diff --git a/policy/modules/services/samba.if b/policy/modules/services/samba.if
index 89935be..50cc613 100644
--- a/policy/modules/services/samba.if
+++ b/policy/modules/services/samba.if
@@ -722,6 +722,7 @@ template(`samba_helper_template',`
gen_require(`
type smbd_t;
')
+
#This type is for samba helper scripts
type samba_$1_script_t;
domain_type(samba_$1_script_t)
@@ -734,7 +735,6 @@ template(`samba_helper_template',`
domtrans_pattern(smbd_t, samba_$1_script_exec_t, samba_$1_script_t)
allow smbd_t samba_$1_script_exec_t:file ioctl;
-
')
########################################
@@ -760,16 +760,12 @@ interface(`samba_admin',`
type smbd_t, smbd_tmp_t;
type smbd_var_run_t;
type samba_initrc_exec_t;
-
type samba_log_t, samba_var_t;
type samba_etc_t, samba_share_t;
type samba_secrets_t;
-
type swat_var_run_t, swat_tmp_t;
-
type winbind_var_run_t, winbind_tmp_t;
type winbind_log_t;
-
type samba_unconfined_script_t, samba_unconfined_script_exec_t;
')
@@ -781,7 +777,7 @@ interface(`samba_admin',`
allow $1 samba_unconfined_script_t:process { ptrace signal_perms getattr };
read_files_pattern($1, samba_unconfined_script_t, samba_unconfined_script_t)
-
+
samba_run_smbcontrol($1, $2, $3)
samba_run_winbind_helper($1, $2, $3)
samba_run_smbmount($1, $2, $3)
diff --git a/policy/modules/services/sendmail.if b/policy/modules/services/sendmail.if
index 0c97e36..4fc41ac 100644
--- a/policy/modules/services/sendmail.if
+++ b/policy/modules/services/sendmail.if
@@ -58,17 +58,17 @@ interface(`sendmail_domtrans',`
## Execute sendmail in the sendmail domain.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
-interface(`sendmail_initrc_domtrans', `
- gen_require(`
- type sendmail_initrc_exec_t;
- ')
+interface(`sendmail_initrc_domtrans',`
+ gen_require(`
+ type sendmail_initrc_exec_t;
+ ')
- init_labeled_script_domtrans($1, sendmail_initrc_exec_t)
+ init_labeled_script_domtrans($1, sendmail_initrc_exec_t)
')
########################################
diff --git a/policy/modules/services/smokeping.if b/policy/modules/services/smokeping.if
index 824d206..8265278 100644
--- a/policy/modules/services/smokeping.if
+++ b/policy/modules/services/smokeping.if
@@ -5,9 +5,9 @@
## Execute a domain transition to run smokeping.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`smokeping_domtrans',`
diff --git a/policy/modules/services/snmp.if b/policy/modules/services/snmp.if
index 64e9fb1..cbe0584 100644
--- a/policy/modules/services/snmp.if
+++ b/policy/modules/services/snmp.if
@@ -11,12 +11,12 @@
##
#
interface(`snmp_stream_connect',`
- gen_require(`
+ gen_require(`
type snmpd_t, snmpd_var_lib_t;
- ')
+ ')
- files_search_var_lib($1)
- stream_connect_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t, snmpd_t)
+ files_search_var_lib($1)
+ stream_connect_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t, snmpd_t)
')
########################################
@@ -82,6 +82,7 @@ interface(`snmp_dontaudit_read_snmp_var_lib_files',`
gen_require(`
type snmpd_var_lib_t;
')
+
dontaudit $1 snmpd_var_lib_t:dir list_dir_perms;
dontaudit $1 snmpd_var_lib_t:file read_file_perms;
dontaudit $1 snmpd_var_lib_t:lnk_file read_lnk_file_perms;
diff --git a/policy/modules/services/snort.if b/policy/modules/services/snort.if
index c117e8b..215f425 100644
--- a/policy/modules/services/snort.if
+++ b/policy/modules/services/snort.if
@@ -5,9 +5,9 @@
## Execute a domain transition to run snort.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`snort_domtrans',`
diff --git a/policy/modules/services/spamassassin.if b/policy/modules/services/spamassassin.if
index f906f43..b87e327 100644
--- a/policy/modules/services/spamassassin.if
+++ b/policy/modules/services/spamassassin.if
@@ -59,7 +59,6 @@ interface(`spamassassin_exec',`
')
can_exec($1, spamassassin_exec_t)
-
')
########################################
@@ -318,7 +317,7 @@ interface(`spamassassin_spamd_admin',`
allow $1 spamd_t:process { ptrace signal_perms };
ps_process_pattern($1, spamd_t)
-
+
init_labeled_script_domtrans($1, spamd_initrc_exec_t)
domain_system_change_exemption($1)
role_transition $2 spamd_initrc_exec_t system_r;
diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
index bb8c7d1..078490e 100644
--- a/policy/modules/services/ssh.if
+++ b/policy/modules/services/ssh.if
@@ -32,7 +32,6 @@
##
#
template(`ssh_basic_client_template',`
-
gen_require(`
attribute ssh_server;
type ssh_exec_t, sshd_key_t, sshd_tmp_t;
@@ -167,7 +166,7 @@ template(`ssh_basic_client_template',`
##
##
#
-template(`ssh_server_template', `
+template(`ssh_server_template',`
type $1_t, ssh_server;
auth_login_pgm_domain($1_t)
@@ -305,7 +304,6 @@ template(`ssh_server_template', `
template(`ssh_role_template',`
gen_require(`
attribute ssh_server, ssh_agent_type;
-
type ssh_t, ssh_exec_t, ssh_tmpfs_t, ssh_home_t;
type ssh_agent_exec_t, ssh_keysign_t, ssh_tmpfs_t;
type ssh_agent_tmp_t;
@@ -487,6 +485,7 @@ interface(`ssh_read_pipes',`
allow $1 sshd_t:fifo_file read_fifo_file_perms;
')
