rpms/selinux-policy/devel booleans-strict.conf, NONE, 1.1 modules-strict.conf, NONE, 1.1 setrans-strict.conf, NONE, 1.1 seusers-strict, NONE, 1.1
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Jan 24 15:41:49 UTC 2006
- Previous message (by thread): rpms/selinux-policy/devel .cvsignore,1.27,1.28 sources,1.30,1.31
- Next message (by thread): rpms/postfix/devel .cvsignore, 1.16, 1.17 postfix.spec, 1.35, 1.36 sources, 1.16, 1.17
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv6504
Added Files:
booleans-strict.conf modules-strict.conf setrans-strict.conf
seusers-strict
Log Message:
* Mon Jan 23 2006 Dan Walsh <dwalsh at redhat.com> 2.2.4-1
- Update to upstream
--- NEW FILE booleans-strict.conf ---
# Allow making anonymous memory executable, e.g.for runtime-code generation or executable stack.
#
allow_execmem = false
# Allow making a modified private filemapping executable (text relocation).
#
allow_execmod = false
# Allow making the stack executable via mprotect.Also requires allow_execmem.
#
allow_execstack = false
# Allow ftp servers to modify public filesused for public file transfer services.
#
allow_ftpd_anon_write = false
# Allow gssd to read temp directory.
#
allow_gssd_read_tmp = false
# Allow Apache to modify public filesused for public file transfer services.
#
allow_httpd_anon_write = false
# Allow system to run with kerberos
#
allow_kerberos = true
# Allow rsync to modify public filesused for public file transfer services.
#
allow_rsync_anon_write = false
# Allow sasl to read shadow
#
allow_saslauthd_read_shadow = false
# Allow samba to modify public filesused for public file transfer services.
#
allow_smbd_anon_write = false
# Allow sysadm to ptrace all processes
#
allow_ptrace = false
# Allow system to run with NIS
#
allow_ypbind = false
# Enable extra rules in the cron domainto support fcron.
#
fcron_crond = false
# Allow ftp to read and write files in the user home directories
#
ftp_home_dir = false
# Allow ftpd to run directly without inetd
#
ftpd_is_daemon = true
# Allow httpd to use built in scripting (usually php)
#
httpd_builtin_scripting = false
# Allow http daemon to tcp connect
#
httpd_can_network_connect = false
# Allow httpd cgi support
#
httpd_enable_cgi = false
# Allow httpd to act as a FTP server bylistening on the ftp port.
#
httpd_enable_ftp_server = false
# Allow httpd to read home directories
#
httpd_enable_homedirs = false
# Run SSI execs in system CGI script domain.
#
httpd_ssi_exec = false
# Allow http daemon to communicate with the TTY
#
httpd_tty_comm = false
# Run CGI in the main httpd domain
#
httpd_unified = false
# Allow BIND to write the master zone files.Generally this is used for dynamic DNS.
#
named_write_master_zones = false
# Allow nfs to be exported read/write.
#
nfs_export_all_rw = false
# Allow nfs to be exported read only
#
nfs_export_all_ro = false
# Allow pppd to load kernel modules for certain modems
#
pppd_can_insmod = false
# Allow reading of default_t files.
#
read_default_t = false
# Allow ssh to run from inetd instead of as a daemon.
#
run_ssh_inetd = false
# Allow samba to export user home directories.
#
samba_enable_home_dirs = false
# Allow squid to connect to all ports, not justHTTP, FTP, and Gopher ports.
#
squid_connect_any = false
# Allow ssh logins as sysadm_r:sysadm_t
#
ssh_sysadm_login = false
# Configure stunnel to be a standalone daemon orinetd service.
#
stunnel_is_daemon = false
# Support NFS home directories
#
use_nfs_home_dirs = false
# Support SAMBA home directories
#
use_samba_home_dirs = false
# Control users use of ping and traceroute
#
user_ping = false
# Allow gpg executable stack
#
allow_gpg_execstack = false
# allow host key based authentication
#
allow_ssh_keysign = false
# Allow users to connect to mysql
#
allow_user_mysql_connect = false
# Allow system cron jobs to relabel filesystemfor restoring file contexts.
#
cron_can_relabel = false
# Allow pppd to be run for a regular user
#
pppd_for_user = false
# Allow applications to read untrusted contentIf this is disallowed, Internet content hasto be manually relabeled for read access to be granted
#
read_untrusted_content = false
# Allow user spamassassin clients to use the network.
#
spamassassin_can_network = false
# Allow staff_r users to search the sysadm homedir and read files (such as ~/.bashrc)
#
staff_read_sysadm_file = false
# Allow regular users direct mouse access
#
user_direct_mouse = false
# Allow users to read system messages.
#
user_dmesg = false
# Allow users to control network interfaces(also needs USERCTL=true)
#
user_net_control = false
# Allow user to r/w files on filesystemsthat do not have extended attributes (FAT, CDROM, FLOPPY)
#
user_rw_noexattrfile = false
# Allow users to rw usb devices
#
user_rw_usb = false
# Allow users to run TCP servers (bind to ports and accept connection fromthe same domain and outside users) disabling this forces FTP passive modeand may change other protocols.
