[selinux-policy: 516/3172] add an example module config for a targeted policy

Thu Oct 7 19:49:13 UTC 2010

commit 80526ccbddc14bb33e43a97af5380c1a7882cb7d
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Wed Jul 20 20:11:49 2005 +0000

    add an example module config for a targeted policy

 refpolicy/policy/modules.conf.targeted_example |  371 ++++++++++++++++++++++++
 1 files changed, 371 insertions(+), 0 deletions(-)
---

diff --git a/refpolicy/policy/modules.conf.targeted_example b/refpolicy/policy/modules.conf.targeted_example
new file mode 100644
index 0000000..488d6f8
--- /dev/null
+++ b/refpolicy/policy/modules.conf.targeted_example
@@ -0,0 +1,371 @@
+#
+# This file contains a listing of available modules.
+# To prevent a module from  being used in policy
+# creation, set the module name to "off".
+#
+# For monolithic policies, modules set to "base" and "module"
+# will be built into the policy.
+#
+# For modular policies, modules set to "base" will be
+# included in the base module.  "module" will be compiled
+# as individual loadable modules.
+#
+
+# Layer: kernel
+# Module: filesystem
+# Required in base
+#
+# Policy for filesystems.
+# 
+filesystem = base
+
+# Layer: kernel
+# Module: selinux
+# Required in base
+#
+# Policy for kernel security interface, in particular, selinuxfs.
+# 
+selinux = base
+
+# Layer: kernel
+# Module: kernel
+# Required in base
+#
+# Policy for kernel threads, proc filesystem,and unlabeled processes and objects.
+# 
+kernel = base
+
+# Layer: kernel
+# Module: corenetwork
+# Required in base
+#
+# Policy controlling access to network objects
+# 
+corenetwork = base
+
+# Layer: system
+# Module: files
+# Required in base
+#
+# Basic filesystem types and interfaces.
+# 
+files = base
+
+# Layer: system
+# Module: domain
+# Required in base
+#
+# Core policy for domains.
+# 
+domain = base
+
+# Layer: admin
+# Module: consoletype
+#
+# Determine of the console connected to the controlling terminal.
+# 
+consoletype = base
+
+# Layer: admin
+# Module: netutils
+#
+# Network analysis utilities
+# 
+netutils = base
+
+# Layer: admin
+# Module: usermanage
+#
+# Policy for managing user accounts.
+# 
+usermanage = base
+
+# Layer: admin
+# Module: rpm
+#
+# Policy for the RPM package manager.
+# 
+rpm = off
+
+# Layer: admin
+# Module: dmesg
+#
+# Policy for dmesg.
+# 
+dmesg = base
+
+# Layer: admin
+# Module: logrotate
+#
+# Rotate and archive system logs
+# 
+logrotate = off
+
+# Layer: apps
+# Module: gpg
+#
+# Policy for GNU Privacy Guard and related programs.
+# 
+gpg = off
+
+# Layer: kernel
+# Module: devices
+#
+# Device nodes and interfaces for many basic system devices.
+# 
+devices = base
+
+# Layer: kernel
+# Module: bootloader
+#
+# Policy for the kernel modules, kernel image, and bootloader.
+# 
+bootloader = base
+
+# Layer: kernel
+# Module: storage
+#
+# Policy controlling access to storage devices
+# 
+storage = base
+
+# Layer: kernel
+# Module: terminal
+#
+# Policy for terminals.
+# 
+terminal = base
+
+# Layer: services
+# Module: cron
+#
+# Periodic execution of scheduled commands.
+# 
+cron = base
+
+# Layer: services
+# Module: ssh
+#
+# Secure shell client and server policy.
+# 
+ssh = off
+
+# Layer: services
+# Module: remotelogin
+#
+# Policy for rshd, rlogind, and telnetd.
+# 
+remotelogin = base
+
+# Layer: services
+# Module: sendmail
+#
+# Policy for sendmail.
+# 
+sendmail = off
+
+# Layer: services
+# Module: mta
+#
+# Policy common to all email tranfer agents.
+# 
+mta = base
+
+# Layer: services
+# Module: nis
+#
+# Policy for NIS (YP) servers and clients
+# 
+nis = base
+
+# Layer: services
+# Module: inetd
+#
+# Internet services daemon.
+# 
+inetd = base
+
+# Layer: services
+# Module: kerberos
+#
+# MIT Kerberos admin and KDC
+# 
+kerberos = base
+
+# Layer: services
+# Module: nscd
+#
+# Name service cache daemon
+# 
+nscd = base
+
+# Layer: system
+# Module: selinuxutil
+#
+# Policy for SELinux policy and userland applications.
+# 
+selinuxutil = base
+
+# Layer: system
+# Module: getty
+#
+# Policy for getty.
+# 
+getty = base
+
+# Layer: system
+# Module: mount
+#
+# Policy for mount.
+# 
+mount = base
+
+# Layer: system
+# Module: logging
+#
+# Policy for the kernel message logger and system logging daemon.
+# 
+logging = base
+
+# Layer: system
+# Module: locallogin
+#
+# Policy for local logins.
+# 
+locallogin = base
+
+# Layer: system
+# Module: sysnetwork
+#
+# Policy for network configuration: ifconfig and dhcp client.
+# 
+sysnetwork = base
+
+# Layer: system
+# Module: iptables
+#
+# Policy for iptables.
+# 
+iptables = base
+
+# Layer: system
+# Module: userdomain
+#
+# Policy for user domains
+# 
+userdomain = base
+
+# Layer: system
+# Module: clock
+#
+# Policy for reading and setting the hardware clock.
+# 
+clock = base
+
+# Layer: system
+# Module: corecommands
+#
+# Core policy for shells, and generic programs
+# in /bin, /sbin, /usr/bin, and /usr/sbin.
+# 
+corecommands = base
+
+# Layer: system
+# Module: hotplug
+#
+# Policy for hotplug system, for supporting the
+# connection and disconnection of devices at runtime.
+# 
+hotplug = base
+
+# Layer: system
+# Module: lvm
+#
+# Policy for logical volume management programs.
+# 
+lvm = base
+
+# Layer: system
+# Module: modutils
+#
+# Policy for kernel module utilities
+# 
+modutils = base
+
+# Layer: system
+# Module: udev
+#
+# Policy for udev.
+# 
+udev = base
+
+# Layer: system
+# Module: init
+#
+# System initialization programs (init and init scripts).
+# 
+init = base
+
+# Layer: system
+# Module: hostname
+#
+# Policy for changing the system host name.
+# 
+hostname = base
+
+# Layer: system
+# Module: authlogin
+#
+# Common policy for authentication and user login.
+# 
+authlogin = base
+
+# Layer: system
+# Module: libraries
+#
+# Policy for system libraries.
+# 
+libraries = base
+
+# Layer: system
+# Module: ipsec
+#
+# TCP/IP encryption
+# 
+ipsec = base
+
+# Layer: system
+# Module: unconfined
+#
+# The unconfined domain.
+# 
+unconfined = base
+
+# Layer: system
+# Module: miscfiles
+#
+# Miscelaneous files.
+# 
+miscfiles = base
+
+# Layer: system
+# Module: fstools
+#
+# Tools for filesystem management, such as mkfs and fsck.
+# 
+fstools = base
+
+# Layer: system
+# Module: pcmcia
+#
+# PCMCIA card management services
+# 
+pcmcia = base
+
+# Layer: system
+# Module: raid
+#
+# RAID array management tools
+# 
+raid = base
+
