diff --git a/policy/modules/apps/awstats.if b/policy/modules/apps/awstats.if
index 88c9090..283ff0d 100644
--- a/policy/modules/apps/awstats.if
+++ b/policy/modules/apps/awstats.if
@@ -5,12 +5,12 @@
########################################
##
-## Read and write awstats unnamed pipes.
+## Read and write awstats unnamed pipes.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`awstats_rw_pipes',`
@@ -23,12 +23,12 @@ interface(`awstats_rw_pipes',`
########################################
##
-## Execute awstats cgi scripts in the caller domain.
+## Execute awstats cgi scripts in the caller domain.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`awstats_cgi_exec',`
diff --git a/policy/modules/apps/gpg.if b/policy/modules/apps/gpg.if
index 176e01d..f6a5c8e 100644
--- a/policy/modules/apps/gpg.if
+++ b/policy/modules/apps/gpg.if
@@ -53,11 +53,11 @@ interface(`gpg_role',`
########################################
##
-## Transition to a user gpg domain.
+## Transition to a user gpg domain.
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
#
@@ -71,11 +71,11 @@ interface(`gpg_domtrans',`
########################################
##
-## Send generic signals to user gpg processes.
+## Send generic signals to user gpg processes.
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
#
diff --git a/policy/modules/apps/userhelper.if b/policy/modules/apps/userhelper.if
index c25e403..1184730 100644
--- a/policy/modules/apps/userhelper.if
+++ b/policy/modules/apps/userhelper.if
@@ -176,7 +176,7 @@ template(`userhelper_role_template',`
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
#
@@ -195,7 +195,7 @@ interface(`userhelper_search_config',`
##
##
##
-## Domain to not audit.
+## Domain to not audit.
##
##
#
@@ -213,7 +213,7 @@ interface(`userhelper_dontaudit_search_config',`
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
#
@@ -231,7 +231,7 @@ interface(`userhelper_use_fd',`
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
#
diff --git a/policy/modules/kernel/corecommands.if b/policy/modules/kernel/corecommands.if
index 7df3bde..49f2e94 100644
--- a/policy/modules/kernel/corecommands.if
+++ b/policy/modules/kernel/corecommands.if
@@ -410,35 +410,35 @@ interface(`corecmd_bin_spec_domtrans',`
########################################
##
-## Execute a file in a bin directory
-## in the specified domain.
+## Execute a file in a bin directory
+## in the specified domain.
##
##
-##
-## Execute a file in a bin directory
-## in the specified domain. This allows
-## the specified domain to execute any file
-## on these filesystems in the specified
-## domain. This is not suggested.
-##
-##
-## No interprocess communication (signals, pipes,
-## etc.) is provided by this interface since
-## the domains are not owned by this module.
-##
-##
-## This interface was added to handle
-## the ssh-agent policy.
-##
+##
+## Execute a file in a bin directory
+## in the specified domain. This allows
+## the specified domain to execute any file
+## on these filesystems in the specified
+## domain. This is not suggested.
+##
+##
+## No interprocess communication (signals, pipes,
+## etc.) is provided by this interface since
+## the domains are not owned by this module.
+##
+##
+## This interface was added to handle
+## the ssh-agent policy.
+##
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
##
##
-## The type of the new process.
+## The type of the new process.
##
##
#
diff --git a/policy/modules/kernel/corenetwork.if.in b/policy/modules/kernel/corenetwork.if.in
index e89e304..f57219f 100644
--- a/policy/modules/kernel/corenetwork.if.in
+++ b/policy/modules/kernel/corenetwork.if.in
@@ -1467,11 +1467,11 @@ interface(`corenet_udp_bind_all_unreserved_ports',`
########################################
##
-## Connect TCP sockets to reserved ports.
+## Connect TCP sockets to reserved ports.
##
##
##
-## The type of the process performing this action.
+## The type of the process performing this action.
##
##
#
@@ -1504,11 +1504,11 @@ interface(`corenet_dontaudit_tcp_connect_all_reserved_ports',`
########################################
##
-## Connect TCP sockets to rpc ports.
+## Connect TCP sockets to rpc ports.
##
##
##
-## The type of the process performing this action.
+## The type of the process performing this action.
##
##
#
@@ -1709,7 +1709,7 @@ interface(`corenet_dontaudit_non_ipsec_sendrecv',`
########################################
##
-## Receive TCP packets from a NetLabel connection.
+## Receive TCP packets from a NetLabel connection.
##
##
##
@@ -1724,7 +1724,7 @@ interface(`corenet_tcp_recv_netlabel',`
########################################
##
-## Receive TCP packets from a NetLabel connection.
+## Receive TCP packets from a NetLabel connection.
##
##
##
@@ -1743,7 +1743,7 @@ interface(`corenet_tcp_recvfrom_netlabel',`
########################################
##
-## Receive TCP packets from an unlabled connection.
+## Receive TCP packets from an unlabled connection.
##
##
##
@@ -1763,8 +1763,8 @@ interface(`corenet_tcp_recvfrom_unlabeled',`
########################################
##
-## Do not audit attempts to receive TCP packets from a NetLabel
-## connection.
+## Do not audit attempts to receive TCP packets from a NetLabel
+## connection.
