From fee1170d6f847893df966e3d3f765cbea3a52180 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Nov 17 2012 12:11:38 +0000 Subject: modules-*.conf are no longer used, config.tgz updated to include alternate libvirt label --- diff --git a/config.tgz b/config.tgz index c67e366..67c4690 100644 Binary files a/config.tgz and b/config.tgz differ diff --git a/modules-minimum.conf b/modules-minimum.conf deleted file mode 120000 index f601659..0000000 --- a/modules-minimum.conf +++ /dev/null @@ -1 +0,0 @@ -modules-targeted.conf \ No newline at end of file diff --git a/modules-mls.conf b/modules-mls.conf deleted file mode 100644 index a02566d..0000000 --- a/modules-mls.conf +++ /dev/null @@ -1,2069 +0,0 @@ -# -# This file contains a listing of available modules. -# To prevent a module from being used in policy -# creation, set the module name to "off". -# -# For monolithic policies, modules set to "base" and "module" -# will be built into the policy. -# -# For modular policies, modules set to "base" will be -# included in the base module. "module" will be compiled -# as individual loadable modules. -# - -# Layer: services -# Module: accountsd -# -# An application to view and modify user accounts information -# -accountsd = module - -# Layer: admin -# Module: acct -# -# Berkeley process accounting -# -acct = module - -# Layer: admin -# Module: alsa -# -# Ainit ALSA configuration tool -# -alsa = module - -# Layer: services -# Module: cachefilesd -# -# CacheFiles userspace management daemon -# -cachefilesd = module - -# Layer: services -# Module: colord -# -# color device daemon -# -colord = module - -# Layer: apps -# Module: cpufreqselector -# -# cpufreqselector executable -# -cpufreqselector = module - -# Layer: apps -# Module: chrome -# -# chrome sandbox -# -chrome = module - -# Layer: modules -# Module: awstats -# -# awstats executable -# -awstats = module - -# Layer: admin -# Module: amanda -# -# Automated backup program. -# -amanda = module - -# Layer: services -# Module: afs -# -# Andrew Filesystem server -# -afs = module - -# Layer: services -# Module: amavis -# -# Anti-virus -# -amavis = module - -# Layer: admin -# Module: anaconda -# -# Policy for the Anaconda installer. -# -anaconda = module - -# Layer: services -# Module: apache -# -# Apache web server -# -apache = module - -# Layer: services -# Module: apm -# -# Advanced power management daemon -# -apm = module - -# Layer: system -# Module: application -# Required in base -# -# Defines attributs and interfaces for all user applications -# -application = module - -# Layer: services -# Module: arpwatch -# -# Ethernet activity monitor. -# -arpwatch = module - -# Layer: services -# Module: entropy -# -# Generate entropy from audio input -# -entropyd = module - -# Layer: system -# Module: authlogin -# -# Common policy for authentication and user login. -# -authlogin = module - -# Layer: services -# Module: automount -# -# Filesystem automounter service. -# -automount = module - -# Layer: services -# Module: avahi -# -# mDNS/DNS-SD daemon implementing Apple ZeroConf architecture -# -avahi = module - -# Layer: services -# Module: boinc -# -# Berkeley Open Infrastructure for Network Computing -# -boinc = module - -# Layer: services -# Module: bind -# -# Berkeley internet name domain DNS server. -# -bind = module - -# Layer: services -# Module: bugzilla -# -# Bugzilla server -# -bugzilla = module - -# Layer: services -# Module: dnsmasq -# -# A lightweight DHCP and caching DNS server. -# -dnsmasq = module - -# Layer: services -# Module: dnssec -# -# A dnssec server application -# -dnssec = module - -# Layer: services -# Module: bluetooth -# -# Bluetooth tools and system services. -# -bluetooth = module - -# Layer: kernel -# Module: ubac -# -# -# -ubac = base - -# -# Layer: kernel -# Module: bootloader -# -# Policy for the kernel modules, kernel image, and bootloader. -# -bootloader = module - - -# Layer: services -# Module: canna -# -# Canna - kana-kanji conversion server -# -canna = module - -# Layer: services -# Module: ccs -# -# policy for ccs -# -ccs = module - -# Layer: apps -# Module: calamaris -# -# -# Squid log analysis -# -calamaris = module - -# Layer: apps -# Module: cdrecord -# -# Policy for cdrecord -# -cdrecord = module - -# Layer: admin -# Module: certwatch -# -# Digital Certificate Tracking -# -certwatch = module - -# Layer: admin -# Module: certmaster -# -# Digital Certificate master -# -certmaster = module - -# Layer: services -# Module: certmonger -# -# Certificate status monitor and PKI enrollment client -# -certmonger = module - -# Layer: services -# Module: chronyd -# -# Daemon for maintaining clock time -# -chronyd = module - -q# Layer: services -# Module: cipe -# -# Encrypted tunnel daemon -# -cipe = module - -# Layer: services -# Module: comsat -# -# Comsat, a biff server. -# -comsat = module - -# Layer: services -# Module: corosync -# -# Corosync Cluster Engine Executive -# -corosync = module - -# Layer: services -# Module: clamav -# -# ClamAV Virus Scanner -# -clamav = module - -# Layer: system -# Module: clock -# -# Policy for reading and setting the hardware clock. -# -clock = module - -# Layer: services -# Module: consolekit -# -# ConsoleKit is a system daemon for tracking what users are logged -# -consolekit = module - -# Layer: admin -# Module: consoletype -# -# Determine of the console connected to the controlling terminal. -# -consoletype = module - -# Layer: kernel -# Module: corecommands -# Required in base -# -# Core policy for shells, and generic programs -# in /bin, /sbin, /usr/bin, and /usr/sbin. -# -corecommands = base - -# Layer: kernel -# Module: corenetwork -# Required in base -# -# Policy controlling access to network objects -# -corenetwork = base - -# Layer: services -# Module: cpucontrol -# -# Services for loading CPU microcode and CPU frequency scaling. -# -cpucontrol = module - -# Layer: services -# Module: cron -# -# Periodic execution of scheduled commands. -# -cron = module - -# Layer: services -# Module: cups -# -# Common UNIX printing system -# -cups = module - -# Layer: services -# Module: cvs -# -# Concurrent versions system -# -cvs = module - -# Layer: services -# Module: cyphesis -# -# cyphesis game server -# -cyphesis = module - -# Layer: services -# Module: cyrus -# -# Cyrus is an IMAP service intended to be run on sealed servers -# -cyrus = module - -# Layer: system -# Module: daemontools -# -# Collection of tools for managing UNIX services -# -daemontools = module - -# Layer: services -# Module: dbskk -# -# Dictionary server for the SKK Japanese input method system. -# -dbskk = module - -# Layer: services -# Module: dbus -# -# Desktop messaging bus -# -dbus = module - -# Layer: services -# Module: dcc -# -# A distributed, collaborative, spam detection and filtering network. -# -dcc = module - -# Layer: admin -# Module: ddcprobe -# -# ddcprobe retrieves monitor and graphics card information -# -ddcprobe = off - -# Layer: services -# Module: devicekit -# -# devicekit-daemon -# -devicekit = module - -# Layer: kernel -# Module: devices -# Required in base -# -# Device nodes and interfaces for many basic system devices. -# -devices = base - -# Layer: services -# Module: dhcp -# -# Dynamic host configuration protocol (DHCP) server -# -dhcp = module - -# Layer: services -# Module: dictd -# -# Dictionary daemon -# -dictd = module - -# Layer: services -# Module: distcc -# -# Distributed compiler daemon -# -distcc = off - -# Layer: admin -# Module: dmesg -# -# Policy for dmesg. -# -dmesg = module - -# Layer: admin -# Module: dmidecode -# -# Decode DMI data for x86/ia64 bioses. -# -dmidecode = module - -# Layer: system -# Module: domain -# Required in base -# -# Core policy for domains. -# -domain = base - -# Layer: services -# Module: dovecot -# -# Dovecot POP and IMAP mail server -# -dovecot = module - -# Layer: services -# Module: git -# -# Policy for the stupid content tracker -# -git = module - -# Layer: apps -# Module: gitosis -# -# Policy for gitosis -# -gitosis = module - -# Layer: services -# Module: glance -# -# Policy for glance -# -glance = module - -# Layer: apps -# Module: gpg -# -# Policy for GNU Privacy Guard and related programs. -# -gpg = module - -# Layer: services -# Module: gpsd -# -# gpsd monitor daemon -# -# -gpsd = module - -# Layer: services -# Module: gpm -# -# General Purpose Mouse driver -# -gpm = module - -# Layer: services -# Module: fail2ban -# -# daiemon that bans IP that makes too many password failures -# -fail2ban = module - -# Layer: services -# Module: fetchmail -# -# Remote-mail retrieval and forwarding utility -# -fetchmail = module - -# Layer: kernel -# Module: files -# Required in base -# -# Basic filesystem types and interfaces. -# -files = base - -# Layer: kernel -# Module: filesystem -# Required in base -# -# Policy for filesystems. -# -filesystem = base - -# Layer: services -# Module: finger -# -# Finger user information service. -# -finger = module - -# Layer: admin -# Module: firstboot -# -# Final system configuration run during the first boot -# after installation of Red Hat/Fedora systems. -# -firstboot = module - -# Layer: apps -# Module: firewallgui -# -# policy for system-config-firewall -# -firewallgui = module - -# Layer: services -# Module: fprintd -# -# finger print server -# -fprintd = module - -# Layer: system -# Module: fstools -# -# Tools for filesystem management, such as mkfs and fsck. -# -fstools = module - -# Layer: services -# Module: ftp -# -# File transfer protocol service -# -ftp = module - -# Layer: apps -# Module: games -# -# The Open Group Pegasus CIM/WBEM Server. -# -games = module - -# Layer: system -# Module: getty -# -# Policy for getty. -# -getty = module - -# Layer: apps -# Module: gnome -# -# gnome session and gconf -# -gnome = module - -# Layer: services -# Module: gnomeclock -# -# gnomeclock used by dbus/polkit to set time -# -gnomeclock = module - -# Layer: services -# Module: plymouthd -# -# Plymouth -# -plymouthd = module - -# Layer: services -# Module: policykit -# -# Hardware abstraction layer -# -policykit = module - -# Layer: apps -# Module: ptchown -# -# helper function for grantpt(3), changes ownship and permissions of pseudotty -# -ptchown = module - -# Layer: services -# Module: psad -# -# Analyze iptables log for hostile traffic -# -psad = module - -# Layer: system -# Module: hostname -# -# Policy for changing the system host name. -# -hostname = module - - -# Layer: services -# Module: inetd -# -# Internet services daemon. -# -inetd = module - -# Layer: system -# Module: init -# -# System initialization programs (init and init scripts). -# -init = module - -# Layer: services -# Module: inn -# -# Internet News NNTP server -# -inn = module - -# Layer: system -# Module: iptables -# -# Policy for iptables. -# -iptables = module - -# Layer: system -# Module: ipsec -# -# TCP/IP encryption -# -ipsec = module - -# Layer: apps -# Module: irc -# -# IRC client policy -# -irc = module - -# Layer: services -# Module: irqbalance -# -# IRQ balancing daemon -# -irqbalance = module - -# Layer: system -# Module: iscsi -# -# Open-iSCSI daemon -# -iscsi = module - -# Layer: services -# Module: i18n_input -# -# IIIMF htt server -# -i18n_input = off - - -# Layer: services -# Module: jabber -# -# Jabber instant messaging server -# -jabber = module - -# Layer: admin -# Module: kdump -# -# kdump is kernel crash dumping mechanism -# -kdump = module - -# Layer: apps -# Module: kdumpgui -# -# system-config-kdump policy -# -kdumpgui = module - -# Layer: services -# Module: ksmtuned -# -# Kernel Samepage Merging (KSM) Tuning Daemon -# -ksmtuned = module - -# Layer: services -# Module: kerberos -# -# MIT Kerberos admin and KDC -# -kerberos = module - -# Layer: kernel -# Module: kernel -# Required in base -# -# Policy for kernel threads, proc filesystem,and unlabeled processes and objects. -# -kernel = base - -# Layer: services -# Module: ktalk -# -# KDE Talk daemon -# -ktalk = module - -# Layer: services -# Module: lircd -# -# LIRC daemon - decodes infrared signals and provides them on a Unix domain socket. -# -lircd = module - -# Layer: services -# Module: ldap -# -# OpenLDAP directory server -# -ldap = module - -# Layer: system -# Module: libraries -# -# Policy for system libraries. -# -libraries = module - -# Layer: apps -# Module: loadkeys -# -# Load keyboard mappings. -# -loadkeys = module - -# Layer: system -# Module: locallogin -# -# Policy for local logins. -# -locallogin = module - -# Layer: apps -# Module: lockdev -# -# device locking policy for lockdev -# -lockdev = module - -# Layer: system -# Module: logging -# -# Policy for the kernel message logger and system logging daemon. -# -logging = module - -# Layer: admin -# Module: logrotate -# -# Rotate and archive system logs -# -logrotate = module - -# Layer: services -# Module: logwatch -# -# logwatch executable -# -logwatch = module - -# Layer: services -# Module: lpd -# -# Line printer daemon -# -lpd = module - -# Layer: system -# Module: lvm -# -# Policy for logical volume management programs. -# -lvm = module - -# Layer: admin -# Module: mcelog -# -# mcelog is a daemon that collects and decodes Machine Check Exception data on x86-64 machines. -# -mcelog = module - -# Layer: services -# Module: mailman -# -# Mailman is for managing electronic mail discussion and e-newsletter lists -# -mailman = module - -# Layer: contrib -# Module: mandb -# -# Policy for mandb -# -mandb = module - -# Layer: kernel -# Module: mcs -# Required in base -# -# MultiCategory security policy -# -mcs = base - -# Layer: system -# Module: miscfiles -# -# Miscelaneous files. -# -miscfiles = module - -# Layer: kernel -# Module: mls -# Required in base -# -# Multilevel security policy -# -mls = base - -# Layer: services -# Module: modemmanager -# -# Manager for dynamically switching between modems. -# -modemmanager = module - -# Layer: system -# Module: modutils -# -# Policy for kernel module utilities -# -modutils = module - -# Layer: services -# Module: mojomojo -# -# Wiki server -# -mojomojo = module - -# Layer: system -# Module: mount -# -# Policy for mount. -# -mount = module - -# Layer: apps -# Module: mozilla -# -# Policy for Mozilla and related web browsers -# -mozilla = module - -# Layer: services -# Module: ntop -# -# Policy for ntop -# -ntop = module - -# Layer: services -# Module: nslcd -# -# Policy for nslcd -# -nslcd = module - -# Layer: apps -# Module: mplayer -# -# Policy for Mozilla and related web browsers -# -mplayer = module - -# Layer: apps -# Module: gpg -# -# Policy for Mozilla and related web browsers -# -gpg = module - -# Layer: admin -# Module: mrtg -# -# Network traffic graphing -# -mrtg = module - -# Layer: services -# Module: mta -# -# Policy common to all email tranfer agents. -# -mta = module - -# Layer: services -# Module: mysql -# -# Policy for MySQL -# -mysql = module - -# Layer: services -# Module: nagios -# -# policy for nagios Host/service/network monitoring program -# -nagios = module - -# Layer: admin -# Module: ncftool -# -# Tool to modify the network configuration of a system -# -ncftool = module - -# Layer: admin -# Module: netutils -# -# Network analysis utilities -# -netutils = module - -# Layer: services -# Module: networkmanager -# -# Manager for dynamically switching between networks. -# -networkmanager = module - -# Layer: services -# Module: nis -# -# Policy for NIS (YP) servers and clients -# -nis = module - - -# Layer: services -# Module: nscd -# -# Name service cache daemon -# -nscd = module - - -# Layer: services -# Module: ntp -# -# Network time protocol daemon -# -ntp = module - -# Layer: services -# Module: nx -# -# NX Remote Desktop -# -nx = module - - -# Layer: services -# Module: oddjob -# -# policy for oddjob -# -oddjob = module - -# Layer: services -# Module: openct -# -# Service for handling smart card readers. -# -openct = off - -# Layer: services -# Module: openvpn -# -# Policy for OPENVPN full-featured SSL VPN solution -# -openvpn = module - - -# Layer: service -# Module: pcscd -# -# PC/SC Smart Card Daemon -# -pcscd = module - -# Layer: service -# Module: openct -# -# Middleware framework for smart card terminals -# -openct = module - -# Layer: system -# Module: pcmcia -# -# PCMCIA card management services -# -pcmcia = module - -# Layer: services -# Module: pegasus -# -# The Open Group Pegasus CIM/WBEM Server. -# -pegasus = module - -# Layer: services -# Module: piranha -# -# piranha - various tools to administer and configure the Linux Virtual Server -# -piranha = module - -# Layer: services -# Module: postgresql -# -# PostgreSQL relational database -# -postgresql = module - -# Layer: services -# Module: portmap -# -# RPC port mapping service. -# -portmap = module - -# Layer: services -# Module: postfix -# -# Postfix email server -# -postfix = module - -o# Layer: services -# Module: postgrey -# -# email scanner -# -postgrey = module - -# Layer: services -# Module: ppp -# -# Point to Point Protocol daemon creates links in ppp networks -# -ppp = module - -# Layer: admin -# Module: prelink -# -# Manage temporary directory