diff --git a/policy/modules/apps/awstats.if b/policy/modules/apps/awstats.if index 88c9090..283ff0d 100644 --- a/policy/modules/apps/awstats.if +++ b/policy/modules/apps/awstats.if @@ -5,12 +5,12 @@ ######################################## ## -## Read and write awstats unnamed pipes. +## Read and write awstats unnamed pipes. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`awstats_rw_pipes',` @@ -23,12 +23,12 @@ interface(`awstats_rw_pipes',` ######################################## ## -## Execute awstats cgi scripts in the caller domain. +## Execute awstats cgi scripts in the caller domain. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`awstats_cgi_exec',` diff --git a/policy/modules/apps/gpg.if b/policy/modules/apps/gpg.if index 176e01d..f6a5c8e 100644 --- a/policy/modules/apps/gpg.if +++ b/policy/modules/apps/gpg.if @@ -53,11 +53,11 @@ interface(`gpg_role',` ######################################## ## -## Transition to a user gpg domain. +## Transition to a user gpg domain. ## ## ## -## Domain allowed access. +## Domain allowed access. ## ## # @@ -71,11 +71,11 @@ interface(`gpg_domtrans',` ######################################## ## -## Send generic signals to user gpg processes. +## Send generic signals to user gpg processes. ## ## ## -## Domain allowed access. +## Domain allowed access. ## ## # diff --git a/policy/modules/apps/userhelper.if b/policy/modules/apps/userhelper.if index c25e403..1184730 100644 --- a/policy/modules/apps/userhelper.if +++ b/policy/modules/apps/userhelper.if @@ -176,7 +176,7 @@ template(`userhelper_role_template',` ## ## ## -## Domain allowed access. +## Domain allowed access. ## ## # @@ -195,7 +195,7 @@ interface(`userhelper_search_config',` ## ## ## -## Domain to not audit. +## Domain to not audit. ## ## # @@ -213,7 +213,7 @@ interface(`userhelper_dontaudit_search_config',` ## ## ## -## Domain allowed access. +## Domain allowed access. ## ## # @@ -231,7 +231,7 @@ interface(`userhelper_use_fd',` ## ## ## -## Domain allowed access. +## Domain allowed access. ## ## # diff --git a/policy/modules/kernel/corecommands.if b/policy/modules/kernel/corecommands.if index 7df3bde..49f2e94 100644 --- a/policy/modules/kernel/corecommands.if +++ b/policy/modules/kernel/corecommands.if @@ -410,35 +410,35 @@ interface(`corecmd_bin_spec_domtrans',` ######################################## ## -## Execute a file in a bin directory -## in the specified domain. +## Execute a file in a bin directory +## in the specified domain. ## ## -##

-## Execute a file in a bin directory -## in the specified domain. This allows -## the specified domain to execute any file -## on these filesystems in the specified -## domain. This is not suggested. -##

-##

-## No interprocess communication (signals, pipes, -## etc.) is provided by this interface since -## the domains are not owned by this module. -##

-##

-## This interface was added to handle -## the ssh-agent policy. -##

+##

+## Execute a file in a bin directory +## in the specified domain. This allows +## the specified domain to execute any file +## on these filesystems in the specified +## domain. This is not suggested. +##

+##

+## No interprocess communication (signals, pipes, +## etc.) is provided by this interface since +## the domains are not owned by this module. +##

