diff options
33 files changed, 54 insertions, 54 deletions
diff --git a/policy/modules/admin/dphysswapfile.if b/policy/modules/admin/dphysswapfile.if index c39464e4..e445069d 100644 --- a/policy/modules/admin/dphysswapfile.if +++ b/policy/modules/admin/dphysswapfile.if @@ -2,7 +2,7 @@ ######################################## ## <summary> -## Dontaudit acces to the swap file. +## Dontaudit access to the swap file. ## </summary> ## <param name="domain"> ## <summary> diff --git a/policy/modules/admin/firstboot.if b/policy/modules/admin/firstboot.if index 280f875f..e575eafa 100644 --- a/policy/modules/admin/firstboot.if +++ b/policy/modules/admin/firstboot.if @@ -120,7 +120,7 @@ interface(`firstboot_rw_pipes',` ######################################## ## <summary> -## Do not audit attemps to read and +## Do not audit attempts to read and ## write firstboot unnamed pipes. ## </summary> ## <param name="domain"> @@ -139,7 +139,7 @@ interface(`firstboot_dontaudit_rw_pipes',` ######################################## ## <summary> -## Do not audit attemps to read and +## Do not audit attempts to read and ## write firstboot unix domain ## stream sockets. ## </summary> diff --git a/policy/modules/apps/cryfs.te b/policy/modules/apps/cryfs.te index 3c02318c..72d3393d 100644 --- a/policy/modules/apps/cryfs.te +++ b/policy/modules/apps/cryfs.te @@ -21,7 +21,7 @@ allow cryfs_t self:capability { dac_read_search sys_admin }; allow cryfs_t self:process { getsched signal }; allow cryfs_t self:fifo_file rw_fifo_file_perms; -# CryFS 0.9.10 can check for updates everytime it runs, if it is not compiled with CRYFS_NO_UPDATE_CHECKS (option -DCRYFS_UPDATE_CHECKS=off). +# CryFS 0.9.10 can check for updates every time it runs, if it is not compiled with CRYFS_NO_UPDATE_CHECKS (option -DCRYFS_UPDATE_CHECKS=off). # When update checks are disabled (for example with Debian package), libcurl is nonetheless initialized. # curl_global_init() calls Curl_ipv6works(), which uses socket(PF_INET6, SOCK_DGRAM, 0) to check for IPv6 support. # Hide this useless access. diff --git a/policy/modules/kernel/corecommands.if b/policy/modules/kernel/corecommands.if index cea4e7b7..b6d97230 100644 --- a/policy/modules/kernel/corecommands.if +++ b/policy/modules/kernel/corecommands.if @@ -11,7 +11,7 @@ ######################################## ## <summary> ## Make the specified type usable for files -## that are exectuables, such as binary programs. +## that are executables, such as binary programs. ## This does not include shared libraries. ## </summary> ## <param name="type"> @@ -32,7 +32,7 @@ interface(`corecmd_executable_file',` ######################################## ## <summary> -## Make general progams in bin an entrypoint for +## Make general programs in bin an entrypoint for ## the specified domain. ## </summary> ## <param name="domain"> @@ -303,7 +303,7 @@ interface(`corecmd_read_bin_sockets',` ## </p> ## <p> ## Typically, this interface should be used when the domain -## executes general system progams within the privileges +## executes general system programs within the privileges ## of the source domain. Some examples of these programs ## are ls, cp, sed, python, and tar. This does not include ## shells, such as bash. diff --git a/policy/modules/kernel/corenetwork.if.in b/policy/modules/kernel/corenetwork.if.in index d8ad6aed..7b77d8d8 100644 --- a/policy/modules/kernel/corenetwork.if.in +++ b/policy/modules/kernel/corenetwork.if.in @@ -2757,7 +2757,7 @@ interface(`corenet_dontaudit_raw_recvfrom_unlabeled',` ## Allow the specified domain to receive packets from an ## unlabeled connection. On machines that do not utilize ## labeled networking, this will be required on all -## networking domains. On machines tha do utilize +## networking domains. On machines that do utilize ## labeled networking, this will be required for any ## networking domain that is allowed to receive ## network traffic that does not have a label. diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc index 0242cb5e..a167126d 100644 --- a/policy/modules/kernel/devices.fc +++ b/policy/modules/kernel/devices.fc @@ -211,7 +211,7 @@ ifdef(`distro_debian',` /etc/udev/devices -d gen_context(system_u:object_r:device_t,s0) -# used by init scripts to initally populate udev /dev +# used by init scripts to initially populate udev /dev /usr/lib/udev/devices(/.