| |
@@ -1,2565 +0,0 @@
|
| |
- #
|
| |
- # This file contains a listing of available modules.
|
| |
- # To prevent a module from being used in policy
|
| |
- # creation, set the module name to "off".
|
| |
- #
|
| |
- # For monolithic policies, modules set to "base" and "module"
|
| |
- # will be built into the policy.
|
| |
- #
|
| |
- # For modular policies, modules set to "base" will be
|
| |
- # included in the base module. "module" will be compiled
|
| |
- # as individual loadable modules.
|
| |
- #
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: accountsd
|
| |
- #
|
| |
- # An application to view and modify user accounts information
|
| |
- #
|
| |
- accountsd = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: acct
|
| |
- #
|
| |
- # Berkeley process accounting
|
| |
- #
|
| |
- acct = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: ajaxterm
|
| |
- #
|
| |
- # Web Based Terminal
|
| |
- #
|
| |
- ajaxterm = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: alsa
|
| |
- #
|
| |
- # Ainit ALSA configuration tool
|
| |
- #
|
| |
- alsa = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: callweaver
|
| |
- #
|
| |
- # callweaver telephony sever
|
| |
- #
|
| |
- callweaver = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: cachefilesd
|
| |
- #
|
| |
- # CacheFiles userspace management daemon
|
| |
- #
|
| |
- cachefilesd = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: collectd
|
| |
- #
|
| |
- # Statistics collection daemon for filling RRD files
|
| |
- #
|
| |
- collectd = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: colord
|
| |
- #
|
| |
- # color device daemon
|
| |
- #
|
| |
- colord = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: couchdb
|
| |
- #
|
| |
- # Apache CouchDB database server
|
| |
- #
|
| |
- couchdb = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: cpufreqselector
|
| |
- #
|
| |
- # cpufreqselector executable
|
| |
- #
|
| |
- cpufreqselector = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: chrome
|
| |
- #
|
| |
- # chrome sandbox
|
| |
- #
|
| |
- chrome = module
|
| |
-
|
| |
- # Layer: module
|
| |
- # Module: awstats
|
| |
- #
|
| |
- # awstats executable
|
| |
- #
|
| |
- awstats = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: abrt
|
| |
- #
|
| |
- # Automatic bug detection and reporting tool
|
| |
- #
|
| |
- abrt = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: aiccu
|
| |
- #
|
| |
- # SixXS Automatic IPv6 Connectivity Client Utility
|
| |
- #
|
| |
- aiccu = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: amanda
|
| |
- #
|
| |
- # Automated backup program.
|
| |
- #
|
| |
- amanda = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: afs
|
| |
- #
|
| |
- # Andrew Filesystem server
|
| |
- #
|
| |
- afs = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: amavis
|
| |
- #
|
| |
- # Anti-virus
|
| |
- #
|
| |
- amavis = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: anaconda
|
| |
- #
|
| |
- # Policy for the Anaconda installer.
|
| |
- #
|
| |
- anaconda = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: apache
|
| |
- #
|
| |
- # Apache web server
|
| |
- #
|
| |
- apache = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: apm
|
| |
- #
|
| |
- # Advanced power management daemon
|
| |
- #
|
| |
- apm = module
|
| |
-
|
| |
- # Layer: system
|
| |
- # Module: application
|
| |
- # Required in base
|
| |
- #
|
| |
- # Defines attributs and interfaces for all user applications
|
| |
- #
|
| |
- application = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: arpwatch
|
| |
- #
|
| |
- # Ethernet activity monitor.
|
| |
- #
|
| |
- arpwatch = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: entropy
|
| |
- #
|
| |
- # Generate entropy from audio input
|
| |
- #
|
| |
- entropyd = module
|
| |
-
|
| |
- # Layer: system
|
| |
- # Module: authlogin
|
| |
- #
|
| |
- # Common policy for authentication and user login.
|
| |
- #
|
| |
- authlogin = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: asterisk
|
| |
- #
|
| |
- # Asterisk IP telephony server
|
| |
- #
|
| |
- asterisk = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: automount
|
| |
- #
|
| |
- # Filesystem automounter service.
|
| |
- #
|
| |
- automount = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: avahi
|
| |
- #
|
| |
- # mDNS/DNS-SD daemon implementing Apple ZeroConf architecture
|
| |
- #
|
| |
- avahi = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: bcfg2
|
| |
- #
|
| |
- # Configuration management server
|
| |
- #
|
| |
- bcfg2 = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: boinc
|
| |
- #
|
| |
- # Berkeley Open Infrastructure for Network Computing
|
| |
- #
|
| |
- boinc = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: bind
|
| |
- #
|
| |
- # Berkeley internet name domain DNS server.
|
| |
- #
|
| |
- bind = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: bugzilla
|
| |
- #
|
| |
- # Bugzilla server
|
| |
- #
|
| |
- bugzilla = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: dirsrv
|
| |
- #
|
| |
- # An 309 directory server
|
| |
- #
|
| |
- dirsrv = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: dirsrv-admin
|
| |
- #
|
| |
- # An 309 directory admin server
|
| |
- #
|
| |
- dirsrv-admin = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: dnsmasq
|
| |
- #
|
| |
- # A lightweight DHCP and caching DNS server.
|
| |
- #
|
| |
- dnsmasq = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: dnssec
|
| |
- #
|
| |
- # A dnssec server application
|
| |
- #
|
| |
- dnssec = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: blueman
|
| |
- #
|
| |
- # Blueman tools and system services.
|
| |
- #
|
| |
- blueman = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: bluetooth
|
| |
- #
|
| |
- # Bluetooth tools and system services.
|
| |
- #
|
| |
- bluetooth = module
|
| |
-
|
| |
- # Layer: kernel
|
| |
- # Module: ubac
|
| |
- #
|
| |
- #
|
| |
- #
|
| |
- ubac = base
|
| |
-
|
| |
- #
|
| |
- # Layer: kernel
|
| |
- # Module: bootloader
|
| |
- #
|
| |
- # Policy for the kernel modules, kernel image, and bootloader.
|
| |
- #
|
| |
- bootloader = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: canna
|
| |
- #
|
| |
- # Canna - kana-kanji conversion server
|
| |
- #
|
| |
- canna = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: ccs
|
| |
- #
|
| |
- # policy for ccs
|
| |
- #
|
| |
- ccs = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: calamaris
|
| |
- #
|
| |
- #
|
| |
- # Squid log analysis
|
| |
- #
|
| |
- calamaris = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: cdrecord
|
| |
- #
|
| |
- # Policy for cdrecord
|
| |
- #
|
| |
- cdrecord = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: certwatch
|
| |
- #
|
| |
- # Digital Certificate Tracking
|
| |
- #
|
| |
- certwatch = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: certmaster
|
| |
- #
|
| |
- # Digital Certificate master
|
| |
- #
|
| |
- certmaster = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: certmonger
|
| |
- #
|
| |
- # Certificate status monitor and PKI enrollment client
|
| |
- #
|
| |
- certmonger = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: cipe
|
| |
- #
|
| |
- # Encrypted tunnel daemon
|
| |
- #
|
| |
- cipe = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: chronyd
|
| |
- #
|
| |
- # Daemon for maintaining clock time
|
| |
- #
|
| |
- chronyd = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: cobbler
|
| |
- #
|
| |
- # cobbler
|
| |
- #
|
| |
- cobbler = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: comsat
|
| |
- #
|
| |
- # Comsat, a biff server.
