diff options
author | Sumit Bose <sbose@nb.localdomain> | 2008-10-28 12:28:05 +0100 |
---|---|---|
committer | Sumit Bose <sbose@nb.localdomain> | 2008-10-28 12:28:05 +0100 |
commit | 3ef36ce787eaf4783620cba0d4b0e99d9ace510e (patch) | |
tree | d3fd10b39eadf78ac38b89a77bc667d6e1a0ed14 /selinux_booleans | |
parent | ce40359ac25a6fa9a5cef333e8638528ec2cd665 (diff) | |
download | ipa_policy-3ef36ce787eaf4783620cba0d4b0e99d9ace510e.tar.gz ipa_policy-3ef36ce787eaf4783620cba0d4b0e99d9ace510e.tar.xz ipa_policy-3ef36ce787eaf4783620cba0d4b0e99d9ace510e.zip |
modified selinux_boolean for easier parsing
Diffstat (limited to 'selinux_booleans')
-rw-r--r-- | selinux_booleans/selinux_booleans.rng | 479 | ||||
-rw-r--r-- | selinux_booleans/selinux_booleans_example_policy.xml | 10 |
2 files changed, 134 insertions, 355 deletions
diff --git a/selinux_booleans/selinux_booleans.rng b/selinux_booleans/selinux_booleans.rng index 5402ce8..fdb9025 100644 --- a/selinux_booleans/selinux_booleans.rng +++ b/selinux_booleans/selinux_booleans.rng @@ -26,359 +26,132 @@ xmlns:pa="http://freeipa.org/xml/rng/ns/plugable_architecture/1.0"> <element name="ipaconfig"> <oneOrMore> - <choice> - <element name="allow_console_login"> - <data type="boolean"/> - </element> - <element name="allow_cvs_read_shadow"> - <data type="boolean"/> - </element> - <element name="allow_daemons_dump_core"> - <data type="boolean"/> - </element> - <element name="allow_daemons_use_tty"> - <data type="boolean"/> - </element> - <element name="allow_domain_fd_use"> - <data type="boolean"/> - </element> - <element name="allow_execheap"> - <data type="boolean"/> - </element> - <element name="allow_execmem"> - <data type="boolean"/> - </element> - <element name="allow_execmod"> - <data type="boolean"/> - </element> - <element name="allow_execstack"> - <data type="boolean"/> - </element> - <element name="allow_ftpd_anon_write"> - <data type="boolean"/> - </element> - <element name="allow_ftpd_full_access"> - <data type="boolean"/> - </element> - <element name="allow_ftpd_use_cifs"> - <data type="boolean"/> - </element> - <element name="allow_ftpd_use_nfs"> - <data type="boolean"/> - </element> - <element name="allow_gadmin_exec_content"> - <data type="boolean"/> - </element> - <element name="allow_gssd_read_tmp"> - <data type="boolean"/> - </element> - <element name="allow_guest_exec_content"> - <data type="boolean"/> - </element> - <element name="allow_httpd_anon_write"> - <data type="boolean"/> - </element> - <element name="allow_httpd_dbus_avahi"> - <data type="boolean"/> - </element> - <element name="allow_httpd_mod_auth_ntlm_winbind"> - <data type="boolean"/> - </element> - <element name="allow_httpd_mod_auth_pam"> - <data type="boolean"/> - </element> - <element name="allow_httpd_sys_script_anon_write"> - <data type="boolean"/> - </element> - <element name="allow_kerberos"> - <data type="boolean"/> - </element> - <element name="allow_mount_anyfile"> - <data type="boolean"/> - </element> - <element name="allow_mplayer_execstack"> - <data type="boolean"/> - </element> - <element name="allow_nfsd_anon_write"> - <data type="boolean"/> - </element> - <element name="allow_nsplugin_execmem"> - <data type="boolean"/> - </element> - <element name="allow_polyinstantiation"> - <data type="boolean"/> - </element> - <element name="allow_postfix_local_write_mail_spool"> - <data type="boolean"/> - </element> - <element name="allow_ptrace"> - <data type="boolean"/> - </element> - <element name="allow_qemu_full_network"> - <data type="boolean"/> - </element> - <element name="allow_read_x_device"> - <data type="boolean"/> - </element> - <element name="allow_rsync_anon_write"> - <data type="boolean"/> - </element> - <element name="allow_saslauthd_read_shadow"> - <data type="boolean"/> - </element> - <element name="allow_smbd_anon_write"> - <data type="boolean"/> - </element> - <element name="allow_ssh_keysign"> - <data