+##

+## This interface was added to handle +## the ssh-agent policy. +##

##
## ## -## Domain allowed access. +## Domain allowed access. ## ## ## ## -## The type of the new process. +## The type of the new process. ## ## # diff --git a/policy/modules/kernel/corenetwork.if.in b/policy/modules/kernel/corenetwork.if.in index e89e304..f57219f 100644 --- a/policy/modules/kernel/corenetwork.if.in +++ b/policy/modules/kernel/corenetwork.if.in @@ -1467,11 +1467,11 @@ interface(`corenet_udp_bind_all_unreserved_ports',` ######################################## ## -## Connect TCP sockets to reserved ports. +## Connect TCP sockets to reserved ports. ## ## ## -## The type of the process performing this action. +## The type of the process performing this action. ## ## # @@ -1504,11 +1504,11 @@ interface(`corenet_dontaudit_tcp_connect_all_reserved_ports',` ######################################## ## -## Connect TCP sockets to rpc ports. +## Connect TCP sockets to rpc ports. ## ## ## -## The type of the process performing this action. +## The type of the process performing this action. ## ## # @@ -1709,7 +1709,7 @@ interface(`corenet_dontaudit_non_ipsec_sendrecv',` ######################################## ## -## Receive TCP packets from a NetLabel connection. +## Receive TCP packets from a NetLabel connection. ## ## ## @@ -1724,7 +1724,7 @@ interface(`corenet_tcp_recv_netlabel',` ######################################## ## -## Receive TCP packets from a NetLabel connection. +## Receive TCP packets from a NetLabel connection. ## ## ## @@ -1743,7 +1743,7 @@ interface(`corenet_tcp_recvfrom_netlabel',` ######################################## ## -## Receive TCP packets from an unlabled connection. +## Receive TCP packets from an unlabled connection. ## ## ## @@ -1763,8 +1763,8 @@ interface(`corenet_tcp_recvfrom_unlabeled',` ######################################## ## -## Do not audit attempts to receive TCP packets from a NetLabel -## connection. +## Do not audit attempts to receive TCP packets from a NetLabel +## connection. ## ## ## @@ -1779,8 +1779,8 @@ interface(`corenet_dontaudit_tcp_recv_netlabel',` ######################################## ## -## Do not audit attempts to receive TCP packets from a NetLabel -## connection. +## Do not audit attempts to receive TCP packets from a NetLabel +## connection. ## ## ## @@ -1799,8 +1799,8 @@ interface(`corenet_dontaudit_tcp_recvfrom_netlabel',` ######################################## ## -## Do not audit attempts to receive TCP packets from an unlabeled -## connection. +## Do not audit attempts to receive TCP packets from an unlabeled +## connection. ## ## ## @@ -1820,7 +1820,7 @@ interface(`corenet_dontaudit_tcp_recvfrom_unlabeled',` ######################################## ## -## Receive UDP packets from a NetLabel connection. +## Receive UDP packets from a NetLabel connection. ## ## ## @@ -1835,7 +1835,7 @@ interface(`corenet_udp_recv_netlabel',` ######################################## ## -## Receive UDP packets from a NetLabel connection. +## Receive UDP packets from a NetLabel connection. ## ## ## @@ -1854,7 +1854,7 @@ interface(`corenet_udp_recvfrom_netlabel',` ######################################## ## -## Receive UDP packets from an unlabeled connection. +## Receive UDP packets from an unlabeled connection. ## ## ## @@ -1874,8 +1874,8 @@ interface(`corenet_udp_recvfrom_unlabeled',` ######################################## ## -## Do not audit attempts to receive UDP packets from a NetLabel -## connection. +## Do not audit attempts to receive UDP packets from a NetLabel +## connection. ## ## ## @@ -1890,8 +1890,8 @@ interface(`corenet_dontaudit_udp_recv_netlabel',` ######################################## ## -## Do not audit attempts to receive UDP packets from a NetLabel -## connection. +## Do not audit attempts to receive UDP packets from a NetLabel +## connection. ## ## ## @@ -1910,8 +1910,8 @@ interface(`corenet_dontaudit_udp_recvfrom_netlabel',` ######################################## ## -## Do not audit attempts to receive UDP packets from an unlabeled -## connection. +## Do not audit attempts to receive UDP packets from an unlabeled +## connection. ## ## ## @@ -1931,7 +1931,7 @@ interface(`corenet_dontaudit_udp_recvfrom_unlabeled',` ######################################## ## -## Receive Raw IP packets from a NetLabel connection. +## Receive Raw IP packets from a NetLabel connection. ## ## ## @@ -1946,7 +1946,7 @@ interface(`corenet_raw_recv_netlabel',` ######################################## ## -## Receive Raw IP packets from a NetLabel connection. +## Receive Raw IP packets from a NetLabel connection. ## ## ## @@ -1965,7 +1965,7 @@ interface(`corenet_raw_recvfrom_netlabel',` ######################################## ## -## Receive Raw IP packets from an unlabeled connection. +## Receive Raw IP packets