diff --git a/modules-minimum.lst b/modules-minimum.lst
new file mode 100644
index 0000000..c4252c8
--- /dev/null
+++ b/modules-minimum.lst
@@ -0,0 +1,50 @@
+apache
+application
+auditadm
+authlogin
+base
+bootloader
+clock
+dbus
+dmesg
+fstools
+getty
+hostname
+inetd
+init
+ipsec
+iptables
+kerberos
+libraries
+locallogin
+logadm
+logging
+lvm
+miscfiles
+modutils
+mount
+mta
+netlabel
+netutils
+nis
+postgresql
+secadm
+selinuxutil
+setrans
+seunshare
+ssh
+staff
+su
+sudo
+sysadm
+sysadm_secadm
+sysnetwork
+systemd
+udev
+unconfined
+unconfineduser
+unlabelednet
+unprivuser
+userdomain
+usermanage
+xserver
diff --git a/modules-mls-base.conf b/modules-mls-base.conf
deleted file mode 100644
index 5b21a3e..0000000
--- a/modules-mls-base.conf
+++ /dev/null
@@ -1,380 +0,0 @@
-# Layer: kernel
-# Module: bootloader
-#
-# Policy for the kernel modules, kernel image, and bootloader.
-#
-bootloader = module
-
-# Layer: kernel
-# Module: corenetwork
-# Required in base
-#
-# Policy controlling access to network objects
-#
-corenetwork = base
-
-# Layer: admin
-# Module: dmesg
-#
-# Policy for dmesg.
-#
-dmesg = module
-
-# Layer: admin
-# Module: netutils
-#
-# Network analysis utilities
-#
-netutils = module
-
-# Layer: admin
-# Module: sudo
-#
-# Execute a command with a substitute user
-#
-sudo = module
-
-# Layer: admin
-# Module: su
-#
-# Run shells with substitute user and group
-#
-su = module
-
-# Layer: admin
-# Module: usermanage
-#
-# Policy for managing user accounts.
-#
-usermanage = module
-
-# Layer: apps
-# Module: seunshare
-#
-# seunshare executable
-#
-seunshare = module
-
-# Layer: kernel
-# Module: corecommands
-# Required in base
-#
-# Core policy for shells, and generic programs
-# in /bin, /sbin, /usr/bin, and /usr/sbin.
-#
-corecommands = base
-
-# Module: devices
-# Required in base
-#
-# Device nodes and interfaces for many basic system devices.
-#
-devices = base
-
-# Module: domain
-# Required in base
-#
-# Core policy for domains.
-#
-domain = base
-
-# Layer: system
-# Module: userdomain
-#
-# Policy for user domains
-#
-userdomain = module
-
-# Module: files
-# Required in base
-#
-# Basic filesystem types and interfaces.
-#
-files = base
-
-# Module: filesystem
-# Required in base
-#
-# Policy for filesystems.
-#
-filesystem = base
-
-# Module: kernel
-# Required in base
-#
-# Policy for kernel threads, proc filesystem,and unlabeled processes and objects.
-#
-kernel = base
-
-# Module: mcs
-# Required in base
-#
-# MultiCategory security policy
-#
-mcs = base
-
-# Module: mls
-# Required in base
-#
-# Multilevel security policy
-#
-mls = base
-
-# Module: selinux
-# Required in base
-#
-# Policy for kernel security interface, in particular, selinuxfs.
-#
-selinux = base
-
-# Layer: kernel
-# Module: storage
-#
-# Policy controlling access to storage devices
-#
-storage = base
-
-# Module: terminal
-# Required in base
-#
-# Policy for terminals.
-#
-terminal = base
-
-# Layer: kernel
-# Module: ubac
-#
-#
-#
-ubac = base
-
-# Layer: kernel
-# Module: unlabelednet
-#
-# The unlabelednet module.
-#
-unlabelednet = module
-
-# Layer: role
-# Module: auditadm
-#
-# auditadm account on tty logins
-#
-auditadm = module
-
-# Layer: role
-# Module: logadm
-#
-# Minimally prived root role for managing logging system
-#
-logadm = module
-
-# Layer: role
-# Module: secadm
-#
-# secadm account on tty logins
-#
-secadm = module
-
-# Layer:role
-# Module: staff
-#
-# admin account
-#
-staff = module
-
-# Layer:role
-# Module: sysadm_secadm
-#
-# System Administrator with Security Admin rules
-#
-sysadm_secadm = module
-
-# Layer:role
-# Module: sysadm
-#
-# System Administrator
-#
-sysadm = module
-
-# Layer: role
-# Module: unprivuser
-#
-# Minimally privs guest account on tty logins
-#
-unprivuser = module
-
-# Layer: services
-# Module: postgresql
-#
-# PostgreSQL relational database
-#
-postgresql = module
-
-# Layer: services
-# Module: ssh
-#
-# Secure shell client and server policy.
-#
-ssh = module
-
-# Layer: services
-# Module: xserver
-#
-# X windows login display manager
-#
-xserver = module
-
-# Module: application
-# Required in base
-#
-# Defines attributs and interfaces for all user applications
-#
-application = module
-
-# Layer: system
-# Module: authlogin
-#
-# Common policy for authentication and user login.
-#
-authlogin = module
-
-# Layer: system
-# Module: clock
-#
-# Policy for reading and setting the hardware clock.
-#
-clock = module
-
-# Layer: system
-# Module: fstools
-#
-# Tools for filesystem management, such as mkfs and fsck.
-#
-fstools = module
-
-# Layer: system
-# Module: getty
-#
-# Policy for getty.
-#
-getty = module
-
-# Layer: system
-# Module: hostname
-#
-# Policy for changing the system host name.
-#
-hostname = module
-
-# Layer: system
-# Module: init
-#
-# System initialization programs (init and init scripts).
-#
-init = module
-
-# Layer: system
-# Module: ipsec
-#
-# TCP/IP encryption
-#
-ipsec = module
-
-# Layer: system
-# Module: iptables
-#
-# Policy for iptables.
-#
-iptables = module
-
-# Layer: system
-# Module: libraries
-#
-# Policy for system libraries.
-#
-libraries = module
-
-# Layer: system
-# Module: locallogin
-#
-# Policy for local logins.
-#
-locallogin = module
-
-# Layer: system
-# Module: logging
-#
-# Policy for the kernel message logger and system logging daemon.
-#
-logging = module
-
-# Layer: system
-# Module: lvm
-#
-# Policy for logical volume management programs.
-#
-lvm = module
-
-# Layer: system
-# Module: miscfiles
-#
-# Miscelaneous files.
-#
-miscfiles = module
-
-# Layer: system
-# Module: modutils
-#
-# Policy for kernel module utilities
-#
-modutils = module
-
-# Layer: system
-# Module: mount
-#
-# Policy for mount.
-#
-mount = module
-
-# Layer: system
-# Module: netlabel
-#
-# Basic netlabel types and interfaces.
-#
-netlabel = module
-
-# Layer: system
-# Module: selinuxutil
-#
-# Policy for SELinux policy and userland applications.
-#
-selinuxutil = module
-
-# Module: setrans
-# Required in base
-#
-# Policy for setrans
-#
-setrans = module
-
-# Layer: system
-# Module: sysnetwork
-#
-# Policy for network configuration: ifconfig and dhcp client.
-#
-sysnetwork = module
-
-# Layer: system
-# Module: systemd
-#
-# Policy for systemd components
-#
-systemd = module
-
-# Layer: system
-# Module: udev
-#
-# Policy for udev.
-#
-udev = module
diff --git a/modules-mls-contrib.conf b/modules-mls-contrib.conf
deleted file mode 100644
index 93cbf0f..0000000
--- a/modules-mls-contrib.conf
+++ /dev/null
@@ -1,1574 +0,0 @@
-# Layer: services
-# Module: accountsd
-#
-# An application to view and modify user accounts information
-#
-accountsd = module
-
-# Layer: admin
-# Module: acct
-#
-# Berkeley process accounting
-#
-acct = module
-
-# Layer: services
-# Module: afs
-#
-# Andrew Filesystem server
-#
-afs = module
-
-# Layer: services
-# Module: aide
-#
-# Policy for aide
-#
-aide = module
-
-# Layer: admin
-# Module: alsa
-#
-# Ainit ALSA configuration tool
-#
-alsa = module
-
-# Layer: admin
-# Module: amanda
-#
-# Automated backup program.
-#
-amanda = module
-
-# Layer: contrib
-# Module: antivirus
-#
-# Anti-virus
-#
-antivirus = module
-
-# Layer: admin
-# Module: amtu
-#
-# Abstract Machine Test Utility (AMTU)
-#
-amtu = module
-
-# Layer: admin
-# Module: anaconda
-#
-# Policy for the Anaconda installer.
-#
-anaconda = module
-
-# Layer: services
-# Module: apache
-#
-# Apache web server
-#
-apache = module
-
-# Layer: services
-# Module: apcupsd
-#
-# daemon for most APC’s UPS for Linux
-#
-apcupsd = module
-
-# Layer: services
-# Module: apm
-#
-# Advanced power management daemon
-#
-apm = module
-
-# Layer: services
-# Module: arpwatch
-#
-# Ethernet activity monitor.
-#
-arpwatch = module
-
-# Layer: services
-# Module: automount
-#
-# Filesystem automounter service.
-#
-automount = module
-
-# Layer: services
-# Module: avahi
-#
-# mDNS/DNS-SD daemon implementing Apple ZeroConf architecture
-#
-avahi = module
-
-# Layer: modules
-# Module: awstats
-#
-# awstats executable
-#
-awstats = module
-
-# Layer: services
-# Module: bind
-#
-# Berkeley internet name domain DNS server.
-#
-bind = module
-
-# Layer: services
-# Module: bitlbee
-#
-# An IRC to other chat networks gateway
-#
-bitlbee = module
-
-# Layer: services
-# Module: bluetooth
-#
-# Bluetooth tools and system services.
-#
-bluetooth = module
-
-# Layer: services
-# Module: boinc
-#
-# Berkeley Open Infrastructure for Network Computing
-#
-boinc = module
-
-# Layer: system
-# Module: brctl
-#
-# Utilities for configuring the linux ethernet bridge
-#
-brctl = module
-
-# Layer: services
-# Module: bugzilla
-#
-# Bugzilla server
-#
-bugzilla = module
-
-# Layer: services
-# Module: cachefilesd
-#
-# CacheFiles userspace management daemon
-#
-cachefilesd = module
-
-# Module: calamaris
-#
-#
-# Squid log analysis
-#
-calamaris = module
-
-# Layer: services
-# Module: canna
-#
-# Canna - kana-kanji conversion server
-#
-canna = module
-
-# Layer: services
-# Module: ccs
-#
-# policy for ccs
-#
-ccs = module
-
-# Layer: apps
-# Module: cdrecord
-#
-# Policy for cdrecord
-#
-cdrecord = module
-
-# Layer: admin
-# Module: certmaster
-#
-# Digital Certificate master
-#
-certmaster = module
-
-# Layer: services
-# Module: certmonger
-#
-# Certificate status monitor and PKI enrollment client
-#
-certmonger = module
-
-# Layer: admin
-# Module: certwatch
-#
-# Digital Certificate Tracking
-#
-certwatch = module
-
-# Layer: services
-# Module: cgroup
-#
-# Tools and libraries to control and monitor control groups
-#
-cgroup = module
-
-# Layer: apps
-# Module: chrome
-#
-# chrome sandbox
-#
-chrome = module
-
-# Layer: services
-# Module: chronyd
-#
-# Daemon for maintaining clock time
-#
-chronyd = module
-
-# Layer: services
-# Module: cipe
-#
-# Encrypted tunnel daemon
-#
-cipe = module
-
-# Layer: services
-# Module: clogd
-#
-# clogd - clustered mirror log server
-#
-clogd = module
-
-# Layer: services
-# Module: cmirrord
-#
-# cmirrord - daemon providing device-mapper-base mirrors in a shared-storege cluster
-#
-cmirrord = module
-
-# Layer: services
-# Module: colord
-#
-# color device daemon
-#
-colord = module
-
-# Layer: services
-# Module: comsat
-#
-# Comsat, a biff server.
-#
-comsat = module
-
-# Layer: services
-# Module: courier
-#
-# IMAP and POP3 email servers
-#
-courier = module
-
-# Layer: services
-# Module: cpucontrol
-#
-# Services for loading CPU microcode and CPU frequency scaling.
-#
-cpucontrol = module
-
-# Layer: apps
-# Module: cpufreqselector
-#
-# cpufreqselector executable
-#
-cpufreqselector = module
-
-# Layer: services
-# Module: cron
-#
-# Periodic execution of scheduled commands.
-#
-cron = module
-
-# Layer: services
-# Module: cups
-#
-# Common UNIX printing system
-#
-cups = module
-
-# Layer: services
-# Module: cvs
-#
-# Concurrent versions system
-#
-cvs = module
-
-# Layer: services
-# Module: cyphesis
-#
-# cyphesis game server
-#
-cyphesis = module
-
-# Layer: services
-# Module: cyrus
-#
-# Cyrus is an IMAP service intended to be run on sealed servers
-#
-cyrus = module
-
-# Layer: system
-# Module: daemontools
-#
-# Collection of tools for managing UNIX services
-#
-daemontools = module
-
-# Layer: role
-# Module: dbadm
-#
-# Minimally prived root role for managing databases
-#
-dbadm = module
-
-# Layer: services
-# Module: dbskk
-#
-# Dictionary server for the SKK Japanese input method system.
-#
-dbskk = module
-
-# Layer: services
-# Module: dbus
-#
-# Desktop messaging bus
-#
-dbus = module
-
-# Layer: services
-# Module: dcc
-#
-# A distributed, collaborative, spam detection and filtering network.
-#
-dcc = module
-
-# Layer: admin
-# Module: ddcprobe
-#
-# ddcprobe retrieves monitor and graphics card information
-#
-ddcprobe = off
-
-# Layer: services
-# Module: devicekit
-#
-# devicekit-daemon
-#
-devicekit = module
-
-# Layer: services
-# Module: dhcp
-#
-# Dynamic host configuration protocol (DHCP) server
-#
-dhcp = module
-
-# Layer: services
-# Module: dictd
-#
-# Dictionary daemon
-#
-dictd = module
-
-# Layer: services
-# Module: distcc
-#
-# Distributed compiler daemon
-#
-distcc = off
-
-# Layer: admin
-# Module: dmidecode
-#
-# Decode DMI data for x86/ia64 bioses.
-#
-dmidecode = module
-
-# Layer: services
-# Module: dnsmasq
-#
-# A lightweight DHCP and caching DNS server.
-#
-dnsmasq = module
-
-# Layer: services
-# Module: dnssec
-#
-# A dnssec server application
-#
-dnssec = module
-
-# Layer: services
-# Module: dovecot
-#
-# Dovecot POP and IMAP mail server
-#
-dovecot = module
-
-# Layer: services
-# Module: entropy
-#
-# Generate entropy from audio input
-#
-entropyd = module
-
-# Layer: services
-# Module: exim
-#
-# exim mail server
-#
-exim = module
-
-# Layer: services
-# Module: fail2ban
-#
-# daiemon that bans IP that makes too many password failures
-#
-fail2ban = module
-
-# Layer: services
-# Module: fetchmail
-#
-# Remote-mail retrieval and forwarding utility
-#
-fetchmail = module
-
-# Layer: services
-# Module: finger
-#
-# Finger user information service.
-#
-finger = module
-
-# Layer: services
-# Module: firewalld
-#
-# firewalld is firewall service daemon that provides dynamic customizable
-#
-firewalld = module
-
-# Layer: apps
-# Module: firewallgui
-#
-# policy for system-config-firewall
-#
-firewallgui = module
-
-# Module: firstboot
-#
-# Final system configuration run during the first boot
-# after installation of Red Hat/Fedora systems.
-#
-firstboot = module
-
-# Layer: services
-# Module: fprintd
-#
-# finger print server
-#
-fprintd = module
-
-# Layer: services
-# Module: ftp
-#
-# File transfer protocol service
-#
-ftp = module
-
-# Layer: apps
-# Module: games
-#
-# The Open Group Pegasus CIM/WBEM Server.
-#
-games = module
-
-# Layer: apps
-# Module: gitosis
-#
-# Policy for gitosis
-#
-gitosis = module
-
-# Layer: services
-# Module: git
-#
-# Policy for the stupid content tracker
-#
-git = module
-
-# Layer: services
-# Module: glance
-#
-# Policy for glance
-#
-glance = module
-
-# Layer: apps
-# Module: gnome
-#
-# gnome session and gconf
-#
-gnome = module
-
-# Layer: apps
-# Module: gpg
-#
-# Policy for Mozilla and related web browsers
-#
-gpg = module
-
-# Layer: services
-# Module: gpm
-#
-# General Purpose Mouse driver
-#
-gpm = module
-
-# Module: gpsd
-#
-# gpsd monitor daemon
-#
-#
-gpsd = module
-
-# Module: gssproxy
-#
-# A proxy for GSSAPI credential handling
-#
-#
-gssproxy = module
-
-# Layer: role
-# Module: guest
-#
-# Minimally privs guest account on tty logins
-#
-guest = module
-
-# Layer: services
-# Module: i18n_input
-#
-# IIIMF htt server
-#
-i18n_input = off
-
-# Layer: services
-# Module: inetd
-#
-# Internet services daemon.
-#
-inetd = module
-
-# Layer: services
-# Module: inn
-#
-# Internet News NNTP server
-#
-inn = module
-
-# Layer: apps
-# Module: irc
-#
-# IRC client policy
-#
-irc = module
-
-# Layer: services
-# Module: irqbalance
-#
-# IRQ balancing daemon
-#
-irqbalance = module
-
-# Layer: system
-# Module: iscsi
-#
-# Open-iSCSI daemon
-#
-iscsi = module
-
-# Layer: services
-# Module: jabber
-#
-# Jabber instant messaging server
-#
-jabber = module
-
-# Layer: apps
-# Module: kdumpgui
-#
-# system-config-kdump policy
-#
-kdumpgui = module
-
-# Layer: admin
-# Module: kdump
-#
-# kdump is kernel crash dumping mechanism
-#
-kdump = module
-
-# Layer: services
-# Module: kerberos
-#
-# MIT Kerberos admin and KDC
-#
-kerberos = module
-
-# Layer: services
-# Module: kismet
-#
-# Wireless sniffing and monitoring
-#
-kismet = module
-
-# Layer: services
-# Module: ktalk
-#
-# KDE Talk daemon
-#
-ktalk = module
-
-# Layer: services
-# Module: ldap
-#
-# OpenLDAP directory server
-#
-ldap = module
-
-# Layer: services
-# Module: lircd
-#
-# LIRC daemon - decodes infrared signals and provides them on a Unix domain socket.
-#
-lircd = module
-
-# Layer: apps
-# Module: loadkeys
-#
-# Load keyboard mappings.
-#
-loadkeys = module
-
-# Layer: apps
-# Module: lockdev
-#
-# device locking policy for lockdev
-#
-lockdev = module
-
-# Layer: admin
-# Module: logrotate
-#
-# Rotate and archive system logs
-#
-logrotate = module
-
-# Layer: services
-# Module: logwatch
-#
-# logwatch executable
-#
-logwatch = module
-
-# Layer: services
-# Module: lpd
-#
-# Line printer daemon
-#
-lpd = module
-
-# Layer: services
-# Module: lsm
-#
-# lsm policy
-#
-lsm = module
-
-# Layer: services
-# Module: mailman
-#
-# Mailman is for managing electronic mail discussion and e-newsletter lists
-#
-mailman = module
-
-# Layer: admin
-# Module: mcelog
-#
-# mcelog is a daemon that collects and decodes Machine Check Exception data on x86-64 machines.
-#
-mcelog = module
-
-# Layer: services
-# Module: memcached
-#
-# high-performance memory object caching system
-#
-memcached = module
-
-# Layer: services
-# Module: milter
-#
-#
-#
-milter = module
-
-# Layer: services
-# Module: modemmanager
-#
-# Manager for dynamically switching between modems.
-#
-modemmanager = module
-
-# Layer: services
-# Module: mojomojo
-#
-# Wiki server
-#
-mojomojo = module
-
-# Layer: apps
-# Module: mozilla
-#
-# Policy for Mozilla and related web browsers
-#
-mozilla = module
-
-# Layer: apps
-# Module: mplayer
-#
-# Policy for Mozilla and related web browsers
-#
-mplayer = module
-
-# Layer: admin
-# Module: mrtg
-#
-# Network traffic graphing
-#
-mrtg = module
-
-# Layer: services
-# Module: mta
-#
-# Policy common to all email tranfer agents.
-#
-mta = module
-
-# Layer: services
-# Module: munin
-#
-# Munin
-#
-munin = module
-
-# Layer: services
-# Module: mysql
-#
-# Policy for MySQL
-#
-mysql = module
-
-# Layer: services
-# Module: nagios
-#
-# policy for nagios Host/service/network monitoring program
-#
-nagios = module
-
-# Layer: apps
-# Module: namespace
-#
-# policy for namespace.init script
-#
-namespace = module
-
-# Layer: admin
-# Module: ncftool
-#
-# Tool to modify the network configuration of a system
-#
-ncftool = module
-
-# Layer: services
-# Module: networkmanager
-#
-# Manager for dynamically switching between networks.
-#
-networkmanager = module
-
-# Layer: services
-# Module: nis
-#
-# Policy for NIS (YP) servers and clients
-#
-nis = module
-
-# Layer: services
-# Module: nscd
-#
-# Name service cache daemon
-#
-nscd = module
-
-# Layer: services
-# Module: nslcd
-#
-# Policy for nslcd
-#
-nslcd = module
-
-# Layer: services
-# Module: ntop
-#
-# Policy for ntop
-#
-ntop = module
-
-# Layer: services
-# Module: ntp
-#
-# Network time protocol daemon
-#
-ntp = module
-
-# Layer: services
-# Module: nx
-#
-# NX Remote Desktop
-#
-nx = module
-
-# Layer: services
-# Module: oddjob
-#
-# policy for oddjob
-#
-oddjob = module
-
-# Layer: services
-# Module: openct
-#
-# Service for handling smart card readers.
-#
-openct = off
-
-# Layer: service
-# Module: openct
-#
-# Middleware framework for smart card terminals
-#
-openct = module
-
-# Layer: services
-# Module: openvpn
-#
-# Policy for OPENVPN full-featured SSL VPN solution
-#
-openvpn = module
-
-# Layer: contrib
-# Module: prelude
-#
-# SELinux policy for prelude
-#
-prelude = module
-
-# Layer: contrib
-# Module: prosody
-#
-# SELinux policy for prosody flexible communications server for Jabber/XMPP
-#
-prosody = module
-
-# Layer: services
-# Module: pads
-#
-pads = module
-
-# Layer: system
-# Module: pcmcia
-#
-# PCMCIA card management services
-#
-pcmcia = module
-
-# Layer: service
-# Module: pcscd
-#
-# PC/SC Smart Card Daemon
-#
-pcscd = module
-
-# Layer: services
-# Module: pegasus
-#
-# The Open Group Pegasus CIM/WBEM Server.
-#
-pegasus = module
-
-
-# Layer: services
-# Module: pingd
-#
-#
-pingd = module
-
-# Layer: services
-# Module: piranha
-#
-# piranha - various tools to administer and configure the Linux Virtual Server
-#
-piranha = module
-
-# Layer: services
-# Module: plymouthd
-#
-# Plymouth
-#
-plymouthd = module
-
-# Layer: apps
-# Module: podsleuth
-#
-# Podsleuth probes, identifies, and exposes properties and metadata bound to iPods.
-#
-podsleuth = module
-
-# Layer: services
-# Module: policykit
-#
-# Hardware abstraction layer
-#
-policykit = module
-
-# Layer: services
-# Module: polipo
-#
-# polipo
-#
-polipo = module
-
-# Layer: services
-# Module: portmap
-#
-# RPC port mapping service.
-#
-portmap = module
-
-# Layer: services
-# Module: portreserve
-#
-# reserve ports to prevent portmap mapping them
-#
-portreserve = module
-
-# Layer: services
-# Module: postfix
-#
-# Postfix email server
-#
-postfix = module
-
-o# Layer: services
-# Module: postgrey
-#
-# email scanner
-#
-postgrey = module
-
-# Layer: services
-# Module: ppp
-#
-# Point to Point Protocol daemon creates links in ppp networks
-#
-ppp = module
-
-# Layer: admin
-# Module: prelink
-#
-# Manage temporary directory sizes and file ages
-#
-prelink = module
-
-unprivuser = module
-
-# Layer: services
-# Module: privoxy
-#
-# Privacy enhancing web proxy.
