diff --git a/policy/modules/services/gnomeclock.if b/policy/modules/services/gnomeclock.if
index da0e844..17d25ba 100644
--- a/policy/modules/services/gnomeclock.if
+++ b/policy/modules/services/gnomeclock.if
@@ -5,9 +5,9 @@
## Execute a domain transition to run gnomeclock.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`gnomeclock_domtrans',`
diff --git a/policy/modules/services/hal.if b/policy/modules/services/hal.if
index 8277269..2b55c85 100644
--- a/policy/modules/services/hal.if
+++ b/policy/modules/services/hal.if
@@ -70,7 +70,7 @@ interface(`hal_use_fds',`
type hald_t;
')
- allow $1 hald_t:fd use;
+ allow $1 hald_t:fd use;
')
########################################
@@ -88,7 +88,7 @@ interface(`hal_dontaudit_use_fds',`
type hald_t;
')
- dontaudit $1 hald_t:fd use;
+ dontaudit $1 hald_t:fd use;
')
########################################
@@ -107,7 +107,7 @@ interface(`hal_rw_pipes',`
type hald_t;
')
- allow $1 hald_t:fifo_file rw_fifo_file_perms;
+ allow $1 hald_t:fifo_file rw_fifo_file_perms;
')
########################################
@@ -126,7 +126,7 @@ interface(`hal_dontaudit_rw_pipes',`
type hald_t;
')
- dontaudit $1 hald_t:fifo_file rw_fifo_file_perms;
+ dontaudit $1 hald_t:fifo_file rw_fifo_file_perms;
')
########################################
@@ -360,7 +360,7 @@ interface(`hal_read_pid_files',`
########################################
##
-## Do not audit attempts to read
+## Do not audit attempts to read
## hald PID files.
##
##
@@ -451,9 +451,9 @@ interface(`hal_dontaudit_leaks',`
type hald_var_run_t;
')
- dontaudit $1 hald_t:fd use;
+ dontaudit $1 hald_t:fd use;
dontaudit $1 hald_log_t:file rw_inherited_file_perms;
- dontaudit $1 hald_t:fifo_file rw_inherited_fifo_file_perms;
+ dontaudit $1 hald_t:fifo_file rw_inherited_fifo_file_perms;
dontaudit hald_t $1:socket_class_set { read write };
dontaudit $1 hald_var_run_t:file read_inherited_file_perms;
')
diff --git a/policy/modules/services/icecast.if b/policy/modules/services/icecast.if
index 3aa86f3..40affd8 100644
--- a/policy/modules/services/icecast.if
+++ b/policy/modules/services/icecast.if
@@ -5,9 +5,9 @@
## Execute a domain transition to run icecast.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`icecast_domtrans',`
@@ -118,9 +118,9 @@ interface(`icecast_read_log',`
## icecast log files.
##
##
-##
+##
## Domain allowed access.
-##
+##
##
#
interface(`icecast_append_log',`
@@ -183,7 +183,5 @@ interface(`icecast_admin',`
allow $2 system_r;
icecast_manage_pid_files($1)
-
icecast_manage_log($1)
-
')
diff --git a/policy/modules/services/ifplugd.if b/policy/modules/services/ifplugd.if
index dfb4232..684bb0a 100644
--- a/policy/modules/services/ifplugd.if
+++ b/policy/modules/services/ifplugd.if
@@ -5,9 +5,9 @@
## Execute a domain transition to run ifplugd.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`ifplugd_domtrans',`
diff --git a/policy/modules/services/inetd.if b/policy/modules/services/inetd.if
index df48e5e..6985546 100644
--- a/policy/modules/services/inetd.if
+++ b/policy/modules/services/inetd.if
@@ -55,7 +55,6 @@ interface(`inetd_core_service_domain',`
##
#
interface(`inetd_tcp_service_domain',`
-
gen_require(`
type inetd_t;
')
diff --git a/policy/modules/services/jabber.if b/policy/modules/services/jabber.if
index f17e629..cde3591 100644
--- a/policy/modules/services/jabber.if
+++ b/policy/modules/services/jabber.if
@@ -2,95 +2,95 @@
#######################################
##
-## Execute a domain transition to run jabberd services
+## Execute a domain transition to run jabberd services
##
##
-##
-## Domain allowed to transition.
-##
+##
+## Domain allowed to transition.
