Policy for kernel threads, proc filesystem, and unlabeled processes and objects.
| Module: | Description: |
| corecommands | Core policy for shells, and generic programs in /bin, /sbin, /usr/bin, and /usr/sbin. |
| corenetwork | Policy controlling access to network objects |
| devices | Device nodes and interfaces for many basic system devices. |
| domain | Core policy for domains. |
| files | Basic filesystem types and interfaces. |
| filesystem | Policy for filesystems. |
| kernel | Policy for kernel threads, proc filesystem, and unlabeled processes and objects. |
| mcs | Multicategory security policy |
| mls | Multilevel security policy |
| selinux | Policy for kernel security interface, in particular, selinuxfs. |
| storage | Policy controlling access to storage devices |
| terminal | Policy for terminals. |
| ubac | User-based access control policy |
| unlabelednet | Policy for allowing confined domains to use unlabeled_t packets |
Policy modules for user roles.
| Module: | Description: |
| auditadm | Audit administrator role |
| dbadm | Database administrator role |
| guest | Least privledge terminal user |
| logadm | Log administrator role |
| secadm | Security administrator role |
| staff | Administrator's unprivileged user |
| sysadm | General system administration role |
| sysadm_secadm | No Interfaces |
| unconfineduser | Unconfiend user role |
| unprivuser | Generic unprivileged user |
| webadm | Web administrator role |
| xguest | Least priviledged X user |
Policy modules for administrative functions, such as package management.
| Module: | Description: |
| accountsd | policy for accountsd |
| acct | Berkeley process accounting |
| alsa | Ainit ALSA configuration tool |
| amanda | Automated backup program. |
| amtu | Abstract Machine Test Utility |
| anaconda | Policy for the Anaconda installer. |
| apt | APT advanced package tool. |
| backup | System backup scripts |
| bootloader | Policy for the kernel modules, kernel image, and bootloader. |
| brctl | Utilities for configuring the linux ethernet bridge |
| certwatch | Digital Certificate Tracking |
| consoletype | Determine of the console connected to the controlling terminal. |
| ddcprobe | ddcprobe retrieves monitor and graphics card information |
| dmesg | Policy for dmesg. |
| dmidecode | Decode DMI data for x86/ia64 bioses. |
| dpkg | Policy for the Debian package manager. |
| firstboot | Final system configuration run during the first boot after installation of Red Hat/Fedora systems. |
| kismet | Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. |
| kudzu | Hardware detection and configuration tools |
| logrotate | Rotate and archive system logs |
| logwatch | System log analyzer and reporter |
| mcelog | policy for mcelog |
| mrtg | Network traffic graphing |
| ncftool | policy for ncftool |
| netutils | Network analysis utilities |
| permissivedomains | No Interfaces |
| portage | Portage Package Management System. The primary package management and distribution system for Gentoo. |
| prelink | Prelink ELF shared library mappings. |
| quota | File system quota management |
| readahead | Readahead, read files into page cache for improved performance |
| rpm | Policy for the RPM package manager. |
| sectoolm | Sectool security audit tool |
| shorewall | Shoreline Firewall high-level tool for configuring netfilter |
| shutdown | policy for shutdown |
| smoltclient | The Fedora hardware profiler client |
| su | Run shells with substitute user and group |
| sudo | Execute a command with a substitute user |
| sxid | SUID/SGID program monitoring |
| tmpreaper | Manage temporary directory sizes and file ages |
| tripwire | Tripwire file integrity checker. |
| tzdata | Time zone updater |
| updfstab | Red Hat utility to change /etc/fstab. |
| usbmodules | List kernel modules of USB devices |
| usermanage | Policy for managing user accounts. |
| vbetool | run real-mode video BIOS code to alter hardware state |
| vpn | Virtual Private Networking client |
Policy modules for applications
| Module: | Description: |
| ada | GNAT Ada95 compiler |
| authbind | Tool for non-root processes to bind to reserved ports |
