I am strictly following what is written at the top of that file: To
prevent a module from being used in policy creation, set the module
name to "off". I'll try what you've suggested though and see if that
helps.
Nope, same error! If you are willing to see if you get the same error as
me, I have attached 3 patches (I hope the mailing list daemon won't moan
too much!), which I use to compile the standard FC15 policy with.
The first one is applied against the .spec file and the other two need
to be placed in the SOURCES directory as they are applied against the
policy sources at various stages during the actual build. The
compilation passes OK, so does the linking, but I get an error with
semodule_expand. The problem is, I have no idea what this error means!
--- selinux-policy-org.spec 2011-06-14 10:00:30.000000000 +0100
+++ selinux-policy.spec 2011-06-25 22:11:21.436775993 +0100
@@ -25,7 +25,9 @@
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
-patch: policy-F15.patch
+Patch1: policy-F15.patch
+Patch2: policy-%{version}-1z.patch
+Patch3: policy-%{version}-2z.patch
Source1: modules-targeted.conf
Source2: booleans-targeted.conf
Source3: Makefile.devel
@@ -201,13 +203,18 @@
%prep
%setup -n serefpolicy-%{version} -q
-%patch -p1
+%patch1 -p1
+/usr/bin/patch -p1 --no-backup-if-mismatch --reject-file=- --fuzz=0 -i %{PATCH2}
%install
mkdir selinux_config
for i in %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} %{SOURCE8} %{SOURCE9} %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} %{SOURCE15} %{SOURCE16} %{SOURCE17} %{SOURCE18} %{SOURCE19} %{SOURCE20} %{SOURCE21} %{SOURCE22} %{SOURCE23} %{SOURCE24} %{SOURCE25} %{SOURCE26};do
cp $i selinux_config
done
+
+#very ugly hack
+/usr/bin/patch -p1 --no-backup-if-mismatch --reject-file=- --fuzz=0 -i %{PATCH3}
+
tar zxvf selinux_config/config.tgz
# Build targeted policy
%{__rm} -fR %{buildroot}
diff --exclude=selinux_config -NurBb serefpolicy-3.9.16/policy/modules/kernel/corenetwork.te.in serefpolicy-3.9.16.new/policy/modules/kernel/corenetwork.te.in
--- serefpolicy-3.9.16/policy/modules/kernel/corenetwork.te.in 2011-06-25 18:44:40.052773881 +0100
+++ serefpolicy-3.9.16.new/policy/modules/kernel/corenetwork.te.in 2011-06-25 17:21:42.544773039 +0100
@@ -78,196 +87,58 @@
#
type server_packet_t, packet_type, server_packet_type;
-network_port(afs_bos, udp,7007,s0)
-network_port(afs_client, udp,7001,s0)
-network_port(afs_fs, tcp,2040,s0, udp,7000,s0, udp,7005,s0)
-network_port(afs_ka, udp,7004,s0)
-network_port(afs_pt, udp,7002,s0)
-network_port(afs_vl, udp,7003,s0)
+network_port(agent_dash_four, tcp,12370-12385,s0, udp,12370-12385,s0)
network_port(agentx, udp,705,s0, tcp,705,s0)
-network_port(ajaxterm, tcp,8022,s0)
-network_port(amanda, udp,10080-10082,s0, tcp,10080-10083,s0)
-network_port(amavisd_recv, tcp,10024,s0)
-network_port(amavisd_send, tcp,10025,s0)
-network_port(amqp, udp,5671-5672,s0, tcp,5671-5672,s0)
-network_port(aol, udp,5190-5193,s0, tcp,5190-5193,s0)
-network_port(apcupsd, tcp,3551,s0, udp,3551,s0)
-network_port(apertus_ldp, tcp,539,s0, udp,539,s0)
-network_port(asterisk, tcp,1720,s0, udp,2427,s0, udp,2727,s0, udp,4569,s0)
network_port(audit, tcp,60,s0)
network_port(auth, tcp,113,s0)
-network_port(bgp, tcp,179,s0, udp,179,s0, tcp,2605,s0, udp,2605,s0)
-network_port(boinc, tcp,31416,s0)
type biff_port_t, port_type, reserved_port_type; dnl network_port(biff) # no defined portcon in current strict
-network_port(certmaster, tcp,51235,s0)
-network_port(chronyd, udp,323,s0)
-network_port(clamd, tcp,3310,s0)
-network_port(clockspeed, udp,4041,s0)
-network_port(cluster, tcp,5149,s0, udp,5149,s0, tcp,40040,s0, tcp,50006-50008,s0, udp,50006-50008,s0)
-network_port(cobbler, tcp,25151,s0)
-network_port(commplex, tcp,5000,s0, udp,5000,s0, tcp,5001,s0, udp,5001,s0)
-network_port(comsat, udp,512,s0)
-network_port(cvs, tcp,2401,s0, udp,2401,s0)
-network_port(cyphesis, tcp,6767,s0, tcp,6769,s0, tcp,6780-6799,s0, udp,32771,s0)
-network_port(daap, tcp,3689,s0, udp,3689,s0)
-network_port(dbskkd, tcp,1178,s0)
-network_port(dcc, udp,6276,s0, udp,6277,s0)
-network_port(dccm, tcp,5679,s0, udp,5679,s0)
-network_port(dhcpc, udp,68,s0, tcp,68,s0, udp,546,s0, tcp, 546,s0)
-network_port(dhcpd, udp,67,s0, udp,547,s0, tcp, 547,s0, udp,548,s0, tcp, 548,s0, tcp,647,s0, udp,647,s0, tcp,847,s0, udp,847,s0, tcp,7911,s0)
