From a72013a38686a822f0b15a4e6d96f3e831df4e3c Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: Mar 08 2011 18:32:49 +0000 Subject: Add colord policy --- diff --git a/modules-mls.conf b/modules-mls.conf index ec38586..07cb1c9 100644 --- a/modules-mls.conf +++ b/modules-mls.conf @@ -23,14 +23,14 @@ accountsd = module # # Berkeley process accounting # -acct = base +acct = module # Layer: admin # Module: alsa # # Ainit ALSA configuration tool # -alsa = base +alsa = module # Layer: apps # Module: ada @@ -46,6 +46,13 @@ ada = module # cachefilesd = module +# Layer: services +# Module: colord +# +# color device daemon +# +colord = module + # Layer: apps # Module: cpufreqselector # @@ -93,7 +100,7 @@ amavis = module # # Policy for the Anaconda installer. # -anaconda = base +anaconda = module # Layer: services # Module: apache @@ -107,7 +114,7 @@ apache = module # # Advanced power management daemon # -apm = base +apm = module # Layer: system # Module: application @@ -115,7 +122,7 @@ apm = base # # Defines attributs and interfaces for all user applications # -application = base +application = module # Layer: services # Module: arpwatch @@ -136,7 +143,7 @@ audioentropy = module # # Common policy for authentication and user login. # -authlogin = base +authlogin = module # Layer: services # Module: automount @@ -200,7 +207,7 @@ ubac = base # # Policy for the kernel modules, kernel image, and bootloader. # -bootloader = base +bootloader = module # Layer: services @@ -293,7 +300,7 @@ clamav = module # # Policy for reading and setting the hardware clock. # -clock = base +clock = module # Layer: services # Module: consolekit @@ -307,7 +314,7 @@ consolekit = module # # Determine of the console connected to the controlling terminal. # -consoletype = base +consoletype = module # Layer: kernel # Module: corecommands @@ -331,14 +338,14 @@ corenetwork = base # # Services for loading CPU microcode and CPU frequency scaling. # -cpucontrol = base +cpucontrol = module # Layer: services # Module: cron # # Periodic execution of scheduled commands. # -cron = base +cron = module # Layer: services # Module: cups @@ -387,7 +394,7 @@ dbskk = module # # Desktop messaging bus # -dbus = base +dbus = module # Layer: services # Module: dcc @@ -444,14 +451,14 @@ distcc = off # # Policy for dmesg. # -dmesg = base +dmesg = module # Layer: admin # Module: dmidecode # # Decode DMI data for x86/ia64 bioses. # -dmidecode = base +dmidecode = module # Layer: system # Module: domain @@ -547,7 +554,7 @@ finger = module # Final system configuration run during the first boot # after installation of Red Hat/Fedora systems. # -firstboot = base +firstboot = module # Layer: apps # Module: firewallgui @@ -568,7 +575,7 @@ fprintd = module # # Tools for filesystem management, such as mkfs and fsck. # -fstools = base +fstools = module # Layer: services # Module: ftp @@ -589,7 +596,7 @@ games = module # # Policy for getty. # -getty = base +getty = module # Layer: apps # Module: gnome @@ -645,7 +652,7 @@ psad = module # # Policy for changing the system host name. # -hostname = base +hostname = module # Layer: system @@ -654,7 +661,7 @@ hostname = base # Policy for hotplug system, for supporting the # connection and disconnection of devices at runtime. # -hotplug = base +hotplug = module # Layer: services # Module: howl @@ -668,14 +675,14 @@ howl = module # # Internet services daemon. # -inetd = base +inetd = module # Layer: system # Module: init # # System initialization programs (init and init scripts). # -init = base +init = module # Layer: services # Module: inn @@ -689,7 +696,7 @@ inn = module # # Policy for iptables. # -iptables = base +iptables = module # Layer: system # Module: ipsec @@ -710,7 +717,7 @@ irc = module # # IRQ balancing daemon # -irqbalance = base +irqbalance = module # Layer: system # Module: iscsi @@ -789,7 +796,7 @@ ktalk = module # # Hardware detection and configuration tools # -kudzu = base +kudzu = module # Layer: services @@ -811,21 +818,21 @@ ldap = module # # Policy for system libraries. # -libraries = base +libraries = module # Layer: apps # Module: loadkeys # # Load keyboard mappings. # -loadkeys = base +loadkeys = module # Layer: system # Module: locallogin # # Policy for local logins. # -locallogin = base +locallogin = module # Layer: apps # Module: lockdev @@ -839,21 +846,21 @@ lockdev = module # # Policy for the kernel message logger and system logging daemon. # -logging = base +logging = module # Layer: admin # Module: logrotate # # Rotate and archive system logs # -logrotate = base +logrotate = module # Layer: services # Module: logwatch # # logwatch executable # -logwatch = base +logwatch = module # Layer: services # Module: lpd @@ -867,14 +874,14 @@ lpd = module # # Policy for logical volume management programs. # -lvm = base +lvm = module # Layer: admin # Module: mcelog # # mcelog is a daemon that collects and decodes Machine Check Exception data on x86-64 machines. # -mcelog = base +mcelog = module # Layer: services # Module: mailman @@ -896,7 +903,7 @@ mcs = base # # Miscelaneous files. # -miscfiles = base +miscfiles = module # Layer: kernel # Module: mls @@ -918,7 +925,7 @@ modemmanager = module # # Policy for kernel module utilities # -modutils = base +modutils = module # Layer: services # Module: mojomojo @@ -939,7 +946,7 @@ mono = module # # Policy for mount. # -mount = base +mount = module # Layer: apps # Module: mozilla @@ -995,7 +1002,7 @@ mrtg = module # # Policy common to all email tranfer agents. # -mta = base +mta = module # Layer: services # Module: mysql @@ -1023,14 +1030,14 @@ ncftool = module # # Network analysis utilities # -netutils = base +netutils = module # Layer: services # Module: networkmanager # # Manager for dynamically switching between networks. # -networkmanager = base +networkmanager = module # Layer: services # Module: nis @@ -1045,7 +1052,7 @@ nis = module # # Name service cache daemon # -nscd = base +nscd = module # Layer: services @@ -1104,7 +1111,7 @@ openct = module # # PCMCIA card management services # -pcmcia = base +pcmcia = module # Layer: services # Module: pegasus @@ -1160,7 +1167,7 @@ ppp = module # # Manage temporary directory sizes and file ages # -prelink = base +prelink = module # Layer: services # Module: procmail @@ -1209,14 +1216,14 @@ qpidd = module # # File system quota management # -quota = base +quota = module # Layer: system # Module: raid # # RAID array management tools # -raid = base +raid = module # Layer: services # Module: radius @@ -1237,7 +1244,7 @@ radvd = module # # Readahead, read files into page cache for improved performance # -readahead = base +readahead = module # Layer: services # Module: rgmanager @@ -1293,14 +1300,14 @@ roundup = module # # Remote Procedure Call Daemon for managment of network based process communication # -rpc = base +rpc = module # Layer: admin # Module: rpm # # Policy for the RPM package manager. # -rpm = base +rpm = module # Layer: services @@ -1343,7 +1350,7 @@ sasl = module # # Policy for sendmail. # -sendmail = base +sendmail = module # Layer: apps # Module: seunshare @@ -1395,7 +1402,7 @@ selinux = base # # Policy for SELinux policy and userland applications. # -selinuxutil = base +selinuxutil = module # Layer: system # Module: setrans @@ -1403,14 +1410,14 @@ selinuxutil = base # # Policy for setrans # -setrans = base +setrans = module # Layer: services # Module: