rename context_template() to gen_context()
This commit is contained in:
Chris PeBenito
parent
6e99a6cfd1
commit
e02c61cfa4
|
|
@ -1,3 +1,6 @@
|
|||
- Rename context_template() to gen_context() to clarify
|
||||
that its not a Reference Policy template, but a support
|
||||
macro.
|
||||
- Add disable_*_trans bool support for targeted policy.
|
||||
- Add MLS module to handle MLS constraint exceptions,
|
||||
such as reading up and writing down.
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
|
||||
/etc/cron\.(daily|monthly)/acct -- context_template(system_u:object_r:acct_exec_t,s0)
|
||||
/etc/cron\.(daily|monthly)/acct -- gen_context(system_u:object_r:acct_exec_t,s0)
|
||||
|
||||
/sbin/accton -- context_template(system_u:object_r:acct_exec_t,s0)
|
||||
/sbin/accton -- gen_context(system_u:object_r:acct_exec_t,s0)
|
||||
|
||||
/usr/sbin/accton -- context_template(system_u:object_r:acct_exec_t,s0)
|
||||
/usr/sbin/accton -- gen_context(system_u:object_r:acct_exec_t,s0)
|
||||
|
||||
/var/account(/.*)? context_template(system_u:object_r:acct_data_t,s0)
|
||||
/var/account(/.*)? gen_context(system_u:object_r:acct_data_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,2 +1,2 @@
|
|||
|
||||
/sbin/consoletype -- context_template(system_u:object_r:consoletype_exec_t,s0)
|
||||
/sbin/consoletype -- gen_context(system_u:object_r:consoletype_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,2 +1,2 @@
|
|||
|
||||
/bin/dmesg -- context_template(system_u:object_r:dmesg_exec_t,s0)
|
||||
/bin/dmesg -- gen_context(system_u:object_r:dmesg_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
|
||||
/usr/sbin/dmidecode -- context_template(system_u:object_r:dmidecode_exec_t,s0)
|
||||
/usr/sbin/ownership -- context_template(system_u:object_r:dmidecode_exec_t,s0)
|
||||
/usr/sbin/vpddecode -- context_template(system_u:object_r:dmidecode_exec_t,s0)
|
||||
/usr/sbin/dmidecode -- gen_context(system_u:object_r:dmidecode_exec_t,s0)
|
||||
/usr/sbin/ownership -- gen_context(system_u:object_r:dmidecode_exec_t,s0)
|
||||
/usr/sbin/vpddecode -- gen_context(system_u:object_r:dmidecode_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
# firstboot
|
||||
/usr/sbin/firstboot -- context_template(system_u:object_r:firstboot_exec_t,s0)
|
||||
/usr/sbin/firstboot -- gen_context(system_u:object_r:firstboot_exec_t,s0)
|
||||
|
||||
/usr/share/firstboot context_template(system_u:object_r:firstboot_rw_t,s0)
|
||||
/usr/share/firstboot/firstboot\.py -- context_template(system_u:object_r:firstboot_exec_t,s0)
|
||||
/usr/share/firstboot gen_context(system_u:object_r:firstboot_rw_t,s0)
|
||||
/usr/share/firstboot/firstboot\.py -- gen_context(system_u:object_r:firstboot_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
|
||||
/sbin/kmodule -- context_template(system_u:object_r:kudzu_exec_t,s0)
|
||||
/sbin/kmodule -- gen_context(system_u:object_r:kudzu_exec_t,s0)
|
||||
|
||||
/usr/sbin/kudzu -- context_template(system_u:object_r:kudzu_exec_t,s0)
|
||||
/usr/sbin/kudzu -- gen_context(system_u:object_r:kudzu_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,16 +1,16 @@
|
|||
/etc/cron\.(daily|weekly)/sysklogd -- context_template(system_u:object_r:logrotate_exec_t,s0)
|
||||
/etc/cron\.(daily|weekly)/sysklogd -- gen_context(system_u:object_r:logrotate_exec_t,s0)
|
||||
|
||||
/usr/sbin/logcheck -- context_template(system_u:object_r:logrotate_exec_t,s0)
|
||||
/usr/sbin/logrotate -- context_template(system_u:object_r:logrotate_exec_t,s0)
|
||||
/usr/sbin/logcheck -- gen_context(system_u:object_r:logrotate_exec_t,s0)
|
||||
/usr/sbin/logrotate -- gen_context(system_u:object_r:logrotate_exec_t,s0)
|
||||
|
||||
/var/lib/logcheck(/.*)? context_template(system_u:object_r:logrotate_var_lib_t,s0)
|
||||
/var/lib/logcheck(/.*)? gen_context(system_u:object_r:logrotate_var_lib_t,s0)
|
||||
|
||||
# using a hard-coded name under /var/tmp is a bug - new version fixes it
|
||||
/var/tmp/logcheck -d context_template(system_u:object_r:logrotate_tmp_t,s0)
|
||||
/var/tmp/logcheck -d gen_context(system_u:object_r:logrotate_tmp_t,s0)
|
||||
|
||||
ifdef(`distro_debian', `
|
||||
/usr/bin/savelog -- context_template(system_u:object_r:logrotate_exec_t,s0)
|
||||