from an unlabeled connection. ## ## ## @@ -1985,8 +1985,8 @@ interface(`corenet_raw_recvfrom_unlabeled',` ######################################## ## -## Do not audit attempts to receive Raw IP packets from a NetLabel -## connection. +## Do not audit attempts to receive Raw IP packets from a NetLabel +## connection. ## ## ## @@ -2001,8 +2001,8 @@ interface(`corenet_dontaudit_raw_recv_netlabel',` ######################################## ## -## Do not audit attempts to receive Raw IP packets from a NetLabel -## connection. +## Do not audit attempts to receive Raw IP packets from a NetLabel +## connection. ## ## ## @@ -2021,8 +2021,8 @@ interface(`corenet_dontaudit_raw_recvfrom_netlabel',` ######################################## ## -## Do not audit attempts to receive Raw IP packets from an unlabeled -## connection. +## Do not audit attempts to receive Raw IP packets from an unlabeled +## connection. ## ## ## @@ -2042,7 +2042,7 @@ interface(`corenet_dontaudit_raw_recvfrom_unlabeled',` ######################################## ## -## Receive packets from an unlabeled connection. +## Receive packets from an unlabeled connection. ## ## ## @@ -2064,7 +2064,7 @@ interface(`corenet_all_recvfrom_unlabeled',` ######################################## ## -## Receive packets from a NetLabel connection. +## Receive packets from a NetLabel connection. ## ## ## @@ -2083,7 +2083,7 @@ interface(`corenet_all_recvfrom_netlabel',` ######################################## ## -## Do not audit attempts to receive packets from an unlabeled connection. +## Do not audit attempts to receive packets from an unlabeled connection. ## ## ## @@ -2105,8 +2105,8 @@ interface(`corenet_dontaudit_all_recvfrom_unlabeled',` ######################################## ## -## Do not audit attempts to receive packets from a NetLabel -## connection. +## Do not audit attempts to receive packets from a NetLabel +## connection. ## ## ## diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if index a1173fd..f0f7089 100644 --- a/policy/modules/kernel/devices.if +++ b/policy/modules/kernel/devices.if @@ -1842,11 +1842,11 @@ interface(`dev_read_mouse',` ######################################## ## -## Read and write to mouse devices. +## Read and write to mouse devices. ## ## ## -## Domain allowed access. +## Domain allowed access. ## ## # diff --git a/policy/modules/kernel/domain.if b/policy/modules/kernel/domain.if index 8fcf126..7316b09 100644 --- a/policy/modules/kernel/domain.if +++ b/policy/modules/kernel/domain.if @@ -1221,7 +1221,7 @@ interface(`domain_mmap_all_entry_files',` ## ## ## -## The type of the new process. +## The type of the new process. ## ## # @@ -1237,9 +1237,9 @@ interface(`domain_entry_file_spec_domtrans',` ######################################## ## ## Ability to mmap a low area of the address space, -## as configured by /proc/sys/kernel/mmap_min_addr. -## Preventing such mappings helps protect against -## exploiting null deref bugs in the kernel. +## as configured by /proc/sys/kernel/mmap_min_addr. +## Preventing such mappings helps protect against +## exploiting null deref bugs in the kernel. ## ## ## diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if index 97a406c..282a1cf 100644 --- a/policy/modules/kernel/files.if +++ b/policy/modules/kernel/files.if @@ -1544,12 +1544,12 @@ interface(`files_manage_boot_symlinks',` ######################################## ## -## Read kernel files in the /boot directory. +## Read kernel files in the /boot directory. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`files_read_kernel_img',` diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if index 7526c4b..98607ab 100644 --- a/policy/modules/kernel/filesystem.if +++ b/policy/modules/kernel/filesystem.if @@ -1250,12 +1250,12 @@ interface(`fs_read_eventpollfs',` ######################################## ## -## Mount a FUSE filesystem. +## Mount a FUSE filesystem. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`fs_mount_fusefs',` @@ -1268,12 +1268,12 @@ interface(`fs_mount_fusefs',` ######################################## ## -## Unmount a FUSE filesystem. +## Unmount a FUSE filesystem. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`fs_unmount_fusefs',` @@ -1722,7 +1722,7 @@ interface(`fs_read_nfs_named_sockets',` ######################################### ## -## Read named pipes on a NFS network filesystem. +## Read named pipes on a NFS network filesystem. ## ## ## diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if index 111596b..1879be0 100644 --- a/policy/modules/kernel/kernel.if +++ b/policy/modules/kernel/kernel.if @@ -2297,12 +2297,12 @@ interface(`kernel_dontaudit_sendrecv_unlabeled_association',` ######################################## ## -## Receive TCP packets from an unlabeled connection. +## Receive TCP packets from an unlabeled connection. ## ## ##