| awstats | AWStats is a free powerful and featureful tool that generates advanced web, streaming, ftp or mail server statistics, graphically. |
| calamaris | Squid log analysis |
| cdrecord | Policy for cdrecord |
| chrome | policy for chrome |
| cpufreqselector | Command-line CPU frequency settings. |
| ethereal | Ethereal packet capture tool. |
| evolution | Evolution email client |
| execmem | execmem domain |
| firewallgui | policy for firewallgui |
| games | Games |
| gift | giFT peer to peer file sharing tool |
| gitosis | Tools for managing and hosting git repositories. |
| gnome | GNU network object model environment (GNOME) |
| gpg | Policy for GNU Privacy Guard and related programs. |
| irc | IRC client policy |
| java | Java virtual machine |
| kdumpgui | system-config-kdump policy |
| livecd | policy for livecd |
| loadkeys | Load keyboard mappings. |
| lockdev | device locking policy for lockdev |
| mediawiki | Mediawiki policy |
| mono | Run .NET server and client applications on Linux. |
| mozilla | Policy for Mozilla and related web browsers |
| mplayer | Mplayer media player and encoder |
| namespace | policy for namespace |
| nsplugin | policy for nsplugin |
| openoffice | Openoffice |
| podsleuth | Podsleuth is a tool to get information about an Apple (TM) iPod (TM) |
| ptchown | helper function for grantpt(3), changes ownship and permissions of pseudotty |
| pulseaudio | Pulseaudio network sound server. |
| qemu | QEMU machine emulator and virtualizer |
| rssh | Restricted (scp/sftp) only shell |
| sambagui | system-config-samba policy |
| sandbox | policy for sandbox |
| screen | GNU terminal multiplexer |
| seunshare | Filesystem namespacing/polyinstantiation application. |
| slocate | Update database for mlocate |
| telepathy | Telepathy framework. |
| thunderbird | Thunderbird email client |
| tvtime | tvtime - a high quality television application |
| uml | Policy for UML |
| userhelper | SELinux utility to run a shell with a new role |
| usernetctl | User network interface configuration helper |
| vmware | VMWare Workstation virtual machines |
| webalizer | Web server log analysis |
| wine | Wine Is Not an Emulator. Run Windows programs in Linux. |
| wireshark | Wireshark packet capture tool. |
| wm | X Window Managers |
| xscreensaver | X Screensaver |
| yam | Yum/Apt Mirroring |
Policy modules for system functions from init to multi-user login.
| Module: | Description: |
| application | Policy for user executable applications. |
| authlogin | Common policy for authentication and user login. |
| clock | Policy for reading and setting the hardware clock. |
| daemontools | Collection of tools for managing UNIX services |
| fstools | Tools for filesystem management, such as mkfs and fsck. |
| getty | Policy for getty. |
| hostname | Policy for changing the system host name. |
| hotplug | Policy for hotplug system, for supporting the connection and disconnection of devices at runtime. |
| init | System initialization programs (init and init scripts). |
| ipsec | TCP/IP encryption |
| iptables | Policy for iptables. |
| iscsi | Establish connections to iSCSI devices |
| kdump | Kernel crash dumping mechanism |
| libraries | Policy for system libraries. |
| locallogin | Policy for local logins. |
| logging | Policy for the kernel message logger and system logging daemon. |
| lvm | Policy for logical volume management programs. |
| miscfiles | Miscelaneous files. |
| modutils | Policy for kernel module utilities |
| mount | Policy for mount. |
| netlabel | NetLabel/CIPSO labeled networking management |
| pcmcia | PCMCIA card management services |
| raid | RAID array management tools |
| selinuxutil | Policy for SELinux policy and userland applications. |
| setrans | SELinux MLS/MCS label translation service. |
| sosreport | policy for sosreport |
| sysnetwork | Policy for network configuration: ifconfig and dhcp client. |
| udev | Policy for udev. |
| unconfined | The unconfined domain. |
| userdomain | Policy for user domains |
| xen | Xen hypervisor |
Policy modules for system services, like cron, and network services, like sshd.
