rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

add context template to support mls

Browse Source
This commit is contained in:
Chris PeBenito 2005-05-18 21:02:15 +00:00
parent 26c87e0c42
commit bee546bfd4
30 changed files with 545 additions and 545 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
refpolicy/policy/modules/admin/consoletype.fc
View File

@ -1,3 +1,3 @@
# Copyright (C) 2005 Tresys Technology, LLC
/sbin/consoletype -- system_u:object_r:consoletype_exec_t
/sbin/consoletype -- context_template(system_u:object_r:consoletype_exec_t,s0)

18
refpolicy/policy/modules/admin/netutils.fc
View File

@ -1,14 +1,14 @@
# Copyright (C) 2005 Tresys Technology, LLC
/bin/ping.* -- system_u:object_r:ping_exec_t
/bin/traceroute.* -- system_u:object_r:traceroute_exec_t
/bin/ping.* -- context_template(system_u:object_r:ping_exec_t,s0)
/bin/traceroute.* -- context_template(system_u:object_r:traceroute_exec_t,s0)
/sbin/arping -- system_u:object_r:netutils_exec_t
/sbin/arping -- context_template(system_u:object_r:netutils_exec_t,s0)
/usr/bin/lft -- system_u:object_r:traceroute_exec_t
/usr/bin/nmap -- system_u:object_r:traceroute_exec_t
/usr/bin/traceroute.* -- system_u:object_r:traceroute_exec_t
/usr/bin/lft -- context_template(system_u:object_r:traceroute_exec_t,s0)
/usr/bin/nmap -- context_template(system_u:object_r:traceroute_exec_t,s0)
/usr/bin/traceroute.* -- context_template(system_u:object_r:traceroute_exec_t,s0)
/usr/sbin/traceroute.* -- system_u:object_r:traceroute_exec_t
/usr/sbin/hping2 -- system_u:object_r:ping_exec_t
/usr/sbin/tcpdump -- system_u:object_r:netutils_exec_t
/usr/sbin/traceroute.* -- context_template(system_u:object_r:traceroute_exec_t,s0)
/usr/sbin/hping2 -- context_template(system_u:object_r:ping_exec_t,s0)
/usr/sbin/tcpdump -- context_template(system_u:object_r:netutils_exec_t,s0)

46
refpolicy/policy/modules/admin/usermanage.fc
View File

@ -1,28 +1,28 @@
# Copyright (C) 2005 Tresys Technology, LLC
/usr/bin/chage -- system_u:object_r:passwd_exec_t
/usr/bin/chfn -- system_u:object_r:chfn_exec_t
/usr/bin/chsh -- system_u:object_r:chfn_exec_t
/usr/bin/gpasswd -- system_u:object_r:groupadd_exec_t
/usr/bin/passwd -- system_u:object_r:passwd_exec_t
/usr/bin/vigr -- system_u:object_r:admin_passwd_exec_t
/usr/bin/vipw -- system_u:object_r:admin_passwd_exec_t
/usr/bin/chage -- context_template(system_u:object_r:passwd_exec_t,s0)
/usr/bin/chfn -- context_template(system_u:object_r:chfn_exec_t,s0)
/usr/bin/chsh -- context_template(system_u:object_r:chfn_exec_t,s0)
/usr/bin/gpasswd -- context_template(system_u:object_r:groupadd_exec_t,s0)
/usr/bin/passwd -- context_template(system_u:object_r:passwd_exec_t,s0)
/usr/bin/vigr -- context_template(system_u:object_r:admin_passwd_exec_t,s0)
/usr/bin/vipw -- context_template(system_u:object_r:admin_passwd_exec_t,s0)
/usr/lib(64)?/cracklib_dict.* -- system_u:object_r:crack_db_t
/usr/lib(64)?/cracklib_dict.* -- context_template(system_u:object_r:crack_db_t,s0)
/usr/sbin/crack_[a-z]* -- system_u:object_r:crack_exec_t
/usr/sbin/gpasswd -- system_u:object_r:groupadd_exec_t
/usr/sbin/groupadd -- system_u:object_r:groupadd_exec_t
/usr/sbin/groupdel -- system_u:object_r:groupadd_exec_t
/usr/sbin/groupmod -- system_u:object_r:groupadd_exec_t
/usr/sbin/grpconv -- system_u:object_r:admin_passwd_exec_t
/usr/sbin/grpunconv -- system_u:object_r:admin_passwd_exec_t
/usr/sbin/pwconv -- system_u:object_r:admin_passwd_exec_t
/usr/sbin/pwunconv -- system_u:object_r:admin_passwd_exec_t
/usr/sbin/useradd -- system_u:object_r:useradd_exec_t
/usr/sbin/userdel -- system_u:object_r:useradd_exec_t
/usr/sbin/usermod -- system_u:object_r:useradd_exec_t
/usr/sbin/vigr -- system_u:object_r:admin_passwd_exec_t
/usr/sbin/vipw -- system_u:object_r:admin_passwd_exec_t
/usr/sbin/crack_[a-z]* -- context_template(system_u:object_r:crack_exec_t,s0)
/usr/sbin/gpasswd -- context_template(system_u:object_r:groupadd_exec_t,s0)
/usr/sbin/groupadd -- context_template(system_u:object_r:groupadd_exec_t,s0)
/usr/sbin/groupdel -- context_template(system_u:object_r:groupadd_exec_t,s0)
/usr/sbin/groupmod -- context_template(system_u:object_r:groupadd_exec_t,s0)
/usr/sbin/grpconv -- context_template(system_u:object_r:admin_passwd_exec_t,s0)
/usr/sbin/grpunconv -- context_template(system_u:object_r:admin_passwd_exec_t,s0)
/usr/sbin/pwconv -- context_template(system_u:object_r:admin_passwd_exec_t,s0)
/usr/sbin/pwunconv -- context_template(system_u:object_r:admin_passwd_exec_t,s0)
/usr/sbin/useradd -- context_template(system_u:object_r:useradd_exec_t,s0)
/usr/sbin/userdel -- context_template(system_u:object_r:useradd_exec_t,s0)
/usr/sbin/usermod -- context_template(system_u:object_r:useradd_exec_t,s0)
/usr/sbin/vigr -- context_template(system_u:object_r:admin_passwd_exec_t,s0)
/usr/sbin/vipw -- context_template(system_u:object_r:admin_passwd_exec_t,s0)
/var/cache/cracklib(/.*)? system_u:object_r:crack_db_t
/var/cache/cracklib(/.*)? context_template(system_u:object_r:crack_db_t,s0)

12
refpolicy/policy/modules/apps/gpg.fc
View File

@ -1,10 +1,10 @@
# Copyright (C) 2005 Tresys Technology, LLC
/usr/bin/gpg -- system_u:object_r:gpg_exec_t
/usr/bin/gpg-agent -- system_u:object_r:gpg_agent_exec_t
/usr/bin/kgpg -- system_u:object_r:gpg_exec_t
/usr/bin/pinentry.* -- system_u:object_r:pinentry_exec_t
/usr/bin/gpg -- context_template(system_u:object_r:gpg_exec_t,s0)
/usr/bin/gpg-agent -- context_template(system_u:object_r:gpg_agent_exec_t,s0)
/usr/bin/kgpg -- context_template(system_u:object_r:gpg_exec_t,s0)
/usr/bin/pinentry.* -- context_template(system_u:object_r:pinentry_exec_t,s0)
/usr/lib/gnupg/gpgkeys.* -- system_u:object_r:gpg_helper_exec_t
/usr/lib/gnupg/gpgkeys.* -- context_template(system_u:object_r:gpg_helper_exec_t,s0)
#HOME_DIR/\.gnupg(/.+)? system_u:object_r:ROLE_gpg_secret_t
#HOME_DIR/\.gnupg(/.+)? context_template(system_u:object_r:ROLE_gpg_secret_t,s0)

26
refpolicy/policy/modules/kernel/bootloader.fc
View File

@ -1,21 +1,21 @@
# Copyright (C) 2005 Tresys Technology, LLC
/vmlinuz.* -l system_u:object_r:boot_t
/initrd\.img.* -l system_u:object_r:boot_t
/vmlinuz.* -l context_template(system_u:object_r:boot_t,s0)
/initrd\.img.* -l context_template(system_u:object_r:boot_t,s0)
/boot(/.*)? system_u:object_r:boot_t
/boot/System\.map-.* -- system_u:object_r:system_map_t
/boot(/.*)? context_template(system_u:object_r:boot_t,s0)
/boot/System\.map-.* -- context_template(system_u:object_r:system_map_t,s0)
/etc/lilo\.conf.* -- system_u:object_r:bootloader_etc_t
/etc/yaboot\.conf.* -- system_u:object_r:bootloader_etc_t
/etc/lilo\.conf.* -- context_template(system_u:object_r:bootloader_etc_t,s0)
/etc/yaboot\.conf.* -- context_template(system_u:object_r:bootloader_etc_t,s0)
/etc/mkinitrd/scripts/.* -- system_u:object_r:bootloader_exec_t
/etc/mkinitrd/scripts/.* -- context_template(system_u:object_r:bootloader_exec_t,s0)
/lib(64)?/modules(/.*)? system_u:object_r:modules_object_t
/lib(64)?/modules(/.*)? context_template(system_u:object_r:modules_object_t,s0)
/usr/sbin/mkinitrd -- system_u:object_r:bootloader_exec_t
/usr/sbin/mkinitrd -- context_template(system_u:object_r:bootloader_exec_t,s0)
/sbin/grub.* -- system_u:object_r:bootloader_exec_t
/sbin/lilo.* -- system_u:object_r:bootloader_exec_t
/sbin/mkinitrd -- system_u:object_r:bootloader_exec_t
/sbin/ybin.* -- system_u:object_r:bootloader_exec_t
/sbin/grub.* -- context_template(system_u:object_r:bootloader_exec_t,s0)
/sbin/lilo.* -- context_template(system_u:object_r:bootloader_exec_t,s0)
/sbin/mkinitrd -- context_template(system_u:object_r:bootloader_exec_t,s0)
/sbin/ybin.* -- context_template(system_u:object_r:bootloader_exec_t,s0)

8
refpolicy/policy/modules/kernel/corenetwork.fc
View File

@ -1,7 +1,7 @@
# Copyright (C) 2005 Tresys Technology, LLC
/dev/ippp.* -c system_u:object_r:ppp_device_t
/dev/ppp -c system_u:object_r:ppp_device_t
/dev/pppox.* -c system_u:object_r:ppp_device_t
/dev/ippp.* -c context_template(system_u:object_r:ppp_device_t,s0)
/dev/ppp -c context_template(system_u:object_r:ppp_device_t,s0)
/dev/pppox.* -c context_template(system_u:object_r:ppp_device_t,s0)
/dev/net/.* -c system_u:object_r:tun_tap_device_t
/dev/net/.* -c context_template(system_u:object_r:tun_tap_device_t,s0)

