On Tue, 2008-05-06 at 23:21 +0100, Martin Orr wrote: > Should I be able to build trunk refpolicy with the user roles included in > the base module? I can build it with the roles as modules, but if I try > building them into base I get > /usr/bin/checkmodule -M base.conf -o tmp/base.mod > /usr/bin/checkmodule: loading policy configuration from base.conf > libsepol.expand_module: Error while indexing out symbols > /usr/bin/checkmodule: expand module failed > > I have refpolicy revision 2669, libsepol 2.0.25, checkpolicy 2.0.12. I have > attached the modules.conf I am using, which seems to be the minimum number > of things I need to build in to be able to build in roles. Reproduced here as well, and naturally one should be able to build roles into base. We've seen this error condition in the past - it indicates that there is a hole in the symbol table, and requires mapping support in the expand code for roles to correctly handle it. So that represents a bug/limitation of the current policy compiler. Walking through it I see that it is omitting the auditadm_r and secadm_r roles during the expand, and this is leaving the holes in the symbol table. Fixing the compiler requires adding mapping support for the roles similar to what Karl did for booleans in r2308. Hopefully though Chris can work around it in the policy in the interim. > plain text document attachment (modules.conf) > # > # This file contains a listing of available modules. > # To prevent a module from being used in policy > # creation, set the module name to "off". > # > # For monolithic policies, modules set to "base" and "module" > # will be built into the policy. > # > # For modular policies, modules set to "base" will be > # included in the base module. "module" will be compiled > # as individual loadable modules. > # > > # Layer: kernel > # Module: corecommands > # Required in base > # > # Core policy for shells, and generic programs > # in /bin, /sbin, /usr/bin, and /usr/sbin. > # > corecommands = base > > # Layer: kernel > # Module: corenetwork > # Required in base > # > # Policy controlling access to network objects > # > corenetwork = base > > # Layer: kernel > # Module: devices > # Required in base > # > # Device nodes and interfaces for many basic system devices. > # > devices = base > > # Layer: kernel > # Module: domain > # Required in base > # > # Core policy for domains. > # > domain = base > > # Layer: kernel > # Module: files > # Required in base > # > # Basic filesystem types and interfaces. > # > files = base > > # Layer: kernel > # Module: filesystem > # Required in base > # > # Policy for filesystems. > # > filesystem = base > > # Layer: kernel > # Module: kernel > # Required in base > # > # Policy for kernel threads, proc filesystem, > # and unlabeled processes and objects. > # > kernel = base > > # Layer: kernel > # Module: mcs > # Required in base > # > # Multicategory security policy > # > mcs = base > > # Layer: kernel > # Module: mls > # Required in base > # > # Multilevel security policy > # > mls = base > > # Layer: kernel > # Module: selinux > # Required in base > # > # Policy for kernel security interface, in particular, selinuxfs. > # > selinux = base > > # Layer: kernel > # Module: terminal > # Required in base > # > # Policy for terminals. > # > terminal = base > > # Layer: admin > # Module: acct > # > # Berkeley process accounting > # > acct = module > > # Layer: admin > # Module: alsa > # > # Ainit ALSA configuration tool > # > alsa = module > > # Layer: admin > # Module: amanda > # > # Automated backup program. > # > amanda = module > > # Layer: admin > # Module: amtu > # > # Abstract Machine Test Utility > # > amtu = module > > # Layer: admin > # Module: anaconda > # > # Policy for the Anaconda installer. > # > anaconda = module > > # Layer: admin > # Module: apt > # > # APT advanced package toll. > # > apt = module > > # Layer: admin > # Module: backup > # > # System backup scripts > # > backup = module > > # Layer: admin > # Module: bootloader > # > # Policy for the kernel modules, kernel image, and bootloader. > # > bootloader = module > > # Layer: admin > # Module: brctl > # > # Utilities for configuring the linux ethernet