-## Receive TCP packets from an unlabeled connection. -##

+## Receive TCP packets from an unlabeled connection. +##

##

## The corenetwork interface corenet_tcp_recv_unlabeled() should ## be used instead of this one. @@ -2324,14 +2324,14 @@ interface(`kernel_tcp_recvfrom_unlabeled',` ######################################## ##

-## Do not audit attempts to receive TCP packets from an unlabeled +## Do not audit attempts to receive TCP packets from an unlabeled ## connection. ## ## ##

-## Do not audit attempts to receive TCP packets from an unlabeled +## Do not audit attempts to receive TCP packets from an unlabeled ## connection. -##

+##

##

## The corenetwork interface corenet_dontaudit_tcp_recv_unlabeled() ## should be used instead of this one. @@ -2353,12 +2353,12 @@ interface(`kernel_dontaudit_tcp_recvfrom_unlabeled',` ######################################## ##

-## Receive UDP packets from an unlabeled connection. +## Receive UDP packets from an unlabeled connection. ## ## ##

-## Receive UDP packets from an unlabeled connection. -##

+## Receive UDP packets from an unlabeled connection. +##

##

## The corenetwork interface corenet_udp_recv_unlabeled() should ## be used instead of this one. @@ -2380,14 +2380,14 @@ interface(`kernel_udp_recvfrom_unlabeled',` ######################################## ##

-## Do not audit attempts to receive UDP packets from an unlabeled +## Do not audit attempts to receive UDP packets from an unlabeled ## connection. ## ## ##

-## Do not audit attempts to receive UDP packets from an unlabeled +## Do not audit attempts to receive UDP packets from an unlabeled ## connection. -##

+##

##

## The corenetwork interface corenet_dontaudit_udp_recv_unlabeled() ## should be used instead of this one. @@ -2409,12 +2409,12 @@ interface(`kernel_dontaudit_udp_recvfrom_unlabeled',` ######################################## ##

-## Receive Raw IP packets from an unlabeled connection. +## Receive Raw IP packets from an unlabeled connection. ## ## ##

-## Receive Raw IP packets from an unlabeled connection. -##

+## Receive Raw IP packets from an unlabeled connection. +##

##

## The corenetwork interface corenet_raw_recv_unlabeled() should ## be used instead of this one. @@ -2436,14 +2436,14 @@ interface(`kernel_raw_recvfrom_unlabeled',` ######################################## ##

-## Do not audit attempts to receive Raw IP packets from an unlabeled +## Do not audit attempts to receive Raw IP packets from an unlabeled ## connection. ## ## ##

-## Do not audit attempts to receive Raw IP packets from an unlabeled +## Do not audit attempts to receive Raw IP packets from an unlabeled ## connection. -##

+##

##

## The corenetwork interface corenet_dontaudit_raw_recv_unlabeled() ## should be used instead of this one. @@ -2500,7 +2500,7 @@ interface(`kernel_sendrecv_unlabeled_packets',` ## ##

## Receive packets from an unlabeled peer, these packets do not have any -## peer labeling information present. +## peer labeling information present. ##