+##
##
#
interface(`jabber_domtrans_jabberd',`
- gen_require(`
- type jabberd_t, jabberd_exec_t;
- ')
+ gen_require(`
+ type jabberd_t, jabberd_exec_t;
+ ')
- domtrans_pattern($1, jabberd_exec_t, jabberd_t)
+ domtrans_pattern($1, jabberd_exec_t, jabberd_t)
')
######################################
##
-## Execute a domain transition to run jabberd router service
+## Execute a domain transition to run jabberd router service
##
##
-##
-## Domain allowed to transition.
-##
+##
+## Domain allowed to transition.
+##
##
#
interface(`jabber_domtrans_jabberd_router',`
- gen_require(`
- type jabberd_router_t, jabberd_router_exec_t;
- ')
+ gen_require(`
+ type jabberd_router_t, jabberd_router_exec_t;
+ ')
- domtrans_pattern($1, jabberd_router_exec_t, jabberd_router_t)
+ domtrans_pattern($1, jabberd_router_exec_t, jabberd_router_t)
')
#######################################
##
-## Read jabberd lib files.
+## Read jabberd lib files.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`jabberd_read_lib_files',`
- gen_require(`
- type jabberd_var_lib_t;
- ')
+ gen_require(`
+ type jabberd_var_lib_t;
+ ')
- files_search_var_lib($1)
- read_files_pattern($1, jabberd_var_lib_t, jabberd_var_lib_t)
+ files_search_var_lib($1)
+ read_files_pattern($1, jabberd_var_lib_t, jabberd_var_lib_t)
')
#######################################
##
-## Dontaudit inherited read jabberd lib files.
+## Dontaudit inherited read jabberd lib files.
##
##
-##
-## Domain to not audit.
-##
+##
+## Domain to not audit.
+##
##
#
interface(`jabberd_dontaudit_read_lib_files',`
- gen_require(`
- type jabberd_var_lib_t;
- ')
+ gen_require(`
+ type jabberd_var_lib_t;
+ ')
- dontaudit $1 jabberd_var_lib_t:file read_inherited_file_perms;
+ dontaudit $1 jabberd_var_lib_t:file read_inherited_file_perms;
')
#######################################
##
-## Create, read, write, and delete
-## jabberd lib files.
+## Create, read, write, and delete
+## jabberd lib files.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`jabberd_manage_lib_files',`
- gen_require(`
- type jabberd_var_lib_t;
- ')
+ gen_require(`
+ type jabberd_var_lib_t;
+ ')
- files_search_var_lib($1)
- manage_files_pattern($1, jabberd_var_lib_t, jabberd_var_lib_t)
+ files_search_var_lib($1)
+ manage_files_pattern($1, jabberd_var_lib_t, jabberd_var_lib_t)
')
########################################
@@ -121,7 +121,7 @@ interface(`jabber_admin',`
ps_process_pattern($1, jabberd_t)
allow $1 jabberd_router_t:process { ptrace signal_perms };
- ps_process_pattern($1, jabberd_router_t)
+ ps_process_pattern($1, jabberd_router_t)
init_labeled_script_domtrans($1, jabberd_initrc_exec_t)
domain_system_change_exemption($1)
diff --git a/policy/modules/services/kerberos.if b/policy/modules/services/kerberos.if
index 604f67b..541cc80 100644
--- a/policy/modules/services/kerberos.if
+++ b/policy/modules/services/kerberos.if
@@ -26,9 +26,9 @@
## Execute kadmind in the current domain
##
##
-##
+##
## Domain allowed access.
-##
+##
##
#
interface(`kerberos_exec_kadmind',`
@@ -44,9 +44,9 @@ interface(`kerberos_exec_kadmind',`
## Execute a domain transition to run kpropd.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`kerberos_domtrans_kpropd',`
@@ -235,7 +235,7 @@ template(`kerberos_keytab_template',`
type $1_keytab_t;
files_type($1_keytab_t)
- allow $2 $1_keytab_t:file read_file_perms;
+ allow $2 $1_keytab_t:file read_file_perms;
kerberos_read_keytab($2)
kerberos_use($2)
diff --git a/policy/modules/services/kerneloops.if b/policy/modules/services/kerneloops.if
index 835b16b..767833d 100644
--- a/policy/modules/services/kerneloops.if
+++ b/policy/modules/services/kerneloops.if
@@ -5,9 +5,9 @@
## Execute a domain transition to run kerneloops.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`kerneloops_domtrans',`
diff --git a/policy/modules/services/ksmtuned.if b/policy/modules/services/ksmtuned.if
index d17f349..40a9405 100644
--- a/policy/modules/services/ksmtuned.if
+++ b/policy/modules/services/ksmtuned.if
@@ -5,9 +5,9 @@
## Execute a domain transition to run ksmtuned.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`ksmtuned_domtrans',`
@@ -70,5 +70,4 @@ interface(`ksmtuned_admin',`
domain_system_change_exemption($1)
role_transition $2 ksmtuned_initrc_exec_t system_r;
allow $2 system_r;
-
')
diff --git a/policy/modules/services/ldap.if b/policy/modules/services/ldap.if
index d15f94d..eabd77a 100644
--- a/policy/modules/services/ldap.if
+++ b/policy/modules/services/ldap.if
@@ -2,42 +2,40 @@
#######################################
##
-## Execute OpenLDAP in the ldap domain.