136
refpolicy/policy/modules/kernel/devices.fc
View File

@ -1,80 +1,80 @@
# Copyright (C) 2005 Tresys Technology, LLC
/dev(/.*)? system_u:object_r:device_t
/dev(/.*)? context_template(system_u:object_r:device_t,s0)
/dev/.*mouse.* -c system_u:object_r:mouse_device_t
/dev/adsp -c system_u:object_r:sound_device_t
/dev/agpgart -c system_u:object_r:agp_device_t
/dev/aload.* -c system_u:object_r:sound_device_t
/dev/amidi.* -c system_u:object_r:sound_device_t
/dev/amixer.* -c system_u:object_r:sound_device_t
/dev/apm_bios -c system_u:object_r:apm_bios_t
/dev/atibm -c system_u:object_r:mouse_device_t
/dev/audio.* -c system_u:object_r:sound_device_t
/dev/beep -c system_u:object_r:sound_device_t
/dev/console -c system_u:object_r:console_device_t
/dev/dsp.* -c system_u:object_r:sound_device_t
/dev/fb[0-9]* -c system_u:object_r:framebuf_device_t
/dev/full -c system_u:object_r:null_device_t
/dev/irlpt[0-9]+ -c system_u:object_r:printer_device_t
/dev/js.* -c system_u:object_r:mouse_device_t
/dev/kmem -c system_u:object_r:memory_device_t
/dev/logibm -c system_u:object_r:mouse_device_t
/dev/lp.* -c system_u:object_r:printer_device_t
/dev/mem -c system_u:object_r:memory_device_t
/dev/microcode -c system_u:object_r:cpu_device_t
/dev/midi.* -c system_u:object_r:sound_device_t
/dev/mixer.* -c system_u:object_r:sound_device_t
/dev/mmetfgrab -c system_u:object_r:scanner_device_t
/dev/mpu401.* -c system_u:object_r:sound_device_t
/dev/null -c system_u:object_r:null_device_t
/dev/nvidia.* -c system_u:object_r:xserver_misc_device_t
/dev/nvram -c system_u:object_r:memory_device_t
/dev/par.* -c system_u:object_r:printer_device_t
/dev/patmgr[01] -c system_u:object_r:sound_device_t
/dev/pmu -c system_u:object_r:power_device_t
/dev/port -c system_u:object_r:memory_device_t
/dev/psaux -c system_u:object_r:mouse_device_t
/dev/rmidi.* -c system_u:object_r:sound_device_t
/dev/radeon -c system_u:object_r:dri_device_t
/dev/radio.* -c system_u:object_r:v4l_device_t
/dev/random -c system_u:object_r:random_device_t
/dev/rtc -c system_u:object_r:clock_device_t
/dev/sequencer -c system_u:object_r:sound_device_t
/dev/sequencer2 -c system_u:object_r:sound_device_t
/dev/smpte.* -c system_u:object_r:sound_device_t
/dev/srnd[0-7] -c system_u:object_r:sound_device_t
/dev/sndstat -c system_u:object_r:sound_device_t
/dev/tlk[0-3] -c system_u:object_r:v4l_device_t
/dev/urandom -c system_u:object_r:urandom_device_t
/dev/usblp.* -c system_u:object_r:printer_device_t
/dev/.*mouse.* -c context_template(system_u:object_r:mouse_device_t,s0)
/dev/adsp -c context_template(system_u:object_r:sound_device_t,s0)
/dev/agpgart -c context_template(system_u:object_r:agp_device_t,s0)
/dev/aload.* -c context_template(system_u:object_r:sound_device_t,s0)
/dev/amidi.* -c context_template(system_u:object_r:sound_device_t,s0)
/dev/amixer.* -c context_template(system_u:object_r:sound_device_t,s0)
/dev/apm_bios -c context_template(system_u:object_r:apm_bios_t,s0)
/dev/atibm -c context_template(system_u:object_r:mouse_device_t,s0)
/dev/audio.* -c context_template(system_u:object_r:sound_device_t,s0)
/dev/beep -c context_template(system_u:object_r:sound_device_t,s0)
/dev/console -c context_template(system_u:object_r:console_device_t,s0)
/dev/dsp.* -c context_template(system_u:object_r:sound_device_t,s0)
/dev/fb[0-9]* -c context_template(system_u:object_r:framebuf_device_t,s0)
/dev/full -c context_template(system_u:object_r:null_device_t,s0)
/dev/irlpt[0-9]+ -c context_template(system_u:object_r:printer_device_t,s0)
/dev/js.* -c context_template(system_u:object_r:mouse_device_t,s0)
/dev/kmem -c context_template(system_u:object_r:memory_device_t,s0)
/dev/logibm -c context_template(system_u:object_r:mouse_device_t,s0)
/dev/lp.* -c context_template(system_u:object_r:printer_device_t,s0)
/dev/mem -c context_template(system_u:object_r:memory_device_t,s0)
/dev/microcode -c context_template(system_u:object_r:cpu_device_t,s0)
/dev/midi.* -c context_template(system_u:object_r:sound_device_t,s0)
/dev/mixer.* -c context_template(system_u:object_r:sound_device_t,s0)
/dev/mmetfgrab -c context_template(system_u:object_r:scanner_device_t,s0)
/dev/mpu401.* -c context_template(system_u:object_r:sound_device_t,s0)
/dev/null -c context_template(system_u:object_r:null_device_t,s0)
/dev/nvidia.* -c context_template(system_u:object_r:xserver_misc_device_t,s0)
/dev/nvram -c context_template(system_u:object_r:memory_device_t,s0)
/dev/par.* -c context_template(system_u:object_r:printer_device_t,s0)
/dev/patmgr[01] -c context_template(system_u:object_r:sound_device_t,s0)
/dev/pmu -c context_template(system_u:object_r:power_device_t,s0)
/dev/port -c context_template(system_u:object_r:memory_device_t,s0)
/dev/psaux -c context_template(system_u:object_r:mouse_device_t,s0)
/dev/rmidi.* -c context_template(system_u:object_r:sound_device_t,s0)
/dev/radeon -c context_template(system_u:object_r:dri_device_t,s0)
/dev/radio.* -c context_template(system_u:object_r:v4l_device_t,s0)
/dev/random -c context_template(system_u:object_r:random_device_t,s0)
/dev/rtc -c context_template(system_u:object_r:clock_device_t,s0)
/dev/sequencer -c context_template(system_u:object_r:sound_device_t,s0)
/dev/sequencer2 -c context_template(system_u:object_r:sound_device_t,s0)
/dev/smpte.* -c context_template(system_u:object_r:sound_device_t,s0)
/dev/srnd[0-7] -c context_template(system_u:object_r:sound_device_t,s0)
/dev/sndstat -c context_template(system_u:object_r:sound_device_t,s0)
/dev/tlk[0-3] -c context_template(system_u:object_r:v4l_device_t,s0)
/dev/urandom -c context_template(system_u:object_r:urandom_device_t,s0)
/dev/usblp.* -c context_template(system_u:object_r:printer_device_t,s0)
ifdef(`distro_suse', `
/dev/usbscanner -c system_u:object_r:scanner_device_t
/dev/usbscanner -c context_template(system_u:object_r:scanner_device_t,s0)
')
/dev/vbi.* -c system_u:object_r:v4l_device_t
/dev/video.* -c system_u:object_r:v4l_device_t
/dev/vttuner -c system_u:object_r:v4l_device_t
/dev/vtx.* -c system_u:object_r:v4l_device_t
/dev/winradio. -c system_u:object_r:v4l_device_t
/dev/zero -c system_u:object_r:zero_device_t
/dev/vbi.* -c context_template(system_u:object_r:v4l_device_t,s0)
/dev/video.* -c context_template(system_u:object_r:v4l_device_t,s0)
/dev/vttuner -c context_template(system_u:object_r:v4l_device_t,s0)
/dev/vtx.* -c context_template(system_u:object_r:v4l_device_t,s0)
/dev/winradio. -c context_template(system_u:object_r:v4l_device_t,s0)
/dev/zero -c context_template(system_u:object_r:zero_device_t,s0)
/dev/cpu/.* -c system_u:object_r:cpu_device_t
/dev/cpu/mtrr -c system_u:object_r:mtrr_device_t
/dev/cpu/.* -c context_template(system_u:object_r:cpu_device_t,s0)
/dev/cpu/mtrr -c context_template(system_u:object_r:mtrr_device_t,s0)
/dev/dri/.+ -c system_u:object_r:dri_device_t
/dev/dri/.+ -c context_template(system_u:object_r:dri_device_t,s0)
/dev/input/.*mouse.* -c system_u:object_r:mouse_device_t
/dev/input/event.* -c system_u:object_r:event_device_t
/dev/input/mice -c system_u:object_r:mouse_device_t
/dev/input/js.* -c system_u:object_r:mouse_device_t
/dev/input/.*mouse.* -c context_template(system_u:object_r:mouse_device_t,s0)
/dev/input/event.* -c context_template(system_u:object_r:event_device_t,s0)
/dev/input/mice -c context_template(system_u:object_r:mouse_device_t,s0)
/dev/input/js.* -c context_template(system_u:object_r:mouse_device_t,s0)
/dev/mapper/control -c system_u:object_r:lvm_control_t
/dev/mapper/control -c context_template(system_u:object_r:lvm_control_t,s0)
/dev/pts(/.*)? <<none>>
/dev/pts(/.*)? <<none>>
/dev/snd/.* -c system_u:object_r:sound_device_t
/dev/snd/.* -c context_template(system_u:object_r:sound_device_t,s0)
/dev/usb/dc2xx.* -c system_u:object_r:scanner_device_t
/dev/usb/lp.* -c system_u:object_r:printer_device_t
/dev/usb/mdc800.* -c system_u:object_r:scanner_device_t
/dev/usb/scanner.* -c system_u:object_r:scanner_device_t
/dev/usb/dc2xx.* -c context_template(system_u:object_r:scanner_device_t,s0)
/dev/usb/lp.* -c context_template(system_u:object_r:printer_device_t,s0)
/dev/usb/mdc800.* -c context_template(system_u:object_r:scanner_device_t,s0)
/dev/usb/scanner.* -c context_template(system_u:object_r:scanner_device_t,s0)