-network_port(dict, tcp,2628,s0)
-network_port(distccd, tcp,3632,s0)
-network_port(dogtag, tcp,7390,s0)
network_port(dns, udp,53,s0, tcp,53,s0)
-network_port(epmap, tcp,135,s0, udp,135,s0)
-network_port(festival, tcp,1314,s0)
-network_port(fingerd, tcp,79,s0)
-network_port(firebird, tcp,3050,s0, udp,3050,s0)
-network_port(flash, tcp,843,s0, tcp,1935,s0, udp,1935,s0)
network_port(ftp, tcp,21,s0, tcp,990,s0, udp,990,s0)
network_port(ftp_data, tcp,20,s0)
-network_port(gatekeeper, udp,1718,s0, udp,1719,s0, tcp,1721,s0, tcp,7000,s0)
-network_port(giftd, tcp,1213,s0)
-network_port(git, tcp,9418,s0, udp,9418,s0)
-network_port(gopher, tcp,70,s0, udp,70,s0)
-network_port(gpsd, tcp,2947,s0)
-network_port(hadoop_datanode, tcp,50010,s0)
-network_port(hadoop_namenode, tcp,8020,s0)
network_port(hddtemp, tcp,7634,s0)
-network_port(howl, tcp,5335,s0, udp,5353,s0)
-network_port(hplip, tcp,1782,s0, tcp,2207,s0, tcp,2208,s0, tcp, 8290,s0, tcp,50000,s0, tcp,50002,s0, tcp,8292,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0, tcp,9292,s0)
network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp,8009,s0, tcp,8443,s0) #8443 is mod_nss default port
network_port(http_cache, udp,3130,s0, tcp,8080,s0, tcp,8118,s0, tcp,10001-10010,s0) # 8118 is for privoxy
-network_port(i18n_input, tcp,9010,s0)
-network_port(imaze, tcp,5323,s0, udp,5323,s0)
-network_port(inetd_child, tcp,1,s0, udp,1,s0, tcp,7,s0, udp,7,s0, tcp,9,s0, udp,9,s0, tcp,13,s0, udp,13,s0, tcp,19,s0, udp,19,s0, tcp,37,s0, udp,37,s0, tcp,512,s0, tcp,543,s0, tcp,544,s0, tcp,891,s0, udp,891,s0, tcp,892,s0, udp,892,s0, tcp,2105,s0, tcp,5666,s0)
-network_port(innd, tcp,119,s0)
-network_port(ipmi, udp,623,s0, udp,664,s0)
-network_port(ipp, tcp,631,s0, udp,631,s0, tcp,8610-8614,s0, udp,8610-8614,s0)
network_port(ipsecnat, tcp,4500,s0, udp,4500,s0)
-network_port(ircd, tcp,6667,s0)
network_port(isakmp, udp,500,s0)
-network_port(iscsi, tcp,3260,s0)
-network_port(isns, tcp,3205,s0, udp,3205,s0)
-network_port(jabber_client, tcp,5222,s0, tcp,5223,s0)
-network_port(jabber_interserver, tcp,5269,s0)
-network_port(jabber_router, tcp,5347,s0)
-network_port(jboss_management, tcp,4712,s0, udp,4712,s0)
network_port(kerberos, tcp,88,s0, udp,88,s0, tcp,750,s0, udp,750,s0, tcp,4444,s0, udp,4444,s0)
network_port(kerberos_admin, tcp,749,s0)
network_port(kerberos_password, tcp,464,s0, udp,464,s0)
-network_port(kismet, tcp,2501,s0)
network_port(kprop, tcp,754,s0)
-network_port(ktalkd, udp,517,s0, udp,518,s0)
network_port(ldap, tcp,389,s0, udp,389,s0, tcp,636,s0, udp,636,s0, tcp,3268,s0)
-network_port(lirc, tcp,8765,s0)
-network_port(luci, tcp,8084,s0)
-network_port(lmtp, tcp,24,s0, udp,24,s0)
-type lrrd_port_t, port_type; dnl network_port(lrrd_port_t) # no defined portcon
-network_port(mail, tcp,2000,s0, tcp,3905,s0)
-network_port(matahari, tcp,49000,s0, udp,49000,s0)
-network_port(memcache, tcp,11211,s0, udp,11211,s0)
-network_port(mmcc, tcp,5050,s0, udp,5050,s0)
-network_port(monopd, tcp,1234,s0)
-network_port(movaz_ssc, tcp,5252,s0)
-network_port(mpd, tcp,6600,s0)
-network_port(msnp, tcp,1863,s0, udp,1863,s0)
-network_port(mssql, tcp,1433-1434,s0, udp,1433-1434,s0)
-network_port(munin, tcp,4949,s0, udp,4949,s0)
-network_port(mysqld, tcp,1186,s0, tcp,3306,s0, tcp,63132-63164,s0)
+network_port(mysqld, tcp,1186,s0, tcp,17406,s0, tcp,63132-63164,s0)
network_port(mysqlmanagerd, tcp,2273,s0)
-network_port(nessus, tcp,1241,s0)
-network_port(netport, tcp,3129,s0, udp,3129,s0)
-network_port(netsupport, tcp,5404,s0, udp,5404,s0, tcp,5405,s0, udp,5405,s0)
-network_port(nmbd, udp,137,s0, udp,138,s0)
-network_port(ntop, tcp,3000-3001,s0, udp,3000-3001,s0)
network_port(ntp, udp,123,s0)
-network_port(oracledb, tcp, 1521,s0,udp, 1521,s0, tcp,2483,s0,udp,2483,s0, tcp,2484,s0, udp,2484,s0)
network_port(ocsp, tcp,9080,s0)
network_port(openvpn, tcp,1194,s0, udp,1194,s0)
-network_port(pktcable, tcp,2126,s0, udp,2126,s0, tcp,3198,s0, udp,3198,s0)
-network_port(pegasus_http, tcp,5988,s0)
-network_port(pegasus_https, tcp,5989,s0)
-network_port(pgpkeyserver, udp, 11371,s0, tcp,11371,s0)
-network_port(pingd, tcp,9125,s0)
-network_port(piranha, tcp,3636,s0)
-network_port(pki_ca, tcp, 9180, s0, tcp, 9701, s0, tcp, 9443, s0, tcp, 9444, s0, tcp, 9445, s0)
-network_port(pki_kra, tcp, 10180, s0, tcp, 10701, s0, tcp, 10443, s0, tcp, 10444, s0, tcp, 10445, s0)
