diff --git a/modules-targeted-base.lifsea8.conf b/modules-targeted-base.lifsea8.conf new file mode 100644 index 0000000000000000000000000000000000000000..c417749f4395dec4a754172a798c4fad9b4c8059 --- /dev/null +++ b/modules-targeted-base.lifsea8.conf @@ -0,0 +1,400 @@ +# Layer: kernel +# Module: bootloader +# +# Policy for the kernel modules, kernel image, and bootloader. +# +bootloader = module + +# Layer: kernel +# Module: corecommands +# Required in base +# +# Core policy for shells, and generic programs +# in /bin, /sbin, /usr/bin, and /usr/sbin. +# +corecommands = base + +# Layer: kernel +# Module: corenetwork +# Required in base +# +# Policy controlling access to network objects +# +corenetwork = base + +# Layer: admin +# Module: dmesg +# +# Policy for dmesg. +# +dmesg = module + +# Layer: admin +# Module: netutils +# +# Network analysis utilities +# +netutils = module + +# Layer: admin +# Module: sudo +# +# Execute a command with a substitute user +# +sudo = module + +# Layer: admin +# Module: su +# +# Run shells with substitute user and group +# +su = module + +# Layer: admin +# Module: usermanage +# +# Policy for managing user accounts. +# +usermanage = module + +# Layer: apps +# Module: seunshare +# +# seunshare executable +# +# seunshare = module + +# Module: devices +# Required in base +# +# Device nodes and interfaces for many basic system devices. +# +devices = base + +# Module: domain +# Required in base +# +# Core policy for domains. +# +domain = base + +# Layer: system +# Module: userdomain +# +# Policy for user domains +# +userdomain = module + +# Module: files +# Required in base +# +# Basic filesystem types and interfaces. +# +files = base + +# Layer: system +# Module: miscfiles +# +# Miscelaneous files. +# +miscfiles = module + +# Module: filesystem +# Required in base +# +# Policy for filesystems. +# +filesystem = base + +# Module: kernel +# Required in base +# +# Policy for kernel threads, proc filesystem,and unlabeled processes and objects. +# +kernel = base + +# Module: mcs +# Required in base +# +# MultiCategory security policy +# +mcs = base + +# Module: mls +# Required in base +# +# Multilevel security policy +# +mls = base + +# Module: selinux +# Required in base +# +# Policy for kernel security interface, in particular, selinuxfs. +# +selinux = base + +# Layer: kernel +# Module: storage +# +# Policy controlling access to storage devices +# +storage = base + +# Module: terminal +# Required in base +# +# Policy for terminals. +# +terminal = base + +# Layer: kernel +# Module: ubac +# +# +# +ubac = base + +# Layer: kernel +# Module: unconfined +# +# The unlabelednet module. +# +unlabelednet = module + +# Layer: role +# Module: auditadm +# +# auditadm account on tty logins +# +auditadm = module + +# Layer: role +# Module: logadm +# +# Minimally prived root role for managing logging system +# +logadm = module + +# Layer: role +# Module: secadm +# +# secadm account on tty logins +# +secadm = module + +# Layer:role +# Module: sysadm_secadm +# +# System Administrator with Security Admin rules +# +sysadm_secadm = module + +# Module: staff +# +# admin account +# +staff = module + +# Layer:role +# Module: sysadm +# +# System Administrator +# +sysadm = module + +# Layer: role +# Module: unconfineduser +# +# The unconfined user domain. +# +unconfineduser = module + +# Layer: role +# Module: unprivuser +# +# Minimally privs guest account on tty logins +# +unprivuser = module + +# Layer: services +# Module: postgresql +# +# PostgreSQL relational database +# +# postgresql = module + +# Layer: services +# Module: ssh +# +# Secure shell client and server policy. +# +ssh = module + +# Layer: services +# Module: xserver +# +# X windows login display manager +# +xserver = module + +# Module: application +# Required in base +# +# Defines attributs and interfaces for all user applications +# +application = module + +# Layer: system +# Module: authlogin +# +# Common policy for authentication and user login. +# +authlogin = module + +# Layer: system +# Module: clock +# +# Policy for reading and setting the hardware clock. +# +clock = module + +# Layer: system +# Module: fstools +# +# Tools for filesystem management, such as mkfs and fsck. +# +fstools = module + +# Layer: system +# Module: getty +# +# Policy for getty. +# +getty = module + +# Layer: system +# Module: hostname +# +# Policy for changing the system host name. +# +hostname = module + +# Layer: system +# Module: init +# +# System initialization programs (init and init scripts). +# +init = module + +# Layer: system +# Module: ipsec +# +# TCP/IP encryption +# +ipsec = module + +# Layer: system +# Module: iptables +# +# Policy for iptables. +# +iptables = module + +# Layer: system +# Module: libraries +# +# Policy for system libraries. +# +libraries = module + +# Layer: system +# Module: locallogin +# +# Policy for local logins. +# +locallogin = module + +# Layer: system +# Module: logging +# +# Policy for the kernel message logger and system logging daemon. +# +logging = module + +# Layer: system +# Module: lvm +# +# Policy for logical volume management programs. +# +lvm = module + +# Layer: system +# Module: modutils +# +# Policy for kernel module utilities +# +modutils = module + +# Layer: system +# Module: mount +# +# Policy for mount. +# +mount = module + +# Layer: system +# Module: netlabel +# +# Basic netlabel types and interfaces. +# +netlabel = module + +# Layer: system +# Module: selinuxutil +# +# Policy for SELinux policy and userland applications. +# +selinuxutil = module + +# Module: setrans +# Required in base +# +# Policy for setrans +# +setrans = module + +# Layer: system +# Module: sysnetwork +# +# Policy for network configuration: ifconfig and dhcp client. +# +sysnetwork = module + +# Layer: system +# Module: systemd +# +# Policy for systemd components +# +systemd = module + +# Layer: system +# Module: udev +# +# Policy for udev. +# +udev = module + +# Layer: system +# Module: unconfined +# +# The unconfined domain. +# +unconfined = module + +# Layer: system +# Module: kdbus +# +# Policy for kdbus. +# +kdbus = module diff --git a/modules-targeted-contrib.lifsea8.conf