selinux-policy/modules-mls-contrib.conf
Johannes Segitz cbd186764a Accepting request 734854 from home:jsegitz:branches:security:SELinux
- Moved back to fedora policy (20190802)
- Removed spec file conditionals for old SELinux userland
- Removed config.tgz
- Removed patches:
  * label_sysconfig.selinux.patch
  * label_var_run_rsyslog.patch
  * suse_additions_obs.patch
  * suse_additions_sslh.patch
  * suse_modifications_apache.patch
  * suse_modifications_cron.patch
  * suse_modifications_getty.patch
  * suse_modifications_logging.patch
  * suse_modifications_ntp.patch
  * suse_modifications_usermanage.patch
  * suse_modifications_virt.patch
  * suse_modifications_xserver.patch
  * sysconfig_network_scripts.patch
  * segenxml_interpreter.patch
- Added patches:
  * fix_djbdns.patch
  * fix_dbus.patch
  * fix_gift.patch
  * fix_java.patch
  * fix_hadoop.patch
  * fix_thunderbird.patch
  * postfix_paths.patch
  * fix_nscd.patch
  * fix_sysnetwork.patch
  * fix_logging.patch
  * fix_xserver.patch

OBS-URL: https://build.opensuse.org/request/show/734854
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=73
2019-10-04 02:15:03 +00:00