#
user_tcp_server = false
# Allow w to display everyone
#
user_ttyfile_stat = false
# Allow applications to write untrusted contentIf this is disallowed, no Internet contentwill be stored.
#
write_untrusted_content = false
--- NEW FILE modules-strict.conf ---
#
# This file contains a listing of available modules.
# To prevent a module from being used in policy
# creation, set the module name to "off".
#
# For monolithic policies, modules set to "base" and "module"
# will be built into the policy.
#
# For modular policies, modules set to "base" will be
# included in the base module. "module" will be compiled
# as individual loadable modules.
#
# Layer: kernel
# Module: terminal
# Required in base
#
# Policy for terminals.
#
terminal = base
# Layer: kernel
# Module: files
# Required in base
#
# Basic filesystem types and interfaces.
#
files = base
# Layer: kernel
# Module: kernel
# Required in base
#
# Policy for kernel threads, proc filesystem,
# and unlabeled processes and objects.
#
kernel = base
# Layer: kernel
# Module: filesystem
# Required in base
#
# Policy for filesystems.
#
filesystem = base
# Layer: kernel
# Module: devices
# Required in base
#
# Device nodes and interfaces for many basic system devices.
#
devices = base
# Layer: kernel
# Module: domain
# Required in base
#
# Core policy for domains.
#
domain = base
# Layer: kernel
# Module: corecommands
# Required in base
#
# Core policy for shells, and generic programs
# in /bin, /sbin, /usr/bin, and /usr/sbin.
#
corecommands = base
# Layer: kernel
# Module: corenetwork
# Required in base
#
# Policy controlling access to network objects
#
corenetwork = base
# Layer: kernel
# Module: mls
# Required in base
#
# Multilevel security policy
#
mls = base
# Layer: kernel
# Module: selinux
# Required in base
#
# Policy for kernel security interface, in particular, selinuxfs.
#
selinux = base
# Layer: admin
# Module: prelink
#
# Prelink ELF shared library mappings.
#
prelink = module
# Layer: admin
# Module: acct
#
# Berkeley process accounting
#
acct = module
# Layer: admin
# Module: usermanage
#
# Policy for managing user accounts.
#
usermanage = module
# Layer: admin
# Module: rpm
#
# Policy for the RPM package manager.
#
rpm = module
# Layer: admin
# Module: readahead
#
# Readahead, read files into page cache for improved performance
#
readahead = module
# Layer: admin
# Module: kudzu
#
# Hardware detection and configuration tools
#
kudzu = module
# Layer: admin
# Module: updfstab
#
# Red Hat utility to change /etc/fstab.
#
updfstab = module
# Layer: admin
# Module: netutils
#
# Network analysis utilities
#
netutils = module
# Layer: admin
# Module: alsa
#
# Ainit ALSA configuration tool
#
alsa = module
# Layer: admin
# Module: vpn
#
# Virtual Private Networking client
#
vpn = module
# Layer: admin
# Module: portage
#
# Portage Package Management System. The primary package management and
# distribution system for Gentoo.
#
portage = module
# Layer: admin
# Module: su
#
# Run shells with substitute user and group
#
su = module
# Layer: admin
# Module: dmesg
#
# Policy for dmesg.
#
dmesg = module
# Layer: admin
# Module: anaconda
#
# Policy for the Anaconda installer.
#
anaconda = module
# Layer: admin
# Module: amanda
#
# Automated backup program.
#
amanda = module
# Layer: admin
# Module: logrotate
#
# Rotate and archive system logs
#
logrotate = module