+## Execute OpenLDAP in the ldap domain.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`ldap_domtrans',`
- gen_require(`
- type slapd_t, slapd_exec_t;
- ')
-
- domtrans_pattern($1, slapd_exec_t, slapd_t)
+ gen_require(`
+ type slapd_t, slapd_exec_t;
+ ')
+ domtrans_pattern($1, slapd_exec_t, slapd_t)
')
#######################################
##
-## Execute OpenLDAP server in the ldap domain.
+## Execute OpenLDAP server in the ldap domain.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`ldap_initrc_domtrans',`
- gen_require(`
- type slapd_initrc_exec_t;
- ')
+ gen_require(`
+ type slapd_initrc_exec_t;
+ ')
- init_labeled_script_domtrans($1, slapd_initrc_exec_t)
+ init_labeled_script_domtrans($1, slapd_initrc_exec_t)
')
-
########################################
##
## Read the contents of the OpenLDAP
diff --git a/policy/modules/services/lircd.if b/policy/modules/services/lircd.if
index 418cc81..c0513fa 100644
--- a/policy/modules/services/lircd.if
+++ b/policy/modules/services/lircd.if
@@ -5,9 +5,9 @@
## Execute a domain transition to run lircd.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`lircd_domtrans',`
@@ -16,7 +16,6 @@ interface(`lircd_domtrans',`
')
domain_auto_trans($1, lircd_exec_t, lircd_t)
-
')
######################################
@@ -44,9 +43,9 @@ interface(`lircd_stream_connect',`
## Read lircd etc file
##
##
-##
+##
## Domain allowed access.
-##
+##
##
#
interface(`lircd_read_config',`
diff --git a/policy/modules/services/mailman.if b/policy/modules/services/mailman.if
index 19bcae2..84b7626 100644
--- a/policy/modules/services/mailman.if
+++ b/policy/modules/services/mailman.if
@@ -16,7 +16,7 @@
##
##
#
-template(`mailman_domain_template', `
+template(`mailman_domain_template',`
type mailman_$1_t;
domain_type(mailman_$1_t)
role system_r types mailman_$1_t;
diff --git a/policy/modules/services/memcached.if b/policy/modules/services/memcached.if
index ee60e59..513a070 100644
--- a/policy/modules/services/memcached.if
+++ b/policy/modules/services/memcached.if
@@ -5,9 +5,9 @@
## Execute a domain transition to run memcached.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`memcached_domtrans',`
diff --git a/policy/modules/services/milter.if b/policy/modules/services/milter.if
index 267cd44..e10894b 100644
--- a/policy/modules/services/milter.if
+++ b/policy/modules/services/milter.if
@@ -121,19 +121,19 @@ interface(`milter_manage_spamass_state',`
#######################################
##
-## Delete dkim-milter PID files.
+## Delete dkim-milter PID files.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`milter_delete_dkim_pid_files',`
- gen_require(`
- type dkim_milter_data_t;
- ')
+ gen_require(`
+ type dkim_milter_data_t;
+ ')
- files_search_pids($1)
- delete_files_pattern($1, dkim_milter_data_t, dkim_milter_data_t)
+ files_search_pids($1)
+ delete_files_pattern($1, dkim_milter_data_t, dkim_milter_data_t)
')
diff --git a/policy/modules/services/mock.if b/policy/modules/services/mock.if
index 4ed75f1..4b0002a 100644
--- a/policy/modules/services/mock.if
+++ b/policy/modules/services/mock.if
@@ -1,4 +1,3 @@
-
## policy for mock
########################################
@@ -6,9 +5,9 @@
## Execute a domain transition to run mock.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`mock_domtrans',`
@@ -19,7 +18,6 @@ interface(`mock_domtrans',`
domtrans_pattern($1, mock_exec_t, mock_t)
')
