1 |
commit: ba0a05a1fd1259432f262b54590d1a43ac24e7b5 |
2 |
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
3 |
AuthorDate: Sun Feb 1 19:55:45 2015 +0000 |
4 |
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Feb 8 16:28:54 2015 +0000 |
6 |
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=ba0a05a1 |
7 |
|
8 |
Add interfaces for Gentoo's security model |
9 |
|
10 |
On https://wiki.gentoo.org/wiki/Project:SELinux/Development_policy the |
11 |
basic security model that we want to support is documented. |
12 |
|
13 |
To make support for this security model more applicable, we provide the |
14 |
necessary interfaces for domains to (optionally or not) call. |
15 |
|
16 |
See also http://thread.gmane.org/gmane.linux.gentoo.hardened/6292 |
17 |
|
18 |
--- |
19 |
policy/modules/contrib/gentoo.if | 713 +++++++++++++++++++++++++++++++++++++++ |
20 |
1 file changed, 713 insertions(+) |
21 |
|
22 |
diff --git a/policy/modules/contrib/gentoo.if b/policy/modules/contrib/gentoo.if |
23 |
new file mode 100644 |
24 |
index 0000000..d1ea8b1 |
25 |
--- /dev/null |
26 |
+++ b/policy/modules/contrib/gentoo.if |
27 |
@@ -0,0 +1,713 @@ |
28 |
+## <summary>Gentoo specific interfaces for improving SELinux management</summary> |
29 |
+ |
30 |
+######################################### |
31 |
+## <summary> |
32 |
+## Monitor the system |
33 |
+## </summary> |
34 |
+## <desc> |
35 |
+## <p> |
36 |
+## The system monitor privilege set allows for a system domain to read various |
37 |
+## file types, system state (like sysctl values), process states, etc. It is |
38 |
+## a read-only set of privileges. |
39 |
+## </p> |
40 |
+## </desc> |
41 |
+## <param name="domain"> |
42 |
+## <summary> |
43 |
+## Domain allowed access |
44 |
+## </summary> |
45 |
+## </param> |
46 |
+## <param name="role"> |
47 |
+## <summary> |
48 |
+## Role allowed access |
49 |
+## </summary> |
50 |
+## </param> |
51 |
+# |
52 |
+interface(`gentoo_secmodel_monitor_system',` |
53 |
+ |
54 |
+') |
55 |
+ |
56 |
+######################################### |
57 |
+## <summary> |
58 |
+## Administer services |
59 |
+## </summary> |
60 |
+## <desc> |
61 |
+## <p> |
62 |
+## The service administrator privilege set allows for a system domain to manage |
63 |
+## the state of services as well as perform administrative commands against |
64 |
+## those services (in other words, grant the _admin() interfaces of various |
65 |
+## services). |
66 |
+## </p> |
67 |
+## </desc> |
68 |
+## <param name="domain"> |
69 |
+## <summary> |
70 |
+## Domain allowed access |
71 |
+## </summary> |
72 |
+## </param> |
73 |
+## <param name="role"> |
74 |
+## <summary> |
75 |
+## Role allowed access |
76 |
+## </summary> |
77 |
+## </param> |
78 |
+# |
79 |
+interface(`gentoo_secmodel_manage_services',` |
80 |
+ # These are all admin interfaces where a labeled init script is provided for |
81 |