# Layer: admin
# Module: ddcprobe
#
# ddcprobe retrieves monitor and graphics card information
#
ddcprobe = module
# Layer: admin
# Module: quota
#
# File system quota management
#
quota = module
# Layer: admin
# Module: consoletype
#
# Determine of the console connected to the controlling terminal.
#
consoletype = module
# Layer: admin
# Module: sudo
#
# Execute a command with a substitute user
#
sudo = module
# Layer: admin
# Module: vbetool
#
# run real-mode video BIOS code to alter hardware state
#
vbetool = module
# Layer: admin
# Module: usbmodules
#
# List kernel modules of USB devices
#
usbmodules = module
# Layer: admin
# Module: firstboot
#
# Final system configuration run during the first boot
# after installation of Red Hat/Fedora systems.
#
firstboot = module
# Layer: admin
# Module: certwatch
#
# Digital Certificate Tracking
#
certwatch = module
# Layer: admin
# Module: tmpreaper
#
# Manage temporary directory sizes and file ages
#
tmpreaper = module
# Layer: admin
# Module: dmidecode
#
# Decode DMI data for x86/ia64 bioses.
#
dmidecode = module
# Layer: admin
# Module: logwatch
#
# System log analyzer and reporter
#
logwatch = module
# Layer: apps
# Module: irc
#
# IRC client policy
#
irc = module
# Layer: apps
# Module: lockdev
#
# device locking policy for lockdev
#
lockdev = module
# Layer: apps
# Module: usernetctl
#
# User network interface configuration helper
#
usernetctl = module
# Layer: apps
# Module: gpg
#
# Policy for GNU Privacy Guard and related programs.
#
gpg = module
# Layer: apps
# Module: wine
#
# Wine Is Not an Emulator. Run Windows programs in Linux.
#
wine = module
# Layer: apps
# Module: loadkeys
#
# Load keyboard mappings.
#
loadkeys = module
# Layer: apps
# Module: screen
#
# GNU terminal multiplexer
#
screen = module
# Layer: apps
# Module: java
#
# Java virtual machine
#
java = module
# Layer: apps
# Module: cdrecord
#
# Policy for cdrecord
#
cdrecord = module
# Layer: apps
# Module: webalizer
#
# Web server log analysis
#
webalizer = module
# Layer: apps
# Module: userhelper
#
# SELinux utility to run a shell with a new role
#
userhelper = module
# Layer: apps
# Module: mono
#
# Run .NET server and client applications on Linux.
#
mono = module
# Layer: apps
# Module: slocate
#
# Update database for mlocate
#
slocate = module
# Layer: kernel
# Module: bootloader
#
# Policy for the kernel modules, kernel image, and bootloader.
#
bootloader = module
# Layer: kernel
# Module: storage
#
# Policy controlling access to storage devices
#
storage = module
# Layer: services
# Module: nis
#
# Policy for NIS (YP) servers and clients
#
nis = module
# Layer: services
# Module: distcc
#
# Distributed compiler daemon
#
distcc = module
# Layer: services
# Module: rshd
#
# Remote shell service.
#
rshd = module
# Layer: services
# Module: cpucontrol
#
# Services for loading CPU microcode and CPU frequency scaling.
#
cpucontrol = module
# Layer: services
# Module: bind
#
# Berkeley internet name domain DNS server.
#
bind = module
# Layer: services
# Module: canna
#
# Canna - kana-kanji conversion server
#
canna = module
# Layer: services
# Module: i18n_input
#
# IIIMF htt server
#
i18n_input = module
# Layer: services
# Module: uucp
#
# Unix to Unix Copy
#
uucp = module
# Layer: services
# Module: sasl
#
# SASL authentication server
#
sasl = module