| Module: | Description: |
| abrt | ABRT - automated bug-reporting tool |
| afs | Andrew Filesystem server |
| aiccu | Automatic IPv6 Connectivity Client Utility. |
| aide | Aide filesystem integrity checker |
| aisexec | SELinux policy for Aisexec Cluster Engine |
| amavis | Daemon that interfaces mail transfer agents and content checkers, such as virus scanners. |
| antivirus | SELinux policy for antivirus programs - amavis, clamd, freshclam and clamscan |
| apache | Apache web server |
| apcupsd | APC UPS monitoring daemon |
| apm | Advanced power management daemon |
| arpwatch | Ethernet activity monitor. |
| asterisk | Asterisk IP telephony server |
| audioentropy | Generate entropy from audio input |
| automount | Filesystem automounter service. |
| avahi | mDNS/DNS-SD daemon implementing Apple ZeroConf architecture |
| bacula | Cross platform network backup. |
| bcfg2 | bcfg2-server daemon which serves configurations to clients based on the data in its repository |
| bind | Berkeley internet name domain DNS server. |
| bitlbee | Bitlbee service |
| bluetooth | Bluetooth tools and system services. |
| boinc | policy for boinc |
| bugzilla | Bugzilla server |
| cachefilesd | policy for cachefilesd |
| canna | Canna - kana-kanji conversion server |
| ccs | Cluster Configuration System |
| certmaster | Certmaster SSL certificate distribution service |
| certmonger | Certificate status monitor and PKI enrollment client |
| cfengine | policy for cfengine |
| cgdcbxd | policy for cgdcbxd |
| cgroup | libcg is a library that abstracts the control group file system in Linux. |
| chronyd | Chrony NTP background daemon |
| cinder | openstack-cinder |
| cipe | Encrypted tunnel daemon |
| clamav | ClamAV Virus Scanner |
| clockspeed | Clockspeed simple network time protocol client |
| clogd | clogd - clustered mirror log server |
| cloudform | cloudform policy |
| cmirrord | policy for cmirrord |
| cobbler | Cobbler installation server. |
| collectd | Statistics collection daemon for filling RRD files. |
| comsat | Comsat, a biff server. |
| condor | policy for condor |
| conman | Conman is a program for connecting to remote consoles being managed by conmand |
| consolekit | Framework for facilitating multiple user sessions on desktops. |
| corosync | SELinux policy for Corosync Cluster Engine |
| courier | Courier IMAP and POP3 email servers |
| cpucontrol | Services for loading CPU microcode and CPU frequency scaling. |
| cron | Periodic execution of scheduled commands. |
| ctdbd | policy for ctdbd |
| cups | Common UNIX printing system |
| cvs | Concurrent versions system |
| cyphesis | Cyphesis WorldForge game server |
| cyrus | Cyrus is an IMAP service intended to be run on sealed servers |
| dante | Dante msproxy and socks4/5 proxy server |
| dbskk | Dictionary server for the SKK Japanese input method system. |
| dbus | Desktop messaging bus |
| dcc | Distributed checksum clearinghouse spam filtering |
| ddclient | Update dynamic IP address at DynDNS.org. |
| denyhosts | Deny Hosts. |
| devicekit | Devicekit modular hardware abstraction layer |
| dhcp | Dynamic host configuration protocol (DHCP) server |
| dictd | Dictionary daemon |
| dirsrv | policy for dirsrv |
| dirsrv-admin | Administration Server for Directory Server, dirsrv-admin. |
| distcc | Distributed compiler daemon |
| djbdns | small and secure DNS daemon |
| dkim | DomainKeys Identified Mail milter. |
| dnsmasq | dnsmasq DNS forwarder and DHCP server |
| dovecot | Dovecot POP and IMAP mail server |
| drbd | policy for drbd |
| dspam | policy for dspam |
| exim | Exim mail transfer agent |
| fail2ban | Update firewall filtering to ban IP addresses with too many password failures. |
| fcoemon | policy for fcoemon |
| fetchmail | Remote-mail retrieval and forwarding utility |
| finger | Finger user information service. |
| fprintd | DBus fingerprint reader service |
| freeipmi | Remote-Console (out-of-band) and System Management Software (in-band) based on Intelligent Platform Management Interface specification |
| ftp | File transfer protocol service |
| gatekeeper | OpenH.323 Voice-Over-IP Gatekeeper |
| git | GIT revision control system. |
| glance | policy for glance |
| glusterd | policy for glusterd |
| gnomeclock | Gnome clock handler for setting the time. |
| gpm | General Purpose Mouse driver |
| gpsd | gpsd monitor daemon |
| hal | Hardware abstraction layer |