##
##
##
@@ -1779,8 +1779,8 @@ interface(`corenet_dontaudit_tcp_recv_netlabel',`
########################################
##
-## Do not audit attempts to receive TCP packets from a NetLabel
-## connection.
+## Do not audit attempts to receive TCP packets from a NetLabel
+## connection.
##
##
##
@@ -1799,8 +1799,8 @@ interface(`corenet_dontaudit_tcp_recvfrom_netlabel',`
########################################
##
-## Do not audit attempts to receive TCP packets from an unlabeled
-## connection.
+## Do not audit attempts to receive TCP packets from an unlabeled
+## connection.
##
##
##
@@ -1820,7 +1820,7 @@ interface(`corenet_dontaudit_tcp_recvfrom_unlabeled',`
########################################
##
-## Receive UDP packets from a NetLabel connection.
+## Receive UDP packets from a NetLabel connection.
##
##
##
@@ -1835,7 +1835,7 @@ interface(`corenet_udp_recv_netlabel',`
########################################
##
-## Receive UDP packets from a NetLabel connection.
+## Receive UDP packets from a NetLabel connection.
##
##
##
@@ -1854,7 +1854,7 @@ interface(`corenet_udp_recvfrom_netlabel',`
########################################
##
-## Receive UDP packets from an unlabeled connection.
+## Receive UDP packets from an unlabeled connection.
##
##
##
@@ -1874,8 +1874,8 @@ interface(`corenet_udp_recvfrom_unlabeled',`
########################################
##
-## Do not audit attempts to receive UDP packets from a NetLabel
-## connection.
+## Do not audit attempts to receive UDP packets from a NetLabel
+## connection.
##
##
##
@@ -1890,8 +1890,8 @@ interface(`corenet_dontaudit_udp_recv_netlabel',`
########################################
##
-## Do not audit attempts to receive UDP packets from a NetLabel
-## connection.
+## Do not audit attempts to receive UDP packets from a NetLabel
+## connection.
##
##
##
@@ -1910,8 +1910,8 @@ interface(`corenet_dontaudit_udp_recvfrom_netlabel',`
########################################
##
-## Do not audit attempts to receive UDP packets from an unlabeled
-## connection.
+## Do not audit attempts to receive UDP packets from an unlabeled
+## connection.
##
##
##
@@ -1931,7 +1931,7 @@ interface(`corenet_dontaudit_udp_recvfrom_unlabeled',`
########################################
##
-## Receive Raw IP packets from a NetLabel connection.
+## Receive Raw IP packets from a NetLabel connection.
##
##
##
@@ -1946,7 +1946,7 @@ interface(`corenet_raw_recv_netlabel',`
########################################
##
-## Receive Raw IP packets from a NetLabel connection.
+## Receive Raw IP packets from a NetLabel connection.
##
##
##
@@ -1965,7 +1965,7 @@ interface(`corenet_raw_recvfrom_netlabel',`
########################################
##
-## Receive Raw IP packets from an unlabeled connection.
+## Receive Raw IP packets from an unlabeled connection.
##
##
##
@@ -1985,8 +1985,8 @@ interface(`corenet_raw_recvfrom_unlabeled',`
########################################
##
-## Do not audit attempts to receive Raw IP packets from a NetLabel
-## connection.
+## Do not audit attempts to receive Raw IP packets from a NetLabel
+## connection.
##
##
##
@@ -2001,8 +2001,8 @@ interface(`corenet_dontaudit_raw_recv_netlabel',`
########################################
##
-## Do not audit attempts to receive Raw IP packets from a NetLabel
-## connection.
+## Do not audit attempts to receive Raw IP packets from a NetLabel
+## connection.
##
##
##
@@ -2021,8 +2021,8 @@ interface(`corenet_dontaudit_raw_recvfrom_netlabel',`
########################################
##
-## Do not audit attempts to receive Raw IP packets from an unlabeled
-## connection.
+## Do not audit attempts to receive Raw IP packets from an unlabeled
+## connection.
##
##
##
@@ -2042,7 +2042,7 @@ interface(`corenet_dontaudit_raw_recvfrom_unlabeled',`
########################################
##
-## Receive packets from an unlabeled connection.
+## Receive packets from an unlabeled connection.
##
##
##
@@ -2064,7 +2064,7 @@ interface(`corenet_all_recvfrom_unlabeled',`
########################################
##
-## Receive packets from a NetLabel connection.
+## Receive packets from a NetLabel connection.
##
##
##
@@ -2083,7 +2083,7 @@ interface(`corenet_all_recvfrom_netlabel',`
########################################
##
-## Do not audit attempts to receive packets from an unlabeled connection.
+## Do not audit attempts to receive packets from an unlabeled connection.
##
##
##
@@ -2105,8 +2105,8 @@ interface(`corenet_dontaudit_all_recvfrom_unlabeled',`
########################################
##
-## Do not audit attempts to receive packets from a NetLabel
-## connection.
+## Do not audit attempts to receive packets from a NetLabel
+## connection.
##
##
##
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index a1173fd..f0f7089 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -1842,11 +1842,11 @@ interface(`dev_read_mouse',`
########################################
##
-## Read and write to mouse devices.
+## Read and write to mouse devices.
