You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
380 lines
5.1 KiB
380 lines
5.1 KiB
# Layer: kernel |
|
# Module: bootloader |
|
# |
|
# Policy for the kernel modules, kernel image, and bootloader. |
|
# |
|
bootloader = module |
|
|
|
# Layer: kernel |
|
# Module: corenetwork |
|
# Required in base |
|
# |
|
# Policy controlling access to network objects |
|
# |
|
corenetwork = base |
|
|
|
# Layer: admin |
|
# Module: dmesg |
|
# |
|
# Policy for dmesg. |
|
# |
|
dmesg = module |
|
|
|
# Layer: admin |
|
# Module: netutils |
|
# |
|
# Network analysis utilities |
|
# |
|
netutils = module |
|
|
|
# Layer: admin |
|
# Module: sudo |
|
# |
|
# Execute a command with a substitute user |
|
# |
|
sudo = module |
|
|
|
# Layer: admin |
|
# Module: su |
|
# |
|
# Run shells with substitute user and group |
|
# |
|
su = module |
|
|
|
# Layer: admin |
|
# Module: usermanage |
|
# |
|
# Policy for managing user accounts. |
|
# |
|
usermanage = module |
|
|
|
# Layer: apps |
|
# Module: seunshare |
|
# |
|
# seunshare executable |
|
# |
|
seunshare = module |
|
|
|
# Layer: kernel |
|
# Module: corecommands |
|
# Required in base |
|
# |
|
# Core policy for shells, and generic programs |
|
# in /bin, /sbin, /usr/bin, and /usr/sbin. |
|
# |
|
corecommands = base |
|
|
|
# Module: devices |
|
# Required in base |
|
# |
|
# Device nodes and interfaces for many basic system devices. |
|
# |
|
devices = base |
|
|
|
# Module: domain |
|
# Required in base |
|
# |
|
# Core policy for domains. |
|
# |
|
domain = base |
|
|
|
# Layer: system |
|
# Module: userdomain |
|
# |
|
# Policy for user domains |
|
# |
|
userdomain = module |
|
|
|
# Module: files |
|
# Required in base |
|
# |
|
# Basic filesystem types and interfaces. |
|
# |
|
files = base |
|
|
|
# Module: filesystem |
|
# Required in base |
|
# |
|
# Policy for filesystems. |
|
# |
|
filesystem = base |
|
|
|
# Module: kernel |
|
# Required in base |
|
# |
|
# Policy for kernel threads, proc filesystem,and unlabeled processes and objects. |
|
# |
|
kernel = base |
|
|
|
# Module: mcs |
|
# Required in base |
|
# |
|
# MultiCategory security policy |
|
# |
|
mcs = base |
|
|
|
# Module: mls |
|
# Required in base |
|
# |
|
# Multilevel security policy |
|
# |
|
mls = base |
|
|
|
# Module: selinux |
|
# Required in base |
|
# |
|
# Policy for kernel security interface, in particular, selinuxfs. |
|
# |
|
selinux = base |
|
|
|
# Layer: kernel |
|
# Module: storage |
|
# |
|
# Policy controlling access to storage devices |
|
# |
|
storage = base |
|
|
|
# Module: terminal |
|
# Required in base |
|
# |
|
# Policy for terminals. |
|
# |
|
terminal = base |
|
|
|
# Layer: kernel |
|
# Module: ubac |
|
# |
|
# |
|
# |
|
ubac = base |
|
|
|
# Layer: kernel |
|
# Module: unlabelednet |
|
# |
|
# The unlabelednet module. |
|
# |
|
unlabelednet = module |
|
|
|
# Layer: role |
|
# Module: auditadm |
|
# |
|
# auditadm account on tty logins |
|
# |
|
auditadm = module |
|
|
|
# Layer: role |
|
# Module: logadm |
|
# |
|
# Minimally prived root role for managing logging system |
|
# |
|
logadm = module |
|
|
|
# Layer: role |
|
# Module: secadm |
|
# |
|
# secadm account on tty logins |
|
# |
|
secadm = module |
|
|
|
# Layer:role |
|
# Module: staff |
|
# |
|
# admin account |
|
# |
|
staff = module |
|
|
|
# Layer:role |
|
# Module: sysadm_secadm |
|
# |
|