##

## The corenetwork interface corenet_recvfrom_unlabeled_peer() should @@ -2528,7 +2528,7 @@ interface(`kernel_recvfrom_unlabeled_peer',` ## ##

## Do not audit attempts to receive packets from an unlabeled peer, -## these packets do not have any peer labeling information present. +## these packets do not have any peer labeling information present. ##

##

## The corenetwork interface corenet_dontaudit_*_recvfrom_unlabeled() @@ -2551,12 +2551,12 @@ interface(`kernel_dontaudit_recvfrom_unlabeled_peer',` ######################################## ##

-## Relabel from unlabeled database objects. +## Relabel from unlabeled database objects. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`kernel_relabelfrom_unlabeled_database',` diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te index b55e518..76310db 100644 --- a/policy/modules/kernel/kernel.te +++ b/policy/modules/kernel/kernel.te @@ -304,7 +304,7 @@ optional_policy(` ') optional_policy(` - # nfs kernel server needs kernel UDP access. It is less risky and painful + # nfs kernel server needs kernel UDP access. It is less risky and painful # to just give it everything. allow kernel_t self:tcp_socket create_stream_socket_perms; allow kernel_t self:udp_socket create_socket_perms; diff --git a/policy/modules/kernel/mls.if b/policy/modules/kernel/mls.if index f152565..c2706de 100644 --- a/policy/modules/kernel/mls.if +++ b/policy/modules/kernel/mls.if @@ -822,13 +822,13 @@ interface(`mls_context_translate_all_levels',` ######################################## ## -## Make specified domain MLS trusted -## for reading from databases at any level. +## Make specified domain MLS trusted +## for reading from databases at any level. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## ## # @@ -842,13 +842,13 @@ interface(`mls_db_read_all_levels',` ######################################## ## -## Make specified domain MLS trusted -## for writing to databases at any level. +## Make specified domain MLS trusted +## for writing to databases at any level. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## ## # @@ -862,13 +862,13 @@ interface(`mls_db_write_all_levels',` ######################################## ## -## Make specified domain MLS trusted -## for raising the level of databases. +## Make specified domain MLS trusted +## for raising the level of databases. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## ## # @@ -882,13 +882,13 @@ interface(`mls_db_upgrade',` ######################################## ## -## Make specified domain MLS trusted -## for lowering the level of databases. +## Make specified domain MLS trusted +## for lowering the level of databases. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## ## # @@ -901,14 +901,14 @@ interface(`mls_db_downgrade',` ') ######################################## ## -## Make specified domain MLS trusted -## for sending dbus messages to +## Make specified domain MLS trusted +## for sending dbus messages to ## all levels. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## ## # @@ -922,14 +922,14 @@ interface(`mls_dbus_send_all_levels',` ######################################## ## -## Make specified domain MLS trusted -## for receiving dbus messages from +## Make specified domain MLS trusted +## for receiving dbus messages from ## all levels. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## ## # diff --git a/policy/modules/kernel/storage.if b/policy/modules/kernel/storage.if index f20d0a8..ca956ac 100644 --- a/policy/modules/kernel/storage.if +++ b/policy/modules/kernel/storage.if @@ -172,15 +172,15 @@ interface(`storage_dontaudit_write_fixed_disk',` ######################################## ## -## Allow the caller to directly read and write to a fixed disk. -## This is extremly dangerous as it can bypass the -## SELinux protections for filesystem objects, and -## should only be used by trusted domains. +## Allow the caller to directly read and write to a fixed disk. +## This is extremly dangerous as it can bypass the +## SELinux protections for filesystem objects, and +## should only be used by trusted domains. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`storage_raw_rw_fixed_disk',` diff --git a/policy/modules/services/aide.if b/policy/modules/services/aide.if index 43d0eb8..23d7889 100644 --- a/policy/modules/services/aide.if +++ b/policy/modules/services/aide.if @@ -2,12 +2,12 @@ ######################################## ## -## Execute aide in the aide domain +## Execute aide in the aide domain ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`aide_domtrans',` diff --git a/policy/modules/services/bind.te b/policy/modules/services/bind.te index 72f6279..fdc9e9a 100644 --- a/policy/modules/services/bind.te +++ b/policy/modules/services/bind.te @@ -174,7 +174,7 @@ optional_policy(` optional_policy(` # this seems like fds that arent being - # closed. these should probably be + # closed. these should probably be # dontaudits instead. networkmanager_rw_udp_sockets(named_t) networkmanager_rw_packet_sockets(named_t) diff --git a/policy/modules/services/bitlbee.if b/policy/modules/services/bitlbee.if index 293f0fd..ed4e7a2 100644 --- a/policy/modules/services/bitlbee.if +++ b/policy/modules/services/bitlbee.if @@ -2,12 +2,12 @@ ######################################## ## -## Read bitlbee configuration files +## Read bitlbee configuration files ## ## -## -## Domain allowed accesss. -## +## +## Domain allowed accesss. +## ## # interface(`bitlbee_read_config',` diff --git a/policy/modules/services/clockspeed.if b/policy/modules/services/clockspeed.if index ad7c914..7762be6 100644 --- a/policy/modules/services/clockspeed.if +++ b/policy/modules/services/clockspeed.if @@ -2,12 +2,12 @@ ######################################## ## -## Execute clockspeed utilities in the clockspeed_cli domain. +## Execute clockspeed utilities in the clockspeed_cli domain. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`clockspeed_domtrans_cli',` diff --git a/policy/modules/services/cyrus.if b/policy/modules/services/cyrus.if index ff8f24d..e4e86d0 100644 --- a/policy/modules/services/cyrus.if +++ b/policy/modules/services/cyrus.if @@ -7,7 +7,7 @@ ##
## ## -## Domain allowed access. +## Domain allowed access. ## ## # diff --git a/policy/modules/services/djbdns.if b/policy/modules/services/djbdns.if index eec46ce..69f9735 100644 --- a/policy/modules/services/djbdns.if +++ b/policy/modules/services/djbdns.if @@ -2,12 +2,12 @@ ######################################## ## -## Create a set of derived types for djbdns +## Create a set of derived types for djbdns ## components that are directly supervised by daemontools. ## ## ## -## The prefix to be used for deriving type names. +## The prefix to be used for deriving type names. ## ## # diff --git a/policy/modules/services/dovecot.if b/policy/modules/services/dovecot.if index 4341ce1..7771a8f 100644 --- a/policy/modules/services/dovecot.if +++ b/policy/modules/services/dovecot.if @@ -21,12 +21,12 @@ interface(`dovecot_manage_spool',` ######################################## ## -## Do not audit attempts to delete dovecot lib files. +## Do not audit attempts to delete dovecot lib files. ## ## -## -## Domain to not audit. -## +## +## Domain to not audit. +## ## # interface(`dovecot_dontaudit_unlink_lib_files',` diff --git a/policy/modules/services/ftp.if b/policy/modules/services/ftp.if index b593224..44fe88a 100644 --- a/policy/modules/services/ftp.if +++ b/policy/modules/services/ftp.if @@ -2,11 +2,11 @@ ######################################## ## -## Use ftp by connecting over TCP. (Deprecated) +## Use ftp by connecting over TCP. (Deprecated) ## ## ## -## Domain allowed access. +## Domain allowed access. ## ## # @@ -16,11 +16,11 @@ interface(`ftp_tcp_connect',` ######################################## ## -## Read ftpd etc files +## Read ftpd etc files ## ## ## -## Domain allowed access. +## Domain allowed access. ## ## # @@ -35,11 +35,11 @@ interface(`ftp_read_config',` ######################################## ## -## Execute FTP daemon entry point programs. +## Execute FTP daemon entry point programs. ## ## ## -## Domain allowed access. +## Domain allowed access. ## ## # @@ -54,11 +54,11 @@ interface(`ftp_check_exec',` ######################################## ## -## Read FTP transfer logs +## Read FTP transfer logs ## ## ## -## Domain allowed access. +## Domain allowed access. ## ## # @@ -73,12 +73,12 @@ interface(`ftp_read_log',` ######################################## ## -## Execute the ftpdctl program in the ftpdctl domain. +## Execute the ftpdctl program in the ftpdctl domain. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`ftp_domtrans_ftpdctl',` diff --git a/policy/modules/services/lpd.if b/policy/modules/services/lpd.if index 5a7046d..9c1c7cf 100644 --- a/policy/modules/services/lpd.if +++ b/policy/modules/services/lpd.if @@ -177,11 +177,11 @@ interface(`lpd_read_config',` ######################################## ## -## Transition to a user lpr domain. +## Transition to a user lpr domain. ## ## ## -## Domain allowed access. +## Domain allowed access. ## ## # diff --git a/policy/modules/services/mta.if b/policy/modules/services/mta.if index 1709743..1698b82 100644 --- a/policy/modules/services/mta.if +++ b/policy/modules/services/mta.if @@ -374,14 +374,14 @@ interface(`mta_send_mail',` ## Execute send mail in a specified domain. ##
## -##