*)? gen_context(system_u:object_r:device_t,s0) /usr/lib/udev/devices/lp.* -c gen_context(system_u:object_r:printer_device_t,s0) /usr/lib/udev/devices/null -c gen_context(system_u:object_r:null_device_t,s0) diff --git a/policy/modules/kernel/domain.if b/policy/modules/kernel/domain.if index 4d805da8..9e691a6d 100644 --- a/policy/modules/kernel/domain.if +++ b/policy/modules/kernel/domain.if @@ -185,7 +185,7 @@ interface(`domain_dyntrans_type',` ######################################## ## <summary> -## Makes caller and execption to the constraint +## Makes caller and exception to the constraint ## preventing changing to the system user ## identity and system role. ## </summary> @@ -1040,7 +1040,7 @@ interface(`domain_dontaudit_rw_all_udp_sockets',` ######################################## ## <summary> -## Do not audit attempts to get attribues of +## Do not audit attempts to get attributes of ## all domains IPSEC key management sockets. ## </summary> ## <param name="domain"> @@ -1059,7 +1059,7 @@ interface(`domain_dontaudit_getattr_all_key_sockets',` ######################################## ## <summary> -## Do not audit attempts to get attribues of +## Do not audit attempts to get attributes of ## all domains packet sockets. ## </summary> ## <param name="domain"> @@ -1078,7 +1078,7 @@ interface(`domain_dontaudit_getattr_all_packet_sockets',` ######################################## ## <summary> -## Do not audit attempts to get attribues of +## Do not audit attempts to get attributes of ## all domains raw sockets. ## </summary> ## <param name="domain"> diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if index bace73fc..6105cdb2 100644 --- a/policy/modules/kernel/files.if +++ b/policy/modules/kernel/files.if @@ -5910,7 +5910,7 @@ interface(`files_read_var_lib_symlinks',` ') # cjp: the next two interfaces really need to be fixed -# in some way. They really neeed their own types. +# in some way. They really need their own types. ######################################## ## <summary> @@ -7032,7 +7032,7 @@ interface(`files_manage_all_runtime_dirs',` ## </summary> ## <param name="domain"> ## <summary> -## Domain alloed access. +## Domain allowed access. ## </summary> ## </param> # @@ -7153,7 +7153,7 @@ interface(`files_delete_all_runtime_files',` ## </summary> ## <param name="domain"> ## <summary> -## Domain alloed access. +## Domain allowed access. ## </summary> ## </param> # @@ -7209,7 +7209,7 @@ interface(`files_delete_all_runtime_symlinks',` ## </summary> ## <param name="domain"> ## <summary> -## Domain alloed access. +## Domain allowed access. ## </summary> ## </param> # @@ -7227,7 +7227,7 @@ interface(`files_manage_all_runtime_symlinks',` ## </summary> ## <param name="domain"> ## <summary> -## Domain alloed access. +## Domain allowed access. ## </summary> ## </param> # @@ -7319,7 +7319,7 @@ interface(`files_delete_all_runtime_sockets',` ## </summary> ## <param name="domain"> ## <summary> -## Domain alloed access. +## Domain allowed access. ## </summary> ## </param> # @@ -7474,7 +7474,7 @@ interface(`files_delete_all_pid_dirs',` ## </summary> ## <param name="domain"> ## <summary> -## Domain alloed access. +## Domain allowed access. ## </summary> ## </param> # @@ -7491,7 +7491,7 @@ interface(`files_manage_all_pids',` ## </summary> ## <param name="domain"> ## <summary> -## Domain alloed access. +## Domain allowed access. ## </summary> ## </param> # @@ -7506,7 +7506,7 @@ interface(`files_relabel_all_pid_dirs',` ## </summary> ## <param name="domain"> ## <summary> -## Domain alloed access. +## Domain allowed access. ## </summary> ## </param> # @@ -7521,7 +7521,7 @@ interface(`files_relabel_all_pid_sock_files',` ## </summary> ## <param name="domain"> ## <summary> -## Domain alloed access. +## Domain allowed access. ## </summary> ## </param> # diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te index 1bb1ad49..069d5e19 100644 --- a/policy/modules/kernel/files.te +++ b/policy/modules/kernel/files.te @@ -168,7 +168,7 @@ type var_lib_t; files_mountpoint(var_lib_t) # -# var_lock_t is tye type of /var/lock +# var_lock_t is the type of /var/lock # type