|
| |
- #
|
| |
- comsat = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: corosync
|
| |
- #
|
| |
- # Corosync Cluster Engine Executive
|
| |
- #
|
| |
- corosync = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: clamav
|
| |
- #
|
| |
- # ClamAV Virus Scanner
|
| |
- #
|
| |
- clamav = module
|
| |
-
|
| |
- # Layer: system
|
| |
- # Module: clock
|
| |
- #
|
| |
- # Policy for reading and setting the hardware clock.
|
| |
- #
|
| |
- clock = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: consolekit
|
| |
- #
|
| |
- # ConsoleKit is a system daemon for tracking what users are logged
|
| |
- #
|
| |
- #consolekit = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: consoletype
|
| |
- #
|
| |
- # Determine of the console connected to the controlling terminal.
|
| |
- #
|
| |
- consoletype = module
|
| |
-
|
| |
- # Layer: kernel
|
| |
- # Module: corecommands
|
| |
- # Required in base
|
| |
- #
|
| |
- # Core policy for shells, and generic programs
|
| |
- # in /bin, /sbin, /usr/bin, and /usr/sbin.
|
| |
- #
|
| |
- corecommands = base
|
| |
-
|
| |
- # Layer: kernel
|
| |
- # Module: corenetwork
|
| |
- # Required in base
|
| |
- #
|
| |
- # Policy controlling access to network objects
|
| |
- #
|
| |
- corenetwork = base
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: cpucontrol
|
| |
- #
|
| |
- # Services for loading CPU microcode and CPU frequency scaling.
|
| |
- #
|
| |
- cpucontrol = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: cron
|
| |
- #
|
| |
- # Periodic execution of scheduled commands.
|
| |
- #
|
| |
- cron = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: ctdbd
|
| |
- #
|
| |
- # Cluster Daemon
|
| |
- #
|
| |
- ctdbd = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: cups
|
| |
- #
|
| |
- # Common UNIX printing system
|
| |
- #
|
| |
- cups = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: cvs
|
| |
- #
|
| |
- # Concurrent versions system
|
| |
- #
|
| |
- cvs = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: cyphesis
|
| |
- #
|
| |
- # cyphesis game server
|
| |
- #
|
| |
- cyphesis = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: cyrus
|
| |
- #
|
| |
- # Cyrus is an IMAP service intended to be run on sealed servers
|
| |
- #
|
| |
- cyrus = module
|
| |
-
|
| |
- # Layer: system
|
| |
- # Module: daemontools
|
| |
- #
|
| |
- # Collection of tools for managing UNIX services
|
| |
- #
|
| |
- daemontools = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: dbskk
|
| |
- #
|
| |
- # Dictionary server for the SKK Japanese input method system.
|
| |
- #
|
| |
- dbskk = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: dbus
|
| |
- #
|
| |
- # Desktop messaging bus
|
| |
- #
|
| |
- dbus = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: dcc
|
| |
- #
|
| |
- # A distributed, collaborative, spam detection and filtering network.
|
| |
- #
|
| |
- dcc = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: ddcprobe
|
| |
- #
|
| |
- # ddcprobe retrieves monitor and graphics card information
|
| |
- #
|
| |
- ddcprobe = off
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: devicekit
|
| |
- #
|
| |
- # devicekit-daemon
|
| |
- #
|
| |
- devicekit = module
|
| |
-
|
| |
- # Layer: kernel
|
| |
- # Module: devices
|
| |
- # Required in base
|
| |
- #
|
| |
- # Device nodes and interfaces for many basic system devices.
|
| |
- #
|
| |
- devices = base
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: dhcp
|
| |
- #
|
| |
- # Dynamic host configuration protocol (DHCP) server
|
| |
- #
|
| |
- dhcp = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: dictd
|
| |
- #
|
| |
- # Dictionary daemon
|
| |
- #
|
| |
- dictd = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: distcc
|
| |
- #
|
| |
- # Distributed compiler daemon
|
| |
- #
|
| |
- distcc = off
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: dmesg
|
| |
- #
|
| |
- # Policy for dmesg.
|
| |
- #
|
| |
- dmesg = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: dmidecode
|
| |
- #
|
| |
- # Decode DMI data for x86/ia64 bioses.
|
| |
- #
|
| |
- dmidecode = module
|
| |
-
|
| |
- # Layer: kernel
|
| |
- # Module: domain
|
| |
- # Required in base
|
| |
- #
|
| |
- # Core policy for domains.
|
| |
- #
|
| |
- domain = base
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: drbd
|
| |
- #
|
| |
- # DRBD mirrors a block device over the network to another machine.
|
| |
- #
|
| |
- drbd = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: ddclient
|
| |
- #
|
| |
- # Update dynamic IP address at DynDNS.org
|
| |
- #
|
| |
- ddclient = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: dovecot
|
| |
- #
|
| |
- # Dovecot POP and IMAP mail server
|
| |
- #
|
| |
- dovecot = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: gitosis
|
| |
- #
|
| |
- # Policy for gitosis
|
| |
- #
|
| |
- gitosis = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: glance
|
| |
- #
|
| |
- # Policy for glance
|
| |
- #
|
| |
- glance = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: gpg
|
| |
- #
|
| |
- # Policy for GNU Privacy Guard and related programs.
|
| |
- #
|
| |
- gpg = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: gpsd
|
| |
- #
|
| |
- # gpsd monitor daemon
|
| |
- #
|
| |
- #
|
| |
- gpsd = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: git
|
| |
- #
|
| |
- # Policy for the stupid content tracker
|
| |
- #
|
| |
- git = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: gpm
|
| |
- #
|
| |
- # General Purpose Mouse driver
|
| |
- #
|
| |
- gpm = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: fail2ban
|
| |
- #
|
| |
- # daiemon that bans IP that makes too many password failures
|
| |
- #
|
| |
- fail2ban = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: fetchmail
|
| |
- #
|
| |
- # Remote-mail retrieval and forwarding utility
|
| |
- #
|
| |
- fetchmail = module
|
| |
-
|
| |
- # Layer: kernel
|
| |
- # Module: files
|
| |
- # Required in base
|
| |
- #
|
| |
- # Basic filesystem types and interfaces.