1582 lines
21 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Layer: services
# Module: accountsd
#
# An application to view and modify user accounts information
#
accountsd = module
# Layer: admin
# Module: acct
#
# Berkeley process accounting
#
acct = module
# Layer: services
# Module: afs
#
# Andrew Filesystem server
#
afs = module
# Layer: services
# Module: aide
#
# Policy for aide
#
aide = module
# Layer: admin
# Module: alsa
#
# Ainit ALSA configuration tool
#
alsa = module
# Layer: admin
# Module: amanda
#
# Automated backup program.
#
amanda = module
# Layer: contrib
# Module: antivirus
#
# Anti-virus
#
antivirus = module
# Layer: admin
# Module: amtu
#
# Abstract Machine Test Utility (AMTU)
#
amtu = module
# Layer: admin
# Module: anaconda
#
# Policy for the Anaconda installer.
#
anaconda = module
# Layer: services
# Module: apache
#
# Apache web server
#
apache = module
# Layer: services
# Module: apcupsd
#
# daemon for most APCs UPS for Linux
#
apcupsd = module
# Layer: services
# Module: apm
#
# Advanced power management daemon
#
apm = module
# Layer: services
# Module: arpwatch
#
# Ethernet activity monitor.
#
arpwatch = module
# Layer: services
# Module: automount
#
# Filesystem automounter service.
#
automount = module
# Layer: services
# Module: avahi
#
# mDNS/DNS-SD daemon implementing Apple ZeroConf architecture
#
avahi = module
# Layer: modules
# Module: awstats
#
# awstats executable
#
awstats = module
# Layer: services
# Module: bind
#
# Berkeley internet name domain DNS server.
#
bind = module
# Layer: services
# Module: bitlbee
#
# An IRC to other chat networks gateway
#
bitlbee = module
# Layer: services
# Module: bluetooth
#
# Bluetooth tools and system services.
#
bluetooth = module
# Layer: services
# Module: boinc
#
# Berkeley Open Infrastructure for Network Computing
#
boinc = module
# Layer: system
# Module: brctl
#
# Utilities for configuring the linux ethernet bridge
#
brctl = module
# Layer: services
# Module: bugzilla
#
# Bugzilla server
#
bugzilla = module
# Layer: services
# Module: cachefilesd
#
# CacheFiles userspace management daemon
#
cachefilesd = module
# Module: calamaris
#
#
# Squid log analysis
#
calamaris = module
# Layer: services
# Module: canna
#
# Canna - kana-kanji conversion server
#
canna = module
# Layer: services
# Module: ccs
#
# policy for ccs
#
ccs = module
# Layer: apps
# Module: cdrecord
#
# Policy for cdrecord
#
cdrecord = module
# Layer: admin
# Module: certmaster
#
# Digital Certificate master
#
certmaster = module
# Layer: services
# Module: certmonger
#
# Certificate status monitor and PKI enrollment client
#
certmonger = module
# Layer: admin
# Module: certwatch
#
# Digital Certificate Tracking
#
certwatch = module
# Layer: services
# Module: cgroup
#
# Tools and libraries to control and monitor control groups
#
cgroup = module
# Layer: apps
# Module: chrome
#
# chrome sandbox
#
chrome = module
# Layer: services
# Module: chronyd
#
# Daemon for maintaining clock time
#
chronyd = module
# Layer: services
# Module: cipe
#
# Encrypted tunnel daemon
#
cipe = module
# Layer: services
# Module: clogd
#
# clogd - clustered mirror log server
#
clogd = module
# Layer: services
# Module: cmirrord
#
# cmirrord - daemon providing device-mapper-base mirrors in a shared-storege cluster
#
cmirrord = module
# Layer: services
# Module: colord
#
# color device daemon
#
colord = module
# Layer: services
# Module: comsat
#
# Comsat, a biff server.
#
comsat = module
# Layer: services
# Module: courier
#
# IMAP and POP3 email servers
#
courier = module
# Layer: services
# Module: cpucontrol
#
# Services for loading CPU microcode and CPU frequency scaling.
#
cpucontrol = module
# Layer: apps
# Module: cpufreqselector
#
# cpufreqselector executable
#
cpufreqselector = module
# Layer: services
# Module: cron
#
# Periodic execution of scheduled commands.
#
cron = module
# Layer: services
# Module: cups
#
# Common UNIX printing system
#
cups = module
# Layer: services
# Module: cvs
#
# Concurrent versions system
#
cvs = module
# Layer: services
# Module: cyphesis
#
# cyphesis game server
#
cyphesis = module
