From 4b1644f447131ff5227bbf8b7b37e216ac8ef2af Mon Sep 17 00:00:00 2001 From: Dominick Grift Date: Sep 17 2010 12:32:47 +0000 Subject: Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. --- diff --git a/policy/modules/services/apache.if b/policy/modules/services/apache.if index 9668cde..0ec0fb0 100644 --- a/policy/modules/services/apache.if +++ b/policy/modules/services/apache.if @@ -312,21 +312,21 @@ interface(`apache_domtrans',` ###################################### ## -## Allow the specified domain to execute apache -## in the caller domain. +## Allow the specified domain to execute apache +## in the caller domain. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`apache_exec',` - gen_require(` - type httpd_exec_t; - ') + gen_require(` + type httpd_exec_t; + ') - can_exec($1, httpd_exec_t) + can_exec($1, httpd_exec_t) ') ####################################### @@ -901,45 +901,45 @@ interface(`apache_manage_sys_content',` ###################################### ## -## Allow the specified domain to read -## apache system content rw files. +## Allow the specified domain to read +## apache system content rw files. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## ## # interface(`apache_read_sys_content_rw_files',` - gen_require(` + gen_require(` type httpd_sys_rw_content_t; ') - read_files_pattern($1, httpd_sys_rw_content_t, httpd_sys_rw_content_t) + read_files_pattern($1, httpd_sys_rw_content_t, httpd_sys_rw_content_t) ') ###################################### ## -## Allow the specified domain to manage -## apache system content rw files. +## Allow the specified domain to manage +## apache system content rw files. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## ## # interface(`apache_manage_sys_content_rw',` - gen_require(` + gen_require(` type httpd_sys_rw_content_t; ') - files_search_var($1) - manage_dirs_pattern($1, httpd_sys_rw_content_t, httpd_sys_rw_content_t) - manage_files_pattern($1, httpd_sys_rw_content_t, httpd_sys_rw_content_t) - manage_lnk_files_pattern($1, httpd_sys_rw_content_t, httpd_sys_rw_content_t) + files_search_var($1) + manage_dirs_pattern($1, httpd_sys_rw_content_t, httpd_sys_rw_content_t) + manage_files_pattern($1, httpd_sys_rw_content_t, httpd_sys_rw_content_t) + manage_lnk_files_pattern($1, httpd_sys_rw_content_t, httpd_sys_rw_content_t) ') ######################################## @@ -1219,21 +1219,21 @@ interface(`apache_read_tmp_files',` ###################################### ## -## Dontaudit attempts to read and write -## apache tmp files. +## Dontaudit attempts to read and write +## apache tmp files. ## ## -## -## Domain to not audit. -## +## +## Domain to not audit. +## ## # interface(`apache_dontaudit_rw_tmp_files',` - gen_require(` - type httpd_tmp_t; - ') + gen_require(` + type httpd_tmp_t; + ') - dontaudit $1 httpd_tmp_t:file { read write }; + dontaudit $1 httpd_tmp_t:file { read write }; ') ######################################## @@ -1361,12 +1361,12 @@ interface(`apache_admin',` admin_pattern($1, httpd_php_tmp_t) admin_pattern($1, httpd_suexec_tmp_t) -ifdef(`TODO',` - apache_set_booleans($1, $2, $3, httpd_bool_t ) - seutil_setsebool_role_template($1, $3, $2) - allow httpd_setsebool_t httpd_bool_t:dir list_dir_perms; - allow httpd_setsebool_t httpd_bool_t:file rw_file_perms; -') + ifdef(`TODO',` + apache_set_booleans($1, $2, $3, httpd_bool_t) + seutil_setsebool_role_template($1, $3, $2) + allow httpd_setsebool_t httpd_bool_t:dir list_dir_perms; + allow httpd_setsebool_t httpd_bool_t:file rw_file_perms; + ') ') ######################################## @@ -1385,7 +1385,7 @@ interface(`apache_dontaudit_leaks',` ') dontaudit $1 httpd_t:fifo_file rw_inherited_fifo_file_perms; - dontaudit $1 httpd_t:tcp_socket { read write }; + dontaudit $1 httpd_t:tcp_socket { read write }; dontaudit $1 httpd_t:unix_dgram_socket { read write }; dontaudit $1 httpd_t:unix_stream_socket { read write }; ') diff --git a/policy/modules/services/cyphesis.if b/policy/modules/services/cyphesis.if index 9d44538..7e9057e 100644 --- a/policy/modules/services/cyphesis.if +++ b/policy/modules/services/cyphesis.