|
| |
- #
|
| |
- files = base
|
| |
-
|
| |
- # Layer: kernel
|
| |
- # Module: filesystem
|
| |
- # Required in base
|
| |
- #
|
| |
- # Policy for filesystems.
|
| |
- #
|
| |
- filesystem = base
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: finger
|
| |
- #
|
| |
- # Finger user information service.
|
| |
- #
|
| |
- finger = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: firstboot
|
| |
- #
|
| |
- # Final system configuration run during the first boot
|
| |
- # after installation of Red Hat/Fedora systems.
|
| |
- #
|
| |
- firstboot = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: firewallgui
|
| |
- #
|
| |
- # policy for system-config-firewall
|
| |
- #
|
| |
- firewallgui = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: fprintd
|
| |
- #
|
| |
- # finger print server
|
| |
- #
|
| |
- fprintd = module
|
| |
-
|
| |
- # Layer: system
|
| |
- # Module: fstools
|
| |
- #
|
| |
- # Tools for filesystem management, such as mkfs and fsck.
|
| |
- #
|
| |
- fstools = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: ftp
|
| |
- #
|
| |
- # File transfer protocol service
|
| |
- #
|
| |
- ftp = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: games
|
| |
- #
|
| |
- # The Open Group Pegasus CIM/WBEM Server.
|
| |
- #
|
| |
- games = module
|
| |
-
|
| |
- # Layer: system
|
| |
- # Module: getty
|
| |
- #
|
| |
- # Policy for getty.
|
| |
- #
|
| |
- getty = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: gnome
|
| |
- #
|
| |
- # gnome session and gconf
|
| |
- #
|
| |
- gnome = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: hddtemp
|
| |
- #
|
| |
- # hddtemp hard disk temperature tool running as a daemon
|
| |
- #
|
| |
- hddtemp = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: passenger
|
| |
- #
|
| |
- # Passenger
|
| |
- #
|
| |
- passenger = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: policykit
|
| |
- #
|
| |
- # Hardware abstraction layer
|
| |
- #
|
| |
- policykit = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: puppet
|
| |
- #
|
| |
- # A network tool for managing many disparate systems
|
| |
- #
|
| |
- puppet = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: ptchown
|
| |
- #
|
| |
- # helper function for grantpt(3), changes ownship and permissions of pseudotty
|
| |
- #
|
| |
- ptchown = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: psad
|
| |
- #
|
| |
- # Analyze iptables log for hostile traffic
|
| |
- #
|
| |
- psad = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: pwauth
|
| |
- #
|
| |
- # External plugin for mod_authnz_external authenticator
|
| |
- #
|
| |
- pwauth = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: quantum
|
| |
- #
|
| |
- # Quantum is a virtual network service for Openstack
|
| |
- #
|
| |
- quantum = module
|
| |
-
|
| |
- # Layer: system
|
| |
- # Module: hostname
|
| |
- #
|
| |
- # Policy for changing the system host name.
|
| |
- #
|
| |
- hostname = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: inetd
|
| |
- #
|
| |
- # Internet services daemon.
|
| |
- #
|
| |
- inetd = module
|
| |
-
|
| |
- # Layer: system
|
| |
- # Module: init
|
| |
- #
|
| |
- # System initialization programs (init and init scripts).
|
| |
- #
|
| |
- init = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: inn
|
| |
- #
|
| |
- # Internet News NNTP server
|
| |
- #
|
| |
- inn = module
|
| |
-
|
| |
- # Layer: system
|
| |
- # Module: iptables
|
| |
- #
|
| |
- # Policy for iptables.
|
| |
- #
|
| |
- iptables = module
|
| |
-
|
| |
- # Layer: system
|
| |
- # Module: ipsec
|
| |
- #
|
| |
- # TCP/IP encryption
|
| |
- #
|
| |
- ipsec = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: irc
|
| |
- #
|
| |
- # IRC client policy
|
| |
- #
|
| |
- irc = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: irqbalance
|
| |
- #
|
| |
- # IRQ balancing daemon
|
| |
- #
|
| |
- irqbalance = module
|
| |
-
|
| |
- # Layer: system
|
| |
- # Module: iscsi
|
| |
- #
|
| |
- # Open-iSCSI daemon
|
| |
- #
|
| |
- iscsi = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: icecast
|
| |
- #
|
| |
- # ShoutCast compatible streaming media server
|
| |
- #
|
| |
- icecast = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: i18n_input
|
| |
- #
|
| |
- # IIIMF htt server
|
| |
- #
|
| |
- i18n_input = off
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: jabber
|
| |
- #
|
| |
- # Jabber instant messaging server
|
| |
- #
|
| |
- jabber = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: jetty
|
| |
- #
|
| |
- # Java based http server
|
| |
- #
|
| |
- jetty = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: kdump
|
| |
- #
|
| |
- # kdump is kernel crash dumping mechanism
|
| |
- #
|
| |
- kdump = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: kdumpgui
|
| |
- #
|
| |
- # system-config-kdump policy
|
| |
- #
|
| |
- kdumpgui = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: ksmtuned
|
| |
- #
|
| |
- # Kernel Samepage Merging (KSM) Tuning Daemon
|
| |
- #
|
| |
- ksmtuned = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: kerberos
|
| |
- #
|
| |
- # MIT Kerberos admin and KDC
|
| |
- #
|
| |
- kerberos = module
|
| |
-
|
| |
- # Layer: kernel
|
| |
- # Module: kernel
|
| |
- # Required in base
|
| |
- #
|
| |
- # Policy for kernel threads, proc filesystem,and unlabeled processes and objects.
|
| |
- #
|
| |
- kernel = base
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: ktalk
|
| |
- #
|
| |
- # KDE Talk daemon
|
| |
- #
|
| |
- ktalk = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: l2ltpd
|
| |
- #
|
| |
- # Layer 2 Tunnelling Protocol Daemon
|
| |
- #
|
| |
- l2tpd = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: ldap
|
| |
- #
|
| |
- # OpenLDAP directory server
|
| |
- #
|
| |
- ldap = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: likewise
|
| |
- #
|
| |
- # Likewise Active Directory support for UNIX
|
| |
- #
|
| |
- likewise = module
|
| |
-
|
| |
- # Layer: system
|
| |
- # Module: libraries
|
| |
- #
|
| |
- # Policy for system libraries.
|
| |
- #
|
| |
- libraries = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: loadkeys
|
| |
- #
|
| |
- # Load keyboard mappings.
|
| |
- #
|
| |
- loadkeys = module
|
| |
-
|
| |
- # Layer: system
|
| |
- # Module: locallogin
|
| |
- #
|
| |
- # Policy for local logins.
|
| |
- #
|
| |
- locallogin = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: lockdev
|
| |
- #
|
| |
- # device locking policy for lockdev
|
| |
- #
|
| |
- lockdev = module
|
| |
-
|
| |
- # Layer: system
|
| |
- # Module: logging
|
| |
- #
|
| |
- # Policy for the kernel message logger and system logging daemon.