+
########################################
##
## Read and write a ssh server unnamed pipe.
@@ -592,7 +591,6 @@ interface(`ssh_domtrans',`
domtrans_pattern($1, sshd_exec_t, sshd_t)
')
-
########################################
##
## Execute sshd server in the sshd domain.
@@ -780,4 +778,3 @@ interface(`ssh_signull',`
allow $1 sshd_t:process signull;
')
-
diff --git a/policy/modules/services/sssd.if b/policy/modules/services/sssd.if
index a433746..d33bae0 100644
--- a/policy/modules/services/sssd.if
+++ b/policy/modules/services/sssd.if
@@ -5,9 +5,9 @@
## Execute a domain transition to run sssd.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`sssd_domtrans',`
diff --git a/policy/modules/services/stunnel.if b/policy/modules/services/stunnel.if
index 6073656..eaf49b2 100644
--- a/policy/modules/services/stunnel.if
+++ b/policy/modules/services/stunnel.if
@@ -20,6 +20,6 @@ interface(`stunnel_service_domain',`
type stunnel_t;
')
- domtrans_pattern(stunnel_t,$2,$1)
+ domtrans_pattern(stunnel_t, $2, $1)
allow $1 stunnel_t:tcp_socket rw_socket_perms;
')
diff --git a/policy/modules/services/tftp.if b/policy/modules/services/tftp.if
index 242576d..b17d182 100644
--- a/policy/modules/services/tftp.if
+++ b/policy/modules/services/tftp.if
@@ -64,19 +64,19 @@ interface(`tftp_manage_rw_content',`
## with specified types.
##
##
-##
+##
## Domain allowed access.
-##
+##
##
##
-##
+##
## Private file type.
-##
+##
##
##
-##
+##
## Class of the object being created.
-##
+##
##
#
interface(`tftp_filetrans_tftpdir',`
diff --git a/policy/modules/services/tgtd.if b/policy/modules/services/tgtd.if
index 74beaaa..c2ed23a 100644
--- a/policy/modules/services/tgtd.if
+++ b/policy/modules/services/tgtd.if
@@ -11,36 +11,36 @@
#####################################
##
-## Allow read and write access to tgtd semaphores.
+## Allow read and write access to tgtd semaphores.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`tgtd_rw_semaphores',`
- gen_require(`
- type tgtd_t;
- ')
+ gen_require(`
+ type tgtd_t;
+ ')
- allow $1 tgtd_t:sem rw_sem_perms;
+ allow $1 tgtd_t:sem rw_sem_perms;
')
######################################
##
-## Manage tgtd sempaphores.
