From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Thu, 05 Aug 2010 10:04:05 -0400 Subject: [refpolicy] [ admin layer patch 2/2] Kernel layer xml fixes. In-Reply-To: <20100805125707.GA27289@localhost.localdomain> References: <20100805125707.GA27289@localhost.localdomain> Message-ID: <4C5AC4D5.9020207@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 08/05/10 08:57, Dominick Grift wrote: > Signed-off-by: Dominick Grift Merged. > --- > :100644 100644 314731b... ef1d72a... M policy/modules/kernel/corecommands.if > :100644 100644 f13a505... cac0c64... M policy/modules/kernel/devices.if > :100644 100644 deb03ea... 41f36ed... M policy/modules/kernel/domain.if > :100644 100644 28cb589... 8d3dfad... M policy/modules/kernel/files.if > :100644 100644 9b79f4a... e3e17ba... M policy/modules/kernel/filesystem.if > :100644 100644 b46db36... ed7667a... M policy/modules/kernel/kernel.if > :100644 100644 677f82a... f8b357c... M policy/modules/kernel/selinux.if > :100644 100644 d7ca7b2... 3723150... M policy/modules/kernel/storage.if > :100644 100644 4d9d592... 492bf76... M policy/modules/kernel/terminal.if > policy/modules/kernel/corecommands.if | 18 +++--- > policy/modules/kernel/devices.if | 64 ++++++++++++------------ > policy/modules/kernel/domain.if | 38 +++++++------- > policy/modules/kernel/files.if | 56 ++++++++++---------- > policy/modules/kernel/filesystem.if | 34 ++++++------ > policy/modules/kernel/kernel.if | 90 ++++++++++++++++---------------- > policy/modules/kernel/selinux.if | 20 ++++---- > policy/modules/kernel/storage.if | 2 +- > policy/modules/kernel/terminal.if | 24 ++++---- > 9 files changed, 173 insertions(+), 173 deletions(-) > > diff --git a/policy/modules/kernel/corecommands.if b/policy/modules/kernel/corecommands.if > index 314731b..ef1d72a 100644 > --- a/policy/modules/kernel/corecommands.if > +++ b/policy/modules/kernel/corecommands.if > @@ -131,7 +131,7 @@ interface(`corecmd_search_bin',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -167,7 +167,7 @@ interface(`corecmd_list_bin',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -410,7 +410,7 @@ interface(`corecmd_mmap_bin_files',` > ## > ## > ## > -## Domain allowed access. > +## Domain allowed to transition. > ## > ## > ## > @@ -453,7 +453,7 @@ interface(`corecmd_bin_spec_domtrans',` > ## > ## > ## > -## Domain allowed access. > +## Domain allowed to transition. > ## > ## > ## > @@ -713,7 +713,7 @@ interface(`corecmd_mmap_sbin_files',` > ## > ## > ## > -## Domain allowed access. > +## Domain allowed to transition. > ## > ## > ## > @@ -754,7 +754,7 @@ interface(`corecmd_sbin_domtrans',` > ## > ## > ## > -## Domain allowed access. > +## Domain allowed to transition. > ## > ## > ## > @@ -861,7 +861,7 @@ interface(`corecmd_exec_ls',` > ## > ## > ## > -## Domain allowed access. > +## Domain allowed to transition. > ## > ## > ## > @@ -896,7 +896,7 @@ interface(`corecmd_shell_spec_domtrans',` > ## > ## > ## > -## Domain allowed access. > +## Domain allowed to transition. > ## > ## > ## > @@ -1001,7 +1001,7 @@ interface(`corecmd_exec_all_executables',` > ## > ## > ## > -## Domain allowed access. > +## Domain allowed to not audit. > ## > ## > # > diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if > index f13a505..cac0c64 100644 > --- a/policy/modules/kernel/devices.if > +++ b/policy/modules/kernel/devices.if > @@ -77,7 +77,7 @@ interface(`dev_node',` > ## > ## > ## > -## Domain allowed to relabel. > +## Domain allowed access. > ## > ## > ## > @@ -103,7 +103,7 @@ interface(`dev_relabel_all_dev_nodes',` > ## > ## > ## > -## Domain allowed to list device nodes. > +## Domain allowed access. > ## > ## > # > @@ -140,7 +140,7 @@ interface(`dev_setattr_generic_dirs',` > ## > ## > ## > -## Domain to dontaudit listing of device nodes. > +## Domain to not audit. > ## > ## > # > @@ -158,7 +158,7 @@ interface(`dev_dontaudit_list_all_dev_nodes',` > ## > ## > ## > -## Domain allowed to add entries. > +## Domain allowed access. > ## > ## > # > @@ -176,7 +176,7 @@ interface(`dev_add_entry_generic_dirs',` > ## > ## > ## > -## Domain allowed to add entries. > +## Domain allowed access. > ## > ## > # > @@ -194,7 +194,7 @@ interface(`dev_remove_entry_generic_dirs',` > ## > ## > ## > -## Domain allowed to create the directory. > +## Domain allowed access. > ## > ## > # > @@ -213,7 +213,7 @@ interface(`dev_create_generic_dirs',` > ## > ## > ## > -## Domain allowed to create the directory. > +## Domain allowed access. > ## > ## > # > @@ -231,7 +231,7 @@ interface(`dev_delete_generic_dirs',` > ## > ## > ## > -## Domain allowed to relabel. > +## Domain allowed access. > ## > ## > # > @@ -249,7 +249,7 @@ interface(`dev_manage_generic_dirs',` > ## > ## > ## > -## Domain allowed to relabel. > +## Domain allowed access. > ## > ## > # > @@ -321,7 +321,7 @@ interface(`dev_delete_generic_files',` > ## > ## > ## > -## Domain allowed to create the files. > +## Domain allowed access. > ## > ## > # > @@ -339,7 +339,7 @@ interface(`dev_manage_generic_files',` > ## > ## > ## > -## Domain to dontaudit. > +## Domain to not audit. > ## > ## > # > @@ -375,7 +375,7 @@ interface(`dev_getattr_generic_blk_files',` > ## > ## > ## > -## Domain to dontaudit access. > +## Domain to not audit. > ## > ## > # > @@ -393,7 +393,7 @@ interface(`dev_dontaudit_getattr_generic_blk_files',` > ## > ## > ## > -## Domain to dontaudit access. > +## Domain to not audit. > ## > ## > # > @@ -465,7 +465,7 @@ interface(`dev_getattr_generic_chr_files',` > ## > ## > ## > -## Domain to dontaudit access. > +## Domain to not audit. > ## > ## > # > @@ -483,7 +483,7 @@ interface(`dev_dontaudit_getattr_generic_chr_files',` > ## > ## > ## > -## Domain to dontaudit access. > +## Domain to not audit. > ## > ## > # > @@ -682,7 +682,7 @@ interface(`dev_manage_all_dev_nodes',` > ## > ## > ## > -## Domain to dontaudit access. > +## Domain to not audit. > ## > ## > # > @@ -816,7 +816,7 @@ interface(`dev_getattr_all_blk_files',` > ## > ## > ## > -## Domain to dontaudit access. > +## Domain to not audit. > ## > ## > # > @@ -854,7 +854,7 @@ interface(`dev_getattr_all_chr_files',` > ## > ## > ## > -## Domain to dontaudit access. > +## Domain to not audit. > ## > ## > # > @@ -1636,7 +1636,7 @@ interface(`dev_rw_dri',` > ## > ## > ## > -## Domain to dontaudit access. > +## Domain to not audit. > ## > ## > # > @@ -1838,7 +1838,7 @@ interface(`dev_read_framebuffer',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -2181,7 +2181,7 @@ interface(`dev_rw_lvm_control',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -2217,7 +2217,7 @@ interface(`dev_delete_lvm_control_dev',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -2355,7 +2355,7 @@ interface(`dev_getattr_misc_dev',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -2392,7 +2392,7 @@ interface(`dev_setattr_misc_dev',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -2870,7 +2870,7 @@ interface(`dev_create_null_dev',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -3106,7 +3106,7 @@ interface(`dev_read_rand',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -3125,7 +3125,7 @@ interface(`dev_dontaudit_read_rand',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -3489,7 +3489,7 @@ interface(`dev_getattr_smartcard_dev',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -3580,7 +3580,7 @@ interface(`dev_search_sysfs',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -3665,7 +3665,7 @@ interface(`dev_read_sysfs',` > ## > ## > ## > -## The process type modifying hardware state information. > +## Domain allowed access. > ## > ## > # > @@ -3946,7 +3946,7 @@ interface(`dev_search_usbfs',` > ## > ## > ## > -## The process type getting the list. > +## Domain allowed access. > ## > ## > # > @@ -4007,7 +4007,7 @@ interface(`dev_read_usbfs',` > ## > ## > ## > -## The process type modifying the options. > +## Domain allowed access. > ## > ## > # > diff --git a/policy/modules/kernel/domain.if b/policy/modules/kernel/domain.if > index deb03ea..41f36ed 100644 > --- a/policy/modules/kernel/domain.if > +++ b/policy/modules/kernel/domain.if > @@ -402,7 +402,7 @@ interface(`domain_use_interactive_fds',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -727,7 +727,7 @@ interface(`domain_ptrace_all_domains',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -755,7 +755,7 @@ interface(`domain_dontaudit_ptrace_all_domains',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -774,7 +774,7 @@ interface(`domain_dontaudit_ptrace_confined_domains',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -799,7 +799,7 @@ interface(`domain_dontaudit_read_all_domains_state',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -836,7 +836,7 @@ interface(`domain_getsession_all_domains',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -949,7 +949,7 @@ interface(`domain_dontaudit_getattr_all_sockets',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -968,7 +968,7 @@ interface(`domain_dontaudit_getattr_all_tcp_sockets',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -987,7 +987,7 @@ interface(`domain_dontaudit_getattr_all_udp_sockets',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -1006,7 +1006,7 @@ interface(`domain_dontaudit_rw_all_udp_sockets',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -1025,7 +1025,7 @@ interface(`domain_dontaudit_getattr_all_key_sockets',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -1044,7 +1044,7 @@ interface(`domain_dontaudit_getattr_all_packet_sockets',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -1063,7 +1063,7 @@ interface(`domain_dontaudit_getattr_all_raw_sockets',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -1082,7 +1082,7 @@ interface(`domain_dontaudit_rw_all_key_sockets',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -1120,7 +1120,7 @@ interface(`domain_getattr_all_stream_sockets',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -1168,7 +1168,7 @@ interface(`domain_getattr_all_pipes',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -1187,7 +1187,7 @@ interface(`domain_dontaudit_getattr_all_pipes',` > ## > ## > ## > -## Type of subject to be allowed this. > +## Domain allowed access. > ## > ## > # > @@ -1341,7 +1341,7 @@ interface(`domain_mmap_all_entry_files',` > ## > ## > ## > -## Domain allowed access. > +## Domain allowed to transition. > ## > ## > ## > @@ -1368,7 +1368,7 @@ interface(`domain_entry_file_spec_domtrans',` > ## > ## > ## > -## Domain allowed to mmap low memory. > +## Domain allowed access. > ## > ## > # > diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if > index 28cb589..8d3dfad 100644 > --- a/policy/modules/kernel/files.if > +++ b/policy/modules/kernel/files.if > @@ -511,7 +511,7 @@ interface(`files_mounton_non_security',` > ## > ## > ## > -## Domain to allow > +## Domain allowed access. > ## > ## > # > @@ -529,7 +529,7 @@ interface(`files_write_non_security_dirs',` > ## > ## > ## > -## Domain to allow > +## Domain allowed access. > ## > ## > # > @@ -674,7 +674,7 @@ interface(`files_read_non_security_files',` > ## > ## > ## > -## The type of the domain perfoming this action. > +## Domain allowed access. > ## > ## > ## > @@ -699,7 +699,7 @@ interface(`files_read_all_dirs_except',` > ## > ## > ## > -## The type of the domain perfoming this action. > +## Domain allowed access. > ## > ## > ## > @@ -724,7 +724,7 @@ interface(`files_read_all_files_except',` > ## > ## > ## > -## The type of the domain perfoming this action. > +## Domain allowed access. > ## > ## > ## > @@ -1031,7 +1031,7 @@ interface(`files_read_all_chr_files',` > ## > ## > ## > -## The type of the domain perfoming this action. > +## Domain allowed access. > ## > ## > ## > @@ -1069,7 +1069,7 @@ interface(`files_relabel_all_files',` > ## > ## > ## > -## The type of the domain perfoming this action. > +## Domain allowed access. > ## > ## > ## > @@ -1095,7 +1095,7 @@ interface(`files_rw_all_files',` > ## > ## > ## > -## The type of the domain perfoming this action. > +## Domain allowed access. > ## > ## > ## > @@ -1168,7 +1168,7 @@ interface(`files_list_all',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -1281,7 +1281,7 @@ interface(`files_unmount_all_file_type_fs',` > ## > ## > ## > -## The type of domain performing this action > +## Domain allowed access. > ## > ## > ## > @@ -1300,7 +1300,7 @@ interface(`files_manage_config_dirs',` > ## > ## > ## > -## Type of domain performing this action > +## Domain allowed access. > ## > ## > ## > @@ -1339,7 +1339,7 @@ interface(`files_read_config_files',` > ## > ## > ## > -## The type of domain performing this action > +## Domain allowed access. > ## > ## > ## > @@ -1358,7 +1358,7 @@ interface(`files_manage_config_files',` > ## > ## > ## > -## Type of domain performing this action > +## Domain allowed access. > ## > ## > ## > @@ -1470,7 +1470,7 @@ interface(`files_list_root',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -1537,7 +1537,7 @@ interface(`files_dontaudit_read_root_files',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -1556,7 +1556,7 @@ interface(`files_dontaudit_rw_root_files',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -1683,7 +1683,7 @@ interface(`files_search_boot',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -2715,7 +2715,7 @@ interface(`files_getattr_isid_type_dirs',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -2943,7 +2943,7 @@ interface(`files_delete_isid_type_blk_files',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -3792,7 +3792,7 @@ interface(`files_search_tmp',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -4010,7 +4010,7 @@ interface(`files_dontaudit_getattr_all_tmp_files',` > ## > ## > ## > -## Domain not to audit. > +## Domain allowed access. > ## > ## > # > @@ -4209,7 +4209,7 @@ interface(`files_rw_usr_dirs',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -4339,7 +4339,7 @@ interface(`files_exec_usr_files',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -4630,7 +4630,7 @@ interface(`files_dontaudit_write_var_dirs',` > ## > ## > ## > -## Domain to not audit. > +## Domain allowed access. > ## > ## > # > @@ -4741,7 +4741,7 @@ interface(`files_rw_var_files',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -5455,7 +5455,7 @@ interface(`files_rw_generic_pids',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -5473,7 +5473,7 @@ interface(`files_dontaudit_getattr_all_pids',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -5491,7 +5491,7 @@ interface(`files_dontaudit_write_all_pids',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if > index 9b79f4a..e3e17ba 100644 > --- a/policy/modules/kernel/filesystem.if > +++ b/policy/modules/kernel/filesystem.if > @@ -330,7 +330,7 @@ interface(`fs_rw_anon_inodefs_files',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -1084,7 +1084,7 @@ interface(`fs_read_noxattr_fs_files',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -1204,7 +1204,7 @@ interface(`fs_append_cifs_files',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > ## > @@ -1343,7 +1343,7 @@ interface(`fs_manage_cifs_dirs',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -1478,7 +1478,7 @@ interface(`fs_manage_cifs_named_sockets',` > ## > ## > ## > -## Domain allowed access. > +## Domain allowed to transition. > ## > ## > ## > @@ -1999,7 +1999,7 @@ interface(`fs_list_inotifyfs',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -2412,7 +2412,7 @@ interface(`fs_append_nfs_files',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > ## > @@ -2469,7 +2469,7 @@ interface(`fs_read_nfs_symlinks',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -2918,7 +2918,7 @@ interface(`fs_manage_nfs_named_sockets',` > ## > ## > ## > -## Domain allowed access. > +## Domain allowed to transition. > ## > ## > ## > @@ -3197,7 +3197,7 @@ interface(`fs_search_ramfs',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -3234,7 +3234,7 @@ interface(`fs_manage_ramfs_dirs',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -3252,7 +3252,7 @@ interface(`fs_dontaudit_read_ramfs_files',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -3308,7 +3308,7 @@ interface(`fs_write_ramfs_pipes',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -3677,7 +3677,7 @@ interface(`fs_getattr_tmpfs_dirs',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -3947,7 +3947,7 @@ interface(`fs_rw_tmpfs_chr_files',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -4341,7 +4341,7 @@ interface(`fs_dontaudit_getattr_all_fs',` > ## > ## > ## > -## The type of the domain getting quotas. > +## Domain allowed access. > ## > ## > ## > @@ -4360,7 +4360,7 @@ interface(`fs_get_all_fs_quotas',` > ## > ## > ## > -## The type of the domain setting quotas. > +## Domain allowed access. > ## > ## > ## > diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if > index b46db36..ed7667a 100644 > --- a/policy/modules/kernel/kernel.if > +++ b/policy/modules/kernel/kernel.if > @@ -130,7 +130,7 @@ interface(`kernel_setsched',` > ## > ## > ## > -## The type of the process sending the signal. > +## Domain allowed access. > ## > ## > # > @@ -148,7 +148,7 @@ interface(`kernel_sigchld',` > ## > ## > ## > -## The type of the process sending the signal. > +## Domain allowed access. > ## > ## > # > @@ -166,7 +166,7 @@ interface(`kernel_kill',` > ## > ## > ## > -## The type of the process sending the signal. > +## Domain allowed access. > ## > ## > # > @@ -203,7 +203,7 @@ interface(`kernel_share_state',` > ## > ## > ## > -## The type of the process using the descriptors. > +## Domain allowed access. > ## > ## > # > @@ -336,7 +336,7 @@ interface(`kernel_udp_recvfrom',` > ## > ## > ## > -## The process type to allow to load kernel modules. > +## Domain allowed access. > ## > ## > # > @@ -378,7 +378,7 @@ interface(`kernel_search_key',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -414,7 +414,7 @@ interface(`kernel_link_key',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -432,7 +432,7 @@ interface(`kernel_dontaudit_link_key',` > ## > ## > ## > -## The process type allowed to read the ring buffer. > +## Domain allowed access. > ## > ## > ## > @@ -451,7 +451,7 @@ interface(`kernel_read_ring_buffer',` > ## > ## > ## > -## The domain to not audit. > +## Domain to not audit. > ## > ## > # > @@ -488,7 +488,7 @@ interface(`kernel_change_ring_buffer_level',` > ## > ## > ## > -## The process type clearing the buffer. > +## Domain allowed access. > ## > ## > ## > @@ -592,7 +592,7 @@ interface(`kernel_getattr_debugfs',` > ## > ## > ## > -## The type of the domain mounting the filesystem. > +## Domain allowed access. > ## > ## > # > @@ -610,7 +610,7 @@ interface(`kernel_mount_debugfs',` > ## > ## > ## > -## The type of the domain unmounting the filesystem. > +## Domain allowed access. > ## > ## > # > @@ -628,7 +628,7 @@ interface(`kernel_unmount_debugfs',` > ## > ## > ## > -## The type of the domain remounting the filesystem. > +## Domain allowed access. > ## > ## > # > @@ -664,7 +664,7 @@ interface(`kernel_search_debugfs',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -702,7 +702,7 @@ interface(`kernel_read_debugfs',` > ## > ## > ## > -## The type of the domain mounting the filesystem. > +## Domain allowed access. > ## > ## > # > @@ -720,7 +720,7 @@ interface(`kernel_mount_kvmfs',` > ## > ## > ## > -## The type of the domain unmounting the filesystem. > +## Domain allowed access. > ## > ## > # > @@ -922,7 +922,7 @@ interface(`kernel_write_proc_files',` > ## > ## > ## > -## The process type not to audit. > +## Domain to not audit. > ## > ## > # > @@ -941,7 +941,7 @@ interface(`kernel_dontaudit_read_system_state',` > ## > ## > ## > -## The process type not to audit. > +## Domain to not audit. > ## > ## > # > @@ -979,7 +979,7 @@ interface(`kernel_rw_afs_state',` > ## > ## > ## > -## The process type reading software raid state. > +## Domain allowed access. > ## > ## > ## > @@ -1000,7 +1000,7 @@ interface(`kernel_read_software_raid_state',` > ## > ## > ## > -## The process type reading software raid state. > +## Domain allowed access. > ## > ## > # > @@ -1020,7 +1020,7 @@ interface(`kernel_rw_software_raid_state',` > ## > ## > ## > -## The process type getting the