-#
-privoxy = module
-
-# Layer: services
-# Module: procmail
-#
-# Procmail mail delivery agent
-#
-procmail = module
-
-# Layer: services
-# Module: psad
-#
-# Analyze iptables log for hostile traffic
-#
-psad = module
-
-# Layer: apps
-# Module: ptchown
-#
-# helper function for grantpt(3), changes ownship and permissions of pseudotty
-#
-ptchown = module
-
-# Layer: apps
-# Module: pulseaudio
-#
-# The PulseAudio Sound System
-#
-pulseaudio = module
-
-# Layer: services
-# Module: qmail
-#
-# Policy for qmail
-#
-qmail = module
-
-# Layer: services
-# Module: qpidd
-#
-# Policy for qpidd
-#
-qpid = module
-
-# Layer: admin
-# Module: quota
-#
-# File system quota management
-#
-quota = module
-
-# Layer: services
-# Module: radius
-#
-# RADIUS authentication and accounting server.
-#
-radius = module
-
-# Layer: services
-# Module: radvd
-#
-# IPv6 router advertisement daemon
-#
-radvd = module
-
-# Layer: system
-# Module: raid
-#
-# RAID array management tools
-#
-raid = module
-
-# Layer: services
-# Module: rdisc
-#
-# Network router discovery daemon
-#
-rdisc = module
-
-# Layer: admin
-# Module: readahead
-#
-# Readahead, read files into page cache for improved performance
-#
-readahead = module
-
-# Layer: services
-# Module: remotelogin
-#
-# Policy for rshd, rlogind, and telnetd.
-#
-remotelogin = module
-
-# Layer: services
-# Module: rhcs
-#
-# RHCS - Red Hat Cluster Suite
-#
-rhcs = module
-
-# Layer: services
-# Module: rhgb
-#
-# X windows login display manager
-#
-rhgb = module
-
-# Layer: services
-# Module: ricci
-#
-# policy for ricci
-#
-ricci = module
-
-# Layer: services
-# Module: rlogin
-#
-# Remote login daemon
-#
-rlogin = module
-
-# Layer: services
-# Module: roundup
-#
-# Roundup Issue Tracking System policy
-#
-roundup = module
-
-# Layer: services
-# Module: rpcbind
-#
-# universal addresses to RPC program number mapper
-#
-rpcbind = module
-
-# Layer: services
-# Module: rpc
-#
-# Remote Procedure Call Daemon for managment of network based process communication
-#
-rpc = module
-
-# Layer: admin
-# Module: rpm
-#
-# Policy for the RPM package manager.
-#
-rpm = module
-
-# Layer: services
-# Module: rshd
-#
-# Remote shell service.
-#
-rshd = module
-
-# Layer: services
-# Module: rsync
-#
-# Fast incremental file transfer for synchronization
-#
-rsync = module
-
-# Layer: services
-# Module: rtkit
-#
-# Real Time Kit Daemon
-#
-rtkit = module
-
-# Layer: services
-# Module: rwho
-#
-# who is logged in on local machines
-#
-rwho = module
-
-# Layer: apps
-# Module: sambagui
-#
-# policy for system-config-samba
-#
-sambagui = module
-
-#
-# SMB and CIFS client/server programs for UNIX and
-# name Service Switch daemon for resolving names
-# from Windows NT servers.
-#
-samba = module
-
-# Layer: services
-# Module: sasl
-#
-# SASL authentication server
-#
-sasl = module
-
-# Layer: apps
-# Module: screen
-#
-# GNU terminal multiplexer
-#
-screen = module
-
-# Layer: services
-# Module: sendmail
-#
-# Policy for sendmail.
-#
-sendmail = module
-
-# Layer: services
-# Module: setroubleshoot
-#
-# Policy for the SELinux troubleshooting utility
-#
-setroubleshoot = module
-
-# Layer: admin
-# Module: shorewall
-#
-# Policy for shorewall
-#
-shorewall = module
-
-# Layer: apps
-# Module: slocate
-#
-# Update database for mlocate
-#
-slocate = module
-
-# Layer: services
-# Module: slrnpull
-#
-# Service for downloading news feeds the slrn newsreader.
-#
-slrnpull = off
-
-# Layer: services
-# Module: smartmon
-#
-# Smart disk monitoring daemon policy
-#
-smartmon = module
-
-# Layer: services
-# Module: snmp
-#
-# Simple network management protocol services
-#
-snmp = module
-
-# Layer: services
-# Module: snort
-#
-# Snort network intrusion detection system
-#
-snort = module
-
-# Layer: admin
-# Module: sosreport
-#
-# sosreport debuggin information generator
-#
-sosreport = module
-
-# Layer: services
-# Module: soundserver
-#
-# sound server for network audio server programs, nasd, yiff, etc</summary>
-#
-soundserver = module
-
-# Layer: services
-# Module: spamassassin
-#
-# Filter used for removing unsolicited email.
-#
-spamassassin = module
-
-# Layer: services
-# Module: squid
-#
-# Squid caching http proxy server
-#
-squid = module
-
-# Layer: services
-# Module: sssd
-#
-# System Security Services Daemon
-#
-sssd = module
-
-# Layer: services
-# Module: stunnel
-#
-# SSL Tunneling Proxy
-#
-stunnel = module
-
-# Layer: services
-# Module: sysstat
-#
-# Policy for sysstat. Reports on various system states
-#
-sysstat = module
-
-# Layer: services
-# Module: tcpd
-#
-# Policy for TCP daemon.
-#
-tcpd = module
-
-# Layer: services
-# Module: tcsd
-#
-# tcsd - daemon that manages Trusted Computing resources
-#
-tcsd = module
-
-# Layer: apps
-# Module: telepathy
-#
-# telepathy - Policy for Telepathy framework
-#
-telepathy = module
-
-# Layer: services
-# Module: telnet
-#
-# Telnet daemon
-#
-telnet = module
-
-# Layer: services
-# Module: tftp
-#
-# Trivial file transfer protocol daemon
-#
-tftp = module
-
-# Layer: services
-# Module: tgtd
-#
-# Linux Target Framework Daemon.
-#
-tgtd = module
-
-# Layer: apps
-# Module: thumb
-#
-# Thumbnailer confinement
-#
-thumb = module
-
-# Layer: services
-# Module: timidity
-#
-# MIDI to WAV converter and player configured as a service
-#
-timidity = off
-
-# Layer: admin
-# Module: tmpreaper
-#
-# Manage temporary directory sizes and file ages
-#
-tmpreaper = module
-
-# Layer: services
-# Module: tor
-#
-# TOR, the onion router
-#
-tor = module
-
-# Layer: services
-# Module: ksmtuned
-#
-# Kernel Samepage Merging (KSM) Tuning Daemon
-#
-ksmtuned = module
-
-# Layer: services
-# Module: tuned
-#
-# Dynamic adaptive system tuning daemon
-#
-tuned = module
-
-# Layer: apps
-# Module: tvtime
-#
-# tvtime - a high quality television application
-#
-tvtime = module
-
-# Layer: services
-# Module: ulogd
-#
-#
-#
-ulogd = module
-
-# Layer: apps
-# Module: uml
-#
-# Policy for UML
-#
-uml = module
-
-# Layer: admin
-# Module: updfstab
-#
-# Red Hat utility to change /etc/fstab.
-#
-updfstab = module
-
-# Layer: admin
-# Module: usbmodules
-#
-# List kernel modules of USB devices
-#
-usbmodules = module
-
-# Layer: apps
-# Module: userhelper
-#
-# A helper interface to pam.
-#
-userhelper = module
-
-# Layer: apps
-# Module: usernetctl
-#
-# User network interface configuration helper
-#
-usernetctl = module
-
-# Layer: services
-# Module: uucp
-#
-# Unix to Unix Copy
-#
-uucp = module
-
-# Layer: services
-# Module: virt
-#
-# Virtualization libraries
-#
-virt = module
-
-# Layer: apps
-# Module: vmware
-#
-# VMWare Workstation virtual machines
-#
-vmware = module
-
-# Layer: contrib
-# Module: openvswitch
-#
-# SELinux policy for openvswitch programs
-#
-openvswitch = module
-
-# Layer: admin
-# Module: vpn
-#
-# Virtual Private Networking client
-#
-vpn = module
-
-# Layer: services
-# Module: w3c
-#
-# w3c
-#
-w3c = module
-
-# Layer: role
-# Module: webadm
-#
-# Minimally prived root role for managing apache
-#
-webadm = module
-
-# Layer: apps
-# Module: webalizer
-#
-# Web server log analysis
-#
-webalizer = module
-
-# Layer: apps
-# Module: wine
-#
-# wine executable
-#
-wine = module
-
-# Layer: apps
-# Module: wireshark
-#
-# wireshark executable
-#
-wireshark = module
-
-# Layer: apps
-# Module: wm
-#
-# X windows window manager
-#
-wm = module
-
-# Layer: system
-# Module: xen
-#
-# virtualization software
-#
-xen = module
-
-# Layer: role
-# Module: xguest
-#
-# Minimally privs guest account on X Windows logins
-#
-xguest = module
-
-# Layer: services
-# Module: zabbix
-#
-# Open-source monitoring solution for your IT infrastructure
-#
-zabbix = module
-
-# Layer: services
-# Module: zebra
-#
-# Zebra border gateway protocol network routing service
-#
-zebra = module
-
-# Layer: services
-# Module: zosremote
-#
-# policy for z/OS Remote-services Audit dispatcher plugin</summary>
-#
-zosremote = module
-
-# Layer: contrib
-# Module: mandb
-#
-# Policy for mandb
-#
-mandb = module
diff --git a/modules-mls.conf b/modules-mls.conf
new file mode 100644
index 0000000..625ce6a
--- /dev/null
+++ b/modules-mls.conf
@@ -0,0 +1,1952 @@
+# Layer: kernel
+# Module: bootloader
+#
+# Policy for the kernel modules, kernel image, and bootloader.
+#
+bootloader = module
+
+# Layer: kernel
+# Module: corenetwork
+# Required in base
+#
+# Policy controlling access to network objects
+#
+corenetwork = base
+
+# Layer: admin
+# Module: dmesg
+#
+# Policy for dmesg.
+#
+dmesg = module
+
+# Layer: admin
+# Module: netutils
+#
+# Network analysis utilities
+#
+netutils = module
+
+# Layer: admin
+# Module: sudo
+#
+# Execute a command with a substitute user
+#
+sudo = module
+
+# Layer: admin
+# Module: su
+#
+# Run shells with substitute user and group
+#
+su = module
+
+# Layer: admin
+# Module: usermanage
+#
+# Policy for managing user accounts.
+#
+usermanage = module
+
+# Layer: apps
+# Module: seunshare
+#
+# seunshare executable
+#
+seunshare = module
+
+# Layer: kernel
+# Module: corecommands
+# Required in base
+#
+# Core policy for shells, and generic programs
+# in /bin, /sbin, /usr/bin, and /usr/sbin.
+#
+corecommands = base
+
+# Module: devices
+# Required in base
+#
+# Device nodes and interfaces for many basic system devices.
+#
+devices = base
+
+# Module: domain
+# Required in base
+#
+# Core policy for domains.
+#
+domain = base
+
+# Layer: system
+# Module: userdomain
+#
+# Policy for user domains
+#
+userdomain = module
+
+# Module: files
+# Required in base
+#
+# Basic filesystem types and interfaces.
+#
+files = base
+
+# Module: filesystem
+# Required in base
+#
+# Policy for filesystems.
+#
+filesystem = base
+
+# Module: kernel
+# Required in base
+#
+# Policy for kernel threads, proc filesystem,and unlabeled processes and objects.
+#
+kernel = base
+
+# Module: mcs
+# Required in base
+#
+# MultiCategory security policy
+#
+mcs = base
+
+# Module: mls
+# Required in base
+#
+# Multilevel security policy
+#
+mls = base
+
+# Module: selinux
+# Required in base
+#
+# Policy for kernel security interface, in particular, selinuxfs.
+#
+selinux = base
+
+# Layer: kernel
+# Module: storage
+#
+# Policy controlling access to storage devices
+#
+storage = base
+
+# Module: terminal
+# Required in base
+#
+# Policy for terminals.
+#
+terminal = base
+
+# Layer: kernel
+# Module: ubac
+#
+#
+#
+ubac = base
+
+# Layer: kernel
+# Module: unlabelednet
+#
+# The unlabelednet module.
+#
+unlabelednet = module
+
+# Layer: role
+# Module: auditadm
+#
+# auditadm account on tty logins
+#
+auditadm = module
+
+# Layer: role
+# Module: logadm
+#
+# Minimally prived root role for managing logging system
+#
+logadm = module
+
+# Layer: role
+# Module: secadm
+#
+# secadm account on tty logins
+#
+secadm = module
+
+# Layer:role
+# Module: staff
+#
+# admin account
+#
+staff = module
+
+# Layer:role
+# Module: sysadm_secadm
+#
+# System Administrator with Security Admin rules
+#
+sysadm_secadm = module
+
+# Layer:role
+# Module: sysadm
+#
+# System Administrator
+#
+sysadm = module
+
+# Layer: role
+# Module: unprivuser
+#
+# Minimally privs guest account on tty logins
+#
+unprivuser = module
+
+# Layer: services
+# Module: postgresql
+#
+# PostgreSQL relational database
+#
+postgresql = module
+
+# Layer: services
+# Module: ssh
+#
+# Secure shell client and server policy.
+#
+ssh = module
+
+# Layer: services
+# Module: xserver
+#
+# X windows login display manager
+#
+xserver = module
+
+# Module: application
+# Required in base
+#
+# Defines attributs and interfaces for all user applications
+#
+application = module
+
+# Layer: system
+# Module: authlogin
+#
+# Common policy for authentication and user login.
+#
+authlogin = module
+
+# Layer: system
+# Module: clock
+#
+# Policy for reading and setting the hardware clock.
+#
+clock = module
+
+# Layer: system
+# Module: fstools
+#
+# Tools for filesystem management, such as mkfs and fsck.
+#
+fstools = module
+
+# Layer: system
+# Module: getty
+#
+# Policy for getty.
+#
+getty = module
+
+# Layer: system
+# Module: hostname
+#
+# Policy for changing the system host name.
+#
+hostname = module
+
+# Layer: system
+# Module: init
+#
+# System initialization programs (init and init scripts).
+#
+init = module
+
+# Layer: system
+# Module: ipsec
+#
+# TCP/IP encryption
+#
+ipsec = module
+
+# Layer: system
+# Module: iptables
+#
+# Policy for iptables.
+#
+iptables = module
+
+# Layer: system
+# Module: libraries
+#
+# Policy for system libraries.
+#
+libraries = module
+
+# Layer: system
+# Module: locallogin
+#
+# Policy for local logins.
+#
+locallogin = module
+
+# Layer: system
+# Module: logging
+#
+# Policy for the kernel message logger and system logging daemon.
+#
+logging = module
+
+# Layer: system
+# Module: lvm
+#
+# Policy for logical volume management programs.
+#
+lvm = module
+
+# Layer: system
+# Module: miscfiles
+#
+# Miscelaneous files.
+#
+miscfiles = module
+
+# Layer: system
+# Module: modutils
+#
+# Policy for kernel module utilities
+#
+modutils = module
+
+# Layer: system
+# Module: mount
+#
+# Policy for mount.
+#
+mount = module
+
+# Layer: system
+# Module: netlabel
+#
+# Basic netlabel types and interfaces.
+#
+netlabel = module
+
+# Layer: system
+# Module: selinuxutil
+#
+# Policy for SELinux policy and userland applications.
+#
+selinuxutil = module
+
+# Module: setrans
+# Required in base
+#
+# Policy for setrans
+#
+setrans = module
+
+# Layer: system
+# Module: sysnetwork
+#
+# Policy for network configuration: ifconfig and dhcp client.
+#
+sysnetwork = module
+
+# Layer: system
+# Module: systemd
+#
+# Policy for systemd components
+#
+systemd = module
+
+# Layer: system
+# Module: udev
+#
+# Policy for udev.
+#
+udev = module
+# Layer: services
+# Module: accountsd
+#
+# An application to view and modify user accounts information
+#
+accountsd = module
+
+# Layer: admin
+# Module: acct
+#
+# Berkeley process accounting
+#
+acct = module
+
+# Layer: services
+# Module: afs
+#
+# Andrew Filesystem server
+#
+afs = module
+
+# Layer: services
+# Module: aide
+#
+# Policy for aide
+#
+aide = module
+
+# Layer: admin
+# Module: alsa
+#
+# Ainit ALSA configuration tool
+#
+alsa = module
+
+# Layer: admin
+# Module: amanda
+#
+# Automated backup program.
+#
+amanda = module
+
+# Layer: contrib
+# Module: antivirus
+#
+# Anti-virus
+#
+antivirus = module
+
+# Layer: admin
+# Module: amtu
+#
+# Abstract Machine Test Utility (AMTU)
+#
+amtu = module
+
+# Layer: admin
+# Module: anaconda
+#
+# Policy for the Anaconda installer.
+#
+anaconda = module
+
+# Layer: services
+# Module: apache
+#
+# Apache web server
+#
+apache = module
+
+# Layer: services
+# Module: apcupsd
+#
+# daemon for most APC’s UPS for Linux
+#
+apcupsd = module
+
+# Layer: services
+# Module: apm
+#
+# Advanced power management daemon
+#
+apm = module
+
+# Layer: services
+# Module: arpwatch
+#
+# Ethernet activity monitor.
+#
+arpwatch = module
+
+# Layer: services
+# Module: automount
+#
+# Filesystem automounter service.
+#
+automount = module
+
+# Layer: services
+# Module: avahi
+#
+# mDNS/DNS-SD daemon implementing Apple ZeroConf architecture
+#
+avahi = module
+
+# Layer: modules
+# Module: awstats
+#
+# awstats executable
+#
+awstats = module
+
+# Layer: services
+# Module: bind
+#
+# Berkeley internet name domain DNS server.
+#
+bind = module
+
+# Layer: services
+# Module: bitlbee
+#
+# An IRC to other chat networks gateway
+#
+bitlbee = module
+
+# Layer: services
+# Module: bluetooth
+#
+# Bluetooth tools and system services.
+#
+bluetooth = module
+
+# Layer: services
+# Module: boinc
+#
+# Berkeley Open Infrastructure for Network Computing
+#
+boinc = module
+
+# Layer: system
+# Module: brctl
+#
+# Utilities for configuring the linux ethernet bridge
+#
+brctl = module
+
+# Layer: services
+# Module: bugzilla
+#
+# Bugzilla server
+#
+bugzilla = module
+
+# Layer: services
+# Module: cachefilesd
+#
+# CacheFiles userspace management daemon
+#
+cachefilesd = module
+
+# Module: calamaris
+#
+#
+# Squid log analysis
+#
+calamaris = module
+
+# Layer: services
+# Module: canna
+#
+# Canna - kana-kanji conversion server
+#
+canna = module
+
+# Layer: services
+# Module: ccs
+#
+# policy for ccs
+#
+ccs = module
+
+# Layer: apps
+# Module: cdrecord
+#
+# Policy for cdrecord
+#
+cdrecord = module
+
+# Layer: admin
+# Module: certmaster
+#
+# Digital Certificate master
+#
+certmaster = module
+
+# Layer: services
+# Module: certmonger
+#
+# Certificate status monitor and PKI enrollment client
+#
+certmonger = module
+
+# Layer: admin
+# Module: certwatch
+#
+# Digital Certificate Tracking
+#
+certwatch = module
+
+# Layer: services
+# Module: cgroup
+#
+# Tools and libraries to control and monitor control groups
+#
+cgroup = module
+
+# Layer: apps
+# Module: chrome
+#
+# chrome sandbox
+#
+chrome = module
+
+# Layer: services
+# Module: chronyd
+#
+# Daemon for maintaining clock time
+#
+chronyd = module
+
+# Layer: services
+# Module: cipe
+#
+# Encrypted tunnel daemon
+#
+cipe = module
+
+# Layer: services
+# Module: clogd
+#
+# clogd - clustered mirror log server
+#
+clogd = module
+
+# Layer: services
+# Module: cmirrord
+#
+# cmirrord - daemon providing device-mapper-base mirrors in a shared-storege cluster
+#
+cmirrord = module
+
+# Layer: services
+# Module: colord
+#
+# color device daemon
+#
+colord = module
+
+# Layer: services
+# Module: comsat
+#
+# Comsat, a biff server.
+#
+comsat = module
+
+# Layer: services
+# Module: courier
+#
+# IMAP and POP3 email servers
+#
+courier = module
+
+# Layer: services
+# Module: cpucontrol
+#
+# Services for loading CPU microcode and CPU frequency scaling.
+#
+cpucontrol = module
+
+# Layer: apps
+# Module: cpufreqselector
+#
+# cpufreqselector executable
+#
+cpufreqselector = module
+
+# Layer: services
+# Module: cron
+#
+# Periodic execution of scheduled commands.
+#
+cron = module
+
+# Layer: services
+# Module: cups
+#
+# Common UNIX printing system
+#
+cups = module
+
+# Layer: services
+# Module: cvs
+#
+# Concurrent versions system
+#
+cvs = module
+
+# Layer: services
+# Module: cyphesis
+#
+# cyphesis game server
+#
+cyphesis = module
+
+# Layer: services
+# Module: cyrus
+#
+# Cyrus is an IMAP service intended to be run on sealed servers
+#
+cyrus = module
+
+# Layer: system
+# Module: daemontools
+#
+# Collection of tools for managing UNIX services
+#
+daemontools = module
+
+# Layer: role
+# Module: dbadm
+#
+# Minimally prived root role for managing databases
+#
+dbadm = module
+
+# Layer: services
+# Module: dbskk
+#
+# Dictionary server for the SKK Japanese input method system.
+#
+dbskk = module
+
+# Layer: services
+# Module: dbus
+#
+# Desktop messaging bus
+#
+dbus = module
+
+# Layer: services
+# Module: dcc
+#
+# A distributed, collaborative, spam detection and filtering network.
+#
+dcc = module
+
+# Layer: admin
+# Module: ddcprobe
+#
+# ddcprobe retrieves monitor and graphics card information
+#
+ddcprobe = off
+
+# Layer: services
+# Module: devicekit
+#
+# devicekit-daemon
+#
+devicekit = module
+
+# Layer: services
+# Module: dhcp
+#
+# Dynamic host configuration protocol (DHCP) server
+#
+dhcp = module
+
+# Layer: services
+# Module: dictd
+#
+# Dictionary daemon
+#
+dictd = module
+
+# Layer: services
+# Module: distcc
+#
+# Distributed compiler daemon
+#
+distcc = off
+
+# Layer: admin
+# Module: dmidecode
+#
+# Decode DMI data for x86/ia64 bioses.
+#
+dmidecode = module
+
+# Layer: services
+# Module: dnsmasq
+#
+# A lightweight DHCP and caching DNS server.
+#
+dnsmasq = module
+
+# Layer: services
+# Module: dnssec
+#
+# A dnssec server application
+#
+dnssec = module
+
+# Layer: services
+# Module: dovecot
+#
+# Dovecot POP and IMAP mail server
+#
+dovecot = module
+
+# Layer: services
+# Module: entropy
+#
+# Generate entropy from audio input
+#
+entropyd = module
+
+# Layer: services
+# Module: exim
+#
+# exim mail server
+#
+exim = module
+
+# Layer: services
+# Module: fail2ban
+#
+# daiemon that bans IP that makes too many password failures
+#
+fail2ban = module
+
+# Layer: services
+# Module: fetchmail
+#
+# Remote-mail retrieval and forwarding utility
+#
+fetchmail = module
+
+# Layer: services
+# Module: finger
+#
+# Finger user information service.
+#
+finger = module
+
+# Layer: services
+# Module: firewalld
+#
+# firewalld is firewall service daemon that provides dynamic customizable
+#
+firewalld = module
+
+# Layer: apps
+# Module: firewallgui
+#
+# policy for system-config-firewall
+#
+firewallgui = module
+
+# Module: firstboot
+#
+# Final system configuration run during the first boot
+# after installation of Red Hat/Fedora systems.
+#
+firstboot = module
+
+# Layer: services
+# Module: fprintd
+#
+# finger print server
+#
+fprintd = module
+
+# Layer: services
+# Module: ftp
+#
+# File transfer protocol service
+#
+ftp = module
+
+# Layer: apps
+# Module: games
+#
+# The Open Group Pegasus CIM/WBEM Server.
+#
+games = module
+
+# Layer: apps
+# Module: gitosis
+#
+# Policy for gitosis
+#
+gitosis = module
+
+# Layer: services
+# Module: git
+#
+# Policy for the stupid content tracker
+#
+git = module
+
+# Layer: services
+# Module: glance
+#
+# Policy for glance
+#
+glance = module
+
+# Layer: apps
+# Module: gnome
+#
+# gnome session and gconf
+#
+gnome = module
+
+# Layer: apps
+# Module: gpg
+#
+# Policy for Mozilla and related web browsers
+#
+gpg = module
+
+# Layer: services
+# Module: gpm
+#
+# General Purpose Mouse driver
+#
+gpm = module
+
+# Module: gpsd
+#
+# gpsd monitor daemon
+#
+#
+gpsd = module
+
+# Module: gssproxy
+#
+# A proxy for GSSAPI credential handling
+#
+#
+gssproxy = module
+
+# Layer: role
+# Module: guest
+#
+# Minimally privs guest account on tty logins
+#
+guest = module
+
+# Layer: services
+# Module: i18n_input
+#
+# IIIMF htt server
+#
+i18n_input = off
+
+# Layer: services
+# Module: inetd
+#
+# Internet services daemon.