sizes and file ages -# -prelink = module - -# Layer: services -# Module: procmail -# -# Procmail mail delivery agent -# -procmail = module - -# Layer: services -# Module: privoxy -# -# Privacy enhancing web proxy. -# -privoxy = module - -# Layer: services -# Module: publicfile -# -# publicfile supplies files to the public through HTTP and FTP -# -publicfile = module - -# Layer: apps -# Module: pulseaudio -# -# The PulseAudio Sound System -# -pulseaudio = module - -# Layer: services -# Module: qmail -# -# Policy for qmail -# -qmail = module - -# Layer: services -# Module: qpidd -# -# Policy for qpidd -# -qpid = module - -# Layer: admin -# Module: quota -# -# File system quota management -# -quota = module - -# Layer: system -# Module: raid -# -# RAID array management tools -# -raid = module - -# Layer: services -# Module: radius -# -# RADIUS authentication and accounting server. -# -radius = module - -# Layer: services -# Module: radvd -# -# IPv6 router advertisement daemon -# -radvd = module - -# Layer: admin -# Module: readahead -# -# Readahead, read files into page cache for improved performance -# -readahead = module - -# Layer: services -# Module: rgmanager -# -# Red Hat Resource Group Manager -# -rgmanager = module - -# Layer: services -# Module: rhgb -# -# X windows login display manager -# -rhgb = module - -# Layer: services -# Module: rdisc -# -# Network router discovery daemon -# -rdisc = module - -# Layer: services -# Module: remotelogin -# -# Policy for rshd, rlogind, and telnetd. -# -remotelogin = module - -# Layer: services -# Module: ricci -# -# policy for ricci -# -ricci = module - -# Layer: services -# Module: rlogin -# -# Remote login daemon -# -rlogin = module - -# Layer: services -# Module: roundup -# -# Roundup Issue Tracking System policy -# -roundup = module - -# Layer: services -# Module: rpc -# -# Remote Procedure Call Daemon for managment of network based process communication -# -rpc = module - -# Layer: admin -# Module: rpm -# -# Policy for the RPM package manager. -# -rpm = module - - -# Layer: services -# Module: rshd -# -# Remote shell service. -# -rshd = module - -# Layer: services -# Module: rsync -# -# Fast incremental file transfer for synchronization -# -rsync = module - -# Layer: services -# Module: rtkit -# -# Real Time Kit Daemon -# -rtkit = module - -# Layer: services -# Module: rwho -# -# who is logged in on local machines -# -rwho = module - -# Layer: services -# Module: sasl -# -# SASL authentication server -# -sasl = module - -# Layer: services -# Module: sendmail -# -# Policy for sendmail. -# -sendmail = module - -# Layer: apps -# Module: seunshare -# -# seunshare executable -# -seunshare = module - -# Layer: services -# Module: samba -# -# SMB and CIFS client/server programs for UNIX and -# name Service Switch daemon for resolving names -# from Windows NT servers. -# -samba = module - -# Layer: apps -# Module: sandbox -# -# Experimental policy for running apps within a sandbox -# -sandbox = module - -# Layer: apps -# Module: sambagui -# -# policy for system-config-samba -# -sambagui = module - -# Layer: apps -# Module: screen -# -# GNU terminal multiplexer -# -screen = module - -# Layer: kernel -# Module: selinux -# Required in base -# -# Policy for kernel security interface, in particular, selinuxfs. -# -selinux = base - -# Layer: system -# Module: selinuxutil -# -# Policy for SELinux policy and userland applications. -# -selinuxutil = module - -# Layer: system -# Module: setrans -# Required in base -# -# Policy for setrans -# -setrans = module - -# Layer: services -# Module: setroubleshoot -# -# Policy for the SELinux troubleshooting utility -# -setroubleshoot = module - -# Layer: services -# Module: slrnpull -# -# Service for downloading news feeds the slrn newsreader. -# -slrnpull = off - -# Layer: apps -# Module: slocate -# -# Update database for mlocate -# -slocate = module - -# Layer: services -# Module: smartmon -# -# Smart disk monitoring daemon policy -# -smartmon = module - -# Layer: services -# Module: snmp -# -# Simple network management protocol services -# -snmp = module - -# Layer: services -# Module: spamassassin -# -# Filter used for removing unsolicited email. -# -spamassassin = module - -# Layer: services -# Module: squid -# -# Squid caching http proxy server -# -squid = module - -# Layer: services -# Module: ssh -# -# Secure shell client and server policy. -# -ssh = module - -# Layer: services -# Module: sssd -# -# System Security Services Daemon -# -sssd = module - -# Layer: kernel -# Module: storage -# -# Policy controlling access to storage devices -# -storage = base - -# Layer: services -# Module: stunnel -# -# SSL Tunneling Proxy -# -stunnel = module - -# Layer: admin -# Module: su -# -# Run shells with substitute user and group -# -su = module - -# Layer: admin -# Module: sudo -# -# Execute a command with a substitute user -# -sudo = module - -# Layer: system -# Module: systemd -# -# Policy for systemd components -# -systemd = module - -# Layer: system -# Module: sysnetwork -# -# Policy for network configuration: ifconfig and dhcp client. -# -sysnetwork = module - -# Layer: services -# Module: sysstat -# -# Policy for sysstat. Reports on various system states -# -sysstat = module - -# Layer: services -# Module: tcpd -# -# Policy for TCP daemon. -# -tcpd = module - -# Layer: services -# Module: tcsd -# -# tcsd - daemon that manages Trusted Computing resources -# -tcsd = module - -# Layer: services -# Module: tgtd -# -# Linux Target Framework Daemon. -# -tgtd = module - -# Layer: apps -# Module: thumb -# -# Thumbnailer confinement -# -thumb = module - -# Layer: system -# Module: udev -# -# Policy for udev. -# -udev = module - -# Layer: system -# Module: userdomain -# -# Policy for user domains -# -userdomain = module - -# Layer: services -# Module: ulogd -# -# -# -ulogd = module - -# Layer: apps -# Module: wine -# -# wine executable -# -wine = module - -# Layer: apps -# Module: wireshark -# -# wireshark executable -# -wireshark = module - -# Layer: apps -# Module: userhelper -# -# A helper interface to pam. -# -userhelper = module - -# Layer: services -# Module: tor -# -# TOR, the onion router -# -tor = module - -# Layer: apps -# Module: tvtime -# -# tvtime - a high quality television application -# -tvtime = module - -# Layer: apps -# Module: uml -# -# Policy for UML -# -uml = module - -# Layer: admin -# Module: usbmodules -# -# List kernel modules of USB devices -# -usbmodules = module - -# Layer: apps -# Module: usernetctl -# -# User network interface configuration helper -# -usernetctl = module - -# Layer: system -# Module: xen -# -# virtualization software -# -xen = module - -# Layer: services -# Module: virt -# -# Virtualization libraries -# -virt = module - -# Layer: system -# Module: brctl -# -# Utilities for configuring the linux ethernet bridge -# -brctl = module - -# Layer: services -# Module: telnet -# -# Telnet daemon -# -telnet = module - -# Layer: services -# Module: timidity -# -# MIDI to WAV converter and player configured as a service -# -timidity = off - -# Layer: services -# Module: tftp -# -# Trivial file transfer protocol daemon -# -tftp = module - -# Layer: services -# Module: tuned -# -# Dynamic adaptive system tuning daemon -# -tuned = module - -# Layer: services -# Module: uucp -# -# Unix to Unix Copy -# -uucp = module - -# Layer: services -# Module: vbetool -# -# run real-mode video BIOS code to alter hardware state -# -vbetool = module - -# Layer: apps -# Module: webalizer -# -# Web server log analysis -# -webalizer = module - -# Layer: services -# Module: xserver -# -# X windows login display manager -# -xserver = module - -# Layer: services -# Module: zebra -# -# Zebra border gateway protocol network routing service -# -zebra = module - -# Layer: admin -# Module: usermanage -# -# Policy for managing user accounts. -# -usermanage = module - -# Layer: admin -# Module: updfstab -# -# Red Hat utility to change /etc/fstab. -# -updfstab = module - -# Layer: admin -# Module: vpn -# -# Virtual Private Networking client -# -vpn = module - -# Layer: admin -# Module: vbetool -# -# run real-mode video BIOS code to alter hardware state -# -vbetool = module - -# Layer: kernel -# Module: terminal -# Required in base -# -# Policy for terminals. -# -terminal = base - -# Layer: admin -# Module: tmpreaper -# -# Manage temporary directory sizes and file ages -# -tmpreaper = module - -# Layer: admin -# Module: amtu -# -# Abstract Machine Test Utility (AMTU) -# -amtu = module - -# Layer: services -# Module: zabbix -# -# Open-source monitoring solution for your IT infrastructure -# -zabbix = module - -# Layer: services -# Module: apcupsd -# -# daemon for most APC’s UPS for Linux -# -apcupsd = module - -# Layer: services -# Module: aide -# -# Policy for aide -# -aide = module - -# Layer: services -# Module: w3c -# -# w3c -# -w3c = module - -# Layer: services -# Module: portreserve -# -# reserve ports to prevent portmap mapping them -# -portreserve = module - -# Layer: services -# Module: rpcbind -# -# universal addresses to RPC program number mapper -# -rpcbind = module - -# Layer: apps -# Module: telepathy -# -# telepathy - Policy for Telepathy framework -# -telepathy = module - -# Layer: apps -# Module: vmware -# -# VMWare Workstation virtual machines -# -vmware = module - -# Layer: role -# Module: dbadm -# -# Minimally prived root role for managing databases -# -dbadm = module - -# Layer: role -# Module: logadm -# -# Minimally prived root role for managing logging system -# -logadm = module - -# Layer: role -# Module: webadm -# -# Minimally prived root role for managing apache -# -webadm = module - -# -# Layer: services -# Module: exim -# -# exim mail server -# -exim = module - - -# Layer: services -# Module: kismet -# -# Wireless sniffing and monitoring -# -kismet = module - -# Layer: services -# Module: munin -# -# Munin -# -munin = module - -# Layer: services -# Module: bitlbee -# -# An IRC to other chat networks gateway -# -bitlbee = module - -# Layer: admin -# Module: sosreport -# -# sosreport debuggin information generator -# -sosreport = module - -# Layer: services -# Module: soundserver -# -# sound server for network audio server programs, nasd, yiff, etc -# -soundserver = module - -# Layer:role -# Module: staff -# -# admin account -# -staff = module - -# Layer:role -# Module: sysadm -# -# System Administrator -# -sysadm = module - -# Layer:role -# Module: sysadm_secadm -# -# System Administrator with Security Admin rules -# -sysadm_secadm = module - -# Layer: role -# Module: unprivuser -# -# Minimally privs guest account on tty logins -# -unprivuser = module - -# Layer: services -# Module: prelude -# -prelude = module - -# Layer: services -# Module: pads -# -pads = module - -# Layer: apps -# Module: podsleuth -# -# Podsleuth probes, identifies, and exposes properties and metadata bound to iPods. -# -podsleuth = module - -# Layer: role -# Module: logadm -# -# logadm account on tty logins -# -logadm = module - -# Layer: role -# Module: secadm -# -# secadm account on tty logins -# -secadm = module - -# Layer: role -# Module: auditadm -# -# auditadm account on tty logins -# -auditadm = module - -# -# Layer: role -# Module: guest -# -# Minimally privs guest account on tty logins -# -guest = module - -# Layer: role -# Module: xguest -# -# Minimally privs guest account on X Windows logins -# -xguest = module - -# Layer: services -# Module: cgroup -# -# Tools and libraries to control and monitor control groups -# -cgroup = module - -# Layer: services -# Module: courier -# -# IMAP and POP3 email servers -# -courier = module - -# Layer: services -# Module: snort -# -# Snort network intrusion detection system -# -snort = module - -# Layer: services -# Module: memcached -# -# high-performance memory object caching system -# -memcached = module - -# Layer: system -# Module: netlabel -# -# Basic netlabel types and interfaces. -# -netlabel = module - -# Layer: services -# Module: zosremote -# -# policy for z/OS Remote-services Audit dispatcher plugin -# -zosremote = module - -# Layer: services -# Module: pingd -# -# -pingd = module - -# Layer: services -# Module: milter -# -# -# -milter = module - -# Layer: apps -# Module: wm -# -# X windows window manager -# -wm = module - -# Layer: services -# Module: aisexec -# -# RHCS - Red Hat Cluster Suite -# -aisexec = module - -# Layer: services -# Module: rgmanager -# -# rgmanager -# -rgmanager = module - -# Layer: services -# Module: clogd -# -# clogd - clustered mirror log server -# -clogd = module - -# Layer: services -# Module: cmirrord -# -# cmirrord - daemon providing device-mapper-base mirrors in a shared-storege cluster -# -cmirrord = module - -# Layer: services -# Module: ricci -# -# policy for ricci -# -ricci = module - -# Layer: services -# Module: rhcs -# -# RHCS - Red Hat Cluster Suite -# -rhcs = module - -# Layer: admin -# Module: shorewall -# -# Policy for shorewall -# -shorewall = module - -# Layer: admin -# Module: shutdown -# -# Policy for shutdown -# -shutdown = module - -# Layer: kernel -# Module: unlabelednet -# -# The unlabelednet module. -# -unlabelednet = module - -# Layer: apps -# Module: namespace -# -# policy for namespace.init script -# -namespace = module - -# Layer: services -# Module: polipo -# -# polipo -# -polipo = module - diff --git a/modules-targeted.conf b/modules-targeted.conf deleted file mode 100644 index 0d082ee..0000000 --- a/modules-targeted.conf +++ /dev/null @@ -1,2621 +0,0 @@ -# -# This file contains a listing of available modules. -# To prevent a module from being used in policy -# creation, set the module name to "off". -# -# For monolithic policies, modules set to "base" and "module" -# will be built into the policy. -# -# For modular policies, modules set to "base" will be -# included in the base module. "module" will be compiled -# as individual loadable modules. -# - -# Layer: services -# Module: accountsd -# -# An application to view and modify user accounts information -# -accountsd = module - -# Layer: admin -# Module: acct -# -# Berkeley process accounting -# -acct = module - -# Layer: services -# Module: ajaxterm -# -# Web Based Terminal -# -ajaxterm = module - -# Layer: admin -# Module: alsa -# -# Ainit ALSA configuration tool -# -alsa = module - -# Layer: services -# Module: callweaver -# -# callweaver telephony sever -# -callweaver = module - -# Layer: services -# Module: cachefilesd -# -# CacheFiles userspace management daemon -# -cachefilesd = module - -# Layer: services -# Module: collectd -# -# Statistics collection daemon for filling RRD files -# -collectd = module - -# Layer: services -# Module: colord -# -# color device daemon -# -colord = module - -# Layer: services -# Module: couchdb -# -# Apache CouchDB database server -# -couchdb = module - -# Layer: apps -# Module: cpufreqselector -# -# cpufreqselector executable -# -cpufreqselector = module - -# Layer: apps -# Module: chrome -# -# chrome sandbox -# -chrome = module - -# Layer: module -# Module: awstats -# -# awstats executable -# -awstats = module - -# Layer: services -# Module: abrt -# -# Automatic bug detection and reporting tool -# -abrt = module - -# Layer: services -# Module: aiccu -# -# SixXS Automatic IPv6 Connectivity Client Utility -# -aiccu = module - -# Layer: admin -# Module: amanda -# -# Automated backup program. -# -amanda = module - -# Layer: services -# Module: afs -# -# Andrew Filesystem server -# -afs = module - -# Layer: services -# Module: amavis -# -# Anti-virus -# -amavis = module - -# Layer: admin -# Module: anaconda -# -# Policy for the Anaconda installer. -# -anaconda = module - -# Layer: services -# Module: apache -# -# Apache web server -# -apache = module - -# Layer: services -# Module: apm -# -# Advanced power management daemon -# -apm = module - -# Layer: system -# Module: application -# Required in base -# -# Defines attributs and interfaces for all user applications -# -application = module - -# Layer: services -# Module: arpwatch -# -# Ethernet activity monitor. -# -arpwatch = module - -# Layer: services -# Module: entropy -# -# Generate entropy from audio input -# -entropyd = module - -# Layer: system -# Module: authlogin -# -# Common policy for authentication and user login. -# -authlogin = module - -# Layer: services -# Module: asterisk -# -# Asterisk IP telephony server -# -asterisk = module - -# Layer: services -# Module: automount -# -# Filesystem automounter service. -# -automount = module - -# Layer: services -# Module: avahi -# -# mDNS/DNS-SD daemon implementing Apple ZeroConf architecture -# -avahi = module - -# Layer: services -# Module: bcfg2 -# -# Configuration management server -# -bcfg2 = module - -# Layer: services -# Module: boinc -# -# Berkeley Open Infrastructure for Network Computing -# -boinc = module - -# Layer: services -# Module: bind -# -# Berkeley internet name domain DNS server. -# -bind = module - -# Layer: services -# Module: bugzilla -# -# Bugzilla server -# -bugzilla = module - -# Layer: services -# Module: dirsrv -# -# An 309 directory server -# -dirsrv = module - -# Layer: services -# Module: dirsrv-admin -# -# An 309 directory admin server -# -dirsrv-admin = module - -# Layer: services -# Module: dnsmasq -# -# A lightweight DHCP and caching DNS server. -# -dnsmasq = module - -# Layer: services -# Module: dnssec -# -# A dnssec server application -# -dnssec = module - -# Layer: services -# Module: blueman -# -# Blueman tools and system services. -# -blueman = module - -# Layer: services -# Module: bluetooth -# -# Bluetooth tools and system services. -# -bluetooth = module - -# Layer: kernel -# Module: ubac -# -# -# -ubac = base - -# -# Layer: kernel -# Module: bootloader -# -# Policy for the kernel modules, kernel image, and bootloader. -# -bootloader = module - -# Layer: services -# Module: canna -# -# Canna - kana-kanji conversion server -# -canna = module - -# Layer: services -# Module: ccs -# -# policy for ccs -# -ccs = module - -# Layer: apps -# Module: calamaris -# -# -# Squid log analysis -# -calamaris = module - -# Layer: apps -# Module: cdrecord -# -# Policy for cdrecord -# -cdrecord = module - -# Layer: admin -# Module: certwatch -# -# Digital Certificate Tracking -# -certwatch = module - -# Layer: admin -# Module: certmaster -# -# Digital Certificate master -# -certmaster = module - -# Layer: services -# Module: certmonger -# -# Certificate status monitor and PKI enrollment client -# -certmonger = module - -# Layer: services -# Module: cipe -# -# Encrypted tunnel daemon -# -cipe = module - -# Layer: services -# Module: chronyd -# -# Daemon for maintaining clock time -# -chronyd = module - -# Layer: services -# Module: cobbler -# -# cobbler -# -cobbler = module - -# Layer: services -# Module: comsat -# -# Comsat, a biff server. -# -comsat = module - -# Layer: services -# Module: corosync -# -# Corosync Cluster Engine Executive -# -corosync = module - -# Layer: services -# Module: clamav -# -# ClamAV Virus Scanner -# -clamav = module - -# Layer: system -# Module: clock -# -# Policy for reading and setting the hardware clock. -# -clock = module - -# Layer: services -# Module: consolekit -# -# ConsoleKit is a system daemon for tracking what users are logged -# -consolekit = module - -# Layer: admin -# Module: consoletype -# -# Determine of the console connected to the controlling terminal. -# -consoletype = module - -# Layer: kernel -# Module: corecommands -# Required in base -# -# Core policy for shells, and generic programs -# in /bin, /sbin, /usr/bin, and /usr/sbin. -# -corecommands = base - -# Layer: kernel -# Module: corenetwork -# Required in base -# -# Policy controlling access to network objects -# -corenetwork = base - -# Layer: services -# Module: cpucontrol -# -# Services for loading CPU microcode and CPU frequency scaling. -# -cpucontrol = module - -# Layer: services -# Module: cron -# -# Periodic execution of scheduled commands. -# -cron = module - -# Layer: services -# Module: ctdbd -# -# Cluster Daemon -# -ctdbd = module - -# Layer: services -# Module: cups -# -# Common UNIX printing system -# -cups = module - -# Layer: services -# Module: cvs -# -# Concurrent versions system -# -cvs = module - -# Layer: services -# Module: cyphesis -# -# cyphesis game server -# -cyphesis = module - -# Layer: services -# Module: cyrus -# -# Cyrus is an IMAP service intended to be run on sealed servers -# -cyrus = module - -# Layer: system -# Module: daemontools -# -# Collection of tools for managing UNIX services -# -daemontools = module - -# Layer: services -# Module: dbskk -# -# Dictionary server for the SKK Japanese input method system. -# -dbskk = module - -# Layer: services -# Module: dbus -# -# Desktop messaging bus -# -dbus = module - -# Layer: services -# Module: dcc -# -# A distributed, collaborative, spam detection and filtering network. -# -dcc = module - -# Layer: admin -# Module: ddcprobe -# -# ddcprobe retrieves monitor and graphics card information -# -ddcprobe = off - -# Layer: services -# Module: devicekit -# -# devicekit-daemon -# -devicekit = module - -# Layer: kernel -# Module: devices -# Required in base -# -# Device nodes and interfaces for many basic system devices. -# -devices = base - -# Layer: services -# Module: dhcp -# -# Dynamic host configuration protocol (DHCP) server -# -dhcp = module - -# Layer: services -# Module: dictd -# -# Dictionary daemon -# -dictd = module - -# Layer: services -# Module: distcc -# -# Distributed compiler daemon -# -distcc = off - -# Layer: admin -# Module: dmesg -# -# Policy for dmesg. -# -dmesg = module - -# Layer: admin -# Module: dmidecode -# -# Decode DMI data for x86/ia64 bioses. -# -dmidecode = module - -# Layer: kernel -# Module: domain -# Required in base -# -# Core policy for domains. -# -domain = base - -# Layer: services -# Module: drbd -# -# DRBD mirrors a block device over the network to another machine. -# -drbd = module - -# Layer: services -# Module: ddclient -# -# Update dynamic IP address at DynDNS.org -# -ddclient = module - -# Layer: services -# Module: dovecot -# -# Dovecot POP and IMAP mail server -# -dovecot = module - -# Layer: apps -# Module: gitosis -# -# Policy for gitosis -# -gitosis = module - -# Layer: services -# Module: glance -# -# Policy for glance -# -glance = module - -# Layer: apps -# Module: gpg -# -# Policy for GNU Privacy Guard and related programs. -# -gpg = module - -# Layer: services -# Module: gpsd -# -# gpsd monitor daemon -# -# -gpsd = module - -# Layer: services -# Module: git -# -# Policy for the stupid content tracker -# -git = module - -# Layer: services -# Module: gpm -# -# General Purpose Mouse driver -# -gpm = module - -# Layer: services -# Module: fail2ban -# -# daiemon that bans IP that makes too many password failures -# -fail2ban = module - -# Layer: services -# Module: fetchmail -# -# Remote-mail retrieval and forwarding utility -# -fetchmail = module - -# Layer: kernel -# Module: files -# Required in base -# -# Basic filesystem types and interfaces. -# -files = base - -# Layer: kernel -# Module: filesystem -# Required in base -# -# Policy for filesystems. -# -filesystem = base - -# Layer: services -# Module: finger -# -# Finger user information service. -# -finger = module - -# Layer: admin -# Module: firstboot -# -# Final system configuration run during the first boot -# after installation of Red Hat/Fedora systems. -# -firstboot = module - -# Layer: apps -# Module: firewallgui -# -# policy for system-config-firewall -# -firewallgui = module - -# Layer: services -# Module: fprintd -# -# finger print server -# -fprintd = module - -# Layer: system -# Module: fstools -# -# Tools for filesystem management, such as mkfs and fsck. -# -fstools = module - -# Layer: services -# Module: ftp -# -# File transfer protocol service -# -ftp = module - -# Layer: apps -# Module: games -# -# The Open Group Pegasus CIM/WBEM Server. -# -games = module - -# Layer: system -# Module: getty -# -# Policy for getty. -# -getty = module - -# Layer: apps -# Module: gnome -# -# gnome session and gconf -# -gnome = module - -# Layer: services -# Module: gnomeclock -# -# gnomeclock used by dbus/polkit to set time -# -gnomeclock = module - -# Layer: services -# Module: hddtemp -# -# hddtemp hard disk temperature tool running as a daemon -# -hddtemp = module - -# Layer: services -# Module: passenger -# -# Passenger -# -passenger = module - -# Layer: services -# Module: policykit -# -# Hardware abstraction layer -# -policykit = module - -# Layer: services -# Module: puppet -# -# A network tool for managing many disparate systems -# -puppet = module - -# Layer: apps -# Module: ptchown -# -# helper function for grantpt(3), changes ownship and permissions of pseudotty -# -ptchown = module - -# Layer: services -# Module: psad -# -# Analyze iptables log for hostile traffic -# -psad = module - -# Layer: apps -# Module: pwauth -# -# External plugin for mod_authnz_external authenticator -# -pwauth = module - -# Layer: services -# Module: quantum -# -# Quantum is a virtual network service for Openstack -# -quantum = module - -# Layer: system -# Module: hostname -# -# Policy for changing the system host name. -# -hostname = module - -# Layer: services -# Module: inetd -# -# Internet services daemon. -# -inetd = module - -# Layer: system -# Module: init -# -# System initialization programs (init and init scripts). -# -init = module - -# Layer: services -# Module: inn -# -# Internet News NNTP server -# -inn = module - -# Layer: system -# Module: iptables -# -# Policy for iptables. -# -iptables = module - -# Layer: system -# Module: ipsec -# -# TCP/IP encryption -# -ipsec = module - -# Layer: apps -# Module: irc -# -# IRC client policy -# -irc = module - -# Layer: services -# Module: irqbalance -# -# IRQ balancing daemon -# -irqbalance = module - -# Layer: system -# Module: iscsi -# -# Open-iSCSI daemon -# -iscsi = module - -# Layer: services -# Module: icecast -# -# ShoutCast compatible streaming media server -# -icecast = module - -# Layer: services -# Module: i18n_input -# -# IIIMF htt server -# -i18n_input = off - -# Layer: services -# Module: jabber -# -# Jabber instant messaging server -# -jabber = module - -# Layer: services -# Module: jetty -# -# Java based http server -# -jetty = module - -# Layer: admin -# Module: kdump -# -# kdump is kernel crash dumping mechanism -# -kdump = module - -# Layer: apps -# Module: kdumpgui -# -# system-config-kdump policy -# -kdumpgui = module - -# Layer: services -# Module: ksmtuned -# -# Kernel Samepage Merging (KSM) Tuning Daemon -# -ksmtuned = module - -# Layer: services -# Module: kerberos -# -# MIT Kerberos admin and KDC -# -kerberos = module - -# Layer: kernel -# Module: kernel -# Required in base -# -# Policy for kernel threads, proc filesystem,and unlabeled processes and objects. -# -kernel = base - -# Layer: services -# Module: ktalk -# -# KDE Talk daemon -# -ktalk = module - -# Layer: services -# Module: l2ltpd -# -# Layer 2 Tunnelling Protocol Daemon -# -l2tpd = module - -# Layer: services -# Module: ldap -# -# OpenLDAP directory server -# -ldap = module - -# Layer: services -# Module: likewise -# -# Likewise Active Directory support for UNIX -# -likewise = module - -# Layer: system -# Module: libraries -# -# Policy for system libraries. -# -libraries = module - -# Layer: apps -# Module: loadkeys -# -# Load keyboard mappings. -# -loadkeys = module - -# Layer: system -# Module: locallogin -# -# Policy for local logins. -# -locallogin = module - -# Layer: apps -# Module: lockdev -# -# device locking policy for lockdev -# -lockdev = module - -# Layer: system -# Module: logging -# -# Policy for the kernel message logger and system logging daemon. -# -logging = module - -# Layer: admin -# Module: logrotate -# -# Rotate and archive system logs -# -logrotate = module - -# Layer: services -# Module: logwatch -# -# logwatch executable -# -logwatch = module - -# Layer: services -# Module: lpd -# -# Line printer daemon -# -lpd = module - -# Layer: services -# Module: lircd -# -# LIRC daemon - decodes infrared signals and provides them on a Unix domain socket. -# -lircd = module - -# Layer: system -# Module: lvm -# -# Policy for logical volume management programs. -# -lvm = module - -# Layer: services -# Module: mailman -# -# Mailman is for managing electronic mail discussion and e-newsletter lists -# -mailman = module - - -# Layer: services -# Module: mailman -# -# Policy for mailscanner -# -mailscanner = module - -# Layer: contrib -# Module: mandb -# -# Policy for mandb -# -mandb = module - -# Layer: admin -# Module: mcelog -# -# Policy for mcelog. -# -mcelog = module - -# Layer: kernel -# Module: mcs -# Required in base -# -# MultiCategory security policy -# -mcs = base - -# Layer: apps -# Module: mediawiki -# -# mediawiki -# -mediawiki = module - -# Layer: system -# Module: miscfiles -# -# Miscelaneous files. -# -miscfiles = module - -# Layer: kernel -# Module: mls -# Required in base -# -# Multilevel security policy -# -mls = base - -# Layer: services -# Module: mock -# -# Policy for mock rpm builder -# -mock = module - -# Layer: services -# Module: mojomojo -# -# Wiki server -# -mojomojo = module - -# Layer: system -# Module: modutils -# -# Policy for kernel module utilities -# -modutils = module - -# Layer: system -# Module: mount -# -# Policy for mount. -# -mount = module - -# Layer: apps -# Module: mozilla -# -# Policy for Mozilla and related web browsers -# -mozilla = module - -# Layer: services -# Module: ntop -# -# Policy for ntop -# -ntop = module - -# Layer: services -# Module: nslcd -# -# Policy for nslcd -# -nslcd = module - -# Layer: services -# Module: modemmanager -# -# Manager for dynamically switching between modems. -# -modemmanager = module - -# Layer: services -# Module: mpd -# -# mpd - daemon for playing music -# -mpd = module - -# Layer: apps -# Module: mplayer -# -# Policy for Mozilla and related web browsers -# -mplayer = module - -# Layer: apps -# Module: gpg -# -# Policy for Mozilla and related web browsers -# -gpg = module - -# Layer: admin -# Module: mrtg -# -# Network traffic graphing -# -mrtg = module - -# Layer: services -# Module: mta -# -# Policy common to all email tranfer agents. -# -mta = module - -# Layer: services -# Module: mysql -# -# Policy for MySQL -# -mysql = module - -# Layer: services -# Module: nagios -# -# policy for nagios Host/service/network monitoring program -# -nagios = module - -# Layer: admin -# Module: ncftool -# -# Tool to modify the network configuration of a system -# -ncftool = module - -# Layer: admin -# Module: ncftool -# -# Tool to modify the network configuration of a system -# -ncftool = module - -# Layer: admin -# Module: netutils -# -# Network analysis utilities -# -netutils = module - -# Layer: services -# Module: networkmanager -# -# Manager for dynamically switching between networks. -# -networkmanager = module - -# Layer: services -# Module: nis -# -# Policy for NIS (YP) servers and clients -# -nis = module - - -# Layer: services -# Module: nscd -# -# Name service cache daemon -# -nscd = module - - -# Layer: services -# Module: ntp -# -# Network time protocol daemon -# -ntp = module - -# Layer: services -# Module: nut -# -# nut - Network UPS Tools -# -nut = module - -# Layer: services -# Module: nx -# -# NX Remote Desktop -# -nx = module - - -# Layer: services -# Module: oddjob -# -# policy for oddjob -# -oddjob = module - -# Layer: services -# Module: openct -# -# Service for handling smart card readers. -# -openct = off - -# Layer: services -# Module: openvpn -# -# Policy for OPENVPN full-featured SSL VPN solution -# -openvpn = module - - -# Layer: service -# Module: pcscd -# -# PC/SC Smart Card Daemon -# -pcscd = module - -# Layer: service -# Module: openct -# -# Middleware framework for smart card terminals -# -openct = module - -# Layer: system -# Module: pcmcia -# -# PCMCIA card management services -# -pcmcia = module - -# Layer: services -# Module: pegasus -# -# The Open Group Pegasus CIM/WBEM Server. -# -pegasus = module - -# Layer: services -# Module: piranha -# -# piranha - various tools to administer and configure the Linux Virtual Server -# -piranha = module - -# Layer: services -# Module: postgresql -# -# PostgreSQL relational database -# -postgresql = module - -# Layer: services -# Module: portmap -# -# RPC port mapping service. -# -portmap = module - -# Layer: services -# Module: postfix -# -# Postfix email server -# -postfix = module - -# Layer: services -# Module: postgrey -# -# email scanner -# -postgrey = module - -# Layer: services -# Module: ppp -# -# Point to Point Protocol daemon creates links in ppp networks -# -ppp = module - -# Layer: admin -# Module: prelink -# -# Manage temporary directory sizes and file ages -# -prelink = module - -# Layer: services -# Module: procmail -# -# Procmail mail delivery agent -# -procmail = module - -# Layer: services -# Module: privoxy -# -# Privacy enhancing web proxy. -# -privoxy = module - -# Layer: services -# Module: publicfile -# -# publicfile supplies files to the public through HTTP and FTP -# -publicfile = module - -# Layer: apps -# Module: pulseaudio -# -# The PulseAudio Sound System -# -pulseaudio = module - -# Layer: services -# Module: qmail -# -# Policy for qmail -# -qmail = module - -# Layer: services -# Module: qpidd -# -# Policy for qpidd -# -qpid = module - -# Layer: admin -# Module: quota -# -# File system quota management -# -quota = module - -# Layer: system -# Module: raid -# -# RAID array management tools -# -raid = module - -# Layer: services -# Module: radius -# -# RADIUS authentication and accounting server. -# -radius = module - -# Layer: services -# Module: radvd -# -# IPv6 router advertisement daemon -# -radvd = module - -# Layer: admin -# Module: readahead -# -# Readahead, read files into page cache for improved performance -# -readahead = module - -# Layer: services -# Module: rgmanager -# -# Red Hat Resource Group Manager -# -rgmanager = module - -# Layer: services -# Module: rhcs -# -# RHCS - Red Hat Cluster Suite -# -rhcs = module - -# Layer: services -# Module: aisexec -# -# RHCS - Red Hat Cluster Suite -# -aisexec = module - -# Layer: services -# Module: rgmanager -# -# rgmanager -# -rgmanager = module - -# Layer: services -# Module: clogd -# -# clogd - clustered mirror log server -# -clogd = module - -# Layer: services -# Module: cmirrord -# -# cmirrord - daemon providing device-mapper-base mirrors in a shared-storege cluster -# -cmirrord = module - -# Layer: services -# Module: rhgb -# -# X windows login display manager -# -rhgb = module - -# Layer: services -# Module: rdisc -# -# Network router discovery daemon -# -rdisc = module - -# Layer: services -# Module: remotelogin -# -# Policy for rshd, rlogind, and telnetd. -# -remotelogin = module - -# Layer: services -# Module: ricci -# -# policy for ricci -# -ricci = module - -# Layer: services -# Module: rlogin -# -# Remote login daemon -# -rlogin = module - -# Layer: services -# Module: roundup -# -# Roundup Issue Tracking System policy -# -roundup = module - -# Layer: services -# Module: rpc -# -# Remote Procedure Call Daemon for managment of network based process communication -# -rpc = module - -# Layer: admin -# Module: rpm -# -# Policy for the RPM package manager. -# -rpm = module - - -# Layer: services -# Module: rshd -# -# Remote shell service. -# -rshd = module - -# Layer: services -# Module: rsync -# -# Fast incremental file transfer for synchronization -# -rsync = module - -# Layer: services -# Module: rtkit -# -# Real Time Kit Daemon -# -rtkit = module - -# Layer: services -# Module: rwho -# -# who is logged in on local machines -# -rwho = module - -# Layer: services -# Module: samba -# -# SMB and CIFS client/server programs for UNIX and -# name Service Switch daemon for resolving names -# from Windows NT servers. -# -samba = module - -# Layer: apps -# Module: sambagui -# -# policy for system-config-samba -# -sambagui = module - -# Layer: apps -# Module: sandbox -# -# Policy for running apps within a sandbox -# -sandbox = module - -# Layer: apps -# Module: sandbox -# -# Policy for running apps within a X sandbox -# -sandboxX = module - -# Layer: services -# Module: sanlock -# -# sanlock policy -# -sanlock = module - -# Layer: services -# Module: sasl -# -# SASL authentication server -# -sasl = module - -# Layer: apps -# Module: screen -# -# GNU terminal multiplexer -# -screen = module - -# Layer: kernel -# Module: selinux -# Required in base -# -# Policy for kernel security interface, in particular, selinuxfs. -# -selinux = base - -# Layer: system -# Module: selinuxutil -# -# Policy for SELinux policy and userland applications. -# -selinuxutil = module - -# Layer: services -# Module: sendmail -# -# Policy for sendmail. -# -sendmail = module - -# Layer: apps -# Module: seunshare -# -# seunshare executable -# -seunshare = module - -# Layer: admin -# Module: shorewall -# -# Policy for shorewall -# -shorewall = module - -# Layer: admin -# Module: shutdown -# -# Policy for shutdown -# -shutdown = module - -# Layer: admin -# Module: sectoolm -# -# Policy for sectool-mechanism -# -sectoolm = module - -# Layer: system -# Module: setrans -# Required in base -# -# Policy for setrans -# -setrans = module - -# Layer: services -# Module: setroubleshoot -# -# Policy for the SELinux troubleshooting utility -# -setroubleshoot = module - -# Layer: services -# Module: slrnpull -# -# Service for downloading news feeds the slrn newsreader. -# -slrnpull = off - -# Layer: apps -# Module: slocate -# -# Update database for mlocate -# -slocate = module - -# Layer: services -# Module: smartmon -# -# Smart disk monitoring daemon policy -# -smartmon = module - -# Layer: services -# Module: smokeping -# -# Latency Logging and Graphing System -# -smokeping = module - -# Layer: admin -# Module: smoltclient -# -#The Fedora hardware profiler client -# -smoltclient = module - -# Layer: services -# Module: snmp -# -# Simple network management protocol services -# -snmp = module - -# Layer: services -# Module: spamassassin -# -# Filter used for removing unsolicited email. -# -spamassassin = module - -# Layer: services -# Module: squid -# -# Squid caching http proxy server -# -squid = module - -# Layer: services -# Module: ssh -# -# Secure shell client and server policy. -# -ssh = module - -# Layer: services -# Module: sssd -# -# System Security Services Daemon -# -sssd = module - -# Layer: kernel -# Module: storage -# -# Policy controlling access to storage devices -# -storage = base - -# Layer: services -# Module: stunnel -# -# SSL Tunneling Proxy -# -stunnel = module - -# Layer: admin -# Module: su -# -# Run shells with substitute user and group -# -su = module - -# Layer: admin -# Module: sudo -# -# Execute a command with a substitute user -# -sudo = module - -# Layer: system -# Module: systemd -# -# Policy for systemd components -# -systemd = module - -# Layer: system -# Module: sysnetwork -# -# Policy for network configuration: ifconfig and dhcp client. -# -sysnetwork = module - - -# Layer: services -# Module: sysstat -# -# Policy for sysstat. Reports on various system states -# -sysstat = module - -# Layer: services -# Module: tcpd -# -# Policy for TCP daemon. -# -tcpd = module - -# Layer: services -# Module: tcsd -# -# tcsd - daemon that manages Trusted Computing resources -# -tcsd = module - -# Layer: services -# Module: tgtd -# -# Linux Target Framework Daemon. -# -tgtd = module - -# Layer: apps -# Module: thumb -# -# Thumbnailer confinement -# -thumb = module - -# Layer: system -# Module: udev -# -# Policy for udev. -# -udev = module - -# Layer: services -# Module: usbmuxd -# -# Daemon for communicating with Apple's iPod Touch and iPhone -# -usbmuxd = module - -# Layer: system -# Module: userdomain -# -# Policy for user domains -# -userdomain = module - -# Layer: system -# Module: unconfined -# -# The unconfined domain. -# -unconfined = module - - -# Layer: kernel -# Module: unconfined -# -# The unlabelednet module. -# -unlabelednet = module - -# Layer: services -# Module: ulogd -# -# netfilter/iptables ULOG daemon -# -ulogd = module - -# Layer: services -# Module: vdagent -# -# vdagent -# -vdagent = module - -# Layer: services -# Module: vhostmd -# -# vhostmd - spice guest agent daemon. -# -vhostmd = module - -# Layer: apps -# Module: vhostmd -# -# vlock - Virtual Console lock program -# -vlock = module - -# Layer: services -# Module: wdmd -# -# wdmd policy -# -wdmd = module - -# Layer: apps -# Module: wine -# -# wine executable -# -wine = module - -# Layer: apps -# Module: wireshark -# -# wireshark executable -# -wireshark = module - -# Layer: apps -# Module: telepathy -# -# telepathy - Policy for Telepathy framework -# -telepathy = module - -# Layer: apps -# Module: userhelper -# -# A helper interface to pam. -# -userhelper = module - -# Layer: services -# Module: tor -# -# TOR, the onion router -# -tor = module - -# Layer: apps -# Module: tvtime -# -# tvtime - a high quality television application -# -tvtime = module - -# Layer: apps -# Module: uml -# -# Policy for UML -# -uml = module - -# Layer: admin -# Module: usbmodules -# -# List kernel modules of USB devices -# -usbmodules = module - -# Layer: apps -# Module: usernetctl -# -# User network interface configuration helper -# -usernetctl = module - -# Layer: system -# Module: xen -# -# virtualization software -# -xen = module - -# Layer: services -# Module: varnishd -# -# Varnishd http accelerator daemon -# -varnishd = module - -# Layer: services -# Module: virt -# -# Virtualization libraries -# -virt = module - -# Layer: services -# Module: vnstatd -# -# Network traffic Monitor -# -vnstatd = module - -# Layer: system -# Module: brctl -# -# Utilities for configuring the linux ethernet bridge -# -brctl = module - -# Layer: services -# Module: telnet -# -# Telnet daemon -# -telnet = module - -# Layer: services -# Module: timidity -# -# MIDI to WAV converter and player configured as a service -# -timidity = off - -# Layer: services -# Module: tftp -# -# Trivial file transfer protocol daemon -# -tftp = module - -# Layer: services -# Module: tuned -# -# Dynamic adaptive system tuning daemon -# -tuned = module - -# Layer: services -# Module: uucp -# -# Unix to Unix Copy -# -uucp = module - -# Layer: services -# Module: uuidd -# -# UUID generation daemon -# -uuidd = module - -# Layer: services -# Module: vbetool -# -# run real-mode video BIOS code to alter hardware state -# -vbetool = module - -# Layer: apps -# Module: webalizer -# -# Web server log analysis -# -webalizer = module - -# Layer: services -# Module: xserver -# -# X windows login display manager -# -xserver = module - -# Layer: services -# Module: zarafa -# -# Zarafa Collaboration