/var/lib/logrotate(/.*)? context_template(system_u:object_r:logrotate_var_lib_t,s0)
|
||||
/usr/bin/savelog -- gen_context(system_u:object_r:logrotate_exec_t,s0)
|
||||
/var/lib/logrotate(/.*)? gen_context(system_u:object_r:logrotate_var_lib_t,s0)
|
||||
', `
|
||||
/var/lib/logrotate\.status -- context_template(system_u:object_r:logrotate_var_lib_t,s0)
|
||||
/var/lib/logrotate\.status -- gen_context(system_u:object_r:logrotate_var_lib_t,s0)
|
||||
')
|
||||
|
|
|
|||
|
|
@ -1,14 +1,14 @@
|
|||
|
||||
/bin/ping.* -- context_template(system_u:object_r:ping_exec_t,s0)
|
||||
/bin/tracepath.* -- context_template(system_u:object_r:traceroute_exec_t,s0)
|
||||
/bin/traceroute.* -- context_template(system_u:object_r:traceroute_exec_t,s0)
|
||||
/bin/ping.* -- gen_context(system_u:object_r:ping_exec_t,s0)
|
||||
/bin/tracepath.* -- gen_context(system_u:object_r:traceroute_exec_t,s0)
|
||||
/bin/traceroute.* -- gen_context(system_u:object_r:traceroute_exec_t,s0)
|
||||
|
||||
/sbin/arping -- context_template(system_u:object_r:netutils_exec_t,s0)
|
||||
/sbin/arping -- gen_context(system_u:object_r:netutils_exec_t,s0)
|
||||
|
||||
/usr/bin/lft -- context_template(system_u:object_r:traceroute_exec_t,s0)
|
||||
/usr/bin/nmap -- context_template(system_u:object_r:traceroute_exec_t,s0)
|
||||
/usr/bin/traceroute.* -- context_template(system_u:object_r:traceroute_exec_t,s0)
|
||||
/usr/bin/lft -- gen_context(system_u:object_r:traceroute_exec_t,s0)
|
||||
/usr/bin/nmap -- gen_context(system_u:object_r:traceroute_exec_t,s0)
|
||||
/usr/bin/traceroute.* -- gen_context(system_u:object_r:traceroute_exec_t,s0)
|
||||
|
||||
/usr/sbin/traceroute.* -- context_template(system_u:object_r:traceroute_exec_t,s0)
|
||||
/usr/sbin/hping2 -- context_template(system_u:object_r:ping_exec_t,s0)
|
||||
/usr/sbin/tcpdump -- context_template(system_u:object_r:netutils_exec_t,s0)
|
||||
/usr/sbin/traceroute.* -- gen_context(system_u:object_r:traceroute_exec_t,s0)
|
||||
/usr/sbin/hping2 -- gen_context(system_u:object_r:ping_exec_t,s0)
|
||||
/usr/sbin/tcpdump -- gen_context(system_u:object_r:netutils_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,14 +1,14 @@
|
|||
|
||||
/sbin/quota(check|on) -- context_template(system_u:object_r:quota_exec_t,s0)
|
||||
/sbin/quota(check|on) -- gen_context(system_u:object_r:quota_exec_t,s0)
|
||||
|
||||
ifdef(`distro_redhat',`
|
||||
/usr/sbin/convertquota -- context_template(system_u:object_r:quota_exec_t,s0)
|
||||
/usr/sbin/convertquota -- gen_context(system_u:object_r:quota_exec_t,s0)
|
||||
',`
|
||||
/sbin/convertquota -- context_template(system_u:object_r:quota_exec_t,s0)
|
||||
/sbin/convertquota -- gen_context(system_u:object_r:quota_exec_t,s0)
|
||||
')
|
||||
|
||||
HOME_ROOT/a?quota\.(user|group) -- context_template(system_u:object_r:quota_db_t,s0)
|
||||
HOME_ROOT/a?quota\.(user|group) -- gen_context(system_u:object_r:quota_db_t,s0)
|
||||
|
||||
/var/a?quota\.(user|group) -- context_template(system_u:object_r:quota_db_t,s0)
|
||||
/var/a?quota\.(user|group) -- gen_context(system_u:object_r:quota_db_t,s0)
|
||||
|
||||
/var/lib/quota(/.*)? context_template(system_u:object_r:quota_flag_t,s0)
|
||||
/var/lib/quota(/.*)? gen_context(system_u:object_r:quota_flag_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,32 +1,32 @@
|
|||
|
||||
/bin/rpm -- context_template(system_u:object_r:rpm_exec_t,s0)
|
||||
/bin/rpm -- gen_context(system_u:object_r:rpm_exec_t,s0)
|
||||
|
||||
/usr/bin/apt-get -- context_template(system_u:object_r:rpm_exec_t,s0)
|
||||
/usr/bin/apt-shell -- context_template(system_u:object_r:rpm_exec_t,s0)
|
||||
/usr/bin/synaptic -- context_template(system_u:object_r:rpm_exec_t,s0)
|
||||
/usr/bin/yum -- context_template(system_u:object_r:rpm_exec_t,s0)
|
||||
/usr/bin/apt-get -- gen_context(system_u:object_r:rpm_exec_t,s0)
|
||||
/usr/bin/apt-shell -- gen_context(system_u:object_r:rpm_exec_t,s0)
|
||||
/usr/bin/synaptic -- gen_context(system_u:object_r:rpm_exec_t,s0)
|
||||
/usr/bin/yum -- gen_context(system_u:object_r:rpm_exec_t,s0)
|
||||
|
||||