bridge > # > brctl = module > > # Layer: admin > # Module: certwatch > # > # Digital Certificate Tracking > # > certwatch = module > > # Layer: admin > # Module: consoletype > # > # Determine of the console connected to the controlling terminal. > # > consoletype = module > > # Layer: admin > # Module: ddcprobe > # > # ddcprobe retrieves monitor and graphics card information > # > ddcprobe = module > > # Layer: admin > # Module: dmesg > # > # Policy for dmesg. > # > dmesg = module > > # Layer: admin > # Module: dmidecode > # > # Decode DMI data for x86/ia64 bioses. > # > dmidecode = module > > # Layer: admin > # Module: dpkg > # > # Policy for the Debian package manager. > # > dpkg = module > > # Layer: admin > # Module: firstboot > # > # Final system configuration run during the first boot > # after installation of Red Hat/Fedora systems. > # > firstboot = module > > # Layer: admin > # Module: kudzu > # > # Hardware detection and configuration tools > # > kudzu = module > > # Layer: admin > # Module: logrotate > # > # Rotate and archive system logs > # > logrotate = module > > # Layer: admin > # Module: logwatch > # > # System log analyzer and reporter > # > logwatch = module > > # Layer: admin > # Module: mrtg > # > # Network traffic graphing > # > mrtg = module > > # Layer: admin > # Module: netutils > # > # Network analysis utilities > # > netutils = module > > # Layer: admin > # Module: portage > # > # Portage Package Management System. The primary package management and > # distribution system for Gentoo. > # > portage = module > > # Layer: admin > # Module: prelink > # > # Prelink ELF shared library mappings. > # > prelink = module > > # Layer: admin > # Module: quota > # > # File system quota management > # > quota = module > > # Layer: admin > # Module: readahead > # > # Readahead, read files into page cache for improved performance > # > readahead = module > > # Layer: admin > # Module: rpm > # > # Policy for the RPM package manager. > # > rpm = module > > # Layer: admin > # Module: su > # > # Run shells with substitute user and group > # > su = module > > # Layer: admin > # Module: sudo > # > # Execute a command with a substitute user > # > sudo = module > > # Layer: admin > # Module: sxid > # > # SUID/SGID program monitoring > # > sxid = module > > # Layer: admin > # Module: tmpreaper > # > # Manage temporary directory sizes and file ages > # > tmpreaper = module > > # Layer: admin > # Module: tripwire > # > # Tripwire file integrity checker. > # > tripwire = module > > # Layer: admin > # Module: tzdata > # > # Time zone updater > # > tzdata = module > > # Layer: admin > # Module: updfstab > # > # Red Hat utility to change /etc/fstab. > # > updfstab = module > > # Layer: admin > # Module: usbmodules > # > # List kernel modules of USB devices > # > usbmodules = module > > # Layer: admin > # Module: usermanage > # > # Policy for managing user accounts. > # > usermanage = module > > # Layer: admin > # Module: vbetool > # > # run real-mode video BIOS code to alter hardware state > # > vbetool = module > > # Layer: admin > # Module: vpn > # > # Virtual Private Networking client > # > vpn = module > > # Layer: apps > # Module: ada > # > # GNAT Ada95 compiler > # > ada = module > > # Layer: apps > # Module: authbind > # > # Tool for non-root processes to bind to reserved ports > # > authbind = module > > # Layer: apps > # Module: awstats > # > # AWStats is a free powerful and featureful tool that generates advanced > # web, streaming, ftp or mail server statistics, graphically. > # > awstats = module > > # Layer: apps > # Module: calamaris > # > # Squid log analysis > # > calamaris = module > > # Layer: apps > # Module: cdrecord > # > # Policy for cdrecord > # > cdrecord = module > > # Layer: apps > # Module: ethereal > # > # Ethereal packet capture tool. > # > ethereal = module > > # Layer: apps > # Module: evolution > # > # Evolution email client > # > evolution = module > > # Layer: apps > # Module: games > # > # Games > # > games = module > > # Layer: apps > # Module: gift > # > # giFT peer to peer file sharing tool > # > gift = module > > # Layer: apps > # Module: gnome > # > # GNU network object model