Platform -# -zarafa = module - -# Layer: services -# Module: zebra -# -# Zebra border gateway protocol network routing service -# -zebra = module - -# Layer: services -# Module: zoneminder -# -# Zoneminder Camera Security Surveillance Solution -# -zoneminder = module - -# Layer: admin -# Module: usermanage -# -# Policy for managing user accounts. -# -usermanage = module - -# Layer: admin -# Module: updfstab -# -# Red Hat utility to change /etc/fstab. -# -updfstab = module - -# Layer: admin -# Module: vpn -# -# Virtual Private Networking client -# -vpn = module - -# Layer: admin -# Module: vbetool -# -# run real-mode video BIOS code to alter hardware state -# -vbetool = module - -# Layer: kernel -# Module: terminal -# Required in base -# -# Policy for terminals. -# -terminal = base - -# Layer: admin -# Module: tmpreaper -# -# Manage temporary directory sizes and file ages -# -tmpreaper = module - -# Layer: admin -# Module: amtu -# -# Abstract Machine Test Utility (AMTU) -# -amtu = module - -# Layer: services -# Module: zabbix -# -# Open-source monitoring solution for your IT infrastructure -# -zabbix = module - -# Layer: services -# Module: apcupsd -# -# daemon for most APC’s UPS for Linux -# -apcupsd = module - -# Layer: services -# Module: aide -# -# Policy for aide -# -aide = module - -# Layer: services -# Module: w3c -# -# w3c -# -w3c = module - -# Layer: services -# Module: plymouthd -# -# Plymouth -# -plymouthd = module - -# Layer: services -# Module: portreserve -# -# reserve ports to prevent portmap mapping them -# -portreserve = module - -# Layer: services -# Module: rpcbind -# -# universal addresses to RPC program number mapper -# -rpcbind = module - -# Layer: apps -# Module: rssh -# -# Restricted (scp/sftp) only shell -# -rssh = module - -# Layer: apps -# Module: vmware -# -# VMWare Workstation virtual machines -# -vmware = module - -# Layer: role -# Module: dbadm -# -# Minimally prived root role for managing databases -# -dbadm = module - -# Layer: role -# Module: logadm -# -# Minimally prived root role for managing logging system -# -logadm = module - -# Layer: role -# Module: secadm -# -# secadm account on tty logins -# -secadm = module - -# Layer: role -# Module: auditadm -# -# auditadm account on tty logins -# -auditadm = module - - -# Layer: role -# Module: webadm -# -# Minimally prived root role for managing apache -# -webadm = module - -# -# Layer: services -# Module: exim -# -# exim mail server -# -exim = module - - -# Layer: services -# Module: kismet -# -# Wireless sniffing and monitoring -# -kismet = module - -# Layer: services -# Module: munin -# -# Munin -# -munin = module - -# Layer: services -# Module: bitlbee -# -# An IRC to other chat networks gateway -# -bitlbee = module - -# Layer: admin -# Module: sosreport -# -# sosreport debuggin information generator -# -sosreport = module - -# Layer: services -# Module: soundserver -# -# sound server for network audio server programs, nasd, yiff, etc -# -soundserver = module - -# Layer: role -# Module: unconfineduser -# -# The unconfined user domain. -# -unconfineduser = module - -# Module: staff -# -# admin account -# -staff = module - -# Layer:role -# Module: sysadm -# -# System Administrator -# -sysadm = module - -# Layer:role -# Module: sysadm_secadm -# -# System Administrator with Security Admin rules -# -sysadm_secadm = module - -# Layer: role -# Module: unprivuser -# -# Minimally privs guest account on tty logins -# -unprivuser = module - -# Layer: services -# Module: prelude -# -prelude = module - -# Layer: services -# Module: pads -# -pads = module - -# Layer: apps -# Module: podsleuth -# -# Podsleuth probes, identifies, and exposes properties and metadata bound to iPods. -# -podsleuth = module - -# Layer: role -# Module: guest -# -# Minimally privs guest account on tty logins -# -guest = module - -# Layer: role -# Module: xguest -# -# Minimally privs guest account on X Windows logins -# -xguest = module - -# Layer: services -# Module: cgroup -# -# Tools and libraries to control and monitor control groups -# -cgroup = module - -# Layer: services -# Module: courier -# -# IMAP and POP3 email servers -# -courier = module - -# Layer: services -# Module: denyhosts -# -# script to help thwart ssh server attacks -# -denyhosts = module - -# Layer: apps -# Module: livecd -# -# livecd creator -# -livecd = module - -# Layer: services -# Module: snort -# -# Snort network intrusion detection system -# -snort = module - -# Layer: services -# Module: memcached -# -# high-performance memory object caching system -# -memcached = module - -# Layer: system -# Module: netlabel -# -# Basic netlabel types and interfaces. -# -netlabel = module - -# Layer: services -# Module: zosremote -# -# policy for z/OS Remote-services Audit dispatcher plugin -# -zosremote = module - -# Layer: services -# Module: pingd -# -# -pingd = module - -# Layer: services -# Module: milter -# -# -# -milter = module - -# Layer: services -# Module: keyboardd -# -# system-setup-keyboard is a keyboard layout daemon that monitors -# /etc/sysconfig/keyboard and writes out an xorg.conf.d snippet -# -keyboardd = module - -# Layer: services -# Module: keystone -# -# openstack-keystone -# -keystone = module - -# Layer: services -# Module: firewalld -# -# firewalld is firewall service daemon that provides dynamic customizable -# -firewalld = module - -# Layer: apps -# Module: namespace -# -# policy for namespace.init script -# -namespace = module - -# Layer: services -# Module: rhev -# -# rhev policy module contains policies for rhev apps -# -rhev = module - -# Layer: services -# Module: dspam -# -# dspam - library and Mail Delivery Agent for Bayesian SPAM filtering -# -dspam = module - -# Layer: services -# Module: lldpad -# -# lldpad - Link Layer Discovery Protocol (LLDP) agent daemon -# -lldpad = module - -# Layer: services -# Module: rhsmcertd -# -# Subscription Management Certificate Daemon policy -# -rhsmcertd = module - -# Layer: services -# Module: ctdbd -# -# ctdbd - The CTDB cluster daemon -# -ctdbd = module - -# Layer: services -# Module: fcoemon -# -# fcoemon -# -fcoemon = module - -# Layer: services -# Module: sblim -# -# sblim -# -sblim = module - -# Layer: services -# Module: cfengine -# -# cfengine -# -cfengine = module - -# Layer: services -# Module: pacemaker -# -# pacemaker -# -pacemaker = module - -# Layer: services -# Module: polipo -# -# polipo -# -polipo = module - -# Layer: services -# Module: nova -# -# openstack-nova -# -nova = module - -# Layer: services -# Module: rabbitmq -# -# rabbitmq daemons -# -rabbitmq = module - -# Layer: services -# Module: cloudform -# -# cloudform daemons -# -cloudform = module - -# Layer: services -# Module: obex -# -# policy for obex-data-server -# -obex = module - -# Layer: services -# Module: sge -# -# policy for grindengine MPI jobs -# -sge = module - -# Layer: apps -# Module: jockey -# -# policy for jockey-backend -# -jockey = module - -# Layer: services -# Module: numad -# -# numad - user-level daemon that provides advice and managment for optimum use of CPUs and memory on systems with NUMA topology -# -numad = module - -# Layer: services -# Module: condor -# -# policy for condor -# -condor = module - -# Layer: services -# Module: svnserve -# -# policy for subversion service -# -svnserve = module - -# Layer: apps -# Module: man2html -# -# policy for man2html apps -# -man2html = module - -# Layer: contrib -# Module: glusterd -# -# policy for glusterd service -# -glusterd = module - -# Layer: contrib -# Module: glusterd -# -# policy for tomcat service -# -tomcat = module - -# Layer: contrib -# Module: php-fpm -# -# PHP-FPM is an alternative PHP FastCGI implementation -# -phpfpm = module - -# Layer: contrib -# Module: stapserver -# -# Instrumentation System Server -# -stapserver = module - -# Layer: contrib -# Module: stapserver -# -# dbus system service which manages discovery and enrollment in realms and domains like Active Directory or IPA -# -realmd = module - -# Layer: contrib -# Module: sensord -# -# Sensor information logging daemon -# -sensord = module - -# Layer: contrib -# Module: pkcsslotd -# -# daemon manages PKCS#11 objects between PKCS#11-enabled applications -# -pkcsslotd = module - -# Layer: contrib -# Module: slpd -# -# OpenSLP server daemon to dynamically register services -# -slpd = module - -# Layer: contrib -# Module: openshift -# -# Core openshift policy -# -openshift = module - -# Layer: contrib -# Module: openshift-origin -# -# Origin version of openshift policy -# -openshift-origin = module