| hddtemp | hddtemp hard disk temperature tool running as a daemon |
| howl | Port of Apple Rendezvous multicast DNS |
| hypervkvp | policy for hypervkvp |
| i18n_input | IIIMF htt server |
| icecast | ShoutCast compatible streaming media server |
| ifplugd | Bring up/down ethernet interfaces based on cable detection. |
| imaze | iMaze game server |
| inetd | Internet services daemon. |
| inn | Internet News NNTP server |
| ipmievd | policy for ipmievd |
| ircd | IRC server |
| irqbalance | IRQ balancing daemon |
| isns | Internet Storage Name Service. |
| jabber | Jabber instant messaging server |
| keepalived | keepalived - load-balancing and high-availability service |
| kerberos | MIT Kerberos admin and KDC |
| kerneloops | Service for reporting kernel oopses to kerneloops.org |
| keystone | policy for keystone |
| ksmtuned | Kernel Samepage Merging (KSM) Tuning Daemon |
| ktalk | KDE Talk daemon |
| l2tpd | Layer 2 Tunneling Protocol daemons. |
| ldap | OpenLDAP directory server |
| likewise | Likewise Active Directory support for UNIX. |
| linuxptp | implementation of the Precision Time Protocol (PTP) according to IEEE standard 1588 for Linux. |
| lircd | Linux infared remote control daemon |
| lldpad | Intel LLDP Agent. |
| lpd | Line printer daemon |
| lsm | libStorageMgmt plug-in daemon |
| mailman | Mailman is for managing electronic mail discussion and e-newsletter lists |
| matahari | policy for matahari |
| memcached | high-performance memory object caching system |
| milter | Milter mail filters |
| mip6d | Mobile IPv6 and NEMO Basic Support implementation |
| mirrormanager | policy for mirrormanager |
| modemmanager | Provides a DBus interface to communicate with mobile broadband (GSM, CDMA, UMTS, ...) cards. |
| monop | Monopoly daemon |
| mpd | policy for daemon for playing music |
| mta | Policy common to all email tranfer agents. |
| munin | Munin network-wide load graphing (formerly LRRD) |
| mysql | Policy for MySQL |
| nagios | Net Saint / NAGIOS - network monitoring server |
| nessus | Nessus network scanning daemon |
| networkmanager | Manager for dynamically switching between networks. |
| nis | Policy for NIS (YP) servers and clients |
| nova | openstack-nova |
| nscd | Name service cache daemon |
| nsd | Authoritative only name server |
| nslcd | nslcd - local LDAP name service daemon. |
| ntop | Network Top |
| ntp | Network time protocol daemon |
| numad | policy for numad |
| nut | nut - Network UPS Tools |
| nx | NX remote desktop |
| oav | Open AntiVirus scannerdaemon and signature update |
| oddjob | Oddjob provides a mechanism by which unprivileged applications can request that specified privileged operations be performed on their behalf. |
| oident | SELinux policy for Oident daemon. |
| openca | OpenCA - Open Certificate Authority |
| openct | Service for handling smart card readers. |
| openhpid | policy for openhpid |
| openshift | policy for openshift |
| openshift-origin | |
| openvpn | full-featured SSL VPN solution |
| openvswitch | Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. |
| openwsman | WS-Management Server |
| oracleasm | policy for oracleasm |
| osad | Client-side service written in Python that responds to pings and runs rhn_check when told to by osa-dispatcher. |
| pacemaker | policy for pacemaker |
| pads | Passive Asset Detection System |
| passenger | Ruby on rails deployment for Apache and Nginx servers. |
| pcp | The pcp command summarizes the status of a Performance Co-Pilot (PCP) installation |
| pcscd | PCSC smart card service |
| pegasus | The Open Group Pegasus CIM/WBEM Server. |
| perdition | Perdition POP and IMAP proxy |
| pingd | Pingd of the Whatsup cluster node up/down detection utility |
| piranha | policy for piranha |
| pkcsslotd | policy for pkcsslotd |
| plymouthd | policy for plymouthd |
| policykit | Policy framework for controlling privileges for system-wide services. |
| portmap | RPC port mapping service. |
| portreserve | Reserve well-known ports in the RPC port range. |
| portslave | Portslave terminal server software |
| postfix | Postfix email server |
| postfixpolicyd | Postfix policy server |
| postgresql | PostgreSQL relational database |
| postgrey | Postfix grey-listing server |
| ppp | Point to Point Protocol daemon creates links in ppp networks |
| prelude | Prelude hybrid intrusion detection system |
| privoxy | Privacy enhancing web proxy. |
