diff --git a/policy/modules/services/postfix.if b/policy/modules/services/postfix.if
index aed3720..7391f7e 100644
--- a/policy/modules/services/postfix.if
+++ b/policy/modules/services/postfix.if
@@ -710,8 +710,8 @@ interface(`postfix_admin',`
allow $1 postfix_smtpd_t:process { ptrace signal_perms };
ps_process_pattern($1, postfix_smtpd_t)
- postfix_run_map($1,$2)
- postfix_run_postdrop($1,$2)
+ postfix_run_map($1, $2)
+ postfix_run_postdrop($1, $2)
postfix_initrc_domtrans($1)
domain_system_change_exemption($1)
diff --git a/policy/modules/services/postgresql.if b/policy/modules/services/postgresql.if
index d78db2c..9284534 100644
--- a/policy/modules/services/postgresql.if
+++ b/policy/modules/services/postgresql.if
@@ -10,7 +10,7 @@
##
##
##
-##
+##
## The type of the user domain.
##
##
@@ -312,7 +312,7 @@ interface(`postgresql_stream_connect',`
files_search_pids($1)
files_search_tmp($1)
- stream_connect_pattern($1, { postgresql_var_run_t postgresql_tmp_t}, { postgresql_var_run_t postgresql_tmp_t}, postgresql_t)
+ stream_connect_pattern($1, { postgresql_var_run_t postgresql_tmp_t }, { postgresql_var_run_t postgresql_tmp_t }, postgresql_t)
')
########################################
diff --git a/policy/modules/services/ppp.if b/policy/modules/services/ppp.if
index 0cb9b4e..19d9b59 100644
--- a/policy/modules/services/ppp.if
+++ b/policy/modules/services/ppp.if
@@ -355,7 +355,7 @@ interface(`ppp_admin',`
type pppd_t, pppd_tmp_t, pppd_log_t, pppd_lock_t;
type pppd_etc_t, pppd_secret_t, pppd_var_run_t;
type pptp_t, pptp_log_t, pptp_var_run_t;
- type pppd_initrc_exec_t, pppd_etc_rw_t;
+ type pppd_initrc_exec_t, pppd_etc_rw_t;
')
allow $1 pppd_t:process { ptrace signal_perms };
diff --git a/policy/modules/services/prelude.if b/policy/modules/services/prelude.if
index 737aa10..77ef768 100644
--- a/policy/modules/services/prelude.if
+++ b/policy/modules/services/prelude.if
@@ -5,9 +5,9 @@
## Execute a domain transition to run prelude.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`prelude_domtrans',`
@@ -23,9 +23,9 @@ interface(`prelude_domtrans',`
## Execute a domain transition to run prelude_audisp.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`prelude_domtrans_audisp',`