# Layer: services
# Module: cyrus
#
# Cyrus is an IMAP service intended to be run on sealed servers
#
cyrus = module
# Layer: system
# Module: daemontools
#
# Collection of tools for managing UNIX services
#
daemontools = module
# Layer: role
# Module: dbadm
#
# Minimally prived root role for managing databases
#
dbadm = module
# Layer: services
# Module: dbskk
#
# Dictionary server for the SKK Japanese input method system.
#
dbskk = module
# Layer: services
# Module: dbus
#
# Desktop messaging bus
#
dbus = module
# Layer: services
# Module: dcc
#
# A distributed, collaborative, spam detection and filtering network.
#
dcc = module
# Layer: admin
# Module: ddcprobe
#
# ddcprobe retrieves monitor and graphics card information
#
ddcprobe = off
# Layer: services
# Module: devicekit
#
# devicekit-daemon
#
devicekit = module
# Layer: services
# Module: dhcp
#
# Dynamic host configuration protocol (DHCP) server
#
dhcp = module
# Layer: services
# Module: dictd
#
# Dictionary daemon
#
dictd = module
# Layer: services
# Module: distcc
#
# Distributed compiler daemon
#
distcc = off
# Layer: admin
# Module: dmidecode
#
# Decode DMI data for x86/ia64 bioses.
#
dmidecode = module
# Layer: services
# Module: dnsmasq
#
# A lightweight DHCP and caching DNS server.
#
dnsmasq = module
# Layer: services
# Module: dnssec
#
# A dnssec server application
#
dnssec = module
# Layer: services
# Module: dovecot
#
# Dovecot POP and IMAP mail server
#
dovecot = module
# Layer: services
# Module: entropy
#
# Generate entropy from audio input
#
entropyd = module
# Layer: services
# Module: exim
#
# exim mail server
#
exim = module
# Layer: services
# Module: fail2ban
#
# daiemon that bans IP that makes too many password failures
#
fail2ban = module
# Layer: services
# Module: fetchmail
#
# Remote-mail retrieval and forwarding utility
#
fetchmail = module
# Layer: services
# Module: finger
#
# Finger user information service.
#
finger = module
# Layer: services
# Module: firewalld
#
# firewalld is firewall service daemon that provides dynamic customizable
#
firewalld = module
# Layer: apps
# Module: firewallgui
#
# policy for system-config-firewall
#
firewallgui = module
# Module: firstboot
#
# Final system configuration run during the first boot
# after installation of Red Hat/Fedora systems.
#
firstboot = module
# Layer: services
# Module: fprintd
#
# finger print server
#
fprintd = module
# Layer: services
# Module: ftp
#
# File transfer protocol service
#
ftp = module
# Layer: apps
# Module: games
#
# The Open Group Pegasus CIM/WBEM Server.
#
games = module
# Layer: apps
# Module: gitosis
#
# Policy for gitosis
#
gitosis = module
# Layer: services
# Module: git
#
# Policy for the stupid content tracker
#
git = module
# Layer: services
# Module: glance
#
# Policy for glance
#
glance = module
# Layer: apps
# Module: gnome
#
# gnome session and gconf
#
gnome = module
# Layer: apps
# Module: gpg
#
# Policy for Mozilla and related web browsers
#
gpg = module
# Layer: services
# Module: gpm
#
# General Purpose Mouse driver
#
gpm = module
# Module: gpsd
#
# gpsd monitor daemon
#
#
gpsd = module
# Module: gssproxy
#
# A proxy for GSSAPI credential handling
#
#
gssproxy = module
# Layer: role
# Module: guest
#
# Minimally privs guest account on tty logins
#
guest = module
# Layer: services
# Module: i18n_input
#
# IIIMF htt server
#
i18n_input = off
# Layer: services
# Module: inetd
#
# Internet services daemon.
#
inetd = module
# Layer: services
# Module: inn
#
# Internet News NNTP server
#
inn = module
# Layer: apps
# Module: irc
#
# IRC client policy
#
irc = module
# Layer: services
# Module: irqbalance
#
# IRQ balancing daemon
#
irqbalance = module
# Layer: system
# Module: iscsi
#
# Open-iSCSI daemon
#
iscsi = module
# Layer: services
# Module: jabber
#
# Jabber instant messaging server
#
jabber = module
# Layer: apps
# Module: kdumpgui
#
# system-config-kdump policy
#
kdumpgui = module
# Layer: admin
# Module: kdump
#
# kdump is kernel crash dumping mechanism
#
kdump = module
# Layer: services
# Module: kerberos
#
# MIT Kerberos admin and KDC
#
kerberos = module
# Layer: services
# Module: kismet
#
# Wireless sniffing and monitoring
#
kismet = module