+#
+inetd = module
+
+# Layer: services
+# Module: inn
+#
+# Internet News NNTP server
+#
+inn = module
+
+# Layer: apps
+# Module: irc
+#
+# IRC client policy
+#
+irc = module
+
+# Layer: services
+# Module: irqbalance
+#
+# IRQ balancing daemon
+#
+irqbalance = module
+
+# Layer: system
+# Module: iscsi
+#
+# Open-iSCSI daemon
+#
+iscsi = module
+
+# Layer: services
+# Module: jabber
+#
+# Jabber instant messaging server
+#
+jabber = module
+
+# Layer: apps
+# Module: kdumpgui
+#
+# system-config-kdump policy
+#
+kdumpgui = module
+
+# Layer: admin
+# Module: kdump
+#
+# kdump is kernel crash dumping mechanism
+#
+kdump = module
+
+# Layer: services
+# Module: kerberos
+#
+# MIT Kerberos admin and KDC
+#
+kerberos = module
+
+# Layer: services
+# Module: kismet
+#
+# Wireless sniffing and monitoring
+#
+kismet = module
+
+# Layer: services
+# Module: ktalk
+#
+# KDE Talk daemon
+#
+ktalk = module
+
+# Layer: services
+# Module: ldap
+#
+# OpenLDAP directory server
+#
+ldap = module
+
+# Layer: services
+# Module: lircd
+#
+# LIRC daemon - decodes infrared signals and provides them on a Unix domain socket.
+#
+lircd = module
+
+# Layer: apps
+# Module: loadkeys
+#
+# Load keyboard mappings.
+#
+loadkeys = module
+
+# Layer: apps
+# Module: lockdev
+#
+# device locking policy for lockdev
+#
+lockdev = module
+
+# Layer: admin
+# Module: logrotate
+#
+# Rotate and archive system logs
+#
+logrotate = module
+
+# Layer: services
+# Module: logwatch
+#
+# logwatch executable
+#
+logwatch = module
+
+# Layer: services
+# Module: lpd
+#
+# Line printer daemon
+#
+lpd = module
+
+# Layer: services
+# Module: lsm
+#
+# lsm policy
+#
+lsm = module
+
+# Layer: services
+# Module: mailman
+#
+# Mailman is for managing electronic mail discussion and e-newsletter lists
+#
+mailman = module
+
+# Layer: admin
+# Module: mcelog
+#
+# mcelog is a daemon that collects and decodes Machine Check Exception data on x86-64 machines.
+#
+mcelog = module
+
+# Layer: services
+# Module: memcached
+#
+# high-performance memory object caching system
+#
+memcached = module
+
+# Layer: services
+# Module: milter
+#
+#
+#
+milter = module
+
+# Layer: services
+# Module: modemmanager
+#
+# Manager for dynamically switching between modems.
+#
+modemmanager = module
+
+# Layer: services
+# Module: mojomojo
+#
+# Wiki server
+#
+mojomojo = module
+
+# Layer: apps
+# Module: mozilla
+#
+# Policy for Mozilla and related web browsers
+#
+mozilla = module
+
+# Layer: apps
+# Module: mplayer
+#
+# Policy for Mozilla and related web browsers
+#
+mplayer = module
+
+# Layer: admin
+# Module: mrtg
+#
+# Network traffic graphing
+#
+mrtg = module
+
+# Layer: services
+# Module: mta
+#
+# Policy common to all email tranfer agents.
+#
+mta = module
+
+# Layer: services
+# Module: munin
+#
+# Munin
+#
+munin = module
+
+# Layer: services
+# Module: mysql
+#
+# Policy for MySQL
+#
+mysql = module
+
+# Layer: services
+# Module: nagios
+#
+# policy for nagios Host/service/network monitoring program
+#
+nagios = module
+
+# Layer: apps
+# Module: namespace
+#
+# policy for namespace.init script
+#
+namespace = module
+
+# Layer: admin
+# Module: ncftool
+#
+# Tool to modify the network configuration of a system
+#
+ncftool = module
+
+# Layer: services
+# Module: networkmanager
+#
+# Manager for dynamically switching between networks.
+#
+networkmanager = module
+
+# Layer: services
+# Module: nis
+#
+# Policy for NIS (YP) servers and clients
+#
+nis = module
+
+# Layer: services
+# Module: nscd
+#
+# Name service cache daemon
+#
+nscd = module
+
+# Layer: services
+# Module: nslcd
+#
+# Policy for nslcd
+#
+nslcd = module
+
+# Layer: services
+# Module: ntop
+#
+# Policy for ntop
+#
+ntop = module
+
+# Layer: services
+# Module: ntp
+#
+# Network time protocol daemon
+#
+ntp = module
+
+# Layer: services
+# Module: nx
+#
+# NX Remote Desktop
+#
+nx = module
+
+# Layer: services
+# Module: oddjob
+#
+# policy for oddjob
+#
+oddjob = module
+
+# Layer: services
+# Module: openct
+#
+# Service for handling smart card readers.
+#
+openct = off
+
+# Layer: service
+# Module: openct
+#
+# Middleware framework for smart card terminals
+#
+openct = module
+
+# Layer: services
+# Module: openvpn
+#
+# Policy for OPENVPN full-featured SSL VPN solution
+#
+openvpn = module
+
+# Layer: contrib
+# Module: prelude
+#
+# SELinux policy for prelude
+#
+prelude = module
+
+# Layer: contrib
+# Module: prosody
+#
+# SELinux policy for prosody flexible communications server for Jabber/XMPP
+#
+prosody = module
+
+# Layer: services
+# Module: pads
+#
+pads = module
+
+# Layer: system
+# Module: pcmcia
+#
+# PCMCIA card management services
+#
+pcmcia = module
+
+# Layer: service
+# Module: pcscd
+#
+# PC/SC Smart Card Daemon
+#
+pcscd = module
+
+# Layer: services
+# Module: pegasus
+#
+# The Open Group Pegasus CIM/WBEM Server.
+#
+pegasus = module
+
+
+# Layer: services
+# Module: pingd
+#
+#
+pingd = module
+
+# Layer: services
+# Module: piranha
+#
+# piranha - various tools to administer and configure the Linux Virtual Server
+#
+piranha = module
+
+# Layer: services
+# Module: plymouthd
+#
+# Plymouth
+#
+plymouthd = module
+
+# Layer: apps
+# Module: podsleuth
+#
+# Podsleuth probes, identifies, and exposes properties and metadata bound to iPods.
+#
+podsleuth = module
+
+# Layer: services
+# Module: policykit
+#
+# Hardware abstraction layer
+#
+policykit = module
+
+# Layer: services
+# Module: polipo
+#
+# polipo
+#
+polipo = module
+
+# Layer: services
+# Module: portmap
+#
+# RPC port mapping service.
+#
+portmap = module
+
+# Layer: services
+# Module: portreserve
+#
+# reserve ports to prevent portmap mapping them
+#
+portreserve = module
+
+# Layer: services
+# Module: postfix
+#
+# Postfix email server
+#
+postfix = module
+
+o# Layer: services
+# Module: postgrey
+#
+# email scanner
+#
+postgrey = module
+
+# Layer: services
+# Module: ppp
+#
+# Point to Point Protocol daemon creates links in ppp networks
+#
+ppp = module
+
+# Layer: admin
+# Module: prelink
+#
+# Manage temporary directory sizes and file ages
+#
+prelink = module
+
+# Layer: services
+# Module: privoxy
+#
+# Privacy enhancing web proxy.
+#
+privoxy = module
+
+# Layer: services
+# Module: procmail
+#
+# Procmail mail delivery agent
+#
+procmail = module
+
+# Layer: services
+# Module: psad
+#
+# Analyze iptables log for hostile traffic
+#
+psad = module
+
+# Layer: apps
+# Module: ptchown
+#
+# helper function for grantpt(3), changes ownship and permissions of pseudotty
+#
+ptchown = module
+
+# Layer: apps
+# Module: pulseaudio
+#
+# The PulseAudio Sound System
+#
+pulseaudio = module
+
+# Layer: services
+# Module: qmail
+#
+# Policy for qmail
+#
+qmail = module
+
+# Layer: services
+# Module: qpidd
+#
+# Policy for qpidd
+#
+qpid = module
+
+# Layer: admin
+# Module: quota
+#
+# File system quota management
+#
+quota = module
+
+# Layer: services
+# Module: radius
+#
+# RADIUS authentication and accounting server.
+#
+radius = module
+
+# Layer: services
+# Module: radvd
+#
+# IPv6 router advertisement daemon
+#
+radvd = module
+
+# Layer: system
+# Module: raid
+#
+# RAID array management tools
+#
+raid = module
+
+# Layer: services
+# Module: rdisc
+#
+# Network router discovery daemon
+#
+rdisc = module
+
+# Layer: admin
+# Module: readahead
+#
+# Readahead, read files into page cache for improved performance
+#
+readahead = module
+
+# Layer: services
+# Module: remotelogin
+#
+# Policy for rshd, rlogind, and telnetd.
+#
+remotelogin = module
+
+# Layer: services
+# Module: rhcs
+#
+# RHCS - Red Hat Cluster Suite
+#
+rhcs = module
+
+# Layer: services
+# Module: rhgb
+#
+# X windows login display manager
+#
+rhgb = module
+
+# Layer: services
+# Module: ricci
+#
+# policy for ricci
+#
+ricci = module
+
+# Layer: services
+# Module: rlogin
+#
+# Remote login daemon
+#
+rlogin = module
+
+# Layer: services
+# Module: roundup
+#
+# Roundup Issue Tracking System policy
+#
+roundup = module
+
+# Layer: services
+# Module: rpcbind
+#
+# universal addresses to RPC program number mapper
+#
+rpcbind = module
+
+# Layer: services
+# Module: rpc
+#
+# Remote Procedure Call Daemon for managment of network based process communication
+#
+rpc = module
+
+# Layer: admin
+# Module: rpm
+#
+# Policy for the RPM package manager.
+#
+rpm = module
+
+# Layer: services
+# Module: rshd
+#
+# Remote shell service.
+#
+rshd = module
+
+# Layer: services
+# Module: rsync
+#
+# Fast incremental file transfer for synchronization
+#
+rsync = module
+
+# Layer: services
+# Module: rtkit
+#
+# Real Time Kit Daemon
+#
+rtkit = module
+
+# Layer: services
+# Module: rwho
+#
+# who is logged in on local machines
+#
+rwho = module
+
+# Layer: apps
+# Module: sambagui
+#
+# policy for system-config-samba
+#
+sambagui = module
+
+#
+# SMB and CIFS client/server programs for UNIX and
+# name Service Switch daemon for resolving names
+# from Windows NT servers.
+#
+samba = module
+
+# Layer: services
+# Module: sasl
+#
+# SASL authentication server
+#
+sasl = module
+
+# Layer: apps
+# Module: screen
+#
+# GNU terminal multiplexer
+#
+screen = module
+
+# Layer: services
+# Module: sendmail
+#
+# Policy for sendmail.
+#
+sendmail = module
+
+# Layer: services
+# Module: setroubleshoot
+#
+# Policy for the SELinux troubleshooting utility
+#
+setroubleshoot = module
+
+# Layer: admin
+# Module: shorewall
+#
+# Policy for shorewall
+#
+shorewall = module
+
+# Layer: apps
+# Module: slocate
+#
+# Update database for mlocate
+#
+slocate = module
+
+# Layer: services
+# Module: slrnpull
+#
+# Service for downloading news feeds the slrn newsreader.
+#
+slrnpull = off
+
+# Layer: services
+# Module: smartmon
+#
+# Smart disk monitoring daemon policy
+#
+smartmon = module
+
+# Layer: services
+# Module: snmp
+#
+# Simple network management protocol services
+#
+snmp = module
+
+# Layer: services
+# Module: snort
+#
+# Snort network intrusion detection system
+#
+snort = module
+
+# Layer: admin
+# Module: sosreport
+#
+# sosreport debuggin information generator
+#
+sosreport = module
+
+# Layer: services
+# Module: soundserver
+#
+# sound server for network audio server programs, nasd, yiff, etc</summary>
+#
+soundserver = module
+
+# Layer: services
+# Module: spamassassin
+#
+# Filter used for removing unsolicited email.
+#
+spamassassin = module
+
+# Layer: services
+# Module: squid
+#
+# Squid caching http proxy server
+#
+squid = module
+
+# Layer: services
+# Module: sssd
+#
+# System Security Services Daemon
+#
+sssd = module
+
+# Layer: services
+# Module: stunnel
+#
+# SSL Tunneling Proxy
+#
+stunnel = module
+
+# Layer: services
+# Module: sysstat
+#
+# Policy for sysstat. Reports on various system states
+#
+sysstat = module
+
+# Layer: services
+# Module: tcpd
+#
+# Policy for TCP daemon.
+#
+tcpd = module
+
+# Layer: services
+# Module: tcsd
+#
+# tcsd - daemon that manages Trusted Computing resources
+#
+tcsd = module
+
+# Layer: apps
+# Module: telepathy
+#
+# telepathy - Policy for Telepathy framework
+#
+telepathy = module
+
+# Layer: services
+# Module: telnet
+#
+# Telnet daemon
+#
+telnet = module
+
+# Layer: services
+# Module: tftp
+#
+# Trivial file transfer protocol daemon
+#
+tftp = module
+
+# Layer: services
+# Module: tgtd
+#
+# Linux Target Framework Daemon.
+#
+tgtd = module
+
+# Layer: apps
+# Module: thumb
+#
+# Thumbnailer confinement
+#
+thumb = module
+
+# Layer: services
+# Module: timidity
+#
+# MIDI to WAV converter and player configured as a service
+#
+timidity = off
+
+# Layer: admin
+# Module: tmpreaper
+#
+# Manage temporary directory sizes and file ages
+#
+tmpreaper = module
+
+# Layer: services
+# Module: tor
+#
+# TOR, the onion router
+#
+tor = module
+
+# Layer: services
+# Module: ksmtuned
+#
+# Kernel Samepage Merging (KSM) Tuning Daemon
+#
+ksmtuned = module
+
+# Layer: services
+# Module: tuned
+#
+# Dynamic adaptive system tuning daemon
+#
+tuned = module
+
+# Layer: apps
+# Module: tvtime
+#
+# tvtime - a high quality television application
+#
+tvtime = module
+
+# Layer: services
+# Module: ulogd
+#
+#
+#
+ulogd = module
+
+# Layer: apps
+# Module: uml
+#
+# Policy for UML
+#
+uml = module
+
+# Layer: admin
+# Module: updfstab
+#
+# Red Hat utility to change /etc/fstab.
+#
+updfstab = module
+
+# Layer: admin
+# Module: usbmodules
+#
+# List kernel modules of USB devices
+#
+usbmodules = module
+
+# Layer: apps
+# Module: userhelper
+#
+# A helper interface to pam.
+#
+userhelper = module
+
+# Layer: apps
+# Module: usernetctl
+#
+# User network interface configuration helper
+#
+usernetctl = module
+
+# Layer: services
+# Module: uucp
+#
+# Unix to Unix Copy
+#
+uucp = module
+
+# Layer: services
+# Module: virt
+#
+# Virtualization libraries
+#
+virt = module
+
+# Layer: apps
+# Module: vmware
+#
+# VMWare Workstation virtual machines
+#
+vmware = module
+
+# Layer: contrib
+# Module: openvswitch
+#
+# SELinux policy for openvswitch programs
+#
+openvswitch = module
+
+# Layer: admin
+# Module: vpn
+#
+# Virtual Private Networking client
+#
+vpn = module
+
+# Layer: services
+# Module: w3c
+#
+# w3c
+#
+w3c = module
+
+# Layer: role
+# Module: webadm
+#
+# Minimally prived root role for managing apache
+#
+webadm = module
+
+# Layer: apps
+# Module: webalizer
+#
+# Web server log analysis
+#
+webalizer = module
+
+# Layer: apps
+# Module: wine
+#
+# wine executable
+#
+wine = module
+
+# Layer: apps
+# Module: wireshark
+#
+# wireshark executable
+#
+wireshark = module
+
+# Layer: apps
+# Module: wm
+#
+# X windows window manager
+#
+wm = module
+
+# Layer: system
+# Module: xen
+#
+# virtualization software
+#
+xen = module
+
+# Layer: role
+# Module: xguest
+#
+# Minimally privs guest account on X Windows logins
+#
+xguest = module
+
+# Layer: services
+# Module: zabbix
+#
+# Open-source monitoring solution for your IT infrastructure
+#
+zabbix = module
+
+# Layer: services
+# Module: zebra
+#
+# Zebra border gateway protocol network routing service
+#
+zebra = module
+
+# Layer: services
+# Module: zosremote
+#
+# policy for z/OS Remote-services Audit dispatcher plugin</summary>
+#
+zosremote = module
+
+# Layer: contrib
+# Module: mandb
+#
+# Policy for mandb
+#
+mandb = module
diff --git a/modules-targeted-base.conf b/modules-targeted-base.conf
deleted file mode 100644
index e7456ef..0000000
--- a/modules-targeted-base.conf
+++ /dev/null
@@ -1,393 +0,0 @@
-# Layer: kernel
-# Module: bootloader
-#
-# Policy for the kernel modules, kernel image, and bootloader.
-#
-bootloader = module
-
-# Layer: kernel
-# Module: corecommands
-# Required in base
-#
-# Core policy for shells, and generic programs
-# in /bin, /sbin, /usr/bin, and /usr/sbin.
-#
-corecommands = base
-
-# Layer: kernel
-# Module: corenetwork
-# Required in base
-#
-# Policy controlling access to network objects
-#
-corenetwork = base
-
-# Layer: admin
-# Module: dmesg
-#
-# Policy for dmesg.
-#
-dmesg = module
-
-# Layer: admin
-# Module: netutils
-#
-# Network analysis utilities
-#
-netutils = module
-
-# Layer: admin
-# Module: sudo
-#
-# Execute a command with a substitute user
-#
-sudo = module
-
-# Layer: admin
-# Module: su
-#
-# Run shells with substitute user and group
-#
-su = module
-
-# Layer: admin
-# Module: usermanage
-#
-# Policy for managing user accounts.
-#
-usermanage = module
-
-# Layer: apps
-# Module: seunshare
-#
-# seunshare executable
-#
-seunshare = module
-
-# Module: devices
-# Required in base
-#
-# Device nodes and interfaces for many basic system devices.
-#
-devices = base
-
-# Module: domain
-# Required in base
-#
-# Core policy for domains.
-#
-domain = base
-
-# Layer: system
-# Module: userdomain
-#
-# Policy for user domains
-#
-userdomain = module
-
-# Module: files
-# Required in base
-#
-# Basic filesystem types and interfaces.
-#
-files = base
-
-# Layer: system
-# Module: miscfiles
-#
-# Miscelaneous files.
-#
-miscfiles = module
-
-# Module: filesystem
-# Required in base
-#
-# Policy for filesystems.
-#
-filesystem = base
-
-# Module: kernel
-# Required in base
-#
-# Policy for kernel threads, proc filesystem,and unlabeled processes and objects.
-#
-kernel = base
-
-# Module: mcs
-# Required in base
-#
-# MultiCategory security policy
-#
-mcs = base
-
-# Module: mls
-# Required in base
-#
-# Multilevel security policy
-#
-mls = base
-
-# Module: selinux
-# Required in base
-#
-# Policy for kernel security interface, in particular, selinuxfs.
-#
-selinux = base
-
-# Layer: kernel
-# Module: storage
-#
-# Policy controlling access to storage devices
-#
-storage = base
-
-# Module: terminal
-# Required in base
-#
-# Policy for terminals.
-#
-terminal = base
-
-# Layer: kernel
-# Module: ubac
-#
-#
-#
-ubac = base
-
-# Layer: kernel
-# Module: unconfined
-#
-# The unlabelednet module.
-#
-unlabelednet = module
-
-# Layer: role
-# Module: auditadm
-#
-# auditadm account on tty logins
-#
-auditadm = module
-
-# Layer: role
-# Module: logadm
-#
-# Minimally prived root role for managing logging system
-#
-logadm = module
-
-# Layer: role
-# Module: secadm
-#
-# secadm account on tty logins
-#
-secadm = module
-
-# Layer:role
-# Module: sysadm_secadm
-#
-# System Administrator with Security Admin rules
-#
-sysadm_secadm = module
-
-# Module: staff
-#
-# admin account
-#
-staff = module
-
-# Layer:role
-# Module: sysadm
-#
-# System Administrator
-#
-sysadm = module
-
-# Layer: role
-# Module: unconfineduser
-#
-# The unconfined user domain.
-#
-unconfineduser = module
-
-# Layer: role
-# Module: unprivuser
-#
-# Minimally privs guest account on tty logins
-#
-unprivuser = module
-
-# Layer: services
-# Module: postgresql
-#
-# PostgreSQL relational database
-#
-postgresql = module
-
-# Layer: services
-# Module: ssh
-#
-# Secure shell client and server policy.
-#
-ssh = module
-
-# Layer: services
-# Module: xserver
-#
-# X windows login display manager
-#
-xserver = module
-
-# Module: application
-# Required in base
-#
-# Defines attributs and interfaces for all user applications
-#
-application = module
-
-# Layer: system
-# Module: authlogin
-#
-# Common policy for authentication and user login.
-#
-authlogin = module
-
-# Layer: system
-# Module: clock
-#
-# Policy for reading and setting the hardware clock.
-#
-clock = module
-
-# Layer: system
-# Module: fstools
-#
-# Tools for filesystem management, such as mkfs and fsck.
-#
-fstools = module
-
-# Layer: system
-# Module: getty
-#
-# Policy for getty.
-#
-getty = module
-
-# Layer: system
-# Module: hostname
-#
-# Policy for changing the system host name.
-#
-hostname = module
-
-# Layer: system
-# Module: init
-#
-# System initialization programs (init and init scripts).
-#
-init = module
-
-# Layer: system
-# Module: ipsec
-#
-# TCP/IP encryption
-#
-ipsec = module
-
-# Layer: system
-# Module: iptables
-#
-# Policy for iptables.
-#
-iptables = module
-
-# Layer: system
-# Module: libraries
-#
-# Policy for system libraries.
-#
-libraries = module
-
-# Layer: system
-# Module: locallogin
-#
-# Policy for local logins.
-#
-locallogin = module
-
-# Layer: system
-# Module: logging
-#
-# Policy for the kernel message logger and system logging daemon.
-#
-logging = module
-
-# Layer: system
-# Module: lvm
-#
-# Policy for logical volume management programs.
-#
-lvm = module
-
-# Layer: system
-# Module: modutils
-#
-# Policy for kernel module utilities
-#
-modutils = module
-
-# Layer: system
-# Module: mount
-#
-# Policy for mount.
-#
-mount = module
-
-# Layer: system
-# Module: netlabel
-#
-# Basic netlabel types and interfaces.
-#
-netlabel = module
-
-# Layer: system
-# Module: selinuxutil
-#
-# Policy for SELinux policy and userland applications.
-#
-selinuxutil = module
-
-# Module: setrans
-# Required in base
-#
-# Policy for setrans
-#
-setrans = module
-
-# Layer: system
-# Module: sysnetwork
-#
-# Policy for network configuration: ifconfig and dhcp client.
-#
-sysnetwork = module
-
-# Layer: system
-# Module: systemd
-#
-# Policy for systemd components
-#
-systemd = module
-
-# Layer: system
-# Module: udev
-#
-# Policy for udev.
-#
-udev = module
-
-# Layer: system
-# Module: unconfined
-#
-# The unconfined domain.
-#
-unconfined = module
diff --git a/modules-targeted-contrib.conf b/modules-targeted-contrib.conf
deleted file mode 100644
index 2954fb8..0000000
--- a/modules-targeted-contrib.conf
+++ /dev/null
@@ -1,2784 +0,0 @@
-# Layer: services
-# Module: abrt
-#
-# Automatic bug detection and reporting tool
-#
-abrt = module
-
-# Layer: services
-# Module: accountsd
-#
-# An application to view and modify user accounts information
-#
-accountsd = module
-
-# Layer: admin
-# Module: acct
-#
-# Berkeley process accounting
-#
-acct = module
-
-# Layer: services
-# Module: afs
-#
-# Andrew Filesystem server
-#
-afs = module
-
-# Layer: services
-# Module: aiccu
-#
-# SixXS Automatic IPv6 Connectivity Client Utility
-#
-aiccu = module
-
-# Layer: services
-# Module: aide
-#
-# Policy for aide
-#
-aide = module
-
-# Layer: services
-# Module: ajaxterm
-#
-# Web Based Terminal
-#
-ajaxterm = module
-
-# Layer: admin
-# Module: alsa
-#
-# Ainit ALSA configuration tool
-#
-alsa = module
-
-# Layer: admin
-# Module: amanda
-#
-# Automated backup program.
-#
-amanda = module
-
-# Layer: admin
-# Module: amtu
-#
-# Abstract Machine Test Utility (AMTU)
-#
-amtu = module
-
-# Layer: admin
-# Module: anaconda
-#
-# Policy for the Anaconda installer.