+##

## Execute send mail in a specified domain. -##

-##

-## No interprocess communication (signals, pipes, -## etc.) is provided by this interface since -## the domains are not owned by this module. -##

+##

+##

+## No interprocess communication (signals, pipes, +## etc.) is provided by this interface since +## the domains are not owned by this module. +##

##
## ## diff --git a/policy/modules/services/nscd.if b/policy/modules/services/nscd.if index 33ce3da..5cef4f7 100644 --- a/policy/modules/services/nscd.if +++ b/policy/modules/services/nscd.if @@ -108,7 +108,7 @@ interface(`nscd_shm_use',` allow $1 nscd_t:fd use; # cjp: these were originally inherited from the - # nscd_socket_domain macro. need to investigate + # nscd_socket_domain macro. need to investigate # if they are all actually required allow $1 self:unix_stream_socket create_stream_socket_perms; allow $1 nscd_t:unix_stream_socket connectto; diff --git a/policy/modules/services/postgresql.if b/policy/modules/services/postgresql.if index ab0a43c..65ff43b 100644 --- a/policy/modules/services/postgresql.if +++ b/policy/modules/services/postgresql.if @@ -2,17 +2,17 @@ ####################################### ## -## Role access for SE-PostgreSQL. +## Role access for SE-PostgreSQL. ## ## -## -## The role associated with the user domain. -## +## +## The role associated with the user domain. +## ## ## ## -## The type of the user domain. -## +## The type of the user domain. +## ## # interface(`postgresql_role',` @@ -72,12 +72,12 @@ interface(`postgresql_role',` ######################################## ## -## Marks as a SE-PostgreSQL loadable shared library module +## Marks as a SE-PostgreSQL loadable shared library module ## ## -## -## Type marked as a database object type. -## +## +## Type marked as a database object type. +## ## # interface(`postgresql_loadable_module',` @@ -90,12 +90,12 @@ interface(`postgresql_loadable_module',` ######################################## ## -## Marks as a SE-PostgreSQL database object type +## Marks as a SE-PostgreSQL database object type ## ## -## -## Type marked as a database object type. -## +## +## Type marked as a database object type. +## ## # interface(`postgresql_database_object',` @@ -108,12 +108,12 @@ interface(`postgresql_database_object',` ######################################## ## -## Marks as a SE-PostgreSQL table/column/tuple object type +## Marks as a SE-PostgreSQL table/column/tuple object type ## ## -## -## Type marked as a table/column/tuple object type. -## +## +## Type marked as a table/column/tuple object type. +## ## # interface(`postgresql_table_object',` @@ -126,12 +126,12 @@ interface(`postgresql_table_object',` ######################################## ## -## Marks as a SE-PostgreSQL system table/column/tuple object type +## Marks as a SE-PostgreSQL system table/column/tuple object type ## ## -## -## Type marked as a table/column/tuple object type. -## +## +## Type marked as a table/column/tuple object type. +## ## # interface(`postgresql_system_table_object',` @@ -145,12 +145,12 @@ interface(`postgresql_system_table_object',` ######################################## ## -## Marks as a SE-PostgreSQL procedure object type +## Marks as a SE-PostgreSQL procedure object type ## ## -## -## Type marked as a database object type. -## +## +## Type marked as a database object type. +## ## # interface(`postgresql_procedure_object',` @@ -163,12 +163,12 @@ interface(`postgresql_procedure_object',` ######################################## ## -## Marks as a SE-PostgreSQL binary large object type +## Marks as a SE-PostgreSQL binary large object type ## ## -## -## Type marked as a database binary large object type. -## +## +## Type marked as a database binary large object type. +## ## # interface(`postgresql_blob_object',` @@ -302,13 +302,13 @@ interface(`postgresql_stream_connect',` ######################################## ## -## Allow the specified domain unprivileged accesses to unifined database objects +## Allow the specified domain unprivileged accesses to unifined database objects ## managed by SE-PostgreSQL, ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`postgresql_unpriv_client',` @@ -335,13 +335,13 @@ interface(`postgresql_unpriv_client',` ######################################## ## -## Allow the specified domain unconfined accesses to any database objects +## Allow the specified domain unconfined accesses to any database objects ## managed by SE-PostgreSQL, ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`postgresql_unconfined',` diff --git a/policy/modules/services/postgrey.if b/policy/modules/services/postgrey.if index 78972de..3927880 100644 --- a/policy/modules/services/postgrey.if +++ b/policy/modules/services/postgrey.if @@ -2,12 +2,12 @@ ######################################## ## -## Write to postgrey socket +## Write to postgrey socket ## ## -## -## Domain allowed to talk to postgrey -## +## +## Domain allowed to talk to postgrey +## ## # interface(`postgrey_stream_connect',` @@ -22,12 +22,12 @@ interface(`postgrey_stream_connect',` ######################################## ## -## Search the spool directory +## Search the spool directory ## ## -## -## Domain allowed access -## +## +## Domain allowed access +## ## # interface(`postgrey_search_spool',` diff --git a/policy/modules/services/rpc.if b/policy/modules/services/rpc.if index 96d25ad..cc2227d 100644 --- a/policy/modules/services/rpc.if +++ b/policy/modules/services/rpc.if @@ -118,11 +118,11 @@ template(`rpc_domain_template', ` ######################################## ## -## Send UDP network traffic to rpc and recieve UDP traffic from rpc. (Deprecated) +## Send UDP network traffic to rpc and recieve UDP traffic from rpc. (Deprecated) ## ## ## -## The type of the process performing this action. +## The type of the process performing this action. ## ## # @@ -132,12 +132,12 @@ interface(`rpc_udp_send',` ######################################## ## -## Do not audit attempts to get the attributes +## Do not audit attempts to get the attributes ## of the NFS export file. ## ## ## -## The type of the process performing this action. +## The type of the process performing this action. ## ## # @@ -151,11 +151,11 @@ interface(`rpc_dontaudit_getattr_exports',` ######################################## ## -## Allow read access to exports. +## Allow read access to exports. ## ## ## -## The type of the process performing this action. +## The type of the process performing this action. ## ## # @@ -169,11 +169,11 @@ interface(`rpc_read_exports',` ######################################## ## -## Allow write access to exports. +## Allow write access to exports. ## ## ## -## The type of the process performing this action. +## The type of the process performing this action. ## ## # @@ -187,11 +187,11 @@ interface(`rpc_write_exports',` ######################################## ## -## Execute domain in nfsd domain. +## Execute domain in nfsd domain. ## ## ## -## The type of the process performing this action. +## The type of the process performing this action. ## ## # @@ -205,11 +205,11 @@ interface(`rpc_domtrans_nfsd',` ######################################## ## -## Read NFS exported content. +## Read NFS exported content. ## ## ## -## Domain allowed access. +## Domain allowed access. ## ## ## @@ -226,11 +226,11 @@ interface(`rpc_read_nfs_content',` ######################################## ## -## Allow domain to create read and write NFS directories. +## Allow domain to create read and write NFS directories. ## ## ## -## Domain allowed access. +## Domain allowed access. ## ## ## @@ -247,11 +247,11 @@ interface(`rpc_manage_nfs_rw_content',` ######################################## ## -## Allow domain to create read and write NFS directories. +## Allow domain to create read and write NFS directories. ## ## ## -## Domain allowed access. +## Domain allowed access. ## ## ## @@ -268,11 +268,11 @@ interface(`rpc_manage_nfs_ro_content',` ######################################## ## -## Allow domain to read and write to an NFS UDP socket. +## Allow domain to read and write to an NFS UDP socket. ## ## ## -## Domain allowed access. +## Domain allowed access. ## ## # @@ -290,7 +290,7 @@ interface(`rpc_udp_rw_nfs_sockets',` ##
## ## -## Domain allowed access. +## Domain allowed access. ## ## # @@ -304,7 +304,7 @@ interface(`rpc_udp_send_nfs',` ##
## ## -## Domain allowed access. +## Domain allowed access. ## ## # @@ -323,7 +323,7 @@ interface(`rpc_search_nfs_state_data',` ##
## ## -## Domain allowed access. +## Domain allowed access. ## ## # diff --git a/policy/modules/services/rsync.if b/policy/modules/services/rsync.if index a363a9a..7418196 100644 --- a/policy/modules/services/rsync.if +++ b/policy/modules/services/rsync.if @@ -24,14 +24,14 @@ interface(`rsync_entry_type',` ## Execute a rsync in a specified domain. ##
## -##