-network_port(pki_ocsp, tcp, 11180, s0, tcp, 11701, s0, tcp, 11443, s0, tcp, 11444, s0, tcp, 11445, s0)
-network_port(pki_tks, tcp, 13180, s0, tcp, 13701, s0, tcp, 13443, s0, tcp, 13444, s0, tcp, 13445, s0)
-network_port(pki_ra, tcp,12888-12889,s0)
-network_port(pki_tps, tcp,7888-7889,s0)
-network_port(pop, tcp,106,s0, tcp,109,s0, tcp,110,s0, tcp,143,s0, tcp,220,s0, tcp,993,s0, tcp,995,s0, tcp,1109,s0)
+network_port(pop, tcp,110,s0, tcp,143,s0, tcp,993,s0, tcp,995,s0)
network_port(portmap, udp,111,s0, tcp,111,s0)
-network_port(postfix_policyd, tcp,10031,s0)
-network_port(postgresql, tcp,5432,s0)
-network_port(postgrey, tcp,60000,s0)
-network_port(prelude, tcp,4690,s0, udp,4690,s0)
-network_port(presence, tcp,5298-5299,s0, udp,5298-5299,s0)
-network_port(printer, tcp,515,s0)
-network_port(ptal, tcp,5703,s0)
network_port(pulseaudio, tcp,4713,s0)
-network_port(puppet, tcp, 8140, s0)
-network_port(pxe, udp,4011,s0)
-network_port(pyzor, udp,24441,s0)
-network_port(radacct, udp,1646,s0, udp,1813,s0)
-network_port(radius, udp,1645,s0, udp,1812,s0)
-network_port(radsec, tcp,2083,s0)
-network_port(razor, tcp,2703,s0)
-network_port(ricci, tcp,11111,s0, udp,11111,s0)
-network_port(ricci_modcluster, tcp,16851,s0, udp,16851,s0)
network_port(rlogind, tcp,513,s0)
-network_port(rndc, tcp,953,s0)
network_port(router, udp,520-521,s0, tcp,521,s0)
network_port(rsh, tcp,514,s0)
network_port(rsync, tcp,873,s0, udp,873,s0)
network_port(rwho, udp,513,s0)
-network_port(sap, tcp,9875,s0, udp,9875,s0)
-network_port(sametime, tcp,1533,s0, udp,1533,s0)
-network_port(sieve, tcp,4190,s0)
-network_port(sip, tcp,5060-5061,s0, udp,5060-5061,s0)
-network_port(sixxsconfig, tcp,3874,s0, udp,3874,s0)
-network_port(smbd, tcp,137-139,s0, tcp,445,s0)
network_port(smtp, tcp,25,s0, tcp,465,s0, tcp,587,s0)
-network_port(snmp, tcp,161-162,s0, udp,161-162,s0, tcp,199,s0, tcp, 1161, s0)
+network_port(sip, udp,5060-5065,s0)
+network_port(sip_stun, udp,3478-3479,s0)
+network_port(sip_data, udp,15666-15690,s0)
+network_port(sip_debug, tcp,15691,s0)
type socks_port_t, port_type; dnl network_port(socks) # no defined portcon
-network_port(soundd, tcp,8000,s0, tcp,9433,s0, tcp, 16001, s0)
-network_port(spamd, tcp,783,s0)
-network_port(speech, tcp,8036,s0)
-network_port(squid, tcp,3128,s0, udp,3401,s0, tcp,3401,s0, udp,4827,s0, tcp,4827,s0) # snmp and htcp
-network_port(ssdp, tcp,1900,s0, udp, 1900, s0)
-network_port(ssh, tcp,22,s0)
-network_port(streaming, tcp, 554, s0, udp, 554, s0, tcp, 1755, s0, udp, 1755, s0)
-type stunnel_port_t, port_type; dnl network_port(stunnel) # no defined portcon in current strict
-network_port(swat, tcp,901,s0)
-network_port(sype, tcp,9911,s0, udp,9911,s0)
+network_port(ssh, tcp,822,s0)
network_port(syslogd, udp,514,s0)
-network_port(tcs, tcp, 30003, s0)
network_port(telnetd, tcp,23,s0)
-network_port(tftp, udp,69,s0)
-network_port(tor, tcp, 6969, s0, tcp,9001,s0, tcp,9030,s0, tcp,9050,s0, tcp,9051,s0)
+network_port(tor_client, tcp,9001,s0, tcp,9030,s0, tcp,9040,s0)
+network_port(tor_dir, tcp,9090,s0, tcp,9091,s0)
+network_port(tor_proxy, tcp,9250,s0)
+network_port(tor_ctl, tcp,9251,s0)
network_port(traceroute, udp,64000-64010,s0)
+network_port(trans_server, tcp,22067,s0)
+network_port(trans_server_ctl, tcp,22060,s0)
network_port(transproxy, tcp,8081,s0)
-network_port(ups, tcp,3493,s0)
-type utcpserver_port_t, port_type; dnl network_port(utcpserver) # no defined portcon
-network_port(uucpd, tcp,540,s0)
-network_port(varnishd, tcp,6081-6082,s0)
-network_port(virt, tcp,16509,s0, udp,16509,s0, tcp,16514,s0, udp,16514,s0)
-network_port(virt_migration, tcp,49152-49216,s0)
-network_port(vnc, tcp,5900-5999,s0)
-network_port(wccp, udp,2048,s0)
+network_port(upnp, udp,1900,s0)
network_port(whois, tcp,43,s0, udp,43,s0, tcp, 4321, s0 , udp, 4321, s0 )
-network_port(xdmcp, udp,177,s0, tcp,177,s0)
network_port(xen, tcp,8002,s0)
-network_port(xfs, tcp,7100,s0)
-network_port(xserver, tcp,6000-6150,s0)
-network_port(zarafa, tcp,236,s0)
-network_port(zookeeper_client, tcp,2181,s0)
-network_port(zookeeper_election, tcp,3888,s0)
-network_port(zookeeper_leader, tcp,2888,s0)
-network_port(zebra, tcp,2600-2604,s0, tcp,2606,s0, udp,2600-2604,s0, udp,2606,s0)
-network_port(zented, tcp,1229,s0, udp,1229,s0)
-network_port(zope, tcp,8021,s0)
+network_port(xs_dash_four, tcp,22604,s0)
