diff --git a/modules-mls.conf b/modules-mls.conf index 5525889..89fc9e7 100644 --- a/modules-mls.conf +++ b/modules-mls.conf @@ -11,29 +11,334 @@ # as individual loadable modules. # -# Layer: kernel -# Module: terminal +# Layer: admin +# Module: acct +# +# Berkeley process accounting +# +acct = base + +# Layer: admin +# Module: alsa +# +# Ainit ALSA configuration tool +# +alsa = base + +# Layer: apps +# Module: ada +# +# ada executable +# +ada = module + +# Layer: modules +# Module: awstats +# +# awstats executable +# +awstats = module + +# Layer: admin +# Module: amanda +# +# Automated backup program. +# +amanda = module + +# Layer: services +# Module: afs +# +# Andrew Filesystem server +# +afs = module + +# Layer: services +# Module: amavis +# +# Anti-virus +# +amavis = module + +# Layer: admin +# Module: anaconda +# +# Policy for the Anaconda installer. +# +anaconda = base + +# Layer: services +# Module: apache +# +# Apache web server +# +apache = module + +# Layer: services +# Module: apm +# +# Advanced power management daemon +# +apm = base + +# Layer: system +# Module: application # Required in base # -# Policy for terminals. +# Defines attributs and interfaces for all user applications # -terminal = base +application = base + +# Layer: services +# Module: arpwatch +# +# Ethernet activity monitor. +# +arpwatch = module + +# Layer: services +# Module: audioentropy +# +# Generate entropy from audio input +# +audioentropy = module + +# Layer: system +# Module: authlogin +# +# Common policy for authentication and user login. +# +authlogin = base + +# Layer: services +# Module: automount +# +# Filesystem automounter service. +# +automount = module + +# Layer: services +# Module: avahi +# +# mDNS/DNS-SD daemon implementing Apple ZeroConf architecture +# +avahi = module + +# Layer: services +# Module: bind +# +# Berkeley internet name domain DNS server. +# +bind = module + +# Layer: services +# Module: dnsmasq +# +# A lightweight DHCP and caching DNS server. +# +dnsmasq = module + +# Layer: services +# Module: bluetooth +# +# Bluetooth tools and system services. +# +bluetooth = module # Layer: kernel -# Module: kernel +# Module: ubac +# +# +# +ubac = base + +# +# Layer: kernel +# Module: bootloader +# +# Policy for the kernel modules, kernel image, and bootloader. +# +bootloader = base + + +# Layer: services +# Module: canna +# +# Canna - kana-kanji conversion server +# +canna = module + +# Layer: services +# Module: ccs +# +# policy for ccs +# +ccs = module + +# Layer: apps +# Module: calamaris +# +# +# Squid log analysis +# +calamaris = module + +# Layer: apps +# Module: cdrecord +# +# Policy for cdrecord +# +cdrecord = module + +# Layer: admin +# Module: certwatch +# +# Digital Certificate Tracking +# +certwatch = module + +# Layer: admin +# Module: certmaster +# +# Digital Certificate master +# +certmaster = module + +# Layer: services +# Module: cipe +# +# Encrypted tunnel daemon +# +cipe = module + +# Layer: services +# Module: comsat +# +# Comsat, a biff server. +# +comsat = module + +# Layer: services +# Module: clamav +# +# ClamAV Virus Scanner +# +clamav = module + +# Layer: system +# Module: clock +# +# Policy for reading and setting the hardware clock. +# +clock = base + +# Layer: services +# Module: consolekit +# +# ConsoleKit is a system daemon for tracking what users are logged +# +consolekit = module + +# Layer: admin +# Module: consoletype +# +# Determine of the console connected to the controlling terminal. +# +consoletype = base + +# Layer: kernel +# Module: corecommands # Required in base # -# Policy for kernel threads, proc filesystem,and unlabeled processes and objects. +# Core policy for shells, and generic programs +# in /bin, /sbin, /usr/bin, and /usr/sbin. # -kernel = base +corecommands = base # Layer: kernel -# Module: filesystem +# Module: corenetwork # Required in base # -# Policy for filesystems. +# Policy controlling access to network objects # -filesystem = base +corenetwork = base + +# Layer: services +# Module: cpucontrol +# +# Services for loading CPU microcode and CPU frequency scaling. +# +cpucontrol = base + +# Layer: services +# Module: cron +# +# Periodic execution of scheduled commands. +# +cron = base + +# Layer: services +# Module: cups +# +# Common UNIX printing system +# +cups = module + +# Layer: services +# Module: cvs +# +# Concurrent versions system +# +cvs = module + +# Layer: services +# Module: cyphesis +# +# cyphesis game server +# +cyphesis = module + +# Layer: services +# Module: cyrus +# +# Cyrus is an IMAP