/usr/lib(64)?/rpm/rpmd -- context_template(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/rpm/rpmq -- context_template(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/rpm/rpmk -- context_template(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/rpm/rpmv -- context_template(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/rpm/rpmd -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/rpm/rpmq -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/rpm/rpmk -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/rpm/rpmv -- gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
ifdef(`distro_redhat', `
|
||||
/usr/sbin/up2date -- context_template(system_u:object_r:rpm_exec_t,s0)
|
||||
/usr/sbin/rhn_check -- context_template(system_u:object_r:rpm_exec_t,s0)
|
||||
/usr/sbin/up2date -- gen_context(system_u:object_r:rpm_exec_t,s0)
|
||||
/usr/sbin/rhn_check -- gen_context(system_u:object_r:rpm_exec_t,s0)
|
||||
')
|
||||
|
||||
/var/lib/alternatives(/.*)? context_template(system_u:object_r:rpm_var_lib_t,s0)
|
||||
/var/lib/alternatives(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0)
|
||||
|
||||
/var/lib/rpm(/.*)? context_template(system_u:object_r:rpm_var_lib_t,s0)
|
||||
/var/lib/rpm(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0)
|
||||
|
||||
/var/log/rpmpkgs.* -- context_template(system_u:object_r:rpm_log_t,s0)
|
||||
/var/log/yum\.log -- context_template(system_u:object_r:rpm_log_t,s0)
|
||||
/var/log/rpmpkgs.* -- gen_context(system_u:object_r:rpm_log_t,s0)
|
||||
/var/log/yum\.log -- gen_context(system_u:object_r:rpm_log_t,s0)
|
||||
|
||||
# SuSE
|
||||
ifdef(`distro_suse', `
|
||||
/usr/bin/online_update -- context_template(system_u:object_r:rpm_exec_t,s0)
|
||||
/sbin/yast2 -- context_template(system_u:object_r:rpm_exec_t,s0)
|
||||
/var/lib/YaST2(/.*)? context_template(system_u:object_r:rpm_var_lib_t,s0)
|
||||
/var/log/YaST2(/.*)? context_template(system_u:object_r:rpm_log_t,s0)
|
||||
/usr/bin/online_update -- gen_context(system_u:object_r:rpm_exec_t,s0)
|
||||
/sbin/yast2 -- gen_context(system_u:object_r:rpm_exec_t,s0)
|
||||
/var/lib/YaST2(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0)
|
||||
/var/log/YaST2(/.*)? gen_context(system_u:object_r:rpm_log_t,s0)
|
||||
')
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
|
||||
/bin/su -- context_template(system_u:object_r:su_exec_t,s0)
|
||||
/bin/su -- gen_context(system_u:object_r:su_exec_t,s0)
|
||||
|
||||
/usr(/local)?/bin/ksu -- context_template(system_u:object_r:su_exec_t,s0)
|
||||
/usr(/local)?/bin/ksu -- gen_context(system_u:object_r:su_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,2 +1,2 @@
|
|||
|
||||
/usr/bin/sudo(edit)? -- context_template(system_u:object_r:sudo_exec_t,s0)
|
||||
/usr/bin/sudo(edit)? -- gen_context(system_u:object_r:sudo_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,2 +1,2 @@
|
|||
/usr/sbin/tmpreaper -- context_template(system_u:object_r:tmpreaper_exec_t,s0)
|
||||
/usr/sbin/tmpwatch -- context_template(system_u:object_r:tmpreaper_exec_t,s0)
|
||||
/usr/sbin/tmpreaper -- gen_context(system_u:object_r:tmpreaper_exec_t,s0)
|
||||
/usr/sbin/tmpwatch -- gen_context(system_u:object_r:tmpreaper_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
|
||||
/usr/sbin/fstab-sync -- context_template(system_u:object_r:updfstab_exec_t,s0)
|
||||
/usr/sbin/updfstab -- context_template(system_u:object_r:updfstab_exec_t,s0)
|
||||
/usr/sbin/fstab-sync -- gen_context(system_u:object_r:updfstab_exec_t,s0)
|
||||
/usr/sbin/updfstab -- gen_context(system_u:object_r:updfstab_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,30 +1,30 @@
|
|||
|
||||
/usr/bin/chage -- context_template(system_u:object_r:passwd_exec_t,s0)
|
||||
/usr/bin/chfn -- context_template(system_u:object_r:chfn_exec_t,s0)
|
||||
/usr/bin/chsh -- context_template(system_u:object_r:chfn_exec_t,s0)
|
||||
/usr/bin/gpasswd -- context_template(system_u:object_r:groupadd_exec_t,s0)
|
||||
/usr/bin/passwd -- context_template(system_u:object_r:passwd_exec_t,s0)
|
||||
/usr/bin/vigr -- context_template(system_u:object_r:admin_passwd_exec_t,s0)
|
||||
/usr/bin/vipw -- context_template(system_u:object_r:admin_passwd_exec_t,s0)
|
||||
/usr/bin/chage -- gen_context(system_u:object_r:passwd_exec_t,s0)
|
||||
/usr/bin/chfn -- gen_context(system_u:object_r:chfn_exec_t,s0)
|
||||
/usr/bin/chsh -- gen_context(system_u:object_r:chfn_exec_t,s0)
|
||||