# Layer: services
# Module: ktalk
#
# KDE Talk daemon
#
ktalk = module
# Layer: services
# Module: ldap
#
# OpenLDAP directory server
#
ldap = module
# Layer: services
# Module: lircd
#
# LIRC daemon - decodes infrared signals and provides them on a Unix domain socket.
#
lircd = module
# Layer: apps
# Module: loadkeys
#
# Load keyboard mappings.
#
loadkeys = module
# Layer: apps
# Module: lockdev
#
# device locking policy for lockdev
#
lockdev = module
# Layer: admin
# Module: logrotate
#
# Rotate and archive system logs
#
logrotate = module
# Layer: services
# Module: logwatch
#
# logwatch executable
#
logwatch = module
# Layer: services
# Module: lpd
#
# Line printer daemon
#
lpd = module
# Layer: services
# Module: lsm
#
# lsm policy
#
lsm = module
# Layer: services
# Module: mailman
#
# Mailman is for managing electronic mail discussion and e-newsletter lists
#
mailman = module
# Layer: admin
# Module: mcelog
#
# mcelog is a daemon that collects and decodes Machine Check Exception data on x86-64 machines.
#
mcelog = module
# Layer: services
# Module: memcached
#
# high-performance memory object caching system
#
memcached = module
# Layer: services
# Module: milter
#
#
#
milter = module
# Layer: services
# Module: modemmanager
#
# Manager for dynamically switching between modems.
#
modemmanager = module
# Layer: services
# Module: mojomojo
#
# Wiki server
#
mojomojo = module
# Layer: apps
# Module: mozilla
#
# Policy for Mozilla and related web browsers
#
mozilla = module
# Layer: apps
# Module: mplayer
#
# Policy for Mozilla and related web browsers
#
mplayer = module
# Layer: admin
# Module: mrtg
#
# Network traffic graphing
#
mrtg = module
# Layer: services
# Module: mta
#
# Policy common to all email tranfer agents.
#
mta = module
# Layer: services
# Module: munin
#
# Munin
#
munin = module
# Layer: services
# Module: mysql
#
# Policy for MySQL
#
mysql = module
# Layer: services
# Module: nagios
#
# policy for nagios Host/service/network monitoring program
#
nagios = module
# Layer: apps
# Module: namespace
#
# policy for namespace.init script
#
namespace = module
# Layer: admin
# Module: ncftool
#
# Tool to modify the network configuration of a system
#
ncftool = module
# Layer: services
# Module: networkmanager
#
# Manager for dynamically switching between networks.
#
networkmanager = module
# Layer: services
# Module: nis
#
# Policy for NIS (YP) servers and clients
#
nis = module
# Layer: services
# Module: nscd
#
# Name service cache daemon
#
nscd = module
# Layer: services
# Module: nslcd
#
# Policy for nslcd
#
nslcd = module
# Layer: services
# Module: ntop
#
# Policy for ntop
#
ntop = module
# Layer: services
# Module: ntp
#
# Network time protocol daemon
#
ntp = module
# Layer: services
# Module: nx
#
# NX Remote Desktop
#
nx = module
# Layer: services
# Module: oddjob
#
# policy for oddjob
#
oddjob = module
# Layer: services
# Module: openct
#
# Service for handling smart card readers.
#
openct = off
# Layer: service
# Module: openct
#
# Middleware framework for smart card terminals
#
openct = module
# Layer: services
# Module: openvpn
#
# Policy for OPENVPN full-featured SSL VPN solution
#
openvpn = module
# Layer: contrib
# Module: prelude
#
# SELinux policy for prelude
#
prelude = module
# Layer: contrib
# Module: prosody
#
# SELinux policy for prosody flexible communications server for Jabber/XMPP
#
prosody = module
# Layer: services
# Module: pads
#
pads = module
# Layer: system
# Module: pcmcia
#
# PCMCIA card management services
#
pcmcia = module
# Layer: service
# Module: pcscd
#
# PC/SC Smart Card Daemon
#
pcscd = module
# Layer: services
# Module: pegasus
#
# The Open Group Pegasus CIM/WBEM Server.
#
pegasus = module
# Layer: services
# Module: pingd
#
#
pingd = module
# Layer: services
# Module: piranha
#
# piranha - various tools to administer and configure the Linux Virtual Server
#
piranha = module
# Layer: services
# Module: plymouthd
#
# Plymouth
#
plymouthd = module
# Layer: apps
# Module: podsleuth
#
# Podsleuth probes, identifies, and exposes properties and metadata bound to iPods.
#
podsleuth = module