@@ -41,9 +41,9 @@ interface(`prelude_domtrans_audisp',`
## Signal the prelude_audisp domain.
##
##
-##
+##
## Domain allowed acccess.
-##
+##
##
#
interface(`prelude_signal_audisp',`
@@ -78,9 +78,9 @@ interface(`prelude_read_spool',`
## Manage to prelude-manager spool files.
##
##
-##
+##
## Domain allowed access.
-##
+##
##
#
interface(`prelude_manage_spool',`
diff --git a/policy/modules/services/procmail.if b/policy/modules/services/procmail.if
index 5bfbd7b..166e9c3 100644
--- a/policy/modules/services/procmail.if
+++ b/policy/modules/services/procmail.if
@@ -93,7 +93,6 @@ interface(`procmail_read_home_files',`
type procmail_home_t;
')
- userdom_search_user_home_dirs($1)
+ userdom_search_user_home_dirs($1)
read_files_pattern($1, procmail_home_t, procmail_home_t)
')
-
diff --git a/policy/modules/services/psad.if b/policy/modules/services/psad.if
index 3fc5163..a45fc22 100644
--- a/policy/modules/services/psad.if
+++ b/policy/modules/services/psad.if
@@ -91,7 +91,6 @@ interface(`psad_manage_config',`
files_search_etc($1)
manage_dirs_pattern($1, psad_etc_t, psad_etc_t)
manage_files_pattern($1, psad_etc_t, psad_etc_t)
-
')
########################################
diff --git a/policy/modules/services/puppet.if b/policy/modules/services/puppet.if
index 2855a44..0456b11 100644
--- a/policy/modules/services/puppet.if
+++ b/policy/modules/services/puppet.if
@@ -21,7 +21,7 @@
##
##
#
-interface(`puppet_rw_tmp', `
+interface(`puppet_rw_tmp',`
gen_require(`
type puppet_tmp_t;
')
diff --git a/policy/modules/services/pyzor.if b/policy/modules/services/pyzor.if
index 748e7d3..0059cc7 100644
--- a/policy/modules/services/pyzor.if
+++ b/policy/modules/services/pyzor.if
@@ -114,7 +114,7 @@ interface(`pyzor_admin',`
allow $1 pyzord_t:process { ptrace signal_perms };
ps_process_pattern($1, pyzord_t)
-
+
init_labeled_script_domtrans($1, pyzord_initrc_exec_t)
domain_system_change_exemption($1)
role_transition $2 pyzord_initrc_exec_t system_r;
@@ -132,5 +132,3 @@ interface(`pyzor_admin',`
files_list_var_lib($1)
admin_pattern($1, pyzor_var_lib_t)
')
-
-
diff --git a/policy/modules/services/qpidd.if b/policy/modules/services/qpidd.if
index f97e16c..3102e24 100644
--- a/policy/modules/services/qpidd.if
+++ b/policy/modules/services/qpidd.if
@@ -1,4 +1,3 @@
-
## policy for qpidd
########################################
@@ -6,9 +5,9 @@
## Execute a domain transition to run qpidd.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`qpidd_domtrans',`
@@ -19,7 +18,6 @@ interface(`qpidd_domtrans',`
domtrans_pattern($1, qpidd_exec_t, qpidd_t)
')
-
########################################
##
## Execute qpidd server in the qpidd domain.
@@ -72,12 +70,11 @@ interface(`qpidd_manage_var_run',`
type qpidd_var_run_t;
')
- manage_dirs_pattern($1, qpidd_var_run_t, qpidd_var_run_t)
- manage_files_pattern($1, qpidd_var_run_t, qpidd_var_run_t)
- manage_lnk_files_pattern($1, qpidd_var_run_t, qpidd_var_run_t)
+ manage_dirs_pattern($1, qpidd_var_run_t, qpidd_var_run_t)
+ manage_files_pattern($1, qpidd_var_run_t, qpidd_var_run_t)
+ manage_lnk_files_pattern($1, qpidd_var_run_t, qpidd_var_run_t)
')
-
########################################
##
## Search qpidd lib directories.
@@ -113,7 +110,7 @@ interface(`qpidd_read_lib_files',`
')
files_search_var_lib($1)
- read_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t)
+ read_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t)
')
########################################
@@ -133,7 +130,7 @@ interface(`qpidd_manage_lib_files',`
')
files_search_var_lib($1)
- manage_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t)
+ manage_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t)
')
########################################
@@ -151,12 +148,11 @@ interface(`qpidd_manage_var_lib',`
type qpidd_var_lib_t;
')
- manage_dirs_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t)
- manage_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t)
- manage_lnk_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t)
+ manage_dirs_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t)
+ manage_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t)
+ manage_lnk_files_pattern($1, qpidd_var_lib_t, qpidd_var_lib_t)
')
-
########################################
##
## All of the rules required to administrate
@@ -181,7 +177,6 @@ interface(`qpidd_admin',`
allow $1 qpidd_t:process { ptrace signal_perms };
ps_process_pattern($1, qpidd_t)
-
# Allow qpidd_t to restart the apache service
qpidd_initrc_domtrans($1)
@@ -192,41 +187,40 @@ interface(`qpidd_admin',`
qpidd_manage_var_run($1)
qpidd_manage_var_lib($1)
-
')
#####################################
##
-## Allow read and write access to qpidd semaphores.
+## Allow read and write access to qpidd semaphores.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`qpidd_rw_semaphores',`
- gen_require(`
- type qpidd_t;
- ')
+ gen_require(`
+ type qpidd_t;
+ ')
- allow $1 qpidd_t:sem rw_sem_perms;
+ allow $1 qpidd_t:sem rw_sem_perms;
')
########################################
##
-## Read and write to qpidd shared memory.
