1
0
selinux-policy/modules-minimum-contrib.conf
Hu fade960df6 - Update to version 20240808:
* Use new kanidm interfaces
  * Initial module for kanidm
  * Update bootupd policy
  * Allow rhsmcertd read/write access to /dev/papr-sysparm
  * Label /dev/papr-sysparm and /dev/papr-vpd
  * Allow abrt-dump-journal-core connect to winbindd
  * Allow systemd-hostnamed shut down nscd
  * Allow systemd-pstore send a message to syslogd over a unix domain
  * Allow postfix_domain map postfix_etc_t files
  * Allow microcode create /sys/devices/system/cpu/microcode/reload
  * Allow rhsmcertd read, write, and map ica tmpfs files
  * Support SGX devices
  * Allow initrc_t transition to passwd_t
  * Update fstab and cryptsetup generators policy
  * Allow xdm_t read and write the dma device
  * Update stalld policy for bpf usage
  * Allow systemd_gpt_generator to getattr on DOS directories
  * Make cgroup_memory_pressure_t a part of the file_type attribute
  * Allow ssh_t to change role to system_r
  * Update policy for coreos generators
  * Allow init_t nnp domain transition to firewalld_t
  * Label /run/modprobe.d with modules_conf_t
  * Allow virtnodedevd run udev with a domain transition
  * Allow virtnodedev_t create and use virtnodedev_lock_t
  * Allow virtstoraged manage files with virt_content_t type
  * Allow virtqemud unmount a filesystem with extended attributes
  * Allow svirt_t connect to unconfined_t over a unix domain socket
  * Update afterburn file transition policy
  * Allow systemd_generator read attributes of all filesystems
  * Allow fstab-generator read and write cryptsetup-generator unit file
  * Allow cryptsetup-generator read and write fstab-generator unit file
  * Allow systemd_generator map files in /etc
  * Allow systemd_generator read init's process state
  * Allow coreos-installer-generator read sssd public files
  * Allow coreos-installer-generator work with partitions
  * Label /etc/mdadm.conf.d with mdadm_conf_t
  * Confine coreos generators
  * Label /run/metadata with afterburn_runtime_t
  * Allow afterburn list ssh home directory
  * Label samba certificates with samba_cert_t
  * Label /run/coreos-installer-reboot with coreos_installer_var_run_t
  * Allow virtqemud read virt-dbus process state
  * Allow staff user dbus chat with virt-dbus
  * Allow staff use watch /run/systemd
  * Allow systemd_generator to write kmsg
  * Allow virtqemud connect to sanlock over a unix stream socket
  * Allow virtqemud relabel virt_var_run_t directories
  * Allow svirt_tcg_t read vm sysctls
  * Allow virtnodedevd connect to systemd-userdbd over a unix socket
  * Allow svirt read virtqemud fifo files
  * Allow svirt attach_queue to a virtqemud tun_socket
  * Allow virtqemud run ssh client with a transition
  * Allow virt_dbus_t connect to virtqemud_t over a unix stream socket
  * Update keyutils policy
  * Allow sshd_keygen_t connect to userdbd over a unix stream socket
  * Allow postfix-smtpd read mysql config files
  * Allow locate stream connect to systemd-userdbd
  * Allow the staff user use wireshark
  * Allow updatedb connect to userdbd over a unix stream socket
  * Allow gpg_t set attributes of public-keys.d
  * Allow gpg_t get attributes of login_userdomain stream
  * Allow systemd_getty_generator_t read /proc/1/environ
  * Allow systemd_getty_generator_t to read and write to tty_device_t
  * Drop publicfile module
  * Remove permissive domain for systemd_nsresourced_t
  * Change fs_dontaudit_write_cgroup_files() to apply to cgroup_t
  * Label /usr/bin/samba-gpupdate with samba_gpupdate_exec_t
  * Allow to create and delete socket files created by rhsm.service
  * Allow virtnetworkd exec shell when virt_hooks_unconfined is on
  * Allow unconfined_service_t transition to passwd_t
  * Support /var is empty
  * Allow abrt-dump-journal read all non_security socket files
  * Allow timemaster write to sysfs files
  * Dontaudit domain write cgroup files
  * Label /usr/lib/node_modules/npm/bin with bin_t
  * Allow ip the setexec permission
  * Allow systemd-networkd write files in /var/lib/systemd/network
  * Fix typo in systemd_nsresourced_prog_run_bpf()

OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=248
2024-08-08 12:42:54 +00:00