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run cyphesis. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`cyphesis_domtrans',` diff --git a/policy/modules/services/dbus.if b/policy/modules/services/dbus.if index 8a75e58..74fa3d6 100644 --- a/policy/modules/services/dbus.if +++ b/policy/modules/services/dbus.if @@ -117,7 +117,7 @@ template(`dbus_role_template',` dev_read_urand($1_dbusd_t) - domain_use_interactive_fds($1_dbusd_t) + domain_use_interactive_fds($1_dbusd_t) domain_read_all_domains_state($1_dbusd_t) files_read_etc_files($1_dbusd_t) @@ -155,7 +155,7 @@ template(`dbus_role_template',` userdom_manage_user_home_content_files($1_dbusd_t) userdom_user_home_dir_filetrans_user_home_content($1_dbusd_t, { dir file }) - ifdef(`hide_broken_symptoms', ` + ifdef(`hide_broken_symptoms',` dontaudit $3 $1_dbusd_t:netlink_selinux_socket { read write }; ') @@ -462,7 +462,7 @@ interface(`dbus_system_domain',` unconfined_dbus_send($1) ') - ifdef(`hide_broken_symptoms', ` + ifdef(`hide_broken_symptoms',` dontaudit $1 system_dbusd_t:netlink_selinux_socket { read write }; ') ') @@ -522,4 +522,3 @@ interface(`dbus_delete_pid_files',` files_search_pids($1) delete_files_pattern($1, system_dbusd_var_run_t, system_dbusd_var_run_t) ') - diff --git a/policy/modules/services/denyhosts.if b/policy/modules/services/denyhosts.if index 5914f84..7b9da59 100644 --- a/policy/modules/services/denyhosts.if +++ b/policy/modules/services/denyhosts.if @@ -13,12 +13,12 @@ ## Execute a domain transition to run denyhosts. ## ## -## +## ## Domain allowed to transition. -## +## ## # -interface(`denyhosts_domtrans', ` +interface(`denyhosts_domtrans',` gen_require(` type denyhosts_t, denyhosts_exec_t; ') @@ -36,7 +36,7 @@ interface(`denyhosts_domtrans', ` ## ## # -interface(`denyhosts_initrc_domtrans', ` +interface(`denyhosts_initrc_domtrans',` gen_require(` type denyhosts_initrc_exec_t; ') @@ -61,7 +61,7 @@ interface(`denyhosts_initrc_domtrans', ` ## ## # -interface(`denyhosts_admin', ` +interface(`denyhosts_admin',` gen_require(` type denyhosts_t, denyhosts_var_lib_t, denyhosts_var_lock_t; type denyhosts_var_log_t, denyhosts_initrc_exec_t; diff --git a/policy/modules/services/devicekit.if b/policy/modules/services/devicekit.if index e20390f..262885f 100644 --- a/policy/modules/services/devicekit.if +++ b/policy/modules/services/devicekit.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run devicekit. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`devicekit_domtrans',` diff --git a/policy/modules/services/dnsmasq.if b/policy/modules/services/dnsmasq.if index f5149c8..c808b31 100644 --- a/policy/modules/services/dnsmasq.if +++ b/policy/modules/services/dnsmasq.if @@ -101,9 +101,9 @@ interface(`dnsmasq_kill',` ## Read dnsmasq config files. ## ## -## +## ## Domain allowed access. -## +## ## # interface(`dnsmasq_read_config',` @@ -120,9 +120,9 @@ interface(`dnsmasq_read_config',` ## Write to dnsmasq config files. ## ## -## +## ## Domain allowed access. -## +## ## # interface(`dnsmasq_write_config',` diff --git a/policy/modules/services/exim.if b/policy/modules/services/exim.if index 91f751d..8950248 100644 --- a/policy/modules/services/exim.if +++ b/policy/modules/services/exim.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run exim. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`exim_domtrans',` @@ -28,7 +28,7 @@ interface(`exim_domtrans',` ## ## # -interface(`exim_initrc_domtrans', ` +interface(`exim_initrc_domtrans',` gen_require(` type exim_initrc_exec_t; ') @@ -119,9 +119,9 @@ interface(`exim_read_log',` ## exim log files. ## ## -## +## ## Domain allowed access. -## +## ## # interface(`exim_append_log',` @@ -229,10 +229,10 @@ interface(`exim_manage_spool_files',` ## ## # -interface(`exim_admin', ` +interface(`exim_admin',` gen_require(` - type exim_t, exim_initrc_exec_t, exim_log_t; - type exim_tmp_t, exim_spool_t, exim_var_run_t; + type exim_t, exim_initrc_exec_t, exim_log_t; + type exim_tmp_t, exim_spool_t, exim_var_run_t; ') allow $1 exim_t:process { ptrace signal_perms }; diff --git a/policy/modules/services/fail2ban.if b/policy/modules/services/fail2ban.if index 38715b1..87f6bfb 100644 --- a/policy/modules/services/fail2ban.if +++ b/policy/modules/services/fail2ban.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run fail2ban. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`fail2ban_domtrans',` @@ -102,9 +102,9 @@ interface(`fail2ban_read_log',` ## fail2ban log files. ## ## -## +## ## Domain allowed access. -## +## ## # interface(`fail2ban_append_log',` diff --git a/policy/modules/services/fprintd.if b/policy/modules/services/fprintd.if index ebad8c4..c02062c 100644 --- a/policy/modules/services/fprintd.if +++ b/policy/modules/services/fprintd.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run fprintd. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`fprintd_domtrans',` @@ -38,4 +38,3 @@ interface(`fprintd_dbus_chat',` allow $1 fprintd_t:dbus send_msg; allow fprintd_t $1:dbus send_msg; ') - diff --git a/policy/modules/services/git.fc b/policy/modules/services/git.fc index 472c952..28b71f6 100644 --- a/policy/modules/services/git.fc +++ b/policy/modules/services/git.fc @@ -1,10 +1,10 @@ -HOME_DIR/public_git(/.*)? gen_context(system_u:object_r:git_session_content_t, s0) -HOME_DIR/\.gitaliases -- gen_context(system_u:object_r:git_session_content_t, s0) -HOME_DIR/\.gitconfig -- gen_context(system_u:object_r:git_session_content_t, s0) +HOME_DIR/public_git(/.*)? gen_context(system_u:object_r:git_session_content_t,s0) +HOME_DIR/\.gitaliases -- gen_context(system_u:object_r:git_session_content_t,s0) +HOME_DIR/\.gitconfig -- gen_context(system_u:object_r:git_session_content_t,s0) -/srv/git(/.*)? gen_context(system_u:object_r:git_system_content_t, s0) +/srv/git(/.*)? gen_context(system_u:object_r:git_system_content_t,s0) -/usr/libexec/git-core/git-daemon -- gen_context(system_u:object_r:gitd_exec_t, s0) +/usr/libexec/git-core/git-daemon -- gen_context(system_u:object_r:gitd_exec_t,s0) /var/cache/cgit(/.*)? gen_context(system_u:object_r:httpd_git_rw_content_t,s0) /var/lib/git(/.*)? gen_context(system_u:object_r:httpd_git_content_t,s0) diff --git a/policy/modules/services/git.if b/policy/modules/services/git.if index c3d7d64..3780650 100644 --- a/policy/modules/services/git.if +++ b/policy/modules/services/git.if @@ -1,10 +1,10 @@ ## Fast Version Control System. ## ##

-## A really simple TCP git daemon that normally listens on -## port DEFAULT_GIT_PORT aka 9418. It waits for a -## connection asking for a service, and will serve that -## service if it is enabled. +## A really simple TCP git daemon that normally listens on +## port DEFAULT_GIT_PORT aka 9418. It waits for a +## connection asking for a service, and will serve that +## service if it is enabled. ##

## @@ -58,7 +58,6 @@ interface(`git_session_role',` ## # template(`git_content_template',` - gen_require(` attribute git_system_content, git_content; ') @@ -84,7 +83,6 @@ template(`git_content_template',` ## # template(`git_role_template',` - gen_require(` class context contains; role system_r; @@ -520,4 +518,3 @@ interface(`git_relabel_session_content',` relabel_files_pattern($1, git_session_content_t, git_session_content_t) userdom_search_user_home_dirs($1) ') -