attibutes. > +## Domain allowed access. > ## > ## > # > @@ -1041,7 +1041,7 @@ interface(`kernel_getattr_core_if',` > ## > ## > ## > -## The process type to not audit. > +## Domain to not audit. > ## > ## > # > @@ -1083,7 +1083,7 @@ interface(`kernel_read_core_if',` > ## > ## > ## > -## The process type reading the messages. > +## Domain allowed access. > ## > ## > # > @@ -1105,7 +1105,7 @@ interface(`kernel_read_messages',` > ## > ## > ## > -## The process type getting the attributes. > +## Domain allowed access. > ## > ## > # > @@ -1124,7 +1124,7 @@ interface(`kernel_getattr_message_if',` > ## > ## > ## > -## The process type not to audit. > +## Domain to not audit. > ## > ## > # > @@ -1143,7 +1143,7 @@ interface(`kernel_dontaudit_getattr_message_if',` > ## > ## > ## > -## The process type reading the state. > +## Domain to not audit. > ## > ## > ## > @@ -1162,7 +1162,7 @@ interface(`kernel_dontaudit_search_network_state',` > ## > ## > ## > -## The process type reading the state. > +## Domain allowed access. > ## > ## > ## > @@ -1214,7 +1214,7 @@ interface(`kernel_read_network_state',` > ## > ## > ## > -## The process type reading the state. > +## Domain allowed access. > ## > ## > # > @@ -1234,7 +1234,7 @@ interface(`kernel_read_network_state_symlinks',` > ## > ## > ## > -## The process type reading the state. > +## Domain allowed access. > ## > ## > ## > @@ -1254,7 +1254,7 @@ interface(`kernel_search_xen_state',` > ## > ## > ## > -## The process type reading the state. > +## Domain to not audit. > ## > ## > ## > @@ -1273,7 +1273,7 @@ interface(`kernel_dontaudit_search_xen_state',` > ## > ## > ## > -## The process type reading the state. > +## Domain allowed access. > ## > ## > ## > @@ -1295,7 +1295,7 @@ interface(`kernel_read_xen_state',` > ## > ## > ## > -## The process type reading the state. > +## Domain allowed access. > ## > ## > ## > @@ -1316,7 +1316,7 @@ interface(`kernel_read_xen_state_symlinks',` > ## > ## > ## > -## The process type writing the state. > +## Domain allowed access. > ## > ## > ## > @@ -1335,7 +1335,7 @@ interface(`kernel_write_xen_state',` > ## > ## > ## > -## Domain to not audit. > +## Domain allowed access. > ## > ## > # > @@ -1374,7 +1374,7 @@ interface(`kernel_dontaudit_list_all_proc',` > ## > ## > ## > -## The process type not to audit. > +## Domain to not audit. > ## > ## > ## > @@ -1393,7 +1393,7 @@ interface(`kernel_dontaudit_search_sysctl',` > ## > ## > ## > -## The process type to allow to read sysctl directories. > +## Domain allowed access. > ## > ## > ## > @@ -1413,7 +1413,7 @@ interface(`kernel_read_sysctl',` > ## > ## > ## > -## The process type to allow to read the device sysctls. > +## Domain allowed access. > ## > ## > ## > @@ -1535,7 +1535,7 @@ interface(`kernel_search_network_sysctl',` > ## > ## > ## > -## The process type not to audit. > +## Domain to not audit. > ## > ## > # > @@ -2052,7 +2052,7 @@ interface(`kernel_kill_unlabeled',` > ## > ## > ## > -## The type of the domain mounting the filesystem. > +## Domain allowed access. > ## > ## > # > @@ -2253,7 +2253,7 @@ interface(`kernel_rw_unlabeled_files',` > ## > ## > ## > -## The process type not to audit. > +## Domain to not audit. > ## > ## > # > @@ -2291,7 +2291,7 @@ interface(`kernel_dontaudit_read_unlabeled_files',` > ## > ## > ## > -## The process type not to audit. > +## Domain to not audit. > ## > ## > # > @@ -2310,7 +2310,7 @@ interface(`kernel_dontaudit_getattr_unlabeled_symlinks',` > ## > ## > ## > -## The process type not to audit. > +## Domain to not audit. > ## > ## > # > @@ -2329,7 +2329,7 @@ interface(`kernel_dontaudit_getattr_unlabeled_pipes',` > ## > ## > ## > -## The process type not to audit. > +## Domain to not audit. > ## > ## > # > @@ -2348,7 +2348,7 @@ interface(`kernel_dontaudit_getattr_unlabeled_sockets',` > ## > ## > ## > -## The process type not to audit. > +## Domain to not audit. > ## > ## > # > @@ -2385,7 +2385,7 @@ interface(`kernel_rw_unlabeled_blk_files',` > ## > ## > ## > -## The process type not to