+ optional_policy(` |
82 |
+ abrt_admin($1, $2) |
83 |
+ ') |
84 |
+ |
85 |
+ optional_policy(` |
86 |
+ acct_admin($1, $2) |
87 |
+ ') |
88 |
+ |
89 |
+ optional_policy(` |
90 |
+ afs_admin($1, $2) |
91 |
+ ') |
92 |
+ |
93 |
+ optional_policy(` |
94 |
+ aiccu_admin($1, $2) |
95 |
+ ') |
96 |
+ |
97 |
+ optional_policy(` |
98 |
+ aisexecd_admin($1, $2) |
99 |
+ ') |
100 |
+ |
101 |
+ optional_policy(` |
102 |
+ amavis_admin($1, $2) |
103 |
+ ') |
104 |
+ |
105 |
+ optional_policy(` |
106 |
+ amtu_admin($1, $2) |
107 |
+ ') |
108 |
+ |
109 |
+ optional_policy(` |
110 |
+ apache_admin($1, $2) |
111 |
+ ') |
112 |
+ |
113 |
+ optional_policy(` |
114 |
+ apcupsd_admin($1, $2) |
115 |
+ ') |
116 |
+ |
117 |
+ optional_policy(` |
118 |
+ apm_admin($1, $2) |
119 |
+ ') |
120 |
+ |
121 |
+ optional_policy(` |
122 |
+ arpwatch_admin($1, $2) |
123 |
+ ') |
124 |
+ |
125 |
+ optional_policy(` |
126 |
+ asterisk_admin($1, $2) |
127 |
+ ') |
128 |
+ |
129 |
+ optional_policy(` |
130 |
+ automount_admin($1, $2) |
131 |
+ ') |
132 |
+ |
133 |
+ optional_policy(` |
134 |
+ avahi_admin($1, $2) |
135 |
+ ') |
136 |
+ |
137 |
+ optional_policy(` |
138 |
+ bacula_admin($1, $2) |
139 |
+ ') |
140 |
+ |
141 |
+ optional_policy(` |
142 |
+ bcfg2_admin($1, $2) |
143 |
+ ') |
144 |
+ |
145 |
+ optional_policy(` |
146 |
+ bind_admin($1, $2) |
147 |
+ ') |
148 |
+ |
149 |
+ optional_policy(` |
150 |
+ bird_admin($1, $2) |
151 |
+ ') |
152 |
+ |
153 |
+ optional_policy(` |
154 |
+ bitcoin_admin($1, $2) |
155 |
+ ') |
156 |
+ |
157 |
+ optional_policy(` |
158 |
+ bitlbee_admin($1, $2) |
159 |
+ ') |
160 |
+ |
161 |
+ optional_policy(` |
162 |
+ bluetooth_admin($1, $2) |
163 |
+ ') |
164 |
+ |
165 |
+ optional_policy(` |
166 |
+ boinc_admin($1, $2) |
167 |
+ ') |
168 |
+ |
169 |
+ optional_policy(` |
170 |
+ cachefilesd_admin($1, $2) |
171 |
+ ') |
172 |
+ |
173 |
+ optional_policy(` |
174 |
+ callweaver_admin($1, $2) |
175 |
+ ') |
176 |
+ |
177 |
+ optional_policy(` |
178 |
+ canna_admin($1, $2) |
179 |
+ ') |
180 |
+ |
181 |
+ optional_policy(` |
182 |
+ ccs_admin($1, $2) |
183 |
+ ') |
184 |
+ |
185 |
+ optional_policy(` |
186 |
+ certmaster_admin($1, $2) |
187 |
+ ') |
188 |
+ |
189 |
+ optional_policy(` |
190 |
+ certmonger_admin($1, $2) |
191 |
+ ') |
192 |
+ |
193 |
+ optional_policy(` |
194 |
+ cfengine_admin($1, $2) |
195 |
+ ') |
196 |
+ |
197 |
+ optional_policy(` |
198 |
+ cgroup_admin($1, $2) |
199 |
+ ') |
200 |
+ |
201 |
+ optional_policy(` |
202 |
+ chronyd_admin($1, $2) |
203 |
+ ') |
204 |
+ |
205 |
+ optional_policy(` |
206 |
+ cipe_admin($1, $2) |
207 |
+ ') |
208 |
+ |
209 |
+ optional_policy(` |
210 |
+ clamav_admin($1, $2) |
211 |
+ ') |
212 |
+ |
213 |
+ optional_policy(` |
214 |
+ cmirrord_admin($1, $2) |
215 |
+ ') |
216 |
+ |
217 |
+ optional_policy(` |
218 |
+ cobbler_admin($1, $2) |
219 |
+ ') |
220 |
+ |
221 |