2610 lines
34 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Layer: services
# Module: abrt
#
# Automatic bug detection and reporting tool
#
abrt = module
# Layer: services
# Module: accountsd
#
# An application to view and modify user accounts information
#
accountsd = module
# Layer: admin
# Module: acct
#
# Berkeley process accounting
#
acct = module
# Layer: services
# Module: afs
#
# Andrew Filesystem server
#
afs = module
# Layer: services
# Module: aiccu
#
# SixXS Automatic IPv6 Connectivity Client Utility
#
aiccu = module
# Layer: services
# Module: aide
#
# Policy for aide
#
aide = module
# Layer: services
# Module: ajaxterm
#
# Web Based Terminal
#
ajaxterm = module
# Layer: admin
# Module: alsa
#
# Ainit ALSA configuration tool
#
alsa = module
# Layer: admin
# Module: amanda
#
# Automated backup program.
#
amanda = module
# Layer: admin
# Module: amtu
#
# Abstract Machine Test Utility (AMTU)
#
amtu = module
# Layer: admin
# Module: anaconda
#
# Policy for the Anaconda installer.
#
anaconda = module
# Layer: contrib
# Module: antivirus
#
# SELinux policy for antivirus programs
#
antivirus = module
# Layer: services
# Module: apache
#
# Apache web server
#
apache = module
# Layer: services
# Module: apcupsd
#
# daemon for most APCs UPS for Linux
#
apcupsd = module
# Layer: services
# Module: apm
#
# Advanced power management daemon
#
apm = module
# Layer: services
# Module: arpwatch
#
# Ethernet activity monitor.
#
arpwatch = module
# Layer: services
# Module: asterisk
#
# Asterisk IP telephony server
#
asterisk = module
# Layer: contrib
# Module: authconfig
#
# Authorization configuration tool
#
authconfig = module
# Layer: services
# Module: automount
#
# Filesystem automounter service.
#
automount = module
# Layer: services
# Module: avahi
#
# mDNS/DNS-SD daemon implementing Apple ZeroConf architecture
#
avahi = module
# Layer: module
# Module: awstats
#
# awstats executable
#
awstats = module
# Layer: services
# Module: bcfg2
#
# Configuration management server
#
bcfg2 = module
# Layer: services
# Module: bind
#
# Berkeley internet name domain DNS server.
#
bind = module
# Layer: contrib
# Module: rngd
#
# Daemon used to feed random data from hardware device to kernel random device
#
rngd = module
# Layer: services
# Module: bitlbee
#
# An IRC to other chat networks gateway
#
bitlbee = module
# Layer: services
# Module: blueman
#
# Blueman tools and system services.
#
blueman = module
# Layer: services
# Module: bluetooth
#
# Bluetooth tools and system services.
#
bluetooth = module
# Layer: services
# Module: boinc
#
# Berkeley Open Infrastructure for Network Computing
#
boinc = module
# Layer: system
# Module: brctl
#
# Utilities for configuring the linux ethernet bridge
#
brctl = module
# Layer: services
# Module: bugzilla
#
# Bugzilla server
#
bugzilla = module
# Layer: services
# Module: bumblebee
#
# Support NVIDIA Optimus technology under Linux
#
bumblebee = module
# Layer: services
# Module: cachefilesd
#
# CacheFiles userspace management daemon
#
cachefilesd = module
# Module: calamaris
#
#
# Squid log analysis
#
calamaris = module
# Layer: services
# Module: callweaver
#
# callweaver telephony sever
#
callweaver = module
# Layer: services
# Module: canna
#
# Canna - kana-kanji conversion server
#
canna = module
# Layer: services
# Module: ccs
#
# policy for ccs
#
ccs = module
# Layer: apps
# Module: cdrecord
#
# Policy for cdrecord
#
cdrecord = module
# Layer: admin
# Module: certmaster
#
# Digital Certificate master
#
certmaster = module
# Layer: services
# Module: certmonger
#
# Certificate status monitor and PKI enrollment client
#
certmonger = module
# Layer: admin
# Module: certwatch
#
# Digital Certificate Tracking
#
certwatch = module
# Layer: services
# Module: cfengine
#
# cfengine
#
cfengine = module
# Layer: services
# Module: cgroup
#
# Tools and libraries to control and monitor control groups
#
cgroup = module
# Layer: apps
# Module: chrome
#
# chrome sandbox
#
chrome = module
# Layer: services
# Module: chronyd
#
# Daemon for maintaining clock time
#
chronyd = module
# Layer: services
# Module: cipe
#
# Encrypted tunnel daemon
#
cipe = module
# Layer: services
# Module: clogd
#
# clogd - clustered mirror log server
#
clogd = module
# Layer: services
# Module: cloudform
#
# cloudform daemons
#
cloudform = module
# Layer: services
# Module: cmirrord
#
# cmirrord - daemon providing device-mapper-base mirrors in a shared-storege cluster
#
cmirrord = module
# Layer: services
# Module: cobbler
#
# cobbler
#
cobbler = module
# Layer: services
# Module: collectd
#
# Statistics collection daemon for filling RRD files
#
collectd = module
# Layer: services
# Module: colord
#
# color device daemon
#
colord = module
# Layer: services
# Module: comsat
#
# Comsat, a biff server.
#
comsat = module
# Layer: services
# Module: condor
#
# policy for condor
#
condor = module
# Layer: services
# Module: conman
#
# Conman is a program for connecting to remote consoles being managed by conmand
#
conman = module
# Layer: services
# Module: consolekit
#
# ConsoleKit is a system daemon for tracking what users are logged
#
consolekit = module
# Layer: services
# Module: couchdb
#
# Apache CouchDB database server
#
couchdb = module
# Layer: services
# Module: courier
#
# IMAP and POP3 email servers
#
courier = module