/usr/bin/gpasswd -- gen_context(system_u:object_r:groupadd_exec_t,s0)
|
||||
/usr/bin/passwd -- gen_context(system_u:object_r:passwd_exec_t,s0)
|
||||
/usr/bin/vigr -- gen_context(system_u:object_r:admin_passwd_exec_t,s0)
|
||||
/usr/bin/vipw -- gen_context(system_u:object_r:admin_passwd_exec_t,s0)
|
||||
|
||||
/usr/lib(64)?/cracklib_dict.* -- context_template(system_u:object_r:crack_db_t,s0)
|
||||
/usr/lib(64)?/cracklib_dict.* -- gen_context(system_u:object_r:crack_db_t,s0)
|
||||
|
||||
/usr/sbin/crack_[a-z]* -- context_template(system_u:object_r:crack_exec_t,s0)
|
||||
/usr/sbin/cracklib-[a-z]* -- context_template(system_u:object_r:crack_exec_t,s0)
|
||||
/usr/sbin/gpasswd -- context_template(system_u:object_r:groupadd_exec_t,s0)
|
||||
/usr/sbin/groupadd -- context_template(system_u:object_r:groupadd_exec_t,s0)
|
||||
/usr/sbin/groupdel -- context_template(system_u:object_r:groupadd_exec_t,s0)
|
||||
/usr/sbin/groupmod -- context_template(system_u:object_r:groupadd_exec_t,s0)
|
||||
/usr/sbin/grpconv -- context_template(system_u:object_r:admin_passwd_exec_t,s0)
|
||||
/usr/sbin/grpunconv -- context_template(system_u:object_r:admin_passwd_exec_t,s0)
|
||||
/usr/sbin/pwconv -- context_template(system_u:object_r:admin_passwd_exec_t,s0)
|
||||
/usr/sbin/pwunconv -- context_template(system_u:object_r:admin_passwd_exec_t,s0)
|
||||
/usr/sbin/useradd -- context_template(system_u:object_r:useradd_exec_t,s0)
|
||||
/usr/sbin/userdel -- context_template(system_u:object_r:useradd_exec_t,s0)
|
||||
/usr/sbin/usermod -- context_template(system_u:object_r:useradd_exec_t,s0)
|
||||
/usr/sbin/vigr -- context_template(system_u:object_r:admin_passwd_exec_t,s0)
|
||||
/usr/sbin/vipw -- context_template(system_u:object_r:admin_passwd_exec_t,s0)
|
||||
/usr/sbin/crack_[a-z]* -- gen_context(system_u:object_r:crack_exec_t,s0)
|
||||
/usr/sbin/cracklib-[a-z]* -- gen_context(system_u:object_r:crack_exec_t,s0)
|
||||
/usr/sbin/gpasswd -- gen_context(system_u:object_r:groupadd_exec_t,s0)
|
||||
/usr/sbin/groupadd -- gen_context(system_u:object_r:groupadd_exec_t,s0)
|
||||
/usr/sbin/groupdel -- gen_context(system_u:object_r:groupadd_exec_t,s0)
|
||||
/usr/sbin/groupmod -- gen_context(system_u:object_r:groupadd_exec_t,s0)
|
||||
/usr/sbin/grpconv -- gen_context(system_u:object_r:admin_passwd_exec_t,s0)
|
||||
/usr/sbin/grpunconv -- gen_context(system_u:object_r:admin_passwd_exec_t,s0)
|
||||
/usr/sbin/pwconv -- gen_context(system_u:object_r:admin_passwd_exec_t,s0)
|
||||
/usr/sbin/pwunconv -- gen_context(system_u:object_r:admin_passwd_exec_t,s0)
|
||||
/usr/sbin/useradd -- gen_context(system_u:object_r:useradd_exec_t,s0)
|
||||
/usr/sbin/userdel -- gen_context(system_u:object_r:useradd_exec_t,s0)
|
||||
/usr/sbin/usermod -- gen_context(system_u:object_r:useradd_exec_t,s0)
|
||||
/usr/sbin/vigr -- gen_context(system_u:object_r:admin_passwd_exec_t,s0)
|
||||
/usr/sbin/vipw -- gen_context(system_u:object_r:admin_passwd_exec_t,s0)
|
||||
|
||||
/usr/share/cracklib(/.*)? context_template(system_u:object_r:crack_db_t,s0)
|
||||
/usr/share/cracklib(/.*)? gen_context(system_u:object_r:crack_db_t,s0)
|
||||
|
||||
/var/cache/cracklib(/.*)? context_template(system_u:object_r:crack_db_t,s0)
|
||||
/var/cache/cracklib(/.*)? gen_context(system_u:object_r:crack_db_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
#
|
||||
# /usr
|
||||
#
|
||||
/usr/sbin/vpnc -- context_template(system_u:object_r:vpnc_exec_t,s0)
|
||||
/usr/sbin/vpnc -- gen_context(system_u:object_r:vpnc_exec_t,s0)
|
||||
|
||||
#
|
||||
# sbin
|
||||
#
|
||||
/sbin/vpnc -- context_template(system_u:object_r:vpnc_exec_t,s0)
|
||||
/sbin/vpnc -- gen_context(system_u:object_r:vpnc_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,12 +1,12 @@
|
|||
|
||||
/usr/bin/gpg(2)? -- context_template(system_u:object_r:gpg_exec_t,s0)
|
||||
/usr/bin/gpg-agent -- context_template(system_u:object_r:gpg_agent_exec_t,s0)
|
||||
/usr/bin/kgpg -- context_template(system_u:object_r:gpg_exec_t,s0)
|
||||
/usr/bin/pinentry.* -- context_template(system_u:object_r:pinentry_exec_t,s0)
|
||||
/usr/bin/gpg(2)? -- gen_context(system_u:object_r:gpg_exec_t,s0)
|
||||
/usr/bin/gpg-agent -- gen_context(system_u:object_r:gpg_agent_exec_t,s0)
|
||||
/usr/bin/kgpg -- gen_context(system_u:object_r:gpg_exec_t,s0)