|
| |
- #
|
| |
- logging = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: logrotate
|
| |
- #
|
| |
- # Rotate and archive system logs
|
| |
- #
|
| |
- logrotate = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: logwatch
|
| |
- #
|
| |
- # logwatch executable
|
| |
- #
|
| |
- logwatch = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: lpd
|
| |
- #
|
| |
- # Line printer daemon
|
| |
- #
|
| |
- lpd = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: lircd
|
| |
- #
|
| |
- # LIRC daemon - decodes infrared signals and provides them on a Unix domain socket.
|
| |
- #
|
| |
- lircd = module
|
| |
-
|
| |
- # Layer: system
|
| |
- # Module: lvm
|
| |
- #
|
| |
- # Policy for logical volume management programs.
|
| |
- #
|
| |
- lvm = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: mailman
|
| |
- #
|
| |
- # Mailman is for managing electronic mail discussion and e-newsletter lists
|
| |
- #
|
| |
- mailman = module
|
| |
-
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: mailman
|
| |
- #
|
| |
- # Policy for mailscanner
|
| |
- #
|
| |
- mailscanner = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: matahari
|
| |
- #
|
| |
- # Matahari system maangement tools
|
| |
- #
|
| |
- matahari = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: mcelog
|
| |
- #
|
| |
- # Policy for mcelog.
|
| |
- #
|
| |
- mcelog = module
|
| |
-
|
| |
- # Layer: kernel
|
| |
- # Module: mcs
|
| |
- # Required in base
|
| |
- #
|
| |
- # MultiCategory security policy
|
| |
- #
|
| |
- mcs = base
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: mediawiki
|
| |
- #
|
| |
- # mediawiki
|
| |
- #
|
| |
- mediawiki = module
|
| |
-
|
| |
- # Layer: system
|
| |
- # Module: miscfiles
|
| |
- #
|
| |
- # Miscelaneous files.
|
| |
- #
|
| |
- miscfiles = module
|
| |
-
|
| |
- # Layer: kernel
|
| |
- # Module: mls
|
| |
- # Required in base
|
| |
- #
|
| |
- # Multilevel security policy
|
| |
- #
|
| |
- mls = base
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: mock
|
| |
- #
|
| |
- # Policy for mock rpm builder
|
| |
- #
|
| |
- mock = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: mojomojo
|
| |
- #
|
| |
- # Wiki server
|
| |
- #
|
| |
- mojomojo = module
|
| |
-
|
| |
- # Layer: system
|
| |
- # Module: modutils
|
| |
- #
|
| |
- # Policy for kernel module utilities
|
| |
- #
|
| |
- modutils = module
|
| |
-
|
| |
- # Layer: system
|
| |
- # Module: mount
|
| |
- #
|
| |
- # Policy for mount.
|
| |
- #
|
| |
- mount = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: mozilla
|
| |
- #
|
| |
- # Policy for Mozilla and related web browsers
|
| |
- #
|
| |
- mozilla = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: ntop
|
| |
- #
|
| |
- # Policy for ntop
|
| |
- #
|
| |
- ntop = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: nslcd
|
| |
- #
|
| |
- # Policy for nslcd
|
| |
- #
|
| |
- nslcd = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: modemmanager
|
| |
- #
|
| |
- # Manager for dynamically switching between modems.
|
| |
- #
|
| |
- modemmanager = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: mpd
|
| |
- #
|
| |
- # mpd - daemon for playing music
|
| |
- #
|
| |
- mpd = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: mplayer
|
| |
- #
|
| |
- # Policy for Mozilla and related web browsers
|
| |
- #
|
| |
- mplayer = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: gpg
|
| |
- #
|
| |
- # Policy for Mozilla and related web browsers
|
| |
- #
|
| |
- gpg = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: mrtg
|
| |
- #
|
| |
- # Network traffic graphing
|
| |
- #
|
| |
- mrtg = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: mta
|
| |
- #
|
| |
- # Policy common to all email tranfer agents.
|
| |
- #
|
| |
- mta = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: mysql
|
| |
- #
|
| |
- # Policy for MySQL
|
| |
- #
|
| |
- mysql = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: nagios
|
| |
- #
|
| |
- # policy for nagios Host/service/network monitoring program
|
| |
- #
|
| |
- nagios = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: ncftool
|
| |
- #
|
| |
- # Tool to modify the network configuration of a system
|
| |
- #
|
| |
- ncftool = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: ncftool
|
| |
- #
|
| |
- # Tool to modify the network configuration of a system
|
| |
- #
|
| |
- ncftool = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: netutils
|
| |
- #
|
| |
- # Network analysis utilities
|
| |
- #
|
| |
- netutils = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: networkmanager
|
| |
- #
|
| |
- # Manager for dynamically switching between networks.
|
| |
- #
|
| |
- networkmanager = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: nis
|
| |
- #
|
| |
- # Policy for NIS (YP) servers and clients
|
| |
- #
|
| |
- nis = module
|
| |
-
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: nscd
|
| |
- #
|
| |
- # Name service cache daemon
|
| |
- #
|
| |
- nscd = module
|
| |
-
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: ntp
|
| |
- #
|
| |
- # Network time protocol daemon
|
| |
- #
|
| |
- ntp = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: nut
|
| |
- #
|
| |
- # nut - Network UPS Tools
|
| |
- #
|
| |
- nut = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: nx
|
| |
- #
|
| |
- # NX Remote Desktop
|
| |
- #
|
| |
- nx = module
|
| |
-
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: oddjob
|
| |
- #
|
| |
- # policy for oddjob
|
| |
- #
|
| |
- oddjob = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: openct
|
| |
- #
|
| |
- # Service for handling smart card readers.
|
| |
- #
|
| |
- openct = off
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: openvpn
|
| |
- #
|
| |
- # Policy for OPENVPN full-featured SSL VPN solution
|
| |
- #
|
| |
- openvpn = module
|
| |
-
|
| |
-
|
| |
- # Layer: service
|
| |
- # Module: pcscd
|
| |
- #
|
| |
- # PC/SC Smart Card Daemon
|
| |
- #
|
| |
- pcscd = module
|
| |
-
|
| |
- # Layer: service
|
| |
- # Module: openct
|
| |
- #
|
| |
- # Middleware framework for smart card terminals
|
| |
- #
|
| |
- openct = module
|
| |
-
|
| |
- # Layer: system
|
| |
- # Module: pcmcia
|
| |
- #
|
| |
- # PCMCIA card management services
|
| |
- #
|
| |
- pcmcia = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: pegasus
|
| |
- #
|
| |
- # The Open Group Pegasus CIM/WBEM Server.