# Layer: services
# Module: cpucontrol
#
# Services for loading CPU microcode and CPU frequency scaling.
#
cpucontrol = module
# Layer: apps
# Module: cpufreqselector
#
# cpufreqselector executable
#
cpufreqselector = module
# Layer: services
# Module: cron
#
# Periodic execution of scheduled commands.
#
cron = module
# Layer: services
# Module: ctdbd
#
# Cluster Daemon
#
ctdb = module
# Layer: services
# Module: cups
#
# Common UNIX printing system
#
cups = module
# Layer: services
# Module: cvs
#
# Concurrent versions system
#
cvs = module
# Layer: services
# Module: cyphesis
#
# cyphesis game server
#
cyphesis = module
# Layer: services
# Module: cyrus
#
# Cyrus is an IMAP service intended to be run on sealed servers
#
cyrus = module
# Layer: system
# Module: daemontools
#
# Collection of tools for managing UNIX services
#
daemontools = module
# Layer: role
# Module: dbadm
#
# Minimally prived root role for managing databases
#
dbadm = module
# Layer: services
# Module: dbskk
#
# Dictionary server for the SKK Japanese input method system.
#
dbskk = module
# Layer: services
# Module: dbus
#
# Desktop messaging bus
#
dbus = module
# Layer: services
# Module: dcc
#
# A distributed, collaborative, spam detection and filtering network.
#
dcc = module
# Layer: services
# Module: ddclient
#
# Update dynamic IP address at DynDNS.org
#
ddclient = module
# Layer: admin
# Module: ddcprobe
#
# ddcprobe retrieves monitor and graphics card information
#
ddcprobe = off
# Layer: services
# Module: denyhosts
#
# script to help thwart ssh server attacks
#
denyhosts = module
# Layer: services
# Module: devicekit
#
# devicekit-daemon
#
devicekit = module
# Layer: services
# Module: dhcp
#
# Dynamic host configuration protocol (DHCP) server
#
dhcp = module
# Layer: services
# Module: dictd
#
# Dictionary daemon
#
dictd = module
# Layer: services
# Module: dirsrv-admin
#
# An 309 directory admin server
#
dirsrv-admin = module
# Layer: services
# Module: dirsrv
#
# An 309 directory server
#
dirsrv = module
# Layer: services
# Module: distcc
#
# Distributed compiler daemon
#
distcc = off
# Layer: admin
# Module: dmidecode
#
# Decode DMI data for x86/ia64 bioses.
#
dmidecode = module
# Layer: services
# Module: dnsmasq
#
# A lightweight DHCP and caching DNS server.
#
dnsmasq = module
# Layer: services
# Module: dnssec
#
# A dnssec server application
#
dnssec = module
# Layer: services
# Module: dovecot
#
# Dovecot POP and IMAP mail server
#
dovecot = module
# Layer: services
# Module: drbd
#
# DRBD mirrors a block device over the network to another machine.
#
drbd = module
# Layer: services
# Module: dspam
#
# dspam - library and Mail Delivery Agent for Bayesian SPAM filtering
#
dspam = module
# Layer: services
# Module: entropy
#
# Generate entropy from audio input
#
entropyd = module
# Layer: services
# Module: exim
#
# exim mail server
#
exim = module
# Layer: services
# Module: fail2ban
#
# daiemon that bans IP that makes too many password failures
#
fail2ban = module
# Layer: services
# Module: fcoe
#
# fcoe
#
fcoe = module
# Layer: services
# Module: fetchmail
#
# Remote-mail retrieval and forwarding utility
#
fetchmail = module
# Layer: services
# Module: finger
#
# Finger user information service.
#
finger = module
# Layer: services
# Module: firewalld
#
# firewalld is firewall service daemon that provides dynamic customizable
#
firewalld = module
# Layer: apps
# Module: firewallgui
#
# policy for system-config-firewall
#
firewallgui = module
# Module: firstboot
#
# Final system configuration run during the first boot
# after installation of Red Hat/Fedora systems.
#
firstboot = module
# Layer: services
# Module: fprintd
#
# finger print server
#
fprintd = module
# Layer: services
# Module: freqset
#
# Utility for CPU frequency scaling
#
freqset = module
# Layer: services
# Module: ftp
#
# File transfer protocol service
#
ftp = module
# Layer: apps
# Module: games
#
# The Open Group Pegasus CIM/WBEM Server.
#
games = module
# Layer: apps
# Module: gitosis
#
# Policy for gitosis
#
gitosis = module
# Layer: services
# Module: git
#
# Policy for the stupid content tracker
#
git = module
# Layer: services
# Module: glance
#
# Policy for glance
#
glance = module
# Layer: contrib
# Module: glusterd
#
# policy for glusterd service
#
glusterd = module
# Layer: apps
# Module: gnome
#
# gnome session and gconf
#
gnome = module
# Layer: apps
# Module: gpg
#
# Policy for GNU Privacy Guard and related programs.
#
gpg = module
# Layer: services
# Module: gpm
#
# General Purpose Mouse driver
#
gpm = module
# Module: gpsd
#
# gpsd monitor daemon
#
#
gpsd = module
# Module: gssproxy
#
# A proxy for GSSAPI credential handling
#
#
gssproxy = module
# Layer: role
# Module: guest
#
# Minimally privs guest account on tty logins
#
guest = module
# Layer: role
# Module: xguest
#
# Minimally privs guest account on X Windows logins
#
xguest = module
# Layer: services
# Module: hddtemp
#
# hddtemp hard disk temperature tool running as a daemon
#
hddtemp = module
# Layer: services
# Module: hostapd
#
# hostapd - IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
#
hostapd = module
# Layer: services
# Module: i18n_input
#
# IIIMF htt server
#
i18n_input = off
# Layer: services
# Module: icecast
#
# ShoutCast compatible streaming media server
#
icecast = module