+## Manage tgtd sempaphores.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`tgtd_manage_semaphores',`
- gen_require(`
- type tgtd_t;
- ')
+ gen_require(`
+ type tgtd_t;
+ ')
- allow $1 tgtd_t:sem create_sem_perms;
+ allow $1 tgtd_t:sem create_sem_perms;
')
diff --git a/policy/modules/services/tuned.if b/policy/modules/services/tuned.if
index 54b8605..fa7ade8 100644
--- a/policy/modules/services/tuned.if
+++ b/policy/modules/services/tuned.if
@@ -5,9 +5,9 @@
## Execute a domain transition to run tuned.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`tuned_domtrans',`
diff --git a/policy/modules/services/ucspitcp.if b/policy/modules/services/ucspitcp.if
index bf82170..1f6f55b 100644
--- a/policy/modules/services/ucspitcp.if
+++ b/policy/modules/services/ucspitcp.if
@@ -20,7 +20,7 @@
##
##
#
-interface(`ucspitcp_service_domain', `
+interface(`ucspitcp_service_domain',`
gen_require(`
type ucspitcp_t;
role system_r;
diff --git a/policy/modules/services/ulogd.if b/policy/modules/services/ulogd.if
index b078bf7..48c528a 100644
--- a/policy/modules/services/ulogd.if
+++ b/policy/modules/services/ulogd.if
@@ -5,9 +5,9 @@
## Execute a domain transition to run ulogd.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`ulogd_domtrans',`
@@ -65,9 +65,9 @@ interface(`ulogd_read_log',`
## Allow the specified domain to search ulogd's log files.
##
##
-##
+##
## Domain allowed access.
-##
+##
##
#
interface(`ulogd_search_log',`
diff --git a/policy/modules/services/usbmuxd.if b/policy/modules/services/usbmuxd.if
index 5015043..53792d3 100644
--- a/policy/modules/services/usbmuxd.if
+++ b/policy/modules/services/usbmuxd.if
@@ -5,9 +5,9 @@
## Execute a domain transition to run usbmuxd.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`usbmuxd_domtrans',`
diff --git a/policy/modules/services/varnishd.if b/policy/modules/services/varnishd.if
index 9214237..0bbbb0d 100644
--- a/policy/modules/services/varnishd.if
+++ b/policy/modules/services/varnishd.if
@@ -21,7 +21,7 @@ interface(`varnishd_domtrans',`
#######################################
##
-## Execute varnishd
+## Execute varnishd
##
##
##
@@ -61,18 +61,18 @@ interface(`varnishd_read_config',`
## Read varnish lib files.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`varnishd_read_lib_files',`
- gen_require(`
- type varnishd_var_lib_t;
- ')
+ gen_require(`
+ type varnishd_var_lib_t;
+ ')
- files_search_var_lib($1)
- read_files_pattern($1, varnishd_var_lib_t, varnishd_var_lib_t)
+ files_search_var_lib($1)
+ read_files_pattern($1, varnishd_var_lib_t, varnishd_var_lib_t)
')
#######################################
@@ -165,11 +165,10 @@ interface(`varnishd_admin_varnishlog',`
allow $2 system_r;
files_search_pids($1)
- admin_pattern($1, varnishlog_var_run_t)
+ admin_pattern($1, varnishlog_var_run_t)
logging_list_logs($1)
admin_pattern($1, varnishlog_log_t)
-
')
#######################################
@@ -192,7 +191,7 @@ interface(`varnishd_admin_varnishlog',`
interface(`varnishd_admin',`
gen_require(`
type varnishd_t, varnishd_var_lib_t, varnishd_etc_t;
- type varnishd_var_run_t, varnishd_tmp_t;
+ type varnishd_var_run_t, varnishd_tmp_t;
type varnishd_initrc_exec_t;
')
@@ -215,5 +214,4 @@ interface(`varnishd_admin',`
files_search_tmp($1)
admin_pattern($1, varnishd_tmp_t)
-
')
diff --git a/policy/modules/services/vhostmd.if b/policy/modules/services/vhostmd.if
index 941311e..da605ba 100644
--- a/policy/modules/services/vhostmd.if
+++ b/policy/modules/services/vhostmd.if
@@ -5,9 +5,9 @@
## Execute a domain transition to run vhostmd.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`vhostmd_domtrans',`
@@ -147,7 +147,7 @@ interface(`vhostmd_manage_pid_files',`
')
files_search_pids($1)
- manage_files_pattern($1, vhostmd_var_run_t, vhostmd_var_run_t)
+ manage_files_pattern($1, vhostmd_var_run_t, vhostmd_var_run_t)
')
########################################
@@ -221,5 +221,4 @@ interface(`vhostmd_admin',`
vhostmd_manage_tmpfs_files($1)
vhostmd_manage_pid_files($1)
-
')
diff --git a/policy/modules/services/virt.if b/policy/modules/services/virt.if
index 1840faa..50ef959 100644
--- a/policy/modules/services/virt.if
+++ b/policy/modules/services/virt.if
@@ -91,9 +91,9 @@ interface(`virt_image',`
## Execute a domain transition to run virt.
##
##
-##
+##
## Domain allowed to transition.
-##
+##
##
#
interface(`virt_domtrans',`
@@ -380,9 +380,9 @@ interface(`virt_read_log',`
## virt log files.
##
##
-##
+##
## Domain allowed access.
-##
+##
##
#
interface(`virt_append_log',`