b/modules-targeted-contrib.lifsea8.conf new file mode 100644 index 0000000000000000000000000000000000000000..8c2747dce3c5efebb1b5ce5df6fe67c622d9f3e8 --- /dev/null +++ b/modules-targeted-contrib.lifsea8.conf @@ -0,0 +1,2665 @@ +# Layer: services +# Module: abrt +# +# Automatic bug detection and reporting tool +# +# abrt = module + +# Layer: services +# Module: accountsd +# +# An application to view and modify user accounts information +# +# accountsd = module + +# Layer: admin +# Module: acct +# +# Berkeley process accounting +# +# acct = module + +# Layer: services +# Module: afs +# +# Andrew Filesystem server +# +# afs = module + +# Layer: services +# Module: aiccu +# +# SixXS Automatic IPv6 Connectivity Client Utility +# +# aiccu = module + +# Layer: services +# Module: aide +# +# Policy for aide +# +# aide = module + +# Layer: services +# Module: ajaxterm +# +# Web Based Terminal +# +# ajaxterm = module + +# Layer: admin +# Module: alsa +# +# Ainit ALSA configuration tool +# +# alsa = module + +# Layer: admin +# Module: amanda +# +# Automated backup program. +# +# amanda = module + +# Layer: admin +# Module: amtu +# +# Abstract Machine Test Utility (AMTU) +# +# amtu = module + +# Layer: admin +# Module: anaconda +# +# Policy for the Anaconda installer. +# +anaconda = module + +# Layer: contrib +# Module: antivirus +# +# SELinux policy for antivirus programs +# +# antivirus = module + +# Layer: services +# Module: apache +# +# Apache web server +# +# apache = module + +# Layer: services +# Module: apcupsd +# +# daemon for most APC’s UPS for Linux +# +# apcupsd = module + +# Layer: services +# Module: apm +# +# Advanced power management daemon +# +# apm = module + +# Layer: services +# Module: arpwatch +# +# Ethernet activity monitor. +# +# arpwatch = module + +# Layer: services +# Module: asterisk +# +# Asterisk IP telephony server +# +# asterisk = module + +# Layer: contrib +# Module: authconfig +# +# Authorization configuration tool +# +# authconfig = module + +# Layer: services +# Module: automount +# +# Filesystem automounter service. +# +# automount = module + +# Layer: services +# Module: avahi +# +# mDNS/DNS-SD daemon implementing Apple ZeroConf architecture +# +# avahi = module + +# Layer: module +# Module: awstats +# +# awstats executable +# +# awstats = module + +# Layer: services +# Module: bcfg2 +# +# Configuration management server +# +# bcfg2 = module + +# Layer: services +# Module: bind +# +# Berkeley internet name domain DNS server. +# +# bind = module + +# Layer: contrib +# Module: rngd +# +# Daemon used to feed random data from hardware device to kernel random device +# +# rngd = module + +# Layer: services +# Module: bitlbee +# +# An IRC to other chat networks gateway +# +# bitlbee = module + +# Layer: services +# Module: blueman +# +# Blueman tools and system services. +# +# blueman = module + +# Layer: services +# Module: bluetooth +# +# Bluetooth tools and system services. +# +# bluetooth = module + +# Layer: services +# Module: boinc +# +# Berkeley Open Infrastructure for Network Computing +# +# boinc = module + +# Layer: system +# Module: brctl +# +# Utilities for configuring the linux ethernet bridge +# +# brctl = module + +# Layer: services +# Module: bugzilla +# +# Bugzilla server +# +# bugzilla = module + +# Layer: services +# Module: bumblebee +# +# Support NVIDIA Optimus technology under Linux +# +# bumblebee = module + +# Layer: services +# Module: cachefilesd +# +# CacheFiles userspace management daemon +# +# cachefilesd = module + +# Module: calamaris +# +# +# Squid log analysis +# +# calamaris = module + +# Layer: services +# Module: callweaver +# +# callweaver telephony sever +# +# callweaver = module + +# Layer: services +# Module: canna +# +# Canna - kana-kanji conversion server +# +# canna = module + +# Layer: services +# Module: ccs +# +# policy for ccs +# +# ccs = module + +# Layer: apps +# Module: cdrecord +# +# Policy for cdrecord +# +# cdrecord = module + +# Layer: admin +# Module: certmaster +# +# Digital Certificate master +# +# certmaster = module + +# Layer: services +# Module: certmonger +# +# Certificate status monitor and PKI enrollment client +# +# certmonger = module + +# Layer: admin +# Module: certwatch +# +# Digital Certificate Tracking +# +# certwatch = module + +# Layer: services +# Module: cfengine +# +# cfengine +# +# cfengine = module + +# Layer: services +# Module: cgroup +# +# Tools and libraries to control and monitor control groups +# +cgroup = module + +# Layer: contrib +# Module: cgdcbxd +# +# cgdcbxd policy +# +# cgdcbxd = module + +# Layer: apps +# Module: chrome +# +# chrome sandbox +# +# chrome = module + +# Layer: services +# Module: chronyd +# +# Daemon for maintaining clock time +# +chronyd = module + +# Layer: services +# Module: cipe +# +# Encrypted tunnel daemon +# +# cipe = module + + +# Layer: services +# Module: clogd +# +# clogd - clustered mirror log server +# +# clogd = module + +# Layer: services +# Module: cloudform +# +# cloudform daemons +# +# cloudform = module + +# Layer: services +# Module: cmirrord +# +# cmirrord - daemon providing device-mapper-base mirrors in a shared-storege cluster +# +# cmirrord = module + +# Layer: services +# Module: cobbler +# +# cobbler +# +# cobbler = module + +# Layer: contrib +# Module: cockpit +# +# cockpit - Cockpit runs in a browser and can manage your network of GNU/Linux machines. +# +# cockpit = module + +# Layer: services +# Module: collectd +# +# Statistics collection daemon for filling RRD files +# +# collectd = module + +# Layer: services +# Module: colord +# +# color device daemon +# +# colord = module + +# Layer: services +# Module: comsat +# +# Comsat, a biff server. +# +# comsat = module + +# Layer: services +# Module: condor +# +# policy for condor +# +# condor = module + +# Layer: services +# Module: conman +# +# Conman is a program for connecting to remote consoles being managed by conmand +# +# conman = module + +# Layer: services +# Module: consolekit +# +# ConsoleKit is a system daemon for tracking what users are logged +# +# consolekit = module + +# Layer: services +# Module: couchdb +# +# Apache CouchDB database server +# +# couchdb = module + +# Layer: services +# Module: courier +# +# IMAP and POP3 email servers +# +# courier = module + +# Layer: services +# Module: cpucontrol +# +# Services for loading CPU microcode and CPU frequency scaling. +# +# cpucontrol = module + +# Layer: apps +# Module: cpufreqselector +# +# cpufreqselector executable +# +# cpufreqselector = module + +# Layer: services +# Module: cron +# +# Periodic execution of scheduled commands. +# +# cron = module + +# Layer: services +# Module: ctdbd +# +# Cluster Daemon +# +# ctdb = module + +# Layer: services +# Module: cups +# +# Common UNIX printing system +# +# cups = module + +# Layer: services +# Module: cvs +# +# Concurrent versions system +# +# cvs = module + +# Layer: services +# Module: cyphesis +# +# cyphesis game server +# +# cyphesis = module + +# Layer: services +# Module: cyrus +# +# Cyrus is an IMAP service intended to be run on sealed servers +# +# cyrus = module + +# Layer: system +# Module: daemontools +# +# Collection of tools for managing UNIX services +# +# daemontools = module + +# Layer: role +# Module: dbadm +# +# Minimally prived root role for managing databases +# +# dbadm = module + +# Layer: services +# Module: dbskk +# +# Dictionary server for the SKK Japanese input method system. +# +# dbskk = module + +# Layer: services +# Module: dbus +# +# Desktop messaging bus +# +dbus = module + +# Layer: services +# Module: dcc +# +# A distributed, collaborative, spam detection and filtering network. +# +# dcc = module + +# Layer: services +# Module: ddclient +# +# Update dynamic IP address at DynDNS.org +# +# ddclient = module + +# Layer: admin +# Module: ddcprobe +# +# ddcprobe retrieves monitor and graphics card information +# +# ddcprobe = off + +# Layer: services +# Module: denyhosts +# +# script to help thwart ssh server attacks +# +# denyhosts = module + +# Layer: services +# Module: devicekit +# +# devicekit-daemon +# +# devicekit = module + +# Layer: services +# Module: dhcp +# +# Dynamic host configuration protocol (DHCP) server +# +# dhcp = module + +# Layer: services +# Module: dictd +# +# Dictionary daemon +# +# dictd = module + +# Layer: services +# Module: dirsrv-admin +# +# An 309 directory admin server +# +# dirsrv-admin = module + +# Layer: services +# Module: dirsrv +# +# An 309 directory server +# +# dirsrv = module + +# Layer: services +# Module: distcc +# +# Distributed compiler daemon +# +# distcc = off + +# Layer: admin +# Module: dmidecode +# +# Decode DMI data for x86/ia64 bioses. +# +# dmidecode = module + +# Layer: services +# Module: dnsmasq +# +# A lightweight DHCP and caching DNS server. +# +# dnsmasq = module + +# Layer: services +# Module: dnssec +# +# A dnssec server application +# +# dnssec = module + +# Layer: services +# Module: dovecot +# +# Dovecot POP and IMAP mail server +# +# dovecot = module + +# Layer: services +# Module: drbd +# +# DRBD mirrors a block device over the network to another machine. +# +# drbd = module + +# Layer: services +# Module: dspam +# +# dspam - library and Mail Delivery Agent for Bayesian SPAM filtering +# +# dspam = module + +# Layer: services +# Module: entropy +# +# Generate entropy from audio input +# +# entropyd = module + +# Layer: services +# Module: exim +# +# exim mail server +# +# exim = module + +# Layer: services +# Module: fail2ban +# +# daiemon that bans IP that makes too many password failures +# +# fail2ban = module + +# Layer: services +# Module: fcoe +# +# fcoe +# +# fcoe = module + +# Layer: services +# Module: fetchmail +# +# Remote-mail retrieval and forwarding utility +# +# fetchmail = module + +# Layer: services +# Module: finger +# +# Finger user information service. +# +# finger = module + +# Layer: services +# Module: firewalld +# +# firewalld is firewall service daemon that provides dynamic customizable +# +# firewalld = module + +# Layer: apps +# Module: firewallgui +# +# policy for system-config-firewall +# +# firewallgui = module + +# Module: firstboot +# +# Final system configuration run during the first boot +# after installation of Red Hat/Fedora systems. +# +# firstboot = module + +# Layer: services +# Module: fprintd +# +# finger print server +# +# fprintd = module + +# Layer: services +# Module: freqset +# +# Utility for CPU frequency scaling +# +# freqset = module + +# Layer: services +# Module: ftp +# +# File transfer protocol service +# +# ftp = module + +# Layer: apps +# Module: games +# +# The Open Group Pegasus CIM/WBEM Server. +# +# games = module + +# Layer: apps +# Module: gitosis +# +# Policy for gitosis +# +# gitosis = module + +# Layer: services +# Module: git +# +# Policy for the stupid content tracker +# +# git = module + +# Layer: services +# Module: glance +# +# Policy for glance +# +# glance = module + +# Layer: apps +# Module: gnome +# +# gnome session and gconf +# +# gnome = module + +# Layer: apps +# Module: gpg +# +# Policy for GNU Privacy Guard and related programs. +# +# gpg = module + +# Layer: services +# Module: gpm +# +# General Purpose Mouse driver +# +# gpm = module + +# Module: gpsd +# +# gpsd monitor daemon +# +# +# gpsd = module + +# Module: gssproxy +# +# A proxy for GSSAPI credential handling +# +# +# gssproxy = module + +# Layer: role +# Module: guest +# +# Minimally privs guest account on tty logins +# +# guest = module + +# Layer: role +# Module: xguest +# +# Minimally privs guest account on X Windows logins +# +# xguest = module + +# Layer: services +# Module: hddtemp +# +# hddtemp hard disk temperature tool running as a daemon +# +# hddtemp = module + +# Layer: services +# Module: hostapd +# +# hostapd - IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator +# +# hostapd = module + +# Layer: services +# Module: i18n_input +# +# IIIMF htt server +# +# i18n_input = off + +# Layer: services +# Module: icecast +# +# ShoutCast compatible streaming media server +# +# icecast = module + +# Layer: services +# Module: inetd +# +# Internet services daemon. +# +inetd = module + +# Layer: services +# Module: inn +# +# Internet News NNTP server +# +# inn = module + +# Layer: services +# Module: lircd +# +# LIRC daemon - decodes infrared signals and provides them on a Unix