+##

## Execute a rsync in a specified domain. -##

-##

-## No interprocess communication (signals, pipes, -## etc.) is provided by this interface since -## the domains are not owned by this module. -##

+##

+##

+## No interprocess communication (signals, pipes, +## etc.) is provided by this interface since +## the domains are not owned by this module. +##

##
## ## @@ -57,14 +57,14 @@ interface(`rsync_entry_spec_domtrans',` ## Execute a rsync in a specified domain. ## ## -##

+##

## Execute a rsync in a specified domain. -##

-##

-## No interprocess communication (signals, pipes, -## etc.) is provided by this interface since -## the domains are not owned by this module. -##

+##

+##

+## No interprocess communication (signals, pipes, +## etc.) is provided by this interface since +## the domains are not owned by this module. +##

##
## ## diff --git a/policy/modules/services/spamassassin.if b/policy/modules/services/spamassassin.if index 4140164..3945628 100644 --- a/policy/modules/services/spamassassin.if +++ b/policy/modules/services/spamassassin.if @@ -63,9 +63,9 @@ interface(`spamassassin_exec',` ## Singnal the spam assassin daemon ## ## -## -## The type of the process performing this action. -## +## +## The type of the process performing this action. +## ## # interface(`spamassassin_signal_spamd',` @@ -97,7 +97,7 @@ interface(`spamassassin_exec_spamd',` ######################################## ## -## Execute spamassassin client in the spamassassin client domain. +## Execute spamassassin client in the spamassassin client domain. ## ## ## @@ -191,12 +191,12 @@ interface(`spamassassin_manage_lib_files',` ######################################## ## -## Read temporary spamd file. +## Read temporary spamd file. ## ## -## -## The type of the process performing this action. -## +## +## The type of the process performing this action. +## ## # interface(`spamassassin_read_spamd_tmp_files',` @@ -213,9 +213,9 @@ interface(`spamassassin_read_spamd_tmp_files',` ## spamd sockets/ ## ## -## +## ## Domain to not audit. -## +## ## # interface(`spamassassin_dontaudit_getattr_spamd_tmp_sockets',` diff --git a/policy/modules/services/ucspitcp.if b/policy/modules/services/ucspitcp.if index 6607dcb..c1feba4 100644 --- a/policy/modules/services/ucspitcp.if +++ b/policy/modules/services/ucspitcp.if @@ -7,16 +7,16 @@ ######################################## ## -## Define a specified domain as a ucspitcp service. +## Define a specified domain as a ucspitcp service. ## ## ## -## Domain allowed access. +## Domain allowed access. ## ## ## ## -## The type associated with the process program. +## The type associated with the process program. ## ## # diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if index 43f64fc..783a19b 100644 --- a/policy/modules/services/xserver.if +++ b/policy/modules/services/xserver.if @@ -761,12 +761,12 @@ interface(`xserver_read_xdm_pid',` ######################################## ## -## Read XDM var lib files. +## Read XDM var lib files. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`xserver_read_xdm_lib_files',` diff --git a/policy/modules/system/daemontools.if b/policy/modules/system/daemontools.if index 17b5f8f..feef778 100644 --- a/policy/modules/system/daemontools.if +++ b/policy/modules/system/daemontools.if @@ -28,16 +28,16 @@ interface(`daemontools_ipc_domain',` ######################################## ## -## Define a specified domain as a supervised service. +## Define a specified domain as a supervised service. ## ## ## -## Domain allowed access. +## Domain allowed access. ## ## ## ## -## The type associated with the process program. +## The type associated with the process program. ## ## # @@ -55,11 +55,11 @@ interface(`daemontools_service_domain',` ######################################## ## -## Execute in the svc_start_t domain. +## Execute in the svc_start_t domain. ## ## ## -## Domain allowed access. +## Domain allowed access. ## ## # @@ -73,11 +73,11 @@ interface(`daemontools_domtrans_start',` ######################################## ## -## Execute in the svc_run_t domain. +## Execute in the svc_run_t domain. ## ## ## -## Domain allowed access. +## Domain allowed access. ## ## # @@ -91,11 +91,11 @@ interface(`daemontools_domtrans_run',` ######################################## ## -## Execute in the svc_multilog_t domain. +## Execute in the svc_multilog_t domain. ## ## ## -## Domain allowed access. +## Domain allowed access. ## ## # @@ -109,11 +109,11 @@ interface(`daemontools_domtrans_multilog',` ######################################## ## -## Allow a domain to read svc_svc_t files. +## Allow a domain to read svc_svc_t files. ## ## ## -## Domain allowed access. +## Domain allowed access. ## ## ## @@ -129,11 +129,11 @@ interface(`daemontools_read_svc',` ######################################## ## -## Allow a domain to create svc_svc_t files. +## Allow a domain to create svc_svc_t files. ## ## ## -## Domain allowed access. +## Domain allowed access. ## ## ## diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if index 150a28e..5f9f21e 100644 --- a/policy/modules/system/init.if +++ b/policy/modules/system/init.if @@ -666,14 +666,14 @@ interface(`init_domtrans_script',` ## Execute a init script in a specified domain. ##
## -##