+ optional_policy(` |
222 |
+ collectd_admin($1, $2) |
223 |
+ ') |
224 |
+ |
225 |
+ optional_policy(` |
226 |
+ condor_admin($1, $2) |
227 |
+ ') |
228 |
+ |
229 |
+ optional_policy(` |
230 |
+ corosync_admin($1, $2) |
231 |
+ ') |
232 |
+ |
233 |
+ optional_policy(` |
234 |
+ couchdb_admin($1, $2) |
235 |
+ ') |
236 |
+ |
237 |
+ optional_policy(` |
238 |
+ # No admin interface |
239 |
+ cron_initrc_domtrans($1) |
240 |
+ ') |
241 |
+ |
242 |
+ optional_policy(` |
243 |
+ ctdb_admin($1, $2) |
244 |
+ ') |
245 |
+ |
246 |
+ optional_policy(` |
247 |
+ cups_admin($1, $2) |
248 |
+ ') |
249 |
+ |
250 |
+ optional_policy(` |
251 |
+ cvs_admin($1, $2) |
252 |
+ ') |
253 |
+ |
254 |
+ optional_policy(` |
255 |
+ cyphesis_admin($1, $2) |
256 |
+ ') |
257 |
+ |
258 |
+ optional_policy(` |
259 |
+ cyrus_admin($1, $2) |
260 |
+ ') |
261 |
+ |
262 |
+ optional_policy(` |
263 |
+ dante_admin($1, $2) |
264 |
+ ') |
265 |
+ |
266 |
+ optional_policy(` |
267 |
+ ddclient_admin($1, $2) |
268 |
+ ') |
269 |
+ |
270 |
+ optional_policy(` |
271 |
+ denyhosts_admin($1, $2) |
272 |
+ ') |
273 |
+ |
274 |
+ optional_policy(` |
275 |
+ dhcpd_admin($1, $2) |
276 |
+ ') |
277 |
+ |
278 |
+ optional_policy(` |
279 |
+ dictd_admin($1, $2) |
280 |
+ ') |
281 |
+ |
282 |
+ optional_policy(` |
283 |
+ dirmngr_admin($1, $2) |
284 |
+ ') |
285 |
+ |
286 |
+ optional_policy(` |
287 |
+ distcc_admin($1, $2) |
288 |
+ ') |
289 |
+ |
290 |
+ optional_policy(` |
291 |
+ dkim_admin($1, $2) |
292 |
+ ') |
293 |
+ |
294 |
+ optional_policy(` |
295 |
+ dnsmasq_admin($1, $2) |
296 |
+ ') |
297 |
+ |
298 |
+ optional_policy(` |
299 |
+ dnssectrigger_admin($1, $2) |
300 |
+ ') |
301 |
+ |
302 |
+ optional_policy(` |
303 |
+ dovecot_admin($1, $2) |
304 |
+ ') |
305 |
+ |
306 |
+ optional_policy(` |
307 |
+ drbd_admin($1, $2) |
308 |
+ ') |
309 |
+ |
310 |
+ optional_policy(` |
311 |
+ dspam_admin($1, $2) |
312 |
+ ') |
313 |
+ |
314 |
+ optional_policy(` |
315 |
+ entropyd_admin($1, $2) |
316 |
+ ') |
317 |
+ |
318 |
+ optional_policy(` |
319 |
+ exim_admin($1, $2) |
320 |
+ ') |
321 |
+ |
322 |
+ optional_policy(` |
323 |
+ fail2ban_admin($1, $2) |
324 |
+ ') |
325 |
+ |
326 |
+ optional_policy(` |
327 |
+ fcoe_admin($1, $2) |
328 |
+ ') |
329 |
+ |
330 |
+ optional_policy(` |
331 |
+ fetchmail_admin($1, $2) |
332 |
+ ') |
333 |
+ |
334 |
+ optional_policy(` |
335 |
+ firewalld_admin($1, $2) |
336 |
+ ') |
337 |
+ |
338 |
+ optional_policy(` |
339 |
+ ftp_admin($1, $2) |
340 |
+ ') |
341 |
+ |
342 |
+ optional_policy(` |
343 |
+ gatekeeper_admin($1, $2) |
344 |
+ ') |
345 |
+ |
346 |
+ optional_policy(` |
347 |
+ gdomap_admin($1, $2) |
348 |
+ ') |
349 |
+ |
350 |
+ optional_policy(` |
351 |
+ glance_admin($1, $2) |
352 |
+ ') |
353 |
+ |
354 |
+ optional_policy(` |
355 |
+ glusterfs_admin($1, $2) |
356 |
+ ') |
357 |
+ |
358 |
+ optional_policy(` |
359 |
+ gpm_admin($1, $2) |