# Layer: services
# Module: inetd
#
# Internet services daemon.
#
inetd = module
# Layer: services
# Module: inn
#
# Internet News NNTP server
#
inn = module
# Layer: services
# Module: lircd
#
# LIRC daemon - decodes infrared signals and provides them on a Unix domain socket.
#
lircd = module
# Layer: apps
# Module: irc
#
# IRC client policy
#
irc = module
# Layer: services
# Module: irqbalance
#
# IRQ balancing daemon
#
irqbalance = module
# Layer: system
# Module: iscsi
#
# Open-iSCSI daemon
#
iscsi = module
# Layer: system
# Module: isnsd
#
#
#
isns = module
# Layer: services
# Module: jabber
#
# Jabber instant messaging server
#
jabber = module
# Layer: services
# Module: jetty
#
# Java based http server
#
jetty = module
# Layer: apps
# Module: jockey
#
# policy for jockey-backend
#
jockey = module
# Layer: apps
# Module: kdumpgui
#
# system-config-kdump policy
#
kdumpgui = module
# Layer: admin
# Module: kdump
#
# kdump is kernel crash dumping mechanism
#
kdump = module
# Layer: services
# Module: kerberos
#
# MIT Kerberos admin and KDC
#
kerberos = module
# Layer: services
# Module: keepalived
#
# keepalived - load-balancing and high-availability service
#
keepalived = module
# Module: keyboardd
#
# system-setup-keyboard is a keyboard layout daemon that monitors
# /etc/sysconfig/keyboard and writes out an xorg.conf.d snippet
#
keyboardd = module
# Layer: services
# Module: keystone
#
# openstack-keystone
#
keystone = module
# Layer: services
# Module: kismet
#
# Wireless sniffing and monitoring
#
kismet = module
# Layer: services
# Module: ksmtuned
#
# Kernel Samepage Merging (KSM) Tuning Daemon
#
ksmtuned = module
# Layer: services
# Module: ktalk
#
# KDE Talk daemon
#
ktalk = module
# Layer: services
# Module: l2ltpd
#
# Layer 2 Tunnelling Protocol Daemon
#
l2tp = module
# Layer: services
# Module: ldap
#
# OpenLDAP directory server
#
ldap = module
# Layer: services
# Module: likewise
#
# Likewise Active Directory support for UNIX
#
likewise = module
# Layer: apps
# Module: livecd
#
# livecd creator
#
livecd = module
# Layer: services
# Module: lldpad
#
# lldpad - Link Layer Discovery Protocol (LLDP) agent daemon
#
lldpad = module
# Layer: apps
# Module: loadkeys
#
# Load keyboard mappings.
#
loadkeys = module
# Layer: apps
# Module: lockdev
#
# device locking policy for lockdev
#
lockdev = module
# Layer: admin
# Module: logrotate
#
# Rotate and archive system logs
#
logrotate = module
# Layer: services
# Module: logwatch
#
# logwatch executable
#
logwatch = module
# Layer: services
# Module: lpd
#
# Line printer daemon
#
lpd = module
# Layer: services
# Module: mailman
#
# Mailman is for managing electronic mail discussion and e-newsletter lists
#
mailman = module
# Layer: services
# Module: mailman
#
# Policy for mailscanner
#
mailscanner = module
# Layer: apps
# Module: man2html
#
# policy for man2html apps
#
man2html = module
# Layer: admin
# Module: mcelog
#
# Policy for mcelog.
#
mcelog = module
# Layer: apps
# Module: mediawiki
#
# mediawiki
#
mediawiki = module
# Layer: services
# Module: memcached
#
# high-performance memory object caching system
#
memcached = module
# Layer: services
# Module: milter
#
#
#
milter = module
# Layer: services
# Module: mip6d
#
# UMIP Mobile IPv6 and NEMO Basic Support protocol implementation
#
mip6d = module
# Layer: services
# Module: mock
#
# Policy for mock rpm builder
#
mock = module
# Layer: services
# Module: modemmanager
#
# Manager for dynamically switching between modems.
#
modemmanager = module
# Layer: services
# Module: mojomojo
#
# Wiki server
#
mojomojo = module
# Layer: apps
# Module: mozilla
#
# Policy for Mozilla and related web browsers
#
mozilla = module
# Layer: services
# Module: mpd
#
# mpd - daemon for playing music
#
mpd = module
# Layer: apps
# Module: mplayer
#
# Policy for Mozilla and related web browsers
#
mplayer = module
# Layer: admin
# Module: mrtg
#
# Network traffic graphing
#
mrtg = module
# Layer: services
# Module: mta
#
# Policy common to all email tranfer agents.
#
mta = module
# Layer: services
# Module: munin
#
# Munin
#
munin = module
# Layer: services
# Module: mysql
#
# Policy for MySQL
#
mysql = module
# Layer: contrib
# Module: mythtv
#
# Policy for Mythtv (Web Server)
#
mythtv = module
# Layer: services
# Module: nagios
#
# policy for nagios Host/service/network monitoring program
#
nagios = module
# Layer: apps
# Module: namespace
#
# policy for namespace.init script
#
namespace = module
# Layer: admin
# Module: ncftool
#
# Tool to modify the network configuration of a system
#
ncftool = module
# Layer: services
# Module: networkmanager
#
# Manager for dynamically switching between networks.
#
networkmanager = module
# Layer: services
# Module: ninfod
#
# Respond to IPv6 Node Information Queries
#
ninfod = module
# Layer: services
# Module: nis
#
# Policy for NIS (YP) servers and clients
#
nis = module
# Layer: services
# Module: nova
#
# openstack-nova
#
nova = module
# Layer: services
# Module: nslcd
#
# Policy for nslcd
#
nslcd = module
# Layer: services
# Module: ntop
#
# Policy for ntop
#
ntop = module
# Layer: services
# Module: ntp
#
# Network time protocol daemon
#
ntp = module
# Layer: services
# Module: numad
#
# numad - user-level daemon that provides advice and managment for optimum use of CPUs and memory on systems with NUMA topology
