diff options
| author | Sumit Bose <sbose@nb.localdomain> | 2008-10-23 16:44:05 +0200 |
|---|---|---|
| committer | Sumit Bose <sbose@nb.localdomain> | 2008-10-23 16:44:05 +0200 |
| commit | a3ba3bc9399d8f36380b8cb68f7b0ca1084c1929 (patch) | |
| tree | 87452617dcbda39b495f8d498bf837fde29b3f15 /selinux_booleans | |
| parent | 2b0a5715646cba3c1fb4c9291779a631aaa653b6 (diff) | |
| download | ipa_policy-a3ba3bc9399d8f36380b8cb68f7b0ca1084c1929.tar.gz ipa_policy-a3ba3bc9399d8f36380b8cb68f7b0ca1084c1929.tar.xz ipa_policy-a3ba3bc9399d8f36380b8cb68f7b0ca1084c1929.zip | |
added new selinux_booleans and policykit_roles policies
Diffstat (limited to 'selinux_booleans')
| -rw-r--r-- | selinux_booleans/selinux_booleans.rng | 386 | ||||
| -rw-r--r-- | selinux_booleans/selinux_booleans_example_policy.xml | 17 |
2 files changed, 403 insertions, 0 deletions
diff --git a/selinux_booleans/selinux_booleans.rng b/selinux_booleans/selinux_booleans.rng new file mode 100644 index 0000000..5402ce8 --- /dev/null +++ b/selinux_booleans/selinux_booleans.rng @@ -0,0 +1,386 @@ +<?xml version="1.0" encoding="utf-8"?> +<grammar ns="http://freeipa.org/xml/rng/selinux_booleans/1.0" +xmlns="http://relaxng.org/ns/structure/1.0" +datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes" +xmlns:a="http://relaxng.org/ns/compatibility/annotations/1.0" +xmlns:s="http://purl.oclc.org/dsdl/schematron" +xmlns:pa="http://freeipa.org/xml/rng/ns/plugable_architecture/1.0"> + + <a:documentation>SELinux Booleans</a:documentation> + + <a:documentation>The following section can be used to register the RNG schema file for the UI</a:documentation> + <a:name>selinux_booleans</a:name> + <a:description>modify SELinux booleans</a:description> + <a:author>sbose@redhat.com</a:author> + <a:version>0.1</a:version> + + <define name="rng_filename"><value>selinux_booleans.rng</value></define> + <define name="xslt_filename"><value>selinux_booleans.xslt</value></define> + <define name="application_name"><value>selinux_booleans</value></define> + <include href="policy_metadata.rng"/> + + <start ns="http://freeipa.org/xml/rng/selinux_booleans/1.0"> + <element name="ipa"> + + <ref name="policy_metadata"/> + + <element name="ipaconfig"> + <oneOrMore> + <choice> + <element name="allow_console_login"> + <data type="boolean"/> + </element> + <element name="allow_cvs_read_shadow"> + <data type="boolean"/> + </element> + <element name="allow_daemons_dump_core"> + <data type="boolean"/> + </element> + <element name="allow_daemons_use_tty"> + <data type="boolean"/> + </element> + <element name="allow_domain_fd_use"> + <data type="boolean"/> + </element> + <element name="allow_execheap"> + <data type="boolean"/> + </element> + <element name="allow_execmem"> + <data type="boolean"/> + </element> + <element name="allow_execmod"> + <data type="boolean"/> + </element> + <element name="allow_execstack"> + <data type="boolean"/> + </element> + <element name="allow_ftpd_anon_write"> + <data type="boolean"/> + </element> + <element name="allow_ftpd_full_access"> + <data type="boolean"/> + </element> + <element name="allow_ftpd_use_cifs"> + <data type="boolean"/> + </element> + <element name="allow_ftpd_use_nfs"> + <data type="boolean"/> + </element> + <element name="allow_gadmin_exec_content"> + <data type="boolean"/> + </element> + <element name="allow_gssd_read_tmp"> + <data type="boolean"/> + </element> + <element name="allow_guest_exec_content"> + <data type="boolean"/> + </element> + <element name="allow_httpd_anon_write"> + <data type="boolean"/> + </element> + <element name="allow_httpd_dbus_avahi"> + <data type="boolean"/> + </element> + <element name="allow_httpd_mod_auth_ntlm_winbind"> + <data type="boolean"/> + </element> + <element name="allow_httpd_mod_auth_pam"> + <data type="boolean"/> + </element> + <element name="allow_httpd_sys_script_anon_write"> + <data type="boolean"/> + </element> + <element name="allow_kerberos"> + <data type="boolean"/> + </element> + <element name="allow_mount_anyfile"> + <data type="boolean"/> + </element> + <element