# Defaults for reserved ports. Earlier portcon entries take precedence;
# these entries just cover any remaining reserved ports not otherwise declared.
diff --exclude=selinux_config -NurBb serefpolicy-3.9.16/policy/modules/roles/dbadm.te serefpolicy-3.9.16.new/policy/modules/roles/dbadm.te
--- serefpolicy-3.9.16/policy/modules/roles/dbadm.te 2011-06-25 18:44:40.080773880 +0100
+++ serefpolicy-3.9.16.new/policy/modules/roles/dbadm.te 2011-06-25 16:49:32.972772697 +0100
@@ -57,9 +57,5 @@
')
optional_policy(`
- postgresql_admin(dbadm_t, dbadm_r)
-')
-
-optional_policy(`
sudo_role_template(dbadm, dbadm_r, dbadm_t)
')
diff --exclude=selinux_config -NurBb serefpolicy-3.9.16/policy/modules/services/privoxy.te serefpolicy-3.9.16.new/policy/modules/services/privoxy.te
--- serefpolicy-3.9.16/policy/modules/services/privoxy.te 2011-06-25 18:44:40.256773880 +0100
+++ serefpolicy-3.9.16.new/policy/modules/services/privoxy.te 2011-06-25 14:49:23.654771477 +0100
@@ -61,13 +61,13 @@
corenet_tcp_connect_squid_port(privoxy_t)
corenet_tcp_connect_ftp_port(privoxy_t)
corenet_tcp_connect_pgpkeyserver_port(privoxy_t)
-corenet_tcp_connect_tor_port(privoxy_t)
+corenet_tcp_connect_tor_proxy_port(privoxy_t)
corenet_sendrecv_http_cache_client_packets(privoxy_t)
corenet_sendrecv_squid_client_packets(privoxy_t)
corenet_sendrecv_http_cache_server_packets(privoxy_t)
corenet_sendrecv_http_client_packets(privoxy_t)
corenet_sendrecv_ftp_client_packets(privoxy_t)
-corenet_sendrecv_tor_client_packets(privoxy_t)
+corenet_sendrecv_tor_proxy_client_packets(privoxy_t)
dev_read_sysfs(privoxy_t)
diff --exclude=selinux_config -NurBb serefpolicy-3.9.16/policy/modules/services/ssh.te serefpolicy-3.9.16.new/policy/modules/services/ssh.te
--- serefpolicy-3.9.16/policy/modules/services/ssh.te 2011-06-25 18:44:40.304773880 +0100
+++ serefpolicy-3.9.16.new/policy/modules/services/ssh.te 2011-06-25 14:52:06.534771505 +0100
@@ -265,10 +251,6 @@
term_relabelto_all_ptys(sshd_t)
term_use_ptmx(sshd_t)
-# for X forwarding
-corenet_tcp_bind_xserver_port(sshd_t)
-corenet_sendrecv_xserver_server_packets(sshd_t)
-
userdom_read_user_home_content_files(sshd_t)
userdom_read_user_home_content_symlinks(sshd_t)
userdom_manage_tmp_role(system_r, sshd_t)
diff --exclude=selinux_config -NurBb serefpolicy-3.9.16/policy/modules/services/tor.te serefpolicy-3.9.16.new/policy/modules/services/tor.te
--- serefpolicy-3.9.16/policy/modules/services/tor.te 2011-06-25 21:59:46.114775874 +0100
+++ serefpolicy-3.9.16.new/policy/modules/services/tor.te 2011-06-25 15:20:01.604771792 +0100
@@ -75,27 +76,7 @@
kernel_read_system_state(tor_t)
-# networking basics
-corenet_all_recvfrom_unlabeled(tor_t)
-corenet_all_recvfrom_netlabel(tor_t)
-corenet_tcp_sendrecv_generic_if(tor_t)
-corenet_udp_sendrecv_generic_if(tor_t)
-corenet_tcp_sendrecv_generic_node(tor_t)
-corenet_udp_sendrecv_generic_node(tor_t)
-corenet_tcp_sendrecv_all_ports(tor_t)
corenet_udp_sendrecv_dns_port(tor_t)
-corenet_tcp_sendrecv_all_reserved_ports(tor_t)
-corenet_tcp_bind_generic_node(tor_t)
-corenet_udp_bind_generic_node(tor_t)
-corenet_tcp_bind_tor_port(tor_t)
-corenet_udp_bind_dns_port(tor_t)
-corenet_sendrecv_tor_server_packets(tor_t)
-corenet_sendrecv_dns_server_packets(tor_t)
-# TOR will need to connect to various ports
-corenet_tcp_connect_all_ports(tor_t)
-corenet_sendrecv_all_client_packets(tor_t)
-# ... especially including port 80 and other privileged ports
-corenet_tcp_connect_all_reserved_ports(tor_t)
corenet_udp_bind_dns_port(tor_t)
# tor uses crypto and needs random
diff --exclude=selinux_config -NurBb serefpolicy-3.9.16/policy/modules/system/logging.te serefpolicy-3.9.16.new/policy/modules/system/logging.te
--- serefpolicy-3.9.16/policy/modules/system/logging.te 2011-06-25 18:44:40.361773880 +0100
+++ serefpolicy-3.9.16.new/policy/modules/system/logging.te 2011-06-25 17:27:02.747773088 +0100
@@ -444,13 +444,11 @@
# Allow users to define additional syslog ports to connect to
corenet_tcp_bind_syslogd_port(syslogd_t)
corenet_tcp_connect_syslogd_port(syslogd_t)
-corenet_tcp_connect_postgresql_port(syslogd_t)
corenet_tcp_connect_mysqld_port(syslogd_t)
# syslog-ng can send or receive logs
corenet_sendrecv_syslogd_client_packets(syslogd_t)
corenet_sendrecv_syslogd_server_packets(syslogd_t)
-corenet_sendrecv_postgresql_client_packets(syslogd_t)
corenet_sendrecv_mysqld_client_packets(syslogd_t)
dev_filetrans(syslogd_t, devlog_t, sock_file)
diff --exclude=selinux_config -NurBb serefpolicy-3.9.16/policy/modules/system/sysnetwork.te serefpolicy-3.9.16.new/policy/modules/system/sysnetwork.te
--- serefpolicy-3.9.16/policy/modules/system/sysnetwork.te 2011-06-25 18:44:40.377773880 +0100
+++ serefpolicy-3.9.16.new/policy/modules/system/sysnetwork.te 2011-06-25 17:57:46.950773402 +0100
@@ -116,10 +116,7 @@
corenet_udp_sendrecv_all_ports(dhcpc_t)
corenet_tcp_bind_generic_node(dhcpc_t)
corenet_udp_bind_generic_node(dhcpc_t)
-corenet_udp_bind_dhcpc_port(dhcpc_t)
corenet_tcp_connect_all_ports(dhcpc_t)
-corenet_sendrecv_dhcpd_client_packets(dhcpc_t)
-corenet_sendrecv_dhcpc_server_packets(dhcpc_t)
corenet_dontaudit_udp_bind_all_reserved_ports(dhcpc_t)
corenet_udp_bind_all_unreserved_ports(dhcpc_t)
diff --exclude=selinux_config -NurBb serefpolicy-3.9.16/policy/modules/system/userdomain.if serefpolicy-3.9.16.new/policy/modules/system/userdomain.if
--- serefpolicy-3.9.16/policy/modules/system/userdomain.if 2011-06-25 18:44:40.387773880 +0100
+++ serefpolicy-3.9.16.new/policy/modules/system/userdomain.if 2011-06-25 18:25:15.017773683 +0100
@@ -794,13 +794,6 @@
')
optional_policy(`
- tunable_policy(`allow_user_postgresql_connect',`
- postgresql_stream_connect($1_usertype)
- postgresql_tcp_connect($1_usertype)
- ')
- ')
-
- optional_policy(`
resmgr_stream_connect($1_usertype)
')
@@ -1186,8 +1179,6 @@
# port access is audited even if dac would not have allowed it, so dontaudit it here
# corenet_dontaudit_tcp_bind_all_reserved_ports($1_t)
- # Need the following rule to allow users to run vpnc
- corenet_tcp_bind_xserver_port($1_t)
corenet_tcp_bind_generic_node($1_usertype)
storage_rw_fuse($1_t)
diff --exclude='*.tgz' -NurBb serefpolicy-3.9.16/selinux_config/modules-targeted.conf serefpolicy-3.9.16.new/selinux_config/modules-targeted.conf
--- serefpolicy-3.9.16/selinux_config/modules-targeted.conf 2011-06-25 19:17:09.909774213 +0100
+++ serefpolicy-3.9.16.new/selinux_config/modules-targeted.conf 2011-06-25 19:28:46.486774332 +0100
