|
|
|
@ -14,7 +14,8 @@ attribute noxattrfs;
|
|
|
|
|
# fs_t is the default type for persistent
|
|
|
|
|
# filesystems with extended attributes
|
|
|
|
|
#
|
|
|
|
|
type fs_t, filesystem_type;
|
|
|
|
|
type fs_t;
|
|
|
|
|
fs_type(fs_t)
|
|
|
|
|
sid fs gen_context(system_u:object_r:fs_t,s0)
|
|
|
|
|
|
|
|
|
|
# Use xattrs for the following filesystem types.
|
|
|
|
@ -37,59 +38,62 @@ fs_use_task sockfs gen_context(system_u:object_r:fs_t,s0);
|
|
|
|
|
#
|
|
|
|
|
# Non-persistent/pseudo filesystems
|
|
|
|
|
#
|
|
|
|
|
type bdev_t, filesystem_type;
|
|
|
|
|
type bdev_t;
|
|
|
|
|
fs_type(bdev_t)
|
|
|
|
|
genfscon bdev / gen_context(system_u:object_r:bdev_t,s0)
|
|
|
|
|
|
|
|
|
|
type binfmt_misc_fs_t, filesystem_type;
|
|
|
|
|
type binfmt_misc_fs_t;
|
|
|
|
|
fs_type(binfmt_misc_fs_t)
|
|
|
|
|
files_mountpoint(binfmt_misc_fs_t)
|
|
|
|
|
genfscon binfmt_misc / gen_context(system_u:object_r:binfmt_misc_fs_t,s0)
|
|
|
|
|
|
|
|
|
|
type capifs_t, filesystem_type;
|
|
|
|
|
allow capifs_t self:filesystem associate;
|
|
|
|
|
type capifs_t;
|
|
|
|
|
fs_type(capifs_t)
|
|
|
|
|
genfscon capifs / gen_context(system_u:object_r:capifs_t,s0)
|
|
|
|
|
|
|
|
|
|
type configfs_t, filesystem_type;
|
|
|
|
|
allow configfs_t self:filesystem associate;
|
|
|
|
|
type configfs_t;
|
|
|
|
|
fs_type(configfs_t)
|
|
|
|
|
genfscon configfs / gen_context(system_u:object_r:configfs_t,s0)
|
|
|
|
|
|
|
|
|
|
type eventpollfs_t, filesystem_type;
|
|
|
|
|
allow eventpollfs_t self:filesystem associate;
|
|
|
|
|
type eventpollfs_t;
|
|
|
|
|
fs_type(eventpollfs_t)
|
|
|
|
|
genfscon eventpollfs / gen_context(system_u:object_r:eventpollfs_t,s0)
|
|
|
|
|
|
|
|
|
|
type futexfs_t, filesystem_type;
|
|
|
|
|
allow futexfs_t self:filesystem associate;
|
|
|
|
|
type futexfs_t;
|
|
|
|
|
fs_type(futexfs_t)
|
|
|
|
|
genfscon futexfs / gen_context(system_u:object_r:futexfs_t,s0)
|
|
|
|
|
|
|
|
|
|
type hugetlbfs_t, filesystem_type;
|
|
|
|
|
type hugetlbfs_t;
|
|
|
|
|
fs_type(hugetlbfs_t)
|
|
|
|
|
files_mountpoint(hugetlbfs_t)
|
|
|
|
|
allow hugetlbfs_t self:filesystem associate;
|
|
|
|
|
genfscon hugetlbfs / gen_context(system_u:object_r:hugetlbfs_t,s0)
|
|
|
|
|
|
|
|
|
|
type inotifyfs_t, filesystem_type;
|
|
|
|
|
allow inotifyfs_t self:filesystem associate;
|
|
|
|
|
type inotifyfs_t;
|
|
|
|
|
fs_type(inotifyfs_t)
|
|
|
|
|
genfscon inotifyfs / gen_context(system_u:object_r:inotifyfs_t,s0)
|
|
|
|
|
|
|
|
|
|
type nfsd_fs_t, filesystem_type;
|
|
|
|
|
allow nfsd_fs_t self:filesystem associate;
|
|
|
|
|
type nfsd_fs_t;
|
|
|
|
|
fs_type(nfsd_fs_t)
|
|
|
|
|
genfscon nfsd / gen_context(system_u:object_r:nfsd_fs_t,s0)
|
|
|
|
|
|
|
|
|
|
type ramfs_t, filesystem_type;
|
|
|
|
|
allow ramfs_t self:filesystem associate;
|
|
|
|
|
type ramfs_t;
|
|
|
|
|
fs_type(ramfs_t)
|
|
|
|
|
genfscon ramfs / gen_context(system_u:object_r:ramfs_t,s0)
|
|
|
|
|
|
|
|
|
|
type romfs_t, filesystem_type;
|
|
|
|
|
allow romfs_t self:filesystem associate;
|
|
|
|
|
type romfs_t;
|
|
|
|
|
fs_type(romfs_t)
|
|
|
|
|
genfscon romfs / gen_context(system_u:object_r:romfs_t,s0)
|
|
|
|
|
genfscon cramfs / gen_context(system_u:object_r:romfs_t,s0)
|
|
|
|
|
|
|
|
|
|
type rpc_pipefs_t, filesystem_type;
|
|
|
|
|
allow rpc_pipefs_t self:filesystem associate;
|
|
|
|
|
type rpc_pipefs_t;
|
|
|
|
|
fs_type(rpc_pipefs_t)
|
|
|
|
|
genfscon rpc_pipefs / gen_context(system_u:object_r:rpc_pipefs_t,s0)