+## Read and write to qpidd shared memory.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`qpidd_rw_shm',`
- gen_require(`
- type qpidd_t;
- ')
+ gen_require(`
+ type qpidd_t;
+ ')
- allow $1 qpidd_t:shm rw_shm_perms;
+ allow $1 qpidd_t:shm rw_shm_perms;
')
diff --git a/policy/modules/services/razor.if b/policy/modules/services/razor.if
index 13ad2fe..353bcae 100644
--- a/policy/modules/services/razor.if
+++ b/policy/modules/services/razor.if
@@ -26,6 +26,7 @@ template(`razor_common_domain_template',`
gen_require(`
type razor_exec_t, razor_etc_t, razor_log_t, razor_var_lib_t;
')
+
type $1_t;
domain_type($1_t)
domain_entry_file($1_t, razor_exec_t)
@@ -197,4 +198,3 @@ interface(`razor_read_lib_files',`
files_search_var_lib($1)
read_files_pattern($1, razor_var_lib_t, razor_var_lib_t)
')
-
diff --git a/policy/modules/services/rgmanager.if b/policy/modules/services/rgmanager.if
index 7ef312e..c8b7eec 100644
--- a/policy/modules/services/rgmanager.if
+++ b/policy/modules/services/rgmanager.if
@@ -5,9 +5,9 @@
## Execute a domain transition to run rgmanager.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`rgmanager_domtrans',`
@@ -78,20 +78,20 @@ interface(`rgmanager_manage_tmpfs_files',`
#######################################
##
-## Allow read and write access to rgmanager semaphores.
+## Allow read and write access to rgmanager semaphores.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`rgmanager_rw_semaphores',`
- gen_require(`
- type rgmanager_t;
- ')
+ gen_require(`
+ type rgmanager_t;
+ ')
- allow $1 rgmanager_t:sem { unix_read unix_write associate read write };
+ allow $1 rgmanager_t:sem { unix_read unix_write associate read write };
')
######################################
@@ -100,9 +100,9 @@ interface(`rgmanager_rw_semaphores',`
## an rgmanager environment
##
##
-##
+##
## Domain allowed access.
-##
+##
##
##
##
@@ -115,7 +115,7 @@ interface(`rgmanager_admin',`
gen_require(`
type rgmanager_t, rgmanager_initrc_exec_t, rgmanager_tmp_t;
type rgmanager_tmpfs_t, rgmanager_var_log_t, rgmanager_var_run_t;
- ')
+ ')
allow $1 rgmanager_t:process { ptrace signal_perms };
ps_process_pattern($1, rgmanager_t)
diff --git a/policy/modules/services/rhcs.if b/policy/modules/services/rhcs.if
index 30c9aff..fc1a945 100644
--- a/policy/modules/services/rhcs.if
+++ b/policy/modules/services/rhcs.if
@@ -51,7 +51,6 @@ template(`rhcs_domain_template',`
manage_fifo_files_pattern($1_t, $1_var_run_t, $1_var_run_t)
manage_sock_files_pattern($1_t, $1_var_run_t, $1_var_run_t)
files_pid_filetrans($1_t, $1_var_run_t, { file fifo_file })
-
')
######################################
@@ -59,9 +58,9 @@ template(`rhcs_domain_template',`
## Execute a domain transition to run dlm_controld.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`rhcs_domtrans_dlm_controld',`
@@ -358,40 +357,40 @@ interface(`rhcs_rw_cluster_shm',`
####################################
##
-## Read and write access to cluster domains semaphores.
+## Read and write access to cluster domains semaphores.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`rhcs_rw_cluster_semaphores',`
- gen_require(`
+ gen_require(`
attribute cluster_domain;
- ')
+ ')
- allow $1 cluster_domain:sem { rw_sem_perms destroy };
+ allow $1 cluster_domain:sem { rw_sem_perms destroy };
')
####################################
##
-## Connect to cluster domains over a unix domain
-## stream socket.