360 |
+ ') |
361 |
+ |
362 |
+ optional_policy(` |
363 |
+ gpsd_admin($1, $2) |
364 |
+ ') |
365 |
+ |
366 |
+ optional_policy(` |
367 |
+ hadoop_admin($1, $2) |
368 |
+ ') |
369 |
+ |
370 |
+ optional_policy(` |
371 |
+ hddtemp_admin($1, $2) |
372 |
+ ') |
373 |
+ |
374 |
+ optional_policy(` |
375 |
+ howl_admin($1, $2) |
376 |
+ ') |
377 |
+ |
378 |
+ optional_policy(` |
379 |
+ hypervkvp_admin($1, $2) |
380 |
+ ') |
381 |
+ |
382 |
+ optional_policy(` |
383 |
+ i18n_input_admin($1, $2) |
384 |
+ ') |
385 |
+ |
386 |
+ optional_policy(` |
387 |
+ icecast_admin($1, $2) |
388 |
+ ') |
389 |
+ |
390 |
+ optional_policy(` |
391 |
+ ifplugd_admin($1, $2) |
392 |
+ ') |
393 |
+ |
394 |
+ optional_policy(` |
395 |
+ inn_admin($1, $2) |
396 |
+ ') |
397 |
+ |
398 |
+ optional_policy(` |
399 |
+ iodine_admin($1, $2) |
400 |
+ ') |
401 |
+ |
402 |
+ optional_policy(` |
403 |
+ ircd_admin($1, $2) |
404 |
+ ') |
405 |
+ |
406 |
+ optional_policy(` |
407 |
+ irqbalance_admin($1, $2) |
408 |
+ ') |
409 |
+ |
410 |
+ optional_policy(` |
411 |
+ iscsi_admin($1, $2) |
412 |
+ ') |
413 |
+ |
414 |
+ optional_policy(` |
415 |
+ isnsd_admin($1, $2) |
416 |
+ ') |
417 |
+ |
418 |
+ optional_policy(` |
419 |
+ jabber_admin($1, $2) |
420 |
+ ') |
421 |
+ |
422 |
+ optional_policy(` |
423 |
+ kdump_admin($1, $2) |
424 |
+ ') |
425 |
+ |
426 |
+ optional_policy(` |
427 |
+ kerberos_admin($1, $2) |
428 |
+ ') |
429 |
+ |
430 |
+ optional_policy(` |
431 |
+ kerneloops_admin($1, $2) |
432 |
+ ') |
433 |
+ |
434 |
+ optional_policy(` |
435 |
+ keystone_admin($1, $2) |
436 |
+ ') |
437 |
+ |
438 |
+ optional_policy(` |
439 |
+ kismet_admin($1, $2) |
440 |
+ ') |
441 |
+ |
442 |
+ optional_policy(` |
443 |
+ ksmtuned_admin($1, $2) |
444 |
+ ') |
445 |
+ |
446 |
+ optional_policy(` |
447 |
+ kudzu_admin($1, $2) |
448 |
+ ') |
449 |
+ |
450 |
+ optional_policy(` |
451 |
+ l2tp_admin($1, $2) |
452 |
+ ') |
453 |
+ |
454 |
+ optional_policy(` |
455 |
+ ldap_admin($1, $2) |
456 |
+ ') |
457 |
+ |
458 |
+ optional_policy(` |
459 |
+ likewise_admin($1, $2) |
460 |
+ ') |
461 |
+ |
462 |
+ optional_policy(` |
463 |
+ lircd_admin($1, $2) |
464 |
+ ') |
465 |
+ |
466 |
+ optional_policy(` |
467 |
+ lldpad_admin($1, $2) |
468 |
+ ') |
469 |
+ |
470 |
+ optional_policy(` |
471 |
+ mscan_admin($1, $2) |
472 |
+ ') |
473 |
+ |
474 |
+ optional_policy(` |
475 |
+ mcelog_admin($1, $2) |
476 |
+ ') |
477 |
+ |
478 |
+ optional_policy(` |
479 |
+ memcached_admin($1, $2) |
480 |
+ ') |
481 |
+ |
482 |
+ optional_policy(` |
483 |
+ minidlna_admin($1, $2) |
484 |
+ ') |
485 |
+ |
486 |
+ optional_policy(` |
487 |
+ minissdpd_admin($1, $2) |
488 |
+ ') |
489 |
+ |
490 |
+ optional_policy(` |
491 |
+ mongodb_admin($1, $2) |
492 |
+ ') |
493 |
+ |
494 |
+ optional_policy(` |
495 |
+ monop_admin($1, $2) |
496 |
+ ') |
497 |
+ |
498 |
+ optional_policy(` |
499 |