-
########################################
##
## Search mock lib directories.
@@ -55,7 +53,7 @@ interface(`mock_read_lib_files',`
')
files_search_var_lib($1)
- read_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
+ read_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
')
########################################
@@ -75,7 +73,7 @@ interface(`mock_manage_lib_files',`
')
files_search_var_lib($1)
- manage_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
+ manage_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
')
########################################
@@ -94,7 +92,7 @@ interface(`mock_manage_lib_dirs',`
')
files_search_var_lib($1)
- manage_dirs_pattern($1, mock_var_lib_t, mock_var_lib_t)
+ manage_dirs_pattern($1, mock_var_lib_t, mock_var_lib_t)
')
#########################################
@@ -113,7 +111,7 @@ interface(`mock_manage_lib_symlinks',`
')
files_search_var_lib($1)
- manage_lnk_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
+ manage_lnk_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
')
########################################
@@ -132,7 +130,7 @@ interface(`mock_manage_lib_chr_files',`
')
files_search_var_lib($1)
- manage_chr_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
+ manage_chr_files_pattern($1, mock_var_lib_t, mock_var_lib_t)
')
########################################
@@ -177,7 +175,7 @@ interface(`mock_run',`
#
interface(`mock_role',`
gen_require(`
- type mock_t;
+ type mock_t;
')
role $1 types mock_t;
@@ -226,7 +224,7 @@ interface(`mock_signal',`
interface(`mock_admin',`
gen_require(`
type mock_t;
- type mock_var_lib_t;
+ type mock_var_lib_t;
')
allow $1 mock_t:process { ptrace signal_perms };
@@ -234,5 +232,4 @@ interface(`mock_admin',`
files_search_var_lib($1)
admin_pattern($1, mock_var_lib_t)
-
')
diff --git a/policy/modules/services/modemmanager.if b/policy/modules/services/modemmanager.if
index 3368699..7a7fc02 100644
--- a/policy/modules/services/modemmanager.if
+++ b/policy/modules/services/modemmanager.if
@@ -5,9 +5,9 @@
## Execute a domain transition to run modemmanager.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`modemmanager_domtrans',`
diff --git a/policy/modules/services/mpd.if b/policy/modules/services/mpd.if
index 5599d14..65c79bc 100644
--- a/policy/modules/services/mpd.if
+++ b/policy/modules/services/mpd.if
@@ -1,4 +1,3 @@
-
## policy for daemon for playing music
########################################
@@ -6,9 +5,9 @@
## Execute a domain transition to run mpd.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`mpd_domtrans',`
@@ -19,7 +18,6 @@ interface(`mpd_domtrans',`
domtrans_pattern($1, mpd_exec_t, mpd_t)
')
-
########################################
##
## Execute mpd server in the mpd domain.
@@ -40,79 +38,79 @@ interface(`mpd_initrc_domtrans',`
#######################################
##
-## Read mpd data files.
+## Read mpd data files.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`mpd_read_data_files',`
- gen_require(`
- type mpd_data_t;
- ')
+ gen_require(`
+ type mpd_data_t;
+ ')
mpd_search_lib($1)
- read_files_pattern($1, mpd_data_t, mpd_data_t)
+ read_files_pattern($1, mpd_data_t, mpd_data_t)
')
#######################################
##
-## Read mpd tmpfs files.
+## Read mpd tmpfs files.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`mpd_read_tmpfs_files',`
- gen_require(`
- type mpd_tmpfs_t;
- ')
+ gen_require(`
+ type mpd_tmpfs_t;
+ ')
fs_search_tmpfs($1)
- read_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t)
+ read_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t)
')
###################################
##
-## Manage mpd tmpfs files.
+## Manage mpd tmpfs files.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`mpd_manage_tmpfs_files',`
- gen_require(`
- type mpd_tmpfs_t;
- ')
+ gen_require(`
+ type mpd_tmpfs_t;
+ ')
fs_search_tmpfs($1)
- manage_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t)
- manage_lnk_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t)
+ manage_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t)
+ manage_lnk_files_pattern($1, mpd_tmpfs_t, mpd_tmpfs_t)
')
######################################
##
-## Manage mpd data files.