domain socket. +# +# lircd = module + +# Layer: apps +# Module: irc +# +# IRC client policy +# +# irc = module + +# Layer: services +# Module: irqbalance +# +# IRQ balancing daemon +# +# irqbalance = module + +# Layer: system +# Module: iscsi +# +# Open-iSCSI daemon +# +# iscsi = module + +# Layer: system +# Module: isnsd +# +# +# +# isns = module + +# Layer: services +# Module: jabber +# +# Jabber instant messaging server +# +# jabber = module + +# Layer: services +# Module: jetty +# +# Java based http server +# +# jetty = module + +# Layer: apps +# Module: jockey +# +# policy for jockey-backend +# +# jockey = module + +# Layer: apps +# Module: kdumpgui +# +# system-config-kdump policy +# +# kdumpgui = module + +# Layer: admin +# Module: kdump +# +# kdump is kernel crash dumping mechanism +# +# kdump = module + +# Layer: services +# Module: kerberos +# +# MIT Kerberos admin and KDC +# +kerberos = module + +# Layer: services +# Module: keepalived +# +# keepalived - load-balancing and high-availability service +# +# keepalived = module + +# Module: keyboardd +# +# system-setup-keyboard is a keyboard layout daemon that monitors +# /etc/sysconfig/keyboard and writes out an xorg.conf.d snippet +# +# keyboardd = module + +# Layer: services +# Module: keystone +# +# openstack-keystone +# +# keystone = module + +# Layer: services +# Module: kismet +# +# Wireless sniffing and monitoring +# +# kismet = module + +# Layer: services +# Module: ksmtuned +# +# Kernel Samepage Merging (KSM) Tuning Daemon +# +# ksmtuned = module + +# Layer: services +# Module: ktalk +# +# KDE Talk daemon +# +# ktalk = module + +# Layer: services +# Module: l2ltpd +# +# Layer 2 Tunnelling Protocol Daemon +# +# l2tp = module + +# Layer: services +# Module: ldap +# +# OpenLDAP directory server +# +# ldap = module + +# Layer: services +# Module: likewise +# +# Likewise Active Directory support for UNIX +# +# likewise = module + +# Layer: apps +# Module: livecd +# +# livecd creator +# +# livecd = module + +# Layer: services +# Module: lldpad +# +# lldpad - Link Layer Discovery Protocol (LLDP) agent daemon +# +# lldpad = module + +# Layer: apps +# Module: loadkeys +# +# Load keyboard mappings. +# +# loadkeys = module + +# Layer: apps +# Module: lockdev +# +# device locking policy for lockdev +# +# lockdev = module + +# Layer: admin +# Module: logrotate +# +# Rotate and archive system logs +# +# logrotate = module + +# Layer: services +# Module: logwatch +# +# logwatch executable +# +# logwatch = module + +# Layer: services +# Module: lpd +# +# Line printer daemon +# +# lpd = module + +# Layer: services +# Module: mailman +# +# Mailman is for managing electronic mail discussion and e-newsletter lists +# +# mailman = module + +# Layer: services +# Module: mailman +# +# Policy for mailscanner +# +# mailscanner = module + +# Layer: apps +# Module: man2html +# +# policy for man2html apps +# +# man2html = module + +# Layer: admin +# Module: mcelog +# +# Policy for mcelog. +# +# mcelog = module + +# Layer: apps +# Module: mediawiki +# +# mediawiki +# +# mediawiki = module + +# Layer: services +# Module: memcached +# +# high-performance memory object caching system +# +# memcached = module + +# Layer: services +# Module: milter +# +# +# +# milter = module + +# Layer: services +# Module: mip6d +# +# UMIP Mobile IPv6 and NEMO Basic Support protocol implementation +# +# mip6d = module + +# Layer: services +# Module: mock +# +# Policy for mock rpm builder +# +# mock = module + +# Layer: services +# Module: modemmanager +# +# Manager for dynamically switching between modems. +# +# modemmanager = module + +# Layer: services +# Module: mojomojo +# +# Wiki server +# +# mojomojo = module + +# Layer: apps +# Module: mozilla +# +# Policy for Mozilla and related web browsers +# +# mozilla = module + +# Layer: services +# Module: mpd +# +# mpd - daemon for playing music +# +# mpd = module + +# Layer: apps +# Module: mplayer +# +# Policy for Mozilla and related web browsers +# +# mplayer = module + +# Layer: admin +# Module: mrtg +# +# Network traffic graphing +# +# mrtg = module + +# Layer: services +# Module: mta +# +# Policy common to all email tranfer agents. +# +mta = module + +# Layer: services +# Module: munin +# +# Munin +# +# munin = module + +# Layer: services +# Module: mysql +# +# Policy for MySQL +# +# mysql = module + +# Layer: contrib +# Module: mythtv +# +# Policy for Mythtv (Web Server) +# +# mythtv = module + +# Layer: services +# Module: nagios +# +# policy for nagios Host/service/network monitoring program +# +# nagios = module + +# Layer: apps +# Module: namespace +# +# policy for namespace.init script +# +namespace = module + +# Layer: admin +# Module: ncftool +# +# Tool to modify the network configuration of a system +# +# ncftool = module + +# Layer: services +# Module: networkmanager +# +# Manager for dynamically switching between networks. +# +networkmanager = module + +# Layer: services +# Module: ninfod +# +# Respond to IPv6 Node Information Queries +# +# ninfod = module + +# Layer: services +# Module: nis +# +# Policy for NIS (YP) servers and clients +# +# nis = module + +# Layer: services +# Module: nova +# +# openstack-nova +# +# nova = module + +# Layer: services +# Module: nscd +# +# Name service cache daemon +# +# nscd = module + +# Layer: services +# Module: nslcd +# +# Policy for nslcd +# +# nslcd = module + +# Layer: services +# Module: ntop +# +# Policy for ntop +# +# ntop = module + +# Layer: services +# Module: ntp +# +# Network time protocol daemon +# +# ntp = module + +# Layer: services +# Module: numad +# +# numad - user-level daemon that provides advice and managment for optimum use of CPUs and memory on systems with NUMA topology +# +# numad = module + +# Layer: services +# Module: nut +# +# nut - Network UPS Tools +# +# nut = module + +# Layer: services +# Module: nx +# +# NX Remote Desktop +# +# nx = module + +# Layer: services +# Module: obex +# +# policy for obex-data-server +# +# obex = module + +# Layer: services +# Module: oddjob +# +# policy for oddjob +# +# oddjob = module + +# Layer: services +# Module: openct +# +# Service for handling smart card readers. +# +# openct = off + +# Layer: service +# Module: openct +# +# Middleware framework for smart card terminals +# +# openct = module + +# Layer: contrib +# Module: openshift-origin +# +# Origin version of openshift policy +# +# openshift-origin = module +# Layer: contrib +# Module: openshift +# +# Core openshift policy +# +# openshift = module + +# Layer: services +# Module: opensm +# +# InfiniBand subnet manager and administration (SM/SA) +# +# opensm = module + +# Layer: services +# Module: openvpn +# +# Policy for OPENVPN full-featured SSL VPN solution +# +# openvpn = module + +# Layer: contrib +# Module: openvswitch +# +# SELinux policy for openvswitch programs +# +# openvswitch = module + +# Layer: services +# Module: openwsman +# +# WS-Management Server +# +# openwsman = module + +# Layer: services +# Module: osad +# +# Client-side service written in Python that responds to pings +# +# osad = module + +# Layer: contrib +# Module: prelude +# +# SELinux policy for prelude +# +# prelude = module + +# Layer: contrib +# Module: prosody +# +# SELinux policy for prosody flexible communications server for Jabber/XMPP +# +# prosody = module + +# Layer: services +# Module: pads +# +# pads = module + +# Layer: services +# Module: passenger +# +# Passenger +# +# passenger = module + +# Layer: system +# Module: pcmcia +# +# PCMCIA card management services +# +# pcmcia = module + +# Layer: service +# Module: pcscd +# +# PC/SC Smart Card Daemon +# +# pcscd = module + +# Layer: services +# Module: pdns +# +# PowerDNS DNS server +# +# pdns = module + +# Layer: services +# Module: pegasus +# +# The Open Group Pegasus CIM/WBEM Server. +# +# pegasus = module + +# Layer: services +# Module: pingd +# +# +# pingd = module + +# Layer: services +# Module: piranha +# +# piranha - various tools to administer and configure the Linux Virtual Server +# +# piranha = module + +# Layer: contrib +# Module: pkcs +# +# daemon manages PKCS#11 objects between PKCS#11-enabled applications +# +# pkcs = module + +# Layer: services +# Module: plymouthd +# +# Plymouth +# +# plymouthd = module + +# Layer: apps +# Module: podsleuth +# +# Podsleuth probes, identifies, and exposes properties and metadata bound to iPods. +# +# podsleuth = module + +# Layer: services +# Module: policykit +# +# Hardware abstraction layer +# +# policykit = module + +# Layer: services +# Module: polipo +# +# polipo +# +# polipo = module + +# Layer: services +# Module: portmap +# +# RPC port mapping service. +# +# portmap = module + +# Layer: services +# Module: portreserve +# +# reserve ports to prevent portmap mapping them +# +# portreserve = module + +# Layer: services +# Module: postfix +# +# Postfix email server +# +# postfix = module + +# Layer: services +# Module: postgrey +# +# email scanner +# +# postgrey = module + +# Layer: services +# Module: ppp +# +# Point to Point Protocol daemon creates links in ppp networks +# +# ppp = module + +# Layer: admin +# Module: prelink +# +# Manage temporary directory sizes and file ages +# +# prelink = module + +# Layer: services +# Module: privoxy +# +# Privacy enhancing web proxy. +# +# privoxy = module + +# Layer: services +# Module: procmail +# +# Procmail mail delivery agent +# +# procmail = module + +# Layer: services +# Module: psad +# +# Analyze iptables log for hostile traffic +# +# psad = module + +# Layer: apps +# Module: ptchown +# +# helper function for grantpt(3), changes ownship and permissions of pseudotty +# +# ptchown = module + +# Layer: services +# Module: publicfile +# +# publicfile supplies files to the public through HTTP and FTP +# +# publicfile = module + +# Layer: apps +# Module: pulseaudio +# +# The PulseAudio Sound System +# +# pulseaudio = module + +# Layer: services +# Module: puppet +# +# A network tool for managing many disparate systems +# +# puppet = module + +# Layer: apps +# Module: pwauth +# +# External plugin for mod_authnz_external authenticator +# +# pwauth = module + +# Layer: services +# Module: qmail +# +# Policy for qmail +# +# qmail = module + +# Layer: services +# Module: qpidd +# +# Policy for qpidd +# +# qpid = module + +# Layer: services +# Module: quantum +# +# Quantum is a virtual network service for Openstack +# +# quantum = module + +# Layer: admin +# Module: quota +# +# File system quota management +# +# quota = module + +# Layer: services +# Module: rabbitmq +# +# rabbitmq daemons +# +# rabbitmq = module + +# Layer: services +# Module: radius +# +# RADIUS authentication and accounting server. +# +# radius = module + +# Layer: services +# Module: radvd +# +# IPv6 router advertisement daemon +# +# radvd = module + +# Layer: system +# Module: raid +# +# RAID array management tools +# +# raid = module + +# Layer: services +# Module: rasdaemon +# +# The rasdaemon program is a daemon with monitors the RAS trace events from /sys/kernel/debug/tracing +# +# rasdaemon = module + +# Layer: services +# Module: rdisc +# +# Network router discovery daemon +# +# rdisc = module + +# Layer: admin +# Module: readahead +# +# Readahead, read files into page cache for improved performance +# +# readahead = module + +# Layer: contrib +# Module: stapserver +# +# dbus system service which manages discovery and enrollment in realms and domains like Active Directory or IPA +# +# realmd = module + +# Layer: services +# Module: remotelogin +# +# Policy for rshd, rlogind, and telnetd. +# +# remotelogin = module + +# Layer: services +# Module: rhcs +# +# RHCS - Red Hat Cluster Suite +# +# rhcs = module + +# Layer: services +# Module: rhev +# +# rhev policy module contains policies for rhev apps +# +# rhev = module + +# Layer: services +# Module: rhgb +# +# X windows login display manager +# +# rhgb = module + +# Layer: services +# Module: rhsmcertd +# +# Subscription Management Certificate Daemon policy +# +# rhsmcertd = module + +# Layer: services +# Module: ricci +# +# policy for ricci +# +# ricci = module + +# Layer: services +# Module: rlogin +# +# Remote login daemon +# +# rlogin = module + +# Layer: services +# Module: roundup +# +# Roundup Issue Tracking System policy +# +# roundup = module + +# Layer: services +# Module: rpcbind +# +# universal addresses to