98
refpolicy/policy/modules/kernel/storage.fc
View File

@ -1,61 +1,61 @@
# Copyright (C) 2005 Tresys Technology, LLC
/dev/n?(raw)?[qr]ft[0-3] -c system_u:object_r:tape_device_t
/dev/n?[hs]t[0-9].* -c system_u:object_r:tape_device_t
/dev/n?z?qft[0-3] -c system_u:object_r:tape_device_t
/dev/n?osst[0-3].* -c system_u:object_r:tape_device_t
/dev/n?pt[0-9]+ -c system_u:object_r:tape_device_t
/dev/n?tpqic[12].* -c system_u:object_r:tape_device_t
/dev/[shmx]d[^/]* -b system_u:object_r:fixed_disk_device_t
/dev/aztcd -b system_u:object_r:removable_device_t
/dev/bpcd -b system_u:object_r:removable_device_t
/dev/cdu.* -b system_u:object_r:removable_device_t
/dev/cm20.* -b system_u:object_r:removable_device_t
/dev/dasd[^/]* -b system_u:object_r:fixed_disk_device_t
/dev/dm-[0-9]+ -b system_u:object_r:fixed_disk_device_t
/dev/fd[^/]+ -b system_u:object_r:removable_device_t
/dev/flash[^/]* -b system_u:object_r:fixed_disk_device_t
/dev/gscd -b system_u:object_r:removable_device_t
/dev/hitcd -b system_u:object_r:removable_device_t
/dev/ht[0-1] -b system_u:object_r:tape_device_t
/dev/initrd -b system_u:object_r:fixed_disk_device_t
/dev/jsfd -b system_u:object_r:fixed_disk_device_t
/dev/jsflash -c system_u:object_r:fixed_disk_device_t
/dev/loop.* -b system_u:object_r:fixed_disk_device_t
/dev/lvm -c system_u:object_r:fixed_disk_device_t
/dev/mcdx? -b system_u:object_r:removable_device_t
/dev/nb[^/]+ -b system_u:object_r:fixed_disk_device_t
/dev/optcd -b system_u:object_r:removable_device_t
/dev/p[fg][0-3] -b system_u:object_r:removable_device_t
/dev/pcd[0-3] -b system_u:object_r:removable_device_t
/dev/pd[a-d][^/]* -b system_u:object_r:removable_device_t
/dev/pg[0-3] -c system_u:object_r:removable_device_t
/dev/ram.* -b system_u:object_r:fixed_disk_device_t
/dev/rawctl -c system_u:object_r:fixed_disk_device_t
/dev/rd.* -b system_u:object_r:fixed_disk_device_t
/dev/n?(raw)?[qr]ft[0-3] -c context_template(system_u:object_r:tape_device_t,s0)
/dev/n?[hs]t[0-9].* -c context_template(system_u:object_r:tape_device_t,s0)
/dev/n?z?qft[0-3] -c context_template(system_u:object_r:tape_device_t,s0)
/dev/n?osst[0-3].* -c context_template(system_u:object_r:tape_device_t,s0)
/dev/n?pt[0-9]+ -c context_template(system_u:object_r:tape_device_t,s0)
/dev/n?tpqic[12].* -c context_template(system_u:object_r:tape_device_t,s0)
/dev/[shmx]d[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
/dev/aztcd -b context_template(system_u:object_r:removable_device_t,s0)
/dev/bpcd -b context_template(system_u:object_r:removable_device_t,s0)
/dev/cdu.* -b context_template(system_u:object_r:removable_device_t,s0)
/dev/cm20.* -b context_template(system_u:object_r:removable_device_t,s0)
/dev/dasd[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
/dev/dm-[0-9]+ -b context_template(system_u:object_r:fixed_disk_device_t,s0)
/dev/fd[^/]+ -b context_template(system_u:object_r:removable_device_t,s0)
/dev/flash[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
/dev/gscd -b context_template(system_u:object_r:removable_device_t,s0)
/dev/hitcd -b context_template(system_u:object_r:removable_device_t,s0)
/dev/ht[0-1] -b context_template(system_u:object_r:tape_device_t,s0)
/dev/initrd -b context_template(system_u:object_r:fixed_disk_device_t,s0)
/dev/jsfd -b context_template(system_u:object_r:fixed_disk_device_t,s0)
/dev/jsflash -c context_template(system_u:object_r:fixed_disk_device_t,s0)
/dev/loop.* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
/dev/lvm -c context_template(system_u:object_r:fixed_disk_device_t,s0)
/dev/mcdx? -b context_template(system_u:object_r:removable_device_t,s0)
/dev/nb[^/]+ -b context_template(system_u:object_r:fixed_disk_device_t,s0)
/dev/optcd -b context_template(system_u:object_r:removable_device_t,s0)
/dev/p[fg][0-3] -b context_template(system_u:object_r:removable_device_t,s0)
/dev/pcd[0-3] -b context_template(system_u:object_r:removable_device_t,s0)
/dev/pd[a-d][^/]* -b context_template(system_u:object_r:removable_device_t,s0)
/dev/pg[0-3] -c context_template(system_u:object_r:removable_device_t,s0)
/dev/ram.* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
/dev/rawctl -c context_template(system_u:object_r:fixed_disk_device_t,s0)
/dev/rd.* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
ifdef(`distro_redhat', `
/dev/root -b system_u:object_r:fixed_disk_device_t
/dev/root -b context_template(system_u:object_r:fixed_disk_device_t,s0)
')
/dev/s(cd|r)[^/]* -b system_u:object_r:removable_device_t
/dev/sbpcd.* -b system_u:object_r:removable_device_t
/dev/sg[0-9]+ -c system_u:object_r:scsi_generic_device_t
/dev/sjcd -b system_u:object_r:removable_device_t
/dev/sonycd -b system_u:object_r:removable_device_t
/dev/tape.* -c system_u:object_r:tape_device_t
/dev/ubd[^/]* -b system_u:object_r:fixed_disk_device_t
/dev/s(cd|r)[^/]* -b context_template(system_u:object_r:removable_device_t,s0)
/dev/sbpcd.* -b context_template(system_u:object_r:removable_device_t,s0)
/dev/sg[0-9]+ -c context_template(system_u:object_r:scsi_generic_device_t,s0)
/dev/sjcd -b context_template(system_u:object_r:removable_device_t,s0)
/dev/sonycd -b context_template(system_u:object_r:removable_device_t,s0)
/dev/tape.* -c context_template(system_u:object_r:tape_device_t,s0)
/dev/ubd[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
/dev/ataraid/.* -b system_u:object_r:fixed_disk_device_t
/dev/ataraid/.* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
/dev/cciss/[^/]* -b system_u:object_r:fixed_disk_device_t
/dev/cciss/[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
/dev/i2o/hd[^/]* -b system_u:object_r:fixed_disk_device_t
/dev/i2o/hd[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
/dev/ida/[^/]* -b system_u:object_r:fixed_disk_device_t
/dev/ida/[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
/dev/mapper/.* -b system_u:object_r:fixed_disk_device_t
/dev/mapper/.* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
/dev/raw/raw[0-9]+ -c system_u:object_r:fixed_disk_device_t
/dev/raw/raw[0-9]+ -c context_template(system_u:object_r:fixed_disk_device_t,s0)
/dev/scramdisk/.* -b system_u:object_r:fixed_disk_device_t
/dev/scramdisk/.* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
/dev/usb/rio500 -c system_u:object_r:removable_device_t
/dev/usb/rio500 -c context_template(system_u:object_r:removable_device_t,s0)

30
refpolicy/policy/modules/kernel/terminal.fc
View File

@ -1,18 +1,18 @@
# Copyright (C) 2005 Tresys Technology, LLC
/dev/.*tty[^/]* -c system_u:object_r:tty_device_t
/dev/[pt]ty[abcdepqrstuvwxyz][0-9a-f] -c system_u:object_r:bsdpty_device_t
/dev/capi.* -c system_u:object_r:tty_device_t
/dev/cu.* -c system_u:object_r:tty_device_t
/dev/dcbri[0-9]+ -c system_u:object_r:tty_device_t
/dev/hvc.* -c system_u:object_r:tty_device_t
/dev/hvsi.* -c system_u:object_r:tty_device_t
/dev/ircomm[0-9]+ -c system_u:object_r:tty_device_t
/dev/ip2[^/]* -c system_u:object_r:tty_device_t
/dev/isdn.* -c system_u:object_r:tty_device_t
/dev/ptmx -c system_u:object_r:ptmx_t
/dev/tty -c system_u:object_r:devtty_t
/dev/ttySG.* -c system_u:object_r:tty_device_t
/dev/vcs[^/]* -c system_u:object_r:tty_device_t
/dev/.*tty[^/]* -c context_template(system_u:object_r:tty_device_t,s0)
/dev/[pt]ty[abcdepqrstuvwxyz][0-9a-f] -c context_template(system_u:object_r:bsdpty_device_t,s0)
/dev/capi.* -c context_template(system_u:object_r:tty_device_t,s0)
/dev/cu.* -c context_template(system_u:object_r:tty_device_t,s0)
/dev/dcbri[0-9]+ -c context_template(system_u:object_r:tty_device_t,s0)
/dev/hvc.* -c context_template(system_u:object_r:tty_device_t,s0)
/dev/hvsi.* -c context_template(system_u:object_r:tty_device_t,s0)
/dev/ircomm[0-9]+ -c context_template(system_u:object_r:tty_device_t,s0)
/dev/ip2[^/]* -c context_template(system_u:object_r:tty_device_t,s0)
/dev/isdn.* -c context_template(system_u:object_r:tty_device_t,s0)
/dev/ptmx -c context_template(system_u:object_r:ptmx_t,s0)
/dev/tty -c context_template(system_u:object_r:devtty_t,s0)
/dev/ttySG.* -c context_template(system_u:object_r:tty_device_t,s0)
/dev/vcs[^/]* -c context_template(system_u:object_r:tty_device_t,s0)
/dev/usb/tty.* -c system_u:object_r:usbtty_device_t
/dev/usb/tty.* -c context_template(system_u:object_r:usbtty_device_t,s0)

18
refpolicy/policy/modules/services/mta.fc
View File

@ -1,21 +1,21 @@
# Copyright (C) 2005 Tresys Technology, LLC
/etc/aliases -- system_u:object_r:etc_aliases_t
/etc/aliases\.db -- system_u:object_r:etc_aliases_t
/etc/aliases -- context_template(system_u:object_r:etc_aliases_t,s0)
/etc/aliases\.db -- context_template(system_u:object_r:etc_aliases_t,s0)
ifdef(`sendmail.te',`',`
/usr/lib(64)?/sendmail -- system_u:object_r:sendmail_exec_t
/usr/lib(64)?/sendmail -- context_template(system_u:object_r:sendmail_exec_t,s0)
/usr/sbin/sendmail(.sendmail)? -- system_u:object_r:sendmail_exec_t
/usr/sbin/sendmail(.sendmail)? -- context_template(system_u:object_r:sendmail_exec_t,s0)
')
/var/mail(/.*)? system_u:object_r:mail_spool_t
/var/mail(/.*)? context_template(system_u:object_r:mail_spool_t,s0)
/var/spool/(client)?mqueue(/.*)? system_u:object_r:mqueue_spool_t
/var/spool/(client)?mqueue(/.*)? context_template(system_u:object_r:mqueue_spool_t,s0)
/var/spool/mail(/.*)? system_u:object_r:mail_spool_t
/var/spool/mail(/.*)? context_template(system_u:object_r:mail_spool_t,s0)
ifdef(`postfix.te', `', `
/usr/sbin/sendmail.postfix -- system_u:object_r:sendmail_exec_t
/var/spool/postfix(/.*)? system_u:object_r:mail_spool_t
/usr/sbin/sendmail.postfix -- context_template(system_u:object_r:sendmail_exec_t,s0)
/var/spool/postfix(/.*)? context_template(system_u:object_r:mail_spool_t,s0)
')