+## Manage mpd data files.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`mpd_manage_data_files',`
- gen_require(`
- type mpd_data_t;
- ')
+ gen_require(`
+ type mpd_data_t;
+ ')
- mpd_search_lib($1)
- manage_files_pattern($1, mpd_data_t, mpd_data_t)
+ mpd_search_lib($1)
+ manage_files_pattern($1, mpd_data_t, mpd_data_t)
')
########################################
@@ -150,7 +148,7 @@ interface(`mpd_read_lib_files',`
')
files_search_var_lib($1)
- read_files_pattern($1, mpd_var_lib_t, mpd_var_lib_t)
+ read_files_pattern($1, mpd_var_lib_t, mpd_var_lib_t)
')
########################################
@@ -170,36 +168,36 @@ interface(`mpd_manage_lib_files',`
')
files_search_var_lib($1)
- manage_files_pattern($1, mpd_var_lib_t, mpd_var_lib_t)
+ manage_files_pattern($1, mpd_var_lib_t, mpd_var_lib_t)
')
#######################################
##
-## Create an object in the root directory, with a private
-## type using a type transition.
+## Create an object in the root directory, with a private
+## type using a type transition.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
##
-##
-## The type of the object to be created.
-##
+##
+## The type of the object to be created.
+##
##
##
-##
-## The object class of the object being created.
-##
+##
+## The object class of the object being created.
+##
##
#
interface(`mpd_var_lib_filetrans',`
- gen_require(`
- type mpd_var_lib_t;
- ')
+ gen_require(`
+ type mpd_var_lib_t;
+ ')
- filetrans_pattern($1, mpd_var_lib_t, $2, $3)
+ filetrans_pattern($1, mpd_var_lib_t, $2, $3)
')
########################################
@@ -218,7 +216,7 @@ interface(`mpd_manage_lib_dirs',`
')
files_search_var_lib($1)
- manage_dirs_pattern($1, mpd_var_lib_t, mpd_var_lib_t)
+ manage_dirs_pattern($1, mpd_var_lib_t, mpd_var_lib_t)
')
########################################
@@ -245,7 +243,7 @@ interface(`mpd_admin',`
type mpd_etc_t;
type mpd_data_t;
type mpd_log_t;
- type mpd_var_lib_t;
+ type mpd_var_lib_t;
type mpd_tmpfs_t;
')
@@ -258,11 +256,11 @@ interface(`mpd_admin',`
allow $2 system_r;
admin_pattern($1, mpd_etc_t)
- files_search_etc($1)
+ files_search_etc($1)
files_search_var_lib($1)
admin_pattern($1, mpd_var_lib_t)
-
+
mpd_search_lib($1)
admin_pattern($1, mpd_data_t)
diff --git a/policy/modules/services/mta.if b/policy/modules/services/mta.if
index a9ebda2..97c492e 100644
--- a/policy/modules/services/mta.if
+++ b/policy/modules/services/mta.if
@@ -39,7 +39,6 @@ interface(`mta_stub',`
##
#
template(`mta_base_mail_template',`
-
gen_require(`
attribute user_mail_domain;
type sendmail_exec_t;
@@ -225,18 +224,18 @@ interface(`mta_agent_executable',`
## Dontaudit read and write an leaked file descriptors
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`mta_dontaudit_leaks_system_mail',`
- gen_require(`
- type system_mail_t;
- ')
+ gen_require(`
+ type system_mail_t;
+ ')
- dontaudit $1 system_mail_t:fifo_file write;
- dontaudit $1 system_mail_t:tcp_socket { read write };
+ dontaudit $1 system_mail_t:fifo_file write;
+ dontaudit $1 system_mail_t:tcp_socket { read write };
')
########################################
@@ -376,7 +375,7 @@ interface(`mta_send_mail',`
allow mta_user_agent $1:process sigchld;
allow mta_user_agent $1:fifo_file rw_fifo_file_perms;
- ifdef(`hide_broken_symptoms', `
+ ifdef(`hide_broken_symptoms',`
dontaudit system_mail_t $1:socket_class_set { read write };
')
')
@@ -962,20 +961,20 @@ interface(`mta_filetrans_aliases',`
######################################
##
-## ALlow domain to read mail content in the homedir
+## ALlow domain to read mail content in the homedir
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`mta_read_home',`
- gen_require(`
- type mail_home_t;
- ')
+ gen_require(`
+ type mail_home_t;
+ ')
- userdom_search_user_home_dirs($1)
- userdom_search_admin_dir($1)
- read_files_pattern($1, mail_home_t, mail_home_t)
+ userdom_search_user_home_dirs($1)
+ userdom_search_admin_dir($1)
+ read_files_pattern($1, mail_home_t, mail_home_t)
')
diff --git a/policy/modules/services/munin.if b/policy/modules/services/munin.if
index dda8ca9..297e392 100644
--- a/policy/modules/services/munin.if