var_lock_t; files_lock_file(var_lock_t) diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if index 7b9973b5..0fb322ff 100644 --- a/policy/modules/kernel/filesystem.if +++ b/policy/modules/kernel/filesystem.if @@ -1529,7 +1529,7 @@ interface(`fs_manage_noxattr_fs_symlinks',` ######################################## ## <summary> -## Relabel all objets from filesystems that +## Relabel all objects from filesystems that ## do not support extended attributes. ## </summary> ## <param name="domain"> diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if index 2e915da3..48c035df 100644 --- a/policy/modules/kernel/kernel.if +++ b/policy/modules/kernel/kernel.if @@ -1251,7 +1251,7 @@ interface(`kernel_rw_software_raid_state',` ######################################## ## <summary> -## Allows caller to get attribues of core kernel interface. +## Allows caller to get attributes of core kernel interface. ## </summary> ## <param name="domain"> ## <summary> @@ -2270,7 +2270,7 @@ interface(`kernel_read_fs_sysctls',` ######################################## ## <summary> -## Read and write fileystem sysctls. +## Read and write filesystem sysctls. ## </summary> ## <param name="domain"> ## <summary> @@ -3258,7 +3258,7 @@ interface(`kernel_relabelfrom_unlabeled_chr_devs',` ## unlabeled IPSEC association. Network ## connections that are not protected ## by IPSEC have use an unlabeled -## assocation. +## association. ## </p> ## <p> ## The corenetwork interface @@ -3291,7 +3291,7 @@ interface(`kernel_sendrecv_unlabeled_association',` ## from an unlabeled IPSEC association. Network ## connections that are not protected ## by IPSEC have use an unlabeled -## assocation. +## association. ## </p> ## <p> ## The corenetwork interface diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te index 1a77ab06..ca180690 100644 --- a/policy/modules/kernel/kernel.te +++ b/policy/modules/kernel/kernel.te @@ -517,7 +517,7 @@ if( ! secure_mode_insmod ) { ######################################## # -# Rules for unconfined acccess to this module +# Rules for unconfined access to this module # allow kern_unconfined proc_type:dir { manage_dir_perms relabelfrom relabelto append map execute quotaon mounton audit_access execmod watch }; diff --git a/policy/modules/kernel/mls.if b/policy/modules/kernel/mls.if index c11c7b95..ad88899a 100644 --- a/policy/modules/kernel/mls.if +++ b/policy/modules/kernel/mls.if @@ -828,7 +828,7 @@ interface(`mls_fd_use_all_levels',` ######################################## ## <summary> ## Make the file descriptors from the -## specifed domain inheritable by +## specified domain inheritable by ## all levels. ## </summary> ## <param name="domain"> diff --git a/policy/modules/kernel/storage.if b/policy/modules/kernel/storage.if index 6dec6b75..2898214e 100644 --- a/policy/modules/kernel/storage.if +++ b/policy/modules/kernel/storage.if @@ -534,7 +534,7 @@ interface(`storage_write_scsi_generic',` ######################################## ## <summary> ## Set attributes of the device nodes -## for the SCSI generic inerface. +## for the SCSI generic interface. ## </summary> ## <param name="domain"> ## <summary> diff --git a/policy/modules/kernel/terminal.if b/policy/modules/kernel/terminal.if index 4bd4884f..43c93e44 100644 --- a/policy/modules/kernel/terminal.if +++ b/policy/modules/kernel/terminal.if @@ -323,7 +323,7 @@ interface(`term_use_console',` ######################################## ## <summary> -## Do not audit attemtps to read from +## Do not audit attempts to read from ## or write to the console. ## </summary> ## <param name="domain"> diff --git a/policy/modules/roles/guest.if b/policy/modules/roles/guest.if index ad1653f9..15ac65a1 100644 --- a/policy/modules/roles/guest.if +++ b/policy/modules/roles/guest.if @@ -1,4 +1,4 @@ -## <summary>Least privledge terminal user role.</summary> +## <summary>Least privilege terminal user role.</summary> ######################################## ## <summary> diff --git a/policy/modules/roles/xguest.if b/policy/modules/roles/xguest.if index 4f1d07d7..4d91fa9d 100644 --- a/policy/modules/roles/xguest.if +++ b/policy/modules/roles/xguest.if @@ -1,4 +1,4 @@ -## <summary>Least privledge xwindows user role.</summary> +## <summary>Least privilege xwindows user role.