|
| |
- #
|
| |
- pegasus = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: piranha
|
| |
- #
|
| |
- # piranha - various tools to administer and configure the Linux Virtual Server
|
| |
- #
|
| |
- piranha = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: postgresql
|
| |
- #
|
| |
- # PostgreSQL relational database
|
| |
- #
|
| |
- postgresql = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: portmap
|
| |
- #
|
| |
- # RPC port mapping service.
|
| |
- #
|
| |
- portmap = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: postfix
|
| |
- #
|
| |
- # Postfix email server
|
| |
- #
|
| |
- postfix = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: postgrey
|
| |
- #
|
| |
- # email scanner
|
| |
- #
|
| |
- postgrey = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: ppp
|
| |
- #
|
| |
- # Point to Point Protocol daemon creates links in ppp networks
|
| |
- #
|
| |
- ppp = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: prelink
|
| |
- #
|
| |
- # Manage temporary directory sizes and file ages
|
| |
- #
|
| |
- prelink = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: procmail
|
| |
- #
|
| |
- # Procmail mail delivery agent
|
| |
- #
|
| |
- procmail = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: privoxy
|
| |
- #
|
| |
- # Privacy enhancing web proxy.
|
| |
- #
|
| |
- privoxy = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: publicfile
|
| |
- #
|
| |
- # publicfile supplies files to the public through HTTP and FTP
|
| |
- #
|
| |
- publicfile = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: pulseaudio
|
| |
- #
|
| |
- # The PulseAudio Sound System
|
| |
- #
|
| |
- pulseaudio = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: qmail
|
| |
- #
|
| |
- # Policy for qmail
|
| |
- #
|
| |
- qmail = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: qpidd
|
| |
- #
|
| |
- # Policy for qpidd
|
| |
- #
|
| |
- qpid = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: quota
|
| |
- #
|
| |
- # File system quota management
|
| |
- #
|
| |
- quota = module
|
| |
-
|
| |
- # Layer: system
|
| |
- # Module: raid
|
| |
- #
|
| |
- # RAID array management tools
|
| |
- #
|
| |
- raid = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: radius
|
| |
- #
|
| |
- # RADIUS authentication and accounting server.
|
| |
- #
|
| |
- radius = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: radvd
|
| |
- #
|
| |
- # IPv6 router advertisement daemon
|
| |
- #
|
| |
- radvd = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: readahead
|
| |
- #
|
| |
- # Readahead, read files into page cache for improved performance
|
| |
- #
|
| |
- readahead = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: rgmanager
|
| |
- #
|
| |
- # Red Hat Resource Group Manager
|
| |
- #
|
| |
- rgmanager = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: rhcs
|
| |
- #
|
| |
- # RHCS - Red Hat Cluster Suite
|
| |
- #
|
| |
- rhcs = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: aisexec
|
| |
- #
|
| |
- # RHCS - Red Hat Cluster Suite
|
| |
- #
|
| |
- aisexec = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: rgmanager
|
| |
- #
|
| |
- # rgmanager
|
| |
- #
|
| |
- rgmanager = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: clogd
|
| |
- #
|
| |
- # clogd - clustered mirror log server
|
| |
- #
|
| |
- clogd = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: cmirrord
|
| |
- #
|
| |
- # cmirrord - daemon providing device-mapper-base mirrors in a shared-storege cluster
|
| |
- #
|
| |
- cmirrord = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: rhgb
|
| |
- #
|
| |
- # X windows login display manager
|
| |
- #
|
| |
- rhgb = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: rdisc
|
| |
- #
|
| |
- # Network router discovery daemon
|
| |
- #
|
| |
- rdisc = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: remotelogin
|
| |
- #
|
| |
- # Policy for rshd, rlogind, and telnetd.
|
| |
- #
|
| |
- remotelogin = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: ricci
|
| |
- #
|
| |
- # policy for ricci
|
| |
- #
|
| |
- ricci = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: rlogin
|
| |
- #
|
| |
- # Remote login daemon
|
| |
- #
|
| |
- rlogin = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: roundup
|
| |
- #
|
| |
- # Roundup Issue Tracking System policy
|
| |
- #
|
| |
- roundup = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: rpc
|
| |
- #
|
| |
- # Remote Procedure Call Daemon for managment of network based process communication
|
| |
- #
|
| |
- rpc = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: rpm
|
| |
- #
|
| |
- # Policy for the RPM package manager.
|
| |
- #
|
| |
- rpm = module
|
| |
-
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: rshd
|
| |
- #
|
| |
- # Remote shell service.
|
| |
- #
|
| |
- rshd = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: rsync
|
| |
- #
|
| |
- # Fast incremental file transfer for synchronization
|
| |
- #
|
| |
- rsync = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: rtkit
|
| |
- #
|
| |
- # Real Time Kit Daemon
|
| |
- #
|
| |
- rtkit = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: rwho
|
| |
- #
|
| |
- # who is logged in on local machines
|
| |
- #
|
| |
- rwho = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: samba
|
| |
- #
|
| |
- # SMB and CIFS client/server programs for UNIX and
|
| |
- # name Service Switch daemon for resolving names
|
| |
- # from Windows NT servers.
|
| |
- #
|
| |
- samba = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: sambagui
|
| |
- #
|
| |
- # policy for system-config-samba
|
| |
- #
|
| |
- sambagui = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: sandbox
|
| |
- #
|
| |
- # Experimental policy for running apps within a sandbox
|
| |
- #
|
| |
- sandbox = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: sanlock
|
| |
- #
|
| |
- # sanlock policy
|
| |
- #
|
| |
- sanlock = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: sasl
|
| |
- #
|
| |
- # SASL authentication server
|
| |
- #
|
| |
- sasl = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: screen
|
| |
- #
|
| |
- # GNU terminal multiplexer
|
| |
- #
|
| |
- screen = module
|
| |
-
|
| |
- # Layer: kernel
|
| |
- # Module: selinux
|
| |
- # Required in base
|
| |
- #
|
| |
- # Policy for kernel security interface, in particular, selinuxfs.
|
| |
- #
|
| |
- selinux = base
|
| |
-
|
| |
- # Layer: system
|
| |
- # Module: selinuxutil
|
| |
- #
|
| |
- # Policy for SELinux policy and userland applications.
|
| |
- #
|
| |
- selinuxutil = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: sendmail
|
| |
- #
|
| |
- # Policy for sendmail.
|
| |
- #
|
| |
- sendmail = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: seunshare
|
| |
- #
|
| |
- # seunshare executable
|
| |
- #
|
| |
- seunshare = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: shorewall
|
| |
- #
|
| |
- # Policy for shorewall
|
| |
- #
|
| |
- shorewall = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: shutdown
|
| |
- #
|
| |
- # Policy for shutdown
|
| |
- #
|
| |
- shutdown = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: sectoolm
|
| |
- #
|
| |
- # Policy for sectool-mechanism
|
| |
- #
|
| |
- sectoolm = module
|
| |
-
|
| |
- # Layer: system
|
| |
- # Module: setrans
|
| |
- # Required in base
|
| |
- #
|
| |
- # Policy for setrans
|
| |
- #
|
| |
- setrans = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: setroubleshoot
|
| |
- #
|
| |
- # Policy for the SELinux troubleshooting utility
|
| |
- #
|
| |
- setroubleshoot = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: slrnpull
|
| |
- #
|
| |
- # Service for downloading news feeds the slrn newsreader.