+## Connect to cluster domains over a unix domain
+## stream socket.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`rhcs_stream_connect_cluster',`
- gen_require(`
- attribute cluster_domain, cluster_pid;
- ')
+ gen_require(`
+ attribute cluster_domain, cluster_pid;
+ ')
- files_search_pids($1)
- stream_connect_pattern($1, cluster_pid, cluster_pid, cluster_domain)
+ files_search_pids($1)
+ stream_connect_pattern($1, cluster_pid, cluster_pid, cluster_domain)
')
######################################
@@ -433,19 +432,19 @@ interface(`rhcs_read_qdiskd_tmpfs_files',`
######################################
##
-## Allow domain to read cluster lib files
+## Allow domain to read cluster lib files
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`rhcs_read_cluster_lib_files',`
- gen_require(`
- type cluster_var_lib_t;
- ')
+ gen_require(`
+ type cluster_var_lib_t;
+ ')
- files_search_var_lib($1)
- read_files_pattern($1, cluster_var_lib_t, cluster_var_lib_t)
+ files_search_var_lib($1)
+ read_files_pattern($1, cluster_var_lib_t, cluster_var_lib_t)
')
diff --git a/policy/modules/services/ricci.if b/policy/modules/services/ricci.if
index 8a28c31..236fd6d 100644
--- a/policy/modules/services/ricci.if
+++ b/policy/modules/services/ricci.if
@@ -5,9 +5,9 @@
## Execute a domain transition to run ricci.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`ricci_domtrans',`
@@ -20,20 +20,20 @@ interface(`ricci_domtrans',`
#######################################
##
-## Execute ricci server in the ricci domain.
+## Execute ricci server in the ricci domain.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
-interface(`ricci_initrc_domtrans', `
- gen_require(`
- type ricci_initrc_exec_t;
- ')
+interface(`ricci_initrc_domtrans',`
+ gen_require(`
+ type ricci_initrc_exec_t;
+ ')
- init_labeled_script_domtrans($1, ricci_initrc_exec_t)
+ init_labeled_script_domtrans($1, ricci_initrc_exec_t)
')
########################################
@@ -41,9 +41,9 @@ interface(`ricci_initrc_domtrans', `
## Execute a domain transition to run ricci_modcluster.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`ricci_domtrans_modcluster',`
@@ -134,9 +134,9 @@ interface(`ricci_rw_modclusterd_tmpfs_files',`
## Execute a domain transition to run ricci_modlog.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`ricci_domtrans_modlog',`
@@ -152,9 +152,9 @@ interface(`ricci_domtrans_modlog',`
## Execute a domain transition to run ricci_modrpm.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`ricci_domtrans_modrpm',`
@@ -170,9 +170,9 @@ interface(`ricci_domtrans_modrpm',`
## Execute a domain transition to run ricci_modservice.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`ricci_domtrans_modservice',`
@@ -188,9 +188,9 @@ interface(`ricci_domtrans_modservice',`
## Execute a domain transition to run ricci_modstorage.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`ricci_domtrans_modstorage',`
@@ -203,22 +203,22 @@ interface(`ricci_domtrans_modstorage',`
####################################
##
-## Allow the specified domain to manage ricci's lib files.
+## Allow the specified domain to manage ricci's lib files.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`ricci_manage_lib_files',`
- gen_require(`
- type ricci_var_lib_t;
- ')
+ gen_require(`
+ type ricci_var_lib_t;
+ ')
- files_search_var_lib($1)
- manage_dirs_pattern($1, ricci_var_lib_t, ricci_var_lib_t)
- manage_files_pattern($1, ricci_var_lib_t, ricci_var_lib_t)
+ files_search_var_lib($1)
+ manage_dirs_pattern($1, ricci_var_lib_t, ricci_var_lib_t)
+ manage_files_pattern($1, ricci_var_lib_t, ricci_var_lib_t)
')
########################################
@@ -254,7 +254,7 @@ interface(`ricci_admin',`
files_list_tmp($1)
admin_pattern($1, ricci_tmp_t)
-
+
files_list_var_lib($1)
admin_pattern($1, ricci_var_lib_t)
diff --git a/policy/modules/services/rpc.if b/policy/modules/services/rpc.if
index b65be0c..1de66f7 100644
--- a/policy/modules/services/rpc.if
+++ b/policy/modules/services/rpc.if
@@ -32,7 +32,7 @@ interface(`rpc_stub',`
##
##
#
-template(`rpc_domain_template', `
+template(`rpc_domain_template',`
########################################
#
# Declarations
diff --git a/policy/modules/services/rpcbind.if b/policy/modules/services/rpcbind.if