#
numad = module
# Layer: services
# Module: nut
#
# nut - Network UPS Tools
#
nut = module
# Layer: services
# Module: nx
#
# NX Remote Desktop
#
nx = module
# Layer: services
# Module: obex
#
# policy for obex-data-server
#
obex = module
# Layer: services
# Module: oddjob
#
# policy for oddjob
#
oddjob = module
# Layer: services
# Module: openct
#
# Service for handling smart card readers.
#
openct = off
# Layer: service
# Module: openct
#
# Middleware framework for smart card terminals
#
openct = module
# Layer: contrib
# Module: openshift-origin
#
# Origin version of openshift policy
#
openshift-origin = module
# Layer: contrib
# Module: openshift
#
# Core openshift policy
#
openshift = module
# Layer: services
# Module: opensm
#
# InfiniBand subnet manager and administration (SM/SA)
#
opensm = module
# Layer: services
# Module: openvpn
#
# Policy for OPENVPN full-featured SSL VPN solution
#
openvpn = module
# Layer: contrib
# Module: openvswitch
#
# SELinux policy for openvswitch programs
#
openvswitch = module
# Layer: services
# Module: openwsman
#
# WS-Management Server
#
openwsman = module
# Layer: services
# Module: osad
#
# Client-side service written in Python that responds to pings
#
osad = module
# Layer: contrib
# Module: prelude
#
# SELinux policy for prelude
#
prelude = module
# Layer: contrib
# Module: prosody
#
# SELinux policy for prosody flexible communications server for Jabber/XMPP
#
prosody = module
# Layer: services
# Module: pads
#
pads = module
# Layer: services
# Module: passenger
#
# Passenger
#
passenger = module
# Layer: system
# Module: pcmcia
#
# PCMCIA card management services
#
pcmcia = module
# Layer: service
# Module: pcscd
#
# PC/SC Smart Card Daemon
#
pcscd = module
# Layer: services
# Module: pdns
#
# PowerDNS DNS server
#
pdns = module
# Layer: services
# Module: pegasus
#
# The Open Group Pegasus CIM/WBEM Server.
#
pegasus = module
# Layer: services
# Module: pingd
#
#
pingd = module
# Layer: services
# Module: piranha
#
# piranha - various tools to administer and configure the Linux Virtual Server
#
piranha = module
# Layer: contrib
# Module: pkcs
#
# daemon manages PKCS#11 objects between PKCS#11-enabled applications
#
pkcs = module
# Layer: services
# Module: plymouthd
#
# Plymouth
#
plymouthd = module
# Layer: apps
# Module: podsleuth
#
# Podsleuth probes, identifies, and exposes properties and metadata bound to iPods.
#
podsleuth = module
# Layer: services
# Module: policykit
#
# Hardware abstraction layer
#
policykit = module
# Layer: services
# Module: polipo
#
# polipo
#
polipo = module
# Layer: services
# Module: portmap
#
# RPC port mapping service.
#
portmap = module
# Layer: services
# Module: portreserve
#
# reserve ports to prevent portmap mapping them
#
portreserve = module
# Layer: services
# Module: postfix
#
# Postfix email server
#
postfix = module
# Layer: services
# Module: postgrey
#
# email scanner
#
postgrey = module
# Layer: services
# Module: ppp
#
# Point to Point Protocol daemon creates links in ppp networks
#
ppp = module
# Layer: admin
# Module: prelink
#
# Manage temporary directory sizes and file ages
#
prelink = module
# Layer: services
# Module: privoxy
#
# Privacy enhancing web proxy.
#
privoxy = module
# Layer: services
# Module: procmail
#
# Procmail mail delivery agent
#
procmail = module
# Layer: services
# Module: psad
#
# Analyze iptables log for hostile traffic
#
psad = module
# Layer: apps
# Module: ptchown
#
# helper function for grantpt(3), changes ownship and permissions of pseudotty
#
ptchown = module
# Layer: apps
# Module: pulseaudio
#
# The PulseAudio Sound System
#
pulseaudio = module
# Layer: services
# Module: puppet
#
# A network tool for managing many disparate systems
#
puppet = module
# Layer: apps
# Module: pwauth
#
# External plugin for mod_authnz_external authenticator
#
pwauth = module
# Layer: services
# Module: qmail
#
# Policy for qmail
#
qmail = module
# Layer: services
# Module: qpidd
#
# Policy for qpidd
#
qpid = module
# Layer: services
# Module: quantum
#
# Quantum is a virtual network service for Openstack
#
quantum = module
# Layer: admin
# Module: quota
#
# File system quota management
#
quota = module
# Layer: services
# Module: rabbitmq
#
# rabbitmq daemons
#
rabbitmq = module
# Layer: services
# Module: radius
#
# RADIUS authentication and accounting server.
#
radius = module
# Layer: services
# Module: radvd
#
# IPv6 router advertisement daemon
#
radvd = module
# Layer: system
# Module: raid
#
# RAID array management tools
#
raid = module