-#
-anaconda = module
-
-# Layer: contrib
-# Module: antivirus
-#
-# SELinux policy for antivirus programs
-#
-antivirus = module
-
-# Layer: services
-# Module: apache
-#
-# Apache web server
-#
-apache = module
-
-# Layer: services
-# Module: apcupsd
-#
-# daemon for most APC’s UPS for Linux
-#
-apcupsd = module
-
-# Layer: services
-# Module: apm
-#
-# Advanced power management daemon
-#
-apm = module
-
-# Layer: services
-# Module: arpwatch
-#
-# Ethernet activity monitor.
-#
-arpwatch = module
-
-# Layer: services
-# Module: asterisk
-#
-# Asterisk IP telephony server
-#
-asterisk = module
-
-# Layer: contrib
-# Module: authconfig
-#
-# Authorization configuration tool
-#
-authconfig = module
-
-# Layer: services
-# Module: automount
-#
-# Filesystem automounter service.
-#
-automount = module
-
-# Layer: services
-# Module: avahi
-#
-# mDNS/DNS-SD daemon implementing Apple ZeroConf architecture
-#
-avahi = module
-
-# Layer: module
-# Module: awstats
-#
-# awstats executable
-#
-awstats = module
-
-# Layer: services
-# Module: bcfg2
-#
-# Configuration management server
-#
-bcfg2 = module
-
-# Layer: services
-# Module: bind
-#
-# Berkeley internet name domain DNS server.
-#
-bind = module
-
-# Layer: contrib
-# Module: rngd
-#
-# Daemon used to feed random data from hardware device to kernel random device
-#
-rngd = module
-
-# Layer: services
-# Module: bitlbee
-#
-# An IRC to other chat networks gateway
-#
-bitlbee = module
-
-# Layer: services
-# Module: blueman
-#
-# Blueman tools and system services.
-#
-blueman = module
-
-# Layer: services
-# Module: bluetooth
-#
-# Bluetooth tools and system services.
-#
-bluetooth = module
-
-# Layer: services
-# Module: boinc
-#
-# Berkeley Open Infrastructure for Network Computing
-#
-boinc = module
-
-# Layer: system
-# Module: brctl
-#
-# Utilities for configuring the linux ethernet bridge
-#
-brctl = module
-
-# Layer: services
-# Module: bugzilla
-#
-# Bugzilla server
-#
-bugzilla = module
-
-# Layer: services
-# Module: bumblebee
-#
-# Support NVIDIA Optimus technology under Linux
-#
-bumblebee = module
-
-# Layer: services
-# Module: cachefilesd
-#
-# CacheFiles userspace management daemon
-#
-cachefilesd = module
-
-# Module: calamaris
-#
-#
-# Squid log analysis
-#
-calamaris = module
-
-# Layer: services
-# Module: callweaver
-#
-# callweaver telephony sever
-#
-callweaver = module
-
-# Layer: services
-# Module: canna
-#
-# Canna - kana-kanji conversion server
-#
-canna = module
-
-# Layer: services
-# Module: ccs
-#
-# policy for ccs
-#
-ccs = module
-
-# Layer: apps
-# Module: cdrecord
-#
-# Policy for cdrecord
-#
-cdrecord = module
-
-# Layer: admin
-# Module: certmaster
-#
-# Digital Certificate master
-#
-certmaster = module
-
-# Layer: services
-# Module: certmonger
-#
-# Certificate status monitor and PKI enrollment client
-#
-certmonger = module
-
-# Layer: admin
-# Module: certwatch
-#
-# Digital Certificate Tracking
-#
-certwatch = module
-
-# Layer: services
-# Module: cfengine
-#
-# cfengine
-#
-cfengine = module
-
-# Layer: services
-# Module: cgroup
-#
-# Tools and libraries to control and monitor control groups
-#
-cgroup = module
-
-# Layer: apps
-# Module: chrome
-#
-# chrome sandbox
-#
-chrome = module
-
-# Layer: services
-# Module: chronyd
-#
-# Daemon for maintaining clock time
-#
-chronyd = module
-
-# Layer: services
-# Module: cipe
-#
-# Encrypted tunnel daemon
-#
-cipe = module
-
-
-# Layer: services
-# Module: clogd
-#
-# clogd - clustered mirror log server
-#
-clogd = module
-
-# Layer: services
-# Module: cloudform
-#
-# cloudform daemons
-#
-cloudform = module
-
-# Layer: services
-# Module: cmirrord
-#
-# cmirrord - daemon providing device-mapper-base mirrors in a shared-storege cluster
-#
-cmirrord = module
-
-# Layer: services
-# Module: cobbler
-#
-# cobbler
-#
-cobbler = module
-
-# Layer: services
-# Module: collectd
-#
-# Statistics collection daemon for filling RRD files
-#
-collectd = module
-
-# Layer: services
-# Module: colord
-#
-# color device daemon
-#
-colord = module
-
-# Layer: services
-# Module: comsat
-#
-# Comsat, a biff server.
-#
-comsat = module
-
-# Layer: services
-# Module: condor
-#
-# policy for condor
-#
-condor = module
-
-# Layer: services
-# Module: conman
-#
-# Conman is a program for connecting to remote consoles being managed by conmand
-#
-conman = module
-
-# Layer: services
-# Module: consolekit
-#
-# ConsoleKit is a system daemon for tracking what users are logged
-#
-consolekit = module
-
-# Layer: services
-# Module: couchdb
-#
-# Apache CouchDB database server
-#
-couchdb = module
-
-# Layer: services
-# Module: courier
-#
-# IMAP and POP3 email servers
-#
-courier = module
-
-# Layer: services
-# Module: cpucontrol
-#
-# Services for loading CPU microcode and CPU frequency scaling.
-#
-cpucontrol = module
-
-# Layer: apps
-# Module: cpufreqselector
-#
-# cpufreqselector executable
-#
-cpufreqselector = module
-
-# Layer: services
-# Module: cron
-#
-# Periodic execution of scheduled commands.
-#
-cron = module
-
-# Layer: services
-# Module: ctdbd
-#
-# Cluster Daemon
-#
-ctdb = module
-
-# Layer: services
-# Module: cups
-#
-# Common UNIX printing system
-#
-cups = module
-
-# Layer: services
-# Module: cvs
-#
-# Concurrent versions system
-#
-cvs = module
-
-# Layer: services
-# Module: cyphesis
-#
-# cyphesis game server
-#
-cyphesis = module
-
-# Layer: services
-# Module: cyrus
-#
-# Cyrus is an IMAP service intended to be run on sealed servers
-#
-cyrus = module
-
-# Layer: system
-# Module: daemontools
-#
-# Collection of tools for managing UNIX services
-#
-daemontools = module
-
-# Layer: role
-# Module: dbadm
-#
-# Minimally prived root role for managing databases
-#
-dbadm = module
-
-# Layer: services
-# Module: dbskk
-#
-# Dictionary server for the SKK Japanese input method system.
-#
-dbskk = module
-
-# Layer: services
-# Module: dbus
-#
-# Desktop messaging bus
-#
-dbus = module
-
-# Layer: services
-# Module: dcc
-#
-# A distributed, collaborative, spam detection and filtering network.
-#
-dcc = module
-
-# Layer: services
-# Module: ddclient
-#
-# Update dynamic IP address at DynDNS.org
-#
-ddclient = module
-
-# Layer: admin
-# Module: ddcprobe
-#
-# ddcprobe retrieves monitor and graphics card information
-#
-ddcprobe = off
-
-# Layer: services
-# Module: denyhosts
-#
-# script to help thwart ssh server attacks
-#
-denyhosts = module
-
-# Layer: services
-# Module: devicekit
-#
-# devicekit-daemon
-#
-devicekit = module
-
-# Layer: services
-# Module: dhcp
-#
-# Dynamic host configuration protocol (DHCP) server
-#
-dhcp = module
-
-# Layer: services
-# Module: dictd
-#
-# Dictionary daemon
-#
-dictd = module
-
-# Layer: services
-# Module: dirsrv-admin
-#
-# An 309 directory admin server
-#
-dirsrv-admin = module
-
-# Layer: services
-# Module: dirsrv
-#
-# An 309 directory server
-#
-dirsrv = module
-
-# Layer: services
-# Module: distcc
-#
-# Distributed compiler daemon
-#
-distcc = off
-
-# Layer: admin
-# Module: dmidecode
-#
-# Decode DMI data for x86/ia64 bioses.
-#
-dmidecode = module
-
-# Layer: services
-# Module: dnsmasq
-#
-# A lightweight DHCP and caching DNS server.
-#
-dnsmasq = module
-
-# Layer: services
-# Module: dnssec
-#
-# A dnssec server application
-#
-dnssec = module
-
-# Layer: services
-# Module: dovecot
-#
-# Dovecot POP and IMAP mail server
-#
-dovecot = module
-
-# Layer: services
-# Module: drbd
-#
-# DRBD mirrors a block device over the network to another machine.
-#
-drbd = module
-
-# Layer: services
-# Module: dspam
-#
-# dspam - library and Mail Delivery Agent for Bayesian SPAM filtering
-#
-dspam = module
-
-# Layer: services
-# Module: entropy
-#
-# Generate entropy from audio input
-#
-entropyd = module
-
-# Layer: services
-# Module: exim
-#
-# exim mail server
-#
-exim = module
-
-# Layer: services
-# Module: fail2ban
-#
-# daiemon that bans IP that makes too many password failures
-#
-fail2ban = module
-
-# Layer: services
-# Module: fcoe
-#
-# fcoe
-#
-fcoe = module
-
-# Layer: services
-# Module: fetchmail
-#
-# Remote-mail retrieval and forwarding utility
-#
-fetchmail = module
-
-# Layer: services
-# Module: finger
-#
-# Finger user information service.
-#
-finger = module
-
-# Layer: services
-# Module: firewalld
-#
-# firewalld is firewall service daemon that provides dynamic customizable
-#
-firewalld = module
-
-# Layer: apps
-# Module: firewallgui
-#
-# policy for system-config-firewall
-#
-firewallgui = module
-
-# Module: firstboot
-#
-# Final system configuration run during the first boot
-# after installation of Red Hat/Fedora systems.
-#
-firstboot = module
-
-# Layer: services
-# Module: fprintd
-#
-# finger print server
-#
-fprintd = module
-
-# Layer: services
-# Module: freqset
-#
-# Utility for CPU frequency scaling
-#
-freqset = module
-
-# Layer: services
-# Module: ftp
-#
-# File transfer protocol service
-#
-ftp = module
-
-# Layer: apps
-# Module: games
-#
-# The Open Group Pegasus CIM/WBEM Server.
-#
-games = module
-
-# Layer: apps
-# Module: gitosis
-#
-# Policy for gitosis
-#
-gitosis = module
-
-# Layer: services
-# Module: git
-#
-# Policy for the stupid content tracker
-#
-git = module
-
-# Layer: services
-# Module: glance
-#
-# Policy for glance
-#
-glance = module
-
-# Layer: contrib
-# Module: glusterd
-#
-# policy for glusterd service
-#
-glusterd = module
-
-# Layer: apps
-# Module: gnome
-#
-# gnome session and gconf
-#
-gnome = module
-
-# Layer: apps
-# Module: gpg
-#
-# Policy for GNU Privacy Guard and related programs.
-#
-gpg = module
-
-# Layer: services
-# Module: gpm
-#
-# General Purpose Mouse driver
-#
-gpm = module
-
-# Module: gpsd
-#
-# gpsd monitor daemon
-#
-#
-gpsd = module
-
-# Module: gssproxy
-#
-# A proxy for GSSAPI credential handling
-#
-#
-gssproxy = module
-
-# Layer: role
-# Module: guest
-#
-# Minimally privs guest account on tty logins
-#
-guest = module
-
-# Layer: role
-# Module: xguest
-#
-# Minimally privs guest account on X Windows logins
-#
-xguest = module
-
-# Layer: services
-# Module: hddtemp
-#
-# hddtemp hard disk temperature tool running as a daemon
-#
-hddtemp = module
-
-# Layer: services
-# Module: hostapd
-#
-# hostapd - IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
-#
-hostapd = module
-
-# Layer: services
-# Module: i18n_input
-#
-# IIIMF htt server
-#
-i18n_input = off
-
-# Layer: services
-# Module: icecast
-#
-# ShoutCast compatible streaming media server
-#
-icecast = module
-
-# Layer: services
-# Module: inetd
-#
-# Internet services daemon.
-#
-inetd = module
-
-# Layer: services
-# Module: inn
-#
-# Internet News NNTP server
-#
-inn = module
-
-# Layer: services
-# Module: lircd
-#
-# LIRC daemon - decodes infrared signals and provides them on a Unix domain socket.
-#
-lircd = module
-
-# Layer: apps
-# Module: irc
-#
-# IRC client policy
-#
-irc = module
-
-# Layer: services
-# Module: irqbalance
-#
-# IRQ balancing daemon
-#
-irqbalance = module
-
-# Layer: system
-# Module: iscsi
-#
-# Open-iSCSI daemon
-#
-iscsi = module
-
-# Layer: system
-# Module: isnsd
-#
-#
-#
-isns = module
-
-# Layer: services
-# Module: jabber
-#
-# Jabber instant messaging server
-#
-jabber = module
-
-# Layer: services
-# Module: jetty
-#
-# Java based http server
-#
-jetty = module
-
-# Layer: apps
-# Module: jockey
-#
-# policy for jockey-backend
-#
-jockey = module
-
-# Layer: apps
-# Module: kdumpgui
-#
-# system-config-kdump policy
-#
-kdumpgui = module
-
-# Layer: admin
-# Module: kdump
-#
-# kdump is kernel crash dumping mechanism
-#
-kdump = module
-
-# Layer: services
-# Module: kerberos
-#
-# MIT Kerberos admin and KDC
-#
-kerberos = module
-
-# Layer: services
-# Module: keepalived
-#
-# keepalived - load-balancing and high-availability service
-#
-keepalived = module
-
-# Module: keyboardd
-#
-# system-setup-keyboard is a keyboard layout daemon that monitors
-# /etc/sysconfig/keyboard and writes out an xorg.conf.d snippet
-#
-keyboardd = module
-
-# Layer: services
-# Module: keystone
-#
-# openstack-keystone
-#
-keystone = module
-
-# Layer: services
-# Module: kismet
-#
-# Wireless sniffing and monitoring
-#
-kismet = module
-
-# Layer: services
-# Module: ksmtuned
-#
-# Kernel Samepage Merging (KSM) Tuning Daemon
-#
-ksmtuned = module
-
-# Layer: services
-# Module: ktalk
-#
-# KDE Talk daemon
-#
-ktalk = module
-
-# Layer: services
-# Module: l2ltpd
-#
-# Layer 2 Tunnelling Protocol Daemon
-#
-l2tp = module
-
-# Layer: services
-# Module: ldap
-#
-# OpenLDAP directory server
-#
-ldap = module
-
-# Layer: services
-# Module: likewise
-#
-# Likewise Active Directory support for UNIX
-#
-likewise = module
-
-# Layer: apps
-# Module: livecd
-#
-# livecd creator
-#
-livecd = module
-
-# Layer: services
-# Module: lldpad
-#
-# lldpad - Link Layer Discovery Protocol (LLDP) agent daemon
-#
-lldpad = module
-
-# Layer: apps
-# Module: loadkeys
-#
-# Load keyboard mappings.
-#
-loadkeys = module
-
-# Layer: apps
-# Module: lockdev
-#
-# device locking policy for lockdev
-#
-lockdev = module
-
-# Layer: admin
-# Module: logrotate
-#
-# Rotate and archive system logs
-#
-logrotate = module
-
-# Layer: services
-# Module: logwatch
-#
-# logwatch executable
-#
-logwatch = module
-
-# Layer: services
-# Module: lpd
-#
-# Line printer daemon
-#
-lpd = module
-
-# Layer: services
-# Module: mailman
-#
-# Mailman is for managing electronic mail discussion and e-newsletter lists
-#
-mailman = module
-
-# Layer: services
-# Module: mailman
-#
-# Policy for mailscanner
-#
-mailscanner = module
-
-# Layer: apps
-# Module: man2html
-#
-# policy for man2html apps
-#
-man2html = module
-
-# Layer: admin
-# Module: mcelog
-#
-# Policy for mcelog.
-#
-mcelog = module
-
-# Layer: apps
-# Module: mediawiki
-#
-# mediawiki
-#
-mediawiki = module
-
-# Layer: services
-# Module: memcached
-#
-# high-performance memory object caching system
-#
-memcached = module
-
-# Layer: services
-# Module: milter
-#
-#
-#
-milter = module
-
-# Layer: services
-# Module: mip6d
-#
-# UMIP Mobile IPv6 and NEMO Basic Support protocol implementation
-#
-mip6d = module
-
-# Layer: services
-# Module: mock
-#
-# Policy for mock rpm builder
-#
-mock = module
-
-# Layer: services
-# Module: modemmanager
-#
-# Manager for dynamically switching between modems.
-#
-modemmanager = module
-
-# Layer: services
-# Module: mojomojo
-#
-# Wiki server
-#
-mojomojo = module
-
-# Layer: apps
-# Module: mozilla
-#
-# Policy for Mozilla and related web browsers
-#
-mozilla = module
-
-# Layer: services
-# Module: mpd
-#
-# mpd - daemon for playing music
-#
-mpd = module
-
-# Layer: apps
-# Module: mplayer
-#
-# Policy for Mozilla and related web browsers
-#
-mplayer = module
-
-# Layer: admin
-# Module: mrtg
-#
-# Network traffic graphing
-#
-mrtg = module
-
-# Layer: services
-# Module: mta
-#
-# Policy common to all email tranfer agents.
-#
-mta = module
-
-# Layer: services
-# Module: munin
-#
-# Munin
-#
-munin = module
-
-# Layer: services
-# Module: mysql
-#
-# Policy for MySQL
-#
-mysql = module
-
-# Layer: contrib
-# Module: mythtv
-#
-# Policy for Mythtv (Web Server)
-#
-mythtv = module
-
-# Layer: services
-# Module: nagios
-#
-# policy for nagios Host/service/network monitoring program
-#
-nagios = module
-
-# Layer: apps
-# Module: namespace
-#
-# policy for namespace.init script
-#
-namespace = module
-
-# Layer: admin
-# Module: ncftool
-#
-# Tool to modify the network configuration of a system
-#
-ncftool = module
-
-# Layer: services
-# Module: networkmanager
-#
-# Manager for dynamically switching between networks.
-#
-networkmanager = module
-
-# Layer: services
-# Module: ninfod
-#
-# Respond to IPv6 Node Information Queries
-#
-ninfod = module
-
-# Layer: services
-# Module: nis
-#
-# Policy for NIS (YP) servers and clients
-#
-nis = module
-
-# Layer: services
-# Module: nova
-#
-# openstack-nova
-#
-nova = module
-
-# Layer: services
-# Module: nscd
-#
-# Name service cache daemon
-#
-nscd = module
-
-# Layer: services
-# Module: nslcd
-#
-# Policy for nslcd
-#
-nslcd = module
-
-# Layer: services
-# Module: ntop
-#
-# Policy for ntop
-#
-ntop = module
-
-# Layer: services
-# Module: ntp
-#
-# Network time protocol daemon
-#
-ntp = module
-
-# Layer: services
-# Module: numad
-#
-# numad - user-level daemon that provides advice and managment for optimum use of CPUs and memory on systems with NUMA topology
-#
-numad = module
-
-# Layer: services
-# Module: nut
-#
-# nut - Network UPS Tools
-#
-nut = module
-
-# Layer: services
-# Module: nx
-#
-# NX Remote Desktop
-#
-nx = module
-
-# Layer: services
-# Module: obex
-#
-# policy for obex-data-server
-#
-obex = module
-
-# Layer: services
-# Module: oddjob
-#
-# policy for oddjob
-#
-oddjob = module
-
-# Layer: services
-# Module: openct
-#
-# Service for handling smart card readers.
-#
-openct = off
-
-# Layer: service
-# Module: openct
-#
-# Middleware framework for smart card terminals
-#
-openct = module
-
-# Layer: contrib
-# Module: openshift-origin
-#
-# Origin version of openshift policy
-#
-openshift-origin = module
-# Layer: contrib
-# Module: openshift
-#
-# Core openshift policy
-#
-openshift = module
-
-# Layer: services
-# Module: opensm
-#
-# InfiniBand subnet manager and administration (SM/SA)
-#
-opensm = module
-
-# Layer: services
-# Module: openvpn
-#
-# Policy for OPENVPN full-featured SSL VPN solution
-#
-openvpn = module
-
-# Layer: contrib
-# Module: openvswitch
-#
-# SELinux policy for openvswitch programs
-#
-openvswitch = module
-
-# Layer: services
-# Module: openwsman
-#
-# WS-Management Server
-#
-openwsman = module
-
-# Layer: services
-# Module: osad
-#
-# Client-side service written in Python that responds to pings
-#
-osad = module
-
-# Layer: contrib
-# Module: prelude
-#
-# SELinux policy for prelude
-#
-prelude = module
-
-# Layer: contrib
-# Module: prosody
-#
-# SELinux policy for prosody flexible communications server for Jabber/XMPP
-#
-prosody = module
-
-# Layer: services
-# Module: pads
-#
-pads = module
-
-# Layer: services
-# Module: passenger
-#
-# Passenger
-#
-passenger = module
-
-# Layer: system
-# Module: pcmcia
-#
-# PCMCIA card management services
-#
-pcmcia = module
-
-# Layer: service
-# Module: pcscd
-#
-# PC/SC Smart Card Daemon
-#
-pcscd = module
-
-# Layer: services
-# Module: pdns
-#
-# PowerDNS DNS server
-#
-pdns = module
-
-# Layer: services
-# Module: pegasus
-#
-# The Open Group Pegasus CIM/WBEM Server.
-#
-pegasus = module
-
-# Layer: services
-# Module: pingd
-#
-#
-pingd = module
-
-# Layer: services
-# Module: piranha
-#
-# piranha - various tools to administer and configure the Linux Virtual Server
-#
-piranha = module
-
-# Layer: contrib
-# Module: pkcs
-#
-# daemon manages PKCS#11 objects between PKCS#11-enabled applications
-#
-pkcs = module
-
-# Layer: services
-# Module: plymouthd
-#
-# Plymouth
-#
-plymouthd = module
-
-# Layer: apps
-# Module: podsleuth
-#
-# Podsleuth probes, identifies, and exposes properties and metadata bound to iPods.
-#
-podsleuth = module
-
-# Layer: services
-# Module: policykit
-#
-# Hardware abstraction layer
-#
-policykit = module
-
-# Layer: services
-# Module: polipo
-#
-# polipo
-#
-polipo = module
-
-# Layer: services
-# Module: portmap
-#
-# RPC port mapping service.
-#
-portmap = module
-
-# Layer: services
-# Module: portreserve
-#
-# reserve ports to prevent portmap mapping them
-#
-portreserve = module
-
-# Layer: services
-# Module: postfix
-#
-# Postfix email server
-#
-postfix = module
-
-# Layer: services
-# Module: postgrey
-#
-# email scanner
-#
-postgrey = module
-
-# Layer: services
-# Module: ppp
-#
-# Point to Point Protocol daemon creates links in ppp networks
-#
-ppp = module
-
-# Layer: admin
-# Module: prelink
-#
-# Manage temporary directory sizes and file ages
-#
-prelink = module
-
-# Layer: services
-# Module: privoxy
-#
-# Privacy enhancing web proxy.
-#
-privoxy = module
-
-# Layer: services
-# Module: procmail
-#
-# Procmail mail delivery agent
-#
-procmail = module
-
-# Layer: services
-# Module: psad
-#
-# Analyze iptables log for hostile traffic
-#
-psad = module
-
-# Layer: apps
-# Module: ptchown
-#
-# helper function for grantpt(3), changes ownship and permissions of pseudotty
-#
-ptchown = module
-
-# Layer: apps
-# Module: pulseaudio
-#
-# The PulseAudio Sound System
-#
-pulseaudio = module
-
-# Layer: services
-# Module: puppet
-#
-# A network tool for managing many disparate systems
-#
-puppet = module
-
-# Layer: apps
-# Module: pwauth
-#
-# External plugin for mod_authnz_external authenticator
-#
-pwauth = module
-
-# Layer: services
-# Module: qmail
-#
-# Policy for qmail
-#
-qmail = module
-
-# Layer: services
-# Module: qpidd
-#
-# Policy for qpidd
-#
-qpid = module
-
-# Layer: services
-# Module: quantum
-#
-# Quantum is a virtual network service for Openstack
-#
-quantum = module
-
-# Layer: admin
-# Module: quota
-#
-# File system quota management
-#
-quota = module
-
-# Layer: services
-# Module: rabbitmq
-#
-# rabbitmq daemons
-#
-rabbitmq = module
-
-# Layer: services
-# Module: radius
-#
-# RADIUS authentication and accounting server.