RPC program number mapper +# +# rpcbind = module + +# Layer: services +# Module: rpc +# +# Remote Procedure Call Daemon for managment of network based process communication +# +# rpc = module + +# Layer: admin +# Module: rpm +# +# Policy for the RPM package manager. +# +rpm = module + +# Layer: services +# Module: rshd +# +# Remote shell service. +# +# rshd = module + +# Layer: apps +# Module: rssh +# +# Restricted (scp/sftp) only shell +# +# rssh = module + +# Layer: services +# Module: rsync +# +# Fast incremental file transfer for synchronization +# +# rsync = module + +# Layer: services +# Module: rtkit +# +# Real Time Kit Daemon +# +# rtkit = module + +# Layer: services +# Module: rwho +# +# who is logged in on local machines +# +# rwho = module + +# Layer: apps +# Module: sambagui +# +# policy for system-config-samba +# +# sambagui = module + +# +# SMB and CIFS client/server programs for UNIX and +# name Service Switch daemon for resolving names +# from Windows NT servers. +# +# samba = module + +# Layer: apps +# Module: sandbox +# +# Policy for running apps within a sandbox +# +# sandbox = module + +# Layer: apps +# Module: sandbox +# +# Policy for running apps within a X sandbox +# +# sandboxX = module + +# Layer: services +# Module: sanlock +# +# sanlock policy +# +# sanlock = module + +# Layer: services +# Module: sasl +# +# SASL authentication server +# +# sasl = module + +# Layer: services +# Module: sblim +# +# sblim +# +# sblim = module + +# Layer: apps +# Module: screen +# +# GNU terminal multiplexer +# +# screen = module + +# Layer: admin +# Module: sectoolm +# +# Policy for sectool-mechanism +# +# sectoolm = module + +# Layer: services +# Module: sendmail +# +# Policy for sendmail. +# +# sendmail = module + +# Layer: contrib +# Module: sensord +# +# Sensor information logging daemon +# +# sensord = module + +# Layer: services +# Module: setroubleshoot +# +# Policy for the SELinux troubleshooting utility +# +# setroubleshoot = module + +# Layer: services +# Module: sge +# +# policy for grindengine MPI jobs +# +# sge = module + +# Layer: admin +# Module: shorewall +# +# Policy for shorewall +# +# shorewall = module + +# Layer: apps +# Module: slocate +# +# Update database for mlocate +# +# slocate = module + +# Layer: contrib +# Module: slpd +# +# OpenSLP server daemon to dynamically register services +# +# slpd = module + +# Layer: services +# Module: slrnpull +# +# Service for downloading news feeds the slrn newsreader. +# +# slrnpull = off + +# Layer: services +# Module: smartmon +# +# Smart disk monitoring daemon policy +# +# smartmon = module + +# Layer: services +# Module: smokeping +# +# Latency Logging and Graphing System +# +# smokeping = module + +# Layer: admin +# Module: smoltclient +# +#The Fedora hardware profiler client +# +# smoltclient = module + +# Layer: services +# Module: snmp +# +# Simple network management protocol services +# +# snmp = module + +# Layer: services +# Module: snort +# +# Snort network intrusion detection system +# +# snort = module + +# Layer: admin +# Module: sosreport +# +# sosreport debuggin information generator +# +# sosreport = module + +# Layer: services +# Module: soundserver +# +# sound server for network audio server programs, nasd, yiff, etc +# +# soundserver = module + +# Layer: services +# Module: spamassassin +# +# Filter used for removing unsolicited email. +# +# spamassassin = module + +# Layer: services +# Module: speech-dispatcher +# +# speech-dispatcher - server process managing speech requests in Speech Dispatcher +# +# speech-dispatcher = module + +# Layer: services +# Module: squid +# +# Squid caching http proxy server +# +# squid = module + +# Layer: services +# Module: sssd +# +# System Security Services Daemon +# +# sssd = module + +# Layer: services +# Module: sslh +# +# Applicative protocol(SSL/SSH) multiplexer +# +# sslh = module + +# Layer: contrib +# Module: stapserver +# +# Instrumentation System Server +# +# stapserver = module + +# Layer: services +# Module: stunnel +# +# SSL Tunneling Proxy +# +# stunnel = module + +# Layer: services +# Module: svnserve +# +# policy for subversion service +# +# svnserve = module + +# Layer: services +# Module: swift +# +# openstack-swift +# +# swift = module + +# Layer: services +# Module: sysstat +# +# Policy for sysstat. Reports on various system states +# +# sysstat = module + +# Layer: services +# Module: tcpd +# +# Policy for TCP daemon. +# +# tcpd = module + +# Layer: services +# Module: tcsd +# +# tcsd - daemon that manages Trusted Computing resources +# +# tcsd = module + +# Layer: apps +# Module: telepathy +# +# telepathy - Policy for Telepathy framework +# +# telepathy = module + +# Layer: services +# Module: telnet +# +# Telnet daemon +# +# telnet = module + +# Layer: services +# Module: tftp +# +# Trivial file transfer protocol daemon +# +# tftp = module + +# Layer: services +# Module: tgtd +# +# Linux Target Framework Daemon. +# +# tgtd = module + +# Layer: apps +# Module: thumb +# +# Thumbnailer confinement +# +# thumb = module + +# Layer: services +# Module: timidity +# +# MIDI to WAV converter and player configured as a service +# +# timidity = off + +# Layer: admin +# Module: tmpreaper +# +# Manage temporary directory sizes and file ages +# +# tmpreaper = module + +# Layer: contrib +# Module: tomcat +# +# policy for tomcat service +# +# tomcat = module +# Layer: services +# Module: tor +# +# TOR, the onion router +# +# tor = module + +# Layer: services +# Module: tuned +# +# Dynamic adaptive system tuning daemon +# +# tuned = module + +# Layer: apps +# Module: tvtime +# +# tvtime - a high quality television application +# +# tvtime = module + +# Layer: services +# Module: ulogd +# +# netfilter/iptables ULOG daemon +# +# ulogd = module + +# Layer: apps +# Module: uml +# +# Policy for UML +# +# uml = module + +# Layer: admin +# Module: updfstab +# +# Red Hat utility to change /etc/fstab. +# +# updfstab = module + +# Layer: admin +# Module: usbmodules +# +# List kernel modules of USB devices +# +# usbmodules = module + +# Layer: services +# Module: usbmuxd +# +# Daemon for communicating with Apple's iPod Touch and iPhone +# +# usbmuxd = module + +# Layer: apps +# Module: userhelper +# +# A helper interface to pam. +# +# userhelper = module + +# Layer: apps +# Module: usernetctl +# +# User network interface configuration helper +# +# usernetctl = module + +# Layer: services +# Module: uucp +# +# Unix to Unix Copy +# +# uucp = module + +# Layer: services +# Module: uuidd +# +# UUID generation daemon +# +# uuidd = module + +# Layer: services +# Module: varnishd +# +# Varnishd http accelerator daemon +# +# varnishd = module + +# Layer: services +# Module: vdagent +# +# vdagent +# +# vdagent = module + +# Layer: services +# Module: vhostmd +# +# vhostmd - spice guest agent daemon. +# +# vhostmd = module + +# Layer: services +# Module: virt +# +# Virtualization libraries +# +# virt = module + +# Layer: apps +# Module: vhostmd +# +# vlock - Virtual Console lock program +# +# vlock = module + +# Layer: services +# Module: vmtools +# +# VMware Tools daemon +# +# vmtools = module + +# Layer: apps +# Module: vmware +# +# VMWare Workstation virtual machines +# +# vmware = module + +# Layer: services +# Module: vnstatd +# +# Network traffic Monitor +# +# vnstatd = module + +# Layer: admin +# Module: vpn +# +# Virtual Private Networking client +# +# vpn = module + +# Layer: services +# Module: w3c +# +# w3c +# +# w3c = module + +# Layer: services +# Module: wdmd +# +# wdmd policy +# +# wdmd = module + +# Layer: role +# Module: webadm +# +# Minimally prived root role for managing apache +# +# webadm = module + +# Layer: apps +# Module: webalizer +# +# Web server log analysis +# +# webalizer = module + +# Layer: apps +# Module: wine +# +# wine executable +# +# wine = module + +# Layer: apps +# Module: wireshark +# +# wireshark executable +# +# wireshark = module + +# Layer: system +# Module: xen +# +# virtualization software +# +# xen = module + +# Layer: services +# Module: zabbix +# +# Open-source monitoring solution for your IT infrastructure +# +# zabbix = module + +# Layer: services +# Module: zarafa +# +# Zarafa Collaboration Platform +# +# zarafa = module + +# Layer: services +# Module: zebra +# +# Zebra border gateway protocol network routing service +# +# zebra = module + +# Layer: services +# Module: zoneminder +# +# Zoneminder Camera Security Surveillance Solution +# +# zoneminder = module + +# Layer: services +# Module: zosremote +# +# policy for z/OS Remote-services Audit dispatcher plugin +# +# zosremote = module + +# Layer: contrib +# Module: thin +# +# Policy for thin +# +# thin = module + +# Layer: contrib +# Module: mandb +# +# Policy for mandb +# +# mandb = module + +# Layer: services +# Module: pki +# +# policy for pki +# +# pki = module + +# Layer: services +# Module: smsd +# +# policy for smsd +# +# smsd = module + +# Layer: contrib +# Module: pesign +# +# policy for pesign +# +# pesign = module + +# Layer: contrib +# Module: nsd +# +# Fast and lean authoritative DNS Name Server +# +# nsd = module + +# Layer: contrib +# Module: iodine +# +# Fast and lean authoritative DNS Name Server +# +# iodine = module + +# Layer: contrib +# Module: openhpid +# +# OpenHPI daemon runs as a background process and accepts connecti +# +# openhpid = module + +# Layer: contrib +# Module: watchdog +# +# Watchdog policy +# +# watchdog = module + +# Layer: contrib +# Module: oracleasm +# +# oracleasm policy +# +# oracleasm = module + +# Layer: contrib +# Module: redis +# +# redis policy +# +# redis = module + +# Layer: contrib +# Module: hypervkvp +# +# hypervkvp policy +# +# hypervkvp = module + +# Layer: contrib +# Module: lsm +# +# lsm policy +# +# lsm = module + +# Layer: contrib +# Module: motion +# +# Daemon for detect motion using a video4linux device +# motion = module + +# Layer: contrib +# Module: rtas +# +# rtas policy +# +# rtas = module + +# Layer: contrib +# Module: journalctl +# +# journalctl policy +# +# journalctl = module + +# Layer: contrib +# Module: gdomap +# +# gdomap policy +# +# gdomap = module + +# Layer: contrib +# Module: minidlna +# +# minidlna policy +# +# minidlna = module + +# Layer: contrib +# Module: minissdpd +# +# minissdpd policy +# +# minissdpd = module + +# Layer: contrib +# Module: freeipmi +# +# Remote-Console (out-of-band) and System Management Software (in-band) +# based on IntelligentPlatform Management Interface specification +# +# freeipmi = module + +# Layer: contrib +# Module: mirrormanager +# +# mirrormanager policy +# +# mirrormanager = module + +# Layer: contrib +# Module: snapper +# +# snapper policy +# +# snapper = module + +# Layer: contrib +# Module: pcp +# +# pcp policy +# +# pcp = module + +# Layer: contrib +# Module: geoclue +# +# Add policy for Geoclue. Geoclue is a D-Bus service that provides location information +# +# geoclue = module + +# Layer: contrib +# Module: rkhunter +# +# rkhunter policy for /var/lib/rkhunter +# +# rkhunter = module + +# Layer: contrib +# Module: bacula +# +# bacula policy +# +# bacula = module + +# Layer: contrib +# Module: rhnsd +# +# rhnsd policy +# +# rhnsd = module + +# Layer: contrib +# Module: mongodb +# +# mongodb policy +# + +# mongodb = module + +# Layer: contrib +# Module: iotop +# +# iotop policy +# + +# iotop = module + +# Layer: contrib +# Module: kmscon +# +# kmscon policy +# + +# kmscon = module + +# Layer: contrib +# Module: naemon +# +# naemon policy +# +# naemon = module + +# Layer: contrib +# Module: brltty +# +# brltty policy +# +# brltty = module + +# Layer: contrib +# Module: cpuplug +# +# cpuplug policy +# +# cpuplug = module + +# Layer: contrib +# Module: mon_statd +# +# mon_statd policy +# +# mon_statd = module + +# Layer: contrib +# Module: cinder +# +# openstack-cinder policy +# +# cinder = module + +# Layer: contrib +# Module: linuxptp +# +# linuxptp policy +# +# linuxptp = module + +# Layer: contrib +# Module: rolekit +# +# rolekit policy +# +# rolekit = module + +# Layer: contrib +# Module: targetd +# +# targetd policy +# +# targetd = module + +# Layer: contrib +# Module: hsqldb +# +# Hsqldb is transactional database engine with in-memory and disk-based tables, supporting embedded and server modes. +# +# hsqldb = module + +# Layer: contrib +# Module: blkmapd +# +# The blkmapd daemon