</summary> ######################################## ## <summary> diff --git a/policy/modules/services/apache.te b/policy/modules/services/apache.te index 78080e76..9199b852 100644 --- a/policy/modules/services/apache.te +++ b/policy/modules/services/apache.te @@ -108,7 +108,7 @@ gen_tunable(httpd_dbus_avahi, false) ## <desc> ## <p> -## Determine wether httpd can use support. +## Determine whether httpd can use support. ## </p> ## </desc> gen_tunable(httpd_enable_cgi, false) diff --git a/policy/modules/services/couchdb.te b/policy/modules/services/couchdb.te index 3277858f..8de70d48 100644 --- a/policy/modules/services/couchdb.te +++ b/policy/modules/services/couchdb.te @@ -104,7 +104,7 @@ miscfiles_read_localization(couchdb_t) # # this is a complete policy. It processes the javascript -# ouside the main process, passing data via FIFO. +# outside the main process, passing data via FIFO. allow couchdb_js_t self:process { execmem getsched setsched }; files_read_usr_files(couchdb_js_t) diff --git a/policy/modules/services/cron.if b/policy/modules/services/cron.if index a774c5b8..4fb832ff 100644 --- a/policy/modules/services/cron.if +++ b/policy/modules/services/cron.if @@ -296,7 +296,7 @@ interface(`cron_admin_role',` ######################################## ## <summary> ## Make the specified program domain -## accessable from the system cron jobs. +## accessible from the system cron jobs. ## </summary> ## <param name="domain"> ## <summary> diff --git a/policy/modules/services/mailman.if b/policy/modules/services/mailman.if index 52e37149..235be33c 100644 --- a/policy/modules/services/mailman.if +++ b/policy/modules/services/mailman.if @@ -113,7 +113,7 @@ interface(`mailman_domtrans_cgi',` ## </summary> ## <param name="domain"> ## <summary> -## Domain allowd access. +## Domain allowed access. ## </summary> ## </param> # diff --git a/policy/modules/services/nis.if b/policy/modules/services/nis.if index e258da0e..4c6724b5 100644 --- a/policy/modules/services/nis.if +++ b/policy/modules/services/nis.if @@ -69,7 +69,7 @@ interface(`nis_use_ypbind_uncond',` ## <p> ## Allow the specified domain to use the ypbind service ## to access Network Information Service (NIS) services. -## Information that can be retreived from NIS includes +## Information that can be retrieved from NIS includes ## usernames, passwords, home directories, and groups. ## If the network is configured to have a single sign-on ## using NIS, it is likely that any program that does diff --git a/policy/modules/services/oddjob.if b/policy/modules/services/oddjob.if index baa890a9..48ed905d 100644 --- a/policy/modules/services/oddjob.if +++ b/policy/modules/services/oddjob.if @@ -22,7 +22,7 @@ interface(`oddjob_domtrans',` ######################################## ## <summary> ## Make the specified program domain -## accessable from the oddjob. +## accessible from the oddjob. ## </summary> ## <param name="domain"> ## <summary> diff --git a/policy/modules/services/rhsmcertd.if b/policy/modules/services/rhsmcertd.if index 9d876e40..dbc8a61c 100644 --- a/policy/modules/services/rhsmcertd.if +++ b/policy/modules/services/rhsmcertd.if @@ -179,7 +179,7 @@ interface(`rhsmcertd_manage_lib_dirs',` ######################################## ## <summary> -## Read rhsmcertd pid files. (Deprectated) +## Read rhsmcertd pid files. (Deprecated) ## </summary> ## <param name="domain"> ## <summary> diff --git a/policy/modules/services/ricci.if b/policy/modules/services/ricci.if index be70502e..3e828adc 100644 --- a/policy/modules/services/ricci.if +++ b/policy/modules/services/ricci.if @@ -61,7 +61,7 @@ interface(`ricci_dontaudit_use_modcluster_fds',` ######################################## ## <summary> ## Do not audit attempts to read write -## ricci modcluster unamed pipes. +## ricci modcluster unnamed pipes. ## </summary> ## <param name="domain"> ## <summary> diff --git a/policy/modules/services/shibboleth.if b/policy/modules/services/shibboleth.if index 93929c34..f9415233 100644 --- a/policy/modules/services/shibboleth.if +++ b/policy/modules/services/shibboleth.if @@ -1,4 +1,4 @@ -## <summary>Shibboleth authentication deamon</summary> +## <summary>Shibboleth authentication daemon</summary> ######################################## ## <summary> diff --git a/policy/modules/system/application.if