46
refpolicy/policy/modules/system/authlogin.fc
View File

@ -1,36 +1,36 @@
# Copyright (C) 2005 Tresys Technology, LLC
/bin/login -- system_u:object_r:login_exec_t
/bin/login -- context_template(system_u:object_r:login_exec_t,s0)
/etc/\.pwd\.lock -- system_u:object_r:shadow_t
/etc/group\.lock -- system_u:object_r:shadow_t
/etc/gshadow.* -- system_u:object_r:shadow_t
/etc/passwd\.lock -- system_u:object_r:shadow_t
/etc/shadow.* -- system_u:object_r:shadow_t
/etc/\.pwd\.lock -- context_template(system_u:object_r:shadow_t,s0)
/etc/group\.lock -- context_template(system_u:object_r:shadow_t,s0)
/etc/gshadow.* -- context_template(system_u:object_r:shadow_t,s0)
/etc/passwd\.lock -- context_template(system_u:object_r:shadow_t,s0)
/etc/shadow.* -- context_template(system_u:object_r:shadow_t,s0)
/lib(64)?/security/pam_krb5/pam_krb5_storetmp -- system_u:object_r:pam_exec_t
/lib(64)?/security/pam_krb5/pam_krb5_storetmp -- context_template(system_u:object_r:pam_exec_t,s0)
/sbin/pam_console_apply -- system_u:object_r:pam_console_exec_t
/sbin/pam_timestamp_check -- system_u:object_r:pam_exec_t
/sbin/unix_chkpwd -- system_u:object_r:chkpwd_exec_t
/sbin/unix_verify -- system_u:object_r:chkpwd_exec_t
/sbin/pam_console_apply -- context_template(system_u:object_r:pam_console_exec_t,s0)
/sbin/pam_timestamp_check -- context_template(system_u:object_r:pam_exec_t,s0)
/sbin/unix_chkpwd -- context_template(system_u:object_r:chkpwd_exec_t,s0)
/sbin/unix_verify -- context_template(system_u:object_r:chkpwd_exec_t,s0)
ifdef(`distro_suse', `
/sbin/unix2_chkpwd -- system_u:object_r:chkpwd_exec_t
/sbin/unix2_chkpwd -- context_template(system_u:object_r:chkpwd_exec_t,s0)
')
/usr/kerberos/sbin/login\.krb5 -- system_u:object_r:login_exec_t
/usr/kerberos/sbin/login\.krb5 -- context_template(system_u:object_r:login_exec_t,s0)
/usr/sbin/utempter -- system_u:object_r:utempter_exec_t
/usr/sbin/utempter -- context_template(system_u:object_r:utempter_exec_t,s0)
/var/db/shadow.* -- system_u:object_r:shadow_t
/var/db/shadow.* -- context_template(system_u:object_r:shadow_t,s0)
/var/log/btmp.* -- system_u:object_r:faillog_t
/var/log/dmesg -- system_u:object_r:var_log_t
/var/log/faillog -- system_u:object_r:faillog_t
/var/log/lastlog -- system_u:object_r:lastlog_t
/var/log/syslog -- system_u:object_r:var_log_t
/var/log/wtmp.* -- system_u:object_r:wtmp_t
/var/log/btmp.* -- context_template(system_u:object_r:faillog_t,s0)
/var/log/dmesg -- context_template(system_u:object_r:var_log_t,s0)
/var/log/faillog -- context_template(system_u:object_r:faillog_t,s0)
/var/log/lastlog -- context_template(system_u:object_r:lastlog_t,s0)
/var/log/syslog -- context_template(system_u:object_r:var_log_t,s0)
/var/log/wtmp.* -- context_template(system_u:object_r:wtmp_t,s0)
/var/run/console(/.*)? system_u:object_r:pam_var_console_t
/var/run/console(/.*)? context_template(system_u:object_r:pam_var_console_t,s0)
/var/run/sudo(/.*)? system_u:object_r:pam_var_run_t
/var/run/sudo(/.*)? context_template(system_u:object_r:pam_var_run_t,s0)

4
refpolicy/policy/modules/system/clock.fc
View File

@ -1,6 +1,6 @@
# Copyright (C) 2005 Tresys Technology, LLC
/etc/adjtime -- system_u:object_r:adjtime_t
/etc/adjtime -- context_template(system_u:object_r:adjtime_t,s0)
/sbin/hwclock -- system_u:object_r:hwclock_exec_t
/sbin/hwclock -- context_template(system_u:object_r:hwclock_exec_t,s0)

74
refpolicy/policy/modules/system/corecommands.fc
View File

@ -3,84 +3,84 @@
#
# /bin
#
/bin(/.*)? system_u:object_r:bin_t
/bin/d?ash -- system_u:object_r:shell_exec_t
/bin/bash -- system_u:object_r:shell_exec_t
/bin/bash2 -- system_u:object_r:shell_exec_t
/bin/ls -- system_u:object_r:ls_exec_t
/bin/sash -- system_u:object_r:shell_exec_t
/bin/tcsh -- system_u:object_r:shell_exec_t
/bin/zsh.* -- system_u:object_r:shell_exec_t
/bin(/.*)? context_template(system_u:object_r:bin_t,s0)
/bin/d?ash -- context_template(system_u:object_r:shell_exec_t,s0)
/bin/bash -- context_template(system_u:object_r:shell_exec_t,s0)
/bin/bash2 -- context_template(system_u:object_r:shell_exec_t,s0)
/bin/ls -- context_template(system_u:object_r:ls_exec_t,s0)
/bin/sash -- context_template(system_u:object_r:shell_exec_t,s0)
/bin/tcsh -- context_template(system_u:object_r:shell_exec_t,s0)
/bin/zsh.* -- context_template(system_u:object_r:shell_exec_t,s0)
#
# /dev
#
/dev/MAKEDEV -- system_u:object_r:sbin_t
/dev/MAKEDEV -- context_template(system_u:object_r:sbin_t,s0)
#
# /etc
#
/etc/hotplug/.*agent -- system_u:object_r:sbin_t
/etc/hotplug/.*rc -- system_u:object_r:sbin_t
/etc/hotplug/.*agent -- context_template(system_u:object_r:sbin_t,s0)
/etc/hotplug/.*rc -- context_template(system_u:object_r:sbin_t,s0)
/etc/hotplug/hotplug\.functions -- system_u:object_r:sbin_t
/etc/hotplug/hotplug\.functions -- context_template(system_u:object_r:sbin_t,s0)
/etc/hotplug\.d/default/default.* system_u:object_r:sbin_t
/etc/hotplug\.d/default/default.* context_template(system_u:object_r:sbin_t,s0)
/etc/netplug\.d(/.*)? system_u:object_r:sbin_t
/etc/netplug\.d(/.*)? context_template(system_u:object_r:sbin_t,s0)
ifdef(`targeted_policy', `
/etc/X11/prefdm -- system_u:object_r:bin_t
/etc/X11/prefdm -- context_template(system_u:object_r:bin_t,s0)
')
#
# /sbin
#
/sbin(/.*)? system_u:object_r:sbin_t
/sbin/insmod_ksymoops_clean -- system_u:object_r:sbin_t
/sbin(/.*)? context_template(system_u:object_r:sbin_t,s0)
/sbin/insmod_ksymoops_clean -- context_template(system_u:object_r:sbin_t,s0)
#
# /opt
#
/opt/.*/bin(/.*)? system_u:object_r:bin_t
/opt/.*/bin(/.*)? context_template(system_u:object_r:bin_t,s0)
/opt/.*/libexec(/.*)? system_u:object_r:bin_t
/opt/.*/libexec(/.*)? context_template(system_u:object_r:bin_t,s0)
/opt/.*/sbin(/.*)? system_u:object_r:sbin_t
/opt/.*/sbin(/.*)? context_template(system_u:object_r:sbin_t,s0)
#
# /usr
#
ifdef(`distro_gentoo', `
/usr/.*-.*-linux-gnu/gcc-bin/.*(/.*)? system_u:object_r:bin_t
/usr/.*-.*-linux-gnu/gcc-bin/.*(/.*)? context_template(system_u:object_r:bin_t,s0)
')
/usr(/.*)?/Bin(/.*)? system_u:object_r:bin_t
/usr(/.*)?/Bin(/.*)? context_template(system_u:object_r:bin_t,s0)
/usr(/.*)?/bin(/.*)? system_u:object_r:bin_t
/usr(/.*)?/bin(/.*)? context_template(system_u:object_r:bin_t,s0)
/usr(/.*)?/sbin(/.*)? system_u:object_r:sbin_t
/usr(/.*)?/sbin(/.*)? context_template(system_u:object_r:sbin_t,s0)
/usr/lib(64)?/emacsen-common/.* system_u:object_r:bin_t
/usr/lib(64)?/emacsen-common/.* context_template(system_u:object_r:bin_t,s0)
/usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird -- system_u:object_r:bin_t
/usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird-bin -- system_u:object_r:bin_t
/usr/lib(64)?/[^/]*thunderbird[^/]*/run-mozilla\.sh -- system_u:object_r:bin_t
/usr/lib(64)?/[^/]*thunderbird[^/]*/mozilla-xremote-client -- system_u:object_r:bin_t
/usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird -- context_template(system_u:object_r:bin_t,s0)
/usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird-bin -- context_template(system_u:object_r:bin_t,s0)
/usr/lib(64)?/[^/]*thunderbird[^/]*/run-mozilla\.sh -- context_template(system_u:object_r:bin_t,s0)
/usr/lib(64)?/[^/]*thunderbird[^/]*/mozilla-xremote-client -- context_template(system_u:object_r:bin_t,s0)
/usr/libexec(/.*)? system_u:object_r:bin_t
/usr/libexec(/.*)? context_template(system_u:object_r:bin_t,s0)
/usr/sbin/sesh -- system_u:object_r:shell_exec_t
/usr/sbin/sesh -- context_template(system_u:object_r:shell_exec_t,s0)
/usr/share/gnucash/finance-quote-check -- system_u:object_r:bin_t
/usr/share/gnucash/finance-quote-helper -- system_u:object_r:bin_t
/usr/share/gnucash/finance-quote-check -- context_template(system_u:object_r:bin_t,s0)
/usr/share/gnucash/finance-quote-helper -- context_template(system_u:object_r:bin_t,s0)
/usr/share/mc/extfs/.* -- system_u:object_r:bin_t
/usr/share/mc/extfs/.* -- context_template(system_u:object_r:bin_t,s0)
#
# /var
#
/var/mailman/bin(/.*)? system_u:object_r:bin_t
/var/mailman/bin(/.*)? context_template(system_u:object_r:bin_t,s0)
/var/ftp/bin(/.*)? system_u:object_r:bin_t
/var/ftp/bin/ls -- system_u:object_r:ls_exec_t
/var/ftp/bin(/.*)? context_template(system_u:object_r:bin_t,s0)
/var/ftp/bin/ls -- context_template(system_u:object_r:ls_exec_t,s0)