-#
-radius = module
-
-# Layer: services
-# Module: radvd
-#
-# IPv6 router advertisement daemon
-#
-radvd = module
-
-# Layer: system
-# Module: raid
-#
-# RAID array management tools
-#
-raid = module
-
-# Layer: services
-# Module: rasdaemon
-#
-# The rasdaemon program is a daemon with monitors the RAS trace events from /sys/kernel/debug/tracing
-#
-rasdaemon = module
-
-# Layer: services
-# Module: rdisc
-#
-# Network router discovery daemon
-#
-rdisc = module
-
-# Layer: admin
-# Module: readahead
-#
-# Readahead, read files into page cache for improved performance
-#
-readahead = module
-
-# Layer: contrib
-# Module: stapserver
-#
-# dbus system service which manages discovery and enrollment in realms and domains like Active Directory or IPA
-#
-realmd = module
-
-# Layer: services
-# Module: remotelogin
-#
-# Policy for rshd, rlogind, and telnetd.
-#
-remotelogin = module
-
-# Layer: services
-# Module: rhcs
-#
-# RHCS - Red Hat Cluster Suite
-#
-rhcs = module
-
-# Layer: services
-# Module: rhev
-#
-# rhev policy module contains policies for rhev apps
-#
-rhev = module
-
-# Layer: services
-# Module: rhgb
-#
-# X windows login display manager
-#
-rhgb = module
-
-# Layer: services
-# Module: rhsmcertd
-#
-# Subscription Management Certificate Daemon policy
-#
-rhsmcertd = module
-
-# Layer: services
-# Module: ricci
-#
-# policy for ricci
-#
-ricci = module
-
-# Layer: services
-# Module: rlogin
-#
-# Remote login daemon
-#
-rlogin = module
-
-# Layer: services
-# Module: roundup
-#
-# Roundup Issue Tracking System policy
-#
-roundup = module
-
-# Layer: services
-# Module: rpcbind
-#
-# universal addresses to RPC program number mapper
-#
-rpcbind = module
-
-# Layer: services
-# Module: rpc
-#
-# Remote Procedure Call Daemon for managment of network based process communication
-#
-rpc = module
-
-# Layer: admin
-# Module: rpm
-#
-# Policy for the RPM package manager.
-#
-rpm = module
-
-# Layer: services
-# Module: rshd
-#
-# Remote shell service.
-#
-rshd = module
-
-# Layer: apps
-# Module: rssh
-#
-# Restricted (scp/sftp) only shell
-#
-rssh = module
-
-# Layer: services
-# Module: rsync
-#
-# Fast incremental file transfer for synchronization
-#
-rsync = module
-
-# Layer: services
-# Module: rtkit
-#
-# Real Time Kit Daemon
-#
-rtkit = module
-
-# Layer: services
-# Module: rwho
-#
-# who is logged in on local machines
-#
-rwho = module
-
-# Layer: apps
-# Module: sambagui
-#
-# policy for system-config-samba
-#
-sambagui = module
-
-#
-# SMB and CIFS client/server programs for UNIX and
-# name Service Switch daemon for resolving names
-# from Windows NT servers.
-#
-samba = module
-
-# Layer: apps
-# Module: sandbox
-#
-# Policy for running apps within a sandbox
-#
-sandbox = module
-
-# Layer: apps
-# Module: sandbox
-#
-# Policy for running apps within a X sandbox
-#
-sandboxX = module
-
-# Layer: services
-# Module: sanlock
-#
-# sanlock policy
-#
-sanlock = module
-
-# Layer: services
-# Module: sasl
-#
-# SASL authentication server
-#
-sasl = module
-
-# Layer: services
-# Module: sblim
-#
-# sblim
-#
-sblim = module
-
-# Layer: apps
-# Module: screen
-#
-# GNU terminal multiplexer
-#
-screen = module
-
-# Layer: admin
-# Module: sectoolm
-#
-# Policy for sectool-mechanism
-#
-sectoolm = module
-
-# Layer: services
-# Module: sendmail
-#
-# Policy for sendmail.
-#
-sendmail = module
-
-# Layer: contrib
-# Module: sensord
-#
-# Sensor information logging daemon
-#
-sensord = module
-
-# Layer: services
-# Module: setroubleshoot
-#
-# Policy for the SELinux troubleshooting utility
-#
-setroubleshoot = module
-
-# Layer: services
-# Module: sge
-#
-# policy for grindengine MPI jobs
-#
-sge = module
-
-# Layer: admin
-# Module: shorewall
-#
-# Policy for shorewall
-#
-shorewall = module
-
-# Layer: apps
-# Module: slocate
-#
-# Update database for mlocate
-#
-slocate = module
-
-# Layer: contrib
-# Module: slpd
-#
-# OpenSLP server daemon to dynamically register services
-#
-slpd = module
-
-# Layer: services
-# Module: slrnpull
-#
-# Service for downloading news feeds the slrn newsreader.
-#
-slrnpull = off
-
-# Layer: services
-# Module: smartmon
-#
-# Smart disk monitoring daemon policy
-#
-smartmon = module
-
-# Layer: services
-# Module: smokeping
-#
-# Latency Logging and Graphing System
-#
-smokeping = module
-
-# Layer: admin
-# Module: smoltclient
-#
-#The Fedora hardware profiler client
-#
-smoltclient = module
-
-# Layer: services
-# Module: snmp
-#
-# Simple network management protocol services
-#
-snmp = module
-
-# Layer: services
-# Module: snort
-#
-# Snort network intrusion detection system
-#
-snort = module
-
-# Layer: admin
-# Module: sosreport
-#
-# sosreport debuggin information generator
-#
-sosreport = module
-
-# Layer: services
-# Module: soundserver
-#
-# sound server for network audio server programs, nasd, yiff, etc</summary>
-#
-soundserver = module
-
-# Layer: services
-# Module: spamassassin
-#
-# Filter used for removing unsolicited email.
-#
-spamassassin = module
-
-# Layer: services
-# Module: speech-dispatcher
-#
-# speech-dispatcher - server process managing speech requests in Speech Dispatcher
-#
-speech-dispatcher = module
-
-# Layer: services
-# Module: squid
-#
-# Squid caching http proxy server
-#
-squid = module
-
-# Layer: services
-# Module: sssd
-#
-# System Security Services Daemon
-#
-sssd = module
-
-# Layer: services
-# Module: sslh
-#
-# Applicative protocol(SSL/SSH) multiplexer
-#
-sslh = module
-
-# Layer: contrib
-# Module: stapserver
-#
-# Instrumentation System Server
-#
-stapserver = module
-
-# Layer: services
-# Module: stunnel
-#
-# SSL Tunneling Proxy
-#
-stunnel = module
-
-# Layer: services
-# Module: svnserve
-#
-# policy for subversion service
-#
-svnserve = module
-
-# Layer: services
-# Module: swift
-#
-# openstack-swift
-#
-swift = module
-
-# Layer: services
-# Module: sysstat
-#
-# Policy for sysstat. Reports on various system states
-#
-sysstat = module
-
-# Layer: services
-# Module: tcpd
-#
-# Policy for TCP daemon.
-#
-tcpd = module
-
-# Layer: services
-# Module: tcsd
-#
-# tcsd - daemon that manages Trusted Computing resources
-#
-tcsd = module
-
-# Layer: apps
-# Module: telepathy
-#
-# telepathy - Policy for Telepathy framework
-#
-telepathy = module
-
-# Layer: services
-# Module: telnet
-#
-# Telnet daemon
-#
-telnet = module
-
-# Layer: services
-# Module: tftp
-#
-# Trivial file transfer protocol daemon
-#
-tftp = module
-
-# Layer: services
-# Module: tgtd
-#
-# Linux Target Framework Daemon.
-#
-tgtd = module
-
-# Layer: apps
-# Module: thumb
-#
-# Thumbnailer confinement
-#
-thumb = module
-
-# Layer: services
-# Module: timidity
-#
-# MIDI to WAV converter and player configured as a service
-#
-timidity = off
-
-# Layer: admin
-# Module: tmpreaper
-#
-# Manage temporary directory sizes and file ages
-#
-tmpreaper = module
-
-# Layer: contrib
-# Module: glusterd
-#
-# policy for tomcat service
-#
-tomcat = module
-# Layer: services
-# Module: tor
-#
-# TOR, the onion router
-#
-tor = module
-
-# Layer: services
-# Module: tuned
-#
-# Dynamic adaptive system tuning daemon
-#
-tuned = module
-
-# Layer: apps
-# Module: tvtime
-#
-# tvtime - a high quality television application
-#
-tvtime = module
-
-# Layer: services
-# Module: ulogd
-#
-# netfilter/iptables ULOG daemon
-#
-ulogd = module
-
-# Layer: apps
-# Module: uml
-#
-# Policy for UML
-#
-uml = module
-
-# Layer: admin
-# Module: updfstab
-#
-# Red Hat utility to change /etc/fstab.
-#
-updfstab = module
-
-# Layer: admin
-# Module: usbmodules
-#
-# List kernel modules of USB devices
-#
-usbmodules = module
-
-# Layer: services
-# Module: usbmuxd
-#
-# Daemon for communicating with Apple's iPod Touch and iPhone
-#
-usbmuxd = module
-
-# Layer: apps
-# Module: userhelper
-#
-# A helper interface to pam.
-#
-userhelper = module
-
-# Layer: apps
-# Module: usernetctl
-#
-# User network interface configuration helper
-#
-usernetctl = module
-
-# Layer: services
-# Module: uucp
-#
-# Unix to Unix Copy
-#
-uucp = module
-
-# Layer: services
-# Module: uuidd
-#
-# UUID generation daemon
-#
-uuidd = module
-
-# Layer: services
-# Module: varnishd
-#
-# Varnishd http accelerator daemon
-#
-varnishd = module
-
-# Layer: services
-# Module: vdagent
-#
-# vdagent
-#
-vdagent = module
-
-# Layer: services
-# Module: vhostmd
-#
-# vhostmd - spice guest agent daemon.
-#
-vhostmd = module
-
-# Layer: services
-# Module: virt
-#
-# Virtualization libraries
-#
-virt = module
-
-# Layer: apps
-# Module: vhostmd
-#
-# vlock - Virtual Console lock program
-#
-vlock = module
-
-# Layer: services
-# Module: vmtools
-#
-# VMware Tools daemon
-#
-vmtools = module
-
-# Layer: apps
-# Module: vmware
-#
-# VMWare Workstation virtual machines
-#
-vmware = module
-
-# Layer: services
-# Module: vnstatd
-#
-# Network traffic Monitor
-#
-vnstatd = module
-
-# Layer: admin
-# Module: vpn
-#
-# Virtual Private Networking client
-#
-vpn = module
-
-# Layer: services
-# Module: w3c
-#
-# w3c
-#
-w3c = module
-
-# Layer: services
-# Module: wdmd
-#
-# wdmd policy
-#
-wdmd = module
-
-# Layer: role
-# Module: webadm
-#
-# Minimally prived root role for managing apache
-#
-webadm = module
-
-# Layer: apps
-# Module: webalizer
-#
-# Web server log analysis
-#
-webalizer = module
-
-# Layer: apps
-# Module: wine
-#
-# wine executable
-#
-wine = module
-
-# Layer: apps
-# Module: wireshark
-#
-# wireshark executable
-#
-wireshark = module
-
-# Layer: system
-# Module: xen
-#
-# virtualization software
-#
-xen = module
-
-# Layer: services
-# Module: zabbix
-#
-# Open-source monitoring solution for your IT infrastructure
-#
-zabbix = module
-
-# Layer: services
-# Module: zarafa
-#
-# Zarafa Collaboration Platform
-#
-zarafa = module
-
-# Layer: services
-# Module: zebra
-#
-# Zebra border gateway protocol network routing service
-#
-zebra = module
-
-# Layer: services
-# Module: zoneminder
-#
-# Zoneminder Camera Security Surveillance Solution
-#
-zoneminder = module
-
-# Layer: services
-# Module: zosremote
-#
-# policy for z/OS Remote-services Audit dispatcher plugin</summary>
-#
-zosremote = module
-
-# Layer: contrib
-# Module: thin
-#
-# Policy for thin
-#
-thin = module
-
-# Layer: contrib
-# Module: mandb
-#
-# Policy for mandb
-#
-mandb = module
-
-# Layer: services
-# Module: pki
-#
-# policy for pki
-#
-pki = module
-
-# Layer: services
-# Module: smsd
-#
-# policy for smsd
-#
-smsd = module
-
-# Layer: contrib
-# Module: pesign
-#
-# policy for pesign
-#
-pesign = module
-
-# Layer: contrib
-# Module: nsd
-#
-# Fast and lean authoritative DNS Name Server
-#
-nsd = module
-
-# Layer: contrib
-# Module: iodine
-#
-# Fast and lean authoritative DNS Name Server
-#
-iodine = module
-
-# Layer: contrib
-# Module: openhpid
-#
-# OpenHPI daemon runs as a background process and accepts connecti
-#
-openhpid = module
-
-# Layer: contrib
-# Module: watchdog
-#
-# Watchdog policy
-#
-watchdog = module
-
-# Layer: contrib
-# Module: oracleasm
-#
-# oracleasm policy
-#
-oracleasm = module
-
-# Layer: contrib
-# Module: redis
-#
-# redis policy
-#
-redis = module
-
-# Layer: contrib
-# Module: hypervkvp
-#
-# hypervkvp policy
-#
-hypervkvp = module
-
-# Layer: contrib
-# Module: lsm
-#
-# lsm policy
-#
-lsm = module
-
-# Layer: contrib
-# Module: motion
-#
-# Daemon for detect motion using a video4linux device
-motion = module
-
-# Layer: contrib
-# Module: rtas
-#
-# rtas policy
-#
-rtas = module
-
-# Layer: contrib
-# Module: journalctl
-#
-# journalctl policy
-#
-journalctl = module
-
-# Layer: contrib
-# Module: gdomap
-#
-# gdomap policy
-#
-gdomap = module
-
-# Layer: contrib
-# Module: minidlna
-#
-# minidlna policy
-#
-minidlna = module
-
-# Layer: contrib
-# Module: minissdpd
-#
-# minissdpd policy
-#
-minissdpd = module
-
-# Layer: contrib
-# Module: freeipmi
-#
-# Remote-Console (out-of-band) and System Management Software (in-band)
-# based on IntelligentPlatform Management Interface specification
-#
-freeipmi = module
-
-# Layer: contrib
-# Module: mirrormanager
-#
-# mirrormanager policy
-#
-mirrormanager = module
-
-# Layer: contrib
-# Module: snapper
-#
-# snapper policy
-#
-snapper = module
-
-# Layer: contrib
-# Module: pcp
-#
-# pcp policy
-#
-pcp = module
-
-# Layer: contrib
-# Module: geoclue
-#
-# Add policy for Geoclue. Geoclue is a D-Bus service that provides location information
-#
-geoclue = module
-
-# Layer: contrib
-# Module: rkhunter
-#
-# rkhunter policy for /var/lib/rkhunter
-#
-rkhunter = module
-
-# Layer: contrib
-# Module: bacula
-#
-# bacula policy
-#
-bacula = module
-
-# Layer: contrib
-# Module: rhnsd
-#
-# rhnsd policy
-#
-rhnsd = module
-
-# Layer: contrib
-# Module: mongodb
-#
-# mongodb policy
-#
-
-mongodb = module
-
-# Layer: contrib
-# Module: iotop
-#
-# iotop policy
-#
-
-iotop = module
-
-# Layer: contrib
-# Module: kmscon
-#
-# kmscon policy
-#
-
-kmscon = module
-
-# Layer: contrib
-# Module: naemon
-#
-# naemon policy
-#
-naemon = module
-
-# Layer: contrib
-# Module: brltty
-#
-# brltty policy
-#
-brltty = module
-
-# Layer: contrib
-# Module: cpuplug
-#
-# cpuplug policy
-#
-cpuplug = module
-
-# Layer: contrib
-# Module: mon_statd
-#
-# mon_statd policy
-#
-mon_statd = module
-
-# Layer: contrib
-# Module: cinder
-#
-# openstack-cinder policy
-#
-cinder = module
-
-# Layer: contrib
-# Module: linuxptp
-#
-# linuxptp policy
-#
-linuxptp = module
-
-# Layer: contrib
-# Module: rolekit
-#
-# rolekit policy
-#
-rolekit = module
-
-# Layer: contrib
-# Module: targetd
-#
-# targetd policy
-#
-targetd = module
-
-# Layer: contrib
-# Module: hsqldb
-#
-# Hsqldb is transactional database engine with in-memory and disk-based tables, supporting embedded and server modes.
-#
-hsqldb = module
-
-# Layer: contrib
-# Module: blkmapd
-#
-# The blkmapd daemon performs device discovery and mapping for pNFS block layout client.
-#
-blkmapd = module
-
-# Layer: contrib
-# Module: pkcs11proxyd
-#
-# pkcs11proxyd policy
-#
-pkcs11proxyd = module
-
-# Layer: contrib
-# Module: ipmievd
-#
-# IPMI event daemon for sending events to syslog
-#
-ipmievd = module
-
-# Layer: contrib
-# Module: openfortivpn
-#
-# Fortinet compatible SSL VPN daemons.
-#
-openfortivpn = module
-
-# Layer: contrib
-# Module: fwupd
-#
-# fwupd is a daemon to allow session software to update device firmware.
-#
-fwupd = module
-
-# Layer: contrib
-# Module: lttng-tools
-#
-# LTTng 2.x central tracing registry session daemon.
-#
-lttng-tools = module
-
-# Layer: contrib
-# Module: rkt
-#
-# CLI for running app containers
-#
-rkt = module
-
-# Layer: contrib
-# Module: opendnssec
-#
-# opendnssec
-#
-opendnssec = module
-
-# Layer: contrib
-# Module: hwloc
-#
-# hwloc
-#
-hwloc = module
-
-# Layer: contrib
-# Module: sbd
-#
-# sbd
-#
-sbd = module
-
-# Layer: contrib
-# Module: tlp
-#
-# tlp
-#
-tlp = module
-
-# Layer: contrib
-# Module: conntrackd
-#
-# conntrackd
-#
-conntrackd = module
-
-# Layer: contrib
-# Module: tangd
-#
-# tangd
-#
-tangd = module
-
-# Layer: contrib
-# Module: ibacm
-#
-# ibacm
-#
-ibacm = module
-
-# Layer: contrib
-# Module: opafm
-#
-# opafm
-#
-opafm = module
-
-# Layer: contrib
-# Module: boltd
-#
-# boltd
-#
-boltd = module
-
-# Layer: contrib
-# Module: kpatch
-#
-# kpatch
-#
-kpatch = module
-
-# Layer: contrib
-# Module: timedatex
-#
-# timedatex
-#
-timedatex = module
-
-# Layer: contrib
-# Module: rrdcached
-#
-# rrdcached
-#
-rrdcached = module
-
-# Layer: contrib
-# Module: stratisd
-#
-# stratisd
-#
-stratisd = module
-
-# Layer: contrib
-# Module: ica
-#
-# ica
-#
-ica = module
-
-# Layer: contrib
-# Module: fedoratp
-#
-# fedoratp
-#
-fedoratp = module
-
-# Layer: contrib
-# Module: insights_client
-#
-# insights_client
-#
-insights_client = module
-
-# Layer: contrib
-# Module: stalld
-#
-# stalld
-#
-stalld = module
-
-# Layer: contrib
-# Module: rhcd
-#
-# rhcd
-#
-rhcd = module
-
-# Layer: contrib
-# Module: wireguard
-#
-# wireguard
-#
-wireguard = module
-
-# Layer: contrib
-# Module: mptcpd
-#
-# mptcpd
-#
-mptcpd = module
-
-# Layer: contrib
-# Module: rshim
-#
-# rshim
-#
-rshim = module
-
-# Layer: contrib
-# Module: keyutils
-#
-# keyutils
-#
-keyutils = module
-
-# Layer: contrib
-# Module: cifsutils
-#
-# cifsutils - Utilities for managing CIFS mounts
-#
-cifsutils = module
-
-# Layer: contrib
-# Module: boothd
-#
-# boothd - Booth cluster ticket manager
-#
-boothd = module
-
-# Layer: contrib
-# Module: kafs
-#
-# kafs - Tools for kAFS
-#
-kafs = module
-
-# Layer: contrib
-# Module: bootupd
-#
-# bootupd - bootloader update daemon
-#
-bootupd = module
-
-# Layer: contrib
-# Module: fdo
-#
-# fdo - fido device onboard protocol for IoT devices
-#
-fdo = module
-
-# Layer: contrib
-# Module: qatlib
-#
-# qatlib - Intel QuickAssist technology library and resources management
-#
-qatlib = module
-
-# Layer: services
-# Module: virt_supplementary
-#
-# non-libvirt virtualization libraries
-#
-virt_supplementary = module
-
-# Layer: contrib
-# Module: nvme_stas
-#
-# nvme_stas
-#
-nvme_stas = module
-
-# Layer: contrib
-# Module: coreos_installer
-#
-# coreos_installer
-#
-coreos_installer = module
-
-# Layer: contrib
-# Module: afterburn
-#
-# afterburn
-#
-afterburn = module
-
-# Layer: contrib
-# Module: sap
-#
-# sap
-#
-sap = module
diff --git a/modules-targeted.conf b/modules-targeted.conf
index 16f8f79..bc5edff 100644
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@@ -1,113 +1,451 @@
+# Layer: kernel
+# Module: bootloader
#
-# This file contains a listing of available modules.
-# To prevent a module from being used in policy
-# creation, set the module name to "off".
+# Policy for the kernel modules, kernel image, and bootloader.
+#
+bootloader = module
+
+# Layer: kernel
+# Module: corecommands
+# Required in base
#
-# For monolithic policies, modules set to "base" and "module"
-# will be built into the policy.
+# Core policy for shells, and generic programs
+# in /bin, /sbin, /usr/bin, and /usr/sbin.
#
-# For modular policies, modules set to "base" will be
-# included in the base module. "module" will be compiled
-# as individual loadable modules.
+corecommands = base
+
+# Layer: kernel
+# Module: corenetwork
+# Required in base
#
+# Policy controlling access to network objects
+#
+corenetwork = base
-# Layer: services
-# Module: accountsd
+# Layer: admin
+# Module: dmesg
#
-# An application to view and modify user accounts information
+# Policy for dmesg.
#
-accountsd = module
+dmesg = module
# Layer: admin
-# Module: acct
+# Module: netutils
#
-# Berkeley process accounting
+# Network analysis utilities
#
-acct = module
+netutils = module
-# Layer: services
-# Module: ajaxterm
+# Layer: admin
+# Module: sudo
#
-# Web Based Terminal
+# Execute a command with a substitute user
#
-ajaxterm = module
+sudo = module
# Layer: admin
-# Module: alsa
+# Module: su
#
-# Ainit ALSA configuration tool
+# Run shells with substitute user and group
#
-alsa = module
+su = module
+
+# Layer: admin
+# Module: usermanage
+#
+# Policy for managing user accounts.
+#
+usermanage = module
+
+# Layer: apps
+# Module: seunshare
+#
+# seunshare executable
+#
+seunshare = module
+
+# Module: devices
+# Required in base
+#
+# Device nodes and interfaces for many basic system devices.
+#
+devices = base
+
+# Module: domain
+# Required in base
+#
+# Core policy for domains.
+#
+domain = base
+
+# Layer: system
+# Module: userdomain
+#
+# Policy for user domains
+#
+userdomain = module
+
+# Module: files
+# Required in base
+#
+# Basic filesystem types and interfaces.
+#
+files = base
+
+# Layer: system
+# Module: miscfiles
+#
+# Miscelaneous files.
+#
+miscfiles = module
+
+# Module: filesystem
+# Required in base
+#
+# Policy for filesystems.
+#
+filesystem = base
+
+# Module: kernel
+# Required in base
+#
+# Policy for kernel threads, proc filesystem,and unlabeled processes and objects.
+#
+kernel = base
+
+# Module: mcs
+# Required in base
+#
+# MultiCategory security policy
+#
+mcs = base
+
+# Module: mls
+# Required in base
+#
+# Multilevel security policy
+#
+mls = base
+
+# Module: selinux
+# Required in base
+#
+# Policy for kernel security interface, in particular, selinuxfs.
+#
+selinux = base
+
+# Layer: kernel
+# Module: storage
+#
+# Policy controlling access to storage devices
+#
+storage = base
+
+# Module: terminal
+# Required in base
+#
+# Policy for terminals.
+#
+terminal = base
+
+# Layer: kernel
+# Module: ubac
+#
+#
+#
+ubac = base
+
+# Layer: kernel
+# Module: unconfined
+#
+# The unlabelednet module.
+#
+unlabelednet = module
+
+# Layer: role
+# Module: auditadm
+#
+# auditadm account on tty logins
+#
+auditadm = module
+
+# Layer: role
+# Module: logadm
+#
+# Minimally prived root role for managing logging system
+#
+logadm = module
+
+# Layer: role
+# Module: secadm
+#
+# secadm account on tty logins
+#
+secadm = module
+
+# Layer:role
+# Module: sysadm_secadm
+#
+# System Administrator with Security Admin rules
+#
+sysadm_secadm = module
+
+# Module: staff
+#
+# admin account
+#
+staff = module
+
+# Layer:role
+# Module: sysadm
+#
+# System Administrator
+#
+sysadm = module
+
+# Layer: role
+# Module: unconfineduser
+#
+# The unconfined user domain.