name="allow_mplayer_execstack"> + <data type="boolean"/> + </element> + <element name="allow_nfsd_anon_write"> + <data type="boolean"/> + </element> + <element name="allow_nsplugin_execmem"> + <data type="boolean"/> + </element> + <element name="allow_polyinstantiation"> + <data type="boolean"/> + </element> + <element name="allow_postfix_local_write_mail_spool"> + <data type="boolean"/> + </element> + <element name="allow_ptrace"> + <data type="boolean"/> + </element> + <element name="allow_qemu_full_network"> + <data type="boolean"/> + </element> + <element name="allow_read_x_device"> + <data type="boolean"/> + </element> + <element name="allow_rsync_anon_write"> + <data type="boolean"/> + </element> + <element name="allow_saslauthd_read_shadow"> + <data type="boolean"/> + </element> + <element name="allow_smbd_anon_write"> + <data type="boolean"/> + </element> + <element name="allow_ssh_keysign"> + <data type="boolean"/> + </element> + <element name="allow_staff_exec_content"> + <data type="boolean"/> + </element> + <element name="allow_sysadm_exec_content"> + <data type="boolean"/> + </element> + <element name="allow_unconfined_exec_content"> + <data type="boolean"/> + </element> + <element name="allow_unconfined_mmap_low"> + <data type="boolean"/> + </element> + <element name="allow_unconfined_nsplugin_transition"> + <data type="boolean"/> + </element> + <element name="allow_unconfined_qemu_transition"> + <data type="boolean"/> + </element> + <element name="allow_user_exec_content"> + <data type="boolean"/> + </element> + <element name="allow_user_postgresql_connect"> + <data type="boolean"/> + </element> + <element name="allow_write_xshm"> + <data type="boolean"/> + </element> + <element name="allow_xguest_exec_content"> + <data type="boolean"/> + </element> + <element name="allow_xserver_execmem"> + <data type="boolean"/> + </element> + <element name="allow_ypbind"> + <data type="boolean"/> + </element> + <element name="allow_zebra_write_config"> + <data type="boolean"/> + </element> + <element name="browser_confine_xguest"> + <data type="boolean"/> + </element> + <element name="browser_write_xguest_data"> + <data type="boolean"/> + </element> + <element name="cdrecord_read_content"> + <data type="boolean"/> + </element> + <element name="exim_can_connect_db"> + <data type="boolean"/> + </element> + <element name="exim_manage_user_files"> + <data type="boolean"/> + </element> + <element name="exim_read_user_files"> + <data type="boolean"/> + </element> + <element name="fcron_crond"> + <data type="boolean"/> + </element> + <element name="ftp_home_dir"> + <data type="boolean"/> + </element> + <element name="global_ssp"> + <data type="boolean"/> + </element> + <element name="httpd_builtin_scripting"> + <data type="boolean"/> + </element> + <element name="httpd_can_network_connect"> + <data type="boolean"/> + </element> + <element name="httpd_can_network_connect_db"> + <data type="boolean"/> + </element> + <element name="httpd_can_network_relay"> + <data type="boolean"/> + </element> + <element name="httpd_can_sendmail"> + <data type="boolean"/> + </element> + <element name="httpd_enable_cgi"> + <data type="boolean"/> + </element> + <element name="httpd_enable_ftp_server"> + <data type="boolean"/> + </element> + <element name="httpd_enable_homedirs"> + <data type="boolean"/> + </element> + <element name="httpd_execmem"> + <data type="boolean"/> + </element> + <element name="httpd_ssi_exec"> + <data type="boolean"/> + </element> + <element name="httpd_tty_comm"> + <data type="boolean"/> + </element> + <element name="httpd_unified"> + <data type="boolean"/> + </element> + <element name="httpd_use_cifs"> + <data type="boolean"/> + </element> + <element name="httpd_use_nfs"> + <data type="boolean"/> + </element> + <element name="named_write_master_zones"> + <data type="boolean"/> + </element> + <element name="nfs_export_all_ro"> + <data type="boolean"/> + </element> + <element name="nfs_export_all_rw"> + <data type="boolean"/> + </element> + <element name="openvpn_enable_homedirs"> + <data