108
refpolicy/policy/modules/system/files.fc
View File

@ -3,8 +3,8 @@
#
# /
#
/.* system_u:object_r:default_t
/ -d system_u:object_r:root_t
/.* context_template(system_u:object_r:default_t,s0)
/ -d context_template(system_u:object_r:root_t,s0)
/\.journal <<none>>
#
@ -12,75 +12,75 @@
#
/boot/\.journal <<none>>
/boot/lost\+found(/.*)? system_u:object_r:lost_found_t
/boot/lost\+found(/.*)? context_template(system_u:object_r:lost_found_t,s0)
#
# /etc
#
/etc(/.*)? system_u:object_r:etc_t
/etc/\.fstab\.hal\..+ -- system_u:object_r:etc_runtime_t
/etc/asound\.state -- system_u:object_r:etc_runtime_t
/etc/blkid\.tab.* -- system_u:object_r:etc_runtime_t
/etc/fstab\.REVOKE -- system_u:object_r:etc_runtime_t
/etc/HOSTNAME -- system_u:object_r:etc_runtime_t
/etc/ioctl\.save -- system_u:object_r:etc_runtime_t
/etc/issue -- system_u:object_r:etc_runtime_t
/etc/issue\.net -- system_u:object_r:etc_runtime_t
/etc/localtime -l system_u:object_r:etc_t
/etc/mtab -- system_u:object_r:etc_runtime_t
/etc/motd -- system_u:object_r:etc_runtime_t
/etc/nohotplug -- system_u:object_r:etc_runtime_t
/etc/nologin.* -- system_u:object_r:etc_runtime_t
/etc(/.*)? context_template(system_u:object_r:etc_t,s0)
/etc/\.fstab\.hal\..+ -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/asound\.state -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/blkid\.tab.* -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/fstab\.REVOKE -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/HOSTNAME -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/ioctl\.save -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/issue -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/issue\.net -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/localtime -l context_template(system_u:object_r:etc_t,s0)
/etc/mtab -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/motd -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/nohotplug -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/nologin.* -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/init\.d/functions -- system_u:object_r:etc_t
/etc/init\.d/functions -- context_template(system_u:object_r:etc_t,s0)
/etc/network/ifstate -- system_u:object_r:etc_runtime_t
/etc/network/ifstate -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/ptal/ptal-printd-like -- system_u:object_r:etc_runtime_t
/etc/ptal/ptal-printd-like -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/rc\.d/init\.d/functions -- system_u:object_r:etc_t
/etc/rc\.d/init\.d/functions -- context_template(system_u:object_r:etc_t,s0)
/etc/sysconfig/hwconf -- system_u:object_r:etc_runtime_t
/etc/sysconfig/iptables\.save -- system_u:object_r:etc_runtime_t
/etc/sysconfig/firstboot -- system_u:object_r:etc_runtime_t
/etc/sysconfig/hwconf -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/sysconfig/iptables\.save -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/sysconfig/firstboot -- context_template(system_u:object_r:etc_runtime_t,s0)
ifdef(`distro_gentoo', `
/etc/profile\.env -- system_u:object_r:etc_runtime_t
/etc/csh\.env -- system_u:object_r:etc_runtime_t
/etc/env\.d/.* -- system_u:object_r:etc_runtime_t
/etc/profile\.env -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/csh\.env -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/env\.d/.* -- context_template(system_u:object_r:etc_runtime_t,s0)
')
#
# /initrd
#
# initrd mount point, only used during boot
/initrd -d system_u:object_r:root_t
/initrd -d context_template(system_u:object_r:root_t,s0)
#
# /lost+found
#
/lost\+found(/.*)? system_u:object_r:lost_found_t
/lost\+found(/.*)? context_template(system_u:object_r:lost_found_t,s0)
#
# /media
#
# Mount points; do not relabel subdirectories, since
# we don't want to change any removable media by default.
/media(/[^/]*)? -d system_u:object_r:mnt_t
/media(/[^/]*)? -d context_template(system_u:object_r:mnt_t,s0)
/media/[^/]*/.* <<none>>
#
# /mnt
#
/mnt(/[^/]*)? -d system_u:object_r:mnt_t
/mnt(/[^/]*)? -d context_template(system_u:object_r:mnt_t,s0)
/mnt/[^/]*/.* <<none>>
#
# /opt
#
/opt(/.*)? system_u:object_r:usr_t
/opt(/.*)? context_template(system_u:object_r:usr_t,s0)
/opt/.*/var/lib(64)?(/.*)? system_u:object_r:var_lib_t
/opt/.*/var/lib(64)?(/.*)? context_template(system_u:object_r:var_lib_t,s0)
#
# /proc
@ -100,60 +100,60 @@ ifdef(`distro_gentoo', `
#
# /tmp
#
/tmp -d system_u:object_r:tmp_t
/tmp -d context_template(system_u:object_r:tmp_t,s0)
/tmp/.* <<none>>
/tmp/\.journal <<none>>
/tmp/lost\+found(/.*)? system_u:object_r:lost_found_t
/tmp/lost\+found(/.*)? context_template(system_u:object_r:lost_found_t,s0)
#
# /usr
#
/usr(/.*)? system_u:object_r:usr_t
/usr(/.*)? context_template(system_u:object_r:usr_t,s0)
/usr/\.journal <<none>>
/usr/lost\+found(/.*)? system_u:object_r:lost_found_t
/usr/lost\+found(/.*)? context_template(system_u:object_r:lost_found_t,s0)
/usr/etc(/.*)? system_u:object_r:etc_t
/usr/etc(/.*)? context_template(system_u:object_r:etc_t,s0)
/usr/inclu.e(/.*)? system_u:object_r:usr_t
/usr/inclu.e(/.*)? context_template(system_u:object_r:usr_t,s0)
/usr/local/\.journal <<none>>
/usr/local/lost\+found(/.*)? system_u:object_r:lost_found_t
/usr/local/lost\+found(/.*)? context_template(system_u:object_r:lost_found_t,s0)
/usr/share(/.*)?/lib(64)?(/.*)? system_u:object_r:usr_t
/usr/share(/.*)?/lib(64)?(/.*)? context_template(system_u:object_r:usr_t,s0)
/usr/src(/.*)? system_u:object_r:src_t
/usr/src(/.*)? context_template(system_u:object_r:src_t,s0)
/usr/tmp -d system_u:object_r:tmp_t
/usr/tmp -d context_template(system_u:object_r:tmp_t,s0)
/usr/tmp/.* <<none>>
#
# /var
#
/var(/.*)? system_u:object_r:var_t
/var(/.*)? context_template(system_u:object_r:var_t,s0)
/var/\.journal <<none>>
/var/lost\+found(/.*)? system_u:object_r:lost_found_t
/var/lost\+found(/.*)? context_template(system_u:object_r:lost_found_t,s0)
/var/db/.*\.db -- system_u:object_r:etc_t
/var/db/.*\.db -- context_template(system_u:object_r:etc_t,s0)
/var/ftp/etc(/.*)? system_u:object_r:etc_t
/var/ftp/etc(/.*)? context_template(system_u:object_r:etc_t,s0)
/var/lib/nfs/rpc_pipefs(/.*)? <<none>>
/usr/local/etc(/.*)? system_u:object_r:etc_t
/usr/local/etc(/.*)? context_template(system_u:object_r:etc_t,s0)
/usr/local/src(/.*)? system_u:object_r:src_t
/usr/local/src(/.*)? context_template(system_u:object_r:src_t,s0)
/var/lock(/.*)? system_u:object_r:var_lock_t
/var/lock(/.*)? context_template(system_u:object_r:var_lock_t,s0)
/var/run(/.*)? system_u:object_r:var_run_t
/var/run(/.*)? context_template(system_u:object_r:var_run_t,s0)
/var/run/.*\.*pid <<none>>
/var/spool(/.*)? system_u:object_r:var_spool_t
/var/spool(/.*)? context_template(system_u:object_r:var_spool_t,s0)
/var/tmp -d system_u:object_r:tmp_t
/var/tmp -d context_template(system_u:object_r:tmp_t,s0)
/var/tmp/.* <<none>>
/var/tmp/vi\.recover -d system_u:object_r:tmp_t
/var/tmp/vi\.recover -d context_template(system_u:object_r:tmp_t,s0)

4
refpolicy/policy/modules/system/getty.fc
View File

@ -1,5 +1,5 @@
# Copyright (C) 2005 Tresys Technology, LLC
/etc/mgetty(/.*)? system_u:object_r:getty_etc_t
/etc/mgetty(/.*)? context_template(system_u:object_r:getty_etc_t,s0)
/sbin/.*getty -- system_u:object_r:getty_exec_t
/sbin/.*getty -- context_template(system_u:object_r:getty_exec_t,s0)

2
refpolicy/policy/modules/system/hostname.fc
View File

@ -1,3 +1,3 @@
# Copyright (C) 2005 Tresys Technology, LLC
/bin/hostname -- system_u:object_r:hostname_exec_t
/bin/hostname -- context_template(system_u:object_r:hostname_exec_t,s0)

14
refpolicy/policy/modules/system/hotplug.fc
View File

@ -1,12 +1,12 @@
# Copyright (C) 2005 Tresys Technology, LLC
/etc/hotplug(/.*)? system_u:object_r:hotplug_etc_t
/etc/hotplug/firmware.agent -- system_u:object_r:hotplug_exec_t
/etc/hotplug(/.*)? context_template(system_u:object_r:hotplug_etc_t,s0)
/etc/hotplug/firmware.agent -- context_template(system_u:object_r:hotplug_exec_t,s0)
/etc/hotplug\.d/.* -- system_u:object_r:hotplug_exec_t
/etc/hotplug\.d/.* -- context_template(system_u:object_r:hotplug_exec_t,s0)
/sbin/hotplug -- system_u:object_r:hotplug_exec_t
/sbin/netplugd -- system_u:object_r:hotplug_exec_t
/sbin/hotplug -- context_template(system_u:object_r:hotplug_exec_t,s0)
/sbin/netplugd -- context_template(system_u:object_r:hotplug_exec_t,s0)
/var/run/usb(/.*)? system_u:object_r:hotplug_var_run_t
/var/run/hotplug(/.*)? system_u:object_r:hotplug_var_run_t
/var/run/usb(/.*)? context_template(system_u:object_r:hotplug_var_run_t,s0)
/var/run/hotplug(/.*)? context_template(system_u:object_r:hotplug_var_run_t,s0)

44
refpolicy/policy/modules/system/init.fc
View File

@ -4,60 +4,60 @@
# /
#
ifdef(`distro_redhat', `
/\.autofsck -- system_u:object_r:etc_runtime_t
/halt -- system_u:object_r:etc_runtime_t
/\.autofsck -- context_template(system_u:object_r:etc_runtime_t,s0)
/halt -- context_template(system_u:object_r:etc_runtime_t,s0)
')
#
# /etc
#
/etc/init\.d/.* -- system_u:object_r:initrc_exec_t
/etc/init\.d/.* -- context_template(system_u:object_r:initrc_exec_t,s0)
/etc/rc\.d/rc -- system_u:object_r:initrc_exec_t
/etc/rc\.d/rc\.sysinit -- system_u:object_r:initrc_exec_t
/etc/rc\.d/rc\.local -- system_u:object_r:initrc_exec_t
/etc/rc\.d/rc -- context_template(system_u:object_r:initrc_exec_t,s0)
/etc/rc\.d/rc\.sysinit -- context_template(system_u:object_r:initrc_exec_t,s0)
/etc/rc\.d/rc\.local -- context_template(system_u:object_r:initrc_exec_t,s0)
/etc/rc\.d/init\.d/.* -- system_u:object_r:initrc_exec_t
/etc/rc\.d/init\.d/.* -- context_template(system_u:object_r:initrc_exec_t,s0)
ifdef(`targeted_policy', `', `
/etc/X11/prefdm -- system_u:object_r:initrc_exec_t
/etc/X11/prefdm -- context_template(system_u:object_r:initrc_exec_t,s0)
')
#
# /dev
#
/dev/initctl -p system_u:object_r:initctl_t
/dev/initctl -p context_template(system_u:object_r:initctl_t,s0)
#
# /sbin
#
/sbin/init -- system_u:object_r:init_exec_t
/sbin/init -- context_template(system_u:object_r:init_exec_t,s0)
ifdef(`distro_gentoo', `
/sbin/rc -- system_u:object_r:initrc_exec_t
/sbin/runscript -- system_u:object_r:initrc_exec_t
/sbin/runscript\.sh -- system_u:object_r:initrc_exec_t
/sbin/rc -- context_template(system_u:object_r:initrc_exec_t,s0)
/sbin/runscript -- context_template(system_u:object_r:initrc_exec_t,s0)
/sbin/runscript\.sh -- context_template(system_u:object_r:initrc_exec_t,s0)
')
#
# /usr
#
/usr/sbin/open_init_pty -- system_u:object_r:initrc_exec_t
/usr/sbin/open_init_pty -- context_template(system_u:object_r:initrc_exec_t,s0)
#
# /var
#
ifdef(`distro_gentoo', `
/var/lib/init\.d(/.*)? system_u:object_r:initrc_state_t
/var/lib/init\.d(/.*)? context_template(system_u:object_r:initrc_state_t,s0)
')
/var/run/utmp -- system_u:object_r:initrc_var_run_t
/var/run/runlevel\.dir system_u:object_r:initrc_var_run_t
/var/run/random-seed -- system_u:object_r:initrc_var_run_t
/var/run/setmixer_flag -- system_u:object_r:initrc_var_run_t
/var/run/utmp -- context_template(system_u:object_r:initrc_var_run_t,s0)
/var/run/runlevel\.dir context_template(system_u:object_r:initrc_var_run_t,s0)
/var/run/random-seed -- context_template(system_u:object_r:initrc_var_run_t,s0)
/var/run/setmixer_flag -- context_template(system_u:object_r:initrc_var_run_t,s0)
ifdef(`distro_suse', `
/var/run/sysconfig(/.*)? system_u:object_r:initrc_var_run_t
/var/run/keymap -- system_u:object_r:initrc_var_run_t
/var/run/numlock-on -- system_u:object_r:initrc_var_run_t
/var/run/sysconfig(/.*)? context_template(system_u:object_r:initrc_var_run_t,s0)
/var/run/keymap -- context_template(system_u:object_r:initrc_var_run_t,s0)
/var/run/numlock-on -- context_template(system_u:object_r:initrc_var_run_t,s0)
')