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
#
diff --git a/policy/modules/kernel/domain.if b/policy/modules/kernel/domain.if
index 8fcf126..7316b09 100644
--- a/policy/modules/kernel/domain.if
+++ b/policy/modules/kernel/domain.if
@@ -1221,7 +1221,7 @@ interface(`domain_mmap_all_entry_files',`
##
##
##
-## The type of the new process.
+## The type of the new process.
##
##
#
@@ -1237,9 +1237,9 @@ interface(`domain_entry_file_spec_domtrans',`
########################################
##
## Ability to mmap a low area of the address space,
-## as configured by /proc/sys/kernel/mmap_min_addr.
-## Preventing such mappings helps protect against
-## exploiting null deref bugs in the kernel.
+## as configured by /proc/sys/kernel/mmap_min_addr.
+## Preventing such mappings helps protect against
+## exploiting null deref bugs in the kernel.
##
##
##
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 97a406c..282a1cf 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -1544,12 +1544,12 @@ interface(`files_manage_boot_symlinks',`
########################################
##
-## Read kernel files in the /boot directory.
+## Read kernel files in the /boot directory.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`files_read_kernel_img',`
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index 7526c4b..98607ab 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -1250,12 +1250,12 @@ interface(`fs_read_eventpollfs',`
########################################
##
-## Mount a FUSE filesystem.
+## Mount a FUSE filesystem.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`fs_mount_fusefs',`
@@ -1268,12 +1268,12 @@ interface(`fs_mount_fusefs',`
########################################
##
-## Unmount a FUSE filesystem.
+## Unmount a FUSE filesystem.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`fs_unmount_fusefs',`
@@ -1722,7 +1722,7 @@ interface(`fs_read_nfs_named_sockets',`
#########################################
##
-## Read named pipes on a NFS network filesystem.
+## Read named pipes on a NFS network filesystem.
##
##
##
diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
index 111596b..1879be0 100644
--- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if
@@ -2297,12 +2297,12 @@ interface(`kernel_dontaudit_sendrecv_unlabeled_association',`
########################################
##
-## Receive TCP packets from an unlabeled connection.
+## Receive TCP packets from an unlabeled connection.
##
##
##
-## Receive TCP packets from an unlabeled connection.
-##
+## Receive TCP packets from an unlabeled connection.
+##
##
## The corenetwork interface corenet_tcp_recv_unlabeled() should
## be used instead of this one.
@@ -2324,14 +2324,14 @@ interface(`kernel_tcp_recvfrom_unlabeled',`
########################################
##
-## Do not audit attempts to receive TCP packets from an unlabeled
+## Do not audit attempts to receive TCP packets from an unlabeled
## connection.
##
##
##
-## Do not audit attempts to receive TCP packets from an unlabeled
+## Do not audit attempts to receive TCP packets from an unlabeled
## connection.
-##
+##
##
## The corenetwork interface corenet_dontaudit_tcp_recv_unlabeled()
## should be used instead of this one.
@@ -2353,12 +2353,12 @@ interface(`kernel_dontaudit_tcp_recvfrom_unlabeled',`
########################################
##
-## Receive UDP packets from an unlabeled connection.
+## Receive UDP packets from an unlabeled connection.
##
##
##
-## Receive UDP packets from an unlabeled connection.
-##
+## Receive UDP packets from an unlabeled connection.
+##
##
## The corenetwork interface corenet_udp_recv_unlabeled() should
## be used instead of this one.
@@ -2380,14 +2380,14 @@ interface(`kernel_udp_recvfrom_unlabeled',`
########################################
##
-## Do not audit attempts to receive UDP packets from an unlabeled
+## Do not audit attempts to receive UDP packets from an unlabeled
## connection.
##
##
##
-## Do not audit attempts to receive UDP packets from an unlabeled
+## Do not audit attempts to receive UDP packets from an unlabeled
## connection.
-##
+##
##
## The corenetwork interface corenet_dontaudit_udp_recv_unlabeled()
## should be used instead of this one.
@@ -2409,12 +2409,12 @@ interface(`kernel_dontaudit_udp_recvfrom_unlabeled',`
########################################
##
-## Receive Raw IP packets from an unlabeled connection.
+## Receive Raw IP packets from an unlabeled connection.
##
##
##
-## Receive Raw IP packets from an unlabeled connection.
-##
+## Receive Raw IP packets from an unlabeled connection.
+##
##
## The corenetwork interface corenet_raw_recv_unlabeled() should
## be used instead of this one.
@@ -2436,14 +2436,14 @@ interface(`kernel_raw_recvfrom_unlabeled',`
########################################
##
-## Do not audit attempts to receive Raw IP packets from an unlabeled
+## Do not audit attempts to receive Raw IP packets from an unlabeled
## connection.
##
##
##
-## Do not audit attempts to receive Raw IP packets from an unlabeled
+## Do not audit attempts to receive Raw IP packets from an unlabeled
## connection.
-##
+##
##
## The corenetwork interface corenet_dontaudit_raw_recv_unlabeled()
## should be used instead of this one.
@@ -2500,7 +2500,7 @@ interface(`kernel_sendrecv_unlabeled_packets',`
##
##
## Receive packets from an unlabeled peer, these packets do not have any
-## peer labeling information present.
+## peer labeling information present.