audit. > +## Domain to not audit. > ## > ## > # > diff --git a/policy/modules/kernel/selinux.if b/policy/modules/kernel/selinux.if > index 677f82a..f8b357c 100644 > --- a/policy/modules/kernel/selinux.if > +++ b/policy/modules/kernel/selinux.if > @@ -213,7 +213,7 @@ interface(`selinux_dontaudit_read_fs',` > ## > ## > ## > -## The process type to allow to get the enforcing mode. > +## Domain allowed access. > ## > ## > ## > @@ -244,7 +244,7 @@ interface(`selinux_get_enforce_mode',` > ## > ## > ## > -## The process type to allow to set the enforcement mode. > +## Domain allowed access. > ## > ## > ## > @@ -276,7 +276,7 @@ interface(`selinux_set_enforce_mode',` > ## > ## > ## > -## The process type that will load the policy. > +## Domain allowed access. > ## > ## > # > @@ -323,7 +323,7 @@ interface(`selinux_load_policy',` > ## > ## > ## > -## The process type allowed to set the Boolean. > +## Domain allowed access. > ## > ## > ## > @@ -350,7 +350,7 @@ interface(`selinux_set_boolean',` > ## > ## > ## > -## The process type allowed to set the Boolean. > +## Domain allowed access. > ## > ## > ## > @@ -391,7 +391,7 @@ interface(`selinux_set_generic_booleans',` > ## > ## > ## > -## The process type allowed to set the Boolean. > +## Domain allowed access. > ## > ## > ## > @@ -433,7 +433,7 @@ interface(`selinux_set_all_booleans',` > ## > ## > ## > -## The process type to allow to set security parameters. > +## Domain allowed access. > ## > ## > ## > @@ -457,7 +457,7 @@ interface(`selinux_set_parameters',` > ## > ## > ## > -## The process type permitted to validate contexts. > +## Domain allowed access. > ## > ## > ## > @@ -499,7 +499,7 @@ interface(`selinux_dontaudit_validate_context',` > ## > ## > ## > -## The process type allowed to compute an access vector. > +## Domain allowed access. > ## > ## > ## > @@ -591,7 +591,7 @@ interface(`selinux_compute_relabel_context',` > ## > ## > ## > -## The process type allowed to compute user contexts. > +## Domain allowed access. > ## > ## > # > diff --git a/policy/modules/kernel/storage.if b/policy/modules/kernel/storage.if > index d7ca7b2..3723150 100644 > --- a/policy/modules/kernel/storage.if > +++ b/policy/modules/kernel/storage.if > @@ -351,7 +351,7 @@ interface(`storage_getattr_fuse_dev',` > ## > ## > ## > -## Domain to not audit. > +## Domain allowed access. > ## > ## > # > diff --git a/policy/modules/kernel/terminal.if b/policy/modules/kernel/terminal.if > index 4d9d592..492bf76 100644 > --- a/policy/modules/kernel/terminal.if > +++ b/policy/modules/kernel/terminal.if > @@ -245,7 +245,7 @@ interface(`term_read_console',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > ## > @@ -285,7 +285,7 @@ interface(`term_use_console',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -420,7 +420,7 @@ interface(`term_search_ptys',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -557,7 +557,7 @@ interface(`term_setattr_generic_ptys',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -676,7 +676,7 @@ interface(`term_dontaudit_getattr_ptmx',` > ## > ## > ## > -## The type of the process to allow access. > +## Domain allowed access. > ## > ## > # > @@ -739,7 +739,7 @@ interface(`term_getattr_all_ptys',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -1028,7 +1028,7 @@ interface(`term_getattr_unallocated_ttys',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -1068,7 +1068,7 @@ interface(`term_setattr_unallocated_ttys',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -1087,7 +1087,7 @@ interface(`term_dontaudit_setattr_unallocated_ttys',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -1245,7 +1245,7 @@ interface(`term_getattr_all_ttys',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -1343,7 +1343,7 @@ interface(`term_use_all_ttys',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > @@ -1380,7 +1380,7 @@ interface(`term_getattr_all_user_ttys',` > ## > ## > ## > -## Domain allowed access. > +## Domain to not audit. > ## > ## > # > > > > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com