# Layer: services
# Module: policykit
#
# Hardware abstraction layer
#
policykit = module
# Layer: services
# Module: polipo
#
# polipo
#
polipo = module
# Layer: services
# Module: portmap
#
# RPC port mapping service.
#
portmap = module
# Layer: services
# Module: portreserve
#
# reserve ports to prevent portmap mapping them
#
portreserve = module
# Layer: services
# Module: postfix
#
# Postfix email server
#
postfix = module
o# Layer: services
# Module: postgrey
#
# email scanner
#
postgrey = module
# Layer: services
# Module: ppp
#
# Point to Point Protocol daemon creates links in ppp networks
#
ppp = module
# Layer: admin
# Module: prelink
#
# Manage temporary directory sizes and file ages
#
prelink = module
unprivuser = module
# Layer: services
# Module: privoxy
#
# Privacy enhancing web proxy.
#
privoxy = module
# Layer: services
# Module: procmail
#
# Procmail mail delivery agent
#
procmail = module
# Layer: services
# Module: psad
#
# Analyze iptables log for hostile traffic
#
psad = module
# Layer: apps
# Module: ptchown
#
# helper function for grantpt(3), changes ownship and permissions of pseudotty
#
ptchown = module
# Layer: services
# Module: publicfile
#
# publicfile supplies files to the public through HTTP and FTP
#
publicfile = module
# Layer: apps
# Module: pulseaudio
#
# The PulseAudio Sound System
#
pulseaudio = module
# Layer: services
# Module: qmail
#
# Policy for qmail
#
qmail = module
# Layer: services
# Module: qpidd
#
# Policy for qpidd
#
qpid = module
# Layer: admin
# Module: quota
#
# File system quota management
#
quota = module
# Layer: services
# Module: radius
#
# RADIUS authentication and accounting server.
#
radius = module
# Layer: services
# Module: radvd
#
# IPv6 router advertisement daemon
#
radvd = module
# Layer: system
# Module: raid
#
# RAID array management tools
#
raid = module
# Layer: services
# Module: rdisc
#
# Network router discovery daemon
#
rdisc = module
# Layer: admin
# Module: readahead
#
# Readahead, read files into page cache for improved performance
#
readahead = module
# Layer: services
# Module: remotelogin
#
# Policy for rshd, rlogind, and telnetd.
#
remotelogin = module
# Layer: services
# Module: rhcs
#
# RHCS - Red Hat Cluster Suite
#
rhcs = module
# Layer: services
# Module: rhgb
#
# X windows login display manager
#
rhgb = module
# Layer: services
# Module: ricci
#
# policy for ricci
#
ricci = module
# Layer: services
# Module: rlogin
#
# Remote login daemon
#
rlogin = module
# Layer: services
# Module: roundup
#
# Roundup Issue Tracking System policy
#
roundup = module
# Layer: services
# Module: rpcbind
#
# universal addresses to RPC program number mapper
#
rpcbind = module
# Layer: services
# Module: rpc
#
# Remote Procedure Call Daemon for managment of network based process communication
#
rpc = module
# Layer: admin
# Module: rpm
#
# Policy for the RPM package manager.
#
rpm = module
# Layer: services
# Module: rshd
#
# Remote shell service.
#
rshd = module
# Layer: services
# Module: rsync
#
# Fast incremental file transfer for synchronization
#
rsync = module
# Layer: services
# Module: rtkit
#
# Real Time Kit Daemon
#
rtkit = module
# Layer: services
# Module: rwho
#
# who is logged in on local machines
#
rwho = module
# Layer: apps
# Module: sambagui
#
# policy for system-config-samba
#
sambagui = module
#
# SMB and CIFS client/server programs for UNIX and
# name Service Switch daemon for resolving names
# from Windows NT servers.
#
samba = module
# Layer: services
# Module: sasl
#
# SASL authentication server
#
sasl = module
# Layer: apps
# Module: screen
#
# GNU terminal multiplexer
#
screen = module
# Layer: services
# Module: sendmail
#
# Policy for sendmail.
#
sendmail = module
# Layer: services
# Module: setroubleshoot
#
# Policy for the SELinux troubleshooting utility
#
setroubleshoot = module
# Layer: admin
# Module: shorewall
#
# Policy for shorewall
#
shorewall = module
# Layer: apps
# Module: slocate
#
# Update database for mlocate
#
slocate = module
# Layer: services
# Module: slrnpull
#
# Service for downloading news feeds the slrn newsreader.
#
slrnpull = off
