[selinux-policy: 413/3172] update to new commenting style

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 19:40:29 UTC 2010 

commit 9916c694b41a6df656847dd7a20a741798c40dd2
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Thu Jun 23 20:27:06 2005 +0000

    update to new commenting style

 refpolicy/policy/global_tunables |  106 ++++++++++++-------------------------
 1 files changed, 35 insertions(+), 71 deletions(-)
---
diff --git a/refpolicy/policy/global_tunables b/refpolicy/policy/global_tunables
index 3571a4a..a8173b4 100644
--- a/refpolicy/policy/global_tunables
+++ b/refpolicy/policy/global_tunables
@@ -1,118 +1,82 @@
-## <tunable name="allow_execmem" dftval="false">
-##	Allow execution of anonymous mappings, e.g. executable stack.
-## </tunable>
+#
+# This file is for the declaration of global booleans and tunables.
+# To change the default value at build time, the tunables.conf
+# file should be used.
+#
+
+## Allow execution of anonymous mappings, e.g. executable stack.
 gen_tunable(allow_execmem,false)
 
-## <tunable name="allow_execmod" dftval="false">
-##	Support Share libraries with text relocations
-## </tunable>
+## Support Share libraries with text relocations
 gen_tunable(allow_execmod,false)
 
-## <tunable name="allow_gpg_execstack" dftval="false">
-##	Allow gpg executable stack
-## </tunable>
+## Allow gpg executable stack
 gen_tunable(allow_gpg_execstack,false)
 
-## <tunable name="allow_kerberos" dftval="false">
-##	Allow system to run with kerberos
-## </tunable>
+## Allow system to run with kerberos
 gen_tunable(allow_kerberos,false)
 
-## <tunable name="allow_ypbind" dftval="false">
-##	Allow system to run with NIS
-## </tunable>
+## Allow system to run with NIS
 gen_tunable(allow_ypbind,false)
 
-## <tunable name="cron_can_relabel" dftval="false">
-##	Allow system cron jobs to relabel filesystem
-##	for restoring file contexts.
-## </tunable>
+## Allow system cron jobs to relabel filesystem
+## for restoring file contexts.
 gen_tunable(cron_can_relabel,false)
 
-## <tunable name="fcron_crond" dftval="false">
-##	Enable extra rules in the cron domain
-##	to support fcron.
-## </tunable>
+## Enable extra rules in the cron domain
+## to support fcron.
 gen_tunable(fcron_crond,false)
 
-## <tunable name="read_default_t" dftval="false">
-##	Allow reading of default_t files.
-## </tunable>
+## Allow reading of default_t files.
 gen_tunable(read_default_t,false)
 
 ## Allow ssh to run from inetd instead of as a daemon.
 gen_tunable(run_ssh_inetd,false)
 
-## <tunable name="secure_mode" dftval="false">
-##	Enabling secure mode disallows programs, such as
-##	newrole, from transitioning to administrative
-##	user domains.
-## </tunable>
+## Enabling secure mode disallows programs, such as
+## newrole, from transitioning to administrative
+## user domains.
 gen_bool(secure_mode,false)
 
 ## Allow ssh logins as sysadm_r:sysadm_t
 gen_tunable(ssh_sysadm_login,false)
 
-## <tunable name="staff_read_sysadm_file" dftval="false">
-##	Allow staff_r users to search the sysadm home 
-##	dir and read files (such as ~/.bashrc)
-## </tunable>
+## Allow staff_r users to search the sysadm home 
+## dir and read files (such as ~/.bashrc)
 gen_tunable(staff_read_sysadm_file,false)
 
-## <tunable name="use_dns" dftval="false">
-##	Allow the use of DNS for name resolution.
-## </tunable>
+## Allow the use of DNS for name resolution.
 gen_tunable(use_dns,false)
 
-## <tunable name="use_nfs_home_dirs" dftval="false">
-##	Support NFS home directories
-## </tunable>
+## Support NFS home directories
 gen_tunable(use_nfs_home_dirs,false)
 
-## <tunable name="use_samba_home_dirs" dftval="false">
-##	Support SAMBA home directories
-## </tunable>
+## Support SAMBA home directories
 gen_tunable(use_samba_home_dirs,false)
 
-## <tunable name="user_direct_mouse" dftval="false">
-##	Allow regular users direct mouse access 
-## </tunable>
+## Allow regular users direct mouse access 
 gen_tunable(user_direct_mouse,false)
 
-## <tunable name="user_dmesg" dftval="false">
-##	Allow users to read system messages.
-## </tunable>
+## Allow users to read system messages.
 gen_tunable(user_dmesg,false)
 
-## <tunable name="user_net_control" dftval="false">
-##	Allow users to control network interfaces
-##	(also needs USERCTL=true)
-## </tunable>
+## Allow users to control network interfaces
+## (also needs USERCTL=true)
 gen_tunable(user_net_control,false)
 
-## <tunable name="user_ping" dftval="false">
-##	Control users use of ping and traceroute
-## </tunable>
+## Control users use of ping and traceroute
 gen_tunable(user_ping,false)
 
-## <tunable name="user_rw_noexattrfile" dftval="false">
-##	Allow user to r/w noextattrfile (FAT, CDROM, FLOPPY)
-## </tunable>
+## Allow user to r/w noextattrfile (FAT, CDROM, FLOPPY)
 gen_tunable(user_rw_noexattrfile,false)
 
-## <tunable name="user_rw_usb" dftval="false">
-##	Allow users to rw usb devices
-## </tunable>
+## Allow users to rw usb devices
 gen_tunable(user_rw_usb,false)
 
-## <tunable name="user_tcp_server" dftval="false">
-##	Allow users to run TCP servers (bind to ports and accept connection from
-##	the same domain and outside users)  disabling this forces FTP passive mode
-##	and may change other protocols.
-## </tunable>
+## Allow users to run TCP servers (bind to ports and accept connection from
+## the same domain and outside users)  disabling this forces FTP passive mode
+## and may change other protocols.
 gen_tunable(user_tcp_server,false)
 
-## <tunable name="user_ttyfile_stat" dftval="false">
-##	Allow w to display everyone
-## </tunable>
+## Allow w to display everyone
 gen_tunable(user_ttyfile_stat,false)

More information about the scm-commits mailing list