@@ -16,21 +16,21 @@
#
# An application to view and modify user accounts information
#
-accountsd = module
+accountsd = off
# Layer: admin
# Module: acct
#
# Berkeley process accounting
#
-acct = module
+acct = off
# Layer: services
# Module: ajaxterm
#
# Web Based Terminal
#
-ajaxterm = module
+ajaxterm = off
# Layer: admin
# Module: alsa
@@ -44,21 +44,21 @@
#
# ada executable
#
-ada = module
+ada = off
# Layer: services
# Module: cachefilesd
#
# CacheFiles userspace management daemon
#
-cachefilesd = module
+cachefilesd = off
# Layer: services
# Module: colord
#
# color device daemon
#
-colord = module
+colord = off
# Layer: apps
# Module: cpufreqselector
@@ -72,14 +72,14 @@
#
# chrome sandbox
#
-chrome = module
+chrome = off
# Layer: module
# Module: awstats
#
# awstats executable
#
-awstats = module
+awstats = off
# Layer: services
# Module: abrt
@@ -93,28 +93,28 @@
#
# SixXS Automatic IPv6 Connectivity Client Utility
#
-aiccu = module
+aiccu = off
# Layer: admin
# Module: amanda
#
# Automated backup program.
#
-amanda = module
+amanda = off
# Layer: services
# Module: afs
#
# Andrew Filesystem server
#
-afs = module
+afs = off
# Layer: services
# Module: amavis
#
# Anti-virus
#
-amavis = module
+amavis = off
# Layer: admin
# Module: anaconda
@@ -128,7 +128,7 @@
#
# Apache web server
#
-apache = module
+apache = off
# Layer: services
# Module: apm
@@ -150,7 +150,7 @@
#
# Ethernet activity monitor.
#
-arpwatch = module
+arpwatch = off
# Layer: services
# Module: audioentropy
@@ -171,7 +171,7 @@
#
# Asterisk IP telephony server
#
-asterisk = module
+asterisk = off
# Layer: services
# Module: automount
@@ -185,56 +185,56 @@
#
# mDNS/DNS-SD daemon implementing Apple ZeroConf architecture
#
-avahi = module
+avahi = off
# Layer: services
# Module: boinc
#
# Berkeley Open Infrastructure for Network Computing
#
-boinc = module
+boinc = off
# Layer: services
# Module: bind
#
# Berkeley internet name domain DNS server.
#
-bind = module
+bind = off
# Layer: services
# Module: bugzilla
#
# Bugzilla server
#
-bugzilla = module
+bugzilla = off
# Layer: services
# Module: dirsrv
#
# An 309 directory server
#
-dirsrv = module
+dirsrv = off
# Layer: services
# Module: dirsrv-admin
#
# An 309 directory admin server
#
-dirsrv-admin = module
+dirsrv-admin = off
# Layer: services
# Module: dnsmasq
#
# A lightweight DHCP and caching DNS server.
#
-dnsmasq = module
+dnsmasq = off
# Layer: services
# Module: bluetooth
#
# Bluetooth tools and system services.
#
-bluetooth = module
+bluetooth = off
# Layer: kernel
# Module: ubac
@@ -256,14 +256,14 @@
#
# Canna - kana-kanji conversion server
#
-canna = module
+canna = off
# Layer: services
# Module: ccs
#
# policy for ccs
#
-ccs = module
+ccs = off
# Layer: apps
# Module: calamaris
@@ -271,77 +271,77 @@
#
# Squid log analysis
#
-calamaris = module
+calamaris = off
# Layer: apps
# Module: cdrecord
#
# Policy for cdrecord
#
-cdrecord = module
+cdrecord = off
# Layer: admin
# Module: certwatch
#
# Digital Certificate Tracking
#
-certwatch = module
+certwatch = off
# Layer: admin
# Module: certmaster
#
# Digital Certificate master
#
-certmaster = module
+certmaster = off
# Layer: services
# Module: certmonger
#
# Certificate status monitor and PKI enrollment client
#
-certmonger = module
+certmonger = off
# Layer: services
# Module: cipe
#
# Encrypted tunnel daemon
#
-cipe = module
+cipe = off
# Layer: services
# Module: chronyd
#
# Daemon for maintaining clock time
#
-chronyd = module
+chronyd = off
# Layer: services
# Module: cobbler
#
# cobbler
#
-cobbler = module
+cobbler = off
# Layer: services
# Module: comsat
#
# Comsat, a biff server.
#
-comsat = module
+comsat = off
# Layer: services
# Module: corosync
#
# Corosync Cluster Engine Executive
#
-corosync = module
+corosync = off
# Layer: services
# Module: clamav
#
# ClamAV Virus Scanner
#
-clamav = module
+clamav = off
# Layer: system
# Module: clock
@@ -355,7 +355,7 @@
#
# ConsoleKit is a system daemon for tracking what users are logged
#
-consolekit = module
+consolekit = off
# Layer: admin
# Module: consoletype
@@ -400,28 +400,28 @@
#
# Common UNIX printing system
#
-cups = module
+cups = off
# Layer: services
# Module: cvs
#
# Concurrent versions system
#
-cvs = module
+cvs = off
# Layer: services
# Module: cyphesis
#
# cyphesis game server
#
-cyphesis = module
+cyphesis = off
# Layer: services
# Module: cyrus
#
# Cyrus is an IMAP service intended to be run on sealed servers
#
-cyrus = module
+cyrus = off
# Layer: system
# Module: daemontools
@@ -435,7 +435,7 @@
#
# Dictionary server for the SKK Japanese input method system.
#
-dbskk = module
+dbskk = off
# Layer: services
# Module: dbus
@@ -449,7 +449,7 @@
#
# A distributed, collaborative, spam detection and filtering network.
#
-dcc = module
+dcc = off
# Layer: admin
# Module: ddcprobe
@@ -478,14 +478,14 @@
#
# Dynamic host configuration protocol (DHCP) server
#
-dhcp = module
+dhcp = off
# Layer: services
# Module: dictd
#
# Dictionary daemon
#
-dictd = module
+dictd = off
# Layer: services
# Module: distcc
@@ -521,35 +521,35 @@
#
# DRBD mirrors a block device over the network to another machine.
#
-drbd = module
+drbd = off
# Layer: services
# Module: ddclient
#
# Update dynamic IP address at DynDNS.org
#
-ddclient = module
+ddclient = off
# Layer: services
# Module: dovecot
#
# Dovecot POP and IMAP mail server
#
-dovecot = module
+dovecot = off
# Layer: apps
# Module: gitosis
#
# Policy for gitosis
#
-gitosis = module
+gitosis = off
# Layer: apps
# Module: gpg
#
# Policy for GNU Privacy Guard and related programs.
#
-gpg = module
+gpg = off
# Layer: services
# Module: gpsd
@@ -557,35 +557,35 @@