12
refpolicy/policy/modules/system/iptables.fc
View File

@ -1,9 +1,9 @@
# Copyright (C) 2005 Tresys Technology, LLC
/sbin/ip6tables.* -- system_u:object_r:iptables_exec_t
/sbin/ipchains.* -- system_u:object_r:iptables_exec_t
/sbin/iptables.* -- system_u:object_r:iptables_exec_t
/sbin/ip6tables.* -- context_template(system_u:object_r:iptables_exec_t,s0)
/sbin/ipchains.* -- context_template(system_u:object_r:iptables_exec_t,s0)
/sbin/iptables.* -- context_template(system_u:object_r:iptables_exec_t,s0)
/usr/sbin/ip6tables.* -- system_u:object_r:iptables_exec_t
/usr/sbin/ipchains.* -- system_u:object_r:iptables_exec_t
/usr/sbin/iptables.* -- system_u:object_r:iptables_exec_t
/usr/sbin/ip6tables.* -- context_template(system_u:object_r:iptables_exec_t,s0)
/usr/sbin/ipchains.* -- context_template(system_u:object_r:iptables_exec_t,s0)
/usr/sbin/iptables.* -- context_template(system_u:object_r:iptables_exec_t,s0)

44
refpolicy/policy/modules/system/libraries.fc
View File

@ -3,48 +3,48 @@
#
# /etc
#
/etc/ld\.so\.cache -- system_u:object_r:ld_so_cache_t
/etc/ld\.so\.preload -- system_u:object_r:ld_so_cache_t
/etc/ld\.so\.cache -- context_template(system_u:object_r:ld_so_cache_t,s0)
/etc/ld\.so\.preload -- context_template(system_u:object_r:ld_so_cache_t,s0)
#
# /lib(64)?
#
/lib(64)?(/.*)? system_u:object_r:lib_t
/lib(64)?/.*\.so(\.[^/]*)* -- system_u:object_r:shlib_t
/lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* -- system_u:object_r:ld_so_t
/lib(64)?(/.*)? context_template(system_u:object_r:lib_t,s0)
/lib(64)?/.*\.so(\.[^/]*)* -- context_template(system_u:object_r:shlib_t,s0)
/lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* -- context_template(system_u:object_r:ld_so_t,s0)
#
# /opt
#
/opt/.*/lib(64)?(/.*)? system_u:object_r:lib_t
/opt/.*/lib(64)?/.*\.so(\.[^/]*)* -- system_u:object_r:shlib_t
/opt/.*/lib(64)?(/.*)? context_template(system_u:object_r:lib_t,s0)
/opt/.*/lib(64)?/.*\.so(\.[^/]*)* -- context_template(system_u:object_r:shlib_t,s0)
#
# /usr
#
/usr(/.*)?/HelixPlayer/.*\.so(\.[^/]*)* -- system_u:object_r:texrel_shlib_t
/usr(/.*)?/HelixPlayer/.*\.so(\.[^/]*)* -- context_template(system_u:object_r:texrel_shlib_t,s0)
/usr(/.*)?/java/.*\.so(\.[^/]*)* -- system_u:object_r:texrel_shlib_t
/usr(/.*)?/java/.*\.jar -- system_u:object_r:shlib_t
/usr(/.*)?/java/.*\.jsa -- system_u:object_r:shlib_t
/usr(/.*)?/java/.*\.so(\.[^/]*)* -- context_template(system_u:object_r:texrel_shlib_t,s0)
/usr(/.*)?/java/.*\.jar -- context_template(system_u:object_r:shlib_t,s0)
/usr(/.*)?/java/.*\.jsa -- context_template(system_u:object_r:shlib_t,s0)
/usr(/.*)?/lib(64)?(/.*)? system_u:object_r:lib_t
/usr(/.*)?/lib(64)?/.*\.so(\.[^/]*)* -- system_u:object_r:shlib_t
/usr(/.*)?/lib(64)?(/.*)? context_template(system_u:object_r:lib_t,s0)
/usr(/.*)?/lib(64)?/.*\.so(\.[^/]*)* -- context_template(system_u:object_r:shlib_t,s0)
/usr(/.*)?/lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* system_u:object_r:ld_so_t
/usr(/.*)?/lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* context_template(system_u:object_r:ld_so_t,s0)
/usr(/.*)?/nvidia/.*\.so(\..*)? -- system_u:object_r:texrel_shlib_t
/usr(/.*)?/nvidia/.*\.so(\..*)? -- context_template(system_u:object_r:texrel_shlib_t,s0)
/usr/lib/win32/.* -- system_u:object_r:shlib_t
/usr/lib/win32/.* -- context_template(system_u:object_r:shlib_t,s0)
/usr/X11R6/lib/libGL\.so.* -- system_u:object_r:texrel_shlib_t
/usr/X11R6/lib/libXvMCNVIDIA\.so.* -- system_u:object_r:texrel_shlib_t
/usr/X11R6/lib/libGL\.so.* -- context_template(system_u:object_r:texrel_shlib_t,s0)
/usr/X11R6/lib/libXvMCNVIDIA\.so.* -- context_template(system_u:object_r:texrel_shlib_t,s0)
#
# /var
#
/var/ftp/lib(64)?(/.*)? system_u:object_r:lib_t
/var/ftp/lib(64)?/ld[^/]*\.so(\.[^/]*)* -- system_u:object_r:ld_so_t
/var/ftp/lib(64)?/lib[^/]*\.so(\.[^/]*)* -- system_u:object_r:shlib_t
/var/ftp/lib(64)?(/.*)? context_template(system_u:object_r:lib_t,s0)
/var/ftp/lib(64)?/ld[^/]*\.so(\.[^/]*)* -- context_template(system_u:object_r:ld_so_t,s0)
/var/ftp/lib(64)?/lib[^/]*\.so(\.[^/]*)* -- context_template(system_u:object_r:shlib_t,s0)
/var/mailman/pythonlib(/.*)?/.*\.so(\..*)? -- system_u:object_r:shlib_t
/var/mailman/pythonlib(/.*)?/.*\.so(\..*)? -- context_template(system_u:object_r:shlib_t,s0)

2
refpolicy/policy/modules/system/locallogin.fc
View File

@ -1,3 +1,3 @@
# Copyright (C) 2005 Tresys Technology, LLC
/sbin/sulogin -- system_u:object_r:sulogin_exec_t
/sbin/sulogin -- context_template(system_u:object_r:sulogin_exec_t,s0)

28
refpolicy/policy/modules/system/logging.fc
View File

@ -1,23 +1,23 @@
# Copyright (C) 2005 Tresys Technology, LLC
/dev/log -s system_u:object_r:devlog_t
/dev/log -s context_template(system_u:object_r:devlog_t,s0)
/sbin/klogd -- system_u:object_r:klogd_exec_t
/sbin/minilogd -- system_u:object_r:syslogd_exec_t
/sbin/syslogd -- system_u:object_r:syslogd_exec_t
/sbin/syslog-ng -- system_u:object_r:syslogd_exec_t
/sbin/klogd -- context_template(system_u:object_r:klogd_exec_t,s0)
/sbin/minilogd -- context_template(system_u:object_r:syslogd_exec_t,s0)
/sbin/syslogd -- context_template(system_u:object_r:syslogd_exec_t,s0)
/sbin/syslog-ng -- context_template(system_u:object_r:syslogd_exec_t,s0)
/usr/sbin/klogd -- system_u:object_r:klogd_exec_t
/usr/sbin/metalog -- system_u:object_r:syslogd_exec_t
/usr/sbin/syslogd -- system_u:object_r:syslogd_exec_t
/usr/sbin/klogd -- context_template(system_u:object_r:klogd_exec_t,s0)
/usr/sbin/metalog -- context_template(system_u:object_r:syslogd_exec_t,s0)
/usr/sbin/syslogd -- context_template(system_u:object_r:syslogd_exec_t,s0)
ifdef(`distro_suse', `
/var/lib/stunnel/dev/log -s system_u:object_r:devlog_t
/var/lib/stunnel/dev/log -s context_template(system_u:object_r:devlog_t,s0)
')
/var/log(/.*)? system_u:object_r:var_log_t
/var/log(/.*)? context_template(system_u:object_r:var_log_t,s0)
/var/run/klogd\.pid -- system_u:object_r:klogd_var_run_t
/var/run/log -s system_u:object_r:devlog_t
/var/run/metalog\.pid -- system_u:object_r:syslogd_var_run_t
/var/run/syslogd\.pid -- system_u:object_r:syslogd_var_run_t
/var/run/klogd\.pid -- context_template(system_u:object_r:klogd_var_run_t,s0)
/var/run/log -s context_template(system_u:object_r:devlog_t,s0)
/var/run/metalog\.pid -- context_template(system_u:object_r:syslogd_var_run_t,s0)
/var/run/syslogd\.pid -- context_template(system_u:object_r:syslogd_var_run_t,s0)