# Layer: services
# Module: pegasus
#
# The Open Group Pegasus CIM/WBEM Server.
#
pegasus = module
# Layer: services
# Module: cron
#
# Periodic execution of scheduled commands.
#
cron = module
# Layer: services
# Module: sendmail
#
# Policy for sendmail.
#
sendmail = module
# Layer: services
# Module: samba
#
# SMB and CIFS client/server programs for UNIX and
# name Service Switch daemon for resolving names
# from Windows NT servers.
#
samba = module
# Layer: services
# Module: dbus
#
# Desktop messaging bus
#
dbus = module
# Layer: services
# Module: howl
#
# Port of Apple Rendezvous multicast DNS
#
howl = module
# Layer: services
# Module: timidity
#
# MIDI to WAV converter and player configured as a service
#
timidity = module
# Layer: services
# Module: postgresql
#
# PostgreSQL relational database
#
postgresql = module
# Layer: services
# Module: openct
#
# Service for handling smart card readers.
#
openct = module
# Layer: services
# Module: snmp
#
# Simple network management protocol services
#
snmp = module
# Layer: services
# Module: ucspitcp
#
# ucspitcp policy
#
ucspitcp = module
# Layer: services
# Module: publicfile
#
# publicfile supplies files to the public through HTTP and FTP
#
publicfile = module
# Layer: services
# Module: roundup
#
# Roundup Issue Tracking System policy
#
roundup = module
# Layer: services
# Module: remotelogin
#
# Policy for rshd, rlogind, and telnetd.
#
remotelogin = module
# Layer: services
# Module: telnet
#
# Telnet daemon
#
telnet = module
# Layer: services
# Module: irqbalance
#
# IRQ balancing daemon
#
irqbalance = module
# Layer: services
# Module: mailman
#
# Mailman is for managing electronic mail discussion and e-newsletter lists
#
mailman = module
# Layer: services
# Module: dbskk
#
# Dictionary server for the SKK Japanese input method system.
#
dbskk = module
# Layer: services
# Module: ldap
#
# OpenLDAP directory server
#
ldap = module
# Layer: services
# Module: tftp
#
# Trivial file transfer protocol daemon
#
tftp = module
# Layer: services
# Module: portmap
#
# RPC port mapping service.
#
portmap = module
# Layer: services
# Module: arpwatch
#
# Ethernet activity monitor.
#
arpwatch = module
# Layer: services
# Module: dovecot
#
# Dovecot POP and IMAP mail server
#
dovecot = module
# Layer: services
# Module: cups
#
# Common UNIX printing system
#
cups = module
# Layer: services
# Module: networkmanager
#
# Manager for dynamically switching between networks.
#
networkmanager = module
# Layer: services
# Module: inn
#
# Internet News NNTP server
#
inn = module
# Layer: services
# Module: sysstat
#
# Policy for sysstat. Reports on various system states
#
sysstat = module
# Layer: services
# Module: comsat
#
# Comsat, a biff server.
#
comsat = module
# Layer: services
# Module: squid
#
# Squid caching http proxy server
#
squid = module
# Layer: services
# Module: zebra
#
# Zebra border gateway protocol network routing service
#
zebra = module
# Layer: services
# Module: xfs
#
# X Windows Font Server
#
xfs = module
# Layer: services
# Module: ktalk
#
# KDE Talk daemon
#
ktalk = module
# Layer: services
# Module: procmail
#
# Procmail mail delivery agent
#
procmail = module
# Layer: services
# Module: lpd
#
# Line printer daemon
#
lpd = module
# Layer: services
# Module: cyrus
#
# Cyrus is an IMAP service intended to be run on sealed servers
#
cyrus = module
