From 80526ccbddc14bb33e43a97af5380c1a7882cb7d Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Jul 20 2005 20:11:49 +0000 Subject: add an example module config for a targeted policy --- diff --git a/refpolicy/policy/modules.conf.targeted_example b/refpolicy/policy/modules.conf.targeted_example new file mode 100644 index 0000000..488d6f8 --- /dev/null +++ b/refpolicy/policy/modules.conf.targeted_example @@ -0,0 +1,371 @@ +# +# This file contains a listing of available modules. +# To prevent a module from being used in policy +# creation, set the module name to "off". +# +# For monolithic policies, modules set to "base" and "module" +# will be built into the policy. +# +# For modular policies, modules set to "base" will be +# included in the base module. "module" will be compiled +# as individual loadable modules. +# + +# Layer: kernel +# Module: filesystem +# Required in base +# +# Policy for filesystems. +# +filesystem = base + +# Layer: kernel +# Module: selinux +# Required in base +# +# Policy for kernel security interface, in particular, selinuxfs. +# +selinux = base + +# Layer: kernel +# Module: kernel +# Required in base +# +# Policy for kernel threads, proc filesystem,and unlabeled processes and objects. +# +kernel = base + +# Layer: kernel +# Module: corenetwork +# Required in base +# +# Policy controlling access to network objects +# +corenetwork = base + +# Layer: system +# Module: files +# Required in base +# +# Basic filesystem types and interfaces. +# +files = base + +# Layer: system +# Module: domain +# Required in base +# +# Core policy for domains. +# +domain = base + +# Layer: admin +# Module: consoletype +# +# Determine of the console connected to the controlling terminal. +# +consoletype = base + +# Layer: admin +# Module: netutils +# +# Network analysis utilities +# +netutils = base + +# Layer: admin +# Module: usermanage +# +# Policy for managing user accounts. +# +usermanage = base + +# Layer: admin +# Module: rpm +# +# Policy for the RPM package manager. +# +rpm = off + +# Layer: admin +# Module: dmesg +# +# Policy for dmesg. +# +dmesg = base + +# Layer: admin +# Module: logrotate +# +# Rotate and archive system logs +# +logrotate = off + +# Layer: apps +# Module: gpg +# +# Policy for GNU Privacy Guard and related programs. +# +gpg = off + +# Layer: kernel +# Module: devices +# +# Device nodes and interfaces for many basic system devices. +# +devices = base + +# Layer: kernel +# Module: bootloader +# +# Policy for the kernel modules, kernel image, and bootloader. +# +bootloader = base + +# Layer: kernel +# Module: storage +# +# Policy controlling access to storage devices +# +storage = base + +# Layer: kernel +# Module: terminal +# +# Policy for terminals. +# +terminal = base + +# Layer: services +# Module: cron +# +# Periodic execution of scheduled commands. +# +cron = base + +# Layer: services +# Module: ssh +# +# Secure shell client and server policy. +# +ssh = off + +# Layer: services +# Module: remotelogin +# +# Policy for rshd, rlogind, and telnetd. +# +remotelogin = base + +# Layer: services +# Module: sendmail +# +# Policy for sendmail. +# +sendmail = off + +# Layer: services +# Module: mta +# +# Policy common to all email tranfer agents. +# +mta = base + +# Layer: services +# Module: nis +# +# Policy for NIS (YP) servers and clients +# +nis = base + +# Layer: services +# Module: inetd +# +# Internet services daemon. +# +inetd = base + +# Layer: services +# Module: kerberos +# +# MIT Kerberos admin and KDC +# +kerberos = base + +# Layer: services +# Module: nscd +# +# Name service cache daemon +# +nscd = base + +# Layer: system +# Module: selinuxutil +# +# Policy for SELinux policy and userland applications. +# +selinuxutil = base + +# Layer: system +# Module: getty +# +# Policy for getty. +# +getty = base + +# Layer: system +# Module: mount +# +# Policy for mount. +# +mount = base + +# Layer: system +# Module: logging +# +# Policy for the kernel message logger and system logging daemon. +# +logging = base + +# Layer: system +# Module: locallogin +# +# Policy for local logins. +# +locallogin = base + +# Layer: system +# Module: sysnetwork +# +# Policy for network configuration: ifconfig and dhcp client. +# +sysnetwork = base + +# Layer: system +# Module: iptables +# +# Policy for iptables. +# +iptables = base + +# Layer: system +# Module: userdomain +# +# Policy for user domains +# +userdomain = base + +# Layer: system +# Module: clock +# +# Policy for reading and setting the hardware clock. +# +clock = base + +# Layer: system +# Module: corecommands +# +# Core policy for shells, and generic programs +# in /bin, /sbin, /usr/bin, and /usr/sbin. +# +corecommands = base + +# Layer: system +# Module: hotplug +# +# Policy for hotplug system, for supporting the +# connection and disconnection of devices at runtime. +# +hotplug = base + +# Layer: system +# Module: lvm +# +# Policy for logical volume management programs. +# +lvm = base + +# Layer: system +# Module: modutils +# +# Policy for kernel module utilities +# +modutils = base + +# Layer: system +# Module: udev +# +# Policy for udev. +# +udev = base + +# Layer: system +# Module: init +# +# System initialization programs (init and init scripts). +# +init = base + +# Layer: system +# Module: hostname +# +# Policy for changing the system host name. +# +hostname = base + +# Layer: system +# Module: authlogin +# +# Common policy for authentication and user login. +# +authlogin = base + +# Layer: system +# Module: libraries +# +# Policy for system libraries. +# +libraries = base + +# Layer: system +# Module: ipsec +# +# TCP/IP encryption +# +ipsec = base + +# Layer: system +# Module: unconfined +# +# The unconfined domain. +# +unconfined = base + +# Layer: system +# Module: miscfiles +# +# Miscelaneous files. +# +miscfiles = base + +# Layer: system +# Module: fstools +# +# Tools for filesystem management, such as mkfs and fsck. +# +fstools = base + +# Layer: system +# Module: pcmcia +# +# PCMCIA card management services +# +pcmcia = base + +# Layer: system +# Module: raid +# +# RAID array management tools +# +raid = base +