# gpsd monitor daemon
#
#
-gpsd = module
+gpsd = off
# Layer: services
# Module: git
#
# Policy for the stupid content tracker
#
-git = module
+git = off
# Layer: services
# Module: gpm
#
# General Purpose Mouse driver
#
-gpm = module
+gpm = off
# Layer: services
# Module: fail2ban
#
# daiemon that bans IP that makes too many password failures
#
-fail2ban = module
+fail2ban = off
# Layer: services
# Module: fetchmail
#
# Remote-mail retrieval and forwarding utility
#
-fetchmail = module
+fetchmail = off
# Layer: kernel
# Module: files
@@ -608,7 +608,7 @@
#
# Finger user information service.
#
-finger = module
+finger = off
# Layer: admin
# Module: firstboot
@@ -630,7 +630,7 @@
#
# finger print server
#
-fprintd = module
+fprintd = off
# Layer: system
# Module: fstools
@@ -644,14 +644,14 @@
#
# File transfer protocol service
#
-ftp = module
+ftp = off
# Layer: apps
# Module: games
#
# The Open Group Pegasus CIM/WBEM Server.
#
-games = module
+games = off
# Layer: system
# Module: getty
@@ -665,21 +665,21 @@
#
# gnome session and gconf
#
-gnome = module
+gnome = off
# Layer: services
# Module: gnomeclock
#
# gnomeclock used by dbus/polkit to set time
#
-gnomeclock = module
+gnomeclock = off
# Layer: services
# Module: hal
#
# Hardware abstraction layer
#
-hal = module
+hal = off
# Layer: services
# Module: hddtemp
@@ -693,7 +693,7 @@
#
# Passenger
#
-passenger = module
+passenger = off
# Layer: services
# Module: policykit
@@ -707,21 +707,21 @@
#
# A network tool for managing many disparate systems
#
-puppet = module
+puppet = off
# Layer: apps
# Module: ptchown
#
# helper function for grantpt(3), changes ownship and permissions of pseudotty
#
-ptchown = module
+ptchown = off
# Layer: services
# Module: psad
#
# Analyze iptables log for hostile traffic
#
-psad = module
+psad = off
# Layer: system
# Module: hostname
@@ -743,14 +743,14 @@
#
# Port of Apple Rendezvous multicast DNS
#
-howl = module
+howl = off
# Layer: services
# Module: inetd
#
# Internet services daemon.
#
-inetd = module
+inetd = off
# Layer: system
# Module: init
@@ -764,7 +764,7 @@
#
# Internet News NNTP server
#
-inn = module
+inn = off
# Layer: system
# Module: iptables
@@ -785,7 +785,7 @@
#
# IRC client policy
#
-irc = module
+irc = off
# Layer: services
# Module: irqbalance
@@ -799,14 +799,14 @@
#
# Open-iSCSI daemon
#
-iscsi = module
+iscsi = off
# Layer: services
# Module: icecast
#
# ShoutCast compatible streaming media server
#
-icecast = module
+icecast = off
# Layer: services
# Module: i18n_input
@@ -821,14 +821,14 @@
#
# Jabber instant messaging server
#
-jabber = module
+jabber = off
# Layer: apps
# Module: java
#
# java executable
#
-java = module
+java = off
# Layer: apps
# Module: execmem
@@ -878,7 +878,7 @@
#
# KDE Talk daemon
#
-ktalk = module
+ktalk = off
# Layer: admin
# Module: kudzu
@@ -892,14 +892,14 @@
#
# OpenLDAP directory server
#
-ldap = module
+ldap = off
# Layer: services
# Module: likewise
#
# Likewise Active Directory support for UNIX
#
-likewise = module
+likewise = off
# Layer: system
# Module: libraries
@@ -955,14 +955,14 @@
#
# Line printer daemon
#
-lpd = module
+lpd = off
# Layer: services
# Module: lircd
#
# LIRC daemon - decodes infrared signals and provides them on a Unix domain socket.
#
-lircd = module
+lircd = off
# Layer: system
# Module: lvm
@@ -976,14 +976,14 @@
#
# Mailman is for managing electronic mail discussion and e-newsletter lists
#
-mailman = module
+mailman = off
# Layer: services
# Module: matahari
#
# Matahari system maangement tools
#
-matahari = module
+matahari = off
# Layer: admin
# Module: mcelog
@@ -1005,7 +1005,7 @@
#
# mediawiki
#
-mediawiki = module
+mediawiki = off
# Layer: system
# Module: miscfiles
@@ -1027,14 +1027,14 @@
#
# Policy for mock rpm builder
#
-mock = module
+mock = off
# Layer: services
# Module: mojomojo
#
# Wiki server
#
-mojomojo = module
+mojomojo = off
# Layer: system
# Module: modutils
@@ -1048,7 +1048,7 @@
#
# mono executable
#
-mono = module
+mono = off
# Layer: system
# Module: mount
@@ -1062,56 +1062,56 @@
#
# Policy for Mozilla and related web browsers
#
-mozilla = module
+mozilla = off
# Layer: services
# Module: ntop
#
# Policy for ntop
#
-ntop = module
+ntop = off
# Layer: services
# Module: nslcd
#
# Policy for nslcd
#
-nslcd = module
+nslcd = off
# Layer: apps
# Module: nsplugin
#
# Policy for nspluginwrapper
#
-nsplugin = module
+nsplugin = off
# Layer: services
# Module: modemmanager
#
# Manager for dynamically switching between modems.
#
-modemmanager = module
+modemmanager = off
# Layer: services
# Module: mpd
#
# mpd - daemon for playing music
#
-mpd = module
+mpd = off
# Layer: apps
# Module: mplayer
#
# Policy for Mozilla and related web browsers
#
-mplayer = module
+mplayer = off
# Layer: apps
# Module: gpg
#
# Policy for Mozilla and related web browsers
#
-gpg = module
+gpg = off
# Layer: admin
# Module: mrtg
@@ -1139,7 +1139,7 @@
#
# policy for nagios Host/service/network monitoring program
#
-nagios = module
+nagios = off
# Layer: admin
# Module: ncftool
@@ -1167,14 +1167,14 @@
#
# Manager for dynamically switching between networks.
#
-networkmanager = module
+networkmanager = off
# Layer: services
# Module: nis
#
# Policy for NIS (YP) servers and clients
#
-nis = module
+nis = off
# Layer: services
@@ -1197,14 +1197,14 @@
#
# nut - Network UPS Tools
#
-nut = module
+nut = off
# Layer: services
# Module: nx
#
# NX Remote Desktop
#
-nx = module
+nx = off
# Layer: services
@@ -1212,14 +1212,14 @@
#
# policy for oddjob
#
-oddjob = module
+oddjob = off
# Layer: services
# Module: openct
#
# Service for handling smart card readers.
#
-openct = off