|
| |
- #
|
| |
- slrnpull = off
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: slocate
|
| |
- #
|
| |
- # Update database for mlocate
|
| |
- #
|
| |
- slocate = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: smartmon
|
| |
- #
|
| |
- # Smart disk monitoring daemon policy
|
| |
- #
|
| |
- smartmon = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: smokeping
|
| |
- #
|
| |
- # Latency Logging and Graphing System
|
| |
- #
|
| |
- smokeping = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: smoltclient
|
| |
- #
|
| |
- #The Fedora hardware profiler client
|
| |
- #
|
| |
- smoltclient = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: snmp
|
| |
- #
|
| |
- # Simple network management protocol services
|
| |
- #
|
| |
- snmp = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: spamassassin
|
| |
- #
|
| |
- # Filter used for removing unsolicited email.
|
| |
- #
|
| |
- spamassassin = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: squid
|
| |
- #
|
| |
- # Squid caching http proxy server
|
| |
- #
|
| |
- squid = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: ssh
|
| |
- #
|
| |
- # Secure shell client and server policy.
|
| |
- #
|
| |
- ssh = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: sssd
|
| |
- #
|
| |
- # System Security Services Daemon
|
| |
- #
|
| |
- sssd = module
|
| |
-
|
| |
- # Layer: kernel
|
| |
- # Module: storage
|
| |
- #
|
| |
- # Policy controlling access to storage devices
|
| |
- #
|
| |
- storage = base
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: stunnel
|
| |
- #
|
| |
- # SSL Tunneling Proxy
|
| |
- #
|
| |
- stunnel = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: su
|
| |
- #
|
| |
- # Run shells with substitute user and group
|
| |
- #
|
| |
- su = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: sudo
|
| |
- #
|
| |
- # Execute a command with a substitute user
|
| |
- #
|
| |
- sudo = module
|
| |
-
|
| |
- # Layer: system
|
| |
- # Module: systemd
|
| |
- #
|
| |
- # Policy for systemd components
|
| |
- #
|
| |
- systemd = module
|
| |
-
|
| |
- # Layer: system
|
| |
- # Module: sysnetwork
|
| |
- #
|
| |
- # Policy for network configuration: ifconfig and dhcp client.
|
| |
- #
|
| |
- sysnetwork = module
|
| |
-
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: sysstat
|
| |
- #
|
| |
- # Policy for sysstat. Reports on various system states
|
| |
- #
|
| |
- sysstat = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: tcpd
|
| |
- #
|
| |
- # Policy for TCP daemon.
|
| |
- #
|
| |
- tcpd = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: tcsd
|
| |
- #
|
| |
- # tcsd - daemon that manages Trusted Computing resources
|
| |
- #
|
| |
- tcsd = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: tgtd
|
| |
- #
|
| |
- # Linux Target Framework Daemon.
|
| |
- #
|
| |
- tgtd = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: thumb
|
| |
- #
|
| |
- # Thumbnailer confinement
|
| |
- #
|
| |
- thumb = module
|
| |
-
|
| |
- # Layer: system
|
| |
- # Module: udev
|
| |
- #
|
| |
- # Policy for udev.
|
| |
- #
|
| |
- udev = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: usbmuxd
|
| |
- #
|
| |
- # Daemon for communicating with Apple's iPod Touch and iPhone
|
| |
- #
|
| |
- usbmuxd = module
|
| |
-
|
| |
- # Layer: system
|
| |
- # Module: userdomain
|
| |
- #
|
| |
- # Policy for user domains
|
| |
- #
|
| |
- userdomain = module
|
| |
-
|
| |
- # Layer: system
|
| |
- # Module: unconfined
|
| |
- #
|
| |
- # The unconfined domain.
|
| |
- #
|
| |
- unconfined = module
|
| |
-
|
| |
-
|
| |
- # Layer: kernel
|
| |
- # Module: unconfined
|
| |
- #
|
| |
- # The unlabelednet module.
|
| |
- #
|
| |
- unlabelednet = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: ulogd
|
| |
- #
|
| |
- # netfilter/iptables ULOG daemon
|
| |
- #
|
| |
- ulogd = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: vdagent
|
| |
- #
|
| |
- # vdagent
|
| |
- #
|
| |
- vdagent = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: vhostmd
|
| |
- #
|
| |
- # vhostmd - spice guest agent daemon.
|
| |
- #
|
| |
- vhostmd = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: vhostmd
|
| |
- #
|
| |
- # vlock - Virtual Console lock program
|
| |
- #
|
| |
- vlock = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: wdmd
|
| |
- #
|
| |
- # wdmd policy
|
| |
- #
|
| |
- wdmd = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: wine
|
| |
- #
|
| |
- # wine executable
|
| |
- #
|
| |
- wine = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: wireshark
|
| |
- #
|
| |
- # wireshark executable
|
| |
- #
|
| |
- wireshark = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: telepathy
|
| |
- #
|
| |
- # telepathy - Policy for Telepathy framework
|
| |
- #
|
| |
- telepathy = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: userhelper
|
| |
- #
|
| |
- # A helper interface to pam.