service intended to be run on sealed servers +# +cyrus = module + +# Layer: system +# Module: daemontools +# +# Collection of tools for managing UNIX services +# +daemontools = module + +# Layer: services +# Module: dbskk +# +# Dictionary server for the SKK Japanese input method system. +# +dbskk = module + +# Layer: services +# Module: dbus +# +# Desktop messaging bus +# +dbus = base + +# Layer: services +# Module: dcc +# +# A distributed, collaborative, spam detection and filtering network. +# +dcc = module + +# Layer: admin +# Module: ddcprobe +# +# ddcprobe retrieves monitor and graphics card information +# +ddcprobe = off # Layer: kernel # Module: devices @@ -43,217 +348,322 @@ filesystem = base # devices = base -# Layer: kernel -# Module: corenetwork +# Layer: services +# Module: dhcp +# +# Dynamic host configuration protocol (DHCP) server +# +dhcp = module + +# Layer: services +# Module: dictd +# +# Dictionary daemon +# +dictd = module + +# Layer: services +# Module: distcc +# +# Distributed compiler daemon +# +distcc = off + +# Layer: admin +# Module: dmesg +# +# Policy for dmesg. +# +dmesg = base + +# Layer: admin +# Module: dmidecode +# +# Decode DMI data for x86/ia64 bioses. +# +dmidecode = base + +# Layer: system +# Module: domain # Required in base # -# Policy controlling access to network objects +# Core policy for domains. # -corenetwork = base +domain = base + +# Layer: services +# Module: dovecot +# +# Dovecot POP and IMAP mail server +# +dovecot = module + +# Layer: apps +# Module: gpg +# +# Policy for GNU Privacy Guard and related programs. +# +gpg = off + +# Layer: services +# Module: gpm +# +# General Purpose Mouse driver +# +gpm = module + +# Layer: apps +# Module: ethereal +# +# Ethereal packet capture tool. +# +ethereal = module + +# Layer: services +# Module: fail2ban +# +# daiemon that bans IP that makes too many password failures +# +fail2ban = module + +# Layer: services +# Module: fetchmail +# +# Remote-mail retrieval and forwarding utility +# +fetchmail = module # Layer: kernel -# Module: mls +# Module: files # Required in base # -# Multilevel security policy +# Basic filesystem types and interfaces. # -mls = base +files = base # Layer: kernel -# Module: mcs +# Module: filesystem # Required in base # -# MultiCategory security policy +# Policy for filesystems. +# +filesystem = base + +# Layer: services +# Module: finger +# +# Finger user information service. +# +finger = module + +# Layer: admin +# Module: firstboot +# +# Final system configuration run during the first boot +# after installation of Red Hat/Fedora systems. +# +firstboot = base + +# Layer: system +# Module: fstools +# +# Tools for filesystem management, such as mkfs and fsck. +# +fstools = base + +# Layer: services +# Module: ftp +# +# File transfer protocol service # -mcs = base +ftp = module -# Layer: kernel -# Module: selinux -# Required in base +# Layer: apps +# Module: games # -# Policy for kernel security interface, in particular, selinuxfs. +# The Open Group Pegasus CIM/WBEM Server. # -selinux = base +games = module -# Layer: kernel -# Module: files -# Required in base +# Layer: system +# Module: getty # -# Basic filesystem types and interfaces. +# Policy for getty. # -files = base +getty = base -# Layer: kernel -# Module: domain -# Required in base +# Layer: apps +# Module: gnome # -# Core policy for domains. +# gnome session and gconf # -domain = base +gnome = module -# Layer: kernel -# Module: corecommands -# Required in base +# Layer: services +# Module: gnomeclock # -# Core policy for shells, and generic programs -# in /bin, /sbin, /usr/bin, and /usr/sbin. +# gnomeclock used by dbus/polkit to set time # -corecommands = base +gnomeclock = module -# Layer: admin -# Module: acct +# Layer: services +# Module: hal # -# Berkeley process accounting +# Hardware abstraction layer # -acct = base +hal = module -# Layer: admin -# Module: usermanage +# Layer: services +# Module: polkit # -# Policy for managing user accounts. +# Hardware abstraction layer # -usermanage = base +polkit = module -# Layer: admin -# Module: rpm +# Layer: system +# Module: hostname # -# Policy for the RPM package manager. +# Policy for changing the system host name. # -rpm = base +hostname = base -# Layer: admin -# Module: readahead + +# Layer: system +# Module: hotplug # -# Readahead, read files into page cache for improved performance +# Policy for hotplug system, for supporting the +# connection and disconnection of devices at runtime. # -readahead = base +hotplug = base -# Layer: apps -# Module: alsa +# Layer: services +# Module: howl # -# alsa - Configure sound +# Port of Apple Rendezvous multicast DNS # -alsa = base +howl = module -# Layer: admin -# Module: kudzu +# Layer: services +# Module: inetd # -# Hardware detection and configuration tools +# Internet services daemon. # -kudzu = base +inetd = base -# Layer: admin -# Module: updfstab +# Layer: system +# Module: init # -# Red Hat utility to change /etc/fstab. +# System initialization programs (init and init scripts). # -updfstab = base +init = base -# Layer: admin -# Module: netutils +# Layer: services +# Module: inn # -# Network analysis utilities +# Internet News NNTP server # -netutils = base +inn = module -# Layer: admin -# Module: vpn +# Layer: system +# Module: iptables # -# Virtual Private Networking client +# Policy for iptables. # -vpn = module +iptables = base -# Layer: admin -# Module: su +# Layer: system +# Module: ipsec # -# Run shells with substitute user and group +# TCP/IP encryption # -su = base +ipsec = module -# Layer: admin -# Module: dmesg +# Layer: apps +# Module: irc # -# Policy for dmesg. +# IRC client policy # -dmesg = base +irc = module -# Layer: admin -# Module: anaconda +# Layer: services +# Module: irqbalance # -# Policy for the Anaconda installer. +# IRQ balancing daemon # -anaconda = base +irqbalance = base -# Layer: admin -# Module: amanda +# Layer: system +# Module: iscsi # -# Automated backup program. +# Open-iSCSI daemon # -amanda = module +iscsi = module -# Layer: admin -# Module: logrotate +# Layer: services +# Module: i18n_input # -# Rotate and archive system logs +# IIIMF htt server # -logrotate = base +i18n_input = off -# Layer: admin -# Module: quota + +# Layer: services +# Module: jabber # -# File system quota management +# Jabber instant messaging server # -quota = base +jabber = module -# Layer: admin -# Module: consoletype +# Layer: apps +# Module: java # -# Determine of the console connected to the controlling terminal. +# java executable # -consoletype = base +java = module -# Layer: admin -# Module: sudo +# Layer: services +# Module: kerberos # -# Execute a command with a substitute user +# MIT Kerberos admin and KDC # -sudo = base +kerberos = module -# Layer: admin -# Module: firstboot +# Layer: kernel +# Module: kernel +# Required in base # -# Final system configuration run during the first boot -# after installation of Red Hat/Fedora systems. +# Policy for kernel threads, proc filesystem,and unlabeled processes and objects. # -firstboot = base +kernel = base -# Layer: admin -# Module: certwatch +# Layer: services +# Module: ktalk # -# Digital Certificate Tracking +# KDE Talk daemon # -certwatch = module +ktalk = module # Layer: admin -# Module: tmpreaper +# Module: kudzu # -# Manage temporary directory sizes and file ages +# Hardware detection and configuration tools # -tmpreaper = module +kudzu = base -# Layer: admin -# Module: dmidecode + +# Layer: services +# Module: ldap # -# Decode DMI data for x86/ia64 bioses. +# OpenLDAP directory server # -dmidecode = base +ldap = module -# Layer: apps -# Module: gpg +# Layer: system +# Module: libraries # -# Policy for GNU Privacy Guard and related programs. +# Policy for system libraries. # -gpg = module +libraries = base # Layer: apps # Module: loadkeys @@ -262,280 +672,305 @@ gpg = module # loadkeys = base +# Layer: system +# Module: locallogin +# +# Policy for local logins. +# +locallogin = base + # Layer: apps -# Module: webalizer +# Module: lockdev # -# Web server log analysis +# device locking policy for lockdev # -webalizer = module +lockdev = module -# Layer: kernel -# Module: bootloader +# Layer: system +# Module: logging # -# Policy for the kernel modules, kernel image, and bootloader. +# Policy for the kernel message logger and system logging daemon. # -bootloader = base +logging = base -# Layer: kernel -# Module: storage +# Layer: admin +# Module: logrotate # -# Policy controlling access to storage devices +# Rotate and archive system logs # -storage = base +logrotate = base # Layer: services -# Module: nis +# Module: logwatch # -# Policy for NIS (YP) servers and clients +# logwatch executable # -nis = module +logwatch = base # Layer: services -# Module: distcc +# Module: lpd # -# Distributed compiler daemon +# Line printer daemon # -distcc = off +lpd = module -# Layer: services -# Module: rshd +# Layer: system +# Module: lvm # -# Remote shell service. +# Policy for logical volume management programs. # -rshd = module +lvm = base # Layer: services -# Module: cpucontrol +# Module: mailman # -# Services for loading CPU microcode and CPU frequency scaling. +# Mailman is for managing electronic mail discussion and e-newsletter lists # -cpucontrol = base +mailman = module # Layer: services -# Module: vbetool +# Module: mailscanner # -# run real-mode video BIOS code to alter hardware state +# Anti-Virus and Anti-Spam Filter +# +mailscanner = module + +# Layer: kernel +# Module: mcs +# Required in base +# +# MultiCategory security policy # -vbetool = base +mcs = base -# Layer: services -# Module: bind +# Layer: system +# Module: miscfiles # -# Berkeley internet name domain DNS server. +# Miscelaneous files. # -bind = module +miscfiles = base -# Layer: services -# Module: canna +# Layer: kernel +# Module: mls +# Required in base # -# Canna - kana-kanji conversion server +# Multilevel security policy # -canna = module +mls = base -# Layer: services -# Module: uucp +# Layer: system +# Module: modutils # -# Unix to Unix Copy +# Policy for kernel module utilities # -uucp = module +modutils = base -# Layer: services -# Module: sasl +# Layer: apps +# Module: mono # -# SASL authentication server +# mono executable # -sasl = module +mono = module -# Layer: services -# Module: pegasus +# Layer: system +# Module: mount # -# The Open Group Pegasus CIM/WBEM Server. +# Policy for mount. # -pegasus = module +mount = base -# Layer: services -# Module: cron +# Layer: apps +# Module: mozilla # -# Periodic execution of scheduled commands. +# Policy for Mozilla and related web browsers # -cron = base +mozilla = module -# Layer: services -# Module: sendmail +# Layer: apps +# Module: nsplugin # -# Policy for sendmail. +# Policy for nspluginwrapper # -sendmail = base +nsplugin = module -# Layer: services -# Module: samba +# Layer: apps +# Module: mplayer # -# SMB and CIFS client/server programs for UNIX and -# name Service Switch daemon for resolving names -# from Windows NT servers. +# Policy for Mozilla and related web browsers # -samba = module +mplayer = module -# Layer: services -# Module: dbus +# Layer: apps +# Module: gpg # -# Desktop messaging bus +# Policy for Mozilla and related web browsers # -dbus = base +gpg = module -# Layer: services -# Module: howl +# Layer: admin +# Module: mrtg # -# Port of Apple Rendezvous multicast DNS +# Network traffic graphing # -howl = module +mrtg = module # Layer: services -# Module: postgresql +# Module: mta # -# PostgreSQL relational database +# Policy common to all email tranfer agents. # -postgresql = module +mta = base # Layer: services -# Module: snmp +# Module: mysql # -# Simple network management protocol services +# Policy for MySQL # -snmp = module +mysql = module # Layer: services -# Module: remotelogin +# Module: nagios # -# Policy for rshd, rlogind, and telnetd. +# policy for nagios Host/service/network monitoring program # -remotelogin = module +nagios = module -# Layer: services -# Module: telnet +# Layer: admin +# Module: netutils # -# Telnet daemon +# Network analysis utilities # -telnet = module +netutils = base # Layer: services -# Module: irqbalance +# Module: networkmanager # -# IRQ balancing daemon +# Manager for dynamically switching between networks. # -irqbalance = base +networkmanager = base # Layer: services -# Module: mailman +# Module: nis # -# Mailman is for managing electronic mail discussion and e-newsletter lists +# Policy for NIS (YP) servers and clients # -mailman = module +nis = module + # Layer: services -# Module: dbskk +# Module: nscd # -# Dictionary server for the SKK Japanese input method system. +# Name service cache daemon # -dbskk = module +nscd = base + # Layer: services -# Module: ldap +# Module: ntp # -# OpenLDAP directory server +# Network time protocol daemon # -ldap = module +ntp = module # Layer: services -# Module: tftp +# Module: nx # -# Trivial file transfer protocol daemon +# NX Remote Desktop # -tftp = module +nx = module + # Layer: services -# Module: portmap +# Module: oddjob # -# RPC port mapping service. +# policy for oddjob # -portmap = module +oddjob = module # Layer: services -# Module: arpwatch +# Module: openct # -# Ethernet activity monitor. +# Service for handling smart card readers. # -arpwatch = module +openct = off # Layer: services -# Module: dovecot +# Module: openvpn # -# Dovecot POP and IMAP mail server +# Policy for OPENVPN full-featured SSL VPN solution # -dovecot = module +openvpn = module -# Layer: services -# Module: cups + +# Layer: service +# Module: pcscd # -# Common UNIX printing system +# PC/SC Smart Card Daemon +# +pcscd = module + +# Layer: service +# Module: openct # -cups = module +# Middleware framework for smart card terminals +# +openct = module -# Layer: services -# Module: networkmanager +# Layer: system +# Module: pcmcia # -# Manager for dynamically switching between networks. +# PCMCIA card management services # -networkmanager = base +pcmcia = base # Layer: services -# Module: inn +# Module: pegasus # -# Internet News NNTP server +# The Open Group Pegasus CIM/WBEM Server. # -inn = module +pegasus = module # Layer: services -# Module: sysstat +# Module: postgresql # -# Policy for sysstat. Reports on various system states +# PostgreSQL relational database # -sysstat = module +postgresql = module # Layer: services -# Module: comsat +# Module: portmap # -# Comsat, a biff server. +# RPC port mapping service. # -comsat = module +portmap = module # Layer: services -# Module: squid +# Module: postfix # -# Squid caching http proxy server +# Postfix email server # -squid = module +postfix = module -# Layer: services -# Module: zebra +o# Layer: services +# Module: postgrey # -# Zebra border gateway protocol network routing service +# email scanner # -zebra = module +postgrey = module # Layer: services -# Module: xfs +# Module: ppp # -# X Windows Font Server +# Point to Point Protocol daemon creates links in ppp networks # -xfs = off +ppp = module -# Layer: services -# Module: ktalk +# Layer: admin +# Module: prelink # -# KDE Talk daemon +# Manage temporary directory sizes and file ages # -ktalk = module +prelink = base # Layer: services # Module: procmail @@ -545,109 +980,117 @@ ktalk = module procmail = module # Layer: services -# Module: lpd +# Module: privoxy # -# Line printer daemon +# Privacy enhancing web proxy. # -lpd = module +privoxy = module # Layer: services -# Module: cyrus +# Module: publicfile # -# Cyrus is an IMAP service intended to be run on sealed servers +# publicfile supplies files to the public through HTTP and FTP # -cyrus = module +publicfile = module # Layer: services -# Module: rdisc +# Module: pyzor # -# Network router discovery daemon +# Spam Blocker # -rdisc = module +pyzor = module + # Layer: services -# Module: xserver +# Module: qmail # -# X windows login display manager +# Policy for qmail # -xserver = base +qmail = module -# Layer: services -# Module: nscd +# Layer: admin +# Module: quota # -# Name service cache daemon +# File system quota management # -nscd = base +quota = base -# Layer: services -# Module: ppp +# Layer: system +# Module: raid # -# Point to Point Protocol daemon creates links in ppp networks +# RAID array management tools # -ppp = module +raid = base # Layer: services -# Module: ftp +# Module: radius # -# File transfer protocol service +# RADIUS authentication and accounting server. # -ftp = module +radius = module # Layer: services -# Module: gpm +# Module: radvd # -# General Purpose Mouse driver +# IPv6 router advertisement daemon # -gpm = module +radvd = module # Layer: services -# Module: mta +# Module: razor # -# Policy common to all email tranfer agents. +# A distributed, collaborative, spam detection and filtering network. # -mta = base +razor = module + +# Layer: admin +# Module: readahead +# +# Readahead, read files into page cache for improved performance +# +readahead = base # Layer: services -# Module: postfix +# Module: rhgb # -# Postfix email server +# X windows login display manager # -postfix = module +rhgb = module # Layer: services -# Module: fetchmail +# Module: rdisc # -# Remote-mail retrieval and forwarding utility +# Network router discovery daemon # -fetchmail = module +rdisc = module # Layer: services -# Module: ntp +# Module: remotelogin # -# Network time protocol daemon +# Policy for rshd, rlogind, and telnetd. # -ntp = module +remotelogin = module # Layer: services -# Module: bluetooth +# Module: ricci # -# Bluetooth tools and system services. +# policy for ricci # -bluetooth = module +ricci = module # Layer: services -# Module: hal +# Module: rlogin # -# Hardware abstraction layer +# Remote login daemon # -hal = base +rlogin = module # Layer: services -# Module: avahi +# Module: roundup # -# mDNS/DNS-SD daemon implementing Apple ZeroConf architecture +# Roundup Issue Tracking System policy # -avahi = module +roundup = module # Layer: services # Module: rpc @@ -656,12 +1099,20 @@ avahi = module # rpc = base +# Layer: admin +# Module: rpm +# +# Policy for the RPM package manager. +# +rpm = base + + # Layer: services -# Module: apache +# Module: rshd # -# Apache web server +# Remote shell service. # -apache = module +rshd = module # Layer: services # Module: rsync @@ -671,67 +1122,106 @@ apache = module rsync = module # Layer: services -# Module: automount +# Module: rwho # -# Filesystem automounter service. +# who is logged in on local machines # -automount = module +rwho = module # Layer: services -# Module: kerberos +# Module: sasl # -# MIT Kerberos admin and KDC +# SASL authentication server # -kerberos = module +sasl = module # Layer: services -# Module: dhcp +# Module: sendmail # -# Dynamic host configuration protocol (DHCP) server +# Policy for sendmail. # -dhcp = module +sendmail = base # Layer: services -# Module: ssh +# Module: samba # -# Secure shell client and server policy. +# SMB and CIFS client/server programs for UNIX and +# name Service Switch daemon for resolving names +# from Windows NT servers. # -ssh = base +samba = module -# Layer: services -# Module: inetd +# Layer: apps +# Module: sambagui # -# Internet services daemon. +# policy for system-config-samba # -inetd = base +sambagui = module + +# Layer: apps +# Module: screen +# +# GNU terminal multiplexer +# +screen = module + +# Layer: kernel +# Module: selinux +# Required in base +# +# Policy for kernel security interface, in particular, selinuxfs. +# +selinux = base + +# Layer: system +# Module: selinuxutil +# +# Policy for SELinux policy and userland applications. +# +selinuxutil = base + +# Layer: system +# Module: setrans +# Required in base +# +# Policy for setrans +# +setrans = base # Layer: services -# Module: mysql +# Module: setroubleshoot # -# Policy for MySQL +# Policy for the SELinux troubleshooting utility # -mysql = module +setroubleshoot = base # Layer: services -# Module: dictd +# Module: slrnpull # -# Dictionary daemon +# Service for downloading news feeds the slrn newsreader. # -dictd = module +slrnpull = off + +# Layer: apps +# Module: slocate +# +# Update database for mlocate +# +slocate = module # Layer: services -# Module: finger +# Module: smartmon # -# Finger user information service. +# Smart disk monitoring daemon policy # -finger = module +smartmon = module # Layer: services -# Module: radius +# Module: snmp # -# RADIUS authentication and accounting server. +# Simple network management protocol services # -radius = module +snmp = module # Layer: services # Module: spamassassin @@ -741,33 +1231,25 @@ radius = module spamassassin = module # Layer: services -# Module: radvd +# Module: squid # -# IPv6 router advertisement daemon +# Squid caching http proxy server # -radvd = module +squid = module # Layer: services -# Module: apm -# -# Advanced power management daemon -# -apm = base - -# Layer: system -# Module: application -# Required in base +# Module: ssh # -# Defines attributs and interfaces for all user applications +# Secure shell client and server policy. # -application = base +ssh = base -# Layer: services -# Module: tcpd +# Layer: kernel +# Module: storage # -# Policy for TCP daemon. +# Policy controlling access to storage devices # -tcpd = module +storage = base # Layer: services # Module: stunnel @@ -776,261 +1258,280 @@ tcpd = module # stunnel = module -# Layer: services -# Module: privoxy -# -# Privacy enhancing web proxy. -# -privoxy = module - -# Layer: services -# Module: cvs +# Layer: admin +# Module: su # -# Concurrent versions system +# Run shells with substitute user and group # -cvs = module +su = base -# Layer: services -# Module: rlogin +# Layer: admin +# Module: sudo # -# Remote login daemon +# Execute a command with a substitute user # -rlogin = module +sudo = base # Layer: system -# Module: application -# Required in base +# Module: sysnetwork # -# Defines attributs and interfaces for all user applications +# Policy for network configuration: ifconfig and dhcp client. # -application = base +sysnetwork = base -# Layer: system -# Module: fstools + +# Layer: services +# Module: sysstat # -# Tools for filesystem management, such as mkfs and fsck. +# Policy for sysstat. Reports on various system states # -fstools = base +sysstat = module -# Layer: system -# Module: logging +# Layer: services +# Module: tcpd # -# Policy for the kernel message logger and system logging daemon. +# Policy for TCP daemon. # -logging = base +tcpd = module # Layer: system -# Module: hostname +# Module: udev # -# Policy for changing the system host name. +# Policy for udev. # -hostname = base +udev = base # Layer: system -# Module: getty +# Module: userdomain # -# Policy for getty. +# Policy for user domains # -getty = base +userdomain = base -# Layer: system -# Module: lvm +# Layer: services +# Module: ulogd # -# Policy for logical volume management programs. # -lvm = base +# +ulogd = module -# Layer: system -# Module: sysnetwork +# Layer: apps +# Module: wine # -# Policy for network configuration: ifconfig and dhcp client. +# wine executable # -sysnetwork = base +wine = module -# Layer: system -# Module: init +# Layer: apps +# Module: wm # -# System initialization programs (init and init scripts). +# X windows window manager # -init = base +wm = module -# Layer: system -# Module: selinuxutil +# Layer: admin +# Module: tzdata # -# Policy for SELinux policy and userland applications. +# Policy for tzdata-update # -selinuxutil = base +tzdata = base -# Layer: system -# Module: udev +# Layer: apps +# Module: userhelper # -# Policy for udev. +# A helper interface to pam. # -udev = base +userhelper = module -# Layer: system -# Module: pcmcia +# Layer: services +# Module: tor # -# PCMCIA card management services +# TOR, the onion router # -pcmcia = base +tor = module -# Layer: system -# Module: authlogin +# Layer: apps +# Module: tvtime # -# Common policy for authentication and user login. +# tvtime - a high quality television application # -authlogin = base +tvtime = module -# Layer: system -# Module: libraries +# Layer: apps +# Module: uml # -# Policy for system libraries. +# Policy for UML # -libraries = base +uml = module -# Layer: system -# Module: raid +# Layer: admin +# Module: usbmodules # -# RAID array management tools +# List kernel modules of USB devices # -raid = base +usbmodules = module -# Layer: system -# Module: userdomain +# Layer: apps +# Module: usernetctl # -# Policy for user domains +# User network interface configuration helper # -userdomain = base +usernetctl = module # Layer: system -# Module: modutils +# Module: xen # -# Policy for kernel module utilities +# virtualization software # -modutils = base +xen = module -# Layer: system -# Module: hotplug +# Layer: services +# Module: virt # -# Policy for hotplug system, for supporting the -# connection and disconnection of devices at runtime. +# Virtualization libraries # -hotplug = base +virt = module -# Layer: system -# Module: clock +# Layer: apps +# Module: qemu # -# Policy for reading and setting the hardware clock. +# Virtualization emulator # -clock = base +qemu = module # Layer: system -# Module: locallogin +# Module: brctl # -# Policy for local logins. +# Utilities for configuring the linux ethernet bridge # -locallogin = base +brctl = base -# Layer: system -# Module: iptables +# Layer: services +# Module: telnet # -# Policy for iptables. +# Telnet daemon # -iptables = base +telnet = module -# Layer: system -# Module: mount +# Layer: services +# Module: timidity # -# Policy for mount. +# MIDI to WAV converter and player configured as a service # -mount = base +timidity = off -# Layer: system -# Module: unconfined +# Layer: services +# Module: tftp # -# The unconfined domain. +# Trivial file transfer protocol daemon # -unconfined = off +tftp = module -# Layer: system -# Module: miscfiles +# Layer: services +# Module: uucp # -# Miscelaneous files. +# Unix to Unix Copy # -miscfiles = base +uucp = module -# Layer: system -# Module: ipsec +# Layer: services +# Module: vbetool # -# TCP/IP encryption +# run real-mode video BIOS code to alter hardware state # -ipsec = module +vbetool = base # Layer: apps -# Module: java +# Module: webalizer # -# java executable +# Web server log analysis # -java = module +webalizer = module # Layer: services -# Module: prelink +# Module: xfs # -# prelink executable +# X Windows Font Server # -prelink = base +xfs = module -# Layer: apps -# Module: slocate +# Layer: services +# Module: xserver # -# locate executable +# X windows login display manager # -slocate = module +xserver = base # Layer: services -# Module: logwatch +# Module: zebra # -# logwatch executable +# Zebra border gateway protocol network routing service # -logwatch = base +zebra = module -# Layer: system -# Module: setrans -# Required in base +# Layer: admin +# Module: usermanage # -# Policy for setrans +# Policy for managing user accounts. # -setrans = base +usermanage = base -# Layer: services -# Module: setroubleshoot +# Layer: admin +# Module: updfstab # -# Policy for the SELinux troubleshooting utility +# Red Hat utility to change /etc/fstab. # -setroubleshoot = base +updfstab = base -# Layer: services -# Module: openvpn +# Layer: admin +# Module: vpn # -# Policy for OPENVPN full-featured SSL VPN solution +# Virtual Private Networking client # -openvpn = module +vpn = module -# Layer: services -# Module: smartmon +# Layer: admin +# Module: vbetool # -# Smart disk monitoring daemon policy +# run real-mode video BIOS code to alter hardware state # -smartmon = module +vbetool = base -# Layer: system -# Module: netlabel +# Layer: kernel +# Module: terminal # Required in base # -# Basic netlabel types and interfaces. +# Policy for terminals. # -netlabel = module +terminal = base + +# Layer: admin +# Module: tmpreaper +# +# Manage temporary directory sizes and file ages +# +tmpreaper = module + +# Layer: admin +# Module: amtu +# +# Abstract Machine Test Utility (AMTU) +# +amtu = module + +# Layer: services +# Module: zabbix +# +# Open-source monitoring solution for your IT infrastructure +# +zabbix = module + +# Layer: services +# Module: apcupsd +# +# daemon for most APC’s UPS for Linux +# +apcupsd = module # Layer: services # Module: aide @@ -1039,61 +1540,91 @@ netlabel = module # aide = module -# Layer: service -# Module: pcscd +# Layer: services +# Module: w3c # -# PC/SC Smart Card Daemon +# w3c +# +w3c = module + +# Layer: services +# Module: portreserve # -pcscd = module +# reserve ports to prevent portmap mapping them +# +portreserve = module -# Layer: service -# Module: openct +# Layer: services +# Module: rpcbind +# +# universal addresses to RPC program number mapper # -# Middleware framework for smart card terminals +rpcbind = module + +# Layer: apps +# Module: vmware # -openct = module +# VMWare Workstation virtual machines +# +vmware = module -# Layer: system -# Module: tzdata +# Layer: role +# Module: logadm # -# Policy for tzdata-update +# Minimally prived root role for managing logging system # -tzdata = base +logadm = module -# Layer: admin -# Module: amtu +# Layer: role +# Module: webadm # -# Abstract Machine Test Utility (AMTU) +# Minimally prived root role for managing apache # -amtu = module +webadm = module +# # Layer: services -# Module: prelude +# Module: exim # +# exim mail server # +exim = module + + +# Layer: services +# Module: kismet +# +# Wireless sniffing and monitoring # -prelude = module +kismet = module -# Layer: role -# Module: secadm +# Layer: services +# Module: munin # -# Root role used to manage selinux +# Munin # -secadm = module +munin = module -# Layer: role -# Module: auditadm +# Layer: services +# Module: bitlbee +# +# An IRC to other chat networks gateway +# +bitlbee = module + +# Layer: services +# Module: soundserver # -# Root role used to manage audit system +# sound server for network audio server programs, nasd, yiff, etc</summary> # -auditadm = module +soundserver = module # Layer:role # Module: staff # # admin account # -staff = base +staff = module # Layer:role # Module: sysadm @@ -1105,9 +1636,40 @@ sysadm = base # Layer: role # Module: unprivuser # -# user account +# Minimally privs guest account on tty logins +# +unprivuser = module + +# Layer: services +# Module: prelude +# +prelude = module + +# Layer: services +# Module: pads +# +pads = module + +# Layer: services +# Module: kerneloops +# +# program to collect and submit kernel oopses to kerneloops.org +# +kerneloops = module + +# Layer: apps +# Module: openoffice +# +# openoffice executable # -unprivuser = base +openoffice = module + +# Layer: apps +# Module: podsleuth +# +# Podsleuth probes, identifies, and exposes properties and metadata bound to iPods. +# +podsleuth = module # Layer: role # Module: guest @@ -1130,41 +1692,33 @@ xguest = module # courier = module -# Layer: services -# Module: rpcbind -# -# universal addresses to RPC program number mapper -# -rpcbind = module - - # Layer: apps -# Module: wm +# Module: livecd # -# X windows window manager +# livecd creator # -#wm = module +livecd = module # Layer: services -# Module: virt +# Module: snort # -# Virtualization libraries +# Snort network intrusion detection system # -virt = module +snort = module -# Layer: apps -# Module: qemu +# Layer: services +# Module: memcached # -# Virtualization emulator +# high-performance memory object caching system # -qemu = module +memcached = module # Layer: system -# Module: brctl +# Module: netlabel # -# Utilities for configuring the linux ethernet bridge +# Basic netlabel types and interfaces. # -brctl = base +netlabel = module # Layer: services # Module: zosremote @@ -1173,9 +1727,21 @@ brctl = base # zosremote = module -# Layer: kernel -# Module: ubac +# Layer: services +# Module: pki +# +# +pki = module + +# Layer: services +# Module: pingd +# +# +pingd = module + +# Layer: services +# Module: milter # # # -ubac = base +milter = module