+##

## Execute a init script in a specified domain. -##

-##

-## No interprocess communication (signals, pipes, -## etc.) is provided by this interface since -## the domains are not owned by this module. -##

+##

+##

+## No interprocess communication (signals, pipes, +## etc.) is provided by this interface since +## the domains are not owned by this module. +##

##
## ## @@ -1133,7 +1133,7 @@ interface(`init_rw_script_stream_sockets',` ## ## ## -## Domain allowed access. +## Domain allowed access. ## ## # @@ -1451,11 +1451,11 @@ interface(`init_dontaudit_rw_utmp',` ######################################## ## -## Create, read, write, and delete utmp. +## Create, read, write, and delete utmp. ## ## ## -## Domain access allowed. +## Domain access allowed. ## ## # diff --git a/policy/modules/system/libraries.te b/policy/modules/system/libraries.te index 794a424..cda9024 100644 --- a/policy/modules/system/libraries.te +++ b/policy/modules/system/libraries.te @@ -113,7 +113,7 @@ optional_policy(` optional_policy(` # When you install a kernel the postinstall builds a initrd image in tmp - # and executes ldconfig on it. If you dont allow this kernel installs + # and executes ldconfig on it. If you dont allow this kernel installs # blow up. rpm_manage_script_tmp_files(ldconfig_t) ') diff --git a/policy/modules/system/logging.if b/policy/modules/system/logging.if index 438d05c..59fa98b 100644 --- a/policy/modules/system/logging.if +++ b/policy/modules/system/logging.if @@ -533,12 +533,12 @@ interface(`logging_search_logs',` ####################################### ## -## Do not audit attempts to search the var log directory. +## Do not audit attempts to search the var log directory. ## ## -## -## Domain not to audit. -## +## +## Domain not to audit. +## ## # interface(`logging_dontaudit_search_logs',` diff --git a/policy/modules/system/netlabel.if b/policy/modules/system/netlabel.if index 3e35e00..55b158b 100644 --- a/policy/modules/system/netlabel.if +++ b/policy/modules/system/netlabel.if @@ -2,12 +2,12 @@ ######################################## ## -## Execute netlabel_mgmt in the netlabel_mgmt domain. +## Execute netlabel_mgmt in the netlabel_mgmt domain. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`netlabel_domtrans_mgmt',` @@ -21,13 +21,13 @@ interface(`netlabel_domtrans_mgmt',` ######################################## ## -## Execute netlabel_mgmt in the netlabel_mgmt domain, and -## allow the specified role the netlabel_mgmt domain. +## Execute netlabel_mgmt in the netlabel_mgmt domain, and +## allow the specified role the netlabel_mgmt domain. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## ## ## diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if index 21864b9..4c17059 100644 --- a/policy/modules/system/sysnetwork.if +++ b/policy/modules/system/sysnetwork.if @@ -6,7 +6,7 @@ ## ## ## -## The type of the process performing this action. +## The type of the process performing this action. ## ## # diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if index 9a9e00b..b1d572a 100644 --- a/policy/modules/system/userdomain.if +++ b/policy/modules/system/userdomain.if @@ -78,7 +78,7 @@ template(`userdom_base_user_template',` dev_dontaudit_getattr_all_chr_files($1_t) # When the user domain runs ps, there will be a number of access - # denials when ps tries to search /proc. Do not audit these denials. + # denials when ps tries to search /proc. Do not audit these denials. domain_dontaudit_read_all_domains_state($1_t) domain_dontaudit_getattr_all_domains($1_t) domain_dontaudit_getsession_all_domains($1_t) @@ -1405,11 +1405,11 @@ interface(`userdom_dontaudit_search_user_home_dirs',` ######################################## ## -## List user home directories. +## List user home directories. ## ## ## -## Domain allowed access. +## Domain allowed access. ## ## # @@ -1979,11 +1979,11 @@ interface(`userdom_user_home_dir_filetrans_user_home_content',` ######################################## ## -## Write to user temporary named sockets. +## Write to user temporary named sockets. ## ## ## -## Domain allowed access. +## Domain allowed access. ## ## #