|
||||
/usr/bin/pinentry.* -- gen_context(system_u:object_r:pinentry_exec_t,s0)
|
||||
|
||||
/usr/lib/gnupg/.* -- context_template(system_u:object_r:gpg_exec_t,s0)
|
||||
/usr/lib/gnupg/gpgkeys.* -- context_template(system_u:object_r:gpg_helper_exec_t,s0)
|
||||
/usr/lib/gnupg/.* -- gen_context(system_u:object_r:gpg_exec_t,s0)
|
||||
/usr/lib/gnupg/gpgkeys.* -- gen_context(system_u:object_r:gpg_helper_exec_t,s0)
|
||||
|
||||
ifdef(`targeted_policy',`',`
|
||||
HOME_DIR/\.gnupg(/.+)? context_template(system_u:object_r:ROLE_gpg_secret_t,s0)
|
||||
HOME_DIR/\.gnupg(/.+)? gen_context(system_u:object_r:ROLE_gpg_secret_t,s0)
|
||||
')
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
|
||||
/bin/loadkeys -- context_template(system_u:object_r:loadkeys_exec_t,s0)
|
||||
/bin/unikeys -- context_template(system_u:object_r:loadkeys_exec_t,s0)
|
||||
/bin/loadkeys -- gen_context(system_u:object_r:loadkeys_exec_t,s0)
|
||||
/bin/unikeys -- gen_context(system_u:object_r:loadkeys_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,20 +1,20 @@
|
|||
|
||||
/vmlinuz.* -l context_template(system_u:object_r:boot_t,s0)
|
||||
/initrd\.img.* -l context_template(system_u:object_r:boot_t,s0)
|
||||
/vmlinuz.* -l gen_context(system_u:object_r:boot_t,s0)
|
||||
/initrd\.img.* -l gen_context(system_u:object_r:boot_t,s0)
|
||||
|
||||
/boot(/.*)? context_template(system_u:object_r:boot_t,s0)
|
||||
/boot/System\.map(-.*)? -- context_template(system_u:object_r:system_map_t,s0)
|
||||
/boot(/.*)? gen_context(system_u:object_r:boot_t,s0)
|
||||
/boot/System\.map(-.*)? -- gen_context(system_u:object_r:system_map_t,s0)
|
||||
|
||||
/etc/lilo\.conf.* -- context_template(system_u:object_r:bootloader_etc_t,s0)
|
||||
/etc/yaboot\.conf.* -- context_template(system_u:object_r:bootloader_etc_t,s0)
|
||||
/etc/lilo\.conf.* -- gen_context(system_u:object_r:bootloader_etc_t,s0)
|
||||
/etc/yaboot\.conf.* -- gen_context(system_u:object_r:bootloader_etc_t,s0)
|
||||
|
||||
/etc/mkinitrd/scripts/.* -- context_template(system_u:object_r:bootloader_exec_t,s0)
|
||||
/etc/mkinitrd/scripts/.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
|
||||
|
||||
/lib(64)?/modules(/.*)? context_template(system_u:object_r:modules_object_t,s0)
|
||||
/lib(64)?/modules(/.*)? gen_context(system_u:object_r:modules_object_t,s0)
|
||||
|
||||
/usr/sbin/mkinitrd -- context_template(system_u:object_r:bootloader_exec_t,s0)
|
||||
/usr/sbin/mkinitrd -- gen_context(system_u:object_r:bootloader_exec_t,s0)
|
||||
|
||||
/sbin/grub.* -- context_template(system_u:object_r:bootloader_exec_t,s0)
|
||||
/sbin/lilo.* -- context_template(system_u:object_r:bootloader_exec_t,s0)
|
||||
/sbin/mkinitrd -- context_template(system_u:object_r:bootloader_exec_t,s0)
|
||||
/sbin/ybin.* -- context_template(system_u:object_r:bootloader_exec_t,s0)
|
||||
/sbin/grub.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
|
||||
/sbin/lilo.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
|
||||
/sbin/mkinitrd -- gen_context(system_u:object_r:bootloader_exec_t,s0)
|
||||
/sbin/ybin.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
|
||||
/dev/ippp.* -c context_template(system_u:object_r:ppp_device_t,s0)
|
||||
/dev/ppp -c context_template(system_u:object_r:ppp_device_t,s0)
|
||||
/dev/pppox.* -c context_template(system_u:object_r:ppp_device_t,s0)
|
||||
/dev/ippp.* -c gen_context(system_u:object_r:ppp_device_t,s0)
|
||||
/dev/ppp -c gen_context(system_u:object_r:ppp_device_t,s0)
|
||||
/dev/pppox.* -c gen_context(system_u:object_r:ppp_device_t,s0)
|
||||
|
||||
/dev/net/.* -c context_template(system_u:object_r:tun_tap_device_t,s0)
|
||||
/dev/net/.* -c gen_context(system_u:object_r:tun_tap_device_t,s0)
|
||||
|
|
|
|||
|
|
@ -426,7 +426,7 @@ ifelse($4,`',`',`determine_reserved_capability(shiftn(3,$*))')dnl end inner ifel
|
|||
|
||||
define(`declare_ports',`dnl
|
||||
ifelse(eval($3 < 1024),1,`typeattribute $1 reserved_port_type;',`dnl')
|
||||
portcon $2 $3 context_template(system_u:object_r:$1,$4)
|
||||
portcon $2 $3 gen_context(system_u:object_r:$1,$4)
|
||||
ifelse(`$5',`',`',`declare_ports($1,shiftn(4,$*))')dnl
|
||||
')
|
||||
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ dev_node(tun_tap_device_t)