+ mpd_admin($1, $2) |
500 |
+ ') |
501 |
+ |
502 |
+ optional_policy(` |
503 |
+ mrtg_admin($1, $2) |
504 |
+ ') |
505 |
+ |
506 |
+ optional_policy(` |
507 |
+ munin_admin($1, $2) |
508 |
+ ') |
509 |
+ |
510 |
+ optional_policy(` |
511 |
+ mysql_admin($1, $2) |
512 |
+ ') |
513 |
+ |
514 |
+ optional_poliocy(` |
515 |
+ nagios_admin($1, $2) |
516 |
+ ') |
517 |
+ |
518 |
+ optional_policy(` |
519 |
+ nessus_admin($1, $2) |
520 |
+ ') |
521 |
+ |
522 |
+ optional_policy(` |
523 |
+ networkmanager_admin($1, $2) |
524 |
+ ') |
525 |
+ |
526 |
+ optional_policy(` |
527 |
+ nis_admin($1, $2) |
528 |
+ ') |
529 |
+ |
530 |
+ optional_policy(` |
531 |
+ nscd_admin($1, $2) |
532 |
+ ') |
533 |
+ |
534 |
+ optional_policy(` |
535 |
+ nsd_admin($1, $2) |
536 |
+ ') |
537 |
+ |
538 |
+ optional_policy(` |
539 |
+ nslcd_admin($1, $2) |
540 |
+ ') |
541 |
+ |
542 |
+ optional_policy(` |
543 |
+ ntop_admin($1, $2) |
544 |
+ ') |
545 |
+ |
546 |
+ optional_policy(` |
547 |
+ ntp_admin($1, $2) |
548 |
+ ') |
549 |
+ |
550 |
+ optional_policy(` |
551 |
+ numad_admin($1, $2) |
552 |
+ ') |
553 |
+ |
554 |
+ optional_policy(` |
555 |
+ nut_admin($1, $2) |
556 |
+ ') |
557 |
+ |
558 |
+ optional_policy(` |
559 |
+ oident_admin($1, $2) |
560 |
+ ') |
561 |
+ |
562 |
+ optional_policy(` |
563 |
+ openct_admin($1, $2) |
564 |
+ ') |
565 |
+ |
566 |
+ optional_policy(` |
567 |
+ openhpi_admin($1, $2) |
568 |
+ ') |
569 |
+ |
570 |
+ optional_policy(` |
571 |
+ openvpn_admin($1, $2) |
572 |
+ ') |
573 |
+ |
574 |
+ optional_policy(` |
575 |
+ openvswitch_admin($1, $2) |
576 |
+ ') |
577 |
+ |
578 |
+ optional_policy(` |
579 |
+ pacemaker_admin($1, $2) |
580 |
+ ') |
581 |
+ |
582 |
+ optional_policy(` |
583 |
+ pcscd_admin($1, $2) |
584 |
+ ') |
585 |
+ |
586 |
+ optional_policy(` |
587 |
+ pegasus_admin($1, $2) |
588 |
+ ') |
589 |
+ |
590 |
+ optional_policy(` |
591 |
+ perdition_admin($1, $2) |
592 |
+ ') |
593 |
+ |
594 |
+ optional_policy(` |
595 |
+ pingd_admin($1, $2) |
596 |
+ ') |
597 |
+ |
598 |
+ optional_policy(` |
599 |
+ pkcs_admin_slotd($1, $2) |
600 |
+ ') |
601 |
+ |
602 |
+ optional_policy(` |
603 |
+ polipo_admin($1, $2) |
604 |
+ ') |
605 |
+ |
606 |
+ optional_policy(` |
607 |
+ portmap_admin($1, $2) |
608 |
+ ') |
609 |
+ |
610 |
+ optional_policy(` |
611 |
+ portreserve_admin($1, $2) |
612 |
+ ') |
613 |
+ |
614 |
+ optional_policy(` |
615 |
+ postfix_admin($1, $2) |
616 |
+ ') |
617 |
+ |
618 |
+ optional_policy(` |
619 |
+ postfixpolicyd_admin($1, $2) |
620 |
+ ') |
621 |
+ |
622 |
+ optional_policy(` |
623 |
+ postgrey_admin($1, $2) |
624 |
+ ') |
625 |
+ |
626 |
+ optional_policy(` |
627 |
+ ppp_admin($1, $2) |
628 |
+ ') |
629 |
+ |
630 |
+ optional_policy(` |
631 |
+ prelude_admin($1, $2) |
632 |
+ ') |
633 |
+ |
634 |
+ optional_policy(` |
635 |
+ privoxy_admin($1, $2) |
636 |
+ ') |
637 |
+ |
638 |
+ optional_policy(` |