type="boolean"/> + </element> + <element name="pppd_can_insmod"> + <data type="boolean"/> + </element> + <element name="pppd_for_user"> + <data type="boolean"/> + </element> + <element name="qemu_use_cifs"> + <data type="boolean"/> + </element> + <element name="qemu_use_nfs"> + <data type="boolean"/> + </element> + <element name="read_default_t"> + <data type="boolean"/> + </element> + <element name="read_untrusted_content"> + <data type="boolean"/> + </element> + <element name="rsync_export_all_ro"> + <data type="boolean"/> + </element> + <element name="samba_domain_controller"> + <data type="boolean"/> + </element> + <element name="samba_enable_home_dirs"> + <data type="boolean"/> + </element> + <element name="samba_export_all_ro"> + <data type="boolean"/> + </element> + <element name="samba_export_all_rw"> + <data type="boolean"/> + </element> + <element name="samba_run_unconfined"> + <data type="boolean"/> + </element> + <element name="samba_share_fusefs"> + <data type="boolean"/> + </element> + <element name="samba_share_nfs"> + <data type="boolean"/> + </element> + <element name="secure_mode"> + <data type="boolean"/> + </element> + <element name="secure_mode_insmod"> + <data type="boolean"/> + </element> + <element name="secure_mode_policyload"> + <data type="boolean"/> + </element> + <element name="sepgsql_enable_users_ddl"> + <data type="boolean"/> + </element> + <element name="spamassassin_can_network"> + <data type="boolean"/> + </element> + <element name="spamd_enable_home_dirs"> + <data type="boolean"/> + </element> + <element name="squid_connect_any"> + <data type="boolean"/> + </element> + <element name="ssh_sysadm_login"> + <data type="boolean"/> + </element> + <element name="tftp_anon_write"> + <data type="boolean"/> + </element> + <element name="use_lpd_server"> + <data type="boolean"/> + </element> + <element name="use_nfs_home_dirs"> + <data type="boolean"/> + </element> + <element name="use_samba_home_dirs"> + <data type="boolean"/> + </element> + <element name="user_direct_mouse"> + <data type="boolean"/> + </element> + <element name="user_ping"> + <data type="boolean"/> + </element> + <element name="user_rw_noexattrfile"> + <data type="boolean"/> + </element> + <element name="user_tcp_server"> + <data type="boolean"/> + </element> + <element name="user_ttyfile_stat"> + <data type="boolean"/> + </element> + <element name="virt_use_nfs"> + <data type="boolean"/> + </element> + <element name="virt_use_samba"> + <data type="boolean"/> + </element> + <element name="webadm_manage_user_files"> + <data type="boolean"/> + </element> + <element name="webadm_read_user_files"> + <data type="boolean"/> + </element> + <element name="write_untrusted_content"> + <data type="boolean"/> + </element> + <element name="xdm_sysadm_login"> + <data type="boolean"/> + </element> + <element name="xen_use_nfs"> + <data type="boolean"/> + </element> + <element name="xguest_connect_network"> + <data type="boolean"/> + </element> + <element name="xguest_mount_media"> + <data type="boolean"/> + </element> + <element name="xguest_use_bluetooth"> + <data type="boolean"/> + </element> + <element name="xserver_object_manager"> + <data type="boolean"/> + </element> + </choice> + </oneOrMore> + </element> <!-- ipaconfig --> + </element> <!-- ipa --> + </start> +</grammar> diff --git a/selinux_booleans/selinux_booleans_example_policy.xml b/selinux_booleans/selinux_booleans_example_policy.xml new file mode 100644 index 0000000..a666789 --- /dev/null +++ b/selinux_booleans/selinux_booleans_example_policy.xml @@ -0,0 +1,17 @@ +<?xml version="1.0" encoding="UTF-8"?> +<ipa xmlns="http://freeipa.org/xml/rng/selinux_booleans/1.0"> + <metadata> + <name>simple selinux_booleans example</name> + <author>sbose@redhat.com</author> + <version>0.7071</version> + <RNGfile>selinux_booleans.rng</RNGfile> + <XSLTfile>selinux_booleans.xslt</XSLTfile> + <app>selinux_booleans</app> + </metadata> + + <ipaconfig> + <webadm_manage_user_files>true</webadm_manage_user_files> + <ssh_sysadm_login>false</ssh_sysadm_login> + </ipaconfig> + +</ipa> |