# Layer: services
# Module: rasdaemon
#
# The rasdaemon program is a daemon with monitors the RAS trace events from /sys/kernel/debug/tracing
#
rasdaemon = module
# Layer: services
# Module: rdisc
#
# Network router discovery daemon
#
rdisc = module
# Layer: admin
# Module: readahead
#
# Readahead, read files into page cache for improved performance
#
readahead = module
# Layer: contrib
# Module: stapserver
#
# dbus system service which manages discovery and enrollment in realms and domains like Active Directory or IPA
#
realmd = module
# Layer: services
# Module: remotelogin
#
# Policy for rshd, rlogind, and telnetd.
#
remotelogin = module
# Layer: services
# Module: rhcs
#
# RHCS - Red Hat Cluster Suite
#
rhcs = module
# Layer: services
# Module: rhev
#
# rhev policy module contains policies for rhev apps
#
rhev = module
# Layer: services
# Module: rhgb
#
# X windows login display manager
#
rhgb = module
# Layer: services
# Module: rhsmcertd
#
# Subscription Management Certificate Daemon policy
#
rhsmcertd = module
# Layer: services
# Module: ricci
#
# policy for ricci
#
ricci = module
# Layer: services
# Module: rlogin
#
# Remote login daemon
#
rlogin = module
# Layer: services
# Module: roundup
#
# Roundup Issue Tracking System policy
#
roundup = module
# Layer: services
# Module: rpcbind
#
# universal addresses to RPC program number mapper
#
rpcbind = module
# Layer: services
# Module: rpc
#
# Remote Procedure Call Daemon for managment of network based process communication
#
rpc = module
# Layer: services
# Module: rshd
#
# Remote shell service.
#
rshd = module
# Layer: apps
# Module: rssh
#
# Restricted (scp/sftp) only shell
#
rssh = module
# Layer: services
# Module: rsync
#
# Fast incremental file transfer for synchronization
#
rsync = module
# Layer: services
# Module: rtkit
#
# Real Time Kit Daemon
#
rtkit = module
# Layer: services
# Module: rwho
#
# who is logged in on local machines
#
rwho = module
# Layer: apps
# Module: sambagui
#
# policy for system-config-samba
#
sambagui = module
#
# SMB and CIFS client/server programs for UNIX and
# name Service Switch daemon for resolving names
# from Windows NT servers.
#
samba = module
# Layer: apps
# Module: sandbox
#
# Policy for running apps within a sandbox
#
sandbox = module
# Layer: apps
# Module: sandbox
#
# Policy for running apps within a X sandbox
#
sandboxX = module
# Layer: services
# Module: sanlock
#
# sanlock policy
#
sanlock = module
# Layer: services
# Module: sasl
#
# SASL authentication server
#
sasl = module
# Layer: services
# Module: sblim
#
# sblim
#
sblim = module
# Layer: apps
# Module: screen
#
# GNU terminal multiplexer
#
screen = module
# Layer: admin
# Module: sectoolm
#
# Policy for sectool-mechanism
#
sectoolm = module
# Layer: services
# Module: sendmail
#
# Policy for sendmail.
#
sendmail = module
# Layer: contrib
# Module: sensord
#
# Sensor information logging daemon
#
sensord = module
# Layer: services
# Module: setroubleshoot
#
# Policy for the SELinux troubleshooting utility
#
setroubleshoot = module
# Layer: services
# Module: sge
#
# policy for grindengine MPI jobs
#
sge = module
# Layer: admin
# Module: shorewall
#
# Policy for shorewall
#
shorewall = module
# Layer: apps
# Module: slocate
#
# Update database for mlocate
#
slocate = module
# Layer: contrib
# Module: slpd
#
# OpenSLP server daemon to dynamically register services
#
slpd = module
# Layer: services
# Module: slrnpull
#
# Service for downloading news feeds the slrn newsreader.
#
slrnpull = off
# Layer: services
# Module: smartmon
#
# Smart disk monitoring daemon policy
#
smartmon = module
# Layer: services
# Module: smokeping
#
# Latency Logging and Graphing System
#
smokeping = module
# Layer: admin
# Module: smoltclient
#
#The Fedora hardware profiler client
#
smoltclient = module
# Layer: services
# Module: snmp
#
# Simple network management protocol services
#
snmp = module
# Layer: services
# Module: snort
#
# Snort network intrusion detection system
#
snort = module
# Layer: admin
# Module: sosreport
#
# sosreport debuggin information generator
#
sosreport = module
# Layer: services
# Module: soundserver
#
# sound server for network audio server programs, nasd, yiff, etc</summary>
#
soundserver = module
# Layer: services
# Module: spamassassin
#
# Filter used for removing unsolicited email.
#
spamassassin = module
# Layer: services
# Module: speech-dispatcher
#
# speech-dispatcher - server process managing speech requests in Speech Dispatcher
#
speech-dispatcher = module
# Layer: services
# Module: squid
#
# Squid caching http proxy server
#
squid = module