+++ b/policy/modules/services/munin.if
@@ -37,8 +37,7 @@ template(`munin_plugin_template',`
# automatic transition rules from munin domain
# to specific munin plugin domain
domtrans_pattern(munin_t, $1_munin_plugin_exec_t, $1_munin_plugin_t)
- allow munin_t $1_munin_plugin_t:process signal;
-
+ allow munin_t $1_munin_plugin_t:process signal;
')
########################################
@@ -85,20 +84,20 @@ interface(`munin_read_config',`
######################################
##
-## dontaudit read and write an leaked file descriptors
+## dontaudit read and write an leaked file descriptors
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`munin_dontaudit_leaks',`
- gen_require(`
- type munin_t;
- ')
+ gen_require(`
+ type munin_t;
+ ')
- dontaudit $1 munin_t:tcp_socket { read write };
+ dontaudit $1 munin_t:tcp_socket { read write };
')
#######################################
diff --git a/policy/modules/services/nagios.if b/policy/modules/services/nagios.if
index e3c8272..fcb28e9 100644
--- a/policy/modules/services/nagios.if
+++ b/policy/modules/services/nagios.if
@@ -12,7 +12,6 @@
##
#
template(`nagios_plugin_template',`
-
gen_require(`
type nagios_t, nrpe_t;
type nagios_log_t;
diff --git a/policy/modules/services/networkmanager.if b/policy/modules/services/networkmanager.if
index 1a1bfe4..0390b46 100644
--- a/policy/modules/services/networkmanager.if
+++ b/policy/modules/services/networkmanager.if
@@ -43,9 +43,9 @@ interface(`networkmanager_rw_packet_sockets',`
## Allow caller to relabel tun_socket
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`networkmanager_attach_tun_iface',`
diff --git a/policy/modules/services/nslcd.if b/policy/modules/services/nslcd.if
index b94add1..2a55401 100644
--- a/policy/modules/services/nslcd.if
+++ b/policy/modules/services/nslcd.if
@@ -5,9 +5,9 @@
## Execute a domain transition to run nslcd.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`nslcd_domtrans',`
diff --git a/policy/modules/services/oddjob.if b/policy/modules/services/oddjob.if
index ca33ae3..c6e34b2 100644
--- a/policy/modules/services/oddjob.if
+++ b/policy/modules/services/oddjob.if
@@ -9,9 +9,9 @@
## Execute a domain transition to run oddjob.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`oddjob_domtrans',`
@@ -24,21 +24,21 @@ interface(`oddjob_domtrans',`
#####################################
##
-## Do not audit attempts to read and write
-## oddjob fifo file.
+## Do not audit attempts to read and write
+## oddjob fifo file.
##
##
-##
-## Domain to not audit.
-##
+##
+## Domain to not audit.
+##
##
#
interface(`oddjob_dontaudit_rw_fifo_file',`
- gen_require(`
- type shutdown_t;
- ')
+ gen_require(`
+ type shutdown_t;
+ ')
- dontaudit $1 oddjob_t:fifo_file rw_inherited_fifo_file_perms;
+ dontaudit $1 oddjob_t:fifo_file rw_inherited_fifo_file_perms;
')
########################################
@@ -89,20 +89,20 @@ interface(`oddjob_dbus_chat',`
######################################
##
-## Send a SIGCHLD signal to oddjob.
+## Send a SIGCHLD signal to oddjob.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`oddjob_sigchld',`
- gen_require(`
- type oddjob_t;
- ')
+ gen_require(`
+ type oddjob_t;
+ ')
- allow $1 oddjob_t:process sigchld;
+ allow $1 oddjob_t:process sigchld;
')
########################################
diff --git a/policy/modules/services/oident.if b/policy/modules/services/oident.if
index bb4fae5..a3a9a76 100644
--- a/policy/modules/services/oident.if
+++ b/policy/modules/services/oident.if
@@ -18,7 +18,7 @@
##
##
#
-interface(`oident_read_user_content', `
+interface(`oident_read_user_content',`
gen_require(`
type oidentd_home_t;
')
@@ -38,7 +38,7 @@ interface(`oident_read_user_content', `
##
##
#
-interface(`oident_manage_user_content', `
+interface(`oident_manage_user_content',`
gen_require(`
type oidentd_home_t;
')
@@ -58,7 +58,7 @@ interface(`oident_manage_user_content', `
##
##
#
-interface(`oident_relabel_user_content', `
+interface(`oident_relabel_user_content',`
gen_require(`
type oidentd_home_t;
')
diff --git a/policy/modules/services/openct.if b/policy/modules/services/openct.if