environment (GNOME) > # > gnome = module > > # Layer: apps > # Module: gpg > # > # Policy for GNU Privacy Guard and related programs. > # > gpg = module > > # Layer: apps > # Module: irc > # > # IRC client policy > # > irc = module > > # Layer: apps > # Module: java > # > # Java virtual machine > # > java = module > > # Layer: apps > # Module: loadkeys > # > # Load keyboard mappings. > # > loadkeys = module > > # Layer: apps > # Module: lockdev > # > # device locking policy for lockdev > # > lockdev = module > > # Layer: apps > # Module: mono > # > # Run .NET server and client applications on Linux. > # > mono = module > > # Layer: apps > # Module: mozilla > # > # Policy for Mozilla and related web browsers > # > mozilla = module > > # Layer: apps > # Module: mplayer > # > # Mplayer media player and encoder > # > mplayer = module > > # Layer: apps > # Module: rssh > # > # Restricted (scp/sftp) only shell > # > rssh = module > > # Layer: apps > # Module: screen > # > # GNU terminal multiplexer > # > screen = module > > # Layer: apps > # Module: slocate > # > # Update database for mlocate > # > slocate = module > > # Layer: apps > # Module: thunderbird > # > # Thunderbird email client > # > thunderbird = module > > # Layer: apps > # Module: tvtime > # > # tvtime - a high quality television application > # > tvtime = module > > # Layer: apps > # Module: uml > # > # Policy for UML > # > uml = module > > # Layer: apps > # Module: userhelper > # > # SELinux utility to run a shell with a new role > # > userhelper = module > > # Layer: apps > # Module: usernetctl > # > # User network interface configuration helper > # > usernetctl = module > > # Layer: apps > # Module: vmware > # > # VMWare Workstation virtual machines > # > vmware = module > > # Layer: apps > # Module: webalizer > # > # Web server log analysis > # > webalizer = module > > # Layer: apps > # Module: wine > # > # Wine Is Not an Emulator. Run Windows programs in Linux. > # > wine = module > > # Layer: apps > # Module: wireshark > # > # Wireshark packet capture tool. > # > wireshark = module > > # Layer: apps > # Module: yam > # > # Yum/Apt Mirroring > # > yam = module > > # Layer: kernel > # Module: storage > # > # Policy controlling access to storage devices > # > storage = base > > # Layer: roles > # Module: auditadm > # > # Audit administrator role > # > auditadm = module > > # Layer: roles > # Module: secadm > # > # Security administrator role > # > secadm = module > > # Layer: roles > # Module: staff > # > # Administrator's unprivileged user role > # > staff = base > > # Layer: roles > # Module: sysadm > # > # General system administration role > # > sysadm = base > > # Layer: roles > # Module: unprivuser > # > # Generic unprivileged user role > # > unprivuser = base > > # Layer: services > # Module: afs > # > # Andrew Filesystem server > # > afs = module > > # Layer: services > # Module: aide > # > # Aide filesystem integrity checker > # > aide = module > > # Layer: services > # Module: amavis > # > # Daemon that interfaces mail transfer agents and content > # checkers, such as virus scanners. > # > amavis = module > > # Layer: services > # Module: apache > # > # Apache web server > # > apache = module > > # Layer: services > # Module: apcupsd > # > # APC UPS monitoring daemon > # > apcupsd = module > > # Layer: services > # Module: apm > # > # Advanced power management daemon > # > apm = module > > # Layer: services > # Module: arpwatch > # > # Ethernet activity monitor. > # > arpwatch = module > > # Layer: services > # Module: asterisk > # > # Asterisk IP telephony server > # > asterisk = module > > # Layer: services > # Module: audioentropy > # > # Generate entropy from audio input > # > audioentropy = module > > # Layer: services > # Module: automount > # > # Filesystem automounter service. > # > automount = module > > # Layer: services > # Module: avahi > # > # mDNS/DNS-SD daemon implementing Apple ZeroConf architecture > # > avahi = module > > # Layer: services > # Module: bind > # > # Berkeley internet name domain DNS server. > # > bind = module > > # Layer: services > # Module: bitlbee > # > # Bitlbee service > # > bitlbee = module > > # Layer: services > # Module: bluetooth > # > # Bluetooth tools and system services. > # > bluetooth = module > > # Layer: services > # Module: canna > # > # Canna - kana-kanji conversion server > # > canna = module > > # Layer: services > # Module: ccs > # > # Cluster Configuration System > # > ccs = module > > # Layer: services > # Module: cipe > # > # Encrypted tunnel daemon > # > cipe = module > > # Layer: services > # Module: clamav > # > # ClamAV Virus Scanner > # > clamav = module > > # Layer: services > # Module: clockspeed > # > # Clockspeed simple network time protocol client > # > clockspeed = module > > # Layer: services > # Module: comsat > # > # Comsat, a biff server. > # > comsat = module > > # Layer: services > # Module: consolekit > # > # Framework for facilitating multiple user sessions on desktops. > # > consolekit = module > > # Layer: services > # Module: courier > # > # Courier IMAP and POP3 email servers > # > courier = module > > # Layer: services > # Module: cpucontrol > # > # Services for loading CPU microcode and CPU frequency scaling. > # > cpucontrol = module > > # Layer: services > # Module: cron > # > # Periodic execution of scheduled commands. > # > cron = module > > # Layer: services > # Module: cups > # > # Common UNIX printing system > # > cups = module > > # Layer: services > # Module: cvs > # > # Concurrent versions system > # > cvs = module > > # Layer: services > # Module: cyrus > # > # Cyrus is an IMAP service intended to be run on sealed servers > # > cyrus = module > > # Layer: services > # Module: dante > # > # Dante msproxy and socks4/5 proxy server > # > dante = module > > # Layer: services > # Module: dbskk > # > # Dictionary server for the SKK Japanese input method system. > # > dbskk = module > > # Layer: services > # Module: dbus > # > # Desktop messaging bus > # > dbus = module > > # Layer: services > # Module: dcc > # > # Distributed checksum clearinghouse spam filtering > # > dcc = module > > # Layer: services > # Module: ddclient > # > # Update dynamic IP address at DynDNS.org > # > ddclient = module > > # Layer: services > # Module: dhcp > # > # Dynamic host configuration protocol (DHCP) server > # > dhcp = module > > # Layer: services > # Module: dictd > # > # Dictionary daemon > # > dictd = module > > # Layer: services > # Module: distcc > # > # Distributed compiler daemon > # > distcc = module > > # Layer: services > # Module: djbdns > # > # small and secure DNS daemon > # > djbdns = module > > # Layer: services > # Module: dnsmasq > # > # dnsmasq DNS forwarder and DHCP server > # > dnsmasq = module > > # Layer: services > # Module: dovecot > # > # Dovecot POP and IMAP mail server > # > dovecot = module > > # Layer: services > # Module: exim > # > # Exim mail transfer agent > # > exim = module > > # Layer: services > # Module: fail2ban > # > # Update firewall filtering to ban IP addresses with too many password failures. > # > fail2ban = module > > # Layer: services > # Module: fetchmail > # > # Remote-mail retrieval and forwarding utility > # > fetchmail = module > > # Layer: services > # Module: finger > # > # Finger user information service. > # > finger = module > > # Layer: services > # Module: ftp > # > # File transfer protocol service > # > ftp = module > > # Layer: services > # Module: gatekeeper > # > # OpenH.323 Voice-Over-IP Gatekeeper > # > gatekeeper = module > > # Layer: services > # Module: gpm > # > # General Purpose Mouse driver > # > gpm = module > > # Layer: services > # Module: hal > # > # Hardware abstraction layer > # > hal = module > > # Layer: services > # Module: howl > # > # Port of Apple Rendezvous multicast DNS > # > howl = module > > # Layer: services > # Module: i18n_input > # > # IIIMF htt server > # > i18n_input = module > > # Layer: services > # Module: imaze > # > # iMaze game server > # > imaze = module > > # Layer: services > # Module: inetd > # > # Internet services daemon. > # > inetd = module > > # Layer: services > # Module: inn > # > # Internet News NNTP server > # > inn = module > > # Layer: services > # Module: ircd > # > # IRC server > # > ircd = module > > # Layer: services > # Module: irqbalance > # > # IRQ balancing daemon > # > irqbalance = module > > # Layer: services > # Module: jabber > # > # Jabber instant messaging server > # > jabber = module > > # Layer: services > # Module: kerberos > # > # MIT Kerberos admin and KDC > # > kerberos = module > > # Layer: services > # Module: ktalk > # > # KDE Talk daemon > # > ktalk = module > > # Layer: services > # Module: ldap > # > # OpenLDAP directory server > # > ldap = module > > # Layer: services > # Module: lpd > # > # Line printer daemon > # > lpd = module > > # Layer: services > # Module: mailman > # > # Mailman is for managing electronic mail discussion and e-newsletter lists > # > mailman = module > > # Layer: services > # Module: monop > # > # Monopoly daemon > # > monop = module > > # Layer: services > # Module: mta > # > # Policy common to all email tranfer agents. > # > mta = module > > # Layer: services > # Module: munin > # > # Munin network-wide load graphing (formerly LRRD) > # > munin = module > > # Layer: services > # Module: mysql > # > # Policy for MySQL > # > mysql = module > > # Layer: services > # Module: nagios > # > # Net Saint / NAGIOS - network monitoring server > # > nagios = module > > # Layer: services > # Module: nessus > # > # Nessus network scanning daemon > # > nessus = module > > # Layer: services > # Module: networkmanager > # > # Manager for dynamically switching between networks. > # > networkmanager = module > > # Layer: services > # Module: nis > # > # Policy for NIS (YP) servers and clients > # > nis = module > > # Layer: services > # Module: nscd > # > # Name service cache daemon > # > nscd = module > > # Layer: services > # Module: nsd > # > # Authoritative only name server > # > nsd = module > > # Layer: services > # Module: ntop > # > # Network Top > # > ntop = module > > # Layer: services > # Module: ntp > # > # Network time protocol daemon > # > ntp = module > > # Layer: services > # Module: nx > # > # NX remote desktop > # > nx = module > > # Layer: services > # Module: oav > # > # Open AntiVirus scannerdaemon and signature update > # > oav = module > > # Layer: services > # Module: oddjob > # > # Oddjob provides a mechanism by which unprivileged applications can > # request that specified privileged operations be performed on their > # behalf. > # > oddjob = module > > # Layer: services > # Module: openca > # > # OpenCA - Open Certificate Authority > # > openca = module > > # Layer: services > # Module: openct > # > # Service for handling smart card readers. > # > openct = module > > # Layer: services > # Module: openvpn > # > # full-featured SSL VPN solution > # > openvpn = module > > # Layer: services > # Module: pcscd > # > # PCSC smart card service > # > pcscd = module > > # Layer: services > # Module: pegasus > # > # The Open Group Pegasus CIM/WBEM Server. > # > pegasus = module > > # Layer: services > # Module: perdition > # > # Perdition POP and IMAP proxy > # > perdition = module > > # Layer: services > # Module: portmap > # > # RPC port mapping service. > # > portmap = module > > # Layer: services > # Module: portslave > # > # Portslave terminal server software > # > portslave = module > > # Layer: services > # Module: postfix > # > # Postfix email server > # > postfix = module > > # Layer: services > # Module: postfixpolicyd > # > # Postfix policy server > # > postfixpolicyd = module > > # Layer: services > # Module: postgresql > # > # PostgreSQL relational database > # > postgresql = module > > # Layer: services > # Module: postgrey > # > # Postfix grey-listing server > # > postgrey = module > > # Layer: services > # Module: ppp > # > # Point to Point Protocol daemon creates links in ppp networks > # > ppp = module > > # Layer: services > # Module: privoxy > # > # Privacy enhancing web proxy. > # > privoxy = module > > # Layer: services > # Module: procmail > # > # Procmail mail delivery agent > # > procmail = module > > # Layer: services > # Module: publicfile > # > # publicfile supplies files to the public through HTTP and FTP > # > publicfile = module > > # Layer: services > # Module: pxe > # > # Server for the PXE network boot protocol > # > pxe = module > > # Layer: services > # Module: pyzor > # > # Pyzor is a distributed, collaborative