type="boolean"/> - </element> - <element name="allow_staff_exec_content"> - <data type="boolean"/> - </element> - <element name="allow_sysadm_exec_content"> - <data type="boolean"/> - </element> - <element name="allow_unconfined_exec_content"> - <data type="boolean"/> - </element> - <element name="allow_unconfined_mmap_low"> - <data type="boolean"/> - </element> - <element name="allow_unconfined_nsplugin_transition"> - <data type="boolean"/> - </element> - <element name="allow_unconfined_qemu_transition"> - <data type="boolean"/> - </element> - <element name="allow_user_exec_content"> - <data type="boolean"/> - </element> - <element name="allow_user_postgresql_connect"> - <data type="boolean"/> - </element> - <element name="allow_write_xshm"> - <data type="boolean"/> - </element> - <element name="allow_xguest_exec_content"> - <data type="boolean"/> - </element> - <element name="allow_xserver_execmem"> - <data type="boolean"/> - </element> - <element name="allow_ypbind"> - <data type="boolean"/> - </element> - <element name="allow_zebra_write_config"> - <data type="boolean"/> - </element> - <element name="browser_confine_xguest"> - <data type="boolean"/> - </element> - <element name="browser_write_xguest_data"> - <data type="boolean"/> - </element> - <element name="cdrecord_read_content"> - <data type="boolean"/> - </element> - <element name="exim_can_connect_db"> - <data type="boolean"/> - </element> - <element name="exim_manage_user_files"> - <data type="boolean"/> - </element> - <element name="exim_read_user_files"> - <data type="boolean"/> - </element> - <element name="fcron_crond"> - <data type="boolean"/> - </element> - <element name="ftp_home_dir"> - <data type="boolean"/> - </element> - <element name="global_ssp"> - <data type="boolean"/> - </element> - <element name="httpd_builtin_scripting"> - <data type="boolean"/> - </element> - <element name="httpd_can_network_connect"> - <data type="boolean"/> - </element> - <element name="httpd_can_network_connect_db"> - <data type="boolean"/> - </element> - <element name="httpd_can_network_relay"> - <data type="boolean"/> - </element> - <element name="httpd_can_sendmail"> - <data type="boolean"/> - </element> - <element name="httpd_enable_cgi"> - <data type="boolean"/> - </element> - <element name="httpd_enable_ftp_server"> - <data type="boolean"/> - </element> - <element name="httpd_enable_homedirs"> - <data type="boolean"/> - </element> - <element name="httpd_execmem"> - <data type="boolean"/> - </element> - <element name="httpd_ssi_exec"> - <data type="boolean"/> - </element> - <element name="httpd_tty_comm"> - <data type="boolean"/> - </element> - <element name="httpd_unified"> - <data type="boolean"/> - </element> - <element name="httpd_use_cifs"> - <data type="boolean"/> - </element> - <element name="httpd_use_nfs"> - <data type="boolean"/> - </element> - <element name="named_write_master_zones"> - <data type="boolean"/> - </element> - <element name="nfs_export_all_ro"> - <data type="boolean"/> - </element> - <element name="nfs_export_all_rw"> - <data type="boolean"/> - </element> - <element name="openvpn_enable_homedirs"> - <data type="boolean"/> - </element> - <element name="pppd_can_insmod"> - <data type="boolean"/> - </element> - <element name="pppd_for_user"> - <data type="boolean"/> - </element> - <element name="qemu_use_cifs"> - <data type="boolean"/> - </element> - <element name="qemu_use_nfs"> - <data type="boolean"/> - </element> - <element name="read_default_t"> - <data type="boolean"/> - </element> - <element name="read_untrusted_content"> - <data type="boolean"/> - </element> - <element name="rsync_export_all_ro"> - <data type="boolean"/> - </element> - <element name="samba_domain_controller"> - <data type="boolean"/> - </element> - <element name="samba_enable_home_dirs"> - <data type="boolean"/> - </element> - <element name="samba_export_all_ro"> - <data