diff --git a/modules-minimum.lst b/modules-minimum.lst new file mode 100644 index 0000000..c4252c8 --- /dev/null +++ b/modules-minimum.lst @@ -0,0 +1,50 @@ +apache +application +auditadm +authlogin +base +bootloader +clock +dbus +dmesg +fstools +getty +hostname +inetd +init +ipsec +iptables +kerberos +libraries +locallogin +logadm +logging +lvm +miscfiles +modutils +mount +mta +netlabel +netutils +nis +postgresql +secadm +selinuxutil +setrans +seunshare +ssh +staff +su +sudo +sysadm +sysadm_secadm +sysnetwork +systemd +udev +unconfined +unconfineduser +unlabelednet +unprivuser +userdomain +usermanage +xserver diff --git a/modules-mls-base.conf b/modules-mls-base.conf deleted file mode 100644 index 5b21a3e..0000000 --- a/modules-mls-base.conf +++ /dev/null @@ -1,380 +0,0 @@ -# Layer: kernel -# Module: bootloader -# -# Policy for the kernel modules, kernel image, and bootloader. -# -bootloader = module - -# Layer: kernel -# Module: corenetwork -# Required in base -# -# Policy controlling access to network objects -# -corenetwork = base - -# Layer: admin -# Module: dmesg -# -# Policy for dmesg. -# -dmesg = module - -# Layer: admin -# Module: netutils -# -# Network analysis utilities -# -netutils = module - -# Layer: admin -# Module: sudo -# -# Execute a command with a substitute user -# -sudo = module - -# Layer: admin -# Module: su -# -# Run shells with substitute user and group -# -su = module - -# Layer: admin -# Module: usermanage -# -# Policy for managing user accounts. -# -usermanage = module - -# Layer: apps -# Module: seunshare -# -# seunshare executable -# -seunshare = module - -# Layer: kernel -# Module: corecommands -# Required in base -# -# Core policy for shells, and generic programs -# in /bin, /sbin, /usr/bin, and /usr/sbin. -# -corecommands = base - -# Module: devices -# Required in base -# -# Device nodes and interfaces for many basic system devices. -# -devices = base - -# Module: domain -# Required in base -# -# Core policy for domains. -# -domain = base - -# Layer: system -# Module: userdomain -# -# Policy for user domains -# -userdomain = module - -# Module: files -# Required in base -# -# Basic filesystem types and interfaces. -# -files = base - -# Module: filesystem -# Required in base -# -# Policy for filesystems. -# -filesystem = base - -# Module: kernel -# Required in base -# -# Policy for kernel threads, proc filesystem,and unlabeled processes and objects. -# -kernel = base - -# Module: mcs -# Required in base -# -# MultiCategory security policy -# -mcs = base - -# Module: mls -# Required in base -# -# Multilevel security policy -# -mls = base - -# Module: selinux -# Required in base -# -# Policy for kernel security interface, in particular, selinuxfs. -# -selinux = base - -# Layer: kernel -# Module: storage -# -# Policy controlling access to storage devices -# -storage = base - -# Module: terminal -# Required in base -# -# Policy for terminals. -# -terminal = base - -# Layer: kernel -# Module: ubac -# -# -# -ubac = base - -# Layer: kernel -# Module: unlabelednet -# -# The unlabelednet module. -# -unlabelednet = module - -# Layer: role -# Module: auditadm -# -# auditadm account on tty logins -# -auditadm = module - -# Layer: role -# Module: logadm -# -# Minimally prived root role for managing logging system -# -logadm = module - -# Layer: role -# Module: secadm -# -# secadm account on tty logins -# -secadm = module - -# Layer:role -# Module: staff -# -# admin account -# -staff = module - -# Layer:role -# Module: sysadm_secadm -# -# System Administrator with Security Admin rules -# -sysadm_secadm = module - -# Layer:role -# Module: sysadm -# -# System Administrator -# -sysadm = module - -# Layer: role -# Module: unprivuser -# -# Minimally privs guest account on tty logins -# -unprivuser = module - -# Layer: services -# Module: postgresql -# -# PostgreSQL relational database -# -postgresql = module - -# Layer: services -# Module: ssh -# -# Secure shell client and server policy. -# -ssh = module - -# Layer: services -# Module: xserver -# -# X windows login display manager -# -xserver = module - -# Module: application -# Required in base -# -# Defines attributs and interfaces for all user applications -# -application = module - -# Layer: system -# Module: authlogin -# -# Common policy for authentication and user login. -# -authlogin = module - -# Layer: system -# Module: clock -# -# Policy for reading and setting the hardware clock. -# -clock = module - -# Layer: system -# Module: fstools -# -# Tools for filesystem management, such as mkfs and fsck. -# -fstools = module - -# Layer: system -# Module: getty -# -# Policy for getty. -# -getty = module - -# Layer: system -# Module: hostname -# -# Policy for changing the system host name. -# -hostname = module - -# Layer: system -# Module: init -# -# System initialization programs (init and init scripts). -# -init = module - -# Layer: system -# Module: ipsec -# -# TCP/IP encryption -# -ipsec = module - -# Layer: system -# Module: iptables -# -# Policy for iptables. -# -iptables = module - -# Layer: system -# Module: libraries -# -# Policy for system libraries. -# -libraries = module - -# Layer: system -# Module: locallogin -# -# Policy for local logins. -# -locallogin = module - -# Layer: system -# Module: logging -# -# Policy for the kernel message logger and system logging daemon. -# -logging = module - -# Layer: system -# Module: lvm -# -# Policy for logical volume management programs. -# -lvm = module - -# Layer: system -# Module: miscfiles -# -# Miscelaneous files. -# -miscfiles = module - -# Layer: system -# Module: modutils -# -# Policy for kernel module utilities -# -modutils = module - -# Layer: system -# Module: mount -# -# Policy for mount. -# -mount = module - -# Layer: system -# Module: netlabel -# -# Basic netlabel types and interfaces. -# -netlabel = module - -# Layer: system -# Module: selinuxutil -# -# Policy for SELinux policy and userland applications. -# -selinuxutil = module - -# Module: setrans -# Required in base -# -# Policy for setrans -# -setrans = module - -# Layer: system -# Module: sysnetwork -# -# Policy for network configuration: ifconfig and dhcp client. -# -sysnetwork = module - -# Layer: system -# Module: systemd -# -# Policy for systemd components -# -systemd = module - -# Layer: system -# Module: udev -# -# Policy for udev. -# -udev = module diff --git a/modules-mls-contrib.conf b/modules-mls-contrib.conf deleted file mode 100644 index 93cbf0f..0000000 --- a/modules-mls-contrib.conf +++ /dev/null @@ -1,1574 +0,0 @@ -# Layer: services -# Module: accountsd -# -# An application to view and modify user accounts information -# -accountsd = module - -# Layer: admin -# Module: acct -# -# Berkeley process accounting -# -acct = module - -# Layer: services -# Module: afs -# -# Andrew Filesystem server -# -afs = module - -# Layer: services -# Module: aide -# -# Policy for aide -# -aide = module - -# Layer: admin -# Module: alsa -# -# Ainit ALSA configuration tool -# -alsa = module - -# Layer: admin -# Module: amanda -# -# Automated backup program. -# -amanda = module - -# Layer: contrib -# Module: antivirus -# -# Anti-virus -# -antivirus = module - -# Layer: admin -# Module: amtu -# -# Abstract Machine Test Utility (AMTU) -# -amtu = module - -# Layer: admin -# Module: anaconda -# -# Policy for the Anaconda installer. -# -anaconda = module - -# Layer: services -# Module: apache -# -# Apache web server -# -apache = module - -# Layer: services -# Module: apcupsd -# -# daemon for most APC’s UPS for Linux -# -apcupsd = module - -# Layer: services -# Module: apm -# -# Advanced power management daemon -# -apm = module - -# Layer: services -# Module: arpwatch -# -# Ethernet activity monitor. -# -arpwatch = module - -# Layer: services -# Module: automount -# -# Filesystem automounter service. -# -automount = module - -# Layer: services -# Module: avahi -# -# mDNS/DNS-SD daemon implementing Apple ZeroConf architecture -# -avahi = module - -# Layer: modules -# Module: awstats -# -# awstats executable -# -awstats = module - -# Layer: services -# Module: bind -# -# Berkeley internet name domain DNS server. -# -bind = module - -# Layer: services -# Module: bitlbee -# -# An IRC to other chat networks gateway -# -bitlbee = module - -# Layer: services -# Module: bluetooth -# -# Bluetooth tools and system services. -# -bluetooth = module - -# Layer: services -# Module: boinc -# -# Berkeley Open Infrastructure for Network Computing -# -boinc = module - -# Layer: system -# Module: brctl -# -# Utilities for configuring the linux ethernet bridge -# -brctl = module - -# Layer: services -# Module: bugzilla -# -# Bugzilla server -# -bugzilla = module - -# Layer: services -# Module: cachefilesd -# -# CacheFiles userspace management daemon -# -cachefilesd = module - -# Module: calamaris -# -# -# Squid log analysis -# -calamaris = module - -# Layer: services -# Module: canna -# -# Canna - kana-kanji conversion server -# -canna = module - -# Layer: services -# Module: ccs -# -# policy for ccs -# -ccs = module - -# Layer: apps -# Module: cdrecord -# -# Policy for cdrecord -# -cdrecord = module - -# Layer: admin -# Module: certmaster -# -# Digital Certificate master -# -certmaster = module - -# Layer: services -# Module: certmonger -# -# Certificate status monitor and PKI enrollment client -# -certmonger = module - -# Layer: admin -# Module: certwatch -# -# Digital Certificate Tracking -# -certwatch = module - -# Layer: services -# Module: cgroup -# -# Tools and libraries to control and monitor control groups -# -cgroup = module - -# Layer: apps -# Module: chrome -# -# chrome sandbox -# -chrome = module - -# Layer: services -# Module: chronyd -# -# Daemon for maintaining clock time -# -chronyd = module - -# Layer: services -# Module: cipe -# -# Encrypted tunnel daemon -# -cipe = module - -# Layer: services -# Module: clogd -# -# clogd - clustered mirror log server -# -clogd = module - -# Layer: services -# Module: cmirrord -# -# cmirrord - daemon providing device-mapper-base mirrors in a shared-storege cluster -# -cmirrord = module - -# Layer: services -# Module: colord -# -# color device daemon -# -colord = module - -# Layer: services -# Module: comsat -# -# Comsat, a biff server. -# -comsat = module - -# Layer: services -# Module: courier -# -# IMAP and POP3 email servers -# -courier = module - -# Layer: services -# Module: cpucontrol -# -# Services for loading CPU microcode and CPU frequency scaling. -# -cpucontrol = module - -# Layer: apps -# Module: cpufreqselector -# -# cpufreqselector executable -# -cpufreqselector = module - -# Layer: services -# Module: cron -# -# Periodic execution of scheduled commands. -# -cron = module - -# Layer: services -# Module: cups -# -# Common UNIX printing system -# -cups = module - -# Layer: services -# Module: cvs -# -# Concurrent versions system -# -cvs = module - -# Layer: services -# Module: cyphesis -# -# cyphesis game server -# -cyphesis = module - -# Layer: services -# Module: cyrus -# -# Cyrus is an IMAP service intended to be run on sealed servers -# -cyrus = module - -# Layer: system -# Module: daemontools -# -# Collection of tools for managing UNIX services -# -daemontools = module - -# Layer: role -# Module: dbadm -# -# Minimally prived root role for managing databases -# -dbadm = module - -# Layer: services -# Module: dbskk -# -# Dictionary server for the SKK Japanese input method system. -# -dbskk = module - -# Layer: services -# Module: dbus -# -# Desktop messaging bus -# -dbus = module - -# Layer: services -# Module: dcc -# -# A distributed, collaborative, spam detection and filtering network. -# -dcc = module - -# Layer: admin -# Module: ddcprobe -# -# ddcprobe retrieves monitor and graphics card information -# -ddcprobe = off - -# Layer: services -# Module: devicekit -# -# devicekit-daemon -# -devicekit = module - -# Layer: services -# Module: dhcp -# -# Dynamic host configuration protocol (DHCP) server -# -dhcp = module - -# Layer: services -# Module: dictd -# -# Dictionary daemon -# -dictd = module - -# Layer: services -# Module: distcc -# -# Distributed compiler daemon -# -distcc = off - -# Layer: admin -# Module: dmidecode -# -# Decode DMI data for x86/ia64 bioses. -# -dmidecode = module - -# Layer: services -# Module: dnsmasq -# -# A lightweight DHCP and caching DNS server. -# -dnsmasq = module - -# Layer: services -# Module: dnssec -# -# A dnssec server application -# -dnssec = module - -# Layer: services -# Module: dovecot -# -# Dovecot POP and IMAP mail server -# -dovecot = module - -# Layer: services -# Module: entropy -# -# Generate entropy from audio input -# -entropyd = module - -# Layer: services -# Module: exim -# -# exim mail server -# -exim = module - -# Layer: services -# Module: fail2ban -# -# daiemon that bans IP that makes too many password failures -# -fail2ban = module - -# Layer: services -# Module: fetchmail -# -# Remote-mail retrieval and forwarding utility -# -fetchmail = module - -# Layer: services -# Module: finger -# -# Finger user information service. -# -finger = module - -# Layer: services -# Module: firewalld -# -# firewalld is firewall service daemon that provides dynamic customizable -# -firewalld = module - -# Layer: apps -# Module: firewallgui -# -# policy for system-config-firewall -# -firewallgui = module - -# Module: firstboot -# -# Final system configuration run during the first boot -# after installation of Red Hat/Fedora systems. -# -firstboot = module - -# Layer: services -# Module: fprintd -# -# finger print server -# -fprintd = module - -# Layer: services -# Module: ftp -# -# File transfer protocol service -# -ftp = module - -# Layer: apps -# Module: games -# -# The Open Group Pegasus CIM/WBEM Server. -# -games = module - -# Layer: apps -# Module: gitosis -# -# Policy for gitosis -# -gitosis = module - -# Layer: services -# Module: git -# -# Policy for the stupid content tracker -# -git = module - -# Layer: services -# Module: glance -# -# Policy for glance -# -glance = module - -# Layer: apps -# Module: gnome -# -# gnome session and gconf -# -gnome = module - -# Layer: apps -# Module: gpg -# -# Policy for Mozilla and related web browsers -# -gpg = module - -# Layer: services -# Module: gpm -# -# General Purpose Mouse driver -# -gpm = module - -# Module: gpsd -# -# gpsd monitor daemon -# -# -gpsd = module - -# Module: gssproxy -# -# A proxy for GSSAPI credential handling -# -# -gssproxy = module - -# Layer: role -# Module: guest -# -# Minimally privs guest account on tty logins -# -guest = module - -# Layer: services -# Module: i18n_input -# -# IIIMF htt server -# -i18n_input = off - -# Layer: services -# Module: inetd -# -# Internet services daemon. -# -inetd = module - -# Layer: services -# Module: inn -# -# Internet News NNTP server -# -inn = module - -# Layer: apps -# Module: irc -# -# IRC client policy -# -irc = module - -# Layer: services -# Module: irqbalance -# -# IRQ balancing daemon -# -irqbalance = module - -# Layer: system -# Module: iscsi -# -# Open-iSCSI daemon -# -iscsi = module - -# Layer: services -# Module: jabber -# -# Jabber instant messaging server -# -jabber = module - -# Layer: apps -# Module: kdumpgui -# -# system-config-kdump policy -# -kdumpgui = module - -# Layer: admin -# Module: kdump -# -# kdump is kernel crash dumping mechanism -# -kdump = module - -# Layer: services -# Module: kerberos -# -# MIT Kerberos admin and KDC -# -kerberos = module - -# Layer: services -# Module: kismet -# -# Wireless sniffing and monitoring -# -kismet = module - -# Layer: services -# Module: ktalk -# -# KDE Talk daemon -# -ktalk = module - -# Layer: services -# Module: ldap -# -# OpenLDAP directory server -# -ldap = module - -# Layer: services -# Module: lircd -# -# LIRC daemon - decodes infrared signals and provides them on a Unix domain socket. -# -lircd = module - -# Layer: apps -# Module: loadkeys -# -# Load keyboard mappings. -# -loadkeys = module - -# Layer: apps -# Module: lockdev -# -# device locking policy for lockdev -# -lockdev = module - -# Layer: admin -# Module: logrotate -# -# Rotate and archive system logs -# -logrotate = module - -# Layer: services -# Module: logwatch -# -# logwatch executable -# -logwatch = module - -# Layer: services -# Module: lpd -# -# Line printer daemon -# -lpd = module - -# Layer: services -# Module: lsm -# -# lsm policy -# -lsm = module - -# Layer: services -# Module: mailman -# -# Mailman is for managing electronic mail discussion and e-newsletter lists -# -mailman = module - -# Layer: admin -# Module: mcelog -# -# mcelog is a daemon that collects and decodes Machine Check Exception data on x86-64 machines. -# -mcelog = module - -# Layer: services -# Module: memcached -# -# high-performance memory object caching system -# -memcached = module - -# Layer: services -# Module: milter -# -# -# -milter = module - -# Layer: services -# Module: modemmanager -# -# Manager for dynamically switching between modems. -# -modemmanager = module - -# Layer: services -# Module: mojomojo -# -# Wiki server -# -mojomojo = module - -# Layer: apps -# Module: mozilla -# -# Policy for Mozilla and related web browsers -# -mozilla = module - -# Layer: apps -# Module: mplayer -# -# Policy for Mozilla and related web browsers -# -mplayer = module - -# Layer: admin -# Module: mrtg -# -# Network traffic graphing -# -mrtg = module - -# Layer: services -# Module: mta -# -# Policy common to all email tranfer agents. -# -mta = module - -# Layer: services -# Module: munin -# -# Munin -# -munin = module - -# Layer: services -# Module: mysql -# -# Policy for MySQL -# -mysql = module - -# Layer: services -# Module: nagios -# -# policy for nagios Host/service/network monitoring program -# -nagios = module - -# Layer: apps -# Module: namespace -# -# policy for namespace.init script -# -namespace = module - -# Layer: admin -# Module: ncftool -# -# Tool to modify the network configuration of a system -# -ncftool = module - -# Layer: services -# Module: networkmanager -# -# Manager for dynamically switching between networks. -# -networkmanager = module - -# Layer: services -# Module: nis -# -# Policy for NIS (YP) servers and clients -# -nis = module - -# Layer: services -# Module: nscd -# -# Name service cache daemon -# -nscd = module - -# Layer: services -# Module: nslcd -# -# Policy for nslcd -# -nslcd = module - -# Layer: services -# Module: ntop -# -# Policy for ntop -# -ntop = module - -# Layer: services -# Module: ntp -# -# Network time protocol daemon -# -ntp = module - -# Layer: services -# Module: nx -# -# NX Remote Desktop -# -nx = module - -# Layer: services -# Module: oddjob -# -# policy for oddjob -# -oddjob = module - -# Layer: services -# Module: openct -# -# Service for handling smart card readers. -# -openct = off - -# Layer: service -# Module: openct -# -# Middleware framework for smart card terminals -# -openct = module - -# Layer: services -# Module: openvpn -# -# Policy for OPENVPN full-featured SSL VPN solution -# -openvpn = module - -# Layer: contrib -# Module: prelude -# -# SELinux policy for prelude -# -prelude = module - -# Layer: contrib -# Module: prosody -# -# SELinux policy for prosody flexible communications server for Jabber/XMPP -# -prosody = module - -# Layer: services -# Module: pads -# -pads = module - -# Layer: system -# Module: pcmcia -# -# PCMCIA card management services -# -pcmcia = module - -# Layer: service -# Module: pcscd -# -# PC/SC Smart Card Daemon -# -pcscd = module - -# Layer: services -# Module: pegasus -# -# The Open Group Pegasus CIM/WBEM Server. -# -pegasus = module - - -# Layer: services -# Module: pingd -# -# -pingd = module - -# Layer: services -# Module: piranha -# -# piranha - various tools to administer and configure the Linux Virtual Server -# -piranha = module - -# Layer: services -# Module: plymouthd -# -# Plymouth -# -plymouthd = module - -# Layer: apps -# Module: podsleuth -# -# Podsleuth probes, identifies, and exposes properties and metadata bound to iPods. -# -podsleuth = module - -# Layer: services -# Module: policykit -# -# Hardware abstraction layer -# -policykit = module - -# Layer: services -# Module: polipo -# -# polipo -# -polipo = module - -# Layer: services -# Module: portmap -# -# RPC port mapping service. -# -portmap = module - -# Layer: services -# Module: portreserve -# -# reserve ports to prevent portmap mapping them -# -portreserve = module - -# Layer: services -# Module: postfix -# -# Postfix email server -# -postfix = module - -o# Layer: services -# Module: postgrey -# -# email scanner -# -postgrey = module - -# Layer: services -# Module: ppp -# -# Point to Point Protocol daemon creates links in ppp networks -# -ppp = module - -# Layer: admin -# Module: prelink -# -# Manage temporary directory sizes and file ages -# -prelink = module - -unprivuser = module - -# Layer: services -# Module: privoxy -# -# Privacy enhancing web proxy. -# -privoxy = module - -# Layer: services -# Module: procmail -# -# Procmail mail delivery agent -# -procmail = module - -# Layer: services -# Module: psad -# -# Analyze iptables log for hostile traffic -# -psad = module - -# Layer: apps -# Module: ptchown -# -# helper function for grantpt(3), changes ownship and permissions of pseudotty -# -ptchown = module - -# Layer: apps -# Module: pulseaudio -# -# The PulseAudio Sound System -# -pulseaudio = module - -# Layer: services -# Module: qmail -# -# Policy for qmail -# -qmail = module - -# Layer: services -# Module: qpidd -# -# Policy for qpidd -# -qpid = module - -# Layer: admin -# Module: quota -# -# File system quota management -# -quota = module - -# Layer: services -# Module: radius -# -# RADIUS authentication and accounting server. -# -radius = module - -# Layer: services -# Module: radvd -# -# IPv6 router advertisement daemon -# -radvd = module - -# Layer: system -# Module: raid -# -# RAID array management tools -# -raid = module - -# Layer: services -# Module: rdisc -# -# Network router discovery daemon -# -rdisc = module - -# Layer: admin -# Module: readahead -# -# Readahead, read files into page cache for improved performance -# -readahead = module - -# Layer: services -# Module: remotelogin -# -# Policy for rshd, rlogind, and telnetd. -# -remotelogin = module - -# Layer: services -# Module: rhcs -# -# RHCS - Red Hat Cluster Suite -# -rhcs = module - -# Layer: services -# Module: rhgb -# -# X windows login display manager -# -rhgb = module - -# Layer: services -# Module: ricci -# -# policy for ricci -# -ricci = module - -# Layer: services -# Module: rlogin -# -# Remote login daemon -# -rlogin = module - -# Layer: services -# Module: roundup -# -# Roundup Issue Tracking System policy -# -roundup = module - -# Layer: services -# Module: rpcbind -# -# universal addresses to RPC program number mapper -# -rpcbind = module - -# Layer: services -# Module: rpc -# -# Remote Procedure Call Daemon for managment of network based process communication -# -rpc = module - -# Layer: admin -# Module: rpm -# -# Policy for the RPM package manager. -# -rpm = module - -# Layer: services -# Module: rshd -# -# Remote shell service. -# -rshd = module - -# Layer: services -# Module: rsync -# -# Fast incremental file transfer for synchronization -# -rsync = module - -# Layer: services -# Module: rtkit -# -# Real Time Kit Daemon -# -rtkit = module - -# Layer: services -# Module: rwho -# -# who is logged in on local machines -# -rwho = module - -# Layer: apps -# Module: sambagui -# -# policy for system-config-samba -# -sambagui = module - -# -# SMB and CIFS client/server programs for UNIX and -# name Service Switch daemon for resolving names -# from Windows NT servers. -# -samba = module - -# Layer: services -# Module: sasl -# -# SASL authentication server -# -sasl = module - -# Layer: apps -# Module: screen -# -# GNU terminal multiplexer -# -screen = module - -# Layer: services -# Module: sendmail -# -# Policy for sendmail. -# -sendmail = module - -# Layer: services -# Module: setroubleshoot -# -# Policy for the SELinux troubleshooting utility -# -setroubleshoot = module - -# Layer: admin -# Module: shorewall -# -# Policy for shorewall -# -shorewall = module - -# Layer: apps -# Module: slocate -# -# Update database for mlocate -# -slocate = module - -# Layer: services -# Module: slrnpull -# -# Service for downloading news feeds the slrn newsreader. -# -slrnpull = off - -# Layer: services -# Module: smartmon -# -# Smart disk monitoring daemon policy -# -smartmon = module - -# Layer: services -# Module: snmp -# -# Simple network management protocol services -# -snmp = module - -# Layer: services -# Module: snort -# -# Snort network intrusion detection system -# -snort = module - -# Layer: admin -# Module: sosreport -# -# sosreport debuggin information generator -# -sosreport = module - -# Layer: services -# Module: soundserver -# -# sound server for network audio server programs, nasd, yiff, etc -# -soundserver = module - -# Layer: services -# Module: spamassassin -# -# Filter used for removing unsolicited email. -# -spamassassin = module - -# Layer: services -# Module: squid -# -# Squid caching http proxy server -# -squid = module - -# Layer: services -# Module: sssd -# -# System Security Services Daemon -# -sssd = module - -# Layer: services -# Module: stunnel -# -# SSL Tunneling Proxy -# -stunnel = module - -# Layer: services -# Module: sysstat -# -# Policy for sysstat. Reports on various system states -# -sysstat = module - -# Layer: services -# Module: tcpd -# -# Policy for TCP daemon. -# -tcpd = module - -# Layer: services -# Module: tcsd -# -# tcsd - daemon that manages Trusted Computing resources -# -tcsd = module - -# Layer: apps -# Module: telepathy -# -# telepathy - Policy for Telepathy framework -# -telepathy = module - -# Layer: services -# Module: telnet -# -# Telnet daemon -# -telnet = module - -# Layer: services -# Module: tftp -# -# Trivial file transfer protocol daemon -# -tftp = module - -# Layer: services -# Module: tgtd -# -# Linux Target Framework Daemon. -# -tgtd = module - -# Layer: apps -# Module: thumb -# -# Thumbnailer confinement -# -thumb = module - -# Layer: services -# Module: timidity -# -# MIDI to WAV converter and player configured as a service -# -timidity = off - -# Layer: admin -# Module: tmpreaper -# -# Manage temporary directory sizes and file ages -# -tmpreaper = module - -# Layer: services -# Module: tor -# -# TOR, the onion router -# -tor = module - -# Layer: services -# Module: ksmtuned -# -# Kernel Samepage Merging (KSM) Tuning Daemon -# -ksmtuned = module - -# Layer: services -# Module: tuned -# -# Dynamic adaptive system tuning daemon -# -tuned = module - -# Layer: apps -# Module: tvtime -# -# tvtime - a high quality television application -# -tvtime = module - -# Layer: services -# Module: ulogd -# -# -# -ulogd = module - -# Layer: apps -# Module: uml -# -# Policy for UML -# -uml = module - -# Layer: admin -# Module: updfstab -# -# Red Hat utility to change /etc/fstab. -# -updfstab = module - -# Layer: admin -# Module: usbmodules -# -# List kernel modules of USB devices -# -usbmodules = module - -# Layer: apps -# Module: userhelper -# -# A helper interface to pam. -# -userhelper = module - -# Layer: apps -# Module: usernetctl -# -# User network interface configuration helper -# -usernetctl = module - -# Layer: services -# Module: uucp -# -# Unix to Unix Copy -# -uucp = module - -# Layer: services -# Module: virt -# -# Virtualization libraries -# -virt = module - -# Layer: apps -# Module: vmware -# -# VMWare Workstation virtual machines -# -vmware = module - -# Layer: contrib -# Module: openvswitch -# -# SELinux policy for openvswitch programs -# -openvswitch = module - -# Layer: admin -# Module: vpn -# -# Virtual Private Networking client -# -vpn = module - -# Layer: services -# Module: w3c -# -# w3c -# -w3c = module - -# Layer: role -# Module: webadm -# -# Minimally prived root role for managing apache -# -webadm = module - -# Layer: apps -# Module: webalizer -# -# Web server log analysis -# -webalizer = module - -# Layer: apps -# Module: wine -# -# wine executable -# -wine = module - -# Layer: apps -# Module: wireshark -# -# wireshark executable -# -wireshark = module - -# Layer: apps -# Module: wm -# -# X windows window manager -# -wm = module - -# Layer: system -# Module: xen -# -# virtualization software -# -xen = module - -# Layer: role -# Module: xguest -# -# Minimally privs guest account on X Windows logins -# -xguest = module - -# Layer: services -# Module: zabbix -# -# Open-source monitoring solution for your IT infrastructure -# -zabbix = module - -# Layer: services -# Module: zebra -# -# Zebra border gateway protocol network routing service -# -zebra = module - -# Layer: services -# Module: zosremote -# -# policy for z/OS Remote-services Audit dispatcher plugin -# -zosremote = module - -# Layer: contrib -# Module: mandb -# -# Policy for mandb -# -mandb = module diff --git a/modules-mls.conf b/modules-mls.conf new file mode 100644 index 0000000..625ce6a --- /dev/null +++ b/modules-mls.conf @@ -0,0 +1,1952 @@ +# Layer: kernel +# Module: bootloader +# +# Policy for the kernel modules, kernel image, and bootloader. +# +bootloader = module + +# Layer: kernel +# Module: corenetwork +# Required in base +# +# Policy controlling access to network objects +# +corenetwork = base + +# Layer: admin +# Module: dmesg +# +# Policy for dmesg. +# +dmesg = module + +# Layer: admin +# Module: netutils +# +# Network analysis utilities +# +netutils = module + +# Layer: admin +# Module: sudo +# +# Execute a command with a substitute user +# +sudo = module + +# Layer: admin +# Module: su +# +# Run shells with substitute user and group +# +su = module + +# Layer: admin +# Module: usermanage +# +# Policy for managing user accounts. +# +usermanage = module + +# Layer: apps +# Module: seunshare +# +# seunshare executable +# +seunshare = module + +# Layer: kernel +# Module: corecommands +# Required in base +# +# Core policy for shells, and generic programs +# in /bin, /sbin, /usr/bin, and /usr/sbin. +# +corecommands = base + +# Module: devices +# Required in base +# +# Device nodes and interfaces for many basic system devices. +# +devices = base + +# Module: domain +# Required in base +# +# Core policy for domains. +# +domain = base + +# Layer: system +# Module: userdomain +# +# Policy for user domains +# +userdomain = module + +# Module: files +# Required in base +# +# Basic filesystem types and interfaces. +# +files = base + +# Module: filesystem +# Required in base +# +# Policy for filesystems. +# +filesystem = base + +# Module: kernel +# Required in base +# +# Policy for kernel threads, proc filesystem,and unlabeled processes and objects. +# +kernel = base + +# Module: mcs +# Required in base +# +# MultiCategory security policy +# +mcs = base + +# Module: mls +# Required in base +# +# Multilevel security policy +# +mls = base + +# Module: selinux +# Required in base +# +# Policy for kernel security interface, in particular, selinuxfs. +# +selinux = base + +# Layer: kernel +# Module: storage +# +# Policy controlling access to storage devices +# +storage = base + +# Module: terminal +# Required in base +# +# Policy for terminals. +# +terminal = base + +# Layer: kernel +# Module: ubac +# +# +# +ubac = base + +# Layer: kernel +# Module: unlabelednet +# +# The unlabelednet module. +# +unlabelednet = module + +# Layer: role +# Module: auditadm +# +# auditadm account on tty logins +# +auditadm = module + +# Layer: role +# Module: logadm +# +# Minimally prived root role for managing logging system +# +logadm = module + +# Layer: role +# Module: secadm +# +# secadm account on tty logins +# +secadm = module + +# Layer:role +# Module: staff +# +# admin account +# +staff = module + +# Layer:role +# Module: sysadm_secadm +# +# System Administrator with Security Admin rules +# +sysadm_secadm = module + +# Layer:role +# Module: sysadm +# +# System Administrator +# +sysadm = module + +# Layer: role +# Module: unprivuser +# +# Minimally privs guest account on tty logins +# +unprivuser = module + +# Layer: services +# Module: postgresql +# +# PostgreSQL relational database +# +postgresql = module + +# Layer: services +# Module: ssh +# +# Secure shell client and server policy. +# +ssh = module + +# Layer: services +# Module: xserver +# +# X windows login display manager +# +xserver = module + +# Module: application +# Required in base +# +# Defines attributs and interfaces for all user applications +# +application = module + +# Layer: system +# Module: authlogin +# +# Common policy for authentication and user login. +# +authlogin = module + +# Layer: system +# Module: clock +# +# Policy for reading and setting the hardware clock. +# +clock = module + +# Layer: system +# Module: fstools +# +# Tools for filesystem management, such as mkfs and fsck. +# +fstools = module + +# Layer: system +# Module: getty +# +# Policy for getty. +# +getty = module + +# Layer: system +# Module: hostname +# +# Policy for changing the system host name. +# +hostname = module + +# Layer: system +# Module: init +# +# System initialization programs (init and init scripts). +# +init = module + +# Layer: system +# Module: ipsec +# +# TCP/IP encryption +# +ipsec = module + +# Layer: system +# Module: iptables +# +# Policy for iptables. +# +iptables = module + +# Layer: system +# Module: libraries +# +# Policy for system libraries. +# +libraries = module + +# Layer: system +# Module: locallogin +# +# Policy for local logins. +# +locallogin = module + +# Layer: system +# Module: logging +# +# Policy for the kernel message logger and system logging daemon. +# +logging = module + +# Layer: system +# Module: lvm +# +# Policy for logical volume management programs. +# +lvm = module + +# Layer: system +# Module: miscfiles +# +# Miscelaneous files. +# +miscfiles = module + +# Layer: system +# Module: modutils +# +# Policy for kernel module utilities +# +modutils = module + +# Layer: system +# Module: mount +# +# Policy for mount. +# +mount = module + +# Layer: system +# Module: netlabel +# +# Basic netlabel types and interfaces. +# +netlabel = module + +# Layer: system +# Module: selinuxutil +# +# Policy for SELinux policy and userland applications. +# +selinuxutil = module + +# Module: setrans +# Required in base +# +# Policy for setrans +# +setrans = module + +# Layer: system +# Module: sysnetwork +# +# Policy for network configuration: ifconfig and dhcp client. +# +sysnetwork = module + +# Layer: system +# Module: systemd +# +# Policy for systemd components +# +systemd = module + +# Layer: system +# Module: udev +# +# Policy for udev. +# +udev = module +# Layer: services +# Module: accountsd +# +# An application to view and modify user accounts information +# +accountsd = module + +# Layer: admin +# Module: acct +# +# Berkeley process accounting +# +acct = module + +# Layer: services +# Module: afs +# +# Andrew Filesystem server +# +afs = module + +# Layer: services +# Module: aide +# +# Policy for aide +# +aide = module + +# Layer: admin +# Module: alsa +# +# Ainit ALSA configuration tool +# +alsa = module + +# Layer: admin +# Module: amanda +# +# Automated backup program. +# +amanda = module + +# Layer: contrib +# Module: antivirus +# +# Anti-virus +# +antivirus = module + +# Layer: admin +# Module: amtu +# +# Abstract Machine Test Utility (AMTU) +# +amtu = module + +# Layer: admin +# Module: anaconda +# +# Policy for the Anaconda installer. +# +anaconda = module + +# Layer: services +# Module: apache +# +# Apache web server +# +apache = module + +# Layer: services +# Module: apcupsd +# +# daemon for most APC’s UPS for Linux +# +apcupsd = module + +# Layer: services +# Module: apm +# +# Advanced power management daemon +# +apm = module + +# Layer: services +# Module: arpwatch +# +# Ethernet activity monitor. +# +arpwatch = module + +# Layer: services +# Module: automount +# +# Filesystem automounter service. +# +automount = module + +# Layer: services +# Module: avahi +# +# mDNS/DNS-SD daemon implementing Apple ZeroConf architecture +# +avahi = module + +# Layer: modules +# Module: awstats +# +# awstats executable +# +awstats = module + +# Layer: services +# Module: bind +# +# Berkeley internet name domain DNS server. +# +bind = module + +# Layer: services +# Module: bitlbee +# +# An IRC to other chat networks gateway +# +bitlbee = module + +# Layer: services +# Module: bluetooth +# +# Bluetooth tools and system services. +# +bluetooth = module + +# Layer: services +# Module: boinc +# +# Berkeley Open Infrastructure for Network Computing +# +boinc = module + +# Layer: system +# Module: brctl +# +# Utilities for configuring the linux ethernet bridge +# +brctl = module + +# Layer: services +# Module: bugzilla +# +# Bugzilla server +# +bugzilla = module + +# Layer: services +# Module: cachefilesd +# +# CacheFiles userspace management daemon +# +cachefilesd = module + +# Module: calamaris +# +# +# Squid log analysis +# +calamaris = module + +# Layer: services +# Module: canna +# +# Canna - kana-kanji conversion server +# +canna = module + +# Layer: services +# Module: ccs +# +# policy for ccs +# +ccs = module + +# Layer: apps +# Module: cdrecord +# +# Policy for cdrecord +# +cdrecord = module + +# Layer: admin +# Module: certmaster +# +# Digital Certificate master +# +certmaster = module + +# Layer: services +# Module: certmonger +# +# Certificate status monitor and PKI enrollment client +# +certmonger = module + +# Layer: admin +# Module: certwatch +# +# Digital Certificate Tracking +# +certwatch = module + +# Layer: services +# Module: cgroup +# +# Tools and libraries to control and monitor control groups +# +cgroup = module + +# Layer: apps +# Module: chrome +# +# chrome sandbox +# +chrome = module + +# Layer: services +# Module: chronyd +# +# Daemon for maintaining clock time +# +chronyd = module + +# Layer: services +# Module: cipe +# +# Encrypted tunnel daemon +# +cipe = module + +# Layer: services +# Module: clogd +# +# clogd - clustered mirror log server +# +clogd = module + +# Layer: services +# Module: cmirrord +# +# cmirrord - daemon providing device-mapper-base mirrors in a shared-storege cluster +# +cmirrord = module + +# Layer: services +# Module: colord +# +# color device daemon +# +colord = module + +# Layer: services +# Module: comsat +# +# Comsat, a biff server. +# +comsat = module + +# Layer: services +# Module: courier +# +# IMAP and POP3 email servers +# +courier = module + +# Layer: services +# Module: cpucontrol +# +# Services for loading CPU microcode and CPU frequency scaling. +# +cpucontrol = module + +# Layer: apps +# Module: cpufreqselector +# +# cpufreqselector executable +# +cpufreqselector = module + +# Layer: services +# Module: cron +# +# Periodic execution of scheduled commands. +# +cron = module + +# Layer: services +# Module: cups +# +# Common UNIX printing system +# +cups = module + +# Layer: services +# Module: cvs +# +# Concurrent versions system +# +cvs = module + +# Layer: services +# Module: cyphesis +# +# cyphesis game server +# +cyphesis = module + +# Layer: services +# Module: cyrus +# +# Cyrus is an IMAP service intended to be run on sealed servers +# +cyrus = module + +# Layer: system +# Module: daemontools +# +# Collection of tools for managing UNIX services +# +daemontools = module + +# Layer: role +# Module: dbadm +# +# Minimally prived root role for managing databases +# +dbadm = module + +# Layer: services +# Module: dbskk +# +# Dictionary server for the SKK Japanese input method system. +# +dbskk = module + +# Layer: services +# Module: dbus +# +# Desktop messaging bus +# +dbus = module + +# Layer: services +# Module: dcc +# +# A distributed, collaborative, spam detection and filtering network. +# +dcc = module + +# Layer: admin +# Module: ddcprobe +# +# ddcprobe retrieves monitor and graphics card information +# +ddcprobe = off + +# Layer: services +# Module: devicekit +# +# devicekit-daemon +# +devicekit = module + +# Layer: services +# Module: dhcp +# +# Dynamic host configuration protocol (DHCP) server +# +dhcp = module + +# Layer: services +# Module: dictd +# +# Dictionary daemon +# +dictd = module + +# Layer: services +# Module: distcc +# +# Distributed compiler daemon +# +distcc = off + +# Layer: admin +# Module: dmidecode +# +# Decode DMI data for x86/ia64 bioses. +# +dmidecode = module + +# Layer: services +# Module: dnsmasq +# +# A lightweight DHCP and caching DNS server. +# +dnsmasq = module + +# Layer: services +# Module: dnssec +# +# A dnssec server application +# +dnssec = module + +# Layer: services +# Module: dovecot +# +# Dovecot POP and IMAP mail server +# +dovecot = module + +# Layer: services +# Module: entropy +# +# Generate entropy from audio input +# +entropyd = module + +# Layer: services +# Module: exim +# +# exim mail server +# +exim = module + +# Layer: services +# Module: fail2ban +# +# daiemon that bans IP that makes too many password failures +# +fail2ban = module + +# Layer: services +# Module: fetchmail +# +# Remote-mail retrieval and forwarding utility +# +fetchmail = module + +# Layer: services +# Module: finger +# +# Finger user information service. +# +finger = module + +# Layer: services +# Module: firewalld +# +# firewalld is firewall service daemon that provides dynamic customizable +# +firewalld = module + +# Layer: apps +# Module: firewallgui +# +# policy for system-config-firewall +# +firewallgui = module + +# Module: firstboot +# +# Final system configuration run during the first boot +# after installation of Red Hat/Fedora systems. +# +firstboot = module + +# Layer: services +# Module: fprintd +# +# finger print server +# +fprintd = module + +# Layer: services +# Module: ftp +# +# File transfer protocol service +# +ftp = module + +# Layer: apps +# Module: games +# +# The Open Group Pegasus CIM/WBEM Server. +# +games = module + +# Layer: apps +# Module: gitosis +# +# Policy for gitosis +# +gitosis = module + +# Layer: services +# Module: git +# +# Policy for the stupid content tracker +# +git = module + +# Layer: services +# Module: glance +# +# Policy for glance +# +glance = module + +# Layer: apps +# Module: gnome +# +# gnome session and gconf +# +gnome = module + +# Layer: apps +# Module: gpg +# +# Policy for Mozilla and related web browsers +# +gpg = module + +# Layer: services +# Module: gpm +# +# General Purpose Mouse driver +# +gpm = module + +# Module: gpsd +# +# gpsd monitor daemon +# +# +gpsd = module + +# Module: gssproxy +# +# A proxy for GSSAPI credential handling +# +# +gssproxy = module + +# Layer: role +# Module: guest +# +# Minimally privs guest account on tty logins +# +guest = module + +# Layer: services +# Module: i18n_input +# +# IIIMF htt server +# +i18n_input = off + +# Layer: services +# Module: inetd +# +# Internet services daemon. +# +inetd = module + +# Layer: services +# Module: inn +# +# Internet News NNTP server +# +inn = module + +# Layer: apps +# Module: irc +# +# IRC client policy +# +irc = module + +# Layer: services +# Module: irqbalance +# +# IRQ balancing daemon +# +irqbalance = module + +# Layer: system +# Module: iscsi +# +# Open-iSCSI daemon +# +iscsi = module + +# Layer: services +# Module: jabber +# +# Jabber instant messaging server +# +jabber = module + +# Layer: apps +# Module: kdumpgui +# +# system-config-kdump policy +# +kdumpgui = module + +# Layer: admin +# Module: kdump +# +# kdump is kernel crash dumping mechanism +# +kdump = module + +# Layer: services +# Module: kerberos +# +# MIT Kerberos admin and KDC +# +kerberos = module + +# Layer: services +# Module: kismet +# +# Wireless sniffing and monitoring +# +kismet = module + +# Layer: services +# Module: ktalk +# +# KDE Talk daemon +# +ktalk = module + +# Layer: services +# Module: ldap +# +# OpenLDAP directory server +# +ldap = module + +# Layer: services +# Module: lircd +# +# LIRC daemon - decodes infrared signals and provides them on a Unix domain socket. +# +lircd = module + +# Layer: apps +# Module: loadkeys +# +# Load keyboard mappings. +# +loadkeys = module + +# Layer: apps +# Module: lockdev +# +# device locking policy for lockdev +# +lockdev = module + +# Layer: admin +# Module: logrotate +# +# Rotate and archive system logs +# +logrotate = module + +# Layer: services +# Module: logwatch +# +# logwatch executable +# +logwatch = module + +# Layer: services +# Module: lpd +# +# Line printer daemon +# +lpd = module + +# Layer: services +# Module: lsm +# +# lsm policy +# +lsm = module + +# Layer: services +# Module: mailman +# +# Mailman is for managing electronic mail discussion and e-newsletter lists +# +mailman = module + +# Layer: admin +# Module: mcelog +# +# mcelog is a daemon that collects and decodes Machine Check Exception data on x86-64 machines. +# +mcelog = module + +# Layer: services +# Module: memcached +# +# high-performance memory object caching system +# +memcached = module + +# Layer: services +# Module: milter +# +# +# +milter = module + +# Layer: services +# Module: modemmanager +# +# Manager for dynamically switching between modems. +# +modemmanager = module + +# Layer: services +# Module: mojomojo +# +# Wiki server +# +mojomojo = module + +# Layer: apps +# Module: mozilla +# +# Policy for Mozilla and related web browsers +# +mozilla = module + +# Layer: apps +# Module: mplayer +# +# Policy for Mozilla and related web browsers +# +mplayer = module + +# Layer: admin +# Module: mrtg +# +# Network traffic graphing +# +mrtg = module + +# Layer: services +# Module: mta +# +# Policy common to all email tranfer agents. +# +mta = module + +# Layer: services +# Module: munin +# +# Munin +# +munin = module + +# Layer: services +# Module: mysql +# +# Policy for MySQL +# +mysql = module + +# Layer: services +# Module: nagios +# +# policy for nagios Host/service/network monitoring program +# +nagios = module + +# Layer: apps +# Module: namespace +# +# policy for namespace.init script +# +namespace = module + +# Layer: admin +# Module: ncftool +# +# Tool to modify the network configuration of a system +# +ncftool = module + +# Layer: services +# Module: networkmanager +# +# Manager for dynamically switching between networks. +# +networkmanager = module + +# Layer: services +# Module: nis +# +# Policy for NIS (YP) servers and clients +# +nis = module + +# Layer: services +# Module: nscd +# +# Name service cache daemon +# +nscd = module + +# Layer: services +# Module: nslcd +# +# Policy for nslcd +# +nslcd = module + +# Layer: services +# Module: ntop +# +# Policy for ntop +# +ntop = module + +# Layer: services +# Module: ntp +# +# Network time protocol daemon +# +ntp = module + +# Layer: services +# Module: nx +# +# NX Remote Desktop +# +nx = module + +# Layer: services +# Module: oddjob +# +# policy for oddjob +# +oddjob = module + +# Layer: services +# Module: openct +# +# Service for handling smart card readers. +# +openct = off + +# Layer: service +# Module: openct +# +# Middleware framework for smart card terminals +# +openct = module + +# Layer: services +# Module: openvpn +# +# Policy for OPENVPN full-featured SSL VPN solution +# +openvpn = module + +# Layer: contrib +# Module: prelude +# +# SELinux policy for prelude +# +prelude = module + +# Layer: contrib +# Module: prosody +# +# SELinux policy for prosody flexible communications server for Jabber/XMPP +# +prosody = module + +# Layer: services +# Module: pads +# +pads = module + +# Layer: system +# Module: pcmcia +# +# PCMCIA card management services +# +pcmcia = module + +# Layer: service +# Module: pcscd +# +# PC/SC Smart Card Daemon +# +pcscd = module + +# Layer: services +# Module: pegasus +# +# The Open Group Pegasus CIM/WBEM Server. +# +pegasus = module + + +# Layer: services +# Module: pingd +# +# +pingd = module + +# Layer: services +# Module: piranha +# +# piranha - various tools to administer and configure the Linux Virtual Server +# +piranha = module + +# Layer: services +# Module: plymouthd +# +# Plymouth +# +plymouthd = module + +# Layer: apps +# Module: podsleuth +# +# Podsleuth probes, identifies, and exposes properties and metadata bound to iPods. +# +podsleuth = module + +# Layer: services +# Module: policykit +# +# Hardware abstraction layer +# +policykit = module + +# Layer: services +# Module: polipo +# +# polipo +# +polipo = module + +# Layer: services +# Module: portmap +# +# RPC port mapping service. +# +portmap = module + +# Layer: services +# Module: portreserve +# +# reserve ports to prevent portmap mapping them +# +portreserve = module + +# Layer: services +# Module: postfix +# +# Postfix email server +# +postfix = module + +o# Layer: services +# Module: postgrey +# +# email scanner +# +postgrey = module + +# Layer: services +# Module: ppp +# +# Point to Point Protocol daemon creates links in ppp networks +# +ppp = module + +# Layer: admin +# Module: prelink +# +# Manage temporary directory sizes and file ages +# +prelink = module + +# Layer: services +# Module: privoxy +# +# Privacy enhancing web proxy. +# +privoxy = module + +# Layer: services +# Module: procmail +# +# Procmail mail delivery agent +# +procmail = module + +# Layer: services +# Module: psad +# +# Analyze iptables log for hostile traffic +# +psad = module + +# Layer: apps +# Module: ptchown +# +# helper function for grantpt(3), changes ownship and permissions of pseudotty +# +ptchown = module + +# Layer: apps +# Module: pulseaudio +# +# The PulseAudio Sound System +# +pulseaudio = module + +# Layer: services +# Module: qmail +# +# Policy for qmail +# +qmail = module + +# Layer: services +# Module: qpidd +# +# Policy for qpidd +# +qpid = module + +# Layer: admin +# Module: quota +# +# File system quota management +# +quota = module + +# Layer: services +# Module: radius +# +# RADIUS authentication and accounting server. +# +radius = module + +# Layer: services +# Module: radvd +# +# IPv6 router advertisement daemon +# +radvd = module + +# Layer: system +# Module: raid +# +# RAID array management tools +# +raid = module + +# Layer: services +# Module: rdisc +# +# Network router discovery daemon +# +rdisc = module + +# Layer: admin +# Module: readahead +# +# Readahead, read files into page cache for improved performance +# +readahead = module + +# Layer: services +# Module: remotelogin +# +# Policy for rshd, rlogind, and telnetd. +# +remotelogin = module + +# Layer: services +# Module: rhcs +# +# RHCS - Red Hat Cluster Suite +# +rhcs = module + +# Layer: services +# Module: rhgb +# +# X windows login display manager +# +rhgb = module + +# Layer: services +# Module: ricci +# +# policy for ricci +# +ricci = module + +# Layer: services +# Module: rlogin +# +# Remote login daemon +# +rlogin = module + +# Layer: services +# Module: roundup +# +# Roundup Issue Tracking System policy +# +roundup = module + +# Layer: services +# Module: rpcbind +# +# universal addresses to RPC program number mapper +# +rpcbind = module + +# Layer: services +# Module: rpc +# +# Remote Procedure Call Daemon for managment of network based process communication +# +rpc = module + +# Layer: admin +# Module: rpm +# +# Policy for the RPM package manager. +# +rpm = module + +# Layer: services +# Module: rshd +# +# Remote shell service. +# +rshd = module + +# Layer: services +# Module: rsync +# +# Fast incremental file transfer for synchronization +# +rsync = module + +# Layer: services +# Module: rtkit +# +# Real Time Kit Daemon +# +rtkit = module + +# Layer: services +# Module: rwho +# +# who is logged in on local machines +# +rwho = module + +# Layer: apps +# Module: sambagui +# +# policy for system-config-samba +# +sambagui = module + +# +# SMB and CIFS client/server programs for UNIX and +# name Service Switch daemon for resolving names +# from Windows NT servers. +# +samba = module + +# Layer: services +# Module: sasl +# +# SASL authentication server +# +sasl = module + +# Layer: apps +# Module: screen +# +# GNU terminal multiplexer +# +screen = module + +# Layer: services +# Module: sendmail +# +# Policy for sendmail. +# +sendmail = module + +# Layer: services +# Module: setroubleshoot +# +# Policy for the SELinux troubleshooting utility +# +setroubleshoot = module + +# Layer: admin +# Module: shorewall +# +# Policy for shorewall +# +shorewall = module + +# Layer: apps +# Module: slocate +# +# Update database for mlocate +# +slocate = module + +# Layer: services +# Module: slrnpull +# +# Service for downloading news feeds the slrn newsreader. +# +slrnpull = off + +# Layer: services +# Module: smartmon +# +# Smart disk monitoring daemon policy +# +smartmon = module + +# Layer: services +# Module: snmp +# +# Simple network management protocol services +# +snmp = module + +# Layer: services +# Module: snort +# +# Snort network intrusion detection system +# +snort = module + +# Layer: admin +# Module: sosreport +# +# sosreport debuggin information generator +# +sosreport = module + +# Layer: services +# Module: soundserver +# +# sound server for network audio server programs, nasd, yiff, etc +# +soundserver = module + +# Layer: services +# Module: spamassassin +# +# Filter used for removing unsolicited email. +# +spamassassin = module + +# Layer: services +# Module: squid +# +# Squid caching http proxy server +# +squid = module + +# Layer: services +# Module: sssd +# +# System Security Services Daemon +# +sssd = module + +# Layer: services +# Module: stunnel +# +# SSL Tunneling Proxy +# +stunnel = module + +# Layer: services +# Module: sysstat +# +# Policy for sysstat. Reports on various system states +# +sysstat = module + +# Layer: services +# Module: tcpd +# +# Policy for TCP daemon. +# +tcpd = module + +# Layer: services +# Module: tcsd +# +# tcsd - daemon that manages Trusted Computing resources +# +tcsd = module + +# Layer: apps +# Module: telepathy +# +# telepathy - Policy for Telepathy framework +# +telepathy = module + +# Layer: services +# Module: telnet +# +# Telnet daemon +# +telnet = module + +# Layer: services +# Module: tftp +# +# Trivial file transfer protocol daemon +# +tftp = module + +# Layer: services +# Module: tgtd +# +# Linux Target Framework Daemon. +# +tgtd = module + +# Layer: apps +# Module: thumb +# +# Thumbnailer confinement +# +thumb = module + +# Layer: services +# Module: timidity +# +# MIDI to WAV converter and player configured as a service +# +timidity = off + +# Layer: admin +# Module: tmpreaper +# +# Manage temporary directory sizes and file ages +# +tmpreaper = module + +# Layer: services +# Module: tor +# +# TOR, the onion router +# +tor = module + +# Layer: services +# Module: ksmtuned +# +# Kernel Samepage Merging (KSM) Tuning Daemon +# +ksmtuned = module + +# Layer: services +# Module: tuned +# +# Dynamic adaptive system tuning daemon +# +tuned = module + +# Layer: apps +# Module: tvtime +# +# tvtime - a high quality television application +# +tvtime = module + +# Layer: services +# Module: ulogd +# +# +# +ulogd = module + +# Layer: apps +# Module: uml +# +# Policy for UML +# +uml = module + +# Layer: admin +# Module: updfstab +# +# Red Hat utility to change /etc/fstab. +# +updfstab = module + +# Layer: admin +# Module: usbmodules +# +# List kernel modules of USB devices +# +usbmodules = module + +# Layer: apps +# Module: userhelper +# +# A helper interface to pam. +# +userhelper = module + +# Layer: apps +# Module: usernetctl +# +# User network interface configuration helper +# +usernetctl = module + +# Layer: services +# Module: uucp +# +# Unix to Unix Copy +# +uucp = module + +# Layer: services +# Module: virt +# +# Virtualization libraries +# +virt = module + +# Layer: apps +# Module: vmware +# +# VMWare Workstation virtual machines +# +vmware = module + +# Layer: contrib +# Module: openvswitch +# +# SELinux policy for openvswitch programs +# +openvswitch = module + +# Layer: admin +# Module: vpn +# +# Virtual Private Networking client +# +vpn = module + +# Layer: services +# Module: w3c +# +# w3c +# +w3c = module + +# Layer: role +# Module: webadm +# +# Minimally prived root role for managing apache +# +webadm = module + +# Layer: apps +# Module: webalizer +# +# Web server log analysis +# +webalizer = module + +# Layer: apps +# Module: wine +# +# wine executable +# +wine = module + +# Layer: apps +# Module: wireshark +# +# wireshark executable +# +wireshark = module + +# Layer: apps +# Module: wm +# +# X windows window manager +# +wm = module + +# Layer: system +# Module: xen +# +# virtualization software +# +xen = module + +# Layer: role +# Module: xguest +# +# Minimally privs guest account on X Windows logins +# +xguest = module + +# Layer: services +# Module: zabbix +# +# Open-source monitoring solution for your IT infrastructure +# +zabbix = module + +# Layer: services +# Module: zebra +# +# Zebra border gateway protocol network routing service +# +zebra = module + +# Layer: services +# Module: zosremote +# +# policy for z/OS Remote-services Audit dispatcher plugin +# +zosremote = module + +# Layer: contrib +# Module: mandb +# +# Policy for mandb +# +mandb = module diff --git a/modules-targeted-base.conf b/modules-targeted-base.conf deleted file mode 100644 index e7456ef..0000000 --- a/modules-targeted-base.conf +++ /dev/null @@ -1,393 +0,0 @@ -# Layer: kernel -# Module: bootloader -# -# Policy for the kernel modules, kernel image, and bootloader. -# -bootloader = module - -# Layer: kernel -# Module: corecommands -# Required in base -# -# Core policy for shells, and generic programs -# in /bin, /sbin, /usr/bin, and /usr/sbin. -# -corecommands = base - -# Layer: kernel -# Module: corenetwork -# Required in base -# -# Policy controlling access to network objects -# -corenetwork = base - -# Layer: admin -# Module: dmesg -# -# Policy for dmesg. -# -dmesg = module - -# Layer: admin -# Module: netutils -# -# Network analysis utilities -# -netutils = module - -# Layer: admin -# Module: sudo -# -# Execute a command with a substitute user -# -sudo = module - -# Layer: admin -# Module: su -# -# Run shells with substitute user and group -# -su = module - -# Layer: admin -# Module: usermanage -# -# Policy for managing user accounts. -# -usermanage = module - -# Layer: apps -# Module: seunshare -# -# seunshare executable -# -seunshare = module - -# Module: devices -# Required in base -# -# Device nodes and interfaces for many basic system devices. -# -devices = base - -# Module: domain -# Required in base -# -# Core policy for domains. -# -domain = base - -# Layer: system -# Module: userdomain -# -# Policy for user domains -# -userdomain = module - -# Module: files -# Required in base -# -# Basic filesystem types and interfaces. -# -files = base - -# Layer: system -# Module: miscfiles -# -# Miscelaneous files. -# -miscfiles = module - -# Module: filesystem -# Required in base -# -# Policy for filesystems. -# -filesystem = base - -# Module: kernel -# Required in base -# -# Policy for kernel threads, proc filesystem,and unlabeled processes and objects. -# -kernel = base - -# Module: mcs -# Required in base -# -# MultiCategory security policy -# -mcs = base - -# Module: mls -# Required in base -# -# Multilevel security policy -# -mls = base - -# Module: selinux -# Required in base -# -# Policy for kernel security interface, in particular, selinuxfs. -# -selinux = base - -# Layer: kernel -# Module: storage -# -# Policy controlling access to storage devices -# -storage = base - -# Module: terminal -# Required in base -# -# Policy for terminals. -# -terminal = base - -# Layer: kernel -# Module: ubac -# -# -# -ubac = base - -# Layer: kernel -# Module: unconfined -# -# The unlabelednet module. -# -unlabelednet = module - -# Layer: role -# Module: auditadm -# -# auditadm account on tty logins -# -auditadm = module - -# Layer: role -# Module: logadm -# -# Minimally prived root role for managing logging system -# -logadm = module - -# Layer: role -# Module: secadm -# -# secadm account on tty logins -# -secadm = module - -# Layer:role -# Module: sysadm_secadm -# -# System Administrator with Security Admin rules -# -sysadm_secadm = module - -# Module: staff -# -# admin account -# -staff = module - -# Layer:role -# Module: sysadm -# -# System Administrator -# -sysadm = module - -# Layer: role -# Module: unconfineduser -# -# The unconfined user domain. -# -unconfineduser = module - -# Layer: role -# Module: unprivuser -# -# Minimally privs guest account on tty logins -# -unprivuser = module - -# Layer: services -# Module: postgresql -# -# PostgreSQL relational database -# -postgresql = module - -# Layer: services -# Module: ssh -# -# Secure shell client and server policy. -# -ssh = module - -# Layer: services -# Module: xserver -# -# X windows login display manager -# -xserver = module - -# Module: application -# Required in base -# -# Defines attributs and interfaces for all user applications -# -application = module - -# Layer: system -# Module: authlogin -# -# Common policy for authentication and user login. -# -authlogin = module - -# Layer: system -# Module: clock -# -# Policy for reading and setting the hardware clock. -# -clock = module - -# Layer: system -# Module: fstools -# -# Tools for filesystem management, such as mkfs and fsck. -# -fstools = module - -# Layer: system -# Module: getty -# -# Policy for getty. -# -getty = module - -# Layer: system -# Module: hostname -# -# Policy for changing the system host name. -# -hostname = module - -# Layer: system -# Module: init -# -# System initialization programs (init and init scripts). -# -init = module - -# Layer: system -# Module: ipsec -# -# TCP/IP encryption -# -ipsec = module - -# Layer: system -# Module: iptables -# -# Policy for iptables. -# -iptables = module - -# Layer: system -# Module: libraries -# -# Policy for system libraries. -# -libraries = module - -# Layer: system -# Module: locallogin -# -# Policy for local logins. -# -locallogin = module - -# Layer: system -# Module: logging -# -# Policy for the kernel message logger and system logging daemon. -# -logging = module - -# Layer: system -# Module: lvm -# -# Policy for logical volume management programs. -# -lvm = module - -# Layer: system -# Module: modutils -# -# Policy for kernel module utilities -# -modutils = module - -# Layer: system -# Module: mount -# -# Policy for mount. -# -mount = module - -# Layer: system -# Module: netlabel -# -# Basic netlabel types and interfaces. -# -netlabel = module - -# Layer: system -# Module: selinuxutil -# -# Policy for SELinux policy and userland applications. -# -selinuxutil = module - -# Module: setrans -# Required in base -# -# Policy for setrans -# -setrans = module - -# Layer: system -# Module: sysnetwork -# -# Policy for network configuration: ifconfig and dhcp client. -# -sysnetwork = module - -# Layer: system -# Module: systemd -# -# Policy for systemd components -# -systemd = module - -# Layer: system -# Module: udev -# -# Policy for udev. -# -udev = module - -# Layer: system -# Module: unconfined -# -# The unconfined domain. -# -unconfined = module diff --git a/modules-targeted-contrib.conf b/modules-targeted-contrib.conf deleted file mode 100644 index 2954fb8..0000000 --- a/modules-targeted-contrib.conf +++ /dev/null @@ -1,2784 +0,0 @@ -# Layer: services -# Module: abrt -# -# Automatic bug detection and reporting tool -# -abrt = module - -# Layer: services -# Module: accountsd -# -# An application to view and modify user accounts information -# -accountsd = module - -# Layer: admin -# Module: acct -# -# Berkeley process accounting -# -acct = module - -# Layer: services -# Module: afs -# -# Andrew Filesystem server -# -afs = module - -# Layer: services -# Module: aiccu -# -# SixXS Automatic IPv6 Connectivity Client Utility -# -aiccu = module - -# Layer: services -# Module: aide -# -# Policy for aide -# -aide = module - -# Layer: services -# Module: ajaxterm -# -# Web Based Terminal -# -ajaxterm = module - -# Layer: admin -# Module: alsa -# -# Ainit ALSA configuration tool -# -alsa = module - -# Layer: admin -# Module: amanda -# -# Automated backup program. -# -amanda = module - -# Layer: admin -# Module: amtu -# -# Abstract Machine Test Utility (AMTU) -# -amtu = module - -# Layer: admin -# Module: anaconda -# -# Policy for the Anaconda installer. -# -anaconda = module - -# Layer: contrib -# Module: antivirus -# -# SELinux policy for antivirus programs -# -antivirus = module - -# Layer: services -# Module: apache -# -# Apache web server -# -apache = module - -# Layer: services -# Module: apcupsd -# -# daemon for most APC’s UPS for Linux -# -apcupsd = module - -# Layer: services -# Module: apm -# -# Advanced power management daemon -# -apm = module - -# Layer: services -# Module: arpwatch -# -# Ethernet activity monitor. -# -arpwatch = module - -# Layer: services -# Module: asterisk -# -# Asterisk IP telephony server -# -asterisk = module - -# Layer: contrib -# Module: authconfig -# -# Authorization configuration tool -# -authconfig = module - -# Layer: services -# Module: automount -# -# Filesystem automounter service. -# -automount = module - -# Layer: services -# Module: avahi -# -# mDNS/DNS-SD daemon implementing Apple ZeroConf architecture -# -avahi = module - -# Layer: module -# Module: awstats -# -# awstats executable -# -awstats = module - -# Layer: services -# Module: bcfg2 -# -# Configuration management server -# -bcfg2 = module - -# Layer: services -# Module: bind -# -# Berkeley internet name domain DNS server. -# -bind = module - -# Layer: contrib -# Module: rngd -# -# Daemon used to feed random data from hardware device to kernel random device -# -rngd = module - -# Layer: services -# Module: bitlbee -# -# An IRC to other chat networks gateway -# -bitlbee = module - -# Layer: services -# Module: blueman -# -# Blueman tools and system services. -# -blueman = module - -# Layer: services -# Module: bluetooth -# -# Bluetooth tools and system services. -# -bluetooth = module - -# Layer: services -# Module: boinc -# -# Berkeley Open Infrastructure for Network Computing -# -boinc = module - -# Layer: system -# Module: brctl -# -# Utilities for configuring the linux ethernet bridge -# -brctl = module - -# Layer: services -# Module: bugzilla -# -# Bugzilla server -# -bugzilla = module - -# Layer: services -# Module: bumblebee -# -# Support NVIDIA Optimus technology under Linux -# -bumblebee = module - -# Layer: services -# Module: cachefilesd -# -# CacheFiles userspace management daemon -# -cachefilesd = module - -# Module: calamaris -# -# -# Squid log analysis -# -calamaris = module - -# Layer: services -# Module: callweaver -# -# callweaver telephony sever -# -callweaver = module - -# Layer: services -# Module: canna -# -# Canna - kana-kanji conversion server -# -canna = module - -# Layer: services -# Module: ccs -# -# policy for ccs -# -ccs = module - -# Layer: apps -# Module: cdrecord -# -# Policy for cdrecord -# -cdrecord = module - -# Layer: admin -# Module: certmaster -# -# Digital Certificate master -# -certmaster = module - -# Layer: services -# Module: certmonger -# -# Certificate status monitor and PKI enrollment client -# -certmonger = module - -# Layer: admin -# Module: certwatch -# -# Digital Certificate Tracking -# -certwatch = module - -# Layer: services -# Module: cfengine -# -# cfengine -# -cfengine = module - -# Layer: services -# Module: cgroup -# -# Tools and libraries to control and monitor control groups -# -cgroup = module - -# Layer: apps -# Module: chrome -# -# chrome sandbox -# -chrome = module - -# Layer: services -# Module: chronyd -# -# Daemon for maintaining clock time -# -chronyd = module - -# Layer: services -# Module: cipe -# -# Encrypted tunnel daemon -# -cipe = module - - -# Layer: services -# Module: clogd -# -# clogd - clustered mirror log server -# -clogd = module - -# Layer: services -# Module: cloudform -# -# cloudform daemons -# -cloudform = module - -# Layer: services -# Module: cmirrord -# -# cmirrord - daemon providing device-mapper-base mirrors in a shared-storege cluster -# -cmirrord = module - -# Layer: services -# Module: cobbler -# -# cobbler -# -cobbler = module - -# Layer: services -# Module: collectd -# -# Statistics collection daemon for filling RRD files -# -collectd = module - -# Layer: services -# Module: colord -# -# color device daemon -# -colord = module - -# Layer: services -# Module: comsat -# -# Comsat, a biff server. -# -comsat = module - -# Layer: services -# Module: condor -# -# policy for condor -# -condor = module - -# Layer: services -# Module: conman -# -# Conman is a program for connecting to remote consoles being managed by conmand -# -conman = module - -# Layer: services -# Module: consolekit -# -# ConsoleKit is a system daemon for tracking what users are logged -# -consolekit = module - -# Layer: services -# Module: couchdb -# -# Apache CouchDB database server -# -couchdb = module - -# Layer: services -# Module: courier -# -# IMAP and POP3 email servers -# -courier = module - -# Layer: services -# Module: cpucontrol -# -# Services for loading CPU microcode and CPU frequency scaling. -# -cpucontrol = module - -# Layer: apps -# Module: cpufreqselector -# -# cpufreqselector executable -# -cpufreqselector = module - -# Layer: services -# Module: cron -# -# Periodic execution of scheduled commands. -# -cron = module - -# Layer: services -# Module: ctdbd -# -# Cluster Daemon -# -ctdb = module - -# Layer: services -# Module: cups -# -# Common UNIX printing system -# -cups = module - -# Layer: services -# Module: cvs -# -# Concurrent versions system -# -cvs = module - -# Layer: services -# Module: cyphesis -# -# cyphesis game server -# -cyphesis = module - -# Layer: services -# Module: cyrus -# -# Cyrus is an IMAP service intended to be run on sealed servers -# -cyrus = module - -# Layer: system -# Module: daemontools -# -# Collection of tools for managing UNIX services -# -daemontools = module - -# Layer: role -# Module: dbadm -# -# Minimally prived root role for managing databases -# -dbadm = module - -# Layer: services -# Module: dbskk -# -# Dictionary server for the SKK Japanese input method system. -# -dbskk = module - -# Layer: services -# Module: dbus -# -# Desktop messaging bus -# -dbus = module - -# Layer: services -# Module: dcc -# -# A distributed, collaborative, spam detection and filtering network. -# -dcc = module - -# Layer: services -# Module: ddclient -# -# Update dynamic IP address at DynDNS.org -# -ddclient = module - -# Layer: admin -# Module: ddcprobe -# -# ddcprobe retrieves monitor and graphics card information -# -ddcprobe = off - -# Layer: services -# Module: denyhosts -# -# script to help thwart ssh server attacks -# -denyhosts = module - -# Layer: services -# Module: devicekit -# -# devicekit-daemon -# -devicekit = module - -# Layer: services -# Module: dhcp -# -# Dynamic host configuration protocol (DHCP) server -# -dhcp = module - -# Layer: services -# Module: dictd -# -# Dictionary daemon -# -dictd = module - -# Layer: services -# Module: dirsrv-admin -# -# An 309 directory admin server -# -dirsrv-admin = module - -# Layer: services -# Module: dirsrv -# -# An 309 directory server -# -dirsrv = module - -# Layer: services -# Module: distcc -# -# Distributed compiler daemon -# -distcc = off - -# Layer: admin -# Module: dmidecode -# -# Decode DMI data for x86/ia64 bioses. -# -dmidecode = module - -# Layer: services -# Module: dnsmasq -# -# A lightweight DHCP and caching DNS server. -# -dnsmasq = module - -# Layer: services -# Module: dnssec -# -# A dnssec server application -# -dnssec = module - -# Layer: services -# Module: dovecot -# -# Dovecot POP and IMAP mail server -# -dovecot = module - -# Layer: services -# Module: drbd -# -# DRBD mirrors a block device over the network to another machine. -# -drbd = module - -# Layer: services -# Module: dspam -# -# dspam - library and Mail Delivery Agent for Bayesian SPAM filtering -# -dspam = module - -# Layer: services -# Module: entropy -# -# Generate entropy from audio input -# -entropyd = module - -# Layer: services -# Module: exim -# -# exim mail server -# -exim = module - -# Layer: services -# Module: fail2ban -# -# daiemon that bans IP that makes too many password failures -# -fail2ban = module - -# Layer: services -# Module: fcoe -# -# fcoe -# -fcoe = module - -# Layer: services -# Module: fetchmail -# -# Remote-mail retrieval and forwarding utility -# -fetchmail = module - -# Layer: services -# Module: finger -# -# Finger user information service. -# -finger = module - -# Layer: services -# Module: firewalld -# -# firewalld is firewall service daemon that provides dynamic customizable -# -firewalld = module - -# Layer: apps -# Module: firewallgui -# -# policy for system-config-firewall -# -firewallgui = module - -# Module: firstboot -# -# Final system configuration run during the first boot -# after installation of Red Hat/Fedora systems. -# -firstboot = module - -# Layer: services -# Module: fprintd -# -# finger print server -# -fprintd = module - -# Layer: services -# Module: freqset -# -# Utility for CPU frequency scaling -# -freqset = module - -# Layer: services -# Module: ftp -# -# File transfer protocol service -# -ftp = module - -# Layer: apps -# Module: games -# -# The Open Group Pegasus CIM/WBEM Server. -# -games = module - -# Layer: apps -# Module: gitosis -# -# Policy for gitosis -# -gitosis = module - -# Layer: services -# Module: git -# -# Policy for the stupid content tracker -# -git = module - -# Layer: services -# Module: glance -# -# Policy for glance -# -glance = module - -# Layer: contrib -# Module: glusterd -# -# policy for glusterd service -# -glusterd = module - -# Layer: apps -# Module: gnome -# -# gnome session and gconf -# -gnome = module - -# Layer: apps -# Module: gpg -# -# Policy for GNU Privacy Guard and related programs. -# -gpg = module - -# Layer: services -# Module: gpm -# -# General Purpose Mouse driver -# -gpm = module - -# Module: gpsd -# -# gpsd monitor daemon -# -# -gpsd = module - -# Module: gssproxy -# -# A proxy for GSSAPI credential handling -# -# -gssproxy = module - -# Layer: role -# Module: guest -# -# Minimally privs guest account on tty logins -# -guest = module - -# Layer: role -# Module: xguest -# -# Minimally privs guest account on X Windows logins -# -xguest = module - -# Layer: services -# Module: hddtemp -# -# hddtemp hard disk temperature tool running as a daemon -# -hddtemp = module - -# Layer: services -# Module: hostapd -# -# hostapd - IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator -# -hostapd = module - -# Layer: services -# Module: i18n_input -# -# IIIMF htt server -# -i18n_input = off - -# Layer: services -# Module: icecast -# -# ShoutCast compatible streaming media server -# -icecast = module - -# Layer: services -# Module: inetd -# -# Internet services daemon. -# -inetd = module - -# Layer: services -# Module: inn -# -# Internet News NNTP server -# -inn = module - -# Layer: services -# Module: lircd -# -# LIRC daemon - decodes infrared signals and provides them on a Unix domain socket. -# -lircd = module - -# Layer: apps -# Module: irc -# -# IRC client policy -# -irc = module - -# Layer: services -# Module: irqbalance -# -# IRQ balancing daemon -# -irqbalance = module - -# Layer: system -# Module: iscsi -# -# Open-iSCSI daemon -# -iscsi = module - -# Layer: system -# Module: isnsd -# -# -# -isns = module - -# Layer: services -# Module: jabber -# -# Jabber instant messaging server -# -jabber = module - -# Layer: services -# Module: jetty -# -# Java based http server -# -jetty = module - -# Layer: apps -# Module: jockey -# -# policy for jockey-backend -# -jockey = module - -# Layer: apps -# Module: kdumpgui -# -# system-config-kdump policy -# -kdumpgui = module - -# Layer: admin -# Module: kdump -# -# kdump is kernel crash dumping mechanism -# -kdump = module - -# Layer: services -# Module: kerberos -# -# MIT Kerberos admin and KDC -# -kerberos = module - -# Layer: services -# Module: keepalived -# -# keepalived - load-balancing and high-availability service -# -keepalived = module - -# Module: keyboardd -# -# system-setup-keyboard is a keyboard layout daemon that monitors -# /etc/sysconfig/keyboard and writes out an xorg.conf.d snippet -# -keyboardd = module - -# Layer: services -# Module: keystone -# -# openstack-keystone -# -keystone = module - -# Layer: services -# Module: kismet -# -# Wireless sniffing and monitoring -# -kismet = module - -# Layer: services -# Module: ksmtuned -# -# Kernel Samepage Merging (KSM) Tuning Daemon -# -ksmtuned = module - -# Layer: services -# Module: ktalk -# -# KDE Talk daemon -# -ktalk = module - -# Layer: services -# Module: l2ltpd -# -# Layer 2 Tunnelling Protocol Daemon -# -l2tp = module - -# Layer: services -# Module: ldap -# -# OpenLDAP directory server -# -ldap = module - -# Layer: services -# Module: likewise -# -# Likewise Active Directory support for UNIX -# -likewise = module - -# Layer: apps -# Module: livecd -# -# livecd creator -# -livecd = module - -# Layer: services -# Module: lldpad -# -# lldpad - Link Layer Discovery Protocol (LLDP) agent daemon -# -lldpad = module - -# Layer: apps -# Module: loadkeys -# -# Load keyboard mappings. -# -loadkeys = module - -# Layer: apps -# Module: lockdev -# -# device locking policy for lockdev -# -lockdev = module - -# Layer: admin -# Module: logrotate -# -# Rotate and archive system logs -# -logrotate = module - -# Layer: services -# Module: logwatch -# -# logwatch executable -# -logwatch = module - -# Layer: services -# Module: lpd -# -# Line printer daemon -# -lpd = module - -# Layer: services -# Module: mailman -# -# Mailman is for managing electronic mail discussion and e-newsletter lists -# -mailman = module - -# Layer: services -# Module: mailman -# -# Policy for mailscanner -# -mailscanner = module - -# Layer: apps -# Module: man2html -# -# policy for man2html apps -# -man2html = module - -# Layer: admin -# Module: mcelog -# -# Policy for mcelog. -# -mcelog = module - -# Layer: apps -# Module: mediawiki -# -# mediawiki -# -mediawiki = module - -# Layer: services -# Module: memcached -# -# high-performance memory object caching system -# -memcached = module - -# Layer: services -# Module: milter -# -# -# -milter = module - -# Layer: services -# Module: mip6d -# -# UMIP Mobile IPv6 and NEMO Basic Support protocol implementation -# -mip6d = module - -# Layer: services -# Module: mock -# -# Policy for mock rpm builder -# -mock = module - -# Layer: services -# Module: modemmanager -# -# Manager for dynamically switching between modems. -# -modemmanager = module - -# Layer: services -# Module: mojomojo -# -# Wiki server -# -mojomojo = module - -# Layer: apps -# Module: mozilla -# -# Policy for Mozilla and related web browsers -# -mozilla = module - -# Layer: services -# Module: mpd -# -# mpd - daemon for playing music -# -mpd = module - -# Layer: apps -# Module: mplayer -# -# Policy for Mozilla and related web browsers -# -mplayer = module - -# Layer: admin -# Module: mrtg -# -# Network traffic graphing -# -mrtg = module - -# Layer: services -# Module: mta -# -# Policy common to all email tranfer agents. -# -mta = module - -# Layer: services -# Module: munin -# -# Munin -# -munin = module - -# Layer: services -# Module: mysql -# -# Policy for MySQL -# -mysql = module - -# Layer: contrib -# Module: mythtv -# -# Policy for Mythtv (Web Server) -# -mythtv = module - -# Layer: services -# Module: nagios -# -# policy for nagios Host/service/network monitoring program -# -nagios = module - -# Layer: apps -# Module: namespace -# -# policy for namespace.init script -# -namespace = module - -# Layer: admin -# Module: ncftool -# -# Tool to modify the network configuration of a system -# -ncftool = module - -# Layer: services -# Module: networkmanager -# -# Manager for dynamically switching between networks. -# -networkmanager = module - -# Layer: services -# Module: ninfod -# -# Respond to IPv6 Node Information Queries -# -ninfod = module - -# Layer: services -# Module: nis -# -# Policy for NIS (YP) servers and clients -# -nis = module - -# Layer: services -# Module: nova -# -# openstack-nova -# -nova = module - -# Layer: services -# Module: nscd -# -# Name service cache daemon -# -nscd = module - -# Layer: services -# Module: nslcd -# -# Policy for nslcd -# -nslcd = module - -# Layer: services -# Module: ntop -# -# Policy for ntop -# -ntop = module - -# Layer: services -# Module: ntp -# -# Network time protocol daemon -# -ntp = module - -# Layer: services -# Module: numad -# -# numad - user-level daemon that provides advice and managment for optimum use of CPUs and memory on systems with NUMA topology -# -numad = module - -# Layer: services -# Module: nut -# -# nut - Network UPS Tools -# -nut = module - -# Layer: services -# Module: nx -# -# NX Remote Desktop -# -nx = module - -# Layer: services -# Module: obex -# -# policy for obex-data-server -# -obex = module - -# Layer: services -# Module: oddjob -# -# policy for oddjob -# -oddjob = module - -# Layer: services -# Module: openct -# -# Service for handling smart card readers. -# -openct = off - -# Layer: service -# Module: openct -# -# Middleware framework for smart card terminals -# -openct = module - -# Layer: contrib -# Module: openshift-origin -# -# Origin version of openshift policy -# -openshift-origin = module -# Layer: contrib -# Module: openshift -# -# Core openshift policy -# -openshift = module - -# Layer: services -# Module: opensm -# -# InfiniBand subnet manager and administration (SM/SA) -# -opensm = module - -# Layer: services -# Module: openvpn -# -# Policy for OPENVPN full-featured SSL VPN solution -# -openvpn = module - -# Layer: contrib -# Module: openvswitch -# -# SELinux policy for openvswitch programs -# -openvswitch = module - -# Layer: services -# Module: openwsman -# -# WS-Management Server -# -openwsman = module - -# Layer: services -# Module: osad -# -# Client-side service written in Python that responds to pings -# -osad = module - -# Layer: contrib -# Module: prelude -# -# SELinux policy for prelude -# -prelude = module - -# Layer: contrib -# Module: prosody -# -# SELinux policy for prosody flexible communications server for Jabber/XMPP -# -prosody = module - -# Layer: services -# Module: pads -# -pads = module - -# Layer: services -# Module: passenger -# -# Passenger -# -passenger = module - -# Layer: system -# Module: pcmcia -# -# PCMCIA card management services -# -pcmcia = module - -# Layer: service -# Module: pcscd -# -# PC/SC Smart Card Daemon -# -pcscd = module - -# Layer: services -# Module: pdns -# -# PowerDNS DNS server -# -pdns = module - -# Layer: services -# Module: pegasus -# -# The Open Group Pegasus CIM/WBEM Server. -# -pegasus = module - -# Layer: services -# Module: pingd -# -# -pingd = module - -# Layer: services -# Module: piranha -# -# piranha - various tools to administer and configure the Linux Virtual Server -# -piranha = module - -# Layer: contrib -# Module: pkcs -# -# daemon manages PKCS#11 objects between PKCS#11-enabled applications -# -pkcs = module - -# Layer: services -# Module: plymouthd -# -# Plymouth -# -plymouthd = module - -# Layer: apps -# Module: podsleuth -# -# Podsleuth probes, identifies, and exposes properties and metadata bound to iPods. -# -podsleuth = module - -# Layer: services -# Module: policykit -# -# Hardware abstraction layer -# -policykit = module - -# Layer: services -# Module: polipo -# -# polipo -# -polipo = module - -# Layer: services -# Module: portmap -# -# RPC port mapping service. -# -portmap = module - -# Layer: services -# Module: portreserve -# -# reserve ports to prevent portmap mapping them -# -portreserve = module - -# Layer: services -# Module: postfix -# -# Postfix email server -# -postfix = module - -# Layer: services -# Module: postgrey -# -# email scanner -# -postgrey = module - -# Layer: services -# Module: ppp -# -# Point to Point Protocol daemon creates links in ppp networks -# -ppp = module - -# Layer: admin -# Module: prelink -# -# Manage temporary directory sizes and file ages -# -prelink = module - -# Layer: services -# Module: privoxy -# -# Privacy enhancing web proxy. -# -privoxy = module - -# Layer: services -# Module: procmail -# -# Procmail mail delivery agent -# -procmail = module - -# Layer: services -# Module: psad -# -# Analyze iptables log for hostile traffic -# -psad = module - -# Layer: apps -# Module: ptchown -# -# helper function for grantpt(3), changes ownship and permissions of pseudotty -# -ptchown = module - -# Layer: apps -# Module: pulseaudio -# -# The PulseAudio Sound System -# -pulseaudio = module - -# Layer: services -# Module: puppet -# -# A network tool for managing many disparate systems -# -puppet = module - -# Layer: apps -# Module: pwauth -# -# External plugin for mod_authnz_external authenticator -# -pwauth = module - -# Layer: services -# Module: qmail -# -# Policy for qmail -# -qmail = module - -# Layer: services -# Module: qpidd -# -# Policy for qpidd -# -qpid = module - -# Layer: services -# Module: quantum -# -# Quantum is a virtual network service for Openstack -# -quantum = module - -# Layer: admin -# Module: quota -# -# File system quota management -# -quota = module - -# Layer: services -# Module: rabbitmq -# -# rabbitmq daemons -# -rabbitmq = module - -# Layer: services -# Module: radius -# -# RADIUS authentication and accounting server. -# -radius = module - -# Layer: services -# Module: radvd -# -# IPv6 router advertisement daemon -# -radvd = module - -# Layer: system -# Module: raid -# -# RAID array management tools -# -raid = module - -# Layer: services -# Module: rasdaemon -# -# The rasdaemon program is a daemon with monitors the RAS trace events from /sys/kernel/debug/tracing -# -rasdaemon = module - -# Layer: services -# Module: rdisc -# -# Network router discovery daemon -# -rdisc = module - -# Layer: admin -# Module: readahead -# -# Readahead, read files into page cache for improved performance -# -readahead = module - -# Layer: contrib -# Module: stapserver -# -# dbus system service which manages discovery and enrollment in realms and domains like Active Directory or IPA -# -realmd = module - -# Layer: services -# Module: remotelogin -# -# Policy for rshd, rlogind, and telnetd. -# -remotelogin = module - -# Layer: services -# Module: rhcs -# -# RHCS - Red Hat Cluster Suite -# -rhcs = module - -# Layer: services -# Module: rhev -# -# rhev policy module contains policies for rhev apps -# -rhev = module - -# Layer: services -# Module: rhgb -# -# X windows login display manager -# -rhgb = module - -# Layer: services -# Module: rhsmcertd -# -# Subscription Management Certificate Daemon policy -# -rhsmcertd = module - -# Layer: services -# Module: ricci -# -# policy for ricci -# -ricci = module - -# Layer: services -# Module: rlogin -# -# Remote login daemon -# -rlogin = module - -# Layer: services -# Module: roundup -# -# Roundup Issue Tracking System policy -# -roundup = module - -# Layer: services -# Module: rpcbind -# -# universal addresses to RPC program number mapper -# -rpcbind = module - -# Layer: services -# Module: rpc -# -# Remote Procedure Call Daemon for managment of network based process communication -# -rpc = module - -# Layer: admin -# Module: rpm -# -# Policy for the RPM package manager. -# -rpm = module - -# Layer: services -# Module: rshd -# -# Remote shell service. -# -rshd = module - -# Layer: apps -# Module: rssh -# -# Restricted (scp/sftp) only shell -# -rssh = module - -# Layer: services -# Module: rsync -# -# Fast incremental file transfer for synchronization -# -rsync = module - -# Layer: services -# Module: rtkit -# -# Real Time Kit Daemon -# -rtkit = module - -# Layer: services -# Module: rwho -# -# who is logged in on local machines -# -rwho = module - -# Layer: apps -# Module: sambagui -# -# policy for system-config-samba -# -sambagui = module - -# -# SMB and CIFS client/server programs for UNIX and -# name Service Switch daemon for resolving names -# from Windows NT servers. -# -samba = module - -# Layer: apps -# Module: sandbox -# -# Policy for running apps within a sandbox -# -sandbox = module - -# Layer: apps -# Module: sandbox -# -# Policy for running apps within a X sandbox -# -sandboxX = module - -# Layer: services -# Module: sanlock -# -# sanlock policy -# -sanlock = module - -# Layer: services -# Module: sasl -# -# SASL authentication server -# -sasl = module - -# Layer: services -# Module: sblim -# -# sblim -# -sblim = module - -# Layer: apps -# Module: screen -# -# GNU terminal multiplexer -# -screen = module - -# Layer: admin -# Module: sectoolm -# -# Policy for sectool-mechanism -# -sectoolm = module - -# Layer: services -# Module: sendmail -# -# Policy for sendmail. -# -sendmail = module - -# Layer: contrib -# Module: sensord -# -# Sensor information logging daemon -# -sensord = module - -# Layer: services -# Module: setroubleshoot -# -# Policy for the SELinux troubleshooting utility -# -setroubleshoot = module - -# Layer: services -# Module: sge -# -# policy for grindengine MPI jobs -# -sge = module - -# Layer: admin -# Module: shorewall -# -# Policy for shorewall -# -shorewall = module - -# Layer: apps -# Module: slocate -# -# Update database for mlocate -# -slocate = module - -# Layer: contrib -# Module: slpd -# -# OpenSLP server daemon to dynamically register services -# -slpd = module - -# Layer: services -# Module: slrnpull -# -# Service for downloading news feeds the slrn newsreader. -# -slrnpull = off - -# Layer: services -# Module: smartmon -# -# Smart disk monitoring daemon policy -# -smartmon = module - -# Layer: services -# Module: smokeping -# -# Latency Logging and Graphing System -# -smokeping = module - -# Layer: admin -# Module: smoltclient -# -#The Fedora hardware profiler client -# -smoltclient = module - -# Layer: services -# Module: snmp -# -# Simple network management protocol services -# -snmp = module - -# Layer: services -# Module: snort -# -# Snort network intrusion detection system -# -snort = module - -# Layer: admin -# Module: sosreport -# -# sosreport debuggin information generator -# -sosreport = module - -# Layer: services -# Module: soundserver -# -# sound server for network audio server programs, nasd, yiff, etc -# -soundserver = module - -# Layer: services -# Module: spamassassin -# -# Filter used for removing unsolicited email. -# -spamassassin = module - -# Layer: services -# Module: speech-dispatcher -# -# speech-dispatcher - server process managing speech requests in Speech Dispatcher -# -speech-dispatcher = module - -# Layer: services -# Module: squid -# -# Squid caching http proxy server -# -squid = module - -# Layer: services -# Module: sssd -# -# System Security Services Daemon -# -sssd = module - -# Layer: services -# Module: sslh -# -# Applicative protocol(SSL/SSH) multiplexer -# -sslh = module - -# Layer: contrib -# Module: stapserver -# -# Instrumentation System Server -# -stapserver = module - -# Layer: services -# Module: stunnel -# -# SSL Tunneling Proxy -# -stunnel = module - -# Layer: services -# Module: svnserve -# -# policy for subversion service -# -svnserve = module - -# Layer: services -# Module: swift -# -# openstack-swift -# -swift = module - -# Layer: services -# Module: sysstat -# -# Policy for sysstat. Reports on various system states -# -sysstat = module - -# Layer: services -# Module: tcpd -# -# Policy for TCP daemon. -# -tcpd = module - -# Layer: services -# Module: tcsd -# -# tcsd - daemon that manages Trusted Computing resources -# -tcsd = module - -# Layer: apps -# Module: telepathy -# -# telepathy - Policy for Telepathy framework -# -telepathy = module - -# Layer: services -# Module: telnet -# -# Telnet daemon -# -telnet = module - -# Layer: services -# Module: tftp -# -# Trivial file transfer protocol daemon -# -tftp = module - -# Layer: services -# Module: tgtd -# -# Linux Target Framework Daemon. -# -tgtd = module - -# Layer: apps -# Module: thumb -# -# Thumbnailer confinement -# -thumb = module - -# Layer: services -# Module: timidity -# -# MIDI to WAV converter and player configured as a service -# -timidity = off - -# Layer: admin -# Module: tmpreaper -# -# Manage temporary directory sizes and file ages -# -tmpreaper = module - -# Layer: contrib -# Module: glusterd -# -# policy for tomcat service -# -tomcat = module -# Layer: services -# Module: tor -# -# TOR, the onion router -# -tor = module - -# Layer: services -# Module: tuned -# -# Dynamic adaptive system tuning daemon -# -tuned = module - -# Layer: apps -# Module: tvtime -# -# tvtime - a high quality television application -# -tvtime = module - -# Layer: services -# Module: ulogd -# -# netfilter/iptables ULOG daemon -# -ulogd = module - -# Layer: apps -# Module: uml -# -# Policy for UML -# -uml = module - -# Layer: admin -# Module: updfstab -# -# Red Hat utility to change /etc/fstab. -# -updfstab = module - -# Layer: admin -# Module: usbmodules -# -# List kernel modules of USB devices -# -usbmodules = module - -# Layer: services -# Module: usbmuxd -# -# Daemon for communicating with Apple's iPod Touch and iPhone -# -usbmuxd = module - -# Layer: apps -# Module: userhelper -# -# A helper interface to pam. -# -userhelper = module - -# Layer: apps -# Module: usernetctl -# -# User network interface configuration helper -# -usernetctl = module - -# Layer: services -# Module: uucp -# -# Unix to Unix Copy -# -uucp = module - -# Layer: services -# Module: uuidd -# -# UUID generation daemon -# -uuidd = module - -# Layer: services -# Module: varnishd -# -# Varnishd http accelerator daemon -# -varnishd = module - -# Layer: services -# Module: vdagent -# -# vdagent -# -vdagent = module - -# Layer: services -# Module: vhostmd -# -# vhostmd - spice guest agent daemon. -# -vhostmd = module - -# Layer: services -# Module: virt -# -# Virtualization libraries -# -virt = module - -# Layer: apps -# Module: vhostmd -# -# vlock - Virtual Console lock program -# -vlock = module - -# Layer: services -# Module: vmtools -# -# VMware Tools daemon -# -vmtools = module - -# Layer: apps -# Module: vmware -# -# VMWare Workstation virtual machines -# -vmware = module - -# Layer: services -# Module: vnstatd -# -# Network traffic Monitor -# -vnstatd = module - -# Layer: admin -# Module: vpn -# -# Virtual Private Networking client -# -vpn = module - -# Layer: services -# Module: w3c -# -# w3c -# -w3c = module - -# Layer: services -# Module: wdmd -# -# wdmd policy -# -wdmd = module - -# Layer: role -# Module: webadm -# -# Minimally prived root role for managing apache -# -webadm = module - -# Layer: apps -# Module: webalizer -# -# Web server log analysis -# -webalizer = module - -# Layer: apps -# Module: wine -# -# wine executable -# -wine = module - -# Layer: apps -# Module: wireshark -# -# wireshark executable -# -wireshark = module - -# Layer: system -# Module: xen -# -# virtualization software -# -xen = module - -# Layer: services -# Module: zabbix -# -# Open-source monitoring solution for your IT infrastructure -# -zabbix = module - -# Layer: services -# Module: zarafa -# -# Zarafa Collaboration Platform -# -zarafa = module - -# Layer: services -# Module: zebra -# -# Zebra border gateway protocol network routing service -# -zebra = module - -# Layer: services -# Module: zoneminder -# -# Zoneminder Camera Security Surveillance Solution -# -zoneminder = module - -# Layer: services -# Module: zosremote -# -# policy for z/OS Remote-services Audit dispatcher plugin -# -zosremote = module - -# Layer: contrib -# Module: thin -# -# Policy for thin -# -thin = module - -# Layer: contrib -# Module: mandb -# -# Policy for mandb -# -mandb = module - -# Layer: services -# Module: pki -# -# policy for pki -# -pki = module - -# Layer: services -# Module: smsd -# -# policy for smsd -# -smsd = module - -# Layer: contrib -# Module: pesign -# -# policy for pesign -# -pesign = module - -# Layer: contrib -# Module: nsd -# -# Fast and lean authoritative DNS Name Server -# -nsd = module - -# Layer: contrib -# Module: iodine -# -# Fast and lean authoritative DNS Name Server -# -iodine = module - -# Layer: contrib -# Module: openhpid -# -# OpenHPI daemon runs as a background process and accepts connecti -# -openhpid = module - -# Layer: contrib -# Module: watchdog -# -# Watchdog policy -# -watchdog = module - -# Layer: contrib -# Module: oracleasm -# -# oracleasm policy -# -oracleasm = module - -# Layer: contrib -# Module: redis -# -# redis policy -# -redis = module - -# Layer: contrib -# Module: hypervkvp -# -# hypervkvp policy -# -hypervkvp = module - -# Layer: contrib -# Module: lsm -# -# lsm policy -# -lsm = module - -# Layer: contrib -# Module: motion -# -# Daemon for detect motion using a video4linux device -motion = module - -# Layer: contrib -# Module: rtas -# -# rtas policy -# -rtas = module - -# Layer: contrib -# Module: journalctl -# -# journalctl policy -# -journalctl = module - -# Layer: contrib -# Module: gdomap -# -# gdomap policy -# -gdomap = module - -# Layer: contrib -# Module: minidlna -# -# minidlna policy -# -minidlna = module - -# Layer: contrib -# Module: minissdpd -# -# minissdpd policy -# -minissdpd = module - -# Layer: contrib -# Module: freeipmi -# -# Remote-Console (out-of-band) and System Management Software (in-band) -# based on IntelligentPlatform Management Interface specification -# -freeipmi = module - -# Layer: contrib -# Module: mirrormanager -# -# mirrormanager policy -# -mirrormanager = module - -# Layer: contrib -# Module: snapper -# -# snapper policy -# -snapper = module - -# Layer: contrib -# Module: pcp -# -# pcp policy -# -pcp = module - -# Layer: contrib -# Module: geoclue -# -# Add policy for Geoclue. Geoclue is a D-Bus service that provides location information -# -geoclue = module - -# Layer: contrib -# Module: rkhunter -# -# rkhunter policy for /var/lib/rkhunter -# -rkhunter = module - -# Layer: contrib -# Module: bacula -# -# bacula policy -# -bacula = module - -# Layer: contrib -# Module: rhnsd -# -# rhnsd policy -# -rhnsd = module - -# Layer: contrib -# Module: mongodb -# -# mongodb policy -# - -mongodb = module - -# Layer: contrib -# Module: iotop -# -# iotop policy -# - -iotop = module - -# Layer: contrib -# Module: kmscon -# -# kmscon policy -# - -kmscon = module - -# Layer: contrib -# Module: naemon -# -# naemon policy -# -naemon = module - -# Layer: contrib -# Module: brltty -# -# brltty policy -# -brltty = module - -# Layer: contrib -# Module: cpuplug -# -# cpuplug policy -# -cpuplug = module - -# Layer: contrib -# Module: mon_statd -# -# mon_statd policy -# -mon_statd = module - -# Layer: contrib -# Module: cinder -# -# openstack-cinder policy -# -cinder = module - -# Layer: contrib -# Module: linuxptp -# -# linuxptp policy -# -linuxptp = module - -# Layer: contrib -# Module: rolekit -# -# rolekit policy -# -rolekit = module - -# Layer: contrib -# Module: targetd -# -# targetd policy -# -targetd = module - -# Layer: contrib -# Module: hsqldb -# -# Hsqldb is transactional database engine with in-memory and disk-based tables, supporting embedded and server modes. -# -hsqldb = module - -# Layer: contrib -# Module: blkmapd -# -# The blkmapd daemon performs device discovery and mapping for pNFS block layout client. -# -blkmapd = module - -# Layer: contrib -# Module: pkcs11proxyd -# -# pkcs11proxyd policy -# -pkcs11proxyd = module - -# Layer: contrib -# Module: ipmievd -# -# IPMI event daemon for sending events to syslog -# -ipmievd = module - -# Layer: contrib -# Module: openfortivpn -# -# Fortinet compatible SSL VPN daemons. -# -openfortivpn = module - -# Layer: contrib -# Module: fwupd -# -# fwupd is a daemon to allow session software to update device firmware. -# -fwupd = module - -# Layer: contrib -# Module: lttng-tools -# -# LTTng 2.x central tracing registry session daemon. -# -lttng-tools = module - -# Layer: contrib -# Module: rkt -# -# CLI for running app containers -# -rkt = module - -# Layer: contrib -# Module: opendnssec -# -# opendnssec -# -opendnssec = module - -# Layer: contrib -# Module: hwloc -# -# hwloc -# -hwloc = module - -# Layer: contrib -# Module: sbd -# -# sbd -# -sbd = module - -# Layer: contrib -# Module: tlp -# -# tlp -# -tlp = module - -# Layer: contrib -# Module: conntrackd -# -# conntrackd -# -conntrackd = module - -# Layer: contrib -# Module: tangd -# -# tangd -# -tangd = module - -# Layer: contrib -# Module: ibacm -# -# ibacm -# -ibacm = module - -# Layer: contrib -# Module: opafm -# -# opafm -# -opafm = module - -# Layer: contrib -# Module: boltd -# -# boltd -# -boltd = module - -# Layer: contrib -# Module: kpatch -# -# kpatch -# -kpatch = module - -# Layer: contrib -# Module: timedatex -# -# timedatex -# -timedatex = module - -# Layer: contrib -# Module: rrdcached -# -# rrdcached -# -rrdcached = module - -# Layer: contrib -# Module: stratisd -# -# stratisd -# -stratisd = module - -# Layer: contrib -# Module: ica -# -# ica -# -ica = module - -# Layer: contrib -# Module: fedoratp -# -# fedoratp -# -fedoratp = module - -# Layer: contrib -# Module: insights_client -# -# insights_client -# -insights_client = module - -# Layer: contrib -# Module: stalld -# -# stalld -# -stalld = module - -# Layer: contrib -# Module: rhcd -# -# rhcd -# -rhcd = module - -# Layer: contrib -# Module: wireguard -# -# wireguard -# -wireguard = module - -# Layer: contrib -# Module: mptcpd -# -# mptcpd -# -mptcpd = module - -# Layer: contrib -# Module: rshim -# -# rshim -# -rshim = module - -# Layer: contrib -# Module: keyutils -# -# keyutils -# -keyutils = module - -# Layer: contrib -# Module: cifsutils -# -# cifsutils - Utilities for managing CIFS mounts -# -cifsutils = module - -# Layer: contrib -# Module: boothd -# -# boothd - Booth cluster ticket manager -# -boothd = module - -# Layer: contrib -# Module: kafs -# -# kafs - Tools for kAFS -# -kafs = module - -# Layer: contrib -# Module: bootupd -# -# bootupd - bootloader update daemon -# -bootupd = module - -# Layer: contrib -# Module: fdo -# -# fdo - fido device onboard protocol for IoT devices -# -fdo = module - -# Layer: contrib -# Module: qatlib -# -# qatlib - Intel QuickAssist technology library and resources management -# -qatlib = module - -# Layer: services -# Module: virt_supplementary -# -# non-libvirt virtualization libraries -# -virt_supplementary = module - -# Layer: contrib -# Module: nvme_stas -# -# nvme_stas -# -nvme_stas = module - -# Layer: contrib -# Module: coreos_installer -# -# coreos_installer -# -coreos_installer = module - -# Layer: contrib -# Module: afterburn -# -# afterburn -# -afterburn = module - -# Layer: contrib -# Module: sap -# -# sap -# -sap = module diff --git a/modules-targeted.conf b/modules-targeted.conf index 16f8f79..bc5edff 100644 --- a/modules-targeted.conf +++ b/modules-targeted.conf @@ -1,113 +1,451 @@ +# Layer: kernel +# Module: bootloader # -# This file contains a listing of available modules. -# To prevent a module from being used in policy -# creation, set the module name to "off". +# Policy for the kernel modules, kernel image, and bootloader. +# +bootloader = module + +# Layer: kernel +# Module: corecommands +# Required in base # -# For monolithic policies, modules set to "base" and "module" -# will be built into the policy. +# Core policy for shells, and generic programs +# in /bin, /sbin, /usr/bin, and /usr/sbin. # -# For modular policies, modules set to "base" will be -# included in the base module. "module" will be compiled -# as individual loadable modules. +corecommands = base + +# Layer: kernel +# Module: corenetwork +# Required in base # +# Policy controlling access to network objects +# +corenetwork = base -# Layer: services -# Module: accountsd +# Layer: admin +# Module: dmesg # -# An application to view and modify user accounts information +# Policy for dmesg. # -accountsd = module +dmesg = module # Layer: admin -# Module: acct +# Module: netutils # -# Berkeley process accounting +# Network analysis utilities # -acct = module +netutils = module -# Layer: services -# Module: ajaxterm +# Layer: admin +# Module: sudo # -# Web Based Terminal +# Execute a command with a substitute user # -ajaxterm = module +sudo = module # Layer: admin -# Module: alsa +# Module: su # -# Ainit ALSA configuration tool +# Run shells with substitute user and group # -alsa = module +su = module + +# Layer: admin +# Module: usermanage +# +# Policy for managing user accounts. +# +usermanage = module + +# Layer: apps +# Module: seunshare +# +# seunshare executable +# +seunshare = module + +# Module: devices +# Required in base +# +# Device nodes and interfaces for many basic system devices. +# +devices = base + +# Module: domain +# Required in base +# +# Core policy for domains. +# +domain = base + +# Layer: system +# Module: userdomain +# +# Policy for user domains +# +userdomain = module + +# Module: files +# Required in base +# +# Basic filesystem types and interfaces. +# +files = base + +# Layer: system +# Module: miscfiles +# +# Miscelaneous files. +# +miscfiles = module + +# Module: filesystem +# Required in base +# +# Policy for filesystems. +# +filesystem = base + +# Module: kernel +# Required in base +# +# Policy for kernel threads, proc filesystem,and unlabeled processes and objects. +# +kernel = base + +# Module: mcs +# Required in base +# +# MultiCategory security policy +# +mcs = base + +# Module: mls +# Required in base +# +# Multilevel security policy +# +mls = base + +# Module: selinux +# Required in base +# +# Policy for kernel security interface, in particular, selinuxfs. +# +selinux = base + +# Layer: kernel +# Module: storage +# +# Policy controlling access to storage devices +# +storage = base + +# Module: terminal +# Required in base +# +# Policy for terminals. +# +terminal = base + +# Layer: kernel +# Module: ubac +# +# +# +ubac = base + +# Layer: kernel +# Module: unconfined +# +# The unlabelednet module. +# +unlabelednet = module + +# Layer: role +# Module: auditadm +# +# auditadm account on tty logins +# +auditadm = module + +# Layer: role +# Module: logadm +# +# Minimally prived root role for managing logging system +# +logadm = module + +# Layer: role +# Module: secadm +# +# secadm account on tty logins +# +secadm = module + +# Layer:role +# Module: sysadm_secadm +# +# System Administrator with Security Admin rules +# +sysadm_secadm = module + +# Module: staff +# +# admin account +# +staff = module + +# Layer:role +# Module: sysadm +# +# System Administrator +# +sysadm = module + +# Layer: role +# Module: unconfineduser +# +# The unconfined user domain. +# +unconfineduser = module + +# Layer: role +# Module: unprivuser +# +# Minimally privs guest account on tty logins +# +unprivuser = module # Layer: services -# Module: callweaver +# Module: postgresql # -# callweaver telephony sever +# PostgreSQL relational database # -callweaver = module +postgresql = module # Layer: services -# Module: cachefilesd +# Module: ssh # -# CacheFiles userspace management daemon +# Secure shell client and server policy. # -cachefilesd = module +ssh = module # Layer: services -# Module: collectd +# Module: xserver +# +# X windows login display manager +# +xserver = module + +# Module: application +# Required in base +# +# Defines attributs and interfaces for all user applications +# +application = module + +# Layer: system +# Module: authlogin +# +# Common policy for authentication and user login. +# +authlogin = module + +# Layer: system +# Module: clock +# +# Policy for reading and setting the hardware clock. +# +clock = module + +# Layer: system +# Module: fstools +# +# Tools for filesystem management, such as mkfs and fsck. +# +fstools = module + +# Layer: system +# Module: getty +# +# Policy for getty. +# +getty = module + +# Layer: system +# Module: hostname +# +# Policy for changing the system host name. +# +hostname = module + +# Layer: system +# Module: init +# +# System initialization programs (init and init scripts). +# +init = module + +# Layer: system +# Module: ipsec +# +# TCP/IP encryption +# +ipsec = module + +# Layer: system +# Module: iptables +# +# Policy for iptables. +# +iptables = module + +# Layer: system +# Module: libraries +# +# Policy for system libraries. +# +libraries = module + +# Layer: system +# Module: locallogin +# +# Policy for local logins. +# +locallogin = module + +# Layer: system +# Module: logging +# +# Policy for the kernel message logger and system logging daemon. +# +logging = module + +# Layer: system +# Module: lvm +# +# Policy for logical volume management programs. +# +lvm = module + +# Layer: system +# Module: modutils +# +# Policy for kernel module utilities +# +modutils = module + +# Layer: system +# Module: mount +# +# Policy for mount. +# +mount = module + +# Layer: system +# Module: netlabel +# +# Basic netlabel types and interfaces. +# +netlabel = module + +# Layer: system +# Module: selinuxutil +# +# Policy for SELinux policy and userland applications. +# +selinuxutil = module + +# Module: setrans +# Required in base +# +# Policy for setrans +# +setrans = module + +# Layer: system +# Module: sysnetwork +# +# Policy for network configuration: ifconfig and dhcp client. +# +sysnetwork = module + +# Layer: system +# Module: systemd +# +# Policy for systemd components +# +systemd = module + +# Layer: system +# Module: udev +# +# Policy for udev. +# +udev = module + +# Layer: system +# Module: unconfined +# +# The unconfined domain. +# +unconfined = module +# Layer: services +# Module: abrt # -# Statistics collection daemon for filling RRD files +# Automatic bug detection and reporting tool # -collectd = module +abrt = module # Layer: services -# Module: colord +# Module: accountsd # -# color device daemon +# An application to view and modify user accounts information # -colord = module +accountsd = module -# Layer: services -# Module: couchdb +# Layer: admin +# Module: acct # -# Apache CouchDB database server +# Berkeley process accounting # -couchdb = module +acct = module -# Layer: apps -# Module: cpufreqselector +# Layer: services +# Module: afs # -# cpufreqselector executable +# Andrew Filesystem server # -cpufreqselector = module +afs = module -# Layer: apps -# Module: chrome +# Layer: services +# Module: aiccu # -# chrome sandbox +# SixXS Automatic IPv6 Connectivity Client Utility # -chrome = module +aiccu = module -# Layer: module -# Module: awstats +# Layer: services +# Module: aide # -# awstats executable +# Policy for aide # -awstats = module - +aide = module + # Layer: services -# Module: abrt +# Module: ajaxterm # -# Automatic bug detection and reporting tool +# Web Based Terminal # -abrt = module +ajaxterm = module -# Layer: services -# Module: aiccu +# Layer: admin +# Module: alsa # -# SixXS Automatic IPv6 Connectivity Client Utility +# Ainit ALSA configuration tool # -aiccu = module +alsa = module # Layer: admin # Module: amanda @@ -116,19 +454,12 @@ aiccu = module # amanda = module -# Layer: services -# Module: afs -# -# Andrew Filesystem server -# -afs = module - -# Layer: services -# Module: amavis +# Layer: admin +# Module: amtu # -# Anti-virus +# Abstract Machine Test Utility (AMTU) # -amavis = module +amtu = module # Layer: admin # Module: anaconda @@ -137,6 +468,13 @@ amavis = module # anaconda = module +# Layer: contrib +# Module: antivirus +# +# SELinux policy for antivirus programs +# +antivirus = module + # Layer: services # Module: apache # @@ -145,20 +483,19 @@ anaconda = module apache = module # Layer: services +# Module: apcupsd +# +# daemon for most APC’s UPS for Linux +# +apcupsd = module + +# Layer: services # Module: apm # # Advanced power management daemon # apm = module -# Layer: system -# Module: application -# Required in base -# -# Defines attributs and interfaces for all user applications -# -application = module - # Layer: services # Module: arpwatch # @@ -167,26 +504,19 @@ application = module arpwatch = module # Layer: services -# Module: entropy -# -# Generate entropy from audio input -# -entropyd = module - -# Layer: system -# Module: authlogin -# -# Common policy for authentication and user login. -# -authlogin = module - -# Layer: services # Module: asterisk # # Asterisk IP telephony server # asterisk = module +# Layer: contrib +# Module: authconfig +# +# Authorization configuration tool +# +authconfig = module + # Layer: services # Module: automount # @@ -201,6 +531,13 @@ automount = module # avahi = module +# Layer: module +# Module: awstats +# +# awstats executable +# +awstats = module + # Layer: services # Module: bcfg2 # @@ -209,82 +546,88 @@ avahi = module bcfg2 = module # Layer: services -# Module: boinc -# -# Berkeley Open Infrastructure for Network Computing -# -boinc = module - -# Layer: services # Module: bind # # Berkeley internet name domain DNS server. # bind = module -# Layer: services -# Module: bugzilla +# Layer: contrib +# Module: rngd # -# Bugzilla server +# Daemon used to feed random data from hardware device to kernel random device # -bugzilla = module +rngd = module # Layer: services -# Module: dirsrv +# Module: bitlbee # -# An 309 directory server +# An IRC to other chat networks gateway # -dirsrv = module +bitlbee = module # Layer: services -# Module: dirsrv-admin +# Module: blueman # -# An 309 directory admin server +# Blueman tools and system services. # -dirsrv-admin = module +blueman = module # Layer: services -# Module: dnsmasq +# Module: bluetooth # -# A lightweight DHCP and caching DNS server. +# Bluetooth tools and system services. # -dnsmasq = module +bluetooth = module # Layer: services -# Module: dnssec +# Module: boinc # -# A dnssec server application +# Berkeley Open Infrastructure for Network Computing +# +boinc = module + +# Layer: system +# Module: brctl +# +# Utilities for configuring the linux ethernet bridge # -dnssec = module +brctl = module # Layer: services -# Module: blueman +# Module: bugzilla # -# Blueman tools and system services. +# Bugzilla server # -blueman = module +bugzilla = module # Layer: services -# Module: bluetooth +# Module: bumblebee # -# Bluetooth tools and system services. -# -bluetooth = module +# Support NVIDIA Optimus technology under Linux +# +bumblebee = module -# Layer: kernel -# Module: ubac +# Layer: services +# Module: cachefilesd # +# CacheFiles userspace management daemon # -# -ubac = base +cachefilesd = module +# Module: calamaris # -# Layer: kernel -# Module: bootloader # -# Policy for the kernel modules, kernel image, and bootloader. +# Squid log analysis # -bootloader = module +calamaris = module + +# Layer: services +# Module: callweaver +# +# callweaver telephony sever +# +callweaver = module # Layer: services # Module: canna @@ -301,19 +644,25 @@ canna = module ccs = module # Layer: apps -# Module: calamaris +# Module: cdrecord # +# Policy for cdrecord +# +cdrecord = module + +# Layer: admin +# Module: certmaster # -# Squid log analysis +# Digital Certificate master # -calamaris = module +certmaster = module -# Layer: apps -# Module: cdrecord +# Layer: services +# Module: certmonger # -# Policy for cdrecord +# Certificate status monitor and PKI enrollment client # -cdrecord = module +certmonger = module # Layer: admin # Module: certwatch @@ -322,40 +671,83 @@ cdrecord = module # certwatch = module -# Layer: admin -# Module: certmaster +# Layer: services +# Module: cfengine # -# Digital Certificate master +# cfengine +# +cfengine = module + +# Layer: services +# Module: cgroup +# +# Tools and libraries to control and monitor control groups +# +cgroup = module + +# Layer: apps +# Module: chrome +# +# chrome sandbox +# +chrome = module + +# Layer: services +# Module: chronyd +# +# Daemon for maintaining clock time +# +chronyd = module + +# Layer: services +# Module: cipe +# +# Encrypted tunnel daemon +# +cipe = module + + +# Layer: services +# Module: clogd +# +# clogd - clustered mirror log server +# +clogd = module + +# Layer: services +# Module: cloudform # -certmaster = module +# cloudform daemons +# +cloudform = module # Layer: services -# Module: certmonger +# Module: cmirrord # -# Certificate status monitor and PKI enrollment client +# cmirrord - daemon providing device-mapper-base mirrors in a shared-storege cluster # -certmonger = module - +cmirrord = module + # Layer: services -# Module: cipe +# Module: cobbler # -# Encrypted tunnel daemon +# cobbler # -cipe = module +cobbler = module # Layer: services -# Module: chronyd +# Module: collectd # -# Daemon for maintaining clock time +# Statistics collection daemon for filling RRD files # -chronyd = module +collectd = module # Layer: services -# Module: cobbler +# Module: colord # -# cobbler +# color device daemon # -cobbler = module +colord = module # Layer: services # Module: comsat @@ -365,56 +757,39 @@ cobbler = module comsat = module # Layer: services -# Module: corosync -# -# Corosync Cluster Engine Executive +# Module: condor +# +# policy for condor # -corosync = module +condor = module # Layer: services -# Module: clamav +# Module: conman # -# ClamAV Virus Scanner -# -clamav = module - -# Layer: system -# Module: clock +# Conman is a program for connecting to remote consoles being managed by conmand # -# Policy for reading and setting the hardware clock. -# -clock = module +conman = module # Layer: services # Module: consolekit # # ConsoleKit is a system daemon for tracking what users are logged # -#consolekit = module - -# Layer: admin -# Module: consoletype -# -# Determine of the console connected to the controlling terminal. -# -consoletype = module +consolekit = module -# Layer: kernel -# Module: corecommands -# Required in base +# Layer: services +# Module: couchdb # -# Core policy for shells, and generic programs -# in /bin, /sbin, /usr/bin, and /usr/sbin. +# Apache CouchDB database server # -corecommands = base +couchdb = module -# Layer: kernel -# Module: corenetwork -# Required in base +# Layer: services +# Module: courier # -# Policy controlling access to network objects +# IMAP and POP3 email servers # -corenetwork = base +courier = module # Layer: services # Module: cpucontrol @@ -423,6 +798,13 @@ corenetwork = base # cpucontrol = module +# Layer: apps +# Module: cpufreqselector +# +# cpufreqselector executable +# +cpufreqselector = module + # Layer: services # Module: cron # @@ -435,7 +817,7 @@ cron = module # # Cluster Daemon # -ctdbd = module +ctdb = module # Layer: services # Module: cups @@ -472,6 +854,13 @@ cyrus = module # daemontools = module +# Layer: role +# Module: dbadm +# +# Minimally prived root role for managing databases +# +dbadm = module + # Layer: services # Module: dbskk # @@ -493,6 +882,13 @@ dbus = module # dcc = module +# Layer: services +# Module: ddclient +# +# Update dynamic IP address at DynDNS.org +# +ddclient = module + # Layer: admin # Module: ddcprobe # @@ -501,19 +897,18 @@ dcc = module ddcprobe = off # Layer: services -# Module: devicekit +# Module: denyhosts # -# devicekit-daemon +# script to help thwart ssh server attacks # -devicekit = module +denyhosts = module -# Layer: kernel -# Module: devices -# Required in base +# Layer: services +# Module: devicekit # -# Device nodes and interfaces for many basic system devices. +# devicekit-daemon # -devices = base +devicekit = module # Layer: services # Module: dhcp @@ -530,18 +925,25 @@ dhcp = module dictd = module # Layer: services -# Module: distcc +# Module: dirsrv-admin # -# Distributed compiler daemon +# An 309 directory admin server # -distcc = off +dirsrv-admin = module -# Layer: admin -# Module: dmesg +# Layer: services +# Module: dirsrv # -# Policy for dmesg. +# An 309 directory server # -dmesg = module +dirsrv = module + +# Layer: services +# Module: distcc +# +# Distributed compiler daemon +# +distcc = off # Layer: admin # Module: dmidecode @@ -550,27 +952,19 @@ dmesg = module # dmidecode = module -# Layer: kernel -# Module: domain -# Required in base -# -# Core policy for domains. -# -domain = base - # Layer: services -# Module: drbd -# -# DRBD mirrors a block device over the network to another machine. +# Module: dnsmasq # -drbd = module +# A lightweight DHCP and caching DNS server. +# +dnsmasq = module # Layer: services -# Module: ddclient -# -# Update dynamic IP address at DynDNS.org +# Module: dnssec # -ddclient = module +# A dnssec server application +# +dnssec = module # Layer: services # Module: dovecot @@ -579,48 +973,33 @@ ddclient = module # dovecot = module -# Layer: apps -# Module: gitosis -# -# Policy for gitosis -# -gitosis = module - # Layer: services -# Module: glance +# Module: drbd # -# Policy for glance -# -glance = module - -# Layer: apps -# Module: gpg +# DRBD mirrors a block device over the network to another machine. # -# Policy for GNU Privacy Guard and related programs. -# -gpg = module +drbd = module # Layer: services -# Module: gpsd +# Module: dspam # -# gpsd monitor daemon +# dspam - library and Mail Delivery Agent for Bayesian SPAM filtering # -# -gpsd = module +dspam = module # Layer: services -# Module: git +# Module: entropy # -# Policy for the stupid content tracker +# Generate entropy from audio input # -git = module +entropyd = module # Layer: services -# Module: gpm +# Module: exim # -# General Purpose Mouse driver +# exim mail server # -gpm = module +exim = module # Layer: services # Module: fail2ban @@ -630,27 +1009,18 @@ gpm = module fail2ban = module # Layer: services -# Module: fetchmail +# Module: fcoe # -# Remote-mail retrieval and forwarding utility -# -fetchmail = module - -# Layer: kernel -# Module: files -# Required in base +# fcoe # -# Basic filesystem types and interfaces. -# -files = base +fcoe = module -# Layer: kernel -# Module: filesystem -# Required in base +# Layer: services +# Module: fetchmail # -# Policy for filesystems. +# Remote-mail retrieval and forwarding utility # -filesystem = base +fetchmail = module # Layer: services # Module: finger @@ -659,13 +1029,12 @@ filesystem = base # finger = module -# Layer: admin -# Module: firstboot +# Layer: services +# Module: firewalld # -# Final system configuration run during the first boot -# after installation of Red Hat/Fedora systems. +# firewalld is firewall service daemon that provides dynamic customizable # -firstboot = module +firewalld = module # Layer: apps # Module: firewallgui @@ -674,6 +1043,13 @@ firstboot = module # firewallgui = module +# Module: firstboot +# +# Final system configuration run during the first boot +# after installation of Red Hat/Fedora systems. +# +firstboot = module + # Layer: services # Module: fprintd # @@ -681,12 +1057,12 @@ firewallgui = module # fprintd = module -# Layer: system -# Module: fstools +# Layer: services +# Module: freqset # -# Tools for filesystem management, such as mkfs and fsck. -# -fstools = module +# Utility for CPU frequency scaling +# +freqset = module # Layer: services # Module: ftp @@ -702,12 +1078,33 @@ ftp = module # games = module -# Layer: system -# Module: getty +# Layer: apps +# Module: gitosis # -# Policy for getty. +# Policy for gitosis # -getty = module +gitosis = module + +# Layer: services +# Module: git +# +# Policy for the stupid content tracker +# +git = module + +# Layer: services +# Module: glance +# +# Policy for glance +# +glance = module + +# Layer: contrib +# Module: glusterd +# +# policy for glusterd service +# +glusterd = module # Layer: apps # Module: gnome @@ -716,68 +1113,75 @@ getty = module # gnome = module -# Layer: services -# Module: hddtemp +# Layer: apps +# Module: gpg # -# hddtemp hard disk temperature tool running as a daemon +# Policy for GNU Privacy Guard and related programs. # -hddtemp = module +gpg = module # Layer: services -# Module: passenger +# Module: gpm # -# Passenger +# General Purpose Mouse driver # -passenger = module +gpm = module -# Layer: services -# Module: policykit +# Module: gpsd +# +# gpsd monitor daemon # -# Hardware abstraction layer # -policykit = module +gpsd = module -# Layer: services -# Module: puppet +# Module: gssproxy +# +# A proxy for GSSAPI credential handling # -# A network tool for managing many disparate systems # -puppet = module +gssproxy = module -# Layer: apps -# Module: ptchown +# Layer: role +# Module: guest # -# helper function for grantpt(3), changes ownship and permissions of pseudotty +# Minimally privs guest account on tty logins # -ptchown = module +guest = module + +# Layer: role +# Module: xguest +# +# Minimally privs guest account on X Windows logins +# +xguest = module # Layer: services -# Module: psad +# Module: hddtemp # -# Analyze iptables log for hostile traffic +# hddtemp hard disk temperature tool running as a daemon # -psad = module +hddtemp = module -# Layer: apps -# Module: pwauth +# Layer: services +# Module: hostapd # -# External plugin for mod_authnz_external authenticator +# hostapd - IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator # -pwauth = module +hostapd = module # Layer: services -# Module: quantum +# Module: i18n_input # -# Quantum is a virtual network service for Openstack +# IIIMF htt server # -quantum = module +i18n_input = off -# Layer: system -# Module: hostname +# Layer: services +# Module: icecast # -# Policy for changing the system host name. +# ShoutCast compatible streaming media server # -hostname = module +icecast = module # Layer: services # Module: inetd @@ -786,13 +1190,6 @@ hostname = module # inetd = module -# Layer: system -# Module: init -# -# System initialization programs (init and init scripts). -# -init = module - # Layer: services # Module: inn # @@ -800,19 +1197,12 @@ init = module # inn = module -# Layer: system -# Module: iptables -# -# Policy for iptables. -# -iptables = module - -# Layer: system -# Module: ipsec +# Layer: services +# Module: lircd # -# TCP/IP encryption +# LIRC daemon - decodes infrared signals and provides them on a Unix domain socket. # -ipsec = module +lircd = module # Layer: apps # Module: irc @@ -835,19 +1225,12 @@ irqbalance = module # iscsi = module -# Layer: services -# Module: icecast +# Layer: system +# Module: isnsd # -# ShoutCast compatible streaming media server # -icecast = module - -# Layer: services -# Module: i18n_input -# -# IIIMF htt server # -i18n_input = off +isns = module # Layer: services # Module: jabber @@ -863,12 +1246,12 @@ jabber = module # jetty = module -# Layer: admin -# Module: kdump -# -# kdump is kernel crash dumping mechanism +# Layer: apps +# Module: jockey # -kdump = module +# policy for jockey-backend +# +jockey = module # Layer: apps # Module: kdumpgui @@ -877,12 +1260,12 @@ kdump = module # kdumpgui = module -# Layer: services -# Module: ksmtuned +# Layer: admin +# Module: kdump # -# Kernel Samepage Merging (KSM) Tuning Daemon +# kdump is kernel crash dumping mechanism # -ksmtuned = module +kdump = module # Layer: services # Module: kerberos @@ -891,13 +1274,40 @@ ksmtuned = module # kerberos = module -# Layer: kernel -# Module: kernel -# Required in base +# Layer: services +# Module: keepalived # -# Policy for kernel threads, proc filesystem,and unlabeled processes and objects. +# keepalived - load-balancing and high-availability service +# +keepalived = module + +# Module: keyboardd +# +# system-setup-keyboard is a keyboard layout daemon that monitors +# /etc/sysconfig/keyboard and writes out an xorg.conf.d snippet +# +keyboardd = module + +# Layer: services +# Module: keystone +# +# openstack-keystone +# +keystone = module + +# Layer: services +# Module: kismet +# +# Wireless sniffing and monitoring # -kernel = base +kismet = module + +# Layer: services +# Module: ksmtuned +# +# Kernel Samepage Merging (KSM) Tuning Daemon +# +ksmtuned = module # Layer: services # Module: ktalk @@ -911,7 +1321,7 @@ ktalk = module # # Layer 2 Tunnelling Protocol Daemon # -l2tpd = module +l2tp = module # Layer: services # Module: ldap @@ -927,12 +1337,19 @@ ldap = module # likewise = module -# Layer: system -# Module: libraries +# Layer: apps +# Module: livecd # -# Policy for system libraries. +# livecd creator # -libraries = module +livecd = module + +# Layer: services +# Module: lldpad +# +# lldpad - Link Layer Discovery Protocol (LLDP) agent daemon +# +lldpad = module # Layer: apps # Module: loadkeys @@ -941,13 +1358,6 @@ libraries = module # loadkeys = module -# Layer: system -# Module: locallogin -# -# Policy for local logins. -# -locallogin = module - # Layer: apps # Module: lockdev # @@ -955,13 +1365,6 @@ locallogin = module # lockdev = module -# Layer: system -# Module: logging -# -# Policy for the kernel message logger and system logging daemon. -# -logging = module - # Layer: admin # Module: logrotate # @@ -984,27 +1387,12 @@ logwatch = module lpd = module # Layer: services -# Module: lircd -# -# LIRC daemon - decodes infrared signals and provides them on a Unix domain socket. -# -lircd = module - -# Layer: system -# Module: lvm -# -# Policy for logical volume management programs. -# -lvm = module - -# Layer: services # Module: mailman # # Mailman is for managing electronic mail discussion and e-newsletter lists # mailman = module - # Layer: services # Module: mailman # @@ -1012,98 +1400,54 @@ mailman = module # mailscanner = module -# Layer: services -# Module: matahari -# -# Matahari system maangement tools +# Layer: apps +# Module: man2html +# +# policy for man2html apps # -matahari = module +man2html = module # Layer: admin # Module: mcelog # -# Policy for mcelog. -# -mcelog = module - -# Layer: kernel -# Module: mcs -# Required in base -# -# MultiCategory security policy -# -mcs = base - -# Layer: apps -# Module: mediawiki -# -# mediawiki -# -mediawiki = module - -# Layer: system -# Module: miscfiles -# -# Miscelaneous files. -# -miscfiles = module - -# Layer: kernel -# Module: mls -# Required in base -# -# Multilevel security policy -# -mls = base - -# Layer: services -# Module: mock -# -# Policy for mock rpm builder -# -mock = module - -# Layer: services -# Module: mojomojo -# -# Wiki server -# -mojomojo = module - -# Layer: system -# Module: modutils -# -# Policy for kernel module utilities +# Policy for mcelog. # -modutils = module +mcelog = module -# Layer: system -# Module: mount +# Layer: apps +# Module: mediawiki # -# Policy for mount. +# mediawiki # -mount = module +mediawiki = module -# Layer: apps -# Module: mozilla +# Layer: services +# Module: memcached # -# Policy for Mozilla and related web browsers +# high-performance memory object caching system # -mozilla = module +memcached = module # Layer: services -# Module: ntop +# Module: milter # -# Policy for ntop # -ntop = module +# +milter = module # Layer: services -# Module: nslcd +# Module: mip6d # -# Policy for nslcd +# UMIP Mobile IPv6 and NEMO Basic Support protocol implementation +# +mip6d = module + +# Layer: services +# Module: mock +# +# Policy for mock rpm builder # -nslcd = module +mock = module # Layer: services # Module: modemmanager @@ -1113,6 +1457,20 @@ nslcd = module modemmanager = module # Layer: services +# Module: mojomojo +# +# Wiki server +# +mojomojo = module + +# Layer: apps +# Module: mozilla +# +# Policy for Mozilla and related web browsers +# +mozilla = module + +# Layer: services # Module: mpd # # mpd - daemon for playing music @@ -1126,13 +1484,6 @@ mpd = module # mplayer = module -# Layer: apps -# Module: gpg -# -# Policy for Mozilla and related web browsers -# -gpg = module - # Layer: admin # Module: mrtg # @@ -1148,12 +1499,26 @@ mrtg = module mta = module # Layer: services +# Module: munin +# +# Munin +# +munin = module + +# Layer: services # Module: mysql # # Policy for MySQL # mysql = module +# Layer: contrib +# Module: mythtv +# +# Policy for Mythtv (Web Server) +# +mythtv = module + # Layer: services # Module: nagios # @@ -1161,12 +1526,12 @@ mysql = module # nagios = module -# Layer: admin -# Module: ncftool +# Layer: apps +# Module: namespace # -# Tool to modify the network configuration of a system -# -ncftool = module +# policy for namespace.init script +# +namespace = module # Layer: admin # Module: ncftool @@ -1175,13 +1540,6 @@ ncftool = module # ncftool = module -# Layer: admin -# Module: netutils -# -# Network analysis utilities -# -netutils = module - # Layer: services # Module: networkmanager # @@ -1190,12 +1548,25 @@ netutils = module networkmanager = module # Layer: services +# Module: ninfod +# +# Respond to IPv6 Node Information Queries +# +ninfod = module + +# Layer: services # Module: nis # # Policy for NIS (YP) servers and clients # nis = module +# Layer: services +# Module: nova +# +# openstack-nova +# +nova = module # Layer: services # Module: nscd @@ -1204,6 +1575,19 @@ nis = module # nscd = module +# Layer: services +# Module: nslcd +# +# Policy for nslcd +# +nslcd = module + +# Layer: services +# Module: ntop +# +# Policy for ntop +# +ntop = module # Layer: services # Module: ntp @@ -1213,6 +1597,13 @@ nscd = module ntp = module # Layer: services +# Module: numad +# +# numad - user-level daemon that provides advice and managment for optimum use of CPUs and memory on systems with NUMA topology +# +numad = module + +# Layer: services # Module: nut # # nut - Network UPS Tools @@ -1226,6 +1617,12 @@ nut = module # nx = module +# Layer: services +# Module: obex +# +# policy for obex-data-server +# +obex = module # Layer: services # Module: oddjob @@ -1241,6 +1638,33 @@ oddjob = module # openct = off +# Layer: service +# Module: openct +# +# Middleware framework for smart card terminals +# +openct = module + +# Layer: contrib +# Module: openshift-origin +# +# Origin version of openshift policy +# +openshift-origin = module +# Layer: contrib +# Module: openshift +# +# Core openshift policy +# +openshift = module + +# Layer: services +# Module: opensm +# +# InfiniBand subnet manager and administration (SM/SA) +# +opensm = module + # Layer: services # Module: openvpn # @@ -1248,20 +1672,52 @@ openct = off # openvpn = module +# Layer: contrib +# Module: openvswitch +# +# SELinux policy for openvswitch programs +# +openvswitch = module -# Layer: service -# Module: pcscd +# Layer: services +# Module: openwsman # -# PC/SC Smart Card Daemon +# WS-Management Server # -pcscd = module +openwsman = module -# Layer: service -# Module: openct -# -# Middleware framework for smart card terminals +# Layer: services +# Module: osad # -openct = module +# Client-side service written in Python that responds to pings +# +osad = module + +# Layer: contrib +# Module: prelude +# +# SELinux policy for prelude +# +prelude = module + +# Layer: contrib +# Module: prosody +# +# SELinux policy for prosody flexible communications server for Jabber/XMPP +# +prosody = module + +# Layer: services +# Module: pads +# +pads = module + +# Layer: services +# Module: passenger +# +# Passenger +# +passenger = module # Layer: system # Module: pcmcia @@ -1270,6 +1726,20 @@ openct = module # pcmcia = module +# Layer: service +# Module: pcscd +# +# PC/SC Smart Card Daemon +# +pcscd = module + +# Layer: services +# Module: pdns +# +# PowerDNS DNS server +# +pdns = module + # Layer: services # Module: pegasus # @@ -1278,18 +1748,52 @@ pcmcia = module pegasus = module # Layer: services +# Module: pingd +# +# +pingd = module + +# Layer: services # Module: piranha # # piranha - various tools to administer and configure the Linux Virtual Server # piranha = module +# Layer: contrib +# Module: pkcs +# +# daemon manages PKCS#11 objects between PKCS#11-enabled applications +# +pkcs = module + # Layer: services -# Module: postgresql +# Module: plymouthd # -# PostgreSQL relational database +# Plymouth # -postgresql = module +plymouthd = module + +# Layer: apps +# Module: podsleuth +# +# Podsleuth probes, identifies, and exposes properties and metadata bound to iPods. +# +podsleuth = module + +# Layer: services +# Module: policykit +# +# Hardware abstraction layer +# +policykit = module + +# Layer: services +# Module: polipo +# +# polipo +# +polipo = module # Layer: services # Module: portmap @@ -1299,6 +1803,13 @@ postgresql = module portmap = module # Layer: services +# Module: portreserve +# +# reserve ports to prevent portmap mapping them +# +portreserve = module + +# Layer: services # Module: postfix # # Postfix email server @@ -1327,6 +1838,13 @@ ppp = module prelink = module # Layer: services +# Module: privoxy +# +# Privacy enhancing web proxy. +# +privoxy = module + +# Layer: services # Module: procmail # # Procmail mail delivery agent @@ -1334,25 +1852,39 @@ prelink = module procmail = module # Layer: services -# Module: privoxy +# Module: psad # -# Privacy enhancing web proxy. +# Analyze iptables log for hostile traffic +# +psad = module + +# Layer: apps +# Module: ptchown +# +# helper function for grantpt(3), changes ownship and permissions of pseudotty +# +ptchown = module + +# Layer: apps +# Module: pulseaudio +# +# The PulseAudio Sound System # -privoxy = module +pulseaudio = module # Layer: services -# Module: publicfile +# Module: puppet # -# publicfile supplies files to the public through HTTP and FTP +# A network tool for managing many disparate systems # -publicfile = module +puppet = module # Layer: apps -# Module: pulseaudio +# Module: pwauth # -# The PulseAudio Sound System +# External plugin for mod_authnz_external authenticator # -pulseaudio = module +pwauth = module # Layer: services # Module: qmail @@ -1368,6 +1900,13 @@ qmail = module # qpid = module +# Layer: services +# Module: quantum +# +# Quantum is a virtual network service for Openstack +# +quantum = module + # Layer: admin # Module: quota # @@ -1375,12 +1914,12 @@ qpid = module # quota = module -# Layer: system -# Module: raid +# Layer: services +# Module: rabbitmq # -# RAID array management tools -# -raid = module +# rabbitmq daemons +# +rabbitmq = module # Layer: services # Module: radius @@ -1396,6 +1935,27 @@ radius = module # radvd = module +# Layer: system +# Module: raid +# +# RAID array management tools +# +raid = module + +# Layer: services +# Module: rasdaemon +# +# The rasdaemon program is a daemon with monitors the RAS trace events from /sys/kernel/debug/tracing +# +rasdaemon = module + +# Layer: services +# Module: rdisc +# +# Network router discovery daemon +# +rdisc = module + # Layer: admin # Module: readahead # @@ -1403,12 +1963,19 @@ radvd = module # readahead = module -# Layer: services -# Module: rgmanager +# Layer: contrib +# Module: stapserver +# +# dbus system service which manages discovery and enrollment in realms and domains like Active Directory or IPA # -# Red Hat Resource Group Manager +realmd = module + +# Layer: services +# Module: remotelogin # -rgmanager = module +# Policy for rshd, rlogind, and telnetd. +# +remotelogin = module # Layer: services # Module: rhcs @@ -1418,34 +1985,13 @@ rgmanager = module rhcs = module # Layer: services -# Module: aisexec -# -# RHCS - Red Hat Cluster Suite +# Module: rhev # -aisexec = module - -# Layer: services -# Module: rgmanager +# rhev policy module contains policies for rhev apps # -# rgmanager -# -rgmanager = module +rhev = module # Layer: services -# Module: clogd -# -# clogd - clustered mirror log server -# -clogd = module - -# Layer: services -# Module: cmirrord -# -# cmirrord - daemon providing device-mapper-base mirrors in a shared-storege cluster -# -cmirrord = module - -# Layer: services # Module: rhgb # # X windows login display manager @@ -1453,18 +1999,11 @@ cmirrord = module rhgb = module # Layer: services -# Module: rdisc +# Module: rhsmcertd # -# Network router discovery daemon -# -rdisc = module - -# Layer: services -# Module: remotelogin +# Subscription Management Certificate Daemon policy # -# Policy for rshd, rlogind, and telnetd. -# -remotelogin = module +rhsmcertd = module # Layer: services # Module: ricci @@ -1488,6 +2027,13 @@ rlogin = module roundup = module # Layer: services +# Module: rpcbind +# +# universal addresses to RPC program number mapper +# +rpcbind = module + +# Layer: services # Module: rpc # # Remote Procedure Call Daemon for managment of network based process communication @@ -1501,7 +2047,6 @@ rpc = module # rpm = module - # Layer: services # Module: rshd # @@ -1509,6 +2054,13 @@ rpm = module # rshd = module +# Layer: apps +# Module: rssh +# +# Restricted (scp/sftp) only shell +# +rssh = module + # Layer: services # Module: rsync # @@ -1530,8 +2082,13 @@ rtkit = module # rwho = module -# Layer: services -# Module: samba +# Layer: apps +# Module: sambagui +# +# policy for system-config-samba +# +sambagui = module + # # SMB and CIFS client/server programs for UNIX and # name Service Switch daemon for resolving names @@ -1540,18 +2097,18 @@ rwho = module samba = module # Layer: apps -# Module: sambagui +# Module: sandbox # -# policy for system-config-samba +# Policy for running apps within a sandbox # -sambagui = module +sandbox = module # Layer: apps # Module: sandbox # -# Experimental policy for running apps within a sandbox +# Policy for running apps within a X sandbox # -sandbox = module +sandboxX = module # Layer: services # Module: sanlock @@ -1567,6 +2124,13 @@ sanlock = module # sasl = module +# Layer: services +# Module: sblim +# +# sblim +# +sblim = module + # Layer: apps # Module: screen # @@ -1574,20 +2138,12 @@ sasl = module # screen = module -# Layer: kernel -# Module: selinux -# Required in base -# -# Policy for kernel security interface, in particular, selinuxfs. -# -selinux = base - -# Layer: system -# Module: selinuxutil +# Layer: admin +# Module: sectoolm # -# Policy for SELinux policy and userland applications. +# Policy for sectool-mechanism # -selinuxutil = module +sectoolm = module # Layer: services # Module: sendmail @@ -1596,48 +2152,47 @@ selinuxutil = module # sendmail = module -# Layer: apps -# Module: seunshare +# Layer: contrib +# Module: sensord +# +# Sensor information logging daemon # -# seunshare executable -# -seunshare = module +sensord = module -# Layer: admin -# Module: shorewall +# Layer: services +# Module: setroubleshoot # -# Policy for shorewall +# Policy for the SELinux troubleshooting utility # -shorewall = module +setroubleshoot = module -# Layer: admin -# Module: shutdown -# -# Policy for shutdown +# Layer: services +# Module: sge # -shutdown = module +# policy for grindengine MPI jobs +# +sge = module # Layer: admin -# Module: sectoolm +# Module: shorewall # -# Policy for sectool-mechanism +# Policy for shorewall # -sectoolm = module +shorewall = module -# Layer: system -# Module: setrans -# Required in base +# Layer: apps +# Module: slocate # -# Policy for setrans +# Update database for mlocate # -setrans = module +slocate = module -# Layer: services -# Module: setroubleshoot +# Layer: contrib +# Module: slpd +# +# OpenSLP server daemon to dynamically register services # -# Policy for the SELinux troubleshooting utility -# -setroubleshoot = module +slpd = module # Layer: services # Module: slrnpull @@ -1646,13 +2201,6 @@ setroubleshoot = module # slrnpull = off -# Layer: apps -# Module: slocate -# -# Update database for mlocate -# -slocate = module - # Layer: services # Module: smartmon # @@ -1682,75 +2230,88 @@ smoltclient = module snmp = module # Layer: services -# Module: spamassassin +# Module: snort # -# Filter used for removing unsolicited email. +# Snort network intrusion detection system # -spamassassin = module +snort = module -# Layer: services -# Module: squid +# Layer: admin +# Module: sosreport # -# Squid caching http proxy server +# sosreport debuggin information generator # -squid = module +sosreport = module # Layer: services -# Module: ssh +# Module: soundserver # -# Secure shell client and server policy. +# sound server for network audio server programs, nasd, yiff, etc # -ssh = module +soundserver = module # Layer: services -# Module: sssd +# Module: spamassassin # -# System Security Services Daemon +# Filter used for removing unsolicited email. # -sssd = module +spamassassin = module -# Layer: kernel -# Module: storage +# Layer: services +# Module: speech-dispatcher # -# Policy controlling access to storage devices -# -storage = base +# speech-dispatcher - server process managing speech requests in Speech Dispatcher +# +speech-dispatcher = module # Layer: services -# Module: stunnel +# Module: squid # -# SSL Tunneling Proxy +# Squid caching http proxy server # -stunnel = module +squid = module -# Layer: admin -# Module: su +# Layer: services +# Module: sssd # -# Run shells with substitute user and group +# System Security Services Daemon # -su = module +sssd = module -# Layer: admin -# Module: sudo +# Layer: services +# Module: sslh # -# Execute a command with a substitute user +# Applicative protocol(SSL/SSH) multiplexer # -sudo = module +sslh = module -# Layer: system -# Module: systemd +# Layer: contrib +# Module: stapserver +# +# Instrumentation System Server +# +stapserver = module + +# Layer: services +# Module: stunnel # -# Policy for systemd components +# SSL Tunneling Proxy # -systemd = module +stunnel = module -# Layer: system -# Module: sysnetwork -# -# Policy for network configuration: ifconfig and dhcp client. +# Layer: services +# Module: svnserve +# +# policy for subversion service # -sysnetwork = module +svnserve = module +# Layer: services +# Module: swift +# +# openstack-swift +# +swift = module # Layer: services # Module: sysstat @@ -1773,6 +2334,27 @@ tcpd = module # tcsd = module +# Layer: apps +# Module: telepathy +# +# telepathy - Policy for Telepathy framework +# +telepathy = module + +# Layer: services +# Module: telnet +# +# Telnet daemon +# +telnet = module + +# Layer: services +# Module: tftp +# +# Trivial file transfer protocol daemon +# +tftp = module + # Layer: services # Module: tgtd # @@ -1787,41 +2369,46 @@ tgtd = module # thumb = module -# Layer: system -# Module: udev -# -# Policy for udev. -# -udev = module - # Layer: services -# Module: usbmuxd +# Module: timidity # -# Daemon for communicating with Apple's iPod Touch and iPhone +# MIDI to WAV converter and player configured as a service # -usbmuxd = module +timidity = off -# Layer: system -# Module: userdomain +# Layer: admin +# Module: tmpreaper # -# Policy for user domains +# Manage temporary directory sizes and file ages # -userdomain = module +tmpreaper = module -# Layer: system -# Module: unconfined +# Layer: contrib +# Module: glusterd +# +# policy for tomcat service # -# The unconfined domain. +tomcat = module +# Layer: services +# Module: tor +# +# TOR, the onion router # -unconfined = module - +tor = module -# Layer: kernel -# Module: unconfined +# Layer: services +# Module: tuned # -# The unlabelednet module. +# Dynamic adaptive system tuning daemon # -unlabelednet = module +tuned = module + +# Layer: apps +# Module: tvtime +# +# tvtime - a high quality television application +# +tvtime = module # Layer: services # Module: ulogd @@ -1830,117 +2417,110 @@ unlabelednet = module # ulogd = module -# Layer: services -# Module: vdagent +# Layer: apps +# Module: uml # -# vdagent +# Policy for UML # -vdagent = module +uml = module -# Layer: services -# Module: vhostmd +# Layer: admin +# Module: updfstab # -# vhostmd - spice guest agent daemon. +# Red Hat utility to change /etc/fstab. # -vhostmd = module +updfstab = module -# Layer: apps -# Module: vhostmd +# Layer: admin +# Module: usbmodules # -# vlock - Virtual Console lock program +# List kernel modules of USB devices # -vlock = module +usbmodules = module # Layer: services -# Module: wdmd +# Module: usbmuxd # -# wdmd policy +# Daemon for communicating with Apple's iPod Touch and iPhone # -wdmd = module +usbmuxd = module # Layer: apps -# Module: wine +# Module: userhelper # -# wine executable +# A helper interface to pam. # -wine = module +userhelper = module # Layer: apps -# Module: wireshark +# Module: usernetctl # -# wireshark executable +# User network interface configuration helper # -wireshark = module +usernetctl = module -# Layer: apps -# Module: telepathy +# Layer: services +# Module: uucp # -# telepathy - Policy for Telepathy framework +# Unix to Unix Copy # -telepathy = module +uucp = module -# Layer: apps -# Module: userhelper +# Layer: services +# Module: uuidd # -# A helper interface to pam. +# UUID generation daemon # -userhelper = module +uuidd = module # Layer: services -# Module: tor +# Module: varnishd # -# TOR, the onion router +# Varnishd http accelerator daemon # -tor = module +varnishd = module -# Layer: apps -# Module: tvtime +# Layer: services +# Module: vdagent # -# tvtime - a high quality television application +# vdagent # -tvtime = module +vdagent = module -# Layer: apps -# Module: uml +# Layer: services +# Module: vhostmd # -# Policy for UML +# vhostmd - spice guest agent daemon. # -uml = module +vhostmd = module -# Layer: admin -# Module: usbmodules +# Layer: services +# Module: virt # -# List kernel modules of USB devices +# Virtualization libraries # -usbmodules = module +virt = module # Layer: apps -# Module: usernetctl -# -# User network interface configuration helper -# -usernetctl = module - -# Layer: system -# Module: xen +# Module: vhostmd # -# virtualization software +# vlock - Virtual Console lock program # -xen = module +vlock = module # Layer: services -# Module: varnishd +# Module: vmtools # -# Varnishd http accelerator daemon -# -varnishd = module +# VMware Tools daemon +# +vmtools = module -# Layer: services -# Module: virt +# Layer: apps +# Module: vmware # -# Virtualization libraries +# VMWare Workstation virtual machines # -virt = module +vmware = module # Layer: services # Module: vnstatd @@ -1949,68 +2529,68 @@ virt = module # vnstatd = module -# Layer: system -# Module: brctl +# Layer: admin +# Module: vpn # -# Utilities for configuring the linux ethernet bridge +# Virtual Private Networking client # -brctl = module +vpn = module # Layer: services -# Module: telnet +# Module: w3c # -# Telnet daemon +# w3c # -telnet = module +w3c = module # Layer: services -# Module: timidity +# Module: wdmd # -# MIDI to WAV converter and player configured as a service +# wdmd policy # -timidity = off +wdmd = module -# Layer: services -# Module: tftp +# Layer: role +# Module: webadm # -# Trivial file transfer protocol daemon +# Minimally prived root role for managing apache # -tftp = module +webadm = module -# Layer: services -# Module: tuned -# -# Dynamic adaptive system tuning daemon +# Layer: apps +# Module: webalizer # -tuned = module +# Web server log analysis +# +webalizer = module -# Layer: services -# Module: uucp +# Layer: apps +# Module: wine # -# Unix to Unix Copy +# wine executable # -uucp = module +wine = module -# Layer: services -# Module: uuidd +# Layer: apps +# Module: wireshark # -# UUID generation daemon +# wireshark executable # -uuidd = module +wireshark = module -# Layer: apps -# Module: webalizer +# Layer: system +# Module: xen # -# Web server log analysis +# virtualization software # -webalizer = module +xen = module # Layer: services -# Module: xserver +# Module: zabbix # -# X windows login display manager -# -xserver = module +# Open-source monitoring solution for your IT infrastructure +# +zabbix = module # Layer: services # Module: zarafa @@ -2033,540 +2613,565 @@ zebra = module # zoneminder = module -# Layer: admin -# Module: usermanage -# -# Policy for managing user accounts. -# -usermanage = module - -# Layer: admin -# Module: updfstab +# Layer: services +# Module: zosremote # -# Red Hat utility to change /etc/fstab. +# policy for z/OS Remote-services Audit dispatcher plugin # -updfstab = module +zosremote = module -# Layer: admin -# Module: vpn -# -# Virtual Private Networking client +# Layer: contrib +# Module: thin # -vpn = module - -# Layer: kernel -# Module: terminal -# Required in base -# -# Policy for terminals. +# Policy for thin # -terminal = base +thin = module -# Layer: admin -# Module: tmpreaper -# -# Manage temporary directory sizes and file ages +# Layer: contrib +# Module: mandb # -tmpreaper = module - -# Layer: admin -# Module: amtu -# -# Abstract Machine Test Utility (AMTU) +# Policy for mandb # -amtu = module +mandb = module # Layer: services -# Module: zabbix +# Module: pki # -# Open-source monitoring solution for your IT infrastructure +# policy for pki # -zabbix = module +pki = module # Layer: services -# Module: apcupsd +# Module: smsd # -# daemon for most APC’s UPS for Linux +# policy for smsd # -apcupsd = module +smsd = module -# Layer: services -# Module: aide +# Layer: contrib +# Module: pesign # -# Policy for aide -# -aide = module - -# Layer: services -# Module: w3c +# policy for pesign # -# w3c -# -w3c = module +pesign = module -# Layer: services -# Module: plymouthd +# Layer: contrib +# Module: nsd # -# Plymouth -# -plymouthd = module +# Fast and lean authoritative DNS Name Server +# +nsd = module -# Layer: services -# Module: portreserve +# Layer: contrib +# Module: iodine # -# reserve ports to prevent portmap mapping them -# -portreserve = module +# Fast and lean authoritative DNS Name Server +# +iodine = module -# Layer: services -# Module: rpcbind +# Layer: contrib +# Module: openhpid +# +# OpenHPI daemon runs as a background process and accepts connecti # -# universal addresses to RPC program number mapper +openhpid = module + +# Layer: contrib +# Module: watchdog # -rpcbind = module +# Watchdog policy +# +watchdog = module -# Layer: apps -# Module: rssh +# Layer: contrib +# Module: oracleasm +# +# oracleasm policy # -# Restricted (scp/sftp) only shell +oracleasm = module + +# Layer: contrib +# Module: redis # -rssh = module +# redis policy +# +redis = module -# Layer: apps -# Module: vmware +# Layer: contrib +# Module: hypervkvp +# +# hypervkvp policy # -# VMWare Workstation virtual machines +hypervkvp = module + +# Layer: contrib +# Module: lsm # -vmware = module +# lsm policy +# +lsm = module -# Layer: role -# Module: dbadm +# Layer: contrib +# Module: motion # -# Minimally prived root role for managing databases -# -dbadm = module +# Daemon for detect motion using a video4linux device +motion = module -# Layer: role -# Module: logadm +# Layer: contrib +# Module: rtas +# +# rtas policy # -# Minimally prived root role for managing logging system +rtas = module + +# Layer: contrib +# Module: journalctl # -logadm = module +# journalctl policy +# +journalctl = module -# Layer: role -# Module: secadm +# Layer: contrib +# Module: gdomap +# +# gdomap policy # -# secadm account on tty logins +gdomap = module + +# Layer: contrib +# Module: minidlna # -secadm = module +# minidlna policy +# +minidlna = module -# Layer: role -# Module: auditadm +# Layer: contrib +# Module: minissdpd +# +# minissdpd policy # -# auditadm account on tty logins +minissdpd = module + +# Layer: contrib +# Module: freeipmi # -auditadm = module +# Remote-Console (out-of-band) and System Management Software (in-band) +# based on IntelligentPlatform Management Interface specification +# +freeipmi = module +# Layer: contrib +# Module: mirrormanager +# +# mirrormanager policy +# +mirrormanager = module -# Layer: role -# Module: webadm +# Layer: contrib +# Module: snapper +# +# snapper policy # -# Minimally prived root role for managing apache +snapper = module + +# Layer: contrib +# Module: pcp # -webadm = module +# pcp policy +# +pcp = module +# Layer: contrib +# Module: geoclue # -# Layer: services -# Module: exim +# Add policy for Geoclue. Geoclue is a D-Bus service that provides location information # -# exim mail server -# -exim = module +geoclue = module - -# Layer: services -# Module: kismet +# Layer: contrib +# Module: rkhunter # -# Wireless sniffing and monitoring -# -kismet = module - -# Layer: services -# Module: munin +# rkhunter policy for /var/lib/rkhunter # -# Munin -# -munin = module +rkhunter = module -# Layer: services -# Module: bitlbee +# Layer: contrib +# Module: bacula # -# An IRC to other chat networks gateway -# -bitlbee = module - -# Layer: admin -# Module: sosreport +# bacula policy # -# sosreport debuggin information generator -# -sosreport = module +bacula = module -# Layer: services -# Module: soundserver +# Layer: contrib +# Module: rhnsd # -# sound server for network audio server programs, nasd, yiff, etc -# -soundserver = module - -# Layer: role -# Module: unconfineduser +# rhnsd policy # -# The unconfined user domain. -# -unconfineduser = module +rhnsd = module -# Module: staff +# Layer: contrib +# Module: mongodb +# +# mongodb policy # -# admin account -# -staff = module -# Layer:role -# Module: sysadm +mongodb = module + +# Layer: contrib +# Module: iotop +# +# iotop policy # -# System Administrator -# -sysadm = module -# Layer:role -# Module: sysadm_secadm +iotop = module + +# Layer: contrib +# Module: kmscon +# +# kmscon policy # -# System Administrator with Security Admin rules -# -sysadm_secadm = module -# Layer: role -# Module: unprivuser +kmscon = module + +# Layer: contrib +# Module: naemon # -# Minimally privs guest account on tty logins -# -unprivuser = module +# naemon policy +# +naemon = module -# Layer: services -# Module: prelude +# Layer: contrib +# Module: brltty # -prelude = module +# brltty policy +# +brltty = module -# Layer: services -# Module: pads +# Layer: contrib +# Module: cpuplug # -pads = module +# cpuplug policy +# +cpuplug = module -# Layer: apps -# Module: podsleuth +# Layer: contrib +# Module: mon_statd # -# Podsleuth probes, identifies, and exposes properties and metadata bound to iPods. -# -podsleuth = module +# mon_statd policy +# +mon_statd = module + +# Layer: contrib +# Module: cinder +# +# openstack-cinder policy +# +cinder = module -# Layer: role -# Module: guest +# Layer: contrib +# Module: linuxptp # -# Minimally privs guest account on tty logins -# -guest = module +# linuxptp policy +# +linuxptp = module -# Layer: role -# Module: xguest +# Layer: contrib +# Module: rolekit # -# Minimally privs guest account on X Windows logins -# -xguest = module +# rolekit policy +# +rolekit = module -# Layer: services -# Module: cgroup +# Layer: contrib +# Module: targetd # -# Tools and libraries to control and monitor control groups -# -cgroup = module +# targetd policy +# +targetd = module -# Layer: services -# Module: courier +# Layer: contrib +# Module: hsqldb # -# IMAP and POP3 email servers -# -courier = module +# Hsqldb is transactional database engine with in-memory and disk-based tables, supporting embedded and server modes. +# +hsqldb = module -# Layer: services -# Module: denyhosts +# Layer: contrib +# Module: blkmapd # -# script to help thwart ssh server attacks -# -denyhosts = module +# The blkmapd daemon performs device discovery and mapping for pNFS block layout client. +# +blkmapd = module -# Layer: apps -# Module: livecd +# Layer: contrib +# Module: pkcs11proxyd # -# livecd creator -# -livecd = module +# pkcs11proxyd policy +# +pkcs11proxyd = module -# Layer: services -# Module: snort +# Layer: contrib +# Module: ipmievd # -# Snort network intrusion detection system -# -snort = module +# IPMI event daemon for sending events to syslog +# +ipmievd = module -# Layer: services -# Module: memcached +# Layer: contrib +# Module: openfortivpn # -# high-performance memory object caching system -# -memcached = module +# Fortinet compatible SSL VPN daemons. +# +openfortivpn = module -# Layer: system -# Module: netlabel +# Layer: contrib +# Module: fwupd # -# Basic netlabel types and interfaces. -# -netlabel = module +# fwupd is a daemon to allow session software to update device firmware. +# +fwupd = module -# Layer: services -# Module: zosremote +# Layer: contrib +# Module: lttng-tools # -# policy for z/OS Remote-services Audit dispatcher plugin -# -zosremote = module +# LTTng 2.x central tracing registry session daemon. +# +lttng-tools = module -# Layer: services -# Module: pingd +# Layer: contrib +# Module: rkt # -# -pingd = module +# CLI for running app containers +# +rkt = module -# Layer: services -# Module: milter +# Layer: contrib +# Module: opendnssec # -# -# -milter = module +# opendnssec +# +opendnssec = module -# Layer: services -# Module: keyboardd +# Layer: contrib +# Module: hwloc # -# system-setup-keyboard is a keyboard layout daemon that monitors -# /etc/sysconfig/keyboard and writes out an xorg.conf.d snippet +# hwloc # -keyboardd = module +hwloc = module -# Layer: services -# Module: keystone +# Layer: contrib +# Module: sbd # -# openstack-keystone +# sbd # -keystone = module +sbd = module -# Layer: services -# Module: firewalld +# Layer: contrib +# Module: tlp # -# firewalld is firewall service daemon that provides dynamic customizable -# -firewalld = module +# tlp +# +tlp = module -# Layer: apps -# Module: namespace +# Layer: contrib +# Module: conntrackd # -# policy for namespace.init script +# conntrackd # -namespace = module +conntrackd = module -# Layer: services -# Module: rhev +# Layer: contrib +# Module: tangd # -# rhev policy module contains policies for rhev apps +# tangd # -rhev = module +tangd = module -# Layer: services -# Module: dspam +# Layer: contrib +# Module: ibacm # -# dspam - library and Mail Delivery Agent for Bayesian SPAM filtering +# ibacm # -dspam = module +ibacm = module -# Layer: services -# Module: lldpad +# Layer: contrib +# Module: opafm # -# lldpad - Link Layer Discovery Protocol (LLDP) agent daemon +# opafm # -lldpad = module +opafm = module -# Layer: services -# Module: rhsmcertd +# Layer: contrib +# Module: boltd # -# Subscription Management Certificate Daemon policy +# boltd # -rhsmcertd = module +boltd = module -# Layer: services -# Module: ctdbd +# Layer: contrib +# Module: kpatch # -# ctdbd - The CTDB cluster daemon +# kpatch # -ctdbd = module +kpatch = module -# Layer: services -# Module: fcoemon +# Layer: contrib +# Module: timedatex # -# fcoemon +# timedatex # -fcoemon = module +timedatex = module -# Layer: services -# Module: sblim +# Layer: contrib +# Module: rrdcached # -# sblim +# rrdcached # -sblim = module +rrdcached = module -# Layer: services -# Module: cfengine +# Layer: contrib +# Module: stratisd # -# cfengine +# stratisd # -cfengine = module +stratisd = module -# Layer: services -# Module: pacemaker +# Layer: contrib +# Module: ica # -# pacemaker +# ica # -pacemaker = module +ica = module -# Layer: services -# Module: polipo +# Layer: contrib +# Module: fedoratp # -# polipo +# fedoratp # -polipo = module +fedoratp = module -# Layer: services -# Module: nova +# Layer: contrib +# Module: insights_client # -# openstack-nova +# insights_client # -nova = module +insights_client = module -# Layer: services -# Module: rabbitmq +# Layer: contrib +# Module: stalld # -# rabbitmq daemons +# stalld # -rabbitmq = module +stalld = module -# Layer: services -# Module: cloudform -# -# cloudform daemons +# Layer: contrib +# Module: rhcd # -cloudform = module +# rhcd +# +rhcd = module -# Layer: services -# Module: obex -# -# policy for obex-data-server +# Layer: contrib +# Module: wireguard # -obex = module +# wireguard +# +wireguard = module -# Layer: services -# Module: sge -# -# policy for grindengine MPI jobs +# Layer: contrib +# Module: mptcpd # -sge = module +# mptcpd +# +mptcpd = module -# Layer: apps -# Module: jockey -# -# policy for jockey-backend +# Layer: contrib +# Module: rshim # -jockey = module +# rshim +# +rshim = module -# Layer: services -# Module: numad -# -# numad - user-level daemon that provides advice and managment for optimum use of CPUs and memory on systems with NUMA topology +# Layer: contrib +# Module: keyutils # -numad = module +# keyutils +# +keyutils = module -# Layer: services -# Module: condor -# -# policy for condor -# -condor = module +# Layer: contrib +# Module: cifsutils +# +# cifsutils - Utilities for managing CIFS mounts +# +cifsutils = module -# Layer: services -# Module: svnserve -# -# policy for subversion service -# -svnserve = module +# Layer: contrib +# Module: boothd +# +# boothd - Booth cluster ticket manager +# +boothd = module -# Layer: apps -# Module: man2html -# -# policy for man2html apps -# -man2html = module +# Layer: contrib +# Module: kafs +# +# kafs - Tools for kAFS +# +kafs = module # Layer: contrib -# Module: glusterd -# -# policy for glusterd service +# Module: bootupd # -glusterd = module +# bootupd - bootloader update daemon +# +bootupd = module # Layer: contrib -# Module: glusterd -# -# policy for tomcat service +# Module: fdo # -tomcat = module +# fdo - fido device onboard protocol for IoT devices +# +fdo = module # Layer: contrib -# Module: php-fpm -# -# PHP-FPM is an alternative PHP FastCGI implementation +# Module: qatlib +# +# qatlib - Intel QuickAssist technology library and resources management +# +qatlib = module + +# Layer: services +# Module: virt_supplementary # -phpfpm = module +# non-libvirt virtualization libraries +# +virt_supplementary = module # Layer: contrib -# Module: stapserver -# -# Instrumentation System Server +# Module: nvme_stas # -stapserver = module +# nvme_stas +# +nvme_stas = module # Layer: contrib -# Module: stapserver -# -# dbus system service which manages discovery and enrollment in realms and domains like Active Directory or IPA +# Module: coreos_installer # -realmd = module +# coreos_installer +# +coreos_installer = module # Layer: contrib -# Module: docker -# -# The open-source application container engine +# Module: afterburn # -docker = module +# afterburn +# +afterburn = module # Layer: contrib -# Module: ica +# Module: sap # -# ica +# sap # -ica = module +sap = module diff --git a/selinux-policy.spec b/selinux-policy.spec index 4bedeee..d615032 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -21,18 +21,16 @@ Version: 41.8 Release: 1%{?dist} License: GPL-2.0-or-later Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz -Source1: modules-targeted-base.conf -Source31: modules-targeted-contrib.conf +Source1: modules-targeted.conf Source2: booleans-targeted.conf Source3: Makefile.devel Source4: setrans-targeted.conf -Source5: modules-mls-base.conf -Source32: modules-mls-contrib.conf +Source5: modules-mls.conf Source6: booleans-mls.conf Source8: setrans-mls.conf Source14: securetty_types-targeted Source15: securetty_types-mls -#Source16: modules-minimum.conf +Source16: modules-minimum.lst Source17: booleans-minimum.conf Source18: setrans-minimum.conf Source19: securetty_types-minimum @@ -182,12 +180,7 @@ cp -f selinux_config/users-%1 ./policy/users \ #cp -f selinux_config/modules-%1-base.conf ./policy/modules.conf \ %define makeModulesConf() \ -cp -f selinux_config/modules-%1-%2.conf ./policy/modules-base.conf \ -cp -f selinux_config/modules-%1-%2.conf ./policy/modules.conf \ -if [ %3 == "contrib" ];then \ - cp selinux_config/modules-%1-%3.conf ./policy/modules-contrib.conf; \ - cat selinux_config/modules-%1-%3.conf >> ./policy/modules.conf; \ -fi; \ +cp -f selinux_config/modules-%1.conf ./policy/modules.conf %define installCmds() \ %make_build %common_params UNK_PERMS=%3 NAME=%1 TYPE=%2 base.pp \ @@ -263,8 +256,7 @@ rm -f %{buildroot}%{_sharedstatedir}/selinux/%1/active/*.linked \ %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/staff_u \ %dir %{_datadir}/selinux/%1 \ %{_datadir}/selinux/%1/base.lst \ -%{_datadir}/selinux/%1/modules-base.lst \ -%{_datadir}/selinux/%1/modules-contrib.lst \ +%{_datadir}/selinux/%1/modules.lst \ %{_datadir}/selinux/%1/nonbasemodules.lst \ %dir %{_sharedstatedir}/selinux/%1 \ %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/commit_num \ @@ -337,16 +329,12 @@ else \ fi; %define modulesList() \ -awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "%%s ", $1 }' ./policy/modules-base.conf > %{buildroot}%{_datadir}/selinux/%1/modules-base.lst \ -awk '$1 !~ "/^#/" && $2 == "=" && $3 == "base" { printf "%%s ", $1 }' ./policy/modules-base.conf > %{buildroot}%{_datadir}/selinux/%1/base.lst \ -if [ -e ./policy/modules-contrib.conf ];then \ - awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "%%s ", $1 }' ./policy/modules-contrib.conf > %{buildroot}%{_datadir}/selinux/%1/modules-contrib.lst; \ -fi; +awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "%%s ", $1 }' ./policy/modules.conf > %{buildroot}%{_datadir}/selinux/%1/modules.lst \ +awk '$1 !~ "/^#/" && $2 == "=" && $3 == "base" { printf "%%s ", $1 }' ./policy/modules.conf > %{buildroot}%{_datadir}/selinux/%1/base.lst \ %define nonBaseModulesList() \ -contrib_modules=`cat %{buildroot}%{_datadir}/selinux/%1/modules-contrib.lst` \ -base_modules=`cat %{buildroot}%{_datadir}/selinux/%1/modules-base.lst` \ -for i in $contrib_modules $base_modules; do \ +modules=`cat %{buildroot}%{_datadir}/selinux/%1/modules.lst` \ +for i in $modules; do \ if [ $i != "sandbox" ];then \ echo "%verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/modules/100/$i" >> %{buildroot}%{_datadir}/selinux/%1/nonbasemodules.lst \ fi; \ @@ -419,7 +407,7 @@ end tar -C policy/modules/contrib -xf %{SOURCE35} mkdir selinux_config -for i in %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} %{SOURCE8} %{SOURCE14} %{SOURCE15} %{SOURCE17} %{SOURCE18} %{SOURCE19} %{SOURCE20} %{SOURCE22} %{SOURCE23} %{SOURCE25} %{SOURCE26} %{SOURCE31} %{SOURCE32};do +for i in %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} %{SOURCE8} %{SOURCE14} %{SOURCE15} %{SOURCE17} %{SOURCE18} %{SOURCE19} %{SOURCE20} %{SOURCE22} %{SOURCE23} %{SOURCE25} %{SOURCE26};do cp $i selinux_config done @@ -452,7 +440,7 @@ make clean %if %{with targeted} # Build targeted policy %makeCmds targeted mcs allow -%makeModulesConf targeted base contrib +%makeModulesConf targeted %installCmds targeted mcs allow # install permissivedomains.cil %{_sbindir}/semodule -p %{buildroot} -X 100 -s targeted -i %{SOURCE28} @@ -467,9 +455,10 @@ mv sandbox.pp %{buildroot}%{_datadir}/selinux/packages/sandbox.pp %if %{with minimum} # Build minimum policy %makeCmds minimum mcs allow -%makeModulesConf targeted base contrib +%makeModulesConf targeted %installCmds minimum mcs allow rm -rf %{buildroot}%{_sharedstatedir}/selinux/minimum/active/modules/100/sandbox +install -m 644 %{SOURCE16} %{buildroot}%{_datadir}/selinux/minimum/modules-enabled.lst %modulesList minimum %nonBaseModulesList minimum %endif @@ -477,7 +466,7 @@ rm -rf %{buildroot}%{_sharedstatedir}/selinux/minimum/active/modules/100/sandbox %if %{with mls} # Build mls policy %makeCmds mls mls deny -%makeModulesConf mls base contrib +%makeModulesConf mls %installCmds mls mls deny %modulesList mls %nonBaseModulesList mls @@ -697,16 +686,17 @@ fi %post minimum %checkConfigConsistency minimum -contribpackages=`cat %{_datadir}/selinux/minimum/modules-contrib.lst` -basepackages=`cat %{_datadir}/selinux/minimum/modules-base.lst` +modules=`cat %{_datadir}/selinux/minimum/modules.lst` +basemodules=`cat %{_datadir}/selinux/minimum/base.lst` +enabledmodules=`cat %{_datadir}/selinux/minimum/modules-enabled.lst` if [ ! -d %{_sharedstatedir}/selinux/minimum/active/modules/disabled ]; then mkdir %{_sharedstatedir}/selinux/minimum/active/modules/disabled fi if [ $1 -eq 1 ]; then -for p in $contribpackages; do +for p in $modules; do touch %{_sharedstatedir}/selinux/minimum/active/modules/disabled/$p done -for p in $basepackages apache dbus inetd kerberos mta nis; do +for p in $basemodules $enabledmodules; do rm -f %{_sharedstatedir}/selinux/minimum/active/modules/disabled/$p done %{_sbindir}/semanage import -S minimum -f - << __eof @@ -717,7 +707,7 @@ __eof %{_sbindir}/semodule -B -s minimum else instpackages=`cat %{_datadir}/selinux/minimum/instmodules.lst` -for p in $contribpackages; do +for p in $packages; do touch %{_sharedstatedir}/selinux/minimum/active/modules/disabled/$p done for p in $instpackages apache dbus inetd kerberos mta nis; do @@ -774,6 +764,7 @@ exit 0 %config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/unconfined_u %config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/sysadm_u %fileList minimum +%{_datadir}/selinux/minimum/modules-enabled.lst %endif %if %{with mls}