|
|||
# port_t is the default type of INET port numbers.
|
||||
#
|
||||
type port_t, port_type;
|
||||
sid port context_template(system_u:object_r:port_t,s0)
|
||||
sid port gen_context(system_u:object_r:port_t,s0)
|
||||
|
||||
#
|
||||
# reserved_port_t is the type of INET port numbers below 1024.
|
||||
|
|
@ -120,8 +120,8 @@ network_port(zope, tcp,8021,s0)
|
|||
|
||||
# Defaults for reserved ports. Earlier portcon entries take precedence;
|
||||
# these entries just cover any remaining reserved ports not otherwise declared.
|
||||
portcon tcp 1-1023 context_template(system_u:object_r:reserved_port_t, s0)
|
||||
portcon udp 1-1023 context_template(system_u:object_r:reserved_port_t, s0)
|
||||
portcon tcp 1-1023 gen_context(system_u:object_r:reserved_port_t, s0)
|
||||
portcon udp 1-1023 gen_context(system_u:object_r:reserved_port_t, s0)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -134,7 +134,7 @@ portcon udp 1-1023 context_template(system_u:object_r:reserved_port_t, s0)
|
|||
# nodes in net_contexts or net_contexts.mls.
|
||||
#
|
||||
type node_t, node_type;
|
||||
sid node context_template(system_u:object_r:node_t,s0)
|
||||
sid node gen_context(system_u:object_r:node_t,s0)
|
||||
|
||||
network_node(compat_ipv4, s0, ::, ffff:ffff:ffff:ffff:ffff:ffff::)
|
||||
network_node(inaddr_any, s0, 0.0.0.0, 255.255.255.255)
|
||||
|
|
@ -155,7 +155,7 @@ network_node(unspec, s0, ::, ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff)
|
|||
# netif_t is the default type of network interfaces.
|
||||
#
|
||||
type netif_t, netif_type;
|
||||
sid netif context_template(system_u:object_r:netif_t,s0)
|
||||
sid netif gen_context(system_u:object_r:netif_t,s0)
|
||||
|
||||
#network_interface(lo, lo,s0)
|
||||
#network_interface(eth0, eth0,s0)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
define(`declare_netifs',`dnl
|
||||
netifcon $2 context_template(system_u:object_r:$1,$3) context_template(system_u:object_r:unlabeled_t,$3)
|
||||
netifcon $2 gen_context(system_u:object_r:$1,$3) gen_context(system_u:object_r:unlabeled_t,$3)
|
||||
ifelse(`$4',`',`',`declare_netifs($1,shiftn(3,$*))')dnl
|
||||
')
|
||||
|
||||
|
|
@ -17,7 +17,7 @@ declare_netifs($1_netif_t,shift($*))
|
|||
#
|
||||
define(`network_node',`
|
||||
type $1_node_t alias node_$1_t, node_type;
|
||||
nodecon $3 $4 context_template(system_u:object_r:$1_node_t,$2)
|
||||
nodecon $3 $4 gen_context(system_u:object_r:$1_node_t,$2)
|
||||
')
|
||||
|
||||
# These next three macros have formatting, and should not me indented
|
||||
|
|
@ -35,7 +35,7 @@ ifelse($4,`',`',`determine_reserved_capability_depend(shiftn(3,$*))')dnl end inn
|
|||
|
||||
define(`declare_ports',`dnl
|
||||
ifelse(eval($3 < 1024),1,`typeattribute $1 reserved_port_type;',`dnl')
|
||||
portcon $2 $3 context_template(system_u:object_r:$1,$4)
|
||||
portcon $2 $3 gen_context(system_u:object_r:$1,$4)
|
||||
ifelse(`$5',`',`',`declare_ports($1,shiftn(4,$*))')dnl
|
||||
')
|
||||
|
||||
|
|
|
|||
|
|
@ -1,87 +1,87 @@
|
|||
|
||||
/dev(/.*)? context_template(system_u:object_r:device_t,s0)
|
||||
/dev(/.*)? gen_context(system_u:object_r:device_t,s0)
|
||||
|
||||
/dev/.*mouse.* -c context_template(system_u:object_r:mouse_device_t,s0)
|
||||
/dev/adsp -c context_template(system_u:object_r:sound_device_t,s0)
|
||||
/dev/agpgart -c context_template(system_u:object_r:agp_device_t,s0)
|
||||
/dev/aload.* -c context_template(system_u:object_r:sound_device_t,s0)
|
||||
/dev/amidi.* -c context_template(system_u:object_r:sound_device_t,s0)
|
||||
/dev/amixer.* -c context_template(system_u:object_r:sound_device_t,s0)
|
||||
/dev/apm_bios -c context_template(system_u:object_r:apm_bios_t,s0)
|
||||
/dev/atibm -c context_template(system_u:object_r:mouse_device_t,s0)