index 9d0a67b..9197ef0 100644
--- a/policy/modules/services/openct.if
+++ b/policy/modules/services/openct.if
@@ -23,9 +23,9 @@ interface(`openct_signull',`
## Execute openct in the caller domain.
##
##
-##
+##
## Domain allowed access.
-##
+##
##
#
interface(`openct_exec',`
@@ -42,9 +42,9 @@ interface(`openct_exec',`
## Execute a domain transition to run openct.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`openct_domtrans',`
diff --git a/policy/modules/services/pads.if b/policy/modules/services/pads.if
index 4452d3b..5a14c62 100644
--- a/policy/modules/services/pads.if
+++ b/policy/modules/services/pads.if
@@ -25,7 +25,7 @@
##
##
#
-interface(`pads_admin', `
+interface(`pads_admin',`
gen_require(`
type pads_t, pads_config_t;
type pads_var_run_t, pads_initrc_exec_t;
diff --git a/policy/modules/services/passenger.if b/policy/modules/services/passenger.if
index 7ca90f6..7f2bbc6 100644
--- a/policy/modules/services/passenger.if
+++ b/policy/modules/services/passenger.if
@@ -2,19 +2,19 @@
######################################
##
-## Execute passenger in the passenger domain.
+## Execute passenger in the passenger domain.
##
##
-##
-## The type of the process performing this action.
-##
+##
+## The type of the process performing this action.
+##
##
#
interface(`passenger_domtrans',`
- gen_require(`
- type passenger_t;
- type passenger_exec_t;
- ')
+ gen_require(`
+ type passenger_t;
+ type passenger_exec_t;
+ ')
allow $1 self:capability { fowner fsetid };
@@ -27,43 +27,42 @@ interface(`passenger_domtrans',`
######################################
##
-## Manage passenger var_run content.
+## Manage passenger var_run content.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`passenger_manage_pid_content',`
- gen_require(`
- type passenger_var_run_t;
- ')
+ gen_require(`
+ type passenger_var_run_t;
+ ')
- files_search_pids($1)
+ files_search_pids($1)
manage_dirs_pattern($1, passenger_var_run_t, passenger_var_run_t)
- manage_files_pattern($1, passenger_var_run_t, passenger_var_run_t)
+ manage_files_pattern($1, passenger_var_run_t, passenger_var_run_t)
manage_fifo_files_pattern($1, passenger_var_run_t, passenger_var_run_t)
manage_sock_files_pattern($1, passenger_var_run_t, passenger_var_run_t)
')
########################################
##
-## Read passenger lib files
+## Read passenger lib files
##
##
-##
-## Domain to not audit.
-##
+##
+## Domain to not audit.
+##
##
#
interface(`passenger_read_lib_files',`
- gen_require(`
- type passenger_var_lib_t;
- ')
+ gen_require(`
+ type passenger_var_lib_t;
+ ')
files_search_var_lib($1)
- read_files_pattern($1, passenger_var_lib_t, passenger_var_lib_t)
- read_lnk_files_pattern($1, passenger_var_lib_t, passenger_var_lib_t)
+ read_files_pattern($1, passenger_var_lib_t, passenger_var_lib_t)
+ read_lnk_files_pattern($1, passenger_var_lib_t, passenger_var_lib_t)
')
-
diff --git a/policy/modules/services/pcscd.if b/policy/modules/services/pcscd.if
index 1c2a091..ea5ae69 100644
--- a/policy/modules/services/pcscd.if
+++ b/policy/modules/services/pcscd.if
@@ -5,9 +5,9 @@
## Execute a domain transition to run pcscd.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`pcscd_domtrans',`
diff --git a/policy/modules/services/pingd.if b/policy/modules/services/pingd.if
index 8688aae..2e6ce68 100644
--- a/policy/modules/services/pingd.if
+++ b/policy/modules/services/pingd.if
@@ -5,9 +5,9 @@
## Execute a domain transition to run pingd.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`pingd_domtrans',`
@@ -55,7 +55,6 @@ interface(`pingd_manage_config',`
files_search_etc($1)
manage_dirs_pattern($1, pingd_etc_t, pingd_etc_t)
manage_files_pattern($1, pingd_etc_t, pingd_etc_t)
-
')
#######################################
diff --git a/policy/modules/services/piranha.if b/policy/modules/services/piranha.if
index 8ecd276..6193984 100644
--- a/policy/modules/services/piranha.if
+++ b/policy/modules/services/piranha.if
@@ -1,44 +1,42 @@
-
## policy for piranha
#######################################
##
-## Creates types and rules for a basic
-## cluster init daemon domain.