setroubleshoot # # Policy for the SELinux troubleshooting utility # -setroubleshoot = base +setroubleshoot = module # Layer: services # Module: slrnpull @@ -1459,7 +1466,7 @@ squid = module # # Secure shell client and server policy. # -ssh = base +ssh = module # Layer: services # Module: sssd @@ -1473,7 +1480,7 @@ sssd = module # # Policy controlling access to storage devices # -storage = base +storage = module # Layer: services # Module: stunnel @@ -1487,14 +1494,14 @@ stunnel = module # # Run shells with substitute user and group # -su = base +su = module # Layer: admin # Module: sudo # # Execute a command with a substitute user # -sudo = base +sudo = module # Layer: system # Module: systemd @@ -1508,7 +1515,7 @@ systemd = module # # Policy for network configuration: ifconfig and dhcp client. # -sysnetwork = base +sysnetwork = module # Layer: services # Module: sysstat @@ -1543,14 +1550,14 @@ tgtd = module # # Policy for udev. # -udev = base +udev = module # Layer: system # Module: userdomain # # Policy for user domains # -userdomain = base +userdomain = module # Layer: services # Module: ulogd @@ -1578,7 +1585,7 @@ wireshark = module # # Policy for tzdata-update # -tzdata = base +tzdata = module # Layer: apps # Module: userhelper @@ -1648,7 +1655,7 @@ qemu = module # # Utilities for configuring the linux ethernet bridge # -brctl = base +brctl = module # Layer: services # Module: telnet @@ -1690,7 +1697,7 @@ uucp = module # # run real-mode video BIOS code to alter hardware state # -vbetool = base +vbetool = module # Layer: apps # Module: webalizer @@ -1711,7 +1718,7 @@ xfs = module # # X windows login display manager # -xserver = base +xserver = module # Layer: services # Module: zebra @@ -1725,14 +1732,14 @@ zebra = module # # Policy for managing user accounts. # -usermanage = base +usermanage = module # Layer: admin # Module: updfstab # # Red Hat utility to change /etc/fstab. # -updfstab = base +updfstab = module # Layer: admin # Module: vpn @@ -1746,7 +1753,7 @@ vpn = module # # run real-mode video BIOS code to alter hardware state # -vbetool = base +vbetool = module # Layer: kernel # Module: terminal @@ -1903,7 +1910,7 @@ staff = module # # System Administrator # -sysadm = base +sysadm = module # Layer: role # Module: unprivuser @@ -2088,7 +2095,7 @@ rhcs = module # # Policy for shorewall # -shorewall = base +shorewall = module # Layer: admin # Module: shutdown diff --git a/modules-targeted.conf b/modules-targeted.conf index 6ed801c..9f2a761 100644 --- a/modules-targeted.conf +++ b/modules-targeted.conf @@ -53,6 +53,13 @@ ada = module # cachefilesd = module +# Layer: services +# Module: colord +# +# color device daemon +# +colord = module + # Layer: apps # Module: cpufreqselector # @@ -114,7 +121,7 @@ amavis = module # # Policy for the Anaconda installer. # -anaconda = base +anaconda = module # Layer: services # Module: apache @@ -128,7 +135,7 @@ apache = module # # Advanced power management daemon # -apm = base +apm = module # Layer: system # Module: application @@ -136,7 +143,7 @@ apm = base # # Defines attributs and interfaces for all user applications # -application = base +application = module # Layer: services # Module: arpwatch @@ -157,7 +164,7 @@ audioentropy = module # # Common policy for authentication and user login. # -authlogin = base +authlogin = module # Layer: services # Module: asterisk @@ -242,8 +249,7 @@ ubac = base # # Policy for the kernel modules, kernel image, and bootloader. # -bootloader = base - +bootloader = module # Layer: services # Module: canna @@ -342,7 +348,7 @@ clamav = module # # Policy for reading and setting the hardware clock. # -clock = base +clock = module # Layer: services # Module: consolekit @@ -356,7 +362,7 @@ consolekit = module # # Determine of the console connected to the controlling terminal. # -consoletype = base +consoletype = module # Layer: kernel # Module: corecommands @@ -380,14 +386,14 @@ corenetwork = base # # Services for loading CPU microcode and CPU frequency scaling. # -cpucontrol = base +cpucontrol = module # Layer: services # Module: cron # # Periodic execution of scheduled commands. # -cron = base +cron = module # Layer: services # Module: cups @@ -436,7 +442,7 @@ dbskk = module # # Desktop messaging bus # -dbus = base +dbus = module # Layer: services # Module: dcc @@ -493,16 +499,16 @@ distcc = off # # Policy for dmesg. # -dmesg = base +dmesg = module # Layer: admin # Module: dmidecode # # Decode DMI data for x86/ia64 bioses. # -dmidecode = base +dmidecode = module -# Layer: system +# Layer: kernel # Module: domain # Required in base # @@ -610,7 +616,7 @@ finger = module # Final system configuration run during the first boot # after installation of Red Hat/Fedora systems. # -firstboot = base +firstboot = module # Layer: apps # Module: firewallgui @@ -631,7 +637,7 @@ fprintd = module # # Tools for filesystem management, such as mkfs and fsck. # -fstools = base +fstools = module # Layer: services # Module: ftp @@ -652,7 +658,7 @@ games = module # # Policy for getty. # -getty = base +getty = module # Layer: apps # Module: gnome @@ -722,8 +728,7 @@ psad = module # # Policy for changing the system host name. # -hostname = base - +hostname = module # Layer: system # Module: hotplug @@ -731,7 +736,7 @@ hostname = base # Policy for hotplug system, for supporting the # connection and disconnection of devices at runtime. # -hotplug = base +hotplug = module # Layer: services # Module: howl @@ -752,7 +757,7 @@ inetd = module # # System initialization programs (init and init scripts). # -init = base +init = module # Layer: services # Module: inn @@ -766,7 +771,7 @@ inn = module # # Policy for iptables. # -iptables = base +iptables = module # Layer: system # Module: ipsec @@ -880,7 +885,7 @@ ktalk = module # # Hardware detection and configuration tools # -kudzu = base +kudzu = module # Layer: services # Module: ldap @@ -901,21 +906,21 @@ likewise = module # # Policy for system libraries. # -libraries = base +libraries = module # Layer: apps # Module: loadkeys # # Load keyboard mappings. # -loadkeys = base +loadkeys = module # Layer: system # Module: locallogin # # Policy for local logins. # -locallogin = base +locallogin = module # Layer: apps # Module: lockdev @@ -929,21 +934,21 @@ lockdev = module # # Policy for the kernel message logger and system logging daemon. # -logging = base +logging = module # Layer: admin # Module: logrotate # # Rotate and archive system logs # -logrotate = base +logrotate = module # Layer: services # Module: logwatch # # logwatch executable # -logwatch = base +logwatch = module # Layer: services # Module: lpd @@ -964,7 +969,7 @@ lircd = module # # Policy for logical volume management programs. # -lvm = base +lvm = module # Layer: services # Module: mailman @@ -978,7 +983,7 @@ mailman = module # # Policy for mcelog. # -mcelog = base +mcelog = module # Layer: kernel # Module: mcs @@ -1000,7 +1005,7 @@ mediawiki = module # # Miscelaneous files. # -miscfiles = base +miscfiles = module # Layer: kernel # Module: mls @@ -1029,7 +1034,7 @@ mojomojo = module # # Policy for kernel module utilities # -modutils = base +modutils = module # Layer: apps # Module: mono @@ -1043,7 +1048,7 @@ mono = module # # Policy for mount. # -mount = base +mount = module # Layer: apps # Module: mozilla @@ -1113,7 +1118,7 @@ mrtg = module # # Policy common to all email tranfer agents. # -mta = base +mta = module # Layer: services # Module: mysql @@ -1148,14 +1153,14 @@ ncftool = module # # Network analysis utilities # -netutils = base +netutils = module # Layer: services # Module: networkmanager # # Manager for dynamically switching between networks. # -networkmanager = base +networkmanager = module # Layer: services # Module: nis @@ -1170,7 +1175,7 @@ nis = module # # Name service cache daemon # -nscd = base +nscd = module # Layer: services @@ -1236,7 +1241,7 @@ openct = module # # PCMCIA card management services # -pcmcia = base +pcmcia = module # Layer: services # Module: pegasus @@ -1292,7 +1297,7 @@ ppp = module # # Manage temporary directory sizes and file ages # -prelink = base +prelink = module # Layer: services # Module: procmail @@ -1348,14 +1353,14 @@ qpidd = module # # File system quota management # -quota = base +quota = module # Layer: system # Module: raid # # RAID array management tools # -raid = base +raid = module # Layer: services # Module: radius @@ -1383,7 +1388,7 @@ razor = module # # Readahead, read files into page cache for improved performance # -readahead = base +readahead = module # Layer: services # Module: rgmanager @@ -1474,14 +1479,14 @@ roundup = module # # Remote Procedure Call Daemon for managment of network based process communication # -rpc = base +rpc = module # Layer: admin # Module: rpm # # Policy for the RPM package manager. # -rpm = base +rpm = module # Layer: services @@ -1562,14 +1567,14 @@ selinux = base # # Policy for SELinux policy and userland applications. # -selinuxutil = base +selinuxutil = module # Layer: services # Module: sendmail # # Policy for sendmail. # -sendmail = base +sendmail = module # Layer: apps # Module: seunshare @@ -1583,7 +1588,7 @@ seunshare = module # # Policy for shorewall # -shorewall = base +shorewall = module # Layer: admin # Module: shutdown @@ -1605,14 +1610,14 @@ sectoolm = module # # Policy for setrans # -setrans = base +setrans = module # Layer: services # Module: setroubleshoot # # Policy for the SELinux troubleshooting utility # -setroubleshoot = base +setroubleshoot = module # Layer: services # Module: slrnpull @@ -1675,7 +1680,7 @@ squid = module # # Secure shell client and server policy. # -ssh = base +ssh = module # Layer: services # Module: sssd @@ -1703,14 +1708,14 @@ stunnel = module # # Run shells with substitute user and group # -su = base +su = module # Layer: admin # Module: sudo # # Execute a command with a substitute user # -sudo = base +sudo = module # Layer: system # Module: systemd @@ -1724,7 +1729,7 @@ systemd = module # # Policy for network configuration: ifconfig and dhcp client. # -sysnetwork = base +sysnetwork = module # Layer: services @@ -1760,7 +1765,7 @@ tgtd = module # # Policy for udev. # -udev = base +udev = module # Layer: services # Module: usbmuxd @@ -1774,7 +1779,7 @@ usbmuxd = module # # Policy for user domains # -userdomain = base +userdomain = module # Layer: system # Module: unconfined @@ -1845,7 +1850,7 @@ telepathy = module # # Policy for tzdata-update # -tzdata = base +tzdata = module # Layer: apps # Module: userhelper @@ -1929,7 +1934,7 @@ qemu = module # # Utilities for configuring the linux ethernet bridge # -brctl = base +brctl = module # Layer: services # Module: telnet @@ -1992,7 +1997,7 @@ xfs = module # # X windows login display manager # -xserver = base +xserver = module # Layer: services # Module: zarafa @@ -2013,7 +2018,7 @@ zebra = module # # Policy for managing user accounts. # -usermanage = base +usermanage = module # Layer: admin # Module: updfstab @@ -2205,7 +2210,7 @@ staff = module # # System Administrator # -sysadm = base +sysadm = module # Layer: role # Module: unprivuser