spam detection and filtering network. > # > pyzor = module > > # Layer: services > # Module: qmail > # > # Qmail Mail Server > # > qmail = module > > # Layer: services > # Module: radius > # > # RADIUS authentication and accounting server. > # > radius = module > > # Layer: services > # Module: radvd > # > # IPv6 router advertisement daemon > # > radvd = module > > # Layer: services > # Module: razor > # > # A distributed, collaborative, spam detection and filtering network. > # > razor = module > > # Layer: services > # Module: rdisc > # > # Network router discovery daemon > # > rdisc = module > > # Layer: services > # Module: remotelogin > # > # Policy for rshd, rlogind, and telnetd. > # > remotelogin = module > > # Layer: services > # Module: resmgr > # > # Resource management daemon > # > resmgr = module > > # Layer: services > # Module: rhgb > # > # Red Hat Graphical Boot > # > rhgb = module > > # Layer: services > # Module: ricci > # > # Ricci cluster management agent > # > ricci = module > > # Layer: services > # Module: rlogin > # > # Remote login daemon > # > rlogin = module > > # Layer: services > # Module: roundup > # > # Roundup Issue Tracking System policy > # > roundup = module > > # Layer: services > # Module: rpc > # > # Remote Procedure Call Daemon for managment of network based process communication > # > rpc = module > > # Layer: services > # Module: rpcbind > # > # Universal Addresses to RPC Program Number Mapper > # > rpcbind = module > > # Layer: services > # Module: rshd > # > # Remote shell service. > # > rshd = module > > # Layer: services > # Module: rsync > # > # Fast incremental file transfer for synchronization > # > rsync = module > > # Layer: services > # Module: rwho > # > # Who is logged in on other machines? > # > rwho = module > > # Layer: services > # Module: samba > # > # SMB and CIFS client/server programs for UNIX and > # name Service Switch daemon for resolving names > # from Windows NT servers. > # > samba = module > > # Layer: services > # Module: sasl > # > # SASL authentication server > # > sasl = module > > # Layer: services > # Module: sendmail > # > # Policy for sendmail. > # > sendmail = module > > # Layer: services > # Module: setroubleshoot > # > # SELinux troubleshooting service > # > setroubleshoot = module > > # Layer: services > # Module: slrnpull > # > # Service for downloading news feeds the slrn newsreader. > # > slrnpull = module > > # Layer: services > # Module: smartmon > # > # Smart disk monitoring daemon policy > # > smartmon = module > > # Layer: services > # Module: snmp > # > # Simple network management protocol services > # > snmp = module > > # Layer: services > # Module: snort > # > # Snort network intrusion detection system > # > snort = module > > # Layer: services > # Module: soundserver > # > # sound server for network audio server programs, nasd, yiff, etc > # > soundserver = module > > # Layer: services > # Module: spamassassin > # > # Filter used for removing unsolicited email. > # > spamassassin = module > > # Layer: services > # Module: speedtouch > # > # Alcatel speedtouch USB ADSL modem > # > speedtouch = module > > # Layer: services > # Module: squid > # > # Squid caching http proxy server > # > squid = module > > # Layer: services > # Module: ssh > # > # Secure shell client and server policy. > # > ssh = module > > # Layer: services > # Module: stunnel > # > # SSL Tunneling Proxy > # > stunnel = module > > # Layer: services > # Module: sysstat > # > # Policy for sysstat. Reports on various system states > # > sysstat = module > > # Layer: services > # Module: tcpd > # > # Policy for TCP daemon. > # > tcpd = module > > # Layer: services > # Module: telnet > # > # Telnet daemon > # > telnet = module > > # Layer: services > # Module: tftp > # > # Trivial file transfer protocol daemon > # > tftp = module > > # Layer: services > # Module: timidity > # > # MIDI to WAV converter and player configured as a service > # > timidity = module > > # Layer: services > # Module: tor > # > # TOR, the onion router > # > tor = module > > # Layer: services > # Module: transproxy > # > # HTTP transperant proxy > # > transproxy = module > > # Layer: services > # Module: ucspitcp > # > # ucspitcp policy > # > ucspitcp = module > > # Layer: services > # Module: uptime > # > # Uptime daemon > # > uptime = module > > # Layer: services > # Module: uucp > # > # Unix to Unix Copy > # > uucp = module > > # Layer: services > # Module: uwimap > # > # University of Washington IMAP toolkit POP3 and IMAP mail server > # > uwimap = module > > # Layer: services > # Module: watchdog > # > # Software watchdog > # > watchdog = module > > # Layer: services > # Module: xfs > # > # X Windows Font Server > # > xfs = module > > # Layer: services > # Module: xprint > # > # X print server > # > xprint = module > > # Layer: services > # Module: xserver > # > # X Windows Server > # > xserver = module > > # Layer: services > # Module: zabbix > # > # Distributed infrastructure monitoring > # > zabbix = module > > # Layer: services > # Module: zebra > # > # Zebra border gateway protocol network routing service > # > zebra = module > > # Layer: system > # Module: application > # > # Policy for user executable applications. > # > application = base > > # Layer: system > # Module: authlogin > # > # Common policy for authentication and user login. > # > authlogin = base > > # Layer: system > # Module: clock > # > # Policy for reading and setting the hardware clock. > # > clock = module > > # Layer: system > # Module: daemontools > # > # Collection of tools for managing UNIX services > # > daemontools = module > > # Layer: system > # Module: fstools > # > # Tools for filesystem management, such as mkfs and fsck. > # > fstools = module > > # Layer: system > # Module: getty > # > # Policy for getty. > # > getty = module > > # Layer: system > # Module: hostname > # > # Policy for changing the system host name. > # > hostname = module > > # Layer: system > # Module: hotplug > # > # Policy for hotplug system, for supporting the > # connection and disconnection of devices at runtime. > # > hotplug = module > > # Layer: system > # Module: init > # > # System initialization programs (init and init scripts). > # > init = base > > # Layer: system > # Module: ipsec > # > # TCP/IP encryption > # > ipsec = module > > # Layer: system > # Module: iptables > # > # Policy for iptables. > # > iptables = module > > # Layer: system > # Module: iscsi > # > # Establish connections to iSCSI devices > # > iscsi = module > > # Layer: system > # Module: libraries > # > # Policy for system libraries. > # > libraries = base > > # Layer: system > # Module: locallogin > # > # Policy for local logins. > # > locallogin = base > > # Layer: system > # Module: logging > # > # Policy for the kernel message logger and system logging daemon. > # > logging = base > > # Layer: system > # Module: lvm > # > # Policy for logical volume management programs. > # > lvm = module > > # Layer: system > # Module: miscfiles > # > # Miscelaneous files. > # > miscfiles = base > > # Layer: system > # Module: modutils > # > # Policy for kernel module utilities > # > modutils = base > > # Layer: system > # Module: mount > # > # Policy for mount. > # > mount = module > > # Layer: system > # Module: netlabel > # > # NetLabel/CIPSO labeled networking management > # > netlabel = module > > # Layer: system > # Module: pcmcia > # > # PCMCIA card management services > # > pcmcia = module > > # Layer: system > # Module: raid > # > # RAID array management tools > # > raid = module > > # Layer: system > # Module: selinuxutil > # > # Policy for SELinux policy and userland applications. > # > selinuxutil = base > > # Layer: system > # Module: setrans > # > # SELinux MLS/MCS label translation service. > # > setrans = module > > # Layer: system > # Module: sysnetwork > # > # Policy for network configuration: ifconfig and dhcp client. > # > sysnetwork = base > > # Layer: system > # Module: udev > # > # Policy for udev. > # > udev = module > > # Layer: system > # Module: unconfined > # > # The unconfined domain. > # > unconfined = module > > # Layer: system > # Module: userdomain > # > # Policy for user domains > # > userdomain = base > > # Layer: system > # Module: xen > # > # Xen hypervisor > # > xen = module > -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