# System Administrator with Security Admin rules |
|
# |
|
sysadm_secadm = module |
|
|
|
# Layer:role |
|
# Module: sysadm |
|
# |
|
# System Administrator |
|
# |
|
sysadm = module |
|
|
|
# Layer: role |
|
# Module: unprivuser |
|
# |
|
# Minimally privs guest account on tty logins |
|
# |
|
unprivuser = module |
|
|
|
# Layer: services |
|
# Module: postgresql |
|
# |
|
# PostgreSQL relational database |
|
# |
|
postgresql = module |
|
|
|
# Layer: services |
|
# Module: ssh |
|
# |
|
# Secure shell client and server policy. |
|
# |
|
ssh = module |
|
|
|
# Layer: services |
|
# Module: xserver |
|
# |
|
# X windows login display manager |
|
# |
|
xserver = module |
|
|
|
# Module: application |
|
# Required in base |
|
# |
|
# Defines attributs and interfaces for all user applications |
|
# |
|
application = module |
|
|
|
# Layer: system |
|
# Module: authlogin |
|
# |
|
# Common policy for authentication and user login. |
|
# |
|
authlogin = module |
|
|
|
# Layer: system |
|
# Module: clock |
|
# |
|
# Policy for reading and setting the hardware clock. |
|
# |
|
clock = module |
|
|
|
# Layer: system |
|
# Module: fstools |
|
# |
|
# Tools for filesystem management, such as mkfs and fsck. |
|
# |
|
fstools = module |
|
|
|
# Layer: system |
|
# Module: getty |
|
# |
|
# Policy for getty. |
|
# |
|
getty = module |
|
|
|
# Layer: system |
|
# Module: hostname |
|
# |
|
# Policy for changing the system host name. |
|
# |
|
hostname = module |
|
|
|
# Layer: system |
|
# Module: init |
|
# |
|
# System initialization programs (init and init scripts). |
|
# |
|
init = module |
|
|
|
# Layer: system |
|
# Module: ipsec |
|
# |
|
# TCP/IP encryption |
|
# |
|
ipsec = module |
|
|
|
# Layer: system |
|
# Module: iptables |
|
# |
|
# Policy for iptables. |
|
# |
|
iptables = module |
|
|
|
# Layer: system |
|
# Module: libraries |
|
# |
|
# Policy for system libraries. |
|
# |
|
libraries = module |
|
|
|
# Layer: system |
|
# Module: locallogin |
|
# |
|
# Policy for local logins. |
|
# |
|
locallogin = module |
|
|
|
# Layer: system |
|
# Module: logging |
|
# |
|
# Policy for the kernel message logger and system logging daemon. |
|
# |
|
logging = module |
|
|
|
# Layer: system |
|
# Module: lvm |
|
# |
|
# Policy for logical volume management programs. |
|
# |
|
lvm = module |
|
|
|
# Layer: system |
|
# Module: miscfiles |
|
# |
|
# Miscelaneous files. |
|
# |
|
miscfiles = module |
|
|
|
# Layer: system |
|
# Module: modutils |
|
# |
|
# Policy for kernel module utilities |
|
# |
|
modutils = module |
|
|
|
# Layer: system |
|
# Module: mount |
|
# |
|
# Policy for mount. |
|
# |
|
mount = module |
|
|
|
# Layer: system |
|
# Module: netlabel |
|
# |
|
# Basic netlabel types and interfaces. |
|
# |
|
netlabel = module |
|
|
|
# Layer: system |
|
# Module: selinuxutil |
|
# |
|
# Policy for SELinux policy and userland applications. |
|
# |
|
selinuxutil = module |
|
|
|
# Module: setrans |
|
# Required in base |
|
# |
|
# Policy for setrans |
|
# |
|
setrans = module |
|
|
|
# Layer: system |
|
# Module: sysnetwork |
|
# |
|
# Policy for network configuration: ifconfig and dhcp client. |
|
# |
|
sysnetwork = module |
|
|
|
# Layer: system |
|
# Module: systemd |
|
# |
|
# Policy for systemd components |
|
# |
|
systemd = module |
|
|
|
# Layer: system |
|
# Module: udev |
|
# |
|
# Policy for udev. |
|
# |
|
udev = module
|
|
|