# Layer: services
# Module: rdisc
#
# Network router discovery daemon
#
rdisc = module
# Layer: services
# Module: xdm
#
# X windows login display manager
#
xdm = module
# Layer: services
# Module: nscd
#
# Name service cache daemon
#
nscd = module
# Layer: services
# Module: ppp
#
# Point to Point Protocol daemon creates links in ppp networks
#
ppp = module
# Layer: services
# Module: smartmon
#
# Smart disk monitoring daemon policy
#
smartmon = module
# Layer: services
# Module: ftp
#
# File transfer protocol service
#
ftp = module
# Layer: services
# Module: gpm
#
# General Purpose Mouse driver
#
gpm = module
# Layer: services
# Module: mta
#
# Policy common to all email tranfer agents.
#
mta = module
# Layer: services
# Module: postfix
#
# Postfix email server
#
postfix = module
# Layer: services
# Module: fetchmail
#
# Remote-mail retrieval and forwarding utility
#
fetchmail = module
# Layer: services
# Module: ntp
#
# Network time protocol daemon
#
ntp = module
# Layer: services
# Module: bluetooth
#
# Bluetooth tools and system services.
#
bluetooth = module
# Layer: services
# Module: hal
#
# Hardware abstraction layer
#
hal = module
# Layer: services
# Module: avahi
#
# mDNS/DNS-SD daemon implementing Apple ZeroConf architecture
#
avahi = module
# Layer: services
# Module: rpc
#
# Remote Procedure Call Daemon for managment of network based process communication
#
rpc = module
# Layer: services
# Module: xserver
#
# X Windows Server
#
xserver = module
# Layer: services
# Module: apache
#
# Apache web server
#
apache = module
# Layer: services
# Module: slrnpull
#
# Service for downloading news feeds the slrn newsreader.
#
slrnpull = module
# Layer: services
# Module: rsync
#
# Fast incremental file transfer for synchronization
#
rsync = module
# Layer: services
# Module: djbdns
#
# small and secure DNS daemon
#
djbdns = module
# Layer: services
# Module: automount
#
# Filesystem automounter service.
#
automount = module
# Layer: services
# Module: kerberos
#
# MIT Kerberos admin and KDC
#
kerberos = module
# Layer: services
# Module: dhcp
#
# Dynamic host configuration protocol (DHCP) server
#
dhcp = module
# Layer: services
# Module: ssh
#
# Secure shell client and server policy.
#
ssh = module
# Layer: services
# Module: inetd
#
# Internet services daemon.
#
inetd = module
# Layer: services
# Module: mysql
#
# Policy for MySQL
#
mysql = module
# Layer: services
# Module: dictd
#
# Dictionary daemon
#
dictd = module
# Layer: services
# Module: finger
#
# Finger user information service.
#
finger = module
# Layer: services
# Module: radius
#
# RADIUS authentication and accounting server.
#
radius = module
# Layer: services
# Module: spamassassin
#
# Filter used for removing unsolicited email.
#
spamassassin = module
# Layer: services
# Module: radvd
#
# IPv6 router advertisement daemon
#
radvd = module
# Layer: services
# Module: apm
#
# Advanced power management daemon
#
apm = module
# Layer: services
# Module: tcpd
#
# Policy for TCP daemon.
#
tcpd = module
# Layer: services
# Module: stunnel
#
# SSL Tunneling Proxy
#
stunnel = module
# Layer: services
# Module: privoxy
#
# Privacy enhancing web proxy.
#
privoxy = module
# Layer: services
# Module: cvs
#
# Concurrent versions system
#
cvs = module