+## Creates types and rules for a basic
+## cluster init daemon domain.
##
##
-##
-## Prefix for the domain.
-##
+##
+## Prefix for the domain.
+##
##
#
template(`piranha_domain_template',`
-
- gen_require(`
- attribute piranha_domain;
- ')
+ gen_require(`
+ attribute piranha_domain;
+ ')
##############################
- #
- # piranha_$1_t declarations
- #
+ #
+ # piranha_$1_t declarations
+ #
type piranha_$1_t, piranha_domain;
type piranha_$1_exec_t;
init_daemon_domain(piranha_$1_t, piranha_$1_exec_t)
# pid files
- type piranha_$1_var_run_t;
- files_pid_file(piranha_$1_var_run_t)
+ type piranha_$1_var_run_t;
+ files_pid_file(piranha_$1_var_run_t)
##############################
- #
- # piranha_$1_t local policy
- #
+ #
+ # piranha_$1_t local policy
+ #
- manage_files_pattern(piranha_$1_t, piranha_$1_var_run_t, piranha_$1_var_run_t)
+ manage_files_pattern(piranha_$1_t, piranha_$1_var_run_t, piranha_$1_var_run_t)
manage_dirs_pattern(piranha_$1_t, piranha_$1_var_run_t, piranha_$1_var_run_t)
- files_pid_filetrans(piranha_$1_t, piranha_$1_var_run_t, { file })
+ files_pid_filetrans(piranha_$1_t, piranha_$1_var_run_t, { file })
')
########################################
@@ -46,9 +44,9 @@ template(`piranha_domain_template',`
## Execute a domain transition to run fos.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`piranha_domtrans_fos',`
@@ -61,56 +59,56 @@ interface(`piranha_domtrans_fos',`
#######################################
##
-## Execute a domain transition to run lvsd.
+## Execute a domain transition to run lvsd.
##
##
-##
-## Domain allowed to transition.
-##
+##
+## Domain allowed to transition.
+##
##
#
interface(`piranha_domtrans_lvs',`
- gen_require(`
- type piranha_lvs_t, piranha_lvs_exec_t;
- ')
+ gen_require(`
+ type piranha_lvs_t, piranha_lvs_exec_t;
+ ')
- domtrans_pattern($1, piranha_lvs_exec_t, piranha_lvs_t)
+ domtrans_pattern($1, piranha_lvs_exec_t, piranha_lvs_t)
')
#######################################
##
-## Execute a domain transition to run pulse.
+## Execute a domain transition to run pulse.
##
##
-##
-## Domain allowed to transition.
-##
+##
+## Domain allowed to transition.
+##
##
#
interface(`piranha_domtrans_pulse',`
- gen_require(`
- type piranha_pulse_t, piranha_pulse_exec_t;
- ')
+ gen_require(`
+ type piranha_pulse_t, piranha_pulse_exec_t;
+ ')
- domtrans_pattern($1, piranha_pulse_exec_t, piranha_pulse_t)
+ domtrans_pattern($1, piranha_pulse_exec_t, piranha_pulse_t)
')
#######################################
##
-## Execute pulse server in the pulse domain.
+## Execute pulse server in the pulse domain.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`piranha_pulse_initrc_domtrans',`
- gen_require(`
- type piranha_pulse_initrc_exec_t;
- ')
+ gen_require(`
+ type piranha_pulse_initrc_exec_t;
+ ')
- init_labeled_script_domtrans($1, piranha_pulse_initrc_exec_t)
+ init_labeled_script_domtrans($1, piranha_pulse_initrc_exec_t)
')
########################################
@@ -130,7 +128,7 @@ interface(`piranha_read_log',`
')
logging_search_logs($1)
- read_files_pattern($1, piranha_log_t, piranha_log_t)
+ read_files_pattern($1, piranha_log_t, piranha_log_t)
')
########################################
@@ -139,9 +137,9 @@ interface(`piranha_read_log',`
## piranha log files.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`piranha_append_log',`
@@ -169,7 +167,7 @@ interface(`piranha_manage_log',`
')
logging_search_logs($1)
- manage_dirs_pattern($1, piranha_log_t, piranha_log_t)
- manage_files_pattern($1, piranha_log_t, piranha_log_t)
- manage_lnk_files_pattern($1, piranha_log_t, piranha_log_t)
+ manage_dirs_pattern($1, piranha_log_t, piranha_log_t)
+ manage_files_pattern($1, piranha_log_t, piranha_log_t)
+ manage_lnk_files_pattern($1, piranha_log_t, piranha_log_t)
')