|
||||
/dev/audio.* -c context_template(system_u:object_r:sound_device_t,s0)
|
||||
/dev/beep -c context_template(system_u:object_r:sound_device_t,s0)
|
||||
/dev/console -c context_template(system_u:object_r:console_device_t,s0)
|
||||
/dev/dsp.* -c context_template(system_u:object_r:sound_device_t,s0)
|
||||
/dev/fb[0-9]* -c context_template(system_u:object_r:framebuf_device_t,s0)
|
||||
/dev/full -c context_template(system_u:object_r:null_device_t,s0)
|
||||
/dev/irlpt[0-9]+ -c context_template(system_u:object_r:printer_device_t,s0)
|
||||
/dev/js.* -c context_template(system_u:object_r:mouse_device_t,s0)
|
||||
/dev/kmem -c context_template(system_u:object_r:memory_device_t,s0)
|
||||
/dev/logibm -c context_template(system_u:object_r:mouse_device_t,s0)
|
||||
/dev/lp.* -c context_template(system_u:object_r:printer_device_t,s0)
|
||||
/dev/mem -c context_template(system_u:object_r:memory_device_t,s0)
|
||||
/dev/microcode -c context_template(system_u:object_r:cpu_device_t,s0)
|
||||
/dev/midi.* -c context_template(system_u:object_r:sound_device_t,s0)
|
||||
/dev/mixer.* -c context_template(system_u:object_r:sound_device_t,s0)
|
||||
/dev/mmetfgrab -c context_template(system_u:object_r:scanner_device_t,s0)
|
||||
/dev/mpu401.* -c context_template(system_u:object_r:sound_device_t,s0)
|
||||
/dev/null -c context_template(system_u:object_r:null_device_t,s0)
|
||||
/dev/nvidia.* -c context_template(system_u:object_r:xserver_misc_device_t,s0)
|
||||
/dev/nvram -c context_template(system_u:object_r:memory_device_t,s0)
|
||||
/dev/par.* -c context_template(system_u:object_r:printer_device_t,s0)
|
||||
/dev/patmgr[01] -c context_template(system_u:object_r:sound_device_t,s0)
|
||||
/dev/pmu -c context_template(system_u:object_r:power_device_t,s0)
|
||||
/dev/port -c context_template(system_u:object_r:memory_device_t,s0)
|
||||
/dev/psaux -c context_template(system_u:object_r:mouse_device_t,s0)
|
||||
/dev/rmidi.* -c context_template(system_u:object_r:sound_device_t,s0)
|
||||
/dev/radeon -c context_template(system_u:object_r:dri_device_t,s0)
|
||||
/dev/radio.* -c context_template(system_u:object_r:v4l_device_t,s0)
|
||||
/dev/random -c context_template(system_u:object_r:random_device_t,s0)
|
||||
/dev/rtc -c context_template(system_u:object_r:clock_device_t,s0)
|
||||
/dev/sequencer -c context_template(system_u:object_r:sound_device_t,s0)
|
||||
/dev/sequencer2 -c context_template(system_u:object_r:sound_device_t,s0)
|
||||
/dev/smpte.* -c context_template(system_u:object_r:sound_device_t,s0)
|
||||
/dev/srnd[0-7] -c context_template(system_u:object_r:sound_device_t,s0)
|
||||
/dev/sndstat -c context_template(system_u:object_r:sound_device_t,s0)
|
||||
/dev/tlk[0-3] -c context_template(system_u:object_r:v4l_device_t,s0)
|
||||
/dev/urandom -c context_template(system_u:object_r:urandom_device_t,s0)
|
||||
/dev/usblp.* -c context_template(system_u:object_r:printer_device_t,s0)
|
||||
/dev/.*mouse.* -c gen_context(system_u:object_r:mouse_device_t,s0)
|
||||
/dev/adsp -c gen_context(system_u:object_r:sound_device_t,s0)
|
||||
/dev/agpgart -c gen_context(system_u:object_r:agp_device_t,s0)
|
||||
/dev/aload.* -c gen_context(system_u:object_r:sound_device_t,s0)
|
||||
/dev/amidi.* -c gen_context(system_u:object_r:sound_device_t,s0)
|
||||
/dev/amixer.* -c gen_context(system_u:object_r:sound_device_t,s0)
|
||||
/dev/apm_bios -c gen_context(system_u:object_r:apm_bios_t,s0)
|
||||
/dev/atibm -c gen_context(system_u:object_r:mouse_device_t,s0)
|
||||
/dev/audio.* -c gen_context(system_u:object_r:sound_device_t,s0)
|
||||
/dev/beep -c gen_context(system_u:object_r:sound_device_t,s0)
|
||||
/dev/console -c gen_context(system_u:object_r:console_device_t,s0)