type="boolean"/> - </element> - <element name="samba_export_all_rw"> - <data type="boolean"/> - </element> - <element name="samba_run_unconfined"> - <data type="boolean"/> - </element> - <element name="samba_share_fusefs"> - <data type="boolean"/> - </element> - <element name="samba_share_nfs"> - <data type="boolean"/> - </element> - <element name="secure_mode"> - <data type="boolean"/> - </element> - <element name="secure_mode_insmod"> - <data type="boolean"/> - </element> - <element name="secure_mode_policyload"> - <data type="boolean"/> - </element> - <element name="sepgsql_enable_users_ddl"> - <data type="boolean"/> - </element> - <element name="spamassassin_can_network"> - <data type="boolean"/> - </element> - <element name="spamd_enable_home_dirs"> - <data type="boolean"/> - </element> - <element name="squid_connect_any"> - <data type="boolean"/> - </element> - <element name="ssh_sysadm_login"> - <data type="boolean"/> - </element> - <element name="tftp_anon_write"> - <data type="boolean"/> - </element> - <element name="use_lpd_server"> - <data type="boolean"/> - </element> - <element name="use_nfs_home_dirs"> - <data type="boolean"/> - </element> - <element name="use_samba_home_dirs"> - <data type="boolean"/> - </element> - <element name="user_direct_mouse"> - <data type="boolean"/> - </element> - <element name="user_ping"> - <data type="boolean"/> - </element> - <element name="user_rw_noexattrfile"> - <data type="boolean"/> - </element> - <element name="user_tcp_server"> - <data type="boolean"/> - </element> - <element name="user_ttyfile_stat"> - <data type="boolean"/> - </element> - <element name="virt_use_nfs"> - <data type="boolean"/> - </element> - <element name="virt_use_samba"> - <data type="boolean"/> - </element> - <element name="webadm_manage_user_files"> - <data type="boolean"/> - </element> - <element name="webadm_read_user_files"> - <data type="boolean"/> - </element> - <element name="write_untrusted_content"> - <data type="boolean"/> - </element> - <element name="xdm_sysadm_login"> - <data type="boolean"/> - </element> - <element name="xen_use_nfs"> - <data type="boolean"/> - </element> - <element name="xguest_connect_network"> - <data type="boolean"/> - </element> - <element name="xguest_mount_media"> - <data type="boolean"/> - </element> - <element name="xguest_use_bluetooth"> - <data type="boolean"/> - </element> - <element name="xserver_object_manager"> - <data type="boolean"/> - </element> - </choice> + <element name="selinux_boolean"> + <element name="name"> + <choice> + <value>allow_console_login</value> + <value>allow_cvs_read_shadow</value> + <value>allow_daemons_dump_core</value> + <value>allow_daemons_use_tty</value> + <value>allow_domain_fd_use</value> + <value>allow_execheap</value> + <value>allow_execmem</value> + <value>allow_execmod</value> + <value>allow_execstack</value> + <value>allow_ftpd_anon_write</value> + <value>allow_ftpd_full_access</value> + <value>allow_ftpd_use_cifs</value> + <value>allow_ftpd_use_nfs</value> + <value>allow_gadmin_exec_content</value> + <value>allow_gssd_read_tmp</value> + <value>allow_guest_exec_content</value> + <value>allow_httpd_anon_write</value> + <value>allow_httpd_dbus_avahi</value> + <value>allow_httpd_mod_auth_ntlm_winbind</value> + <value>allow_httpd_mod_auth_pam</value> + <value>allow_httpd_sys_script_anon_write</value> + <value>allow_kerberos</value> + <value>allow_mount_anyfile</value> + <value>allow_mplayer_execstack</value> + <value>allow_nfsd_anon_write</value> + <value>allow_nsplugin_execmem</value> + <value>allow_polyinstantiation</value> + <value>allow_postfix_local_write_mail_spool</value> + <value>allow_ptrace</value> + <value>allow_qemu_full_network</value> + <value>allow_read_x_device</value> + <value>allow_rsync_anon_write</value> + <value>allow_saslauthd_read_shadow</value> + <value>allow_smbd_anon_write</value> + <value>allow_ssh_keysign</value> + <value>allow_staff_exec_content</value> + <value>allow_sysadm_exec_content</value> + <value>allow_unconfined_exec_content</value> + <value>allow_unconfined_mmap_low</value> + <value>allow_unconfined_nsplugin_transition</value> + <value>allow_unconfined_qemu_transition</value> + <value>allow_user_exec_content</value> + <value>allow_user_postgresql_connect</value> + <value>allow_write_xshm</value> + <value>allow_xguest_exec_content</value> + <value>allow_xserver_execmem</value> + <value>allow_ypbind</value> + <value>allow_zebra_write_config</value> + <value>browser_confine_xguest</value> + <value>browser_write_xguest_data</value> + <value>cdrecord_read_content</value> + <value>exim_can_connect_db</value> + <value>exim_manage_user_files</value> + <value>exim_read_user_files</value> + <value>fcron_crond</value> + <value>ftp_home_dir</value> + <value>global_ssp</value> + <value>httpd_builtin_scripting</value> + <value>httpd_can_network_connect</value> + <value>httpd_can_network_connect_db</value> + <value>httpd_can_network_relay</value> + <value>httpd_can_sendmail</value> + <value>httpd_enable_cgi</value> + <value>httpd_enable_ftp_server</value> + <value>httpd_enable_homedirs</value> + <value>httpd_execmem</value> + <value>httpd_ssi_exec</value> + <value>httpd_tty_comm</value> + <value>httpd_unified</value> + <value>httpd_use_cifs</value> + <value>httpd_use_nfs</value> + <value>named_write_master_zones</value> + <value>nfs_export_all_ro</value> + <value>nfs_export_all_rw</value> + <value>openvpn_enable_homedirs</value> + <value>pppd_can_insmod</value> + <value>pppd_for_user</value> + <value>qemu_use_cifs</value> + <value>qemu_use_nfs</value> + <value>read_default_t</value> + <value>read_untrusted_content</value> + <value>rsync_export_all_ro</value> + <value>samba_domain_controller</value> + <value>samba_enable_home_dirs</value> + <value>samba_export_all_ro</value> + <value>samba_export_all_rw</value> + <value>samba_run_unconfined</value> + <value>samba_share_fusefs</value> + <value>samba_share_nfs</value> + <value>secure_mode</value> + <value>secure_mode_insmod</value> + <value>secure_mode_policyload</value> + <value>sepgsql_enable_users_ddl</value> + <value>spamassassin_can_network</value> + <value>spamd_enable_home_dirs</value> + <value>squid_connect_any</value> + <value>ssh_sysadm_login</value> + <value>tftp_anon_write</value> + <value>use_lpd_server</value> + <value>use_nfs_home_dirs</value> + <value>use_samba_home_dirs</value> + <value>user_direct_mouse</value> + <value>user_ping</value> + <value>user_rw_noexattrfile</value> + <value>user_tcp_server</value> + <value>user_ttyfile_stat</value> + <value>virt_use_nfs</value> + <value>virt_use_samba</value> + <value>webadm_manage_user_files</value> + <value>webadm_read_user_files</value> + <value>write_untrusted_content</value> + <value>xdm_sysadm_login</value> + <value>xen_use_nfs</value> + <value>xguest_connect_network</value> + <value>xguest_mount_media</value> + <value>xguest_use_bluetooth</value> + <value>xserver_object_manager</value> + </choice> + </element> <!-- name --> + <element name="value"> + <data type="boolean"/> + </element> + </element> <!-- selinux_boolean --> </oneOrMore> </element> <!-- ipaconfig --> </element> <!-- ipa --> diff --git a/selinux_booleans/selinux_booleans_example_policy.xml b/selinux_booleans/selinux_booleans_example_policy.xml index a666789..9e79ee0 100644 --- a/selinux_booleans/selinux_booleans_example_policy.xml +++ b/selinux_booleans/selinux_booleans_example_policy.xml @@ -10,8 +10,14 @@ </metadata> <ipaconfig> - <webadm_manage_user_files>true</webadm_manage_user_files> - <ssh_sysadm_login>false</ssh_sysadm_login> + <selinux_boolean> + <name>webadm_manage_user_files</name> + <value>true</value> + </selinux_boolean> + <selinux_boolean> + <name>ssh_sysadm_login</name> + <value>false</value> + </selinux_boolean> </ipaconfig> </ipa> |