##
##
## The corenetwork interface corenet_recvfrom_unlabeled_peer() should
@@ -2528,7 +2528,7 @@ interface(`kernel_recvfrom_unlabeled_peer',`
##
##
## Do not audit attempts to receive packets from an unlabeled peer,
-## these packets do not have any peer labeling information present.
+## these packets do not have any peer labeling information present.
##
##
## The corenetwork interface corenet_dontaudit_*_recvfrom_unlabeled()
@@ -2551,12 +2551,12 @@ interface(`kernel_dontaudit_recvfrom_unlabeled_peer',`
########################################
##
-## Relabel from unlabeled database objects.
+## Relabel from unlabeled database objects.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`kernel_relabelfrom_unlabeled_database',`
diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
index b55e518..76310db 100644
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@@ -304,7 +304,7 @@ optional_policy(`
')
optional_policy(`
- # nfs kernel server needs kernel UDP access. It is less risky and painful
+ # nfs kernel server needs kernel UDP access. It is less risky and painful
# to just give it everything.
allow kernel_t self:tcp_socket create_stream_socket_perms;
allow kernel_t self:udp_socket create_socket_perms;
diff --git a/policy/modules/kernel/mls.if b/policy/modules/kernel/mls.if
index f152565..c2706de 100644
--- a/policy/modules/kernel/mls.if
+++ b/policy/modules/kernel/mls.if
@@ -822,13 +822,13 @@ interface(`mls_context_translate_all_levels',`
########################################
##
-## Make specified domain MLS trusted
-## for reading from databases at any level.
+## Make specified domain MLS trusted
+## for reading from databases at any level.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
##
#
@@ -842,13 +842,13 @@ interface(`mls_db_read_all_levels',`
########################################
##
-## Make specified domain MLS trusted
-## for writing to databases at any level.
+## Make specified domain MLS trusted
+## for writing to databases at any level.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
##
#
@@ -862,13 +862,13 @@ interface(`mls_db_write_all_levels',`
########################################
##
-## Make specified domain MLS trusted
-## for raising the level of databases.
+## Make specified domain MLS trusted
+## for raising the level of databases.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
##
#
@@ -882,13 +882,13 @@ interface(`mls_db_upgrade',`
########################################
##
-## Make specified domain MLS trusted
-## for lowering the level of databases.
+## Make specified domain MLS trusted
+## for lowering the level of databases.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
##
#
@@ -901,14 +901,14 @@ interface(`mls_db_downgrade',`
')
########################################
##
-## Make specified domain MLS trusted
-## for sending dbus messages to
+## Make specified domain MLS trusted
+## for sending dbus messages to
## all levels.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
##
#
@@ -922,14 +922,14 @@ interface(`mls_dbus_send_all_levels',`
########################################
##
-## Make specified domain MLS trusted
-## for receiving dbus messages from
+## Make specified domain MLS trusted
+## for receiving dbus messages from
## all levels.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
##
#
diff --git a/policy/modules/kernel/storage.if b/policy/modules/kernel/storage.if
index f20d0a8..ca956ac 100644
--- a/policy/modules/kernel/storage.if
+++ b/policy/modules/kernel/storage.if
@@ -172,15 +172,15 @@ interface(`storage_dontaudit_write_fixed_disk',`
########################################
##
-## Allow the caller to directly read and write to a fixed disk.
-## This is extremly dangerous as it can bypass the
-## SELinux protections for filesystem objects, and
-## should only be used by trusted domains.
+## Allow the caller to directly read and write to a fixed disk.
+## This is extremly dangerous as it can bypass the
+## SELinux protections for filesystem objects, and
+## should only be used by trusted domains.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`storage_raw_rw_fixed_disk',`
diff --git a/policy/modules/services/aide.if b/policy/modules/services/aide.if
index 43d0eb8..23d7889 100644
--- a/policy/modules/services/aide.if
+++ b/policy/modules/services/aide.if
@@ -2,12 +2,12 @@
########################################
##
-## Execute aide in the aide domain
+## Execute aide in the aide domain
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`aide_domtrans',`
diff --git a/policy/modules/services/bind.te b/policy/modules/services/bind.te
index 72f6279..fdc9e9a 100644
--- a/policy/modules/services/bind.te
+++ b/policy/modules/services/bind.te
@@ -174,7 +174,7 @@ optional_policy(`
optional_policy(`
# this seems like fds that arent being
- # closed. these should probably be
+ # closed. these should probably be
# dontaudits instead.
networkmanager_rw_udp_sockets(named_t)
networkmanager_rw_packet_sockets(named_t)
diff --git a/policy/modules/services/bitlbee.if b/policy/modules/services/bitlbee.if
index 293f0fd..ed4e7a2 100644
--- a/policy/modules/services/bitlbee.if
+++ b/policy/modules/services/bitlbee.if
@@ -2,12 +2,12 @@
########################################
##
-## Read bitlbee configuration files
+## Read bitlbee configuration files
##
##
-##
-## Domain allowed accesss.
-##
+##
+## Domain allowed accesss.
