## <desc>
## <p>
-## Disable transitions to insmod.
+## disallow programs and users from transitioning to insmod domain.
## </p>
## </desc>
gen_bool(secure_mode_insmod,false)
## <desc>
## <p>
-## Control mozilla content access
+## allow confined web browsers to read home directory content
## </p>
## </desc>
gen_tunable(mozilla_read_content, false)
## </param>
## <rolecap/>
#
-interface(`files_relabel_all_tmp_files',`
+interface(`files_relabel_all_tmp_dirs',`
gen_require(`
attribute tmpfile;
type var_t;
########################################
## <summary>
-## Relabel all tmp dirs.
+## Relabel all tmp files.
## </summary>
## <param name="domain">
## <summary>
## </param>
## <rolecap/>
#
-interface(`files_relabelto_all_tmp_dirs',`
+interface(`files_relabel_all_tmp_files',`
gen_require(`
attribute tmpfile;
type var_t;
')
allow $1 var_t:dir search_dir_perms;
- relabelto_dirs_pattern($1, tmpfile, tmpfile)
+ relabel_files_pattern($1, tmpfile, tmpfile)
')
########################################
## <desc>
## <p>
-## allow unconfined user to transition to the nsplugin domains when running nspluginviewer
+## allow unconfined users to transition to the nsplugin domains when running nspluginviewer
## </p>
## </desc>
gen_tunable(allow_unconfined_nsplugin_transition, false)
## <desc>
## <p>
-## Allow unconfined user to transisition to the mozilla plugin domain when running xulrunner plugin-container.
+## Allow unconfined users to transisition to the Mozilla plugin domain when running xulrunner plugin-container.
## </p>
## </desc>
gen_tunable(unconfined_mozilla_plugin_transition, false)
## <desc>
## <p>
-## Allow xguest to configure Network Manager and connect to apache ports
+## Allow xguest users to configure Network Manager and connect to apache ports
## </p>
## </desc>
gen_tunable(xguest_connect_network, true)
## <desc>
## <p>
-## Allow xguest to use blue tooth devices
+## Allow xguest users to use blue tooth devices
## </p>
## </desc>
gen_tunable(xguest_use_bluetooth, true)
## <desc>
## <p>
-## Allow virt to use serial/parallel communication ports
+## Allow confined virtual guests to use serial/parallel communication ports
## </p>
## </desc>
gen_tunable(virt_use_comm, false)
## <desc>
## <p>
-## Allow virt to read fuse files
+## Allow confined virtual guests to read fuse files
## </p>
## </desc>
gen_tunable(virt_use_fusefs, false)
## <desc>
## <p>
-## Allow virt to manage nfs files
+## Allow confined virtual guests to manage nfs files
## </p>
## </desc>
gen_tunable(virt_use_nfs, false)
## <desc>
## <p>
-## Allow virt to manage cifs files
+## Allow confined virtual guests to manage cifs files
## </p>
## </desc>
gen_tunable(virt_use_samba, false)
## <desc>
## <p>
-## Allow virt to manage device configuration, (pci)
+## Allow confined virtual guests to manage device configuration, (pci)
## </p>
## </desc>
gen_tunable(virt_use_sysfs, false)
## <desc>
## <p>
-## Allow virtual machine to interact with the xserver
+## Allow confined virtual guests to interact with the xserver
## </p>
## </desc>
gen_tunable(virt_use_xserver, false)
## <desc>
## <p>
-## Allow virt to use usb devices
+## Allow confined virtual guests to use usb devices
## </p>
## </desc>
gen_tunable(virt_use_usb, true)
## <desc>
## <p>
-## Allows xdm to execute bootloader
+## Allow the graphical login program to execute bootloader
## </p>
## </desc>
gen_tunable(xdm_exec_bootloader, false)
## <desc>
## <p>
-## Allow xdm logins as sysadm
+## Allow graphical login program to login as sysadm_r:sysadm_t
## </p>
## </desc>
gen_tunable(xdm_sysadm_login, false)
files_relabelfrom_tmp_dirs(init_t)
files_relabelfrom_tmp_files(init_t)
files_relabel_all_tmp_dirs(init_t)
- files_relabelto_all_tmp_files(init_t)
+ files_relabel_all_tmp_files(init_t)
auth_manage_faillog(init_t)
auth_relabel_faillog(init_t)
## <desc>
## <p>
-## Allow users to connect to mysql
+## Allow users to connect to mysql server
## </p>
## </desc>
gen_tunable(allow_user_mysql_connect, false)