# Layer: services
# Module: rlogin
#
# Remote login daemon
#
rlogin = module
# Layer: system
# Module: fstools
#
# Tools for filesystem management, such as mkfs and fsck.
#
fstools = module
# Layer: system
# Module: logging
#
# Policy for the kernel message logger and system logging daemon.
#
logging = module
# Layer: system
# Module: hostname
#
# Policy for changing the system host name.
#
hostname = module
# Layer: system
# Module: daemontools
#
# Collection of tools for managing UNIX services
#
daemontools = module
# Layer: system
# Module: getty
#
# Policy for getty.
#
getty = module
# Layer: system
# Module: lvm
#
# Policy for logical volume management programs.
#
lvm = module
# Layer: system
# Module: sysnetwork
#
# Policy for network configuration: ifconfig and dhcp client.
#
sysnetwork = module
# Layer: system
# Module: init
#
# System initialization programs (init and init scripts).
#
init = module
# Layer: system
# Module: selinuxutil
#
# Policy for SELinux policy and userland applications.
#
selinuxutil = module
# Layer: system
# Module: udev
#
# Policy for udev.
#
udev = module
# Layer: system
# Module: pcmcia
#
# PCMCIA card management services
#
pcmcia = module
# Layer: system
# Module: authlogin
#
# Common policy for authentication and user login.
#
authlogin = module
# Layer: system
# Module: libraries
#
# Policy for system libraries.
#
libraries = module
# Layer: system
# Module: raid
#
# RAID array management tools
#
raid = module
# Layer: system
# Module: userdomain
#
# Policy for user domains
#
userdomain = module
# Layer: system
# Module: modutils
#
# Policy for kernel module utilities
#
modutils = module
# Layer: system
# Module: hotplug
#
# Policy for hotplug system, for supporting the
# connection and disconnection of devices at runtime.
#
hotplug = module
# Layer: system
# Module: clock
#
# Policy for reading and setting the hardware clock.
#
clock = module
# Layer: system
# Module: locallogin
#
# Policy for local logins.
#
locallogin = module
# Layer: system
# Module: iptables
#
# Policy for iptables.
#
iptables = module
# Layer: system
# Module: mount
#
# Policy for mount.
#
mount = module
# Layer: system
# Module: unconfined
#
# The unconfined domain.
#
unconfined = module
# Layer: system
# Module: miscfiles
#
# Miscelaneous files.
#
miscfiles = module
# Layer: system
# Module: ipsec
#
# TCP/IP encryption
#
ipsec = module
--- NEW FILE setrans-strict.conf ---
#
# Multi-Category Security translation table for SELinux
#
# Uncomment the following to disable translation libary
# disable=1
#
# Objects can be categorized with 0-256 categories defined by the admin.
# Objects can be in more than one category at a time.
# Categories are stored in the system as c0-c255. Users can use this
# table to translate the categories into a more meaningful output.
# Examples:
# s0:c0=CompanyConfidential
# s0:c1=PatientRecord
# s0:c2=Unclassified
# s0:c3=TopSecret
# s0:c1,c3=CompanyConfidentialRedHat
s0=
s0-s0:c0.c255=SystemLow-SystemHigh
s0:c0.c255=SystemHigh
--- NEW FILE seusers-strict ---
root:root:s0-s0:c0.c255
__default__:user_u:s0
- Previous message (by thread): rpms/selinux-policy/devel .cvsignore,1.27,1.28 sources,1.30,1.31
- Next message (by thread): rpms/postfix/devel .cvsignore, 1.16, 1.17 postfix.spec, 1.35, 1.36 sources, 1.16, 1.17
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list