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# tmpfs_t is the type for tmpfs filesystems
|
|
|
|
|
#
|
|
|
|
|
type tmpfs_t, filesystem_type;
|
|
|
|
|
type tmpfs_t;
|
|
|
|
|
fs_type(tmpfs_t)
|
|
|
|
|
files_type(tmpfs_t)
|
|
|
|
|
files_mountpoint(tmpfs_t)
|
|
|
|
|
|
|
|
|
@ -102,15 +106,14 @@ fs_use_trans mqueue gen_context(system_u:object_r:tmpfs_t,s0);
|
|
|
|
|
fs_use_trans shm gen_context(system_u:object_r:tmpfs_t,s0);
|
|
|
|
|
fs_use_trans tmpfs gen_context(system_u:object_r:tmpfs_t,s0);
|
|
|
|
|
|
|
|
|
|
allow tmpfs_t self:filesystem associate;
|
|
|
|
|
allow tmpfs_t noxattrfs:filesystem associate;
|
|
|
|
|
|
|
|
|
|
##############################
|
|
|
|
|
#
|
|
|
|
|
# Filesystems without extended attribute support
|
|
|
|
|
#
|
|
|
|
|
type autofs_t, filesystem_type, noxattrfs;
|
|
|
|
|
allow autofs_t self:filesystem associate;
|
|
|
|
|
type autofs_t, noxattrfs;
|
|
|
|
|
fs_type(autofs_t)
|
|
|
|
|
genfscon autofs / gen_context(system_u:object_r:autofs_t,s0)
|
|
|
|
|
genfscon automount / gen_context(system_u:object_r:autofs_t,s0)
|
|
|
|
|
|
|
|
|
@ -118,8 +121,8 @@ genfscon automount / gen_context(system_u:object_r:autofs_t,s0)
|
|
|
|
|
# cifs_t is the type for filesystems and their
|
|
|
|
|
# files shared from Windows servers
|
|
|
|
|
#
|
|
|
|
|
type cifs_t alias sambafs_t, filesystem_type, noxattrfs;
|
|
|
|
|
allow cifs_t self:filesystem associate;
|
|
|
|
|
type cifs_t alias sambafs_t, noxattrfs;
|
|
|
|
|
fs_type(cifs_t)
|
|
|
|
|
genfscon cifs / gen_context(system_u:object_r:cifs_t,s0)
|
|
|
|
|
genfscon smbfs / gen_context(system_u:object_r:cifs_t,s0)
|
|
|
|
|
|
|
|
|
@ -127,8 +130,8 @@ genfscon smbfs / gen_context(system_u:object_r:cifs_t,s0)
|
|
|
|
|
# dosfs_t is the type for fat and vfat
|
|
|
|
|
# filesystems and their files.
|
|
|
|
|
#
|
|
|
|
|
type dosfs_t, filesystem_type, noxattrfs;
|
|
|
|
|
allow dosfs_t self:filesystem associate;
|
|
|
|
|
type dosfs_t, noxattrfs;
|
|
|
|
|
fs_type(dosfs_t)
|
|
|
|
|
genfscon fat / gen_context(system_u:object_r:dosfs_t,s0)
|
|
|
|
|
genfscon msdos / gen_context(system_u:object_r:dosfs_t,s0)
|
|
|
|
|
genfscon ntfs / gen_context(system_u:object_r:dosfs_t,s0)
|
|
|
|
@ -139,15 +142,16 @@ genfscon vfat / gen_context(system_u:object_r:dosfs_t,s0)
|
|
|
|
|
# and their files.
|
|
|
|
|
#
|
|
|
|
|
type iso9660_t, filesystem_type, noxattrfs;
|
|
|
|
|
allow iso9660_t self:filesystem associate;
|
|
|
|
|
fs_type(iso9660_t)
|
|
|
|
|
genfscon iso9660 / gen_context(system_u:object_r:iso9660_t,s0)
|
|
|
|
|
genfscon udf / gen_context(system_u:object_r:iso9660_t,s0)
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# removable_t is the default type of all removable media
|
|
|
|
|
#
|
|
|
|
|
type removable_t, filesystem_type, noxattrfs;
|
|
|
|
|
type removable_t, noxattrfs;
|
|
|
|
|
allow removable_t noxattrfs:filesystem associate;
|
|
|
|
|
fs_type(removable_t)
|
|
|
|
|
files_config_file(removable_t)
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
@ -155,8 +159,8 @@ files_config_file(removable_t)
|
|
|
|
|
# and their files.
|
|
|
|
|
#
|
|
|
|
|
type nfs_t, filesystem_type, noxattrfs;
|
|
|
|
|
fs_type(nfs_t)
|
|
|
|
|
files_mountpoint(nfs_t)
|
|
|
|
|
allow nfs_t self:filesystem associate;
|
|
|
|
|
genfscon nfs / gen_context(system_u:object_r:nfs_t,s0)
|
|
|
|
|
genfscon nfs4 / gen_context(system_u:object_r:nfs_t,s0)
|
|
|
|
|
genfscon afs / gen_context(system_u:object_r:nfs_t,s0)
|
|
|
|
|