+##
##
#
interface(`bitlbee_read_config',`
diff --git a/policy/modules/services/clockspeed.if b/policy/modules/services/clockspeed.if
index ad7c914..7762be6 100644
--- a/policy/modules/services/clockspeed.if
+++ b/policy/modules/services/clockspeed.if
@@ -2,12 +2,12 @@
########################################
##
-## Execute clockspeed utilities in the clockspeed_cli domain.
+## Execute clockspeed utilities in the clockspeed_cli domain.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`clockspeed_domtrans_cli',`
diff --git a/policy/modules/services/cyrus.if b/policy/modules/services/cyrus.if
index ff8f24d..e4e86d0 100644
--- a/policy/modules/services/cyrus.if
+++ b/policy/modules/services/cyrus.if
@@ -7,7 +7,7 @@
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
#
diff --git a/policy/modules/services/djbdns.if b/policy/modules/services/djbdns.if
index eec46ce..69f9735 100644
--- a/policy/modules/services/djbdns.if
+++ b/policy/modules/services/djbdns.if
@@ -2,12 +2,12 @@
########################################
##
-## Create a set of derived types for djbdns
+## Create a set of derived types for djbdns
## components that are directly supervised by daemontools.
##
##
##
-## The prefix to be used for deriving type names.
+## The prefix to be used for deriving type names.
##
##
#
diff --git a/policy/modules/services/dovecot.if b/policy/modules/services/dovecot.if
index 4341ce1..7771a8f 100644
--- a/policy/modules/services/dovecot.if
+++ b/policy/modules/services/dovecot.if
@@ -21,12 +21,12 @@ interface(`dovecot_manage_spool',`
########################################
##
-## Do not audit attempts to delete dovecot lib files.
+## Do not audit attempts to delete dovecot lib files.
##
##
-##
-## Domain to not audit.
-##
+##
+## Domain to not audit.
+##
##
#
interface(`dovecot_dontaudit_unlink_lib_files',`
diff --git a/policy/modules/services/ftp.if b/policy/modules/services/ftp.if
index b593224..44fe88a 100644
--- a/policy/modules/services/ftp.if
+++ b/policy/modules/services/ftp.if
@@ -2,11 +2,11 @@
########################################
##
-## Use ftp by connecting over TCP. (Deprecated)
+## Use ftp by connecting over TCP. (Deprecated)
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
#
@@ -16,11 +16,11 @@ interface(`ftp_tcp_connect',`
########################################
##
-## Read ftpd etc files
+## Read ftpd etc files
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
#
@@ -35,11 +35,11 @@ interface(`ftp_read_config',`
########################################
##
-## Execute FTP daemon entry point programs.
+## Execute FTP daemon entry point programs.
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
#
@@ -54,11 +54,11 @@ interface(`ftp_check_exec',`
########################################
##
-## Read FTP transfer logs
+## Read FTP transfer logs
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
#
@@ -73,12 +73,12 @@ interface(`ftp_read_log',`
########################################
##
-## Execute the ftpdctl program in the ftpdctl domain.
+## Execute the ftpdctl program in the ftpdctl domain.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`ftp_domtrans_ftpdctl',`
diff --git a/policy/modules/services/lpd.if b/policy/modules/services/lpd.if
index 5a7046d..9c1c7cf 100644
--- a/policy/modules/services/lpd.if
+++ b/policy/modules/services/lpd.if
@@ -177,11 +177,11 @@ interface(`lpd_read_config',`
########################################
##
-## Transition to a user lpr domain.
+## Transition to a user lpr domain.
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
#
diff --git a/policy/modules/services/mta.if b/policy/modules/services/mta.if
index 1709743..1698b82 100644
--- a/policy/modules/services/mta.if
+++ b/policy/modules/services/mta.if
@@ -374,14 +374,14 @@ interface(`mta_send_mail',`
## Execute send mail in a specified domain.
##
##
-##
+##
## Execute send mail in a specified domain.
-##
-##
-## No interprocess communication (signals, pipes,
-## etc.) is provided by this interface since
-## the domains are not owned by this module.
-##
+##
+##
+## No interprocess communication (signals, pipes,
+## etc.) is provided by this interface since
+## the domains are not owned by this module.
+##
##
##
##
diff --git a/policy/modules/services/nscd.if b/policy/modules/services/nscd.if
index 33ce3da..5cef4f7 100644
--- a/policy/modules/services/nscd.if
+++ b/policy/modules/services/nscd.if
@@ -108,7 +108,7 @@ interface(`nscd_shm_use',`
allow $1 nscd_t:fd use;
# cjp: these were originally inherited from the
- # nscd_socket_domain macro. need to investigate
+ # nscd_socket_domain macro. need to investigate
# if they are all actually required
allow $1 self:unix_stream_socket create_stream_socket_perms;
allow $1 nscd_t:unix_stream_socket connectto;
diff --git a/policy/modules/services/postgresql.if b/policy/modules/services/postgresql.if
index ab0a43c..65ff43b 100644
--- a/policy/modules/services/postgresql.if
+++ b/policy/modules/services/postgresql.if
@@ -2,17 +2,17 @@
#######################################
##
-## Role access for SE-PostgreSQL.
+## Role access for SE-PostgreSQL.
##
##
-##
-## The role associated with the user domain.
-##
+##
+## The role associated with the user domain.
+##
##
##
##
-## The type of the user domain.
-##
+## The type of the user domain.