+#
+unconfineduser = module
+
+# Layer: role
+# Module: unprivuser
+#
+# Minimally privs guest account on tty logins
+#
+unprivuser = module
# Layer: services
-# Module: callweaver
+# Module: postgresql
#
-# callweaver telephony sever
+# PostgreSQL relational database
#
-callweaver = module
+postgresql = module
# Layer: services
-# Module: cachefilesd
+# Module: ssh
#
-# CacheFiles userspace management daemon
+# Secure shell client and server policy.
#
-cachefilesd = module
+ssh = module
# Layer: services
-# Module: collectd
+# Module: xserver
+#
+# X windows login display manager
+#
+xserver = module
+
+# Module: application
+# Required in base
+#
+# Defines attributs and interfaces for all user applications
+#
+application = module
+
+# Layer: system
+# Module: authlogin
+#
+# Common policy for authentication and user login.
+#
+authlogin = module
+
+# Layer: system
+# Module: clock
+#
+# Policy for reading and setting the hardware clock.
+#
+clock = module
+
+# Layer: system
+# Module: fstools
+#
+# Tools for filesystem management, such as mkfs and fsck.
+#
+fstools = module
+
+# Layer: system
+# Module: getty
+#
+# Policy for getty.
+#
+getty = module
+
+# Layer: system
+# Module: hostname
+#
+# Policy for changing the system host name.
+#
+hostname = module
+
+# Layer: system
+# Module: init
+#
+# System initialization programs (init and init scripts).
+#
+init = module
+
+# Layer: system
+# Module: ipsec
+#
+# TCP/IP encryption
+#
+ipsec = module
+
+# Layer: system
+# Module: iptables
+#
+# Policy for iptables.
+#
+iptables = module
+
+# Layer: system
+# Module: libraries
+#
+# Policy for system libraries.
+#
+libraries = module
+
+# Layer: system
+# Module: locallogin
+#
+# Policy for local logins.
+#
+locallogin = module
+
+# Layer: system
+# Module: logging
+#
+# Policy for the kernel message logger and system logging daemon.
+#
+logging = module
+
+# Layer: system
+# Module: lvm
+#
+# Policy for logical volume management programs.
+#
+lvm = module
+
+# Layer: system
+# Module: modutils
+#
+# Policy for kernel module utilities
+#
+modutils = module
+
+# Layer: system
+# Module: mount
+#
+# Policy for mount.
+#
+mount = module
+
+# Layer: system
+# Module: netlabel
+#
+# Basic netlabel types and interfaces.
+#
+netlabel = module
+
+# Layer: system
+# Module: selinuxutil
+#
+# Policy for SELinux policy and userland applications.
+#
+selinuxutil = module
+
+# Module: setrans
+# Required in base
+#
+# Policy for setrans
+#
+setrans = module
+
+# Layer: system
+# Module: sysnetwork
+#
+# Policy for network configuration: ifconfig and dhcp client.
+#
+sysnetwork = module
+
+# Layer: system
+# Module: systemd
+#
+# Policy for systemd components
+#
+systemd = module
+
+# Layer: system
+# Module: udev
+#
+# Policy for udev.
+#
+udev = module
+
+# Layer: system
+# Module: unconfined
+#
+# The unconfined domain.
+#
+unconfined = module
+# Layer: services
+# Module: abrt
#
-# Statistics collection daemon for filling RRD files
+# Automatic bug detection and reporting tool
#
-collectd = module
+abrt = module
# Layer: services
-# Module: colord
+# Module: accountsd
#
-# color device daemon
+# An application to view and modify user accounts information
#
-colord = module
+accountsd = module
-# Layer: services
-# Module: couchdb
+# Layer: admin
+# Module: acct
#
-# Apache CouchDB database server
+# Berkeley process accounting
#
-couchdb = module
+acct = module
-# Layer: apps
-# Module: cpufreqselector
+# Layer: services
+# Module: afs
#
-# cpufreqselector executable
+# Andrew Filesystem server
#
-cpufreqselector = module
+afs = module
-# Layer: apps
-# Module: chrome
+# Layer: services
+# Module: aiccu
#
-# chrome sandbox
+# SixXS Automatic IPv6 Connectivity Client Utility
#
-chrome = module
+aiccu = module
-# Layer: module
-# Module: awstats
+# Layer: services
+# Module: aide
#
-# awstats executable
+# Policy for aide
#
-awstats = module
-
+aide = module
+
# Layer: services
-# Module: abrt
+# Module: ajaxterm
#
-# Automatic bug detection and reporting tool
+# Web Based Terminal
#
-abrt = module
+ajaxterm = module
-# Layer: services
-# Module: aiccu
+# Layer: admin
+# Module: alsa
#
-# SixXS Automatic IPv6 Connectivity Client Utility
+# Ainit ALSA configuration tool
#
-aiccu = module
+alsa = module
# Layer: admin
# Module: amanda
@@ -116,19 +454,12 @@ aiccu = module
#
amanda = module
-# Layer: services
-# Module: afs
-#
-# Andrew Filesystem server
-#
-afs = module
-
-# Layer: services
-# Module: amavis
+# Layer: admin
+# Module: amtu
#
-# Anti-virus
+# Abstract Machine Test Utility (AMTU)
#
-amavis = module
+amtu = module
# Layer: admin
# Module: anaconda
@@ -137,6 +468,13 @@ amavis = module
#
anaconda = module
+# Layer: contrib
+# Module: antivirus
+#
+# SELinux policy for antivirus programs
+#
+antivirus = module
+
# Layer: services
# Module: apache
#
@@ -145,20 +483,19 @@ anaconda = module
apache = module
# Layer: services
+# Module: apcupsd
+#
+# daemon for most APC’s UPS for Linux
+#
+apcupsd = module
+
+# Layer: services
# Module: apm
#
# Advanced power management daemon
#
apm = module
-# Layer: system
-# Module: application
-# Required in base
-#
-# Defines attributs and interfaces for all user applications
-#
-application = module
-
# Layer: services
# Module: arpwatch
#
@@ -167,26 +504,19 @@ application = module
arpwatch = module
# Layer: services
-# Module: entropy
-#
-# Generate entropy from audio input
-#
-entropyd = module
-
-# Layer: system
-# Module: authlogin
-#
-# Common policy for authentication and user login.
-#
-authlogin = module
-
-# Layer: services
# Module: asterisk
#
# Asterisk IP telephony server
#
asterisk = module
+# Layer: contrib
+# Module: authconfig
+#
+# Authorization configuration tool
+#
+authconfig = module
+
# Layer: services
# Module: automount
#
@@ -201,6 +531,13 @@ automount = module
#
avahi = module
+# Layer: module
+# Module: awstats
+#
+# awstats executable
+#
+awstats = module
+
# Layer: services
# Module: bcfg2
#
@@ -209,82 +546,88 @@ avahi = module
bcfg2 = module
# Layer: services
-# Module: boinc
-#
-# Berkeley Open Infrastructure for Network Computing
-#
-boinc = module
-
-# Layer: services
# Module: bind
#
# Berkeley internet name domain DNS server.
#
bind = module
-# Layer: services
-# Module: bugzilla
+# Layer: contrib
+# Module: rngd
#
-# Bugzilla server
+# Daemon used to feed random data from hardware device to kernel random device
#
-bugzilla = module
+rngd = module
# Layer: services
-# Module: dirsrv
+# Module: bitlbee
#
-# An 309 directory server
+# An IRC to other chat networks gateway
#
-dirsrv = module
+bitlbee = module
# Layer: services
-# Module: dirsrv-admin
+# Module: blueman
#
-# An 309 directory admin server
+# Blueman tools and system services.
#
-dirsrv-admin = module
+blueman = module
# Layer: services
-# Module: dnsmasq
+# Module: bluetooth
#
-# A lightweight DHCP and caching DNS server.
+# Bluetooth tools and system services.
#
-dnsmasq = module
+bluetooth = module
# Layer: services
-# Module: dnssec
+# Module: boinc
#
-# A dnssec server application
+# Berkeley Open Infrastructure for Network Computing
+#
+boinc = module
+
+# Layer: system
+# Module: brctl
+#
+# Utilities for configuring the linux ethernet bridge
#
-dnssec = module
+brctl = module
# Layer: services
-# Module: blueman
+# Module: bugzilla
#
-# Blueman tools and system services.
+# Bugzilla server
#
-blueman = module
+bugzilla = module
# Layer: services
-# Module: bluetooth
+# Module: bumblebee
#
-# Bluetooth tools and system services.
-#
-bluetooth = module
+# Support NVIDIA Optimus technology under Linux
+#
+bumblebee = module
-# Layer: kernel
-# Module: ubac
+# Layer: services
+# Module: cachefilesd
#
+# CacheFiles userspace management daemon
#
-#
-ubac = base
+cachefilesd = module
+# Module: calamaris
#
-# Layer: kernel
-# Module: bootloader
#
-# Policy for the kernel modules, kernel image, and bootloader.
+# Squid log analysis
#
-bootloader = module
+calamaris = module
+
+# Layer: services
+# Module: callweaver
+#
+# callweaver telephony sever
+#
+callweaver = module
# Layer: services
# Module: canna
@@ -301,19 +644,25 @@ canna = module
ccs = module
# Layer: apps
-# Module: calamaris
+# Module: cdrecord
#
+# Policy for cdrecord
+#
+cdrecord = module
+
+# Layer: admin
+# Module: certmaster
#
-# Squid log analysis
+# Digital Certificate master
#
-calamaris = module
+certmaster = module
-# Layer: apps
-# Module: cdrecord
+# Layer: services
+# Module: certmonger
#
-# Policy for cdrecord
+# Certificate status monitor and PKI enrollment client
#
-cdrecord = module
+certmonger = module
# Layer: admin
# Module: certwatch
@@ -322,40 +671,83 @@ cdrecord = module
#
certwatch = module
-# Layer: admin
-# Module: certmaster
+# Layer: services
+# Module: cfengine
#
-# Digital Certificate master
+# cfengine
+#
+cfengine = module
+
+# Layer: services
+# Module: cgroup
+#
+# Tools and libraries to control and monitor control groups
+#
+cgroup = module
+
+# Layer: apps
+# Module: chrome
+#
+# chrome sandbox
+#
+chrome = module
+
+# Layer: services
+# Module: chronyd
+#
+# Daemon for maintaining clock time
+#
+chronyd = module
+
+# Layer: services
+# Module: cipe
+#
+# Encrypted tunnel daemon
+#
+cipe = module
+
+
+# Layer: services
+# Module: clogd
+#
+# clogd - clustered mirror log server
+#
+clogd = module
+
+# Layer: services
+# Module: cloudform
#
-certmaster = module
+# cloudform daemons
+#
+cloudform = module
# Layer: services
-# Module: certmonger
+# Module: cmirrord
#
-# Certificate status monitor and PKI enrollment client
+# cmirrord - daemon providing device-mapper-base mirrors in a shared-storege cluster
#
-certmonger = module
-
+cmirrord = module
+
# Layer: services
-# Module: cipe
+# Module: cobbler
#
-# Encrypted tunnel daemon
+# cobbler
#
-cipe = module
+cobbler = module
# Layer: services
-# Module: chronyd
+# Module: collectd
#
-# Daemon for maintaining clock time
+# Statistics collection daemon for filling RRD files
#
-chronyd = module
+collectd = module
# Layer: services
-# Module: cobbler
+# Module: colord
#
-# cobbler
+# color device daemon
#
-cobbler = module
+colord = module
# Layer: services
# Module: comsat
@@ -365,56 +757,39 @@ cobbler = module
comsat = module
# Layer: services
-# Module: corosync
-#
-# Corosync Cluster Engine Executive
+# Module: condor
+#
+# policy for condor
#
-corosync = module
+condor = module
# Layer: services
-# Module: clamav
+# Module: conman
#
-# ClamAV Virus Scanner
-#
-clamav = module
-
-# Layer: system
-# Module: clock
+# Conman is a program for connecting to remote consoles being managed by conmand
#
-# Policy for reading and setting the hardware clock.
-#
-clock = module
+conman = module
# Layer: services
# Module: consolekit
#
# ConsoleKit is a system daemon for tracking what users are logged
#
-#consolekit = module
-
-# Layer: admin
-# Module: consoletype
-#
-# Determine of the console connected to the controlling terminal.
-#
-consoletype = module
+consolekit = module
-# Layer: kernel
-# Module: corecommands
-# Required in base
+# Layer: services
+# Module: couchdb
#
-# Core policy for shells, and generic programs
-# in /bin, /sbin, /usr/bin, and /usr/sbin.
+# Apache CouchDB database server
#
-corecommands = base
+couchdb = module
-# Layer: kernel
-# Module: corenetwork
-# Required in base
+# Layer: services
+# Module: courier
#
-# Policy controlling access to network objects
+# IMAP and POP3 email servers
#
-corenetwork = base
+courier = module
# Layer: services
# Module: cpucontrol
@@ -423,6 +798,13 @@ corenetwork = base
#
cpucontrol = module
+# Layer: apps
+# Module: cpufreqselector
+#
+# cpufreqselector executable
+#
+cpufreqselector = module
+
# Layer: services
# Module: cron
#
@@ -435,7 +817,7 @@ cron = module
#
# Cluster Daemon
#
-ctdbd = module
+ctdb = module
# Layer: services
# Module: cups
@@ -472,6 +854,13 @@ cyrus = module
#
daemontools = module
+# Layer: role
+# Module: dbadm
+#
+# Minimally prived root role for managing databases
+#
+dbadm = module
+
# Layer: services
# Module: dbskk
#
@@ -493,6 +882,13 @@ dbus = module
#
dcc = module
+# Layer: services
+# Module: ddclient
+#
+# Update dynamic IP address at DynDNS.org
+#
+ddclient = module
+
# Layer: admin
# Module: ddcprobe
#
@@ -501,19 +897,18 @@ dcc = module
ddcprobe = off
# Layer: services
-# Module: devicekit
+# Module: denyhosts
#
-# devicekit-daemon
+# script to help thwart ssh server attacks
#
-devicekit = module
+denyhosts = module
-# Layer: kernel
-# Module: devices
-# Required in base
+# Layer: services
+# Module: devicekit
#
-# Device nodes and interfaces for many basic system devices.
+# devicekit-daemon
#
-devices = base
+devicekit = module
# Layer: services
# Module: dhcp
@@ -530,18 +925,25 @@ dhcp = module
dictd = module
# Layer: services
-# Module: distcc
+# Module: dirsrv-admin
#
-# Distributed compiler daemon
+# An 309 directory admin server
#
-distcc = off
+dirsrv-admin = module
-# Layer: admin
-# Module: dmesg
+# Layer: services
+# Module: dirsrv
#
-# Policy for dmesg.
+# An 309 directory server
#
-dmesg = module
+dirsrv = module
+
+# Layer: services
+# Module: distcc
+#
+# Distributed compiler daemon
+#
+distcc = off
# Layer: admin
# Module: dmidecode
@@ -550,27 +952,19 @@ dmesg = module
#
dmidecode = module
-# Layer: kernel
-# Module: domain
-# Required in base
-#
-# Core policy for domains.
-#
-domain = base
-
# Layer: services
-# Module: drbd
-#
-# DRBD mirrors a block device over the network to another machine.
+# Module: dnsmasq
#
-drbd = module
+# A lightweight DHCP and caching DNS server.
+#
+dnsmasq = module
# Layer: services
-# Module: ddclient
-#
-# Update dynamic IP address at DynDNS.org
+# Module: dnssec
#
-ddclient = module
+# A dnssec server application
+#
+dnssec = module
# Layer: services
# Module: dovecot
@@ -579,48 +973,33 @@ ddclient = module
#
dovecot = module
-# Layer: apps
-# Module: gitosis
-#
-# Policy for gitosis
-#
-gitosis = module
-
# Layer: services
-# Module: glance
+# Module: drbd
#
-# Policy for glance
-#
-glance = module
-
-# Layer: apps
-# Module: gpg
+# DRBD mirrors a block device over the network to another machine.
#
-# Policy for GNU Privacy Guard and related programs.
-#
-gpg = module
+drbd = module
# Layer: services
-# Module: gpsd
+# Module: dspam
#
-# gpsd monitor daemon
+# dspam - library and Mail Delivery Agent for Bayesian SPAM filtering
#
-#
-gpsd = module
+dspam = module
# Layer: services
-# Module: git
+# Module: entropy
#
-# Policy for the stupid content tracker
+# Generate entropy from audio input
#
-git = module
+entropyd = module
# Layer: services
-# Module: gpm
+# Module: exim
#
-# General Purpose Mouse driver
+# exim mail server
#
-gpm = module
+exim = module
# Layer: services
# Module: fail2ban
@@ -630,27 +1009,18 @@ gpm = module
fail2ban = module
# Layer: services
-# Module: fetchmail
+# Module: fcoe
#
-# Remote-mail retrieval and forwarding utility
-#
-fetchmail = module
-
-# Layer: kernel
-# Module: files
-# Required in base
+# fcoe
#
-# Basic filesystem types and interfaces.
-#
-files = base
+fcoe = module
-# Layer: kernel
-# Module: filesystem
-# Required in base
+# Layer: services
+# Module: fetchmail
#
-# Policy for filesystems.
+# Remote-mail retrieval and forwarding utility
#
-filesystem = base
+fetchmail = module
# Layer: services
# Module: finger
@@ -659,13 +1029,12 @@ filesystem = base
#
finger = module
-# Layer: admin
-# Module: firstboot
+# Layer: services
+# Module: firewalld
#
-# Final system configuration run during the first boot
-# after installation of Red Hat/Fedora systems.
+# firewalld is firewall service daemon that provides dynamic customizable
#
-firstboot = module
+firewalld = module
# Layer: apps
# Module: firewallgui
@@ -674,6 +1043,13 @@ firstboot = module
#
firewallgui = module
+# Module: firstboot
+#
+# Final system configuration run during the first boot
+# after installation of Red Hat/Fedora systems.
+#
+firstboot = module
+
# Layer: services
# Module: fprintd
#
@@ -681,12 +1057,12 @@ firewallgui = module
#
fprintd = module
-# Layer: system
-# Module: fstools
+# Layer: services
+# Module: freqset
#
-# Tools for filesystem management, such as mkfs and fsck.
-#
-fstools = module
+# Utility for CPU frequency scaling
+#
+freqset = module
# Layer: services
# Module: ftp
@@ -702,12 +1078,33 @@ ftp = module
#
games = module
-# Layer: system
-# Module: getty
+# Layer: apps
+# Module: gitosis
#
-# Policy for getty.
+# Policy for gitosis
#
-getty = module
+gitosis = module
+
+# Layer: services
+# Module: git
+#
+# Policy for the stupid content tracker
+#
+git = module
+
+# Layer: services
+# Module: glance
+#
+# Policy for glance
+#
+glance = module
+
+# Layer: contrib
+# Module: glusterd
+#
+# policy for glusterd service
+#
+glusterd = module
# Layer: apps
# Module: gnome
@@ -716,68 +1113,75 @@ getty = module
#
gnome = module
-# Layer: services
-# Module: hddtemp
+# Layer: apps
+# Module: gpg
#
-# hddtemp hard disk temperature tool running as a daemon
+# Policy for GNU Privacy Guard and related programs.
#
-hddtemp = module
+gpg = module
# Layer: services
-# Module: passenger
+# Module: gpm
#
-# Passenger
+# General Purpose Mouse driver
#
-passenger = module
+gpm = module
-# Layer: services
-# Module: policykit
+# Module: gpsd
+#
+# gpsd monitor daemon
#
-# Hardware abstraction layer
#
-policykit = module
+gpsd = module
-# Layer: services
-# Module: puppet
+# Module: gssproxy
+#
+# A proxy for GSSAPI credential handling
#
-# A network tool for managing many disparate systems
#
-puppet = module
+gssproxy = module
-# Layer: apps
-# Module: ptchown
+# Layer: role
+# Module: guest
#
-# helper function for grantpt(3), changes ownship and permissions of pseudotty
+# Minimally privs guest account on tty logins
#
-ptchown = module
+guest = module
+
+# Layer: role
+# Module: xguest
+#
+# Minimally privs guest account on X Windows logins
+#
+xguest = module
# Layer: services
-# Module: psad
+# Module: hddtemp
#
-# Analyze iptables log for hostile traffic
+# hddtemp hard disk temperature tool running as a daemon
#
-psad = module
+hddtemp = module
-# Layer: apps
-# Module: pwauth
+# Layer: services
+# Module: hostapd
#
-# External plugin for mod_authnz_external authenticator
+# hostapd - IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
#
-pwauth = module
+hostapd = module
# Layer: services
-# Module: quantum
+# Module: i18n_input
#
-# Quantum is a virtual network service for Openstack
+# IIIMF htt server
#
-quantum = module
+i18n_input = off
-# Layer: system
-# Module: hostname
+# Layer: services
+# Module: icecast
#
-# Policy for changing the system host name.
+# ShoutCast compatible streaming media server
#
-hostname = module
+icecast = module
# Layer: services
# Module: inetd
@@ -786,13 +1190,6 @@ hostname = module
#
inetd = module
-# Layer: system
-# Module: init
-#
-# System initialization programs (init and init scripts).
-#
-init = module
-
# Layer: services
# Module: inn
#
@@ -800,19 +1197,12 @@ init = module
#
inn = module
-# Layer: system
-# Module: iptables
-#
-# Policy for iptables.
-#
-iptables = module
-
-# Layer: system
-# Module: ipsec
+# Layer: services
+# Module: lircd
#
-# TCP/IP encryption
+# LIRC daemon - decodes infrared signals and provides them on a Unix domain socket.
#
-ipsec = module
+lircd = module
# Layer: apps
# Module: irc
@@ -835,19 +1225,12 @@ irqbalance = module
#
iscsi = module
-# Layer: services
-# Module: icecast
+# Layer: system
+# Module: isnsd
#
-# ShoutCast compatible streaming media server
#
-icecast = module
-
-# Layer: services
-# Module: i18n_input
-#
-# IIIMF htt server
#
-i18n_input = off
+isns = module
# Layer: services
# Module: jabber
@@ -863,12 +1246,12 @@ jabber = module
#
jetty = module
-# Layer: admin
-# Module: kdump
-#
-# kdump is kernel crash dumping mechanism
+# Layer: apps
+# Module: jockey
#
-kdump = module
+# policy for jockey-backend
+#
+jockey = module
# Layer: apps
# Module: kdumpgui
@@ -877,12 +1260,12 @@ kdump = module
#
kdumpgui = module
-# Layer: services
-# Module: ksmtuned
+# Layer: admin
+# Module: kdump
#
-# Kernel Samepage Merging (KSM) Tuning Daemon
+# kdump is kernel crash dumping mechanism
#
-ksmtuned = module
+kdump = module
# Layer: services
# Module: kerberos
@@ -891,13 +1274,40 @@ ksmtuned = module
#
kerberos = module
-# Layer: kernel
-# Module: kernel
-# Required in base
+# Layer: services
+# Module: keepalived
#
-# Policy for kernel threads, proc filesystem,and unlabeled processes and objects.
+# keepalived - load-balancing and high-availability service
+#
+keepalived = module
+
+# Module: keyboardd
+#
+# system-setup-keyboard is a keyboard layout daemon that monitors
+# /etc/sysconfig/keyboard and writes out an xorg.conf.d snippet
+#
+keyboardd = module
+
+# Layer: services
+# Module: keystone
+#
+# openstack-keystone
+#
+keystone = module
+
+# Layer: services
+# Module: kismet
+#
+# Wireless sniffing and monitoring
#
-kernel = base
+kismet = module
+
+# Layer: services
+# Module: ksmtuned
+#
+# Kernel Samepage Merging (KSM) Tuning Daemon
+#
+ksmtuned = module
# Layer: services
# Module: ktalk
@@ -911,7 +1321,7 @@ ktalk = module
#
# Layer 2 Tunnelling Protocol Daemon
#
-l2tpd = module
+l2tp = module
# Layer: services
# Module: ldap
@@ -927,12 +1337,19 @@ ldap = module
#
likewise = module
-# Layer: system
-# Module: libraries
+# Layer: apps
+# Module: livecd
#
-# Policy for system libraries.
+# livecd creator
#
-libraries = module
+livecd = module
+
+# Layer: services
+# Module: lldpad
+#
+# lldpad - Link Layer Discovery Protocol (LLDP) agent daemon
+#
+lldpad = module
# Layer: apps
# Module: loadkeys
@@ -941,13 +1358,6 @@ libraries = module
#
loadkeys = module
-# Layer: system
-# Module: locallogin
-#
-# Policy for local logins.
-#
-locallogin = module
-
# Layer: apps
# Module: lockdev
#
@@ -955,13 +1365,6 @@ locallogin = module
#
lockdev = module
-# Layer: system
-# Module: logging
-#
-# Policy for the kernel message logger and system logging daemon.
-#
-logging = module
-
# Layer: admin
# Module: logrotate
#
@@ -984,27 +1387,12 @@ logwatch = module
lpd = module
# Layer: services
-# Module: lircd
-#
-# LIRC daemon - decodes infrared signals and provides them on a Unix domain socket.
