61 lines
1.4 KiB
Plaintext
61 lines
1.4 KiB
Plaintext
|
#
|
||
|
|
# Authors: Stephen Smalley <sds@epoch.ncsc.mil> and Timothy Fraser
|
||
|
|
#
|
||
|
|
|
||
|
|
############################################
|
||
|
|
#
|
||
|
|
# Security types
|
||
|
|
#
|
||
|
|
|
||
|
|
#
|
||
|
|
# security_t is the target type when checking
|
||
|
|
# the permissions in the security class. It is also
|
||
|
|
# applied to selinuxfs inodes.
|
||
|
|
#
|
||
|
|
type security_t, mount_point, fs_type, mlstrustedobject;
|
||
|
|
dontaudit domain security_t:dir search;
|
||
|
|
dontaudit domain security_t:file { getattr read };
|
||
|
|
|
||
|
|
#
|
||
|
|
# policy_config_t is the type of /etc/security/selinux/*
|
||
|
|
# the security server policy configuration.
|
||
|
|
#
|
||
|
|
type policy_config_t, file_type, secadmfile;
|
||
|
|
# Since libselinux attempts to read these by default, most domains
|
||
|
|
# do not need it.
|
||
|
|
dontaudit domain selinux_config_t:dir search;
|
||
|
|
dontaudit domain selinux_config_t:file { getattr read };
|
||
|
|
|
||
|
|
#
|
||
|
|
# policy_src_t is the type of the policy source
|
||
|
|
# files.
|
||
|
|
#
|
||
|
|
type policy_src_t, file_type, secadmfile;
|
||
|
|
|
||
|
|
|
||
|
|
#
|
||
|
|
# default_context_t is the type applied to
|
||
|
|
# /etc/selinux/*/contexts/*
|
||
|
|
#
|
||
|
|
type default_context_t, file_type, login_contexts, secadmfile;
|
||
|
|
|
||
|
|
#
|
||
|
|
# file_context_t is the type applied to
|
||
|
|
# /etc/selinux/*/contexts/files
|
||
|
|
#
|
||
|
|
type file_context_t, file_type, secadmfile;
|
||
|
|
|
||
|
|
#
|
||
|
|
# no_access_t is the type for objects that should
|
||
|
|
# only be accessed administratively.
|
||
|
|
#
|
||
|
|
type no_access_t, file_type, sysadmfile;
|
||
|
|
|
||
|
|
#
|
||
|
|
# selinux_config_t is the type applied to
|
||
|
|
# /etc/selinux/config
|
||
|
|
#
|
||
|
|
type selinux_config_t, file_type, secadmfile;
|
||
|
|
|
||
|
|
|