+openct = module
# Layer: services
# Module: openvpn
@@ -1255,21 +1255,21 @@
#
# The Open Group Pegasus CIM/WBEM Server.
#
-pegasus = module
+pegasus = off
# Layer: services
# Module: piranha
#
# piranha - various tools to administer and configure the Linux Virtual Server
#
-piranha = module
+piranha = off
# Layer: services
# Module: postgresql
#
# PostgreSQL relational database
#
-postgresql = module
+postgresql = off
# Layer: services
# Module: portmap
@@ -1283,21 +1283,21 @@
#
# Postfix email server
#
-postfix = module
+postfix = off
# Layer: services
# Module: postgrey
#
# email scanner
#
-postgrey = module
+postgrey = off
# Layer: services
# Module: ppp
#
# Point to Point Protocol daemon creates links in ppp networks
#
-ppp = module
+ppp = off
# Layer: admin
# Module: prelink
@@ -1311,49 +1311,49 @@
#
# Procmail mail delivery agent
#
-procmail = module
+procmail = off
# Layer: services
# Module: privoxy
#
# Privacy enhancing web proxy.
#
-privoxy = module
+privoxy = off
# Layer: services
# Module: publicfile
#
# publicfile supplies files to the public through HTTP and FTP
#
-publicfile = module
+publicfile = off
# Layer: apps
# Module: pulseaudio
#
# The PulseAudio Sound System
#
-pulseaudio = module
+pulseaudio = off
# Layer: services
# Module: pyzor
#
# Spam Blocker
#
-pyzor = module
+pyzor = off
# Layer: services
# Module: qmail
#
# Policy for qmail
#
-qmail = module
+qmail = off
# Layer: services
# Module: qpidd
#
# Policy for qpidd
#
-qpidd = module
+qpidd = off
# Layer: admin
# Module: quota
@@ -1374,21 +1374,21 @@
#
# RADIUS authentication and accounting server.
#
-radius = module
+radius = off
# Layer: services
# Module: radvd
#
# IPv6 router advertisement daemon
#
-radvd = module
+radvd = off
# Layer: services
# Module: razor
#
# A distributed, collaborative, spam detection and filtering network.
#
-razor = module
+razor = off
# Layer: admin
# Module: readahead
@@ -1409,42 +1409,42 @@
#
# RHCS - Red Hat Cluster Suite
#
-rhcs = module
+rhcs = off
# Layer: services
# Module: aisexec
#
# RHCS - Red Hat Cluster Suite
#
-aisexec = module
+aisexec = off
# Layer: services
# Module: rgmanager
#
# rgmanager
#
-rgmanager = module
+rgmanager = off
# Layer: services
# Module: clogd
#
# clogd - clustered mirror log server
#
-clogd = module
+clogd = off
# Layer: services
# Module: cmirrord
#
# cmirrord - daemon providing device-mapper-base mirrors in a shared-storege cluster
#
-cmirrord = module
+cmirrord = off
# Layer: services
# Module: rhgb
#
# X windows login display manager
#
-rhgb = module
+rhgb = off
# Layer: services
# Module: rdisc
@@ -1465,21 +1465,21 @@
#
# policy for ricci
#
-ricci = module
+ricci = off
# Layer: services
# Module: rlogin
#
# Remote login daemon
#
-rlogin = module
+rlogin = off
# Layer: services
# Module: roundup
#
# Roundup Issue Tracking System policy
#
-roundup = module
+roundup = off
# Layer: services
# Module: rpc
@@ -1501,21 +1501,21 @@
#
# Remote shell service.
#
-rshd = module
+rshd = off
# Layer: services
# Module: rsync
#
# Fast incremental file transfer for synchronization
#
-rsync = module
+rsync = off
# Layer: services
# Module: rtkit
#
# Real Time Kit Daemon
#
-rtkit = module
+rtkit = off
# Layer: services
# Module: rwho
@@ -1531,21 +1531,21 @@
# name Service Switch daemon for resolving names
# from Windows NT servers.
#
-samba = module
+samba = off
# Layer: apps
# Module: sandbox
#
# Experimental policy for running apps within a sandbox
#
-sandbox = module
+sandbox = off
# Layer: apps
# Module: sambagui
#
# policy for system-config-samba
#
-sambagui = module
+sambagui = off
# Layer: services
# Module: sasl
@@ -1638,7 +1638,7 @@
#
# Update database for mlocate
#
-slocate = module
+slocate = off
# Layer: services
# Module: smartmon
@@ -1652,7 +1652,7 @@
#
# Latency Logging and Graphing System
#
-smokeping = module
+smokeping = off
# Layer: admin
# Module: smoltclient
@@ -1666,21 +1666,21 @@
#
# Simple network management protocol services
#
-snmp = module
+snmp = off
# Layer: services
# Module: spamassassin
#
# Filter used for removing unsolicited email.
#
-spamassassin = module
+spamassassin = off
# Layer: services
# Module: squid
#
# Squid caching http proxy server
#
-squid = module
+squid = off
# Layer: services
# Module: ssh
@@ -1708,7 +1708,7 @@
#
# SSL Tunneling Proxy
#
-stunnel = module
+stunnel = off
# Layer: admin
# Module: su
@@ -1744,28 +1744,28 @@
#
# Policy for sysstat. Reports on various system states
#
-sysstat = module
+sysstat = off
# Layer: services
# Module: tcpd
#
# Policy for TCP daemon.
#
-tcpd = module
+tcpd = off
# Layer: services
# Module: tcsd
#
# tcsd - daemon that manages Trusted Computing resources
#
-tcsd = module
+tcsd = off
# Layer: services
# Module: tgtd
#
# Linux Target Framework Daemon.
#
-tgtd = module
+tgtd = off
# Layer: system
# Module: udev
@@ -1779,7 +1779,7 @@
#
# Daemon for communicating with Apple's iPod Touch and iPhone
#
-usbmuxd = module
+usbmuxd = off
# Layer: system
# Module: userdomain
@@ -1808,49 +1808,49 @@
#
# netfilter/iptables ULOG daemon
#
-ulogd = module
+ulogd = off
# Layer: services
# Module: vdagent
#
# vdagent
#
-vdagent = module
+vdagent = off
# Layer: services
# Module: vhostmd
#
# vhostmd - spice guest agent daemon.
#
-vhostmd = module
+vhostmd = off
# Layer: apps
# Module: vhostmd
#
# vlock - Virtual Console lock program
#
-vlock = module
+vlock = off
# Layer: apps
# Module: wine
#
# wine executable
#
-wine = module
+wine = off
# Layer: apps
# Module: wireshark
#
# wireshark executable
#
-wireshark = module
+wireshark = off
# Layer: apps
# Module: telepathy
#
# telepathy - Policy for Telepathy framework
#
-telepathy = module