index 14173f7..0458ba7 100644
--- a/policy/modules/services/rpcbind.if
+++ b/policy/modules/services/rpcbind.if
@@ -5,9 +5,9 @@
## Execute a domain transition to run rpcbind.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`rpcbind_domtrans',`
diff --git a/policy/modules/services/rsync.if b/policy/modules/services/rsync.if
index eefa329..a4fddce 100644
--- a/policy/modules/services/rsync.if
+++ b/policy/modules/services/rsync.if
@@ -109,9 +109,9 @@ interface(`rsync_exec',`
## Read rsync config files.
##
##
-##
+##
## Domain allowed access.
-##
+##
##
#
interface(`rsync_read_config',`
@@ -128,9 +128,9 @@ interface(`rsync_read_config',`
## Write to rsync config files.
##
##
-##
+##
## Domain allowed access.
-##
+##
##
#
interface(`rsync_write_config',`
@@ -147,9 +147,9 @@ interface(`rsync_write_config',`
## Manage rsync config files.
##
##
-##
+##
## Domain allowed.
-##
+##
##
#
interface(`rsync_manage_config',`
diff --git a/policy/modules/services/rtkit.if b/policy/modules/services/rtkit.if
index 21079f8..62d2628 100644
--- a/policy/modules/services/rtkit.if
+++ b/policy/modules/services/rtkit.if
@@ -5,9 +5,9 @@
## Execute a domain transition to run rtkit_daemon.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`rtkit_daemon_domtrans',`
diff --git a/policy/modules/services/rwho.if b/policy/modules/services/rwho.if
index 71ea0ea..664e68e 100644
--- a/policy/modules/services/rwho.if
+++ b/policy/modules/services/rwho.if
@@ -5,9 +5,9 @@
## Execute a domain transition to run rwho.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`rwho_domtrans',`
diff --git a/policy/modules/services/varnishd.if b/policy/modules/services/varnishd.if
index 0f8e213..b6121a6 100644
--- a/policy/modules/services/varnishd.if
+++ b/policy/modules/services/varnishd.if
@@ -58,7 +58,7 @@ interface(`varnishd_read_config',`
#####################################
##
-## Read varnish lib files.
+## Read varnish lib files.
##
##
##
diff --git a/policy/modules/services/vnstatd.if b/policy/modules/services/vnstatd.if
index 6144fb1..8780a8a 100644
--- a/policy/modules/services/vnstatd.if
+++ b/policy/modules/services/vnstatd.if
@@ -1,15 +1,13 @@
-
## policy for vnstatd
-
########################################
##
## Execute a domain transition to run vnstatd.
##
##
-##
+##
## Domain allowed access.
-##
+##
##
#
interface(`vnstatd_domtrans',`
@@ -20,16 +18,14 @@ interface(`vnstatd_domtrans',`
domtrans_pattern($1, vnstatd_exec_t, vnstatd_t)
')
-
-
########################################
##
## Execute a domain transition to run vnstat.
##
##
-##
+##
## Domain allowed access.
-##
+##
##
#
interface(`vnstatd_domtrans_vnstat',`
@@ -75,7 +71,7 @@ interface(`vnstatd_read_lib_files',`
')
files_search_var_lib($1)
- read_files_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t)
+ read_files_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t)
')
########################################
@@ -95,7 +91,7 @@ interface(`vnstatd_manage_lib_files',`
')
files_search_var_lib($1)
- manage_files_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t)
+ manage_files_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t)
')
########################################
@@ -114,7 +110,7 @@ interface(`vnstatd_manage_lib_dirs',`
')
files_search_var_lib($1)
- manage_dirs_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t)
+ manage_dirs_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t)
')
@@ -138,7 +134,7 @@ interface(`vnstatd_manage_lib_dirs',`
interface(`vnstatd_admin',`
gen_require(`
type vnstatd_t;
- type vnstatd_var_lib_t;
+ type vnstatd_var_lib_t;
')
allow $1 vnstatd_t:process { ptrace signal_perms };
@@ -146,5 +142,4 @@ interface(`vnstatd_admin',`
files_list_var_lib($1)
admin_pattern($1, vnstatd_var_lib_t)
-
')
diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
index 88b6040..cd2798a 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -243,7 +243,7 @@ interface(`xserver_rw_session',`
type xserver_t, xserver_tmpfs_t;
')
- xserver_ro_session($1,$2)
+ xserver_ro_session($1, $2)
allow $1 xserver_t:shm rw_shm_perms;
allow $1 xserver_tmpfs_t:file rw_file_perms;
')