_read_home_files',` type procmail_home_t; ') - userdom_search_user_home_dirs($1) + userdom_search_user_home_dirs($1) read_files_pattern($1, procmail_home_t, procmail_home_t) ') - diff --git a/policy/modules/services/psad.if b/policy/modules/services/psad.if index 3fc5163..a45fc22 100644 --- a/policy/modules/services/psad.if +++ b/policy/modules/services/psad.if @@ -91,7 +91,6 @@ interface(`psad_manage_config',` files_search_etc($1) manage_dirs_pattern($1, psad_etc_t, psad_etc_t) manage_files_pattern($1, psad_etc_t, psad_etc_t) - ') ######################################## diff --git a/policy/modules/services/puppet.if b/policy/modules/services/puppet.if index 2855a44..0456b11 100644 --- a/policy/modules/services/puppet.if +++ b/policy/modules/services/puppet.if @@ -21,7 +21,7 @@ ## ## # -interface(`puppet_rw_tmp', ` +interface(`puppet_rw_tmp',` gen_require(` type puppet_tmp_t; ') diff --git a/policy/modules/services/pyzor.if b/policy/modules/services/pyzor.if index 748e7d3..0059cc7 100644 --- a/policy/modules/services/pyzor.if +++ b/policy/modules/services/pyzor.if @@ -114,7 +114,7 @@ interface(`pyzor_admin',` allow $1 pyzord_t:process { ptrace signal_perms }; ps_process_pattern($1, pyzord_t) - + init_labeled_script_domtrans($1, pyzord_initrc_exec_t) domain_system_change_exemption($1) role_transition $2 pyzord_initrc_exec_t system_r; @@ -132,5 +132,3 @@ interface(`pyzor_admin',` files_list_var_lib($1) admin_pattern($1, pyzor_var_lib_t) ') - - diff --git a/policy/modules/services/qpidd.if b/policy/modules/services/qpidd.if index f97e16c..3102e24 100644 --- a/policy/modules/services/qpidd.if +++ b/policy/modules/services/qpidd.if @@ -1,4 +1,3 @@ - ## policy for qpidd ######################################## @@ -6,9 +5,9 @@ ## Execute a domain transition to run qpidd. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`qpidd_domtrans',` @@ -19,7 +18,6 @@ interface(`qpidd_domtrans',` domtrans_pattern($1, qpidd_exec_t, qpidd_t) ') - ######################################## ## ## Execute qpidd server in the qpidd domain. @@ -72,12 +70,11 @@ interface(`qpidd_manage_var_run',` type qpidd_var_run_t; ') - manage_dirs_pattern($1, qpidd_var_run_t, qpidd_var_run_t) - manage_files_pattern($1, qpidd_var_run_t, qpidd_var_run_t) - manage_lnk_files_pattern($1, qpidd_var_run_t, qpidd_var_run_t) + manage_dirs_pattern($1, qpidd_var_run_t, qpidd_var_run_t) + manage_files_pattern($1, qpidd_var_run_t, qpidd_var_run_t) + manage_lnk_files_pattern($1, qpidd_var_run_t, qpidd_var_run_t) ') - ######################################## ## ## Search qpidd lib directories. @@ -113,7 +110,7 @@ interface(`qpidd_read_lib_files',` ') files_search_var_lib($1) - read_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t) + read_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t) ') ######################################## @@ -133,7 +130,7 @@ interface(`qpidd_manage_lib_files',` ') files_search_var_lib($1) - manage_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t) + manage_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t) ') ######################################## @@ -151,12 +148,11 @@ interface(`qpidd_manage_var_lib',` type qpidd_var_lib_t; ') - manage_dirs_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t) - manage_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t) - manage_lnk_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t) + manage_dirs_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t) + manage_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t) + manage_lnk_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t) ') - ######################################## ## ## All of the rules required to administrate @@ -181,7 +177,6 @@ interface(`qpidd_admin',` allow $1 qpidd_t:process { ptrace signal_perms }; ps_process_pattern($1, qpidd_t) - # Allow qpidd_t to restart the apache service qpidd_initrc_domtrans($1) @@ -192,41 +187,40 @@ interface(`qpidd_admin',` qpidd_manage_var_run($1) qpidd_manage_var_lib($1) - ') ##################################### ## -## Allow read and write access to qpidd semaphores. +## Allow read and write access to qpidd semaphores. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`qpidd_rw_semaphores',` - gen_require(` - type qpidd_t; - ') + gen_require(` + type qpidd_t; + ') - allow $1 qpidd_t:sem rw_sem_perms; + allow $1 qpidd_t:sem rw_sem_perms; ') ######################################## ## -## Read and write to qpidd shared memory. +## Read and write to qpidd shared memory. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`qpidd_rw_shm',` - gen_require(` - type qpidd_t; - ') + gen_require(` + type qpidd_t; + ') - allow $1 qpidd_t:shm rw_shm_perms; + allow $1 qpidd_t:shm rw_shm_perms; ') diff --git a/policy/modules/services/razor.if b/policy/modules/services/razor.if index 13ad2fe..353bcae 100644 --- a/policy/modules/services/razor.if +++ b/policy/modules/services/razor.if @@ -26,6 +26,7 @@ template(`razor_common_domain_template',` gen_require(` type razor_exec_t, razor_etc_t, razor_log_t, razor_var_lib_t; ') + type $1_t; domain_type($1_t) domain_entry_file($1_t, razor_exec_t) @@ -197,4 +198,3 @@ interface(`razor_read_lib_files',` files_search_var_lib($1) read_files_pattern($1, razor_var_lib_t, razor_var_lib_t) ') - diff --git a/policy/modules/services/rgmanager.if b/policy/modules/services/rgmanager.if index 7ef312e..c8b7eec 100644 --- a/policy/modules/services/rgmanager.if +++ b/policy/modules/services/rgmanager.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run rgmanager. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`rgmanager_domtrans',` @@ -78,20 +78,20 @@ interface(`rgmanager_manage_tmpfs_files',` ####################################### ## -## Allow read and write access to rgmanager semaphores. +## Allow read and write access to rgmanager semaphores. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`rgmanager_rw_semaphores',` - gen_require(` - type rgmanager_t; - ') + gen_require(` + type rgmanager_t; + ') - allow $1 rgmanager_t:sem { unix_read unix_write associate read write }; + allow $1 rgmanager_t:sem { unix_read unix_write associate read write }; ') ###################################### @@ -100,9 +100,9 @@ interface(`rgmanager_rw_semaphores',` ## an rgmanager environment ## ## -## +## ## Domain allowed access. -## +## ## ## ## @@ -115,7 +115,7 @@ interface(`rgmanager_admin',` gen_require(` type rgmanager_t, rgmanager_initrc_exec_t, rgmanager_tmp_t; type rgmanager_tmpfs_t, rgmanager_var_log_t, rgmanager_var_run_t; - ') + ') allow $1 rgmanager_t:process { ptrace signal_perms }; ps_process_pattern($1, rgmanager_t) diff --git a/policy/modules/services/rhcs.if b/policy/modules/services/rhcs.if index 30c9aff..fc1a945 100644 --- a/policy/modules/services/rhcs.if +++ b/policy/modules/services/rhcs.if @@ -51,7 +51,6 @@ template(`rhcs_domain_template',` manage_fifo_files_pattern($1_t, $1_var_run_t, $1_var_run_t) manage_sock_files_pattern($1_t, $1_var_run_t, $1_var_run_t) files_pid_filetrans($1_t, $1_var_run_t, { file fifo_file }) - ') ###################################### @@ -59,9 +58,9 @@ template(`rhcs_domain_template',` ## Execute a domain transition to run dlm_controld. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`rhcs_domtrans_dlm_controld',` @@ -358,40 +357,40 @@ interface(`rhcs_rw_cluster_shm',` #################################### ## -## Read and write access to cluster domains semaphores. +## Read and write access to cluster domains semaphores. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`rhcs_rw_cluster_semaphores',` - gen_require(` + gen_require(` attribute cluster_domain; - ') + ') - allow $1 cluster_domain:sem { rw_sem_perms destroy }; + allow $1 cluster_domain:sem { rw_sem_perms destroy }; ') #################################### ## -## Connect to cluster domains over a unix domain -## stream socket. +## Connect to cluster domains over a unix domain +## stream socket. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`rhcs_stream_connect_cluster',` - gen_require(` - attribute cluster_domain, cluster_pid; - ') + gen_require(` + attribute cluster_domain, cluster_pid; + ') - files_search_pids($1) - stream_connect_pattern($1, cluster_pid, cluster_pid, cluster_domain) + files_search_pids($1) + stream_connect_pattern($1, cluster_pid, cluster_pid, cluster_domain) ') ###################################### @@ -433,19 +432,19 @@ interface(`rhcs_read_qdiskd_tmpfs_files',` ###################################### ## -## Allow domain to read cluster lib files +## Allow domain to read cluster lib files ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`rhcs_read_cluster_lib_files',` - gen_require(` - type cluster_var_lib_t; - ') + gen_require(` + type cluster_var_lib_t; + ') - files_search_var_lib($1) - read_files_pattern($1, cluster_var_lib_t, cluster_var_lib_t) + files_search_var_lib($1) + read_files_pattern($1, cluster_var_lib_t, cluster_var_lib_t) ') diff --git a/policy/modules/services/ricci.if b/policy/modules/services/ricci.if index 8a28c31..236fd6d 100644 --- a/policy/modules/services/ricci.if +++ b/policy/modules/services/ricci.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run ricci. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`ricci_domtrans',` @@ -20,20 +20,20 @@ interface(`ricci_domtrans',` ####################################### ## -## Execute ricci server in the ricci domain. +## Execute ricci server in the ricci domain. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # -interface(`ricci_initrc_domtrans', ` - gen_require(` - type ricci_initrc_exec_t; - ') +interface(`ricci_initrc_domtrans',` + gen_require(` + type ricci_initrc_exec_t; + ') - init_labeled_script_domtrans($1, ricci_initrc_exec_t) + init_labeled_script_domtrans($1, ricci_initrc_exec_t) ') ######################################## @@ -41,9 +41,9 @@ interface(`ricci_initrc_domtrans', ` ## Execute a domain transition to run ricci_modcluster. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`ricci_domtrans_modcluster',` @@ -134,9 +134,9 @@ interface(`ricci_rw_modclusterd_tmpfs_files',` ## Execute a domain transition to run ricci_modlog. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`ricci_domtrans_modlog',` @@ -152,9 +152,9 @@ interface(`ricci_domtrans_modlog',` ## Execute a domain transition to run ricci_modrpm. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`ricci_domtrans_modrpm',` @@ -170,9 +170,9 @@ interface(`ricci_domtrans_modrpm',` ## Execute a domain transition to run ricci_modservice. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`ricci_domtrans_modservice',` @@ -188,9 +188,9 @@ interface(`ricci_domtrans_modservice',` ## Execute a domain transition to run ricci_modstorage. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`ricci_domtrans_modstorage',` @@ -203,22 +203,22 @@ interface(`ricci_domtrans_modstorage',` #################################### ## -## Allow the specified domain to manage ricci's lib files. +## Allow the specified domain to manage ricci's lib files. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`ricci_manage_lib_files',` - gen_require(` - type ricci_var_lib_t; - ') + gen_require(` + type ricci_var_lib_t; + ') - files_search_var_lib($1) - manage_dirs_pattern($1, ricci_var_lib_t, ricci_var_lib_t) - manage_files_pattern($1, ricci_var_lib_t, ricci_var_lib_t) + files_search_var_lib($1) + manage_dirs_pattern($1, ricci_var_lib_t, ricci_var_lib_t) + manage_files_pattern($1, ricci_var_lib_t, ricci_var_lib_t) ') ######################################## @@ -254,7 +254,7 @@ interface(`ricci_admin',` files_list_tmp($1) admin_pattern($1, ricci_tmp_t) - + files_list_var_lib($1) admin_pattern($1, ricci_var_lib_t) diff --git a/policy/modules/services/rpc.if b/policy/modules/services/rpc.if index b65be0c..1de66f7 100644 --- a/policy/modules/services/rpc.if +++ b/policy/modules/services/rpc.if @@ -32,7 +32,7 @@ interface(`rpc_stub',` ## ## # -template(`rpc_domain_template', ` +template(`rpc_domain_template',` ######################################## # # Declarations diff --git a/policy/modules/services/rpcbind.if b/policy/modules/services/rpcbind.if index 14173f7..0458ba7 100644 --- a/policy/modules/services/rpcbind.if +++ b/policy/modules/services/rpcbind.