[selinux-policy: 413/3172] update to new commenting style
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:40:29 UTC 2010
commit 9916c694b41a6df656847dd7a20a741798c40dd2
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Thu Jun 23 20:27:06 2005 +0000
update to new commenting style
refpolicy/policy/global_tunables | 106 ++++++++++++-------------------------
1 files changed, 35 insertions(+), 71 deletions(-)
---
diff --git a/refpolicy/policy/global_tunables b/refpolicy/policy/global_tunables
index 3571a4a..a8173b4 100644
--- a/refpolicy/policy/global_tunables
+++ b/refpolicy/policy/global_tunables
@@ -1,118 +1,82 @@
-## <tunable name="allow_execmem" dftval="false">
-## Allow execution of anonymous mappings, e.g. executable stack.
-## </tunable>
+#
+# This file is for the declaration of global booleans and tunables.
+# To change the default value at build time, the tunables.conf
+# file should be used.
+#
+
+## Allow execution of anonymous mappings, e.g. executable stack.
gen_tunable(allow_execmem,false)
-## <tunable name="allow_execmod" dftval="false">
-## Support Share libraries with text relocations
-## </tunable>
+## Support Share libraries with text relocations
gen_tunable(allow_execmod,false)
-## <tunable name="allow_gpg_execstack" dftval="false">
-## Allow gpg executable stack
-## </tunable>
+## Allow gpg executable stack
gen_tunable(allow_gpg_execstack,false)
-## <tunable name="allow_kerberos" dftval="false">
-## Allow system to run with kerberos
-## </tunable>
+## Allow system to run with kerberos
gen_tunable(allow_kerberos,false)
-## <tunable name="allow_ypbind" dftval="false">
-## Allow system to run with NIS
-## </tunable>
+## Allow system to run with NIS
gen_tunable(allow_ypbind,false)
-## <tunable name="cron_can_relabel" dftval="false">
-## Allow system cron jobs to relabel filesystem
-## for restoring file contexts.
-## </tunable>
+## Allow system cron jobs to relabel filesystem
+## for restoring file contexts.
gen_tunable(cron_can_relabel,false)
-## <tunable name="fcron_crond" dftval="false">
-## Enable extra rules in the cron domain
-## to support fcron.
-## </tunable>
+## Enable extra rules in the cron domain
+## to support fcron.
gen_tunable(fcron_crond,false)
-## <tunable name="read_default_t" dftval="false">
-## Allow reading of default_t files.
-## </tunable>
+## Allow reading of default_t files.
gen_tunable(read_default_t,false)
## Allow ssh to run from inetd instead of as a daemon.
gen_tunable(run_ssh_inetd,false)
-## <tunable name="secure_mode" dftval="false">
-## Enabling secure mode disallows programs, such as
-## newrole, from transitioning to administrative
-## user domains.
-## </tunable>
+## Enabling secure mode disallows programs, such as
+## newrole, from transitioning to administrative
+## user domains.
gen_bool(secure_mode,false)
## Allow ssh logins as sysadm_r:sysadm_t
gen_tunable(ssh_sysadm_login,false)
-## <tunable name="staff_read_sysadm_file" dftval="false">
-## Allow staff_r users to search the sysadm home
-## dir and read files (such as ~/.bashrc)
-## </tunable>
+## Allow staff_r users to search the sysadm home
+## dir and read files (such as ~/.bashrc)
gen_tunable(staff_read_sysadm_file,false)
-## <tunable name="use_dns" dftval="false">
-## Allow the use of DNS for name resolution.
-## </tunable>
+## Allow the use of DNS for name resolution.
gen_tunable(use_dns,false)
-## <tunable name="use_nfs_home_dirs" dftval="false">
-## Support NFS home directories
-## </tunable>
+## Support NFS home directories
gen_tunable(use_nfs_home_dirs,false)
-## <tunable name="use_samba_home_dirs" dftval="false">
-## Support SAMBA home directories
-## </tunable>
+## Support SAMBA home directories
gen_tunable(use_samba_home_dirs,false)
-## <tunable name="user_direct_mouse" dftval="false">
-## Allow regular users direct mouse access
-## </tunable>
+## Allow regular users direct mouse access
gen_tunable(user_direct_mouse,false)
-## <tunable name="user_dmesg" dftval="false">
-## Allow users to read system messages.
-## </tunable>
+## Allow users to read system messages.
gen_tunable(user_dmesg,false)
-## <tunable name="user_net_control" dftval="false">
-## Allow users to control network interfaces
-## (also needs USERCTL=true)
-## </tunable>
+## Allow users to control network interfaces
+## (also needs USERCTL=true)
gen_tunable(user_net_control,false)
-## <tunable name="user_ping" dftval="false">
-## Control users use of ping and traceroute
-## </tunable>
+## Control users use of ping and traceroute
gen_tunable(user_ping,false)
-## <tunable name="user_rw_noexattrfile" dftval="false">
-## Allow user to r/w noextattrfile (FAT, CDROM, FLOPPY)
-## </tunable>
+## Allow user to r/w noextattrfile (FAT, CDROM, FLOPPY)
gen_tunable(user_rw_noexattrfile,false)
-## <tunable name="user_rw_usb" dftval="false">
-## Allow users to rw usb devices
-## </tunable>
+## Allow users to rw usb devices
gen_tunable(user_rw_usb,false)
-## <tunable name="user_tcp_server" dftval="false">
-## Allow users to run TCP servers (bind to ports and accept connection from
-## the same domain and outside users) disabling this forces FTP passive mode
-## and may change other protocols.
-## </tunable>
+## Allow users to run TCP servers (bind to ports and accept connection from
+## the same domain and outside users) disabling this forces FTP passive mode
+## and may change other protocols.
gen_tunable(user_tcp_server,false)
-## <tunable name="user_ttyfile_stat" dftval="false">
-## Allow w to display everyone
-## </tunable>
+## Allow w to display everyone
gen_tunable(user_ttyfile_stat,false)
More information about the scm-commits
mailing list