120
refpolicy/policy/modules/system/lvm.fc
View File

@ -7,85 +7,85 @@
#
# /etc
#
/etc/lvm(/.*)? system_u:object_r:lvm_etc_t
/etc/lvm/\.cache -- system_u:object_r:lvm_metadata_t
/etc/lvm(/.*)? context_template(system_u:object_r:lvm_etc_t,s0)
/etc/lvm/\.cache -- context_template(system_u:object_r:lvm_metadata_t,s0)
/etc/lvm/archive(/.*)? system_u:object_r:lvm_metadata_t
/etc/lvm/archive(/.*)? context_template(system_u:object_r:lvm_metadata_t,s0)
/etc/lvm/backup(/.*)? system_u:object_r:lvm_metadata_t
/etc/lvm/backup(/.*)? context_template(system_u:object_r:lvm_metadata_t,s0)
/etc/lvm/lock(/.*)? system_u:object_r:lvm_lock_t
/etc/lvm/lock(/.*)? context_template(system_u:object_r:lvm_lock_t,s0)
/etc/lvmtab(/.*)? system_u:object_r:lvm_metadata_t
/etc/lvmtab(/.*)? context_template(system_u:object_r:lvm_metadata_t,s0)
/etc/lvmtab\.d(/.*)? system_u:object_r:lvm_metadata_t
/etc/lvmtab\.d(/.*)? context_template(system_u:object_r:lvm_metadata_t,s0)
#
# /lib
#
/lib/lvm-10(/.*) -- system_u:object_r:lvm_exec_t
/lib/lvm-10(/.*) -- context_template(system_u:object_r:lvm_exec_t,s0)
/lib/lvm-200(/.*) -- system_u:object_r:lvm_exec_t
/lib/lvm-200(/.*) -- context_template(system_u:object_r:lvm_exec_t,s0)
#
# /sbin
#
/sbin/cryptsetup -- system_u:object_r:lvm_exec_t
/sbin/dmsetup -- system_u:object_r:lvm_exec_t
/sbin/dmsetup\.static -- system_u:object_r:lvm_exec_t
/sbin/e2fsadm -- system_u:object_r:lvm_exec_t
/sbin/lvchange -- system_u:object_r:lvm_exec_t
/sbin/lvcreate -- system_u:object_r:lvm_exec_t
/sbin/lvdisplay -- system_u:object_r:lvm_exec_t
/sbin/lvextend -- system_u:object_r:lvm_exec_t
/sbin/lvm -- system_u:object_r:lvm_exec_t
/sbin/lvm\.static -- system_u:object_r:lvm_exec_t
/sbin/lvmchange -- system_u:object_r:lvm_exec_t
/sbin/lvmdiskscan -- system_u:object_r:lvm_exec_t
/sbin/lvmiopversion -- system_u:object_r:lvm_exec_t
/sbin/lvmsadc -- system_u:object_r:lvm_exec_t
/sbin/lvmsar -- system_u:object_r:lvm_exec_t
/sbin/lvreduce -- system_u:object_r:lvm_exec_t
/sbin/lvremove -- system_u:object_r:lvm_exec_t
/sbin/lvrename -- system_u:object_r:lvm_exec_t
/sbin/lvresize -- system_u:object_r:lvm_exec_t
/sbin/lvs -- system_u:object_r:lvm_exec_t
/sbin/lvscan -- system_u:object_r:lvm_exec_t
/sbin/pvchange -- system_u:object_r:lvm_exec_t
/sbin/pvcreate -- system_u:object_r:lvm_exec_t
/sbin/pvdata -- system_u:object_r:lvm_exec_t
/sbin/pvdisplay -- system_u:object_r:lvm_exec_t
/sbin/pvmove -- system_u:object_r:lvm_exec_t
/sbin/pvremove -- system_u:object_r:lvm_exec_t
/sbin/pvs -- system_u:object_r:lvm_exec_t
/sbin/pvscan -- system_u:object_r:lvm_exec_t
/sbin/vgcfgbackup -- system_u:object_r:lvm_exec_t
/sbin/vgcfgrestore -- system_u:object_r:lvm_exec_t
/sbin/vgchange -- system_u:object_r:lvm_exec_t
/sbin/vgchange\.static -- system_u:object_r:lvm_exec_t
/sbin/vgck -- system_u:object_r:lvm_exec_t
/sbin/vgcreate -- system_u:object_r:lvm_exec_t
/sbin/vgdisplay -- system_u:object_r:lvm_exec_t
/sbin/vgexport -- system_u:object_r:lvm_exec_t
/sbin/vgextend -- system_u:object_r:lvm_exec_t
/sbin/vgimport -- system_u:object_r:lvm_exec_t
/sbin/vgmerge -- system_u:object_r:lvm_exec_t
/sbin/vgmknodes -- system_u:object_r:lvm_exec_t
/sbin/vgreduce -- system_u:object_r:lvm_exec_t
/sbin/vgremove -- system_u:object_r:lvm_exec_t
/sbin/vgrename -- system_u:object_r:lvm_exec_t
/sbin/vgs -- system_u:object_r:lvm_exec_t
/sbin/vgscan -- system_u:object_r:lvm_exec_t
/sbin/vgscan\.static -- system_u:object_r:lvm_exec_t
/sbin/vgsplit -- system_u:object_r:lvm_exec_t
/sbin/vgwrapper -- system_u:object_r:lvm_exec_t
/sbin/cryptsetup -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/dmsetup -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/dmsetup\.static -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/e2fsadm -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvchange -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvcreate -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvdisplay -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvextend -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvm -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvm\.static -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvmchange -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvmdiskscan -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvmiopversion -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvmsadc -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvmsar -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvreduce -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvremove -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvrename -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvresize -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvs -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvscan -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/pvchange -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/pvcreate -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/pvdata -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/pvdisplay -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/pvmove -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/pvremove -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/pvs -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/pvscan -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgcfgbackup -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgcfgrestore -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgchange -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgchange\.static -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgck -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgcreate -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgdisplay -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgexport -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgextend -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgimport -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgmerge -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgmknodes -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgreduce -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgremove -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgrename -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgs -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgscan -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgscan\.static -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgsplit -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgwrapper -- context_template(system_u:object_r:lvm_exec_t,s0)
#
# /usr
#
/usr/sbin/lvm -- system_u:object_r:lvm_exec_t
/usr/sbin/lvm -- context_template(system_u:object_r:lvm_exec_t,s0)
#
# /var
#
/var/lock/lvm(/.*)? system_u:object_r:lvm_lock_t
/var/lock/lvm(/.*)? context_template(system_u:object_r:lvm_lock_t,s0)

40
refpolicy/policy/modules/system/miscfiles.fc
View File

@ -3,53 +3,53 @@
#
# /etc
#
/etc/localtime -- system_u:object_r:locale_t
/etc/localtime -- context_template(system_u:object_r:locale_t,s0)
#
# /opt
#
/opt/.*/man(/.*)? system_u:object_r:man_t
/opt/.*/man(/.*)? context_template(system_u:object_r:man_t,s0)
#
# /usr
#
/usr/lib/locale(/.*)? system_u:object_r:locale_t
/usr/lib/locale(/.*)? context_template(system_u:object_r:locale_t,s0)
/usr/lib(64)?/perl5/man(/.*)? system_u:object_r:man_t
/usr/lib(64)?/perl5/man(/.*)? context_template(system_u:object_r:man_t,s0)
/usr/local/man(/.*)? system_u:object_r:man_t
/usr/local/man(/.*)? context_template(system_u:object_r:man_t,s0)
/usr/local/share/fonts(/.*)? system_u:object_r:fonts_t
/usr/local/share/fonts(/.*)? context_template(system_u:object_r:fonts_t,s0)
/usr/man(/.*)? system_u:object_r:man_t
/usr/man(/.*)? context_template(system_u:object_r:man_t,s0)
/usr/share/fonts(/.*)? system_u:object_r:fonts_t
/usr/share/fonts(/.*)? context_template(system_u:object_r:fonts_t,s0)
/usr/share/ghostscript/fonts(/.*)? system_u:object_r:fonts_t
/usr/share/ghostscript/fonts(/.*)? context_template(system_u:object_r:fonts_t,s0)
/usr/share/locale(/.*)? system_u:object_r:locale_t
/usr/share/locale(/.*)? context_template(system_u:object_r:locale_t,s0)
/usr/share/man(/.*)? system_u:object_r:man_t
/usr/share/man(/.*)? context_template(system_u:object_r:man_t,s0)
/usr/share/zoneinfo(/.*)? system_u:object_r:locale_t
/usr/share/zoneinfo(/.*)? context_template(system_u:object_r:locale_t,s0)
/usr/X11R6/lib/X11/fonts(/.*)? system_u:object_r:fonts_t
/usr/X11R6/lib/X11/fonts(/.*)? context_template(system_u:object_r:fonts_t,s0)
/usr/X11R6/man(/.*)? system_u:object_r:man_t
/usr/X11R6/man(/.*)? context_template(system_u:object_r:man_t,s0)
#
# /var
#
ifdef(`distro_debian', `
/var/lib/msttcorefonts(/.*)? system_u:object_r:fonts_t
/var/lib/msttcorefonts(/.*)? context_template(system_u:object_r:fonts_t,s0)
')
/var/lib/texmf(/.*)? system_u:object_r:tetex_data_t
/var/lib/texmf(/.*)? context_template(system_u:object_r:tetex_data_t,s0)
/var/cache/fonts(/.*)? system_u:object_r:tetex_data_t
/var/cache/fonts(/.*)? context_template(system_u:object_r:tetex_data_t,s0)
/var/cache/man(/.*)? system_u:object_r:catman_t
/var/cache/man(/.*)? context_template(system_u:object_r:catman_t,s0)
/var/catman(/.*)? system_u:object_r:catman_t
/var/catman(/.*)? context_template(system_u:object_r:catman_t,s0)
/var/spool/texmf(/.*)? system_u:object_r:tetex_data_t
/var/spool/texmf(/.*)? context_template(system_u:object_r:tetex_data_t,s0)

20
refpolicy/policy/modules/system/modutils.fc
View File

@ -1,15 +1,15 @@
# Copyright (C) 2005 Tresys Technology, LLC
/etc/modules\.conf.* -- system_u:object_r:modules_conf_t
/etc/modprobe\.conf.* -- system_u:object_r:modules_conf_t
/etc/modules\.conf.* -- context_template(system_u:object_r:modules_conf_t,s0)
/etc/modprobe\.conf.* -- context_template(system_u:object_r:modules_conf_t,s0)
/lib(64)?/modules/[^/]+/modules\..+ -- system_u:object_r:modules_dep_t
/lib(64)?/modules/[^/]+/modules\..+ -- context_template(system_u:object_r:modules_dep_t,s0)
/lib(64)?/modules/modprobe\.conf -- system_u:object_r:modules_conf_t
/lib(64)?/modules/modprobe\.conf -- context_template(system_u:object_r:modules_conf_t,s0)
/sbin/depmod.* -- system_u:object_r:depmod_exec_t
/sbin/generate-modprobe\.conf -- system_u:object_r:update_modules_exec_t
/sbin/insmod.* -- system_u:object_r:insmod_exec_t
/sbin/modprobe.* -- system_u:object_r:insmod_exec_t
/sbin/rmmod.* -- system_u:object_r:insmod_exec_t
/sbin/update-modules -- system_u:object_r:update_modules_exec_t
/sbin/depmod.* -- context_template(system_u:object_r:depmod_exec_t,s0)
/sbin/generate-modprobe\.conf -- context_template(system_u:object_r:update_modules_exec_t,s0)
/sbin/insmod.* -- context_template(system_u:object_r:insmod_exec_t,s0)
/sbin/modprobe.* -- context_template(system_u:object_r:insmod_exec_t,s0)
/sbin/rmmod.* -- context_template(system_u:object_r:insmod_exec_t,s0)
/sbin/update-modules -- context_template(system_u:object_r:update_modules_exec_t,s0)

4
refpolicy/policy/modules/system/mount.fc
View File

@ -4,5 +4,5 @@
#
# mount file contexts
#
/bin/mount.* -- system_u:object_r:mount_exec_t
/bin/umount.* -- system_u:object_r:mount_exec_t
/bin/mount.* -- context_template(system_u:object_r:mount_exec_t,s0)
/bin/umount.* -- context_template(system_u:object_r:mount_exec_t,s0)