| procmail | Procmail mail delivery agent |
| psad | Intrusion Detection and Log Analysis with iptables |
| publicfile | publicfile supplies files to the public through HTTP and FTP |
| puppet | Puppet client daemon |
| pxe | Server for the PXE network boot protocol |
| pyicqt | PyICQt is an ICQ transport for XMPP server. |
| pyzor | Pyzor is a distributed, collaborative spam detection and filtering network. |
| qmail | Qmail Mail Server |
| qpidd | policy for qpidd |
| quantum | Quantum is a virtual network service for Openstack |
| radius | RADIUS authentication and accounting server. |
| radvd | IPv6 router advertisement daemon |
| razor | A distributed, collaborative, spam detection and filtering network. |
| rdisc | Network router discovery daemon |
| redis | Advanced key-value store |
| remotelogin | Policy for rshd, rlogind, and telnetd. |
| resmgr | Resource management daemon |
| rgmanager | SELinux policy for rgmanager |
| rhcs | RHCS - Red Hat Cluster Suite |
| rhev | rhev polic module contains policies for rhev apps |
| rhgb | Red Hat Graphical Boot |
| rhnsd | policy for rhnsd |
| rhsmcertd | Subscription Management Certificate Daemon policy |
| ricci | Ricci cluster management agent |
| rlogin | Remote login daemon |
| roundup | Roundup Issue Tracking System policy |
| rpc | Remote Procedure Call Daemon for managment of network based process communication |
| rpcbind | Universal Addresses to RPC Program Number Mapper |
| rshd | Remote shell service. |
| rsync | Fast incremental file transfer for synchronization |
| rtas | Platform diagnostics report firmware events. |
| rtkit | Realtime scheduling for user processes. |
| rwho | Who is logged in on other machines? |
| samba | SMB and CIFS client/server programs for UNIX and name Service Switch daemon for resolving names from Windows NT servers. |
| sanlock | policy for sanlock |
| sasl | SASL authentication server |
| sblim | Standards Based Linux Instrumentation for Manageability. |
| sendmail | Policy for sendmail. |
| sensord | Sensor information logging daemon |
| setroubleshoot | SELinux troubleshooting service |
| sge | Policy for gridengine MPI jobs |
| slpd | OpenSLP server daemon to dynamically register services. |
| slrnpull | Service for downloading news feeds the slrn newsreader. |
| smartmon | Smart disk monitoring daemon policy |
| smokeping | Smokeping network latency measurement. |
| smstools | Tools to send and receive short messages through GSM modems or mobile phones. |
| snmp | Simple network management protocol services |
| snort | Snort network intrusion detection system |
| soundserver | sound server for network audio server programs, nasd, yiff, etc |
| spamassassin | Filter used for removing unsolicited email. |
| speedtouch | Alcatel speedtouch USB ADSL modem |
| squid | Squid caching http proxy server |
| ssh | Secure shell client and server policy. |
| sssd | System Security Services Daemon |
| stapserver | Instrumentation System Server |
| stunnel | SSL Tunneling Proxy |
| svnserve | policy for svnserve |
| swift | policy for swift |
| sysstat | Policy for sysstat. Reports on various system states |
| tcpd | Policy for TCP daemon. |
| telnet | Telnet daemon |
| tftp | Trivial file transfer protocol daemon |
| tgtd | Linux Target Framework Daemon. |
| timidity | MIDI to WAV converter and player configured as a service |
| tomcat | policy for tomcat |
| tor | TOR, the onion router |
| transproxy | HTTP transperant proxy |
| tuned | Dynamic adaptive system tuning daemon |
| ucspitcp | ucspitcp policy |
| ulogd | Iptables/netfilter userspace logging daemon. |
| uptime | Uptime daemon |
| usbmuxd | USB multiplexing daemon for communicating with Apple iPod Touch and iPhone |
| uucp | Unix to Unix Copy |
| uuidd | policy for uuidd |
| uwimap | University of Washington IMAP toolkit POP3 and IMAP mail server |
| varnishd | Varnishd http accelerator daemon |
| vdagent | policy for vdagent |
| vhostmd | Virtual host metrics daemon |
| virt | Libvirt virtualization API |
| w3c | W3C Markup Validator |
| watchdog | Software watchdog. |
| wdmd | policy for wdmd |
| xfs | X Windows Font Server |
| xprint | X print server |
| xserver | X Windows Server |
| zabbix | Distributed infrastructure monitoring |
| zarafa | Zarafa collaboration platform. |
| zebra | Zebra border gateway protocol network routing service |
| zosremote | policy for z/OS Remote-services Audit dispatcher plugin |