|
| |
- #
|
| |
- userhelper = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: tor
|
| |
- #
|
| |
- # TOR, the onion router
|
| |
- #
|
| |
- tor = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: tvtime
|
| |
- #
|
| |
- # tvtime - a high quality television application
|
| |
- #
|
| |
- tvtime = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: uml
|
| |
- #
|
| |
- # Policy for UML
|
| |
- #
|
| |
- uml = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: usbmodules
|
| |
- #
|
| |
- # List kernel modules of USB devices
|
| |
- #
|
| |
- usbmodules = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: usernetctl
|
| |
- #
|
| |
- # User network interface configuration helper
|
| |
- #
|
| |
- usernetctl = module
|
| |
-
|
| |
- # Layer: system
|
| |
- # Module: xen
|
| |
- #
|
| |
- # virtualization software
|
| |
- #
|
| |
- xen = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: varnishd
|
| |
- #
|
| |
- # Varnishd http accelerator daemon
|
| |
- #
|
| |
- varnishd = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: virt
|
| |
- #
|
| |
- # Virtualization libraries
|
| |
- #
|
| |
- virt = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: vnstatd
|
| |
- #
|
| |
- # Network traffic Monitor
|
| |
- #
|
| |
- vnstatd = module
|
| |
-
|
| |
- # Layer: system
|
| |
- # Module: brctl
|
| |
- #
|
| |
- # Utilities for configuring the linux ethernet bridge
|
| |
- #
|
| |
- brctl = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: telnet
|
| |
- #
|
| |
- # Telnet daemon
|
| |
- #
|
| |
- telnet = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: timidity
|
| |
- #
|
| |
- # MIDI to WAV converter and player configured as a service
|
| |
- #
|
| |
- timidity = off
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: tftp
|
| |
- #
|
| |
- # Trivial file transfer protocol daemon
|
| |
- #
|
| |
- tftp = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: tuned
|
| |
- #
|
| |
- # Dynamic adaptive system tuning daemon
|
| |
- #
|
| |
- tuned = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: uucp
|
| |
- #
|
| |
- # Unix to Unix Copy
|
| |
- #
|
| |
- uucp = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: uuidd
|
| |
- #
|
| |
- # UUID generation daemon
|
| |
- #
|
| |
- uuidd = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: webalizer
|
| |
- #
|
| |
- # Web server log analysis
|
| |
- #
|
| |
- webalizer = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: xserver
|
| |
- #
|
| |
- # X windows login display manager
|
| |
- #
|
| |
- xserver = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: zarafa
|
| |
- #
|
| |
- # Zarafa Collaboration Platform
|
| |
- #
|
| |
- zarafa = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: zebra
|
| |
- #
|
| |
- # Zebra border gateway protocol network routing service
|
| |
- #
|
| |
- zebra = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: zoneminder
|
| |
- #
|
| |
- # Zoneminder Camera Security Surveillance Solution
|
| |
- #
|
| |
- zoneminder = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: usermanage
|
| |
- #
|
| |
- # Policy for managing user accounts.
|
| |
- #
|
| |
- usermanage = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: updfstab
|
| |
- #
|
| |
- # Red Hat utility to change /etc/fstab.
|
| |
- #
|
| |
- updfstab = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: vpn
|
| |
- #
|
| |
- # Virtual Private Networking client
|
| |
- #
|
| |
- vpn = module
|
| |
-
|
| |
- # Layer: kernel
|
| |
- # Module: terminal
|
| |
- # Required in base
|
| |
- #
|
| |
- # Policy for terminals.
|
| |
- #
|
| |
- terminal = base
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: tmpreaper
|
| |
- #
|
| |
- # Manage temporary directory sizes and file ages
|
| |
- #
|
| |
- tmpreaper = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: amtu
|
| |
- #
|
| |
- # Abstract Machine Test Utility (AMTU)
|
| |
- #
|
| |
- amtu = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: zabbix
|
| |
- #
|
| |
- # Open-source monitoring solution for your IT infrastructure
|
| |
- #
|
| |
- zabbix = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: apcupsd
|
| |
- #
|
| |
- # daemon for most APC’s UPS for Linux
|
| |
- #
|
| |
- apcupsd = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: aide
|
| |
- #
|
| |
- # Policy for aide
|
| |
- #
|
| |
- aide = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: w3c
|
| |
- #
|
| |
- # w3c
|
| |
- #
|
| |
- w3c = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: plymouthd
|
| |
- #
|
| |
- # Plymouth
|
| |
- #
|
| |
- plymouthd = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: portreserve
|
| |
- #
|
| |
- # reserve ports to prevent portmap mapping them
|
| |
- #
|
| |
- portreserve = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: rpcbind
|
| |
- #
|
| |
- # universal addresses to RPC program number mapper
|
| |
- #
|
| |
- rpcbind = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: rssh
|
| |
- #
|
| |
- # Restricted (scp/sftp) only shell
|
| |
- #
|
| |
- rssh = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: vmware
|
| |
- #
|
| |
- # VMWare Workstation virtual machines
|
| |
- #
|
| |
- vmware = module
|
| |
-
|
| |
- # Layer: role
|
| |
- # Module: dbadm
|
| |
- #
|
| |
- # Minimally prived root role for managing databases
|
| |
- #
|
| |
- dbadm = module
|
| |
-
|
| |
- # Layer: role
|
| |
- # Module: logadm
|
| |
- #
|
| |
- # Minimally prived root role for managing logging system
|
| |
- #
|
| |
- logadm = module
|
| |
-
|
| |
- # Layer: role
|
| |
- # Module: secadm
|
| |
- #
|
| |
- # secadm account on tty logins
|
| |
- #
|
| |
- secadm = module
|
| |
-
|
| |
- # Layer: role
|
| |
- # Module: auditadm
|
| |
- #
|
| |
- # auditadm account on tty logins
|
| |
- #
|
| |
- auditadm = module
|
| |
-
|
| |
-
|
| |
- # Layer: role
|
| |
- # Module: webadm
|
| |
- #
|
| |
- # Minimally prived root role for managing apache
|
| |
- #
|
| |
- webadm = module
|
| |
-
|
| |
- #
|
| |
- # Layer: services
|
| |
- # Module: exim
|
| |
- #
|
| |
- # exim mail server
|
| |
- #
|
| |
- exim = module
|
| |
-
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: kismet
|
| |
- #
|
| |
- # Wireless sniffing and monitoring
|
| |
- #
|
| |
- kismet = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: munin
|
| |
- #
|
| |
- # Munin
|
| |
- #
|
| |
- munin = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: bitlbee
|
| |
- #
|
| |
- # An IRC to other chat networks gateway
|
| |
- #
|
| |
- bitlbee = module
|
| |
-
|
| |
- # Layer: admin
|
| |
- # Module: sosreport
|
| |
- #
|
| |
- # sosreport debuggin information generator
|
| |
- #
|
| |
- sosreport = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: soundserver
|
| |
- #
|
| |
- # sound server for network audio server programs, nasd, yiff, etc</summary>
|
| |
- #
|
| |
- soundserver = module
|
| |
-
|
| |
- # Layer: role
|
| |
- # Module: unconfineduser
|
| |
- #
|
| |
- # The unconfined user domain.
|
| |
- #
|
| |
- unconfineduser = module
|
| |
-
|
| |
- # Module: staff
|
| |
- #
|
| |
- # admin account
|
| |
- #
|
| |
- staff = module
|
| |
-
|
| |
- # Layer:role
|
| |
- # Module: sysadm
|
| |
- #
|
| |
- # System Administrator
|
| |
- #
|
| |
- sysadm = module
|
| |
-
|
| |
- # Layer:role
|
| |
- # Module: sysadm_secadm
|
| |
- #
|
| |
- # System Administrator with Security Admin rules
|
| |
- #
|
| |
- sysadm_secadm = module
|
| |
-
|
| |
- # Layer: role
|
| |
- # Module: unprivuser
|
| |
- #
|
| |
- # Minimally privs guest account on tty logins
|
| |
- #
|
| |
- unprivuser = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: prelude
|
| |
- #
|
| |
- prelude = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: pads
|
| |
- #
|
| |
- pads = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: podsleuth
|
| |
- #
|
| |
- # Podsleuth probes, identifies, and exposes properties and metadata bound to iPods.