performs device discovery and mapping for pNFS block layout client. +# +# blkmapd = module + +# Layer: contrib +# Module: pkcs11proxyd +# +# pkcs11proxyd policy +# +# pkcs11proxyd = module + +# Layer: contrib +# Module: ipmievd +# +# IPMI event daemon for sending events to syslog +# +# ipmievd = module + +# Layer: contrib +# Module: openfortivpn +# +# Fortinet compatible SSL VPN daemons. +# +# openfortivpn = module + +# Layer: contrib +# Module: fwupd +# +# fwupd is a daemon to allow session software to update device firmware. +# +# fwupd = module + +# Layer: contrib +# Module: lttng-tools +# +# LTTng 2.x central tracing registry session daemon. +# +# lttng-tools = module + +# Layer: contrib +# Module: rkt +# +# CLI for running app containers +# +# rkt = module + +# Layer: contrib +# Module: opendnssec +# +# opendnssec +# +# opendnssec = module + +# Layer: contrib +# Module: hwloc +# +# hwloc +# +# hwloc = module + +# Layer: contrib +# Module: sbd +# +# sbd +# +# sbd = module + +# Layer: contrib +# Module: tlp +# +# tlp +# +# tlp = module + +# Layer: contrib +# Module: conntrackd +# +# conntrackd +# +# conntrackd = module + +# Layer: contrib +# Module: tangd +# +# tangd +# +# tangd = module + +# Layer: contrib +# Module: ibacm +# +# ibacm +# +# ibacm = module + +# Layer: contrib +# Module: opafm +# +# opafm +# +# opafm = module + +# Layer: contrib +# Module: boltd +# +# boltd +# +# boltd = module + +# Layer: contrib +# Module: kpatch +# +# kpatch +# +# kpatch = module + +# Layer: contrib +# Module: timedatex +# +# timedatex +# +# timedatex = module + +# Layer: contrib +# Module: rrdcached +# +# rrdcached +# +# rrdcached = module + +# Layer: contrib +# Module: stratisd +# +# stratisd +# +# stratisd = module + +# Layer: contrib +# Module: insights_client +# +# insights_client +# +insights_client = module diff --git a/selinux-policy.spec b/selinux-policy.spec index 0107b8c8593e6e6e0bead77dcc147a343905bf3a..4084b84f2d78f9a1d59f6b637c1479b9282b482e 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -1,4 +1,4 @@ -%define anolis_release .0.1 +%define anolis_release .0.2 # github repo with selinux-policy base sources %global git0 https://github.com/fedora-selinux/selinux-policy %global commit0 b5586baa73b14fb8ca458fa4bbe70522b1ec264b @@ -30,12 +30,12 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.14.3 -Release: 128%{anolis_release}%{?dist} +Release: 128%{anolis_release}%{?dist}%{?lifsea_dist} License: GPLv2+ Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz Source29: %{git1}/archive/%{commit1}/%{name}-contrib-%{shortcommit1}.tar.gz -Source1: modules-targeted-base.conf -Source31: modules-targeted-contrib.conf +Source1: modules-targeted-base%{?lifsea_dist}.conf +Source31: modules-targeted-contrib%{?lifsea_dist}.conf Source2: booleans-targeted.conf Source3: Makefile.devel Source4: setrans-targeted.conf @@ -169,6 +169,13 @@ SELinux policy documentation package %exclude %{_mandir}/man8/container_selinux.8.gz %doc %{_usr}/share/doc/%{name} +# To avoid users installing the LifseaOS package in other os +%define common_pre_scripts() \ +if ! grep -q 'ID="lifsea"' /etc/os-release; then \ + echo "This package is only for LifseaOS!" \ + exit 1 \ +fi + %define makeCmds() \ make UNK_PERMS=%4 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} MLS_CATS=1024 MCS_CATS=1024 bare \ make UNK_PERMS=%4 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} MLS_CATS=1024 MCS_CATS=1024 conf \ @@ -177,11 +184,21 @@ cp -f selinux_config/users-%1 ./policy/users \ #cp -f selinux_config/modules-%1-base.conf ./policy/modules.conf \ %define makeModulesConf() \ -cp -f selinux_config/modules-%1-%2.conf ./policy/modules-base.conf \ -cp -f selinux_config/modules-%1-%2.conf ./policy/modules.conf \ +if [ %1 == "targeted" ];then \ + cp -f selinux_config/modules-%1-%2%{?lifsea_dist}.conf ./policy/modules-base.conf \ + cp -f selinux_config/modules-%1-%2%{?lifsea_dist}.conf ./policy/modules.conf \ +else \ + cp -f selinux_config/modules-%1-%2.conf ./policy/modules-base.conf \ + cp -f selinux_config/modules-%1-%2.conf ./policy/modules.conf \ +fi; \ if [ %3 == "contrib" ];then \ - cp selinux_config/modules-%1-%3.conf ./policy/modules-contrib.conf; \ - cat selinux_config/modules-%1-%3.conf >> ./policy/modules.conf; \ + if [ %1 == "targeted" ];then \ + cp selinux_config/modules-%1-%3%{?lifsea_dist}.conf ./policy/modules-contrib.conf; \ + cat selinux_config/modules-%1-%3%{?lifsea_dist}.conf >> ./policy/modules.conf; \ + else \ + cp selinux_config/modules-%1-%3.conf ./policy/modules-contrib.conf; \ + cat selinux_config/modules-%1-%3.conf >> ./policy/modules.conf; \ + fi; \ fi; \ %define installCmds() \ @@ -460,7 +477,7 @@ echo " # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. -SELINUX=disabled +SELINUX=%{!?lifsea_dist:disabled}%{?lifsea_dist:enforcing} # SELINUXTYPE= can take one of these three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. @@ -476,6 +493,20 @@ else fi exit 0 +%if %{defined lifsea_dist} +%pre +%{common_pre_scripts} + +%pre devel +%{common_pre_scripts} + +%pre sandbox +%{common_pre_scripts} + +%pre doc +%{common_pre_scripts} +%endif + %postun if [ $1 = 0 ]; then setenforce 0 2> /dev/null @@ -507,6 +538,9 @@ Conflicts: container-selinux < 2:1.12.1-22 SELinux Reference policy targeted base module. %pre targeted +%if %{defined lifsea_dist} +%{common_pre_scripts} +%endif %preInstall targeted %post targeted @@ -579,6 +613,9 @@ Conflicts: container-selinux <= 1.9.0-9 SELinux Reference policy minimum base module. %pre minimum +%if %{defined lifsea_dist} +%{common_pre_scripts} +%endif %preInstall minimum if [ $1 -ne 1 ]; then /usr/sbin/semodule -s minimum --list-modules=full | awk '{ if ($4 != "disabled") print $2; }' > /usr/share/selinux/minimum/instmodules.lst @@ -674,6 +711,9 @@ Conflicts: container-selinux <= 1.9.0-9 SELinux Reference policy mls base module. %pre mls +%if %{defined lifsea_dist} +%{common_pre_scripts} +%endif %preInstall mls %post mls @@ -719,6 +759,9 @@ exit 0 %endif %changelog +* Fri Mar 08 2024 yuanhui - 3.14.3-128.0.2 +- LifseaOS: tailoring selinux policy trageted for lifsea + * Mon Dec 11 2023 2023 Weitao Zhou - 3.14.3-128.0.1 - Disable selinux by default