30
refpolicy/policy/modules/system/selinux.fc
View File

@ -3,39 +3,39 @@
#
# /etc
#
/etc/selinux(/.*)? system_u:object_r:selinux_config_t
/etc/selinux(/.*)? context_template(system_u:object_r:selinux_config_t,s0)
/etc/selinux/([^/]*/)?contexts(/.*)? system_u:object_r:default_context_t
/etc/selinux/([^/]*/)?contexts(/.*)? context_template(system_u:object_r:default_context_t,s0)
/etc/selinux/([^/]*/)?contexts/files(/.*)? system_u:object_r:file_context_t
/etc/selinux/([^/]*/)?contexts/files(/.*)? context_template(system_u:object_r:file_context_t,s0)
/etc/selinux/([^/]*/)?policy(/.*)? system_u:object_r:policy_config_t
/etc/selinux/([^/]*/)?policy(/.*)? context_template(system_u:object_r:policy_config_t,s0)
/etc/selinux/([^/]*/)?src(/.*)? system_u:object_r:policy_src_t
/etc/selinux/([^/]*/)?src(/.*)? context_template(system_u:object_r:policy_src_t,s0)
#
# /root
#
/root/\.default_contexts -- system_u:object_r:default_context_t
/root/\.default_contexts -- context_template(system_u:object_r:default_context_t,s0)
#
# /sbin
#
/sbin/load_policy -- system_u:object_r:load_policy_exec_t
/sbin/restorecon -- system_u:object_r:restorecon_exec_t
/sbin/load_policy -- context_template(system_u:object_r:load_policy_exec_t,s0)
/sbin/restorecon -- context_template(system_u:object_r:restorecon_exec_t,s0)
#
# /usr
#
/usr/bin/checkpolicy -- system_u:object_r:checkpolicy_exec_t
/usr/bin/newrole -- system_u:object_r:newrole_exec_t
/usr/bin/checkpolicy -- context_template(system_u:object_r:checkpolicy_exec_t,s0)
/usr/bin/newrole -- context_template(system_u:object_r:newrole_exec_t,s0)
/usr/lib(64)?/selinux(/.*)? system_u:object_r:policy_src_t
/usr/lib(64)?/selinux(/.*)? context_template(system_u:object_r:policy_src_t,s0)
/usr/sbin/load_policy -- system_u:object_r:load_policy_exec_t
/usr/sbin/run_init -- system_u:object_r:run_init_exec_t
/usr/sbin/setfiles.* -- system_u:object_r:setfiles_exec_t
/usr/sbin/load_policy -- context_template(system_u:object_r:load_policy_exec_t,s0)
/usr/sbin/run_init -- context_template(system_u:object_r:run_init_exec_t,s0)
/usr/sbin/setfiles.* -- context_template(system_u:object_r:setfiles_exec_t,s0)
ifdef(`distro_debian', `
/usr/share/selinux(/.*)? system_u:object_r:policy_src_t
/usr/share/selinux(/.*)? context_template(system_u:object_r:policy_src_t,s0)
')

30
refpolicy/policy/modules/system/selinuxutil.fc
View File

@ -3,39 +3,39 @@
#
# /etc
#
/etc/selinux(/.*)? system_u:object_r:selinux_config_t
/etc/selinux(/.*)? context_template(system_u:object_r:selinux_config_t,s0)
/etc/selinux/([^/]*/)?contexts(/.*)? system_u:object_r:default_context_t
/etc/selinux/([^/]*/)?contexts(/.*)? context_template(system_u:object_r:default_context_t,s0)
/etc/selinux/([^/]*/)?contexts/files(/.*)? system_u:object_r:file_context_t
/etc/selinux/([^/]*/)?contexts/files(/.*)? context_template(system_u:object_r:file_context_t,s0)
/etc/selinux/([^/]*/)?policy(/.*)? system_u:object_r:policy_config_t
/etc/selinux/([^/]*/)?policy(/.*)? context_template(system_u:object_r:policy_config_t,s0)
/etc/selinux/([^/]*/)?src(/.*)? system_u:object_r:policy_src_t
/etc/selinux/([^/]*/)?src(/.*)? context_template(system_u:object_r:policy_src_t,s0)
#
# /root
#
/root/\.default_contexts -- system_u:object_r:default_context_t
/root/\.default_contexts -- context_template(system_u:object_r:default_context_t,s0)
#
# /sbin
#
/sbin/load_policy -- system_u:object_r:load_policy_exec_t
/sbin/restorecon -- system_u:object_r:restorecon_exec_t
/sbin/load_policy -- context_template(system_u:object_r:load_policy_exec_t,s0)
/sbin/restorecon -- context_template(system_u:object_r:restorecon_exec_t,s0)
#
# /usr
#
/usr/bin/checkpolicy -- system_u:object_r:checkpolicy_exec_t
/usr/bin/newrole -- system_u:object_r:newrole_exec_t
/usr/bin/checkpolicy -- context_template(system_u:object_r:checkpolicy_exec_t,s0)
/usr/bin/newrole -- context_template(system_u:object_r:newrole_exec_t,s0)
/usr/lib(64)?/selinux(/.*)? system_u:object_r:policy_src_t
/usr/lib(64)?/selinux(/.*)? context_template(system_u:object_r:policy_src_t,s0)
/usr/sbin/load_policy -- system_u:object_r:load_policy_exec_t
/usr/sbin/run_init -- system_u:object_r:run_init_exec_t
/usr/sbin/setfiles.* -- system_u:object_r:setfiles_exec_t
/usr/sbin/load_policy -- context_template(system_u:object_r:load_policy_exec_t,s0)
/usr/sbin/run_init -- context_template(system_u:object_r:run_init_exec_t,s0)
/usr/sbin/setfiles.* -- context_template(system_u:object_r:setfiles_exec_t,s0)
ifdef(`distro_debian', `
/usr/share/selinux(/.*)? system_u:object_r:policy_src_t
/usr/share/selinux(/.*)? context_template(system_u:object_r:policy_src_t,s0)
')

48
refpolicy/policy/modules/system/sysnetwork.fc
View File

@ -3,45 +3,45 @@
#
# /bin
#
/bin/ip -- system_u:object_r:ifconfig_exec_t
/bin/ip -- context_template(system_u:object_r:ifconfig_exec_t,s0)
#
# /etc
#
/etc/dhclient.*conf -- system_u:object_r:dhcp_etc_t
/etc/dhclient-script -- system_u:object_r:dhcp_etc_t
/etc/dhcpc.* system_u:object_r:dhcp_etc_t
/etc/resolv\.conf.* -- system_u:object_r:net_conf_t
/etc/yp\.conf.* -- system_u:object_r:net_conf_t
/etc/dhclient.*conf -- context_template(system_u:object_r:dhcp_etc_t,s0)
/etc/dhclient-script -- context_template(system_u:object_r:dhcp_etc_t,s0)
/etc/dhcpc.* context_template(system_u:object_r:dhcp_etc_t,s0)
/etc/resolv\.conf.* -- context_template(system_u:object_r:net_conf_t,s0)
/etc/yp\.conf.* -- context_template(system_u:object_r:net_conf_t,s0)
/etc/dhcp3?/dhclient.* system_u:object_r:dhcp_etc_t
/etc/dhcp3?/dhclient.* context_template(system_u:object_r:dhcp_etc_t,s0)
#
# /sbin
#
/sbin/dhclient.* -- system_u:object_r:dhcpc_exec_t
/sbin/dhcpcd -- system_u:object_r:dhcpc_exec_t
/sbin/ethtool -- system_u:object_r:ifconfig_exec_t
/sbin/ifconfig -- system_u:object_r:ifconfig_exec_t
/sbin/ip -- system_u:object_r:ifconfig_exec_t
/sbin/ipx_configure -- system_u:object_r:ifconfig_exec_t
/sbin/ipx_interface -- system_u:object_r:ifconfig_exec_t
/sbin/ipx_internal_net -- system_u:object_r:ifconfig_exec_t
/sbin/iwconfig -- system_u:object_r:ifconfig_exec_t
/sbin/mii-tool -- system_u:object_r:ifconfig_exec_t
/sbin/pump -- system_u:object_r:dhcpc_exec_t
/sbin/tc -- system_u:object_r:ifconfig_exec_t
/sbin/dhclient.* -- context_template(system_u:object_r:dhcpc_exec_t,s0)
/sbin/dhcpcd -- context_template(system_u:object_r:dhcpc_exec_t,s0)
/sbin/ethtool -- context_template(system_u:object_r:ifconfig_exec_t,s0)
/sbin/ifconfig -- context_template(system_u:object_r:ifconfig_exec_t,s0)
/sbin/ip -- context_template(system_u:object_r:ifconfig_exec_t,s0)
/sbin/ipx_configure -- context_template(system_u:object_r:ifconfig_exec_t,s0)
/sbin/ipx_interface -- context_template(system_u:object_r:ifconfig_exec_t,s0)
/sbin/ipx_internal_net -- context_template(system_u:object_r:ifconfig_exec_t,s0)
/sbin/iwconfig -- context_template(system_u:object_r:ifconfig_exec_t,s0)
/sbin/mii-tool -- context_template(system_u:object_r:ifconfig_exec_t,s0)
/sbin/pump -- context_template(system_u:object_r:dhcpc_exec_t,s0)
/sbin/tc -- context_template(system_u:object_r:ifconfig_exec_t,s0)
#
# /usr
#
/usr/sbin/tc -- system_u:object_r:ifconfig_exec_t
/usr/sbin/tc -- context_template(system_u:object_r:ifconfig_exec_t,s0)
#
# /var
#
/var/lib/dhcp3? -d system_u:object_r:dhcp_state_t
/var/lib/dhcp3?/dhclient.* system_u:object_r:dhcpc_state_t
/var/lib/dhcp3? -d context_template(system_u:object_r:dhcp_state_t,s0)
/var/lib/dhcp3?/dhclient.* context_template(system_u:object_r:dhcpc_state_t,s0)
/var/run/dhclient.*\.pid -- system_u:object_r:dhcpc_var_run_t
/var/run/dhclient.*\.leases -- system_u:object_r:dhcpc_var_run_t
/var/run/dhclient.*\.pid -- context_template(system_u:object_r:dhcpc_var_run_t,s0)
/var/run/dhclient.*\.leases -- context_template(system_u:object_r:dhcpc_var_run_t,s0)

22
refpolicy/policy/modules/system/udev.fc
View File

@ -1,18 +1,18 @@
# udev
/dev/\.udev\.tdb -- system_u:object_r:udev_tbl_t
/dev/udev\.tbl -- system_u:object_r:udev_tbl_t
/dev/\.udev\.tdb -- context_template(system_u:object_r:udev_tbl_t,s0)
/dev/udev\.tbl -- context_template(system_u:object_r:udev_tbl_t,s0)
/etc/dev\.d/.+ -- system_u:object_r:udev_helper_exec_t
/etc/dev\.d/.+ -- context_template(system_u:object_r:udev_helper_exec_t,s0)
/etc/hotplug\.d/default/udev.* -- system_u:object_r:udev_helper_exec_t
/etc/hotplug\.d/default/udev.* -- context_template(system_u:object_r:udev_helper_exec_t,s0)
/etc/udev/scripts/.+ -- system_u:object_r:udev_helper_exec_t
/etc/udev/scripts/.+ -- context_template(system_u:object_r:udev_helper_exec_t,s0)
/sbin/start_udev -- system_u:object_r:udev_exec_t
/sbin/udev -- system_u:object_r:udev_exec_t
/sbin/udevd -- system_u:object_r:udev_exec_t
/sbin/udevsend -- system_u:object_r:udev_exec_t
/sbin/wait_for_sysfs -- system_u:object_r:udev_exec_t
/sbin/start_udev -- context_template(system_u:object_r:udev_exec_t,s0)
/sbin/udev -- context_template(system_u:object_r:udev_exec_t,s0)
/sbin/udevd -- context_template(system_u:object_r:udev_exec_t,s0)
/sbin/udevsend -- context_template(system_u:object_r:udev_exec_t,s0)
/sbin/wait_for_sysfs -- context_template(system_u:object_r:udev_exec_t,s0)
/usr/bin/udevinfo -- system_u:object_r:udev_exec_t
/usr/bin/udevinfo -- context_template(system_u:object_r:udev_exec_t,s0)