b/policy/modules/system/application.if index 1b6619e6..29c9b3ed 100644 --- a/policy/modules/system/application.if +++ b/policy/modules/system/application.if @@ -24,7 +24,7 @@ interface(`application_type',` ######################################## ## <summary> ## Make the specified type usable for files -## that are exectuables, such as binary programs. +## that are executables, such as binary programs. ## This does not include shared libraries. ## </summary> ## <param name="type"> diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if index ff80a980..c25fe5ec 100644 --- a/policy/modules/system/authlogin.if +++ b/policy/modules/system/authlogin.if @@ -1105,7 +1105,7 @@ interface(`auth_read_pam_pid',` ####################################### ## <summary> -## Do not audit attemps to read PAM PID files. (Deprecated) +## Do not audit attempts to read PAM PID files. (Deprecated) ## </summary> ## <param name="domain"> ## <summary> @@ -1248,7 +1248,7 @@ interface(`auth_read_pam_runtime_files',` ####################################### ## <summary> -## Do not audit attemps to read PAM runtime files. +## Do not audit attempts to read PAM runtime files. ## </summary> ## <param name="domain"> ## <summary> @@ -1561,7 +1561,7 @@ interface(`auth_run_utempter',` ####################################### ## <summary> -## Do not audit attemps to execute utempter executable. +## Do not audit attempts to execute utempter executable. ## </summary> ## <param name="domain"> ## <summary> diff --git a/policy/modules/system/iptables.te b/policy/modules/system/iptables.te index 9ff383e4..cfe7c25b 100644 --- a/policy/modules/system/iptables.te +++ b/policy/modules/system/iptables.te @@ -146,6 +146,6 @@ optional_policy(` optional_policy(` udev_read_db(iptables_t) - # this is for iptables_t to inherit a file hande from xen vif-bridge + # this is for iptables_t to inherit a file handle from xen vif-bridge udev_manage_runtime_files(iptables_t) ') diff --git a/policy/modules/system/logging.if b/policy/modules/system/logging.if index a2275df9..ff5f9bef 100644 --- a/policy/modules/system/logging.if +++ b/policy/modules/system/logging.if @@ -1016,7 +1016,7 @@ interface(`logging_dontaudit_getattr_all_logs',` ######################################## ## <summary> -## Read the atttributes of any log file +## Read the attributes of any log file ## </summary> ## <param name="domain"> ## <summary> diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if index b8130083..262c26d1 100644 --- a/policy/modules/system/systemd.if +++ b/policy/modules/system/systemd.if @@ -51,7 +51,7 @@ template(`systemd_role_template',` allow $3 systemd_user_runtime_notify_t:sock_file { manage_sock_file_perms relabel_sock_file_perms }; # This domain is per-role because of the below transitions. - # See the sytemd --user section of systemd.te for the + # See the systemd --user section of systemd.te for the # remainder of the rules. allow $1_systemd_t $3:process { setsched rlimitinh }; corecmd_shell_domtrans($1_systemd_t, $3) diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te index 136990d0..2d02477c 100644 --- a/policy/modules/system/systemd.te +++ b/policy/modules/system/systemd.te @@ -480,7 +480,7 @@ optional_policy(` ###################################### # -# systemd log parse enviroment +# systemd log parse environment # # Do not audit setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, ...) failure (e.g. when using create_log_socket() internal function) diff --git a/support/segenxml.py b/support/segenxml.py index 75c766bd..c4fe0448 100644 --- a/support/segenxml.py +++ b/support/segenxml.py @@ -78,7 +78,7 @@ def getModuleXML(file_name): module_te = "%s/%s.te" % (module_dir, module_name) module_if = "%s/%s.if" % (module_dir, module_name) - # Try to open the file, if it cant, just ignore it. + # Try to open the file, if it can't, just ignore it. try: module_file = open(module_if, "r") module_code = module_file.readlines() @@ -201,7 +201,7 @@ def getTunableXML(file_name, kind): Return all the XML for the tunables/bools in the file specified. ''' - # Try to open the file, if it cant, just ignore it. + # Try to open the file, if it can't, just ignore it. try: tunable_file = open(file_name, "r") tunable_code = tunable_file.readlines() |