639 |
+ psad_admin($1, $2) |
640 |
+ ') |
641 |
+ |
642 |
+ optional_policy(` |
643 |
+ puppet_admin($1, $2) |
644 |
+ ') |
645 |
+ |
646 |
+ optional_policy(` |
647 |
+ pxe_admin($1, $2) |
648 |
+ ') |
649 |
+ |
650 |
+ optional_policy(` |
651 |
+ pyicqt_admin($1, $2) |
652 |
+ ') |
653 |
+ |
654 |
+ optional_policy(` |
655 |
+ pyzor_admin($1, $2) |
656 |
+ ') |
657 |
+') |
658 |
+ |
659 |
+######################################### |
660 |
+## <summary> |
661 |
+## Administer software |
662 |
+## </summary> |
663 |
+## <desc> |
664 |
+## <p> |
665 |
+## The software administrator privilege set allows for a system domain to manage |
666 |
+## various file types (but not, or only in a very controlled manner, security |
667 |
+## sensitive files). |
668 |
+## </p> |
669 |
+## <p> |
670 |
+## The software administrator can transition to package management tools and |
671 |
+## invoke administrative commands needed to finalize software installation. |
672 |
+## </p> |
673 |
+## </desc> |
674 |
+## <param name="domain"> |
675 |
+## <summary> |
676 |
+## Domain allowed access |
677 |
+## </summary> |
678 |
+## </param> |
679 |
+## <param name="role"> |
680 |
+## <summary> |
681 |
+## Role allowed access |
682 |
+## </summary> |
683 |
+## </param> |
684 |
+# |
685 |
+interface(`gentoo_secmodel_manage_software',` |
686 |
+ optional_policy(` |
687 |
+ bootloader_run($1, $2) |
688 |
+ ') |
689 |
+') |
690 |
+ |
691 |
+######################################### |
692 |
+## <summary> |
693 |
+## Administer system state |
694 |
+## </summary> |
695 |
+## <desc> |
696 |
+## <p> |
697 |
+## The system state administrator privilege set allows for system state |
698 |
+## handling, including sysctl values, network configuration settings, etc. |
699 |
+## </p> |
700 |
+## </desc> |
701 |
+## <param name="domain"> |
702 |
+## <summary> |
703 |
+## Domain allowed access |
704 |
+## </summary> |
705 |
+## </param> |
706 |
+## <param name="role"> |
707 |
+## <summary> |
708 |
+## Role allowed access |
709 |
+## </summary> |
710 |
+## </param> |
711 |
+# |
712 |
+interface(`gentoo_secmodel_manage_system_state',` |
713 |
+ |
714 |
+') |
715 |
+ |
716 |
+######################################### |
717 |
+## <summary> |
718 |
+## Administer system security |
719 |
+## </summary> |
720 |
+## <desc> |
721 |
+## <p> |
722 |
+## The security administrator privilege set allows for security-sensitive types |
723 |
+## to be managed, including SELinux policy. |
724 |
+## </p> |
725 |
+## </desc> |
726 |
+## <param name="domain"> |
727 |
+## <summary> |
728 |
+## Domain allowed access |
729 |
+## </summary> |
730 |
+## </param> |
731 |
+## <param name="role"> |
732 |
+## <summary> |
733 |
+## Role allowed access |
734 |
+## </summary> |
735 |
+## </param> |
736 |
+# |
737 |
+interface(`gentoo_secmodel_manage_system_security',` |
738 |
+ |
739 |
+') |
740 |
+ |