[selinux-policy: 516/3172] add an example module config for a targeted policy
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:49:13 UTC 2010
commit 80526ccbddc14bb33e43a97af5380c1a7882cb7d
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed Jul 20 20:11:49 2005 +0000
add an example module config for a targeted policy
refpolicy/policy/modules.conf.targeted_example | 371 ++++++++++++++++++++++++
1 files changed, 371 insertions(+), 0 deletions(-)
---
diff --git a/refpolicy/policy/modules.conf.targeted_example b/refpolicy/policy/modules.conf.targeted_example
new file mode 100644
index 0000000..488d6f8
--- /dev/null
+++ b/refpolicy/policy/modules.conf.targeted_example
@@ -0,0 +1,371 @@
+#
+# This file contains a listing of available modules.
+# To prevent a module from being used in policy
+# creation, set the module name to "off".
+#
+# For monolithic policies, modules set to "base" and "module"
+# will be built into the policy.
+#
+# For modular policies, modules set to "base" will be
+# included in the base module. "module" will be compiled
+# as individual loadable modules.
+#
+
+# Layer: kernel
+# Module: filesystem
+# Required in base
+#
+# Policy for filesystems.
+#
+filesystem = base
+
+# Layer: kernel
+# Module: selinux
+# Required in base
+#
+# Policy for kernel security interface, in particular, selinuxfs.
+#
+selinux = base
+
+# Layer: kernel
+# Module: kernel
+# Required in base
+#
+# Policy for kernel threads, proc filesystem,and unlabeled processes and objects.
+#
+kernel = base
+
+# Layer: kernel
+# Module: corenetwork
+# Required in base
+#
+# Policy controlling access to network objects
+#
+corenetwork = base
+
+# Layer: system
+# Module: files
+# Required in base
+#
+# Basic filesystem types and interfaces.
+#
+files = base
+
+# Layer: system
+# Module: domain
+# Required in base
+#
+# Core policy for domains.
+#
+domain = base
+
+# Layer: admin
+# Module: consoletype
+#
+# Determine of the console connected to the controlling terminal.
+#
+consoletype = base
+
+# Layer: admin
+# Module: netutils
+#
+# Network analysis utilities
+#
+netutils = base
+
+# Layer: admin
+# Module: usermanage
+#
+# Policy for managing user accounts.
+#
+usermanage = base
+
+# Layer: admin
+# Module: rpm
+#
+# Policy for the RPM package manager.
+#
+rpm = off
+
+# Layer: admin
+# Module: dmesg
+#
+# Policy for dmesg.
+#
+dmesg = base
+
+# Layer: admin
+# Module: logrotate
+#
+# Rotate and archive system logs
+#
+logrotate = off
+
+# Layer: apps
+# Module: gpg
+#
+# Policy for GNU Privacy Guard and related programs.
+#
+gpg = off
+
+# Layer: kernel
+# Module: devices
+#
+# Device nodes and interfaces for many basic system devices.
+#
+devices = base
+
+# Layer: kernel
+# Module: bootloader
+#
+# Policy for the kernel modules, kernel image, and bootloader.
+#
+bootloader = base
+
+# Layer: kernel
+# Module: storage
+#
+# Policy controlling access to storage devices
+#
+storage = base
+
+# Layer: kernel
+# Module: terminal
+#
+# Policy for terminals.
+#
+terminal = base
+
+# Layer: services
+# Module: cron
+#
+# Periodic execution of scheduled commands.
+#
+cron = base
+
+# Layer: services
+# Module: ssh
+#
+# Secure shell client and server policy.
+#
+ssh = off
+
+# Layer: services
+# Module: remotelogin
+#
+# Policy for rshd, rlogind, and telnetd.
+#
+remotelogin = base
+
+# Layer: services
+# Module: sendmail
+#
+# Policy for sendmail.
+#
+sendmail = off
+
+# Layer: services
+# Module: mta
+#
+# Policy common to all email tranfer agents.
+#
+mta = base
+
+# Layer: services
+# Module: nis
+#
+# Policy for NIS (YP) servers and clients
+#
+nis = base
+
+# Layer: services
+# Module: inetd
+#
+# Internet services daemon.
+#
+inetd = base
+
+# Layer: services
+# Module: kerberos
+#
+# MIT Kerberos admin and KDC
+#
+kerberos = base
+
+# Layer: services
+# Module: nscd
+#
+# Name service cache daemon
+#
+nscd = base
+
+# Layer: system
+# Module: selinuxutil
+#
+# Policy for SELinux policy and userland applications.
+#
+selinuxutil = base
+
+# Layer: system
+# Module: getty
+#
+# Policy for getty.
+#
+getty = base
+
+# Layer: system
+# Module: mount
+#
+# Policy for mount.
+#
+mount = base
+
+# Layer: system
+# Module: logging
+#
+# Policy for the kernel message logger and system logging daemon.
+#
+logging = base
+
+# Layer: system
+# Module: locallogin
+#
+# Policy for local logins.
+#
+locallogin = base
+
+# Layer: system
+# Module: sysnetwork
+#
+# Policy for network configuration: ifconfig and dhcp client.
+#
+sysnetwork = base
+
+# Layer: system
+# Module: iptables
+#
+# Policy for iptables.
+#
+iptables = base
+
+# Layer: system
+# Module: userdomain
+#
+# Policy for user domains
+#
+userdomain = base
+
+# Layer: system
+# Module: clock
+#
+# Policy for reading and setting the hardware clock.
+#
+clock = base
+
+# Layer: system
+# Module: corecommands
+#
+# Core policy for shells, and generic programs
+# in /bin, /sbin, /usr/bin, and /usr/sbin.
+#
+corecommands = base
+
+# Layer: system
+# Module: hotplug
+#
+# Policy for hotplug system, for supporting the
+# connection and disconnection of devices at runtime.
+#
+hotplug = base
+
+# Layer: system
+# Module: lvm
+#
+# Policy for logical volume management programs.
+#
+lvm = base
+
+# Layer: system
+# Module: modutils
+#
+# Policy for kernel module utilities
+#
+modutils = base
+
+# Layer: system
+# Module: udev
+#
+# Policy for udev.
+#
+udev = base
+
+# Layer: system
+# Module: init
+#
+# System initialization programs (init and init scripts).
+#
+init = base
+
+# Layer: system
+# Module: hostname
+#
+# Policy for changing the system host name.
+#
+hostname = base
+
+# Layer: system
+# Module: authlogin
+#
+# Common policy for authentication and user login.
+#
+authlogin = base
+
+# Layer: system
+# Module: libraries
+#
+# Policy for system libraries.
+#
+libraries = base
+
+# Layer: system
+# Module: ipsec
+#
+# TCP/IP encryption
+#
+ipsec = base
+
+# Layer: system
+# Module: unconfined
+#
+# The unconfined domain.
+#
+unconfined = base
+
+# Layer: system
+# Module: miscfiles
+#
+# Miscelaneous files.
+#
+miscfiles = base
+
+# Layer: system
+# Module: fstools
+#
+# Tools for filesystem management, such as mkfs and fsck.
+#
+fstools = base
+
+# Layer: system
+# Module: pcmcia
+#
+# PCMCIA card management services
+#
+pcmcia = base
+
+# Layer: system
+# Module: raid
+#
+# RAID array management tools
+#
+raid = base
+
More information about the scm-commits
mailing list