# Layer: services
# Module: sssd
#
# System Security Services Daemon
#
sssd = module
# Layer: services
# Module: sslh
#
# Applicative protocol(SSL/SSH) multiplexer
#
sslh = module
# Layer: contrib
# Module: stapserver
#
# Instrumentation System Server
#
stapserver = module
# Layer: services
# Module: stunnel
#
# SSL Tunneling Proxy
#
stunnel = module
# Layer: services
# Module: svnserve
#
# policy for subversion service
#
svnserve = module
# Layer: services
# Module: swift
#
# openstack-swift
#
swift = module
# Layer: services
# Module: sysstat
#
# Policy for sysstat. Reports on various system states
#
sysstat = module
# Layer: services
# Module: tcpd
#
# Policy for TCP daemon.
#
tcpd = module
# Layer: services
# Module: tcsd
#
# tcsd - daemon that manages Trusted Computing resources
#
tcsd = module
# Layer: apps
# Module: telepathy
#
# telepathy - Policy for Telepathy framework
#
telepathy = module
# Layer: services
# Module: telnet
#
# Telnet daemon
#
telnet = module
# Layer: services
# Module: tftp
#
# Trivial file transfer protocol daemon
#
tftp = module
# Layer: services
# Module: tgtd
#
# Linux Target Framework Daemon.
#
tgtd = module
# Layer: apps
# Module: thumb
#
# Thumbnailer confinement
#
thumb = module
# Layer: services
# Module: timidity
#
# MIDI to WAV converter and player configured as a service
#
timidity = off
# Layer: admin
# Module: tmpreaper
#
# Manage temporary directory sizes and file ages
#
tmpreaper = module
# Layer: contrib
# Module: glusterd
#
# policy for tomcat service
#
tomcat = module
# Layer: services
# Module: tor
#
# TOR, the onion router
#
tor = module
# Layer: services
# Module: tuned
#
# Dynamic adaptive system tuning daemon
#
tuned = module
# Layer: apps
# Module: tvtime
#
# tvtime - a high quality television application
#
tvtime = module
# Layer: services
# Module: ulogd
#
# netfilter/iptables ULOG daemon
#
ulogd = module
# Layer: apps
# Module: uml
#
# Policy for UML
#
uml = module
# Layer: admin
# Module: updfstab
#
# Red Hat utility to change /etc/fstab.
#
updfstab = module
# Layer: admin
# Module: usbmodules
#
# List kernel modules of USB devices
#
usbmodules = module
# Layer: services
# Module: usbmuxd
#
# Daemon for communicating with Apple's iPod Touch and iPhone
#
usbmuxd = module
# Layer: apps
# Module: userhelper
#
# A helper interface to pam.
#
userhelper = module
# Layer: apps
# Module: usernetctl
#
# User network interface configuration helper
#
usernetctl = module
# Layer: services
# Module: uucp
#
# Unix to Unix Copy
#
uucp = module
# Layer: services
# Module: uuidd
#
# UUID generation daemon
#
uuidd = module
# Layer: services
# Module: varnishd
#
# Varnishd http accelerator daemon
#
varnishd = module
# Layer: services
# Module: vdagent
#
# vdagent
#
vdagent = module
# Layer: services
# Module: vhostmd
#
# vhostmd - spice guest agent daemon.
#
vhostmd = module
# Layer: services
# Module: virt
#
# Virtualization libraries
#
virt = module
# Layer: apps
# Module: vhostmd
#
# vlock - Virtual Console lock program
#
vlock = module
# Layer: services
# Module: vmtools
#
# VMware Tools daemon
#
vmtools = module
# Layer: apps
# Module: vmware
#
# VMWare Workstation virtual machines
#
vmware = module
# Layer: services
# Module: vnstatd
#
# Network traffic Monitor
#
vnstatd = module
# Layer: admin
# Module: vpn
#
# Virtual Private Networking client
#
vpn = module
# Layer: services
# Module: w3c
#
# w3c
#
w3c = module
# Layer: services
# Module: wdmd
#
# wdmd policy
#
wdmd = module
# Layer: role
# Module: webadm
#
# Minimally prived root role for managing apache
#
webadm = module
# Layer: apps
# Module: webalizer
#
# Web server log analysis
#
webalizer = module
# Layer: apps
# Module: wine
#
# wine executable
#
wine = module
# Layer: apps
# Module: wireshark
#
# wireshark executable
#
wireshark = module
# Layer: system
# Module: xen
#
# virtualization software
#
xen = module
# Layer: services
# Module: zabbix
#
# Open-source monitoring solution for your IT infrastructure
#
zabbix = module
# Layer: services
# Module: zarafa
#
# Zarafa Collaboration Platform
#
zarafa = module
# Layer: services
# Module: zebra
#
# Zebra border gateway protocol network routing service
#
zebra = module
# Layer: services
# Module: zoneminder
#
# Zoneminder Camera Security Surveillance Solution
#
zoneminder = module
# Layer: services
# Module: zosremote
#
# policy for z/OS Remote-services Audit dispatcher plugin</summary>
#
zosremote = module
# Layer: contrib
# Module: thin
#
# Policy for thin
#
thin = module
# Layer: contrib
# Module: mandb
#
# Policy for mandb
#
mandb = module