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run rpcbind. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`rpcbind_domtrans',` diff --git a/policy/modules/services/rsync.if b/policy/modules/services/rsync.if index eefa329..a4fddce 100644 --- a/policy/modules/services/rsync.if +++ b/policy/modules/services/rsync.if @@ -109,9 +109,9 @@ interface(`rsync_exec',` ## Read rsync config files. ## ## -## +## ## Domain allowed access. -## +## ## # interface(`rsync_read_config',` @@ -128,9 +128,9 @@ interface(`rsync_read_config',` ## Write to rsync config files. ## ## -## +## ## Domain allowed access. -## +## ## # interface(`rsync_write_config',` @@ -147,9 +147,9 @@ interface(`rsync_write_config',` ## Manage rsync config files. ## ## -## +## ## Domain allowed. -## +## ## # interface(`rsync_manage_config',` diff --git a/policy/modules/services/rtkit.if b/policy/modules/services/rtkit.if index 21079f8..62d2628 100644 --- a/policy/modules/services/rtkit.if +++ b/policy/modules/services/rtkit.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run rtkit_daemon. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`rtkit_daemon_domtrans',` diff --git a/policy/modules/services/rwho.if b/policy/modules/services/rwho.if index 71ea0ea..664e68e 100644 --- a/policy/modules/services/rwho.if +++ b/policy/modules/services/rwho.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run rwho. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`rwho_domtrans',` diff --git a/policy/modules/services/varnishd.if b/policy/modules/services/varnishd.if index 0f8e213..b6121a6 100644 --- a/policy/modules/services/varnishd.if +++ b/policy/modules/services/varnishd.if @@ -58,7 +58,7 @@ interface(`varnishd_read_config',` ##################################### ## -## Read varnish lib files. +## Read varnish lib files. ## ## ## diff --git a/policy/modules/services/vnstatd.if b/policy/modules/services/vnstatd.if index 6144fb1..8780a8a 100644 --- a/policy/modules/services/vnstatd.if +++ b/policy/modules/services/vnstatd.if @@ -1,15 +1,13 @@ - ## policy for vnstatd - ######################################## ## ## Execute a domain transition to run vnstatd. ## ## -## +## ## Domain allowed access. -## +## ## # interface(`vnstatd_domtrans',` @@ -20,16 +18,14 @@ interface(`vnstatd_domtrans',` domtrans_pattern($1, vnstatd_exec_t, vnstatd_t) ') - - ######################################## ## ## Execute a domain transition to run vnstat. ## ## -## +## ## Domain allowed access. -## +## ## # interface(`vnstatd_domtrans_vnstat',` @@ -75,7 +71,7 @@ interface(`vnstatd_read_lib_files',` ') files_search_var_lib($1) - read_files_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t) + read_files_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t) ') ######################################## @@ -95,7 +91,7 @@ interface(`vnstatd_manage_lib_files',` ') files_search_var_lib($1) - manage_files_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t) + manage_files_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t) ') ######################################## @@ -114,7 +110,7 @@ interface(`vnstatd_manage_lib_dirs',` ') files_search_var_lib($1) - manage_dirs_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t) + manage_dirs_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t) ') @@ -138,7 +134,7 @@ interface(`vnstatd_manage_lib_dirs',` interface(`vnstatd_admin',` gen_require(` type vnstatd_t; - type vnstatd_var_lib_t; + type vnstatd_var_lib_t; ') allow $1 vnstatd_t:process { ptrace signal_perms }; @@ -146,5 +142,4 @@ interface(`vnstatd_admin',` files_list_var_lib($1) admin_pattern($1, vnstatd_var_lib_t) - ') diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if index 88b6040..cd2798a 100644 --- a/policy/modules/services/xserver.if +++ b/policy/modules/services/xserver.if @@ -243,7 +243,7 @@ interface(`xserver_rw_session',` type xserver_t, xserver_tmpfs_t; ') - xserver_ro_session($1,$2) + xserver_ro_session($1, $2) allow $1 xserver_t:shm rw_shm_perms; allow $1 xserver_tmpfs_t:file rw_file_perms; ')