# Layer: services
# Module: smartmon
#
# Smart disk monitoring daemon policy
#
smartmon = module
# Layer: services
# Module: snmp
#
# Simple network management protocol services
#
snmp = module
# Layer: services
# Module: snort
#
# Snort network intrusion detection system
#
snort = module
# Layer: admin
# Module: sosreport
#
# sosreport debuggin information generator
#
sosreport = module
# Layer: services
# Module: soundserver
#
# sound server for network audio server programs, nasd, yiff, etc</summary>
#
soundserver = module
# Layer: services
# Module: spamassassin
#
# Filter used for removing unsolicited email.
#
spamassassin = module
# Layer: services
# Module: squid
#
# Squid caching http proxy server
#
squid = module
# Layer: services
# Module: sssd
#
# System Security Services Daemon
#
sssd = module
# Layer: services
# Module: stunnel
#
# SSL Tunneling Proxy
#
stunnel = module
# Layer: services
# Module: sysstat
#
# Policy for sysstat. Reports on various system states
#
sysstat = module
# Layer: services
# Module: tcpd
#
# Policy for TCP daemon.
#
tcpd = module
# Layer: services
# Module: tcsd
#
# tcsd - daemon that manages Trusted Computing resources
#
tcsd = module
# Layer: apps
# Module: telepathy
#
# telepathy - Policy for Telepathy framework
#
telepathy = module
# Layer: services
# Module: telnet
#
# Telnet daemon
#
telnet = module
# Layer: services
# Module: tftp
#
# Trivial file transfer protocol daemon
#
tftp = module
# Layer: services
# Module: tgtd
#
# Linux Target Framework Daemon.
#
tgtd = module
# Layer: apps
# Module: thumb
#
# Thumbnailer confinement
#
thumb = module
# Layer: services
# Module: timidity
#
# MIDI to WAV converter and player configured as a service
#
timidity = off
# Layer: admin
# Module: tmpreaper
#
# Manage temporary directory sizes and file ages
#
tmpreaper = module
# Layer: services
# Module: tor
#
# TOR, the onion router
#
tor = module
# Layer: services
# Module: ksmtuned
#
# Kernel Samepage Merging (KSM) Tuning Daemon
#
ksmtuned = module
# Layer: services
# Module: tuned
#
# Dynamic adaptive system tuning daemon
#
tuned = module
# Layer: apps
# Module: tvtime
#
# tvtime - a high quality television application
#
tvtime = module
# Layer: services
# Module: ulogd
#
#
#
ulogd = module
# Layer: apps
# Module: uml
#
# Policy for UML
#
uml = module
# Layer: admin
# Module: updfstab
#
# Red Hat utility to change /etc/fstab.
#
updfstab = module
# Layer: admin
# Module: usbmodules
#
# List kernel modules of USB devices
#
usbmodules = module
# Layer: apps
# Module: userhelper
#
# A helper interface to pam.
#
userhelper = module
# Layer: apps
# Module: usernetctl
#
# User network interface configuration helper
#
usernetctl = module
# Layer: services
# Module: uucp
#
# Unix to Unix Copy
#
uucp = module
# Layer: services
# Module: virt
#
# Virtualization libraries
#
virt = module
# Layer: apps
# Module: vmware
#
# VMWare Workstation virtual machines
#
vmware = module
# Layer: contrib
# Module: openvswitch
#
# SELinux policy for openvswitch programs
#
openvswitch = module
# Layer: admin
# Module: vpn
#
# Virtual Private Networking client
#
vpn = module
# Layer: services
# Module: w3c
#
# w3c
#
w3c = module
# Layer: role
# Module: webadm
#
# Minimally prived root role for managing apache
#
webadm = module
# Layer: apps
# Module: webalizer
#
# Web server log analysis
#
webalizer = module
# Layer: apps
# Module: wine
#
# wine executable
#
wine = module
# Layer: apps
# Module: wireshark
#
# wireshark executable
#
wireshark = module
# Layer: apps
# Module: wm
#
# X windows window manager
#
wm = module
# Layer: system
# Module: xen
#
# virtualization software
#
xen = module
# Layer: role
# Module: xguest
#
# Minimally privs guest account on X Windows logins
#
xguest = module
# Layer: services
# Module: zabbix
#
# Open-source monitoring solution for your IT infrastructure
#
zabbix = module
# Layer: services
# Module: zebra
#
# Zebra border gateway protocol network routing service
#
zebra = module
# Layer: services
# Module: zosremote
#
# policy for z/OS Remote-services Audit dispatcher plugin</summary>
#
zosremote = module
# Layer: contrib
# Module: mandb
#
# Policy for mandb
#
mandb = module