+##
##
#
interface(`postgresql_role',`
@@ -72,12 +72,12 @@ interface(`postgresql_role',`
########################################
##
-## Marks as a SE-PostgreSQL loadable shared library module
+## Marks as a SE-PostgreSQL loadable shared library module
##
##
-##
-## Type marked as a database object type.
-##
+##
+## Type marked as a database object type.
+##
##
#
interface(`postgresql_loadable_module',`
@@ -90,12 +90,12 @@ interface(`postgresql_loadable_module',`
########################################
##
-## Marks as a SE-PostgreSQL database object type
+## Marks as a SE-PostgreSQL database object type
##
##
-##
-## Type marked as a database object type.
-##
+##
+## Type marked as a database object type.
+##
##
#
interface(`postgresql_database_object',`
@@ -108,12 +108,12 @@ interface(`postgresql_database_object',`
########################################
##
-## Marks as a SE-PostgreSQL table/column/tuple object type
+## Marks as a SE-PostgreSQL table/column/tuple object type
##
##
-##
-## Type marked as a table/column/tuple object type.
-##
+##
+## Type marked as a table/column/tuple object type.
+##
##
#
interface(`postgresql_table_object',`
@@ -126,12 +126,12 @@ interface(`postgresql_table_object',`
########################################
##
-## Marks as a SE-PostgreSQL system table/column/tuple object type
+## Marks as a SE-PostgreSQL system table/column/tuple object type
##
##
-##
-## Type marked as a table/column/tuple object type.
-##
+##
+## Type marked as a table/column/tuple object type.
+##
##
#
interface(`postgresql_system_table_object',`
@@ -145,12 +145,12 @@ interface(`postgresql_system_table_object',`
########################################
##
-## Marks as a SE-PostgreSQL procedure object type
+## Marks as a SE-PostgreSQL procedure object type
##
##
-##
-## Type marked as a database object type.
-##
+##
+## Type marked as a database object type.
+##
##
#
interface(`postgresql_procedure_object',`
@@ -163,12 +163,12 @@ interface(`postgresql_procedure_object',`
########################################
##
-## Marks as a SE-PostgreSQL binary large object type
+## Marks as a SE-PostgreSQL binary large object type
##
##
-##
-## Type marked as a database binary large object type.
-##
+##
+## Type marked as a database binary large object type.
+##
##
#
interface(`postgresql_blob_object',`
@@ -302,13 +302,13 @@ interface(`postgresql_stream_connect',`
########################################
##
-## Allow the specified domain unprivileged accesses to unifined database objects
+## Allow the specified domain unprivileged accesses to unifined database objects
## managed by SE-PostgreSQL,
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`postgresql_unpriv_client',`
@@ -335,13 +335,13 @@ interface(`postgresql_unpriv_client',`
########################################
##
-## Allow the specified domain unconfined accesses to any database objects
+## Allow the specified domain unconfined accesses to any database objects
## managed by SE-PostgreSQL,
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`postgresql_unconfined',`
diff --git a/policy/modules/services/postgrey.if b/policy/modules/services/postgrey.if
index 78972de..3927880 100644
--- a/policy/modules/services/postgrey.if
+++ b/policy/modules/services/postgrey.if
@@ -2,12 +2,12 @@
########################################
##
-## Write to postgrey socket
+## Write to postgrey socket
##
##
-##
-## Domain allowed to talk to postgrey
-##
+##
+## Domain allowed to talk to postgrey
+##
##
#
interface(`postgrey_stream_connect',`
@@ -22,12 +22,12 @@ interface(`postgrey_stream_connect',`
########################################
##
-## Search the spool directory
+## Search the spool directory
##
##
-##
-## Domain allowed access
-##
+##
+## Domain allowed access
+##
##
#
interface(`postgrey_search_spool',`
diff --git a/policy/modules/services/rpc.if b/policy/modules/services/rpc.if
index 96d25ad..cc2227d 100644
--- a/policy/modules/services/rpc.if
+++ b/policy/modules/services/rpc.if
@@ -118,11 +118,11 @@ template(`rpc_domain_template', `
########################################
##
-## Send UDP network traffic to rpc and recieve UDP traffic from rpc. (Deprecated)
+## Send UDP network traffic to rpc and recieve UDP traffic from rpc. (Deprecated)
##
##
##
-## The type of the process performing this action.
+## The type of the process performing this action.
##
##
#
@@ -132,12 +132,12 @@ interface(`rpc_udp_send',`
########################################
##
-## Do not audit attempts to get the attributes
+## Do not audit attempts to get the attributes
## of the NFS export file.
##
##
##
-## The type of the process performing this action.
+## The type of the process performing this action.
##
##
#
@@ -151,11 +151,11 @@ interface(`rpc_dontaudit_getattr_exports',`
########################################
##
-## Allow read access to exports.
+## Allow read access to exports.
##
##
##
-## The type of the process performing this action.
+## The type of the process performing this action.
##
##
#
@@ -169,11 +169,11 @@ interface(`rpc_read_exports',`
########################################
##
-## Allow write access to exports.
+## Allow write access to exports.
##
##
##
-## The type of the process performing this action.
+## The type of the process performing this action.