# Layer: services
# Module: pki
#
# policy for pki
#
pki = module
# Layer: services
# Module: smsd
#
# policy for smsd
#
smsd = module
# Layer: contrib
# Module: pesign
#
# policy for pesign
#
pesign = module
# Layer: contrib
# Module: nsd
#
# Fast and lean authoritative DNS Name Server
#
nsd = module
# Layer: contrib
# Module: iodine
#
# Fast and lean authoritative DNS Name Server
#
iodine = module
# Layer: contrib
# Module: openhpid
#
# OpenHPI daemon runs as a background process and accepts connecti
#
openhpid = module
# Layer: contrib
# Module: watchdog
#
# Watchdog policy
#
watchdog = module
# Layer: contrib
# Module: oracleasm
#
# oracleasm policy
#
oracleasm = module
# Layer: contrib
# Module: redis
#
# redis policy
#
redis = module
# Layer: contrib
# Module: hypervkvp
#
# hypervkvp policy
#
hypervkvp = module
# Layer: contrib
# Module: lsm
#
# lsm policy
#
lsm = module
# Layer: contrib
# Module: motion
#
# Daemon for detect motion using a video4linux device
motion = module
# Layer: contrib
# Module: rtas
#
# rtas policy
#
rtas = module
# Layer: contrib
# Module: journalctl
#
# journalctl policy
#
journalctl = module
# Layer: contrib
# Module: gdomap
#
# gdomap policy
#
gdomap = module
# Layer: contrib
# Module: minidlna
#
# minidlna policy
#
minidlna = module
# Layer: contrib
# Module: minissdpd
#
# minissdpd policy
#
minissdpd = module
# Layer: contrib
# Module: freeipmi
#
# Remote-Console (out-of-band) and System Management Software (in-band)
# based on IntelligentPlatform Management Interface specification
#
freeipmi = module
# Layer: contrib
# Module: mirrormanager
#
# mirrormanager policy
#
mirrormanager = module
# Layer: contrib
# Module: snapper
#
# snapper policy
#
snapper = module
# Layer: contrib
# Module: pcp
#
# pcp policy
#
pcp = module
# Layer: contrib
# Module: geoclue
#
# Add policy for Geoclue. Geoclue is a D-Bus service that provides location information
#
geoclue = module
# Layer: contrib
# Module: rkhunter
#
# rkhunter policy for /var/lib/rkhunter
#
rkhunter = module
# Layer: contrib
# Module: bacula
#
# bacula policy
#
bacula = module
# Layer: contrib
# Module: rhnsd
#
# rhnsd policy
#
rhnsd = module
# Layer: contrib
# Module: mongodb
#
# mongodb policy
#
mongodb = module
# Layer: contrib
# Module: iotop
#
# iotop policy
#
iotop = module
# Layer: contrib
# Module: kmscon
#
# kmscon policy
#
kmscon = module
# Layer: contrib
# Module: naemon
#
# naemon policy
#
naemon = module
# Layer: contrib
# Module: brltty
#
# brltty policy
#
brltty = module
# Layer: contrib
# Module: cpuplug
#
# cpuplug policy
#
cpuplug = module
# Layer: contrib
# Module: mon_statd
#
# mon_statd policy
#
mon_statd = module
# Layer: contrib
# Module: cinder
#
# openstack-cinder policy
#
cinder = module
# Layer: contrib
# Module: linuxptp
#
# linuxptp policy
#
linuxptp = module
# Layer: contrib
# Module: rolekit
#
# rolekit policy
#
rolekit = module
# Layer: contrib
# Module: targetd
#
# targetd policy
#
targetd = module
# Layer: contrib
# Module: hsqldb
#
# Hsqldb is transactional database engine with in-memory and disk-based tables, supporting embedded and server modes.
#
hsqldb = module
# Layer: contrib
# Module: blkmapd
#
# The blkmapd daemon performs device discovery and mapping for pNFS block layout client.
#
blkmapd = module
# Layer: contrib
# Module: pkcs11proxyd
#
# pkcs11proxyd policy
#
pkcs11proxyd = module
# Layer: contrib
# Module: ipmievd
#
# IPMI event daemon for sending events to syslog
#
ipmievd = module
# Layer: contrib
# Module: openfortivpn
#
# Fortinet compatible SSL VPN daemons.
#
openfortivpn = module
# Layer: contrib
# Module: fwupd
#
# fwupd is a daemon to allow session software to update device firmware.
#
fwupd = module
# Layer: contrib
# Module: lttng-tools
#
# LTTng 2.x central tracing registry session daemon.
#
lttng-tools = module
# Layer: contrib
# Module: rkt
#
# CLI for running app containers
#
rkt = module
# Layer: contrib
# Module: opendnssec
#
# opendnssec
#
opendnssec = module
# Layer: contrib
# Module: hwloc
#
# hwloc
#
hwloc = module
# Layer: contrib
# Module: sbd
#
# sbd
#
sbd = module
# Layer: contrib
# Module: tlp
#
# tlp
#
tlp = module
# Layer: contrib
# Module: conntrackd
#
# conntrackd
#
conntrackd = module
# Layer: contrib
# Module: tangd
#
# tangd
#
tangd = module
# Layer: contrib
# Module: ibacm
#
# ibacm
#
ibacm = module
# Layer: contrib
# Module: opafm
#
# opafm
#
opafm = module
# Layer: contrib
# Module: boltd
#
# boltd
#
boltd = module
# Layer: contrib
# Module: kpatch
#
# kpatch
#
kpatch = module