diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if index 4a2865b..f5b7880 100644 --- a/policy/modules/kernel/files.if +++ b/policy/modules/kernel/files.if @@ -100,7 +100,7 @@ interface(`files_pid_file',` ######################################## ## -## Make the specified type a +## Make the specified type a ## configuration file. ## ## @@ -119,7 +119,7 @@ interface(`files_config_file',` ######################################## ## -## Make the specified type a +## Make the specified type a ## polyinstantiated directory. ## ## @@ -1070,7 +1070,7 @@ interface(`files_dontaudit_search_all_dirs',` ## ## # -# dwalsh: This interface is to allow quotacheck to work on a +# dwalsh: This interface is to allow quotacheck to work on a # a filesystem mounted with the --context switch # https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212957 # @@ -1214,7 +1214,7 @@ interface(`files_read_config_files',` ########################################### ## -## Manage all configuration files on filesystem +## Manage all configuration files on filesystem ## ## ## @@ -1233,7 +1233,7 @@ interface(`files_manage_config_files',` ####################################### ## -## Relabel configuration files +## Relabel configuration files ## ## ## @@ -2636,7 +2636,7 @@ interface(`files_manage_isid_type_symlinks',` ######################################## ## -## Read and write block device nodes on new filesystems +## Read and write block device nodes on new filesystems ## that have not yet been labeled. ## ## @@ -3587,7 +3587,7 @@ interface(`files_list_all_tmp',` ######################################## ## ## Do not audit attempts to get the attributes -## of all tmp files. +## of all tmp files. ## ## ## @@ -3606,7 +3606,7 @@ interface(`files_dontaudit_getattr_all_tmp_files',` ######################################## ## ## Allow attempts to get the attributes -## of all tmp files. +## of all tmp files. ## ## ## @@ -3625,7 +3625,7 @@ interface(`files_getattr_all_tmp_files',` ######################################## ## ## Do not audit attempts to get the attributes -## of all tmp sock_file. +## of all tmp sock_file. ## ## ## @@ -4430,7 +4430,7 @@ interface(`files_rw_var_lib_dirs',` gen_require(` type var_lib_t; ') - + rw_dirs_pattern($1, var_lib_t, var_lib_t) ') diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te index d6e85d3..7b08d20 100644 --- a/policy/modules/kernel/files.te +++ b/policy/modules/kernel/files.te @@ -220,7 +220,7 @@ fs_associate_tmpfs(tmpfsfile) allow files_unconfined_type file_type:{ file chr_file } ~execmod; allow files_unconfined_type file_type:{ dir lnk_file sock_file fifo_file blk_file } *; -# Mount/unmount any filesystem with the context= option. +# Mount/unmount any filesystem with the context= option. allow files_unconfined_type file_type:filesystem *; tunable_policy(`allow_execmod',` diff --git a/policy/modules/kernel/storage.te b/policy/modules/kernel/storage.te index dab6e3e..fc46c28 100644 --- a/policy/modules/kernel/storage.te +++ b/policy/modules/kernel/storage.te @@ -13,7 +13,7 @@ attribute scsi_generic_write; attribute storage_unconfined_type; # -# fixed_disk_device_t is the type of +# fixed_disk_device_t is the type of # /dev/hd* and /dev/sd*. # type fixed_disk_device_t; diff --git a/policy/modules/kernel/terminal.if b/policy/modules/kernel/terminal.if index 8e90762..22fa1c5 100644 --- a/policy/modules/kernel/terminal.if +++ b/policy/modules/kernel/terminal.if @@ -595,18 +595,18 @@ interface(`term_dontaudit_use_generic_ptys',` ####################################### ## -## Set the attributes of the tty device +## Set the attributes of the tty device ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`term_setattr_controlling_term',` - gen_require(` - type devtty_t; - ') + gen_require(` + type devtty_t; + ') dev_list_all_dev_nodes($1) allow $1 devtty_t:chr_file setattr; diff --git a/policy/modules/kernel/terminal.te b/policy/modules/kernel/terminal.te index ba8d5b6..ba85661 100644 --- a/policy/modules/kernel/terminal.te +++ b/policy/modules/kernel/terminal.te @@ -22,7 +22,7 @@ type console_device_t; dev_node(console_device_t) # -# devpts_t is the type of the devpts file system and +# devpts_t is the type of the devpts file system and # the type of the root directory of the file system. # type devpts_t; diff --git a/policy/modules/system/lvm.if b/policy/modules/system/lvm.if index 809cf34..a64ff3e 100644 --- a/policy/modules/system/lvm.if +++ b/policy/modules/system/lvm.if @@ -21,24 +21,23 @@ interface(`lvm_domtrans',` ######################################## ## -## Execute lvm programs in the caller domain. +## Execute lvm programs in the caller domain. ## ## -## -## The type of the process performing this action. -## +## +## The type of the process performing this action. +## ## # interface(`lvm_exec',` - gen_require(` - type lvm_exec_t; - ') - - corecmd_search_sbin($1) - can_exec($1, lvm_exec_t) + gen_require(` + type lvm_exec_t; + ') + corecmd_search_sbin($1) + can_exec($1, lvm_exec_t) ') - + ######################################## ## ## Execute lvm programs in the lvm domain. @@ -108,19 +107,19 @@ interface(`lvm_manage_config',` ###################################### ## -## Execute a domain transition to run clvmd. +## Execute a domain transition to run clvmd. ## ## ## -## Domain allowed to transition. +## Domain allowed to transition. ## ## # interface(`lvm_domtrans_clvmd',` - gen_require(` - type clvmd_t, clvmd_exec_t; - ') + gen_require(` + type clvmd_t, clvmd_exec_t; + ') - corecmd_search_bin($1) - domtrans_pattern($1,clvmd_exec_t,clvmd_t) + corecmd_search_bin($1) + domtrans_pattern($1, clvmd_exec_t, clvmd_t) ') diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te index 69e65e4..3c75228 100644 --- a/policy/modules/system/lvm.te +++ b/policy/modules/system/lvm.te @@ -196,12 +196,12 @@ files_lock_filetrans(lvm_t, lvm_lock_t, file) manage_dirs_pattern(lvm_t, lvm_var_lib_t, lvm_var_lib_t) manage_files_pattern(lvm_t, lvm_var_lib_t, lvm_var_lib_t) -files_var_lib_filetrans(lvm_t, lvm_var_lib_t,{ dir file }) +files_var_lib_filetrans(lvm_t, lvm_var_lib_t, { dir file }) manage_dirs_pattern(lvm_t, lvm_var_run_t, lvm_var_run_t) manage_files_pattern(lvm_t, lvm_var_run_t, lvm_var_run_t) manage_sock_files_pattern(lvm_t, lvm_var_run_t, lvm_var_run_t) -files_pid_filetrans(lvm_t, lvm_var_run_t,{ file sock_file }) +files_pid_filetrans(lvm_t, lvm_var_run_t, { file sock_file }) read_files_pattern(lvm_t, lvm_etc_t, lvm_etc_t) read_lnk_files_pattern(lvm_t, lvm_etc_t, lvm_etc_t) diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if index ba77018..783f38e 100644 --- a/policy/modules/system/miscfiles.if +++ b/policy/modules/system/miscfiles.if @@ -416,8 +416,8 @@ interface(`miscfiles_read_public_files',` ') allow $1 { public_content_t public_content_rw_t }:dir list_dir_perms; - read_files_pattern($1,{ public_content_t public_content_rw_t },{ public_content_t public_content_rw_t }) - read_lnk_files_pattern($1,{ public_content_t public_content_rw_t },{ public_content_t public_content_rw_t }) + read_files_pattern($1, { public_content_t public_content_rw_t }, { public_content_t public_content_rw_t }) + read_lnk_files_pattern($1, { public_content_t public_content_rw_t }, { public_content_t public_content_rw_t }) ') ########################################