##
##
#
@@ -187,11 +187,11 @@ interface(`rpc_write_exports',`
########################################
##
-## Execute domain in nfsd domain.
+## Execute domain in nfsd domain.
##
##
##
-## The type of the process performing this action.
+## The type of the process performing this action.
##
##
#
@@ -205,11 +205,11 @@ interface(`rpc_domtrans_nfsd',`
########################################
##
-## Read NFS exported content.
+## Read NFS exported content.
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
##
@@ -226,11 +226,11 @@ interface(`rpc_read_nfs_content',`
########################################
##
-## Allow domain to create read and write NFS directories.
+## Allow domain to create read and write NFS directories.
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
##
@@ -247,11 +247,11 @@ interface(`rpc_manage_nfs_rw_content',`
########################################
##
-## Allow domain to create read and write NFS directories.
+## Allow domain to create read and write NFS directories.
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
##
@@ -268,11 +268,11 @@ interface(`rpc_manage_nfs_ro_content',`
########################################
##
-## Allow domain to read and write to an NFS UDP socket.
+## Allow domain to read and write to an NFS UDP socket.
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
#
@@ -290,7 +290,7 @@ interface(`rpc_udp_rw_nfs_sockets',`
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
#
@@ -304,7 +304,7 @@ interface(`rpc_udp_send_nfs',`
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
#
@@ -323,7 +323,7 @@ interface(`rpc_search_nfs_state_data',`
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
#
diff --git a/policy/modules/services/rsync.if b/policy/modules/services/rsync.if
index a363a9a..7418196 100644
--- a/policy/modules/services/rsync.if
+++ b/policy/modules/services/rsync.if
@@ -24,14 +24,14 @@ interface(`rsync_entry_type',`
## Execute a rsync in a specified domain.
##
##
-##
+##
## Execute a rsync in a specified domain.
-##
-##
-## No interprocess communication (signals, pipes,
-## etc.) is provided by this interface since
-## the domains are not owned by this module.
-##
+##
+##
+## No interprocess communication (signals, pipes,
+## etc.) is provided by this interface since
+## the domains are not owned by this module.
+##
##
##
##
@@ -57,14 +57,14 @@ interface(`rsync_entry_spec_domtrans',`
## Execute a rsync in a specified domain.
##
##
-##
+##
## Execute a rsync in a specified domain.
-##
-##
-## No interprocess communication (signals, pipes,
-## etc.) is provided by this interface since
-## the domains are not owned by this module.
-##
+##
+##
+## No interprocess communication (signals, pipes,
+## etc.) is provided by this interface since
+## the domains are not owned by this module.
+##
##
##
##
diff --git a/policy/modules/services/spamassassin.if b/policy/modules/services/spamassassin.if
index 4140164..3945628 100644
--- a/policy/modules/services/spamassassin.if
+++ b/policy/modules/services/spamassassin.if
@@ -63,9 +63,9 @@ interface(`spamassassin_exec',`
## Singnal the spam assassin daemon
##
##
-##
-## The type of the process performing this action.
-##
+##
+## The type of the process performing this action.
+##
##
#
interface(`spamassassin_signal_spamd',`
@@ -97,7 +97,7 @@ interface(`spamassassin_exec_spamd',`
########################################
##
-## Execute spamassassin client in the spamassassin client domain.
+## Execute spamassassin client in the spamassassin client domain.
##
##
##
@@ -191,12 +191,12 @@ interface(`spamassassin_manage_lib_files',`
########################################
##
-## Read temporary spamd file.
+## Read temporary spamd file.
##
##
-##
-## The type of the process performing this action.
-##
+##
+## The type of the process performing this action.
+##
##
#
interface(`spamassassin_read_spamd_tmp_files',`
@@ -213,9 +213,9 @@ interface(`spamassassin_read_spamd_tmp_files',`
## spamd sockets/
##
##
-##
+##
## Domain to not audit.
-##
+##
##
#
interface(`spamassassin_dontaudit_getattr_spamd_tmp_sockets',`
diff --git a/policy/modules/services/ucspitcp.if b/policy/modules/services/ucspitcp.if
index 6607dcb..c1feba4 100644
--- a/policy/modules/services/ucspitcp.if
+++ b/policy/modules/services/ucspitcp.if
@@ -7,16 +7,16 @@
########################################
##
-## Define a specified domain as a ucspitcp service.
+## Define a specified domain as a ucspitcp service.
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
##
##
-## The type associated with the process program.
+## The type associated with the process program.
##
##
#
diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if
index 43f64fc..783a19b 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -761,12 +761,12 @@ interface(`xserver_read_xdm_pid',`
########################################
##
-## Read XDM var lib files.
+## Read XDM var lib files.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`xserver_read_xdm_lib_files',`
diff --git a/policy/modules/system/daemontools.if b/policy/modules/system/daemontools.if
index 17b5f8f..feef778 100644
--- a/policy/modules/system/daemontools.if
+++ b/policy/modules/system/daemontools.if
@@ -28,16 +28,16 @@ interface(`daemontools_ipc_domain',`
########################################
##
-## Define a specified domain as a supervised service.
+## Define a specified domain as a supervised service.
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
##
##
-## The type associated with the process program.
+## The type associated with the process program.