-#
-lircd = module
-
-# Layer: system
-# Module: lvm
-#
-# Policy for logical volume management programs.
-#
-lvm = module
-
-# Layer: services
# Module: mailman
#
# Mailman is for managing electronic mail discussion and e-newsletter lists
#
mailman = module
-
# Layer: services
# Module: mailman
#
@@ -1012,98 +1400,54 @@ mailman = module
#
mailscanner = module
-# Layer: services
-# Module: matahari
-#
-# Matahari system maangement tools
+# Layer: apps
+# Module: man2html
+#
+# policy for man2html apps
#
-matahari = module
+man2html = module
# Layer: admin
# Module: mcelog
#
-# Policy for mcelog.
-#
-mcelog = module
-
-# Layer: kernel
-# Module: mcs
-# Required in base
-#
-# MultiCategory security policy
-#
-mcs = base
-
-# Layer: apps
-# Module: mediawiki
-#
-# mediawiki
-#
-mediawiki = module
-
-# Layer: system
-# Module: miscfiles
-#
-# Miscelaneous files.
-#
-miscfiles = module
-
-# Layer: kernel
-# Module: mls
-# Required in base
-#
-# Multilevel security policy
-#
-mls = base
-
-# Layer: services
-# Module: mock
-#
-# Policy for mock rpm builder
-#
-mock = module
-
-# Layer: services
-# Module: mojomojo
-#
-# Wiki server
-#
-mojomojo = module
-
-# Layer: system
-# Module: modutils
-#
-# Policy for kernel module utilities
+# Policy for mcelog.
#
-modutils = module
+mcelog = module
-# Layer: system
-# Module: mount
+# Layer: apps
+# Module: mediawiki
#
-# Policy for mount.
+# mediawiki
#
-mount = module
+mediawiki = module
-# Layer: apps
-# Module: mozilla
+# Layer: services
+# Module: memcached
#
-# Policy for Mozilla and related web browsers
+# high-performance memory object caching system
#
-mozilla = module
+memcached = module
# Layer: services
-# Module: ntop
+# Module: milter
#
-# Policy for ntop
#
-ntop = module
+#
+milter = module
# Layer: services
-# Module: nslcd
+# Module: mip6d
#
-# Policy for nslcd
+# UMIP Mobile IPv6 and NEMO Basic Support protocol implementation
+#
+mip6d = module
+
+# Layer: services
+# Module: mock
+#
+# Policy for mock rpm builder
#
-nslcd = module
+mock = module
# Layer: services
# Module: modemmanager
@@ -1113,6 +1457,20 @@ nslcd = module
modemmanager = module
# Layer: services
+# Module: mojomojo
+#
+# Wiki server
+#
+mojomojo = module
+
+# Layer: apps
+# Module: mozilla
+#
+# Policy for Mozilla and related web browsers
+#
+mozilla = module
+
+# Layer: services
# Module: mpd
#
# mpd - daemon for playing music
@@ -1126,13 +1484,6 @@ mpd = module
#
mplayer = module
-# Layer: apps
-# Module: gpg
-#
-# Policy for Mozilla and related web browsers
-#
-gpg = module
-
# Layer: admin
# Module: mrtg
#
@@ -1148,12 +1499,26 @@ mrtg = module
mta = module
# Layer: services
+# Module: munin
+#
+# Munin
+#
+munin = module
+
+# Layer: services
# Module: mysql
#
# Policy for MySQL
#
mysql = module
+# Layer: contrib
+# Module: mythtv
+#
+# Policy for Mythtv (Web Server)
+#
+mythtv = module
+
# Layer: services
# Module: nagios
#
@@ -1161,12 +1526,12 @@ mysql = module
#
nagios = module
-# Layer: admin
-# Module: ncftool
+# Layer: apps
+# Module: namespace
#
-# Tool to modify the network configuration of a system
-#
-ncftool = module
+# policy for namespace.init script
+#
+namespace = module
# Layer: admin
# Module: ncftool
@@ -1175,13 +1540,6 @@ ncftool = module
#
ncftool = module
-# Layer: admin
-# Module: netutils
-#
-# Network analysis utilities
-#
-netutils = module
-
# Layer: services
# Module: networkmanager
#
@@ -1190,12 +1548,25 @@ netutils = module
networkmanager = module
# Layer: services
+# Module: ninfod
+#
+# Respond to IPv6 Node Information Queries
+#
+ninfod = module
+
+# Layer: services
# Module: nis
#
# Policy for NIS (YP) servers and clients
#
nis = module
+# Layer: services
+# Module: nova
+#
+# openstack-nova
+#
+nova = module
# Layer: services
# Module: nscd
@@ -1204,6 +1575,19 @@ nis = module
#
nscd = module
+# Layer: services
+# Module: nslcd
+#
+# Policy for nslcd
+#
+nslcd = module
+
+# Layer: services
+# Module: ntop
+#
+# Policy for ntop
+#
+ntop = module
# Layer: services
# Module: ntp
@@ -1213,6 +1597,13 @@ nscd = module
ntp = module
# Layer: services
+# Module: numad
+#
+# numad - user-level daemon that provides advice and managment for optimum use of CPUs and memory on systems with NUMA topology
+#
+numad = module
+
+# Layer: services
# Module: nut
#
# nut - Network UPS Tools
@@ -1226,6 +1617,12 @@ nut = module
#
nx = module
+# Layer: services
+# Module: obex
+#
+# policy for obex-data-server
+#
+obex = module
# Layer: services
# Module: oddjob
@@ -1241,6 +1638,33 @@ oddjob = module
#
openct = off
+# Layer: service
+# Module: openct
+#
+# Middleware framework for smart card terminals
+#
+openct = module
+
+# Layer: contrib
+# Module: openshift-origin
+#
+# Origin version of openshift policy
+#
+openshift-origin = module
+# Layer: contrib
+# Module: openshift
+#
+# Core openshift policy
+#
+openshift = module
+
+# Layer: services
+# Module: opensm
+#
+# InfiniBand subnet manager and administration (SM/SA)
+#
+opensm = module
+
# Layer: services
# Module: openvpn
#
@@ -1248,20 +1672,52 @@ openct = off
#
openvpn = module
+# Layer: contrib
+# Module: openvswitch
+#
+# SELinux policy for openvswitch programs
+#
+openvswitch = module
-# Layer: service
-# Module: pcscd
+# Layer: services
+# Module: openwsman
#
-# PC/SC Smart Card Daemon
+# WS-Management Server
#
-pcscd = module
+openwsman = module
-# Layer: service
-# Module: openct
-#
-# Middleware framework for smart card terminals
+# Layer: services
+# Module: osad
#
-openct = module
+# Client-side service written in Python that responds to pings
+#
+osad = module
+
+# Layer: contrib
+# Module: prelude
+#
+# SELinux policy for prelude
+#
+prelude = module
+
+# Layer: contrib
+# Module: prosody
+#
+# SELinux policy for prosody flexible communications server for Jabber/XMPP
+#
+prosody = module
+
+# Layer: services
+# Module: pads
+#
+pads = module
+
+# Layer: services
+# Module: passenger
+#
+# Passenger
+#
+passenger = module
# Layer: system
# Module: pcmcia
@@ -1270,6 +1726,20 @@ openct = module
#
pcmcia = module
+# Layer: service
+# Module: pcscd
+#
+# PC/SC Smart Card Daemon
+#
+pcscd = module
+
+# Layer: services
+# Module: pdns
+#
+# PowerDNS DNS server
+#
+pdns = module
+
# Layer: services
# Module: pegasus
#
@@ -1278,18 +1748,52 @@ pcmcia = module
pegasus = module
# Layer: services
+# Module: pingd
+#
+#
+pingd = module
+
+# Layer: services
# Module: piranha
#
# piranha - various tools to administer and configure the Linux Virtual Server
#
piranha = module
+# Layer: contrib
+# Module: pkcs
+#
+# daemon manages PKCS#11 objects between PKCS#11-enabled applications
+#
+pkcs = module
+
# Layer: services
-# Module: postgresql
+# Module: plymouthd
#
-# PostgreSQL relational database
+# Plymouth
#
-postgresql = module
+plymouthd = module
+
+# Layer: apps
+# Module: podsleuth
+#
+# Podsleuth probes, identifies, and exposes properties and metadata bound to iPods.
+#
+podsleuth = module
+
+# Layer: services
+# Module: policykit
+#
+# Hardware abstraction layer
+#
+policykit = module
+
+# Layer: services
+# Module: polipo
+#
+# polipo
+#
+polipo = module
# Layer: services
# Module: portmap
@@ -1299,6 +1803,13 @@ postgresql = module
portmap = module
# Layer: services
+# Module: portreserve
+#
+# reserve ports to prevent portmap mapping them
+#
+portreserve = module
+
+# Layer: services
# Module: postfix
#
# Postfix email server
@@ -1327,6 +1838,13 @@ ppp = module
prelink = module
# Layer: services
+# Module: privoxy
+#
+# Privacy enhancing web proxy.
+#
+privoxy = module
+
+# Layer: services
# Module: procmail
#
# Procmail mail delivery agent
@@ -1334,25 +1852,39 @@ prelink = module
procmail = module
# Layer: services
-# Module: privoxy
+# Module: psad
#
-# Privacy enhancing web proxy.
+# Analyze iptables log for hostile traffic
+#
+psad = module
+
+# Layer: apps
+# Module: ptchown
+#
+# helper function for grantpt(3), changes ownship and permissions of pseudotty
+#
+ptchown = module
+
+# Layer: apps
+# Module: pulseaudio
+#
+# The PulseAudio Sound System
#
-privoxy = module
+pulseaudio = module
# Layer: services
-# Module: publicfile
+# Module: puppet
#
-# publicfile supplies files to the public through HTTP and FTP
+# A network tool for managing many disparate systems
#
-publicfile = module
+puppet = module
# Layer: apps
-# Module: pulseaudio
+# Module: pwauth
#
-# The PulseAudio Sound System
+# External plugin for mod_authnz_external authenticator
#
-pulseaudio = module
+pwauth = module
# Layer: services
# Module: qmail
@@ -1368,6 +1900,13 @@ qmail = module
#
qpid = module
+# Layer: services
+# Module: quantum
+#
+# Quantum is a virtual network service for Openstack
+#
+quantum = module
+
# Layer: admin
# Module: quota
#
@@ -1375,12 +1914,12 @@ qpid = module
#
quota = module
-# Layer: system
-# Module: raid
+# Layer: services
+# Module: rabbitmq
#
-# RAID array management tools
-#
-raid = module
+# rabbitmq daemons
+#
+rabbitmq = module
# Layer: services
# Module: radius
@@ -1396,6 +1935,27 @@ radius = module
#
radvd = module
+# Layer: system
+# Module: raid
+#
+# RAID array management tools
+#
+raid = module
+
+# Layer: services
+# Module: rasdaemon
+#
+# The rasdaemon program is a daemon with monitors the RAS trace events from /sys/kernel/debug/tracing
+#
+rasdaemon = module
+
+# Layer: services
+# Module: rdisc
+#
+# Network router discovery daemon
+#
+rdisc = module
+
# Layer: admin
# Module: readahead
#
@@ -1403,12 +1963,19 @@ radvd = module
#
readahead = module
-# Layer: services
-# Module: rgmanager
+# Layer: contrib
+# Module: stapserver
+#
+# dbus system service which manages discovery and enrollment in realms and domains like Active Directory or IPA
#
-# Red Hat Resource Group Manager
+realmd = module
+
+# Layer: services
+# Module: remotelogin
#
-rgmanager = module
+# Policy for rshd, rlogind, and telnetd.
+#
+remotelogin = module
# Layer: services
# Module: rhcs
@@ -1418,34 +1985,13 @@ rgmanager = module
rhcs = module
# Layer: services
-# Module: aisexec
-#
-# RHCS - Red Hat Cluster Suite
+# Module: rhev
#
-aisexec = module
-
-# Layer: services
-# Module: rgmanager
+# rhev policy module contains policies for rhev apps
#
-# rgmanager
-#
-rgmanager = module
+rhev = module
# Layer: services
-# Module: clogd
-#
-# clogd - clustered mirror log server
-#
-clogd = module
-
-# Layer: services
-# Module: cmirrord
-#
-# cmirrord - daemon providing device-mapper-base mirrors in a shared-storege cluster
-#
-cmirrord = module
-
-# Layer: services
# Module: rhgb
#
# X windows login display manager
@@ -1453,18 +1999,11 @@ cmirrord = module
rhgb = module
# Layer: services
-# Module: rdisc
+# Module: rhsmcertd
#
-# Network router discovery daemon
-#
-rdisc = module
-
-# Layer: services
-# Module: remotelogin
+# Subscription Management Certificate Daemon policy
#
-# Policy for rshd, rlogind, and telnetd.
-#
-remotelogin = module
+rhsmcertd = module
# Layer: services
# Module: ricci
@@ -1488,6 +2027,13 @@ rlogin = module
roundup = module
# Layer: services
+# Module: rpcbind
+#
+# universal addresses to RPC program number mapper
+#
+rpcbind = module
+
+# Layer: services
# Module: rpc
#
# Remote Procedure Call Daemon for managment of network based process communication
@@ -1501,7 +2047,6 @@ rpc = module
#
rpm = module
-
# Layer: services
# Module: rshd
#
@@ -1509,6 +2054,13 @@ rpm = module
#
rshd = module
+# Layer: apps
+# Module: rssh
+#
+# Restricted (scp/sftp) only shell
+#
+rssh = module
+
# Layer: services
# Module: rsync
#
@@ -1530,8 +2082,13 @@ rtkit = module
#
rwho = module
-# Layer: services
-# Module: samba
+# Layer: apps
+# Module: sambagui
+#
+# policy for system-config-samba
+#
+sambagui = module
+
#
# SMB and CIFS client/server programs for UNIX and
# name Service Switch daemon for resolving names
@@ -1540,18 +2097,18 @@ rwho = module
samba = module
# Layer: apps
-# Module: sambagui
+# Module: sandbox
#
-# policy for system-config-samba
+# Policy for running apps within a sandbox
#
-sambagui = module
+sandbox = module
# Layer: apps
# Module: sandbox
#
-# Experimental policy for running apps within a sandbox
+# Policy for running apps within a X sandbox
#
-sandbox = module
+sandboxX = module
# Layer: services
# Module: sanlock
@@ -1567,6 +2124,13 @@ sanlock = module
#
sasl = module
+# Layer: services
+# Module: sblim
+#
+# sblim
+#
+sblim = module
+
# Layer: apps
# Module: screen
#
@@ -1574,20 +2138,12 @@ sasl = module
#
screen = module
-# Layer: kernel
-# Module: selinux
-# Required in base
-#
-# Policy for kernel security interface, in particular, selinuxfs.
-#
-selinux = base
-
-# Layer: system
-# Module: selinuxutil
+# Layer: admin
+# Module: sectoolm
#
-# Policy for SELinux policy and userland applications.
+# Policy for sectool-mechanism
#
-selinuxutil = module
+sectoolm = module
# Layer: services
# Module: sendmail
@@ -1596,48 +2152,47 @@ selinuxutil = module
#
sendmail = module
-# Layer: apps
-# Module: seunshare
+# Layer: contrib
+# Module: sensord
+#
+# Sensor information logging daemon
#
-# seunshare executable
-#
-seunshare = module
+sensord = module
-# Layer: admin
-# Module: shorewall
+# Layer: services
+# Module: setroubleshoot
#
-# Policy for shorewall
+# Policy for the SELinux troubleshooting utility
#
-shorewall = module
+setroubleshoot = module
-# Layer: admin
-# Module: shutdown
-#
-# Policy for shutdown
+# Layer: services
+# Module: sge
#
-shutdown = module
+# policy for grindengine MPI jobs
+#
+sge = module
# Layer: admin
-# Module: sectoolm
+# Module: shorewall
#
-# Policy for sectool-mechanism
+# Policy for shorewall
#
-sectoolm = module
+shorewall = module
-# Layer: system
-# Module: setrans
-# Required in base
+# Layer: apps
+# Module: slocate
#
-# Policy for setrans
+# Update database for mlocate
#
-setrans = module
+slocate = module
-# Layer: services
-# Module: setroubleshoot
+# Layer: contrib
+# Module: slpd
+#
+# OpenSLP server daemon to dynamically register services
#
-# Policy for the SELinux troubleshooting utility
-#
-setroubleshoot = module
+slpd = module
# Layer: services
# Module: slrnpull
@@ -1646,13 +2201,6 @@ setroubleshoot = module
#
slrnpull = off
-# Layer: apps
-# Module: slocate
-#
-# Update database for mlocate
-#
-slocate = module
-
# Layer: services
# Module: smartmon
#
@@ -1682,75 +2230,88 @@ smoltclient = module
snmp = module
# Layer: services
-# Module: spamassassin
+# Module: snort
#
-# Filter used for removing unsolicited email.
+# Snort network intrusion detection system
#
-spamassassin = module
+snort = module
-# Layer: services
-# Module: squid
+# Layer: admin
+# Module: sosreport
#
-# Squid caching http proxy server
+# sosreport debuggin information generator
#
-squid = module
+sosreport = module
# Layer: services
-# Module: ssh
+# Module: soundserver
#
-# Secure shell client and server policy.
+# sound server for network audio server programs, nasd, yiff, etc</summary>
#
-ssh = module
+soundserver = module
# Layer: services
-# Module: sssd
+# Module: spamassassin
#
-# System Security Services Daemon
+# Filter used for removing unsolicited email.
#
-sssd = module
+spamassassin = module
-# Layer: kernel
-# Module: storage
+# Layer: services
+# Module: speech-dispatcher
#
-# Policy controlling access to storage devices
-#
-storage = base
+# speech-dispatcher - server process managing speech requests in Speech Dispatcher
+#
+speech-dispatcher = module
# Layer: services
-# Module: stunnel
+# Module: squid
#
-# SSL Tunneling Proxy
+# Squid caching http proxy server
#
-stunnel = module
+squid = module
-# Layer: admin
-# Module: su
+# Layer: services
+# Module: sssd
#
-# Run shells with substitute user and group
+# System Security Services Daemon
#
-su = module
+sssd = module
-# Layer: admin
-# Module: sudo
+# Layer: services
+# Module: sslh
#
-# Execute a command with a substitute user
+# Applicative protocol(SSL/SSH) multiplexer
#
-sudo = module
+sslh = module
-# Layer: system
-# Module: systemd
+# Layer: contrib
+# Module: stapserver
+#
+# Instrumentation System Server
+#
+stapserver = module
+
+# Layer: services
+# Module: stunnel
#
-# Policy for systemd components
+# SSL Tunneling Proxy
#
-systemd = module
+stunnel = module
-# Layer: system
-# Module: sysnetwork
-#
-# Policy for network configuration: ifconfig and dhcp client.
+# Layer: services
+# Module: svnserve
+#
+# policy for subversion service
#
-sysnetwork = module
+svnserve = module
+# Layer: services
+# Module: swift
+#
+# openstack-swift
+#
+swift = module
# Layer: services
# Module: sysstat
@@ -1773,6 +2334,27 @@ tcpd = module
#
tcsd = module
+# Layer: apps
+# Module: telepathy
+#
+# telepathy - Policy for Telepathy framework
+#
+telepathy = module
+
+# Layer: services
+# Module: telnet
+#
+# Telnet daemon
+#
+telnet = module
+
+# Layer: services
+# Module: tftp
+#
+# Trivial file transfer protocol daemon
+#
+tftp = module
+
# Layer: services
# Module: tgtd
#
@@ -1787,41 +2369,46 @@ tgtd = module
#
thumb = module
-# Layer: system
-# Module: udev
-#
-# Policy for udev.
-#
-udev = module
-
# Layer: services
-# Module: usbmuxd
+# Module: timidity
#
-# Daemon for communicating with Apple's iPod Touch and iPhone
+# MIDI to WAV converter and player configured as a service
#
-usbmuxd = module
+timidity = off
-# Layer: system
-# Module: userdomain
+# Layer: admin
+# Module: tmpreaper
#
-# Policy for user domains
+# Manage temporary directory sizes and file ages
#
-userdomain = module
+tmpreaper = module
-# Layer: system
-# Module: unconfined
+# Layer: contrib
+# Module: glusterd
+#
+# policy for tomcat service
#
-# The unconfined domain.
+tomcat = module
+# Layer: services
+# Module: tor
+#
+# TOR, the onion router
#
-unconfined = module
-
+tor = module
-# Layer: kernel
-# Module: unconfined
+# Layer: services
+# Module: tuned
#
-# The unlabelednet module.
+# Dynamic adaptive system tuning daemon
#
-unlabelednet = module
+tuned = module
+
+# Layer: apps
+# Module: tvtime
+#
+# tvtime - a high quality television application
+#
+tvtime = module
# Layer: services
# Module: ulogd
@@ -1830,117 +2417,110 @@ unlabelednet = module
#
ulogd = module
-# Layer: services
-# Module: vdagent
+# Layer: apps
+# Module: uml
#
-# vdagent
+# Policy for UML
#
-vdagent = module
+uml = module
-# Layer: services
-# Module: vhostmd
+# Layer: admin
+# Module: updfstab
#
-# vhostmd - spice guest agent daemon.
+# Red Hat utility to change /etc/fstab.
#
-vhostmd = module
+updfstab = module
-# Layer: apps
-# Module: vhostmd
+# Layer: admin
+# Module: usbmodules
#
-# vlock - Virtual Console lock program
+# List kernel modules of USB devices
#
-vlock = module
+usbmodules = module
# Layer: services
-# Module: wdmd
+# Module: usbmuxd
#
-# wdmd policy
+# Daemon for communicating with Apple's iPod Touch and iPhone
#
-wdmd = module
+usbmuxd = module
# Layer: apps
-# Module: wine
+# Module: userhelper
#
-# wine executable
+# A helper interface to pam.
#
-wine = module
+userhelper = module
# Layer: apps
-# Module: wireshark
+# Module: usernetctl
#
-# wireshark executable
+# User network interface configuration helper
#
-wireshark = module
+usernetctl = module
-# Layer: apps
-# Module: telepathy
+# Layer: services
+# Module: uucp
#
-# telepathy - Policy for Telepathy framework
+# Unix to Unix Copy
#
-telepathy = module
+uucp = module
-# Layer: apps
-# Module: userhelper
+# Layer: services
+# Module: uuidd
#
-# A helper interface to pam.
+# UUID generation daemon
#
-userhelper = module
+uuidd = module
# Layer: services
-# Module: tor
+# Module: varnishd
#
-# TOR, the onion router
+# Varnishd http accelerator daemon
#
-tor = module
+varnishd = module
-# Layer: apps
-# Module: tvtime
+# Layer: services
+# Module: vdagent
#
-# tvtime - a high quality television application
+# vdagent
#
-tvtime = module
+vdagent = module
-# Layer: apps
-# Module: uml
+# Layer: services
+# Module: vhostmd
#
-# Policy for UML
+# vhostmd - spice guest agent daemon.
#
-uml = module
+vhostmd = module
-# Layer: admin
-# Module: usbmodules
+# Layer: services
+# Module: virt
#
-# List kernel modules of USB devices
+# Virtualization libraries
#
-usbmodules = module
+virt = module
# Layer: apps
-# Module: usernetctl
-#
-# User network interface configuration helper
-#
-usernetctl = module
-
-# Layer: system
-# Module: xen
+# Module: vhostmd
#
-# virtualization software
+# vlock - Virtual Console lock program
#
-xen = module
+vlock = module
# Layer: services
-# Module: varnishd
+# Module: vmtools
#
-# Varnishd http accelerator daemon
-#
-varnishd = module
+# VMware Tools daemon
+#
+vmtools = module
-# Layer: services
-# Module: virt
+# Layer: apps
+# Module: vmware
#
-# Virtualization libraries
+# VMWare Workstation virtual machines
#
-virt = module
+vmware = module
# Layer: services
# Module: vnstatd
@@ -1949,68 +2529,68 @@ virt = module
#
vnstatd = module
-# Layer: system
-# Module: brctl
+# Layer: admin
+# Module: vpn
#
-# Utilities for configuring the linux ethernet bridge
+# Virtual Private Networking client
#
-brctl = module
+vpn = module
# Layer: services
-# Module: telnet
+# Module: w3c
#
-# Telnet daemon
+# w3c
#
-telnet = module
+w3c = module
# Layer: services
-# Module: timidity
+# Module: wdmd
#
-# MIDI to WAV converter and player configured as a service
+# wdmd policy
#
-timidity = off
+wdmd = module
-# Layer: services
-# Module: tftp
+# Layer: role
+# Module: webadm
#
-# Trivial file transfer protocol daemon
+# Minimally prived root role for managing apache
#
-tftp = module
+webadm = module
-# Layer: services
-# Module: tuned
-#
-# Dynamic adaptive system tuning daemon
+# Layer: apps
+# Module: webalizer
#
-tuned = module
+# Web server log analysis
+#
+webalizer = module
-# Layer: services
-# Module: uucp
+# Layer: apps
+# Module: wine
#
-# Unix to Unix Copy
+# wine executable
#
-uucp = module
+wine = module
-# Layer: services
-# Module: uuidd
+# Layer: apps
+# Module: wireshark
#
-# UUID generation daemon
+# wireshark executable
#
-uuidd = module
+wireshark = module
-# Layer: apps
-# Module: webalizer
+# Layer: system
+# Module: xen
#
-# Web server log analysis
+# virtualization software
#
-webalizer = module
+xen = module
# Layer: services
-# Module: xserver
+# Module: zabbix
#
-# X windows login display manager
-#
-xserver = module
+# Open-source monitoring solution for your IT infrastructure
+#
+zabbix = module
# Layer: services
# Module: zarafa
@@ -2033,540 +2613,565 @@ zebra = module
#
zoneminder = module
-# Layer: admin
-# Module: usermanage
-#
-# Policy for managing user accounts.
-#
-usermanage = module
-
-# Layer: admin
-# Module: updfstab
+# Layer: services
+# Module: zosremote
#
-# Red Hat utility to change /etc/fstab.
+# policy for z/OS Remote-services Audit dispatcher plugin</summary>
#
-updfstab = module
+zosremote = module
-# Layer: admin
-# Module: vpn
-#
-# Virtual Private Networking client
+# Layer: contrib
+# Module: thin
#
-vpn = module
-
-# Layer: kernel
-# Module: terminal
-# Required in base
-#
-# Policy for terminals.
+# Policy for thin
#
-terminal = base
+thin = module
-# Layer: admin
-# Module: tmpreaper
-#
-# Manage temporary directory sizes and file ages
+# Layer: contrib
+# Module: mandb
#
-tmpreaper = module
-
-# Layer: admin
-# Module: amtu
-#
-# Abstract Machine Test Utility (AMTU)
+# Policy for mandb
#
-amtu = module
+mandb = module
# Layer: services
-# Module: zabbix
+# Module: pki
#
-# Open-source monitoring solution for your IT infrastructure
+# policy for pki
#
-zabbix = module
+pki = module
# Layer: services
-# Module: apcupsd
+# Module: smsd
#
-# daemon for most APC’s UPS for Linux
+# policy for smsd
#
-apcupsd = module
+smsd = module
-# Layer: services
-# Module: aide
+# Layer: contrib
+# Module: pesign
#
-# Policy for aide
-#
-aide = module
-
-# Layer: services
-# Module: w3c
+# policy for pesign
#
-# w3c
-#
-w3c = module
+pesign = module
-# Layer: services
-# Module: plymouthd
+# Layer: contrib
+# Module: nsd
#
-# Plymouth
-#
-plymouthd = module
+# Fast and lean authoritative DNS Name Server
+#
+nsd = module
-# Layer: services
-# Module: portreserve
+# Layer: contrib
+# Module: iodine
#
-# reserve ports to prevent portmap mapping them
-#
-portreserve = module
+# Fast and lean authoritative DNS Name Server
+#
+iodine = module
-# Layer: services
-# Module: rpcbind
+# Layer: contrib
+# Module: openhpid
+#
+# OpenHPI daemon runs as a background process and accepts connecti
#
-# universal addresses to RPC program number mapper
+openhpid = module
+
+# Layer: contrib
+# Module: watchdog
#
-rpcbind = module
+# Watchdog policy
+#
+watchdog = module
-# Layer: apps
-# Module: rssh
+# Layer: contrib
+# Module: oracleasm
+#
+# oracleasm policy
#
-# Restricted (scp/sftp) only shell
+oracleasm = module
+
+# Layer: contrib
+# Module: redis
#
-rssh = module
+# redis policy
+#
+redis = module
-# Layer: apps
-# Module: vmware
+# Layer: contrib
+# Module: hypervkvp
+#
+# hypervkvp policy
#
-# VMWare Workstation virtual machines
+hypervkvp = module
+
+# Layer: contrib
+# Module: lsm
#
-vmware = module
+# lsm policy
+#
+lsm = module
-# Layer: role
-# Module: dbadm
+# Layer: contrib
+# Module: motion
#
-# Minimally prived root role for managing databases
-#
-dbadm = module
+# Daemon for detect motion using a video4linux device
+motion = module
-# Layer: role
-# Module: logadm
+# Layer: contrib
+# Module: rtas
+#
+# rtas policy
#
-# Minimally prived root role for managing logging system
+rtas = module
+
+# Layer: contrib
+# Module: journalctl
#
-logadm = module
+# journalctl policy
+#
+journalctl = module
-# Layer: role
-# Module: secadm
+# Layer: contrib
+# Module: gdomap
+#
+# gdomap policy
#
-# secadm account on tty logins
+gdomap = module
+
+# Layer: contrib
+# Module: minidlna
#
-secadm = module
+# minidlna policy
+#
+minidlna = module
-# Layer: role
-# Module: auditadm
+# Layer: contrib
+# Module: minissdpd
+#
+# minissdpd policy
#
-# auditadm account on tty logins
+minissdpd = module
+
+# Layer: contrib
+# Module: freeipmi
#
-auditadm = module
+# Remote-Console (out-of-band) and System Management Software (in-band)
+# based on IntelligentPlatform Management Interface specification
+#
+freeipmi = module
+# Layer: contrib
+# Module: mirrormanager
+#
+# mirrormanager policy
+#
+mirrormanager = module
-# Layer: role
-# Module: webadm
+# Layer: contrib
+# Module: snapper
+#
+# snapper policy
#
-# Minimally prived root role for managing apache
+snapper = module
+
+# Layer: contrib
+# Module: pcp
#
-webadm = module
+# pcp policy
+#
+pcp = module
+# Layer: contrib
+# Module: geoclue
#
-# Layer: services
-# Module: exim
+# Add policy for Geoclue. Geoclue is a D-Bus service that provides location information
#
-# exim mail server
-#
-exim = module
+geoclue = module
-
-# Layer: services
-# Module: kismet
+# Layer: contrib
+# Module: rkhunter
#
-# Wireless sniffing and monitoring
-#
-kismet = module
-
-# Layer: services
-# Module: munin
+# rkhunter policy for /var/lib/rkhunter
#
-# Munin
-#
-munin = module
+rkhunter = module
-# Layer: services
-# Module: bitlbee
+# Layer: contrib
+# Module: bacula
#
-# An IRC to other chat networks gateway
-#
-bitlbee = module
-
-# Layer: admin
-# Module: sosreport
+# bacula policy
#
-# sosreport debuggin information generator
-#
-sosreport = module
+bacula = module
-# Layer: services
-# Module: soundserver
+# Layer: contrib
+# Module: rhnsd
#
-# sound server for network audio server programs, nasd, yiff, etc</summary>
-#
-soundserver = module
-
-# Layer: role
-# Module: unconfineduser
+# rhnsd policy
#
-# The unconfined user domain.
-#
-unconfineduser = module
+rhnsd = module
-# Module: staff
+# Layer: contrib
+# Module: mongodb
+#
+# mongodb policy
#
-# admin account
-#
-staff = module
-# Layer:role
-# Module: sysadm
+mongodb = module
+
+# Layer: contrib
+# Module: iotop
+#
+# iotop policy
#
-# System Administrator
-#
-sysadm = module
-# Layer:role
-# Module: sysadm_secadm
+iotop = module
+
+# Layer: contrib
+# Module: kmscon
+#
+# kmscon policy
#
-# System Administrator with Security Admin rules
-#
-sysadm_secadm = module
-# Layer: role
-# Module: unprivuser
+kmscon = module
+
+# Layer: contrib
+# Module: naemon
#
-# Minimally privs guest account on tty logins
-#
-unprivuser = module
+# naemon policy
+#
+naemon = module
-# Layer: services
-# Module: prelude
+# Layer: contrib
+# Module: brltty
#
-prelude = module
+# brltty policy
+#
+brltty = module
-# Layer: services
-# Module: pads
+# Layer: contrib
+# Module: cpuplug
#
-pads = module
+# cpuplug policy
+#
+cpuplug = module
-# Layer: apps
-# Module: podsleuth
+# Layer: contrib
+# Module: mon_statd
#
-# Podsleuth probes, identifies, and exposes properties and metadata bound to iPods.
-#
-podsleuth = module
+# mon_statd policy
+#
+mon_statd = module
+
+# Layer: contrib
+# Module: cinder
+#
+# openstack-cinder policy
+#
+cinder = module
-# Layer: role
-# Module: guest
+# Layer: contrib
+# Module: linuxptp
#
-# Minimally privs guest account on tty logins
-#
-guest = module
+# linuxptp policy
+#
+linuxptp = module
-# Layer: role
-# Module: xguest
+# Layer: contrib
+# Module: rolekit
#
-# Minimally privs guest account on X Windows logins
-#
-xguest = module
+# rolekit policy
+#
+rolekit = module
-# Layer: services
-# Module: cgroup
+# Layer: contrib
+# Module: targetd
#
-# Tools and libraries to control and monitor control groups
-#
-cgroup = module
+# targetd policy
+#
+targetd = module
-# Layer: services
-# Module: courier
+# Layer: contrib
+# Module: hsqldb
#
-# IMAP and POP3 email servers
-#
-courier = module
+# Hsqldb is transactional database engine with in-memory and disk-based tables, supporting embedded and server modes.
+#
+hsqldb = module
-# Layer: services
-# Module: denyhosts
+# Layer: contrib
+# Module: blkmapd
#
-# script to help thwart ssh server attacks
-#
-denyhosts = module
+# The blkmapd daemon performs device discovery and mapping for pNFS block layout client.
+#
+blkmapd = module
-# Layer: apps
-# Module: livecd
+# Layer: contrib
+# Module: pkcs11proxyd
#
-# livecd creator
-#
-livecd = module
+# pkcs11proxyd policy
+#
+pkcs11proxyd = module
-# Layer: services
-# Module: snort
+# Layer: contrib
+# Module: ipmievd
#
-# Snort network intrusion detection system
-#
-snort = module
+# IPMI event daemon for sending events to syslog
+#
+ipmievd = module
-# Layer: services
-# Module: memcached
+# Layer: contrib
+# Module: openfortivpn
#
-# high-performance memory object caching system
-#
-memcached = module
+# Fortinet compatible SSL VPN daemons.
+#
+openfortivpn = module
-# Layer: system
-# Module: netlabel
+# Layer: contrib
+# Module: fwupd
#
-# Basic netlabel types and interfaces.
-#
-netlabel = module
+# fwupd is a daemon to allow session software to update device firmware.
+#
+fwupd = module
-# Layer: services
-# Module: zosremote
+# Layer: contrib
+# Module: lttng-tools
#
-# policy for z/OS Remote-services Audit dispatcher plugin</summary>
-#
-zosremote = module
+# LTTng 2.x central tracing registry session daemon.
+#
+lttng-tools = module
-# Layer: services
-# Module: pingd
+# Layer: contrib
+# Module: rkt
#
-#
-pingd = module
+# CLI for running app containers
+#
+rkt = module
-# Layer: services
-# Module: milter
+# Layer: contrib
+# Module: opendnssec
#
-#
-#
-milter = module
+# opendnssec
+#
+opendnssec = module
-# Layer: services
-# Module: keyboardd
+# Layer: contrib
+# Module: hwloc
#
-# system-setup-keyboard is a keyboard layout daemon that monitors
-# /etc/sysconfig/keyboard and writes out an xorg.conf.d snippet
+# hwloc
#
-keyboardd = module
+hwloc = module
-# Layer: services
-# Module: keystone
+# Layer: contrib
+# Module: sbd
#
-# openstack-keystone
+# sbd
#
-keystone = module
+sbd = module
-# Layer: services
-# Module: firewalld
+# Layer: contrib
+# Module: tlp
#
-# firewalld is firewall service daemon that provides dynamic customizable
-#
-firewalld = module
+# tlp
+#
+tlp = module
-# Layer: apps
-# Module: namespace
+# Layer: contrib
+# Module: conntrackd
#
-# policy for namespace.init script
+# conntrackd
#
-namespace = module
+conntrackd = module
-# Layer: services
-# Module: rhev
+# Layer: contrib
+# Module: tangd
#
-# rhev policy module contains policies for rhev apps
+# tangd
#
-rhev = module
+tangd = module
-# Layer: services
-# Module: dspam
+# Layer: contrib
+# Module: ibacm
#
-# dspam - library and Mail Delivery Agent for Bayesian SPAM filtering
+# ibacm
#
-dspam = module
+ibacm = module
-# Layer: services
-# Module: lldpad
+# Layer: contrib
+# Module: opafm
#
-# lldpad - Link Layer Discovery Protocol (LLDP) agent daemon
+# opafm
#
-lldpad = module
+opafm = module
-# Layer: services
-# Module: rhsmcertd
+# Layer: contrib
+# Module: boltd
#
-# Subscription Management Certificate Daemon policy
+# boltd
#
-rhsmcertd = module
+boltd = module
-# Layer: services
-# Module: ctdbd
+# Layer: contrib
+# Module: kpatch
#
-# ctdbd - The CTDB cluster daemon
+# kpatch
#
-ctdbd = module
+kpatch = module
-# Layer: services
-# Module: fcoemon
+# Layer: contrib
+# Module: timedatex
#
-# fcoemon
+# timedatex
#
-fcoemon = module
+timedatex = module
-# Layer: services
-# Module: sblim
+# Layer: contrib
+# Module: rrdcached
#
-# sblim
+# rrdcached
#
-sblim = module
+rrdcached = module
-# Layer: services
-# Module: cfengine
+# Layer: contrib
+# Module: stratisd
#
-# cfengine
+# stratisd
#
-cfengine = module
+stratisd = module
-# Layer: services
-# Module: pacemaker
+# Layer: contrib
+# Module: ica
#
-# pacemaker
+# ica
#
-pacemaker = module
+ica = module
-# Layer: services
-# Module: polipo
+# Layer: contrib
+# Module: fedoratp
#
-# polipo
+# fedoratp
#
-polipo = module
+fedoratp = module
-# Layer: services
-# Module: nova
+# Layer: contrib
+# Module: insights_client
#
-# openstack-nova
+# insights_client
#
-nova = module
+insights_client = module
-# Layer: services
-# Module: rabbitmq
+# Layer: contrib
+# Module: stalld
#
-# rabbitmq daemons
+# stalld
#
-rabbitmq = module
+stalld = module
-# Layer: services
-# Module: cloudform
-#
-# cloudform daemons
+# Layer: contrib
+# Module: rhcd
#
-cloudform = module
+# rhcd
+#
+rhcd = module
-# Layer: services
-# Module: obex
-#
-# policy for obex-data-server
+# Layer: contrib
+# Module: wireguard
#
-obex = module
+# wireguard
+#
+wireguard = module
-# Layer: services
-# Module: sge
-#
-# policy for grindengine MPI jobs
+# Layer: contrib
+# Module: mptcpd
#
-sge = module
+# mptcpd
+#
+mptcpd = module
-# Layer: apps
-# Module: jockey
-#
-# policy for jockey-backend
+# Layer: contrib
+# Module: rshim
#
-jockey = module
+# rshim
+#
+rshim = module
-# Layer: services
-# Module: numad
-#
-# numad - user-level daemon that provides advice and managment for optimum use of CPUs and memory on systems with NUMA topology
+# Layer: contrib
+# Module: keyutils
#
-numad = module
+# keyutils
+#
+keyutils = module
-# Layer: services
-# Module: condor
-#
-# policy for condor
-#
-condor = module
+# Layer: contrib
+# Module: cifsutils
+#
+# cifsutils - Utilities for managing CIFS mounts
+#
+cifsutils = module
-# Layer: services
-# Module: svnserve
-#
-# policy for subversion service
-#
-svnserve = module
+# Layer: contrib
+# Module: boothd
+#
+# boothd - Booth cluster ticket manager
+#
+boothd = module
-# Layer: apps
-# Module: man2html
-#
-# policy for man2html apps
-#
-man2html = module
+# Layer: contrib
+# Module: kafs
+#
+# kafs - Tools for kAFS
+#
+kafs = module
# Layer: contrib
-# Module: glusterd
-#
-# policy for glusterd service
+# Module: bootupd
#
-glusterd = module
+# bootupd - bootloader update daemon
+#
+bootupd = module
# Layer: contrib
-# Module: glusterd
-#
-# policy for tomcat service
+# Module: fdo
#
-tomcat = module
+# fdo - fido device onboard protocol for IoT devices
+#
+fdo = module
# Layer: contrib
-# Module: php-fpm
-#
-# PHP-FPM is an alternative PHP FastCGI implementation
+# Module: qatlib
+#
+# qatlib - Intel QuickAssist technology library and resources management
+#
+qatlib = module
+
+# Layer: services
+# Module: virt_supplementary
#
-phpfpm = module
+# non-libvirt virtualization libraries
+#
+virt_supplementary = module
# Layer: contrib
-# Module: stapserver
-#
-# Instrumentation System Server
+# Module: nvme_stas
#
-stapserver = module
+# nvme_stas
+#
+nvme_stas = module
# Layer: contrib
-# Module: stapserver
-#
-# dbus system service which manages discovery and enrollment in realms and domains like Active Directory or IPA
+# Module: coreos_installer
#
-realmd = module
+# coreos_installer
+#
+coreos_installer = module
# Layer: contrib
-# Module: docker
-#
-# The open-source application container engine
+# Module: afterburn
#
-docker = module
+# afterburn
+#
+afterburn = module
# Layer: contrib
-# Module: ica
+# Module: sap
#
-# ica
+# sap
#
-ica = module
+sap = module
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 4bedeee..d615032 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -21,18 +21,16 @@ Version: 41.8
Release: 1%{?dist}
License: GPL-2.0-or-later
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
-Source1: modules-targeted-base.conf
-Source31: modules-targeted-contrib.conf
+Source1: modules-targeted.conf
Source2: booleans-targeted.conf
Source3: Makefile.devel
Source4: setrans-targeted.conf
-Source5: modules-mls-base.conf
-Source32: modules-mls-contrib.conf
+Source5: modules-mls.conf
Source6: booleans-mls.conf
Source8: setrans-mls.conf
Source14: securetty_types-targeted
Source15: securetty_types-mls
-#Source16: modules-minimum.conf
+Source16: modules-minimum.lst
Source17: booleans-minimum.conf
Source18: setrans-minimum.conf
Source19: securetty_types-minimum
@@ -182,12 +180,7 @@ cp -f selinux_config/users-%1 ./policy/users \
#cp -f selinux_config/modules-%1-base.conf ./policy/modules.conf \
%define makeModulesConf() \
-cp -f selinux_config/modules-%1-%2.conf ./policy/modules-base.conf \
-cp -f selinux_config/modules-%1-%2.conf ./policy/modules.conf \
-if [ %3 == "contrib" ];then \
- cp selinux_config/modules-%1-%3.conf ./policy/modules-contrib.conf; \
- cat selinux_config/modules-%1-%3.conf >> ./policy/modules.conf; \
-fi; \
+cp -f selinux_config/modules-%1.conf ./policy/modules.conf
%define installCmds() \
%make_build %common_params UNK_PERMS=%3 NAME=%1 TYPE=%2 base.pp \
@@ -263,8 +256,7 @@ rm -f %{buildroot}%{_sharedstatedir}/selinux/%1/active/*.linked \
%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/staff_u \
%dir %{_datadir}/selinux/%1 \
%{_datadir}/selinux/%1/base.lst \
-%{_datadir}/selinux/%1/modules-base.lst \
-%{_datadir}/selinux/%1/modules-contrib.lst \
+%{_datadir}/selinux/%1/modules.lst \
%{_datadir}/selinux/%1/nonbasemodules.lst \
%dir %{_sharedstatedir}/selinux/%1 \
%verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/commit_num \
@@ -337,16 +329,12 @@ else \
fi;
%define modulesList() \
-awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "%%s ", $1 }' ./policy/modules-base.conf > %{buildroot}%{_datadir}/selinux/%1/modules-base.lst \
-awk '$1 !~ "/^#/" && $2 == "=" && $3 == "base" { printf "%%s ", $1 }' ./policy/modules-base.conf > %{buildroot}%{_datadir}/selinux/%1/base.lst \
-if [ -e ./policy/modules-contrib.conf ];then \
- awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "%%s ", $1 }' ./policy/modules-contrib.conf > %{buildroot}%{_datadir}/selinux/%1/modules-contrib.lst; \
-fi;
+awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "%%s ", $1 }' ./policy/modules.conf > %{buildroot}%{_datadir}/selinux/%1/modules.lst \
+awk '$1 !~ "/^#/" && $2 == "=" && $3 == "base" { printf "%%s ", $1 }' ./policy/modules.conf > %{buildroot}%{_datadir}/selinux/%1/base.lst \
%define nonBaseModulesList() \
-contrib_modules=`cat %{buildroot}%{_datadir}/selinux/%1/modules-contrib.lst` \
-base_modules=`cat %{buildroot}%{_datadir}/selinux/%1/modules-base.lst` \
-for i in $contrib_modules $base_modules; do \
+modules=`cat %{buildroot}%{_datadir}/selinux/%1/modules.lst` \
+for i in $modules; do \
if [ $i != "sandbox" ];then \
echo "%verify(not md5 size mtime) %{_sharedstatedir}/selinux/%1/active/modules/100/$i" >> %{buildroot}%{_datadir}/selinux/%1/nonbasemodules.lst \
fi; \
@@ -419,7 +407,7 @@ end
tar -C policy/modules/contrib -xf %{SOURCE35}
mkdir selinux_config
-for i in %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} %{SOURCE8} %{SOURCE14} %{SOURCE15} %{SOURCE17} %{SOURCE18} %{SOURCE19} %{SOURCE20} %{SOURCE22} %{SOURCE23} %{SOURCE25} %{SOURCE26} %{SOURCE31} %{SOURCE32};do
+for i in %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} %{SOURCE8} %{SOURCE14} %{SOURCE15} %{SOURCE17} %{SOURCE18} %{SOURCE19} %{SOURCE20} %{SOURCE22} %{SOURCE23} %{SOURCE25} %{SOURCE26};do
cp $i selinux_config
done
@@ -452,7 +440,7 @@ make clean
%if %{with targeted}
# Build targeted policy
%makeCmds targeted mcs allow
-%makeModulesConf targeted base contrib
+%makeModulesConf targeted
%installCmds targeted mcs allow
# install permissivedomains.cil
%{_sbindir}/semodule -p %{buildroot} -X 100 -s targeted -i %{SOURCE28}
@@ -467,9 +455,10 @@ mv sandbox.pp %{buildroot}%{_datadir}/selinux/packages/sandbox.pp
%if %{with minimum}
# Build minimum policy
%makeCmds minimum mcs allow
-%makeModulesConf targeted base contrib
+%makeModulesConf targeted
%installCmds minimum mcs allow
rm -rf %{buildroot}%{_sharedstatedir}/selinux/minimum/active/modules/100/sandbox
+install -m 644 %{SOURCE16} %{buildroot}%{_datadir}/selinux/minimum/modules-enabled.lst
%modulesList minimum
%nonBaseModulesList minimum
%endif
@@ -477,7 +466,7 @@ rm -rf %{buildroot}%{_sharedstatedir}/selinux/minimum/active/modules/100/sandbox
%if %{with mls}
# Build mls policy
%makeCmds mls mls deny
-%makeModulesConf mls base contrib
+%makeModulesConf mls
%installCmds mls mls deny
%modulesList mls
%nonBaseModulesList mls
@@ -697,16 +686,17 @@ fi
%post minimum
%checkConfigConsistency minimum
-contribpackages=`cat %{_datadir}/selinux/minimum/modules-contrib.lst`
-basepackages=`cat %{_datadir}/selinux/minimum/modules-base.lst`
+modules=`cat %{_datadir}/selinux/minimum/modules.lst`
+basemodules=`cat %{_datadir}/selinux/minimum/base.lst`
+enabledmodules=`cat %{_datadir}/selinux/minimum/modules-enabled.lst`
if [ ! -d %{_sharedstatedir}/selinux/minimum/active/modules/disabled ]; then
mkdir %{_sharedstatedir}/selinux/minimum/active/modules/disabled
fi
if [ $1 -eq 1 ]; then
-for p in $contribpackages; do
+for p in $modules; do
touch %{_sharedstatedir}/selinux/minimum/active/modules/disabled/$p
done
-for p in $basepackages apache dbus inetd kerberos mta nis; do
+for p in $basemodules $enabledmodules; do
rm -f %{_sharedstatedir}/selinux/minimum/active/modules/disabled/$p
done
%{_sbindir}/semanage import -S minimum -f - << __eof
@@ -717,7 +707,7 @@ __eof
%{_sbindir}/semodule -B -s minimum
else
instpackages=`cat %{_datadir}/selinux/minimum/instmodules.lst`
-for p in $contribpackages; do
+for p in $packages; do
touch %{_sharedstatedir}/selinux/minimum/active/modules/disabled/$p
done
for p in $instpackages apache dbus inetd kerberos mta nis; do
@@ -774,6 +764,7 @@ exit 0
%config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/unconfined_u
%config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/sysadm_u
%fileList minimum
+%{_datadir}/selinux/minimum/modules-enabled.lst
%endif
%if %{with mls}