+telepathy = off
# Layer: admin
# Module: tzdata
@@ -1878,14 +1878,14 @@
#
# tvtime - a high quality television application
#
-tvtime = module
+tvtime = off
# Layer: apps
# Module: uml
#
# Policy for UML
#
-uml = module
+uml = off
# Layer: admin
# Module: usbmodules
@@ -1899,42 +1899,42 @@
#
# User network interface configuration helper
#
-usernetctl = module
+usernetctl = off
# Layer: system
# Module: xen
#
# virtualization software
#
-xen = module
+xen = off
# Layer: services
# Module: varnishd
#
# Varnishd http accelerator daemon
#
-varnishd = module
+varnishd = off
# Layer: services
# Module: virt
#
# Virtualization libraries
#
-virt = module
+virt = off
# Layer: services
# Module: vnstatd
#
# Network traffic Monitor
#
-vnstatd = module
+vnstatd = off
# Layer: apps
# Module: qemu
#
# Virtualization emulator
#
-qemu = module
+qemu = off
# Layer: system
# Module: brctl
@@ -1948,7 +1948,7 @@
#
# Telnet daemon
#
-telnet = module
+telnet = off
# Layer: services
# Module: timidity
@@ -1962,21 +1962,21 @@
#
# Trivial file transfer protocol daemon
#
-tftp = module
+tftp = off
# Layer: services
# Module: tuned
#
# Dynamic adaptive system tuning daemon
#
-tuned = module
+tuned = off
# Layer: services
# Module: uucp
#
# Unix to Unix Copy
#
-uucp = module
+uucp = off
# Layer: services
# Module: vbetool
@@ -1990,35 +1990,35 @@
#
# Web server log analysis
#
-webalizer = module
+webalizer = off
# Layer: services
# Module: xfs
#
# X Windows Font Server
#
-xfs = module
+xfs = off
# Layer: services
# Module: xserver
#
# X windows login display manager
#
-xserver = module
+xserver = off
# Layer: services
# Module: zarafa
#
# Zarafa Collaboration Platform
#
-zarafa = module
+zarafa = off
# Layer: services
# Module: zebra
#
# Zebra border gateway protocol network routing service
#
-zebra = module
+zebra = off
# Layer: admin
# Module: usermanage
@@ -2075,28 +2075,28 @@
#
# Open-source monitoring solution for your IT infrastructure
#
-zabbix = module
+zabbix = off
# Layer: services
# Module: apcupsd
#
# daemon for most APCâ??s UPS for Linux
#
-apcupsd = module
+apcupsd = off
# Layer: services
# Module: aide
#
# Policy for aide
#
-aide = module
+aide = off
# Layer: services
# Module: w3c
#
# w3c
#
-w3c = module
+w3c = off
# Layer: services
# Module: plymouthd
@@ -2110,7 +2110,7 @@
#
# reserve ports to prevent portmap mapping them
#
-portreserve = module
+portreserve = off
# Layer: services
# Module: rpcbind
@@ -2131,14 +2131,14 @@
#
# VMWare Workstation virtual machines
#
-vmware = module
+vmware = off
# Layer: role
# Module: dbadm
#
# Minimally prived root role for managing databases
#
-dbadm = module
+dbadm = off
# Layer: role
# Module: logadm
@@ -2152,7 +2152,7 @@
#
# Minimally prived root role for managing apache
#
-webadm = module
+webadm = off
#
# Layer: services
@@ -2160,7 +2160,7 @@
#
# exim mail server
#
-exim = module
+exim = off
# Layer: services
@@ -2168,35 +2168,35 @@
#
# Wireless sniffing and monitoring
#
-kismet = module
+kismet = off
# Layer: services
# Module: munin
#
# Munin
#
-munin = module
+munin = off
# Layer: services
# Module: bitlbee
#
# An IRC to other chat networks gateway
#
-bitlbee = module
+bitlbee = off
# Layer: admin
# Module: sosreport
#
# sosreport debuggin information generator
#
-sosreport = module
+sosreport = off
# Layer: services
# Module: soundserver
#
# sound server for network audio server programs, nasd, yiff, etc</summary>
#
-soundserver = module
+soundserver = off
# Layer: role
# Module: unconfineduser
@@ -2210,7 +2210,7 @@
#
# admin account
#
-staff = module
+staff = off
# Layer:role
# Module: sysadm
@@ -2224,17 +2224,17 @@
#
# Minimally privs guest account on tty logins
#
-unprivuser = module
+unprivuser = off
# Layer: services
# Module: prelude
#
-prelude = module
+prelude = off
# Layer: services
# Module: pads
#
-pads = module
+pads = off
# Layer: services
# Module: kerneloops
@@ -2248,28 +2248,28 @@
#
# openoffice executable
#
-openoffice = module
+openoffice = off
# Layer: apps
# Module: podsleuth
#
# Podsleuth probes, identifies, and exposes properties and metadata bound to iPods.
#
-podsleuth = module
+podsleuth = off
# Layer: role
# Module: guest
#
# Minimally privs guest account on tty logins
#
-guest = module
+guest = off
# Layer: role
# Module: xguest
#
# Minimally privs guest account on X Windows logins
#
-xguest = module
+xguest = off
# Layer: services
# Module: cgroup
@@ -2283,14 +2283,14 @@
#
# IMAP and POP3 email servers
#
-courier = module
+courier = off
# Layer: services
# Module: denyhosts
#
# script to help thwart ssh server attacks
#
-denyhosts = module
+denyhosts = off
# Layer: apps
# Module: livecd
@@ -2304,14 +2304,14 @@
#
# Snort network intrusion detection system
#
-snort = module
+snort = off
# Layer: services
# Module: memcached
#
# high-performance memory object caching system
#
-memcached = module
+memcached = off
# Layer: system
# Module: netlabel
@@ -2325,20 +2325,20 @@
#
# policy for z/OS Remote-services Audit dispatcher plugin</summary>
#
-zosremote = module
+zosremote = off
# Layer: services
# Module: pingd
#
#
-pingd = module
+pingd = off
# Layer: services
# Module: milter
#
#
#
-milter = module
+milter = off
# Layer: services
# Module: keyboardd
@@ -2346,14 +2346,14 @@
# system-setup-keyboard is a keyboard layout daemon that monitors
# /etc/sysconfig/keyboard and writes out an xorg.conf.d snippet
#
-keyboardd = module
+keyboardd = off
# Layer: services
# Module: firewalld
#
# firewalld is firewall service daemon that provides dynamic customizable
#
-firewalld = module
+firewalld = off
# Layer: apps
# Module: namespace
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