|
| |
- #
|
| |
- podsleuth = module
|
| |
-
|
| |
- # Layer: role
|
| |
- # Module: guest
|
| |
- #
|
| |
- # Minimally privs guest account on tty logins
|
| |
- #
|
| |
- guest = module
|
| |
-
|
| |
- # Layer: role
|
| |
- # Module: xguest
|
| |
- #
|
| |
- # Minimally privs guest account on X Windows logins
|
| |
- #
|
| |
- xguest = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: cgroup
|
| |
- #
|
| |
- # Tools and libraries to control and monitor control groups
|
| |
- #
|
| |
- cgroup = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: courier
|
| |
- #
|
| |
- # IMAP and POP3 email servers
|
| |
- #
|
| |
- courier = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: denyhosts
|
| |
- #
|
| |
- # script to help thwart ssh server attacks
|
| |
- #
|
| |
- denyhosts = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: livecd
|
| |
- #
|
| |
- # livecd creator
|
| |
- #
|
| |
- livecd = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: snort
|
| |
- #
|
| |
- # Snort network intrusion detection system
|
| |
- #
|
| |
- snort = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: memcached
|
| |
- #
|
| |
- # high-performance memory object caching system
|
| |
- #
|
| |
- memcached = module
|
| |
-
|
| |
- # Layer: system
|
| |
- # Module: netlabel
|
| |
- #
|
| |
- # Basic netlabel types and interfaces.
|
| |
- #
|
| |
- netlabel = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: zosremote
|
| |
- #
|
| |
- # policy for z/OS Remote-services Audit dispatcher plugin</summary>
|
| |
- #
|
| |
- zosremote = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: pingd
|
| |
- #
|
| |
- #
|
| |
- pingd = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: milter
|
| |
- #
|
| |
- #
|
| |
- #
|
| |
- milter = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: keyboardd
|
| |
- #
|
| |
- # system-setup-keyboard is a keyboard layout daemon that monitors
|
| |
- # /etc/sysconfig/keyboard and writes out an xorg.conf.d snippet
|
| |
- #
|
| |
- keyboardd = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: keystone
|
| |
- #
|
| |
- # openstack-keystone
|
| |
- #
|
| |
- keystone = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: firewalld
|
| |
- #
|
| |
- # firewalld is firewall service daemon that provides dynamic customizable
|
| |
- #
|
| |
- firewalld = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: namespace
|
| |
- #
|
| |
- # policy for namespace.init script
|
| |
- #
|
| |
- namespace = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: rhev
|
| |
- #
|
| |
- # rhev policy module contains policies for rhev apps
|
| |
- #
|
| |
- rhev = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: dspam
|
| |
- #
|
| |
- # dspam - library and Mail Delivery Agent for Bayesian SPAM filtering
|
| |
- #
|
| |
- dspam = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: lldpad
|
| |
- #
|
| |
- # lldpad - Link Layer Discovery Protocol (LLDP) agent daemon
|
| |
- #
|
| |
- lldpad = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: rhsmcertd
|
| |
- #
|
| |
- # Subscription Management Certificate Daemon policy
|
| |
- #
|
| |
- rhsmcertd = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: ctdbd
|
| |
- #
|
| |
- # ctdbd - The CTDB cluster daemon
|
| |
- #
|
| |
- ctdbd = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: fcoemon
|
| |
- #
|
| |
- # fcoemon
|
| |
- #
|
| |
- fcoemon = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: sblim
|
| |
- #
|
| |
- # sblim
|
| |
- #
|
| |
- sblim = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: cfengine
|
| |
- #
|
| |
- # cfengine
|
| |
- #
|
| |
- cfengine = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: pacemaker
|
| |
- #
|
| |
- # pacemaker
|
| |
- #
|
| |
- pacemaker = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: polipo
|
| |
- #
|
| |
- # polipo
|
| |
- #
|
| |
- polipo = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: nova
|
| |
- #
|
| |
- # openstack-nova
|
| |
- #
|
| |
- nova = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: rabbitmq
|
| |
- #
|
| |
- # rabbitmq daemons
|
| |
- #
|
| |
- rabbitmq = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: cloudform
|
| |
- #
|
| |
- # cloudform daemons
|
| |
- #
|
| |
- cloudform = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: obex
|
| |
- #
|
| |
- # policy for obex-data-server
|
| |
- #
|
| |
- obex = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: sge
|
| |
- #
|
| |
- # policy for grindengine MPI jobs
|
| |
- #
|
| |
- sge = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: jockey
|
| |
- #
|
| |
- # policy for jockey-backend
|
| |
- #
|
| |
- jockey = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: numad
|
| |
- #
|
| |
- # numad - user-level daemon that provides advice and managment for optimum use of CPUs and memory on systems with NUMA topology
|
| |
- #
|
| |
- numad = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: condor
|
| |
- #
|
| |
- # policy for condor
|
| |
- #
|
| |
- condor = module
|
| |
-
|
| |
- # Layer: services
|
| |
- # Module: svnserve
|
| |
- #
|
| |
- # policy for subversion service
|
| |
- #
|
| |
- svnserve = module
|
| |
-
|
| |
- # Layer: apps
|
| |
- # Module: man2html
|
| |
- #
|
| |
- # policy for man2html apps
|
| |
- #
|
| |
- man2html = module
|
| |
-
|
| |
- # Layer: contrib
|
| |
- # Module: glusterd
|
| |
- #
|
| |
- # policy for glusterd service
|
| |
- #
|
| |
- glusterd = module
|
| |
-
|
| |
- # Layer: contrib
|
| |
- # Module: glusterd
|
| |
- #
|
| |
- # policy for tomcat service
|
| |
- #
|
| |
- tomcat = module
|
| |
-
|
| |
- # Layer: contrib
|
| |
- # Module: php-fpm
|
| |
- #
|
| |
- # PHP-FPM is an alternative PHP FastCGI implementation
|
| |
- #
|
| |
- phpfpm = module
|
| |
-
|
| |
- # Layer: contrib
|
| |
- # Module: stapserver
|
| |
- #
|
| |
- # Instrumentation System Server
|
| |
- #
|
| |
- stapserver = module
|
| |
-
|
| |
- # Layer: contrib
|
| |
- # Module: stapserver
|
| |
- #
|
| |
- # dbus system service which manages discovery and enrollment in realms and domains like Active Directory or IPA
|
| |
- #
|
| |
- realmd = module
|
| |
-
|
| |
- # Layer: contrib
|
| |
- # Module: docker
|
| |
- #
|
| |
- # The open-source application container engine
|
| |
- #
|
| |
- docker = module
|
| |
Depends on:
https://github.com/fedora-selinux/selinux-policy/pull/686