##
##
#
@@ -55,11 +55,11 @@ interface(`daemontools_service_domain',`
########################################
##
-## Execute in the svc_start_t domain.
+## Execute in the svc_start_t domain.
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
#
@@ -73,11 +73,11 @@ interface(`daemontools_domtrans_start',`
########################################
##
-## Execute in the svc_run_t domain.
+## Execute in the svc_run_t domain.
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
#
@@ -91,11 +91,11 @@ interface(`daemontools_domtrans_run',`
########################################
##
-## Execute in the svc_multilog_t domain.
+## Execute in the svc_multilog_t domain.
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
#
@@ -109,11 +109,11 @@ interface(`daemontools_domtrans_multilog',`
########################################
##
-## Allow a domain to read svc_svc_t files.
+## Allow a domain to read svc_svc_t files.
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
##
@@ -129,11 +129,11 @@ interface(`daemontools_read_svc',`
########################################
##
-## Allow a domain to create svc_svc_t files.
+## Allow a domain to create svc_svc_t files.
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
##
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index 150a28e..5f9f21e 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -666,14 +666,14 @@ interface(`init_domtrans_script',`
## Execute a init script in a specified domain.
##
##
-##
+##
## Execute a init script in a specified domain.
-##
-##
-## No interprocess communication (signals, pipes,
-## etc.) is provided by this interface since
-## the domains are not owned by this module.
-##
+##
+##
+## No interprocess communication (signals, pipes,
+## etc.) is provided by this interface since
+## the domains are not owned by this module.
+##
##
##
##
@@ -1133,7 +1133,7 @@ interface(`init_rw_script_stream_sockets',`
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
#
@@ -1451,11 +1451,11 @@ interface(`init_dontaudit_rw_utmp',`
########################################
##
-## Create, read, write, and delete utmp.
+## Create, read, write, and delete utmp.
##
##
##
-## Domain access allowed.
+## Domain access allowed.
##
##
#
diff --git a/policy/modules/system/libraries.te b/policy/modules/system/libraries.te
index 794a424..cda9024 100644
--- a/policy/modules/system/libraries.te
+++ b/policy/modules/system/libraries.te
@@ -113,7 +113,7 @@ optional_policy(`
optional_policy(`
# When you install a kernel the postinstall builds a initrd image in tmp
- # and executes ldconfig on it. If you dont allow this kernel installs
+ # and executes ldconfig on it. If you dont allow this kernel installs
# blow up.
rpm_manage_script_tmp_files(ldconfig_t)
')
diff --git a/policy/modules/system/logging.if b/policy/modules/system/logging.if
index 438d05c..59fa98b 100644
--- a/policy/modules/system/logging.if
+++ b/policy/modules/system/logging.if
@@ -533,12 +533,12 @@ interface(`logging_search_logs',`
#######################################
##
-## Do not audit attempts to search the var log directory.
+## Do not audit attempts to search the var log directory.
##
##
-##
-## Domain not to audit.
-##
+##
+## Domain not to audit.
+##
##
#
interface(`logging_dontaudit_search_logs',`
diff --git a/policy/modules/system/netlabel.if b/policy/modules/system/netlabel.if
index 3e35e00..55b158b 100644
--- a/policy/modules/system/netlabel.if
+++ b/policy/modules/system/netlabel.if
@@ -2,12 +2,12 @@
########################################
##
-## Execute netlabel_mgmt in the netlabel_mgmt domain.
+## Execute netlabel_mgmt in the netlabel_mgmt domain.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
#
interface(`netlabel_domtrans_mgmt',`
@@ -21,13 +21,13 @@ interface(`netlabel_domtrans_mgmt',`
########################################
##
-## Execute netlabel_mgmt in the netlabel_mgmt domain, and
-## allow the specified role the netlabel_mgmt domain.
+## Execute netlabel_mgmt in the netlabel_mgmt domain, and
+## allow the specified role the netlabel_mgmt domain.
##
##
-##
-## Domain allowed access.
-##
+##
+## Domain allowed access.
+##
##
##
##
diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if
index 21864b9..4c17059 100644
--- a/policy/modules/system/sysnetwork.if
+++ b/policy/modules/system/sysnetwork.if
@@ -6,7 +6,7 @@
##
##
##
-## The type of the process performing this action.
+## The type of the process performing this action.
##
##
#
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 9a9e00b..b1d572a 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -78,7 +78,7 @@ template(`userdom_base_user_template',`
dev_dontaudit_getattr_all_chr_files($1_t)
# When the user domain runs ps, there will be a number of access
- # denials when ps tries to search /proc. Do not audit these denials.
+ # denials when ps tries to search /proc. Do not audit these denials.
domain_dontaudit_read_all_domains_state($1_t)
domain_dontaudit_getattr_all_domains($1_t)
domain_dontaudit_getsession_all_domains($1_t)
@@ -1405,11 +1405,11 @@ interface(`userdom_dontaudit_search_user_home_dirs',`
########################################
##
-## List user home directories.
+## List user home directories.
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
#
@@ -1979,11 +1979,11 @@ interface(`userdom_user_home_dir_filetrans_user_home_content',`
########################################
##
-## Write to user temporary named sockets.
+## Write to user temporary named sockets.
##
##
##
-## Domain allowed access.
+## Domain allowed access.
##
##
#