|
||||
/dev/dsp.* -c gen_context(system_u:object_r:sound_device_t,s0)
|
||||
/dev/fb[0-9]* -c gen_context(system_u:object_r:framebuf_device_t,s0)
|
||||
/dev/full -c gen_context(system_u:object_r:null_device_t,s0)
|
||||
/dev/irlpt[0-9]+ -c gen_context(system_u:object_r:printer_device_t,s0)
|
||||
/dev/js.* -c gen_context(system_u:object_r:mouse_device_t,s0)
|
||||
/dev/kmem -c gen_context(system_u:object_r:memory_device_t,s0)
|
||||
/dev/logibm -c gen_context(system_u:object_r:mouse_device_t,s0)
|
||||
/dev/lp.* -c gen_context(system_u:object_r:printer_device_t,s0)
|
||||
/dev/mem -c gen_context(system_u:object_r:memory_device_t,s0)
|
||||
/dev/microcode -c gen_context(system_u:object_r:cpu_device_t,s0)
|
||||
/dev/midi.* -c gen_context(system_u:object_r:sound_device_t,s0)
|
||||
/dev/mixer.* -c gen_context(system_u:object_r:sound_device_t,s0)
|
||||
/dev/mmetfgrab -c gen_context(system_u:object_r:scanner_device_t,s0)
|
||||
/dev/mpu401.* -c gen_context(system_u:object_r:sound_device_t,s0)
|
||||
/dev/null -c gen_context(system_u:object_r:null_device_t,s0)
|
||||
/dev/nvidia.* -c gen_context(system_u:object_r:xserver_misc_device_t,s0)
|
||||
/dev/nvram -c gen_context(system_u:object_r:memory_device_t,s0)
|
||||
/dev/par.* -c gen_context(system_u:object_r:printer_device_t,s0)
|
||||
/dev/patmgr[01] -c gen_context(system_u:object_r:sound_device_t,s0)
|
||||
/dev/pmu -c gen_context(system_u:object_r:power_device_t,s0)
|
||||
/dev/port -c gen_context(system_u:object_r:memory_device_t,s0)
|
||||
/dev/psaux -c gen_context(system_u:object_r:mouse_device_t,s0)
|
||||
/dev/rmidi.* -c gen_context(system_u:object_r:sound_device_t,s0)
|
||||
/dev/radeon -c gen_context(system_u:object_r:dri_device_t,s0)
|
||||
/dev/radio.* -c gen_context(system_u:object_r:v4l_device_t,s0)
|
||||
/dev/random -c gen_context(system_u:object_r:random_device_t,s0)
|
||||
/dev/rtc -c gen_context(system_u:object_r:clock_device_t,s0)
|
||||
/dev/sequencer -c gen_context(system_u:object_r:sound_device_t,s0)
|
||||
/dev/sequencer2 -c gen_context(system_u:object_r:sound_device_t,s0)
|
||||
/dev/smpte.* -c gen_context(system_u:object_r:sound_device_t,s0)
|
||||
/dev/srnd[0-7] -c gen_context(system_u:object_r:sound_device_t,s0)
|
||||
/dev/sndstat -c gen_context(system_u:object_r:sound_device_t,s0)
|
||||
/dev/tlk[0-3] -c gen_context(system_u:object_r:v4l_device_t,s0)
|
||||
/dev/urandom -c gen_context(system_u:object_r:urandom_device_t,s0)
|
||||
/dev/usblp.* -c gen_context(system_u:object_r:printer_device_t,s0)
|
||||
ifdef(`distro_suse', `
|
||||
/dev/usbscanner -c context_template(system_u:object_r:scanner_device_t,s0)
|
||||
/dev/usbscanner -c gen_context(system_u:object_r:scanner_device_t,s0)
|
||||
')
|
||||
/dev/vbi.* -c context_template(system_u:object_r:v4l_device_t,s0)
|
||||
/dev/video.* -c context_template(system_u:object_r:v4l_device_t,s0)
|
||||
/dev/vttuner -c context_template(system_u:object_r:v4l_device_t,s0)
|
||||
/dev/vtx.* -c context_template(system_u:object_r:v4l_device_t,s0)
|
||||
/dev/winradio. -c context_template(system_u:object_r:v4l_device_t,s0)
|
||||
/dev/z90crypt -c context_template(system_u:object_r:crypt_device_t,s0)
|
||||
/dev/zero -c context_template(system_u:object_r:zero_device_t,s0)
|
||||
/dev/vbi.* -c gen_context(system_u:object_r:v4l_device_t,s0)
|
||||
/dev/video.* -c gen_context(system_u:object_r:v4l_device_t,s0)
|
||||
/dev/vttuner -c gen_context(system_u:object_r:v4l_device_t,s0)
|
||||
/dev/vtx.* -c gen_context(system_u:object_r:v4l_device_t,s0)
|
||||
/dev/winradio. -c gen_context(system_u:object_r:v4l_device_t,s0)
|
||||
/dev/z90crypt -c gen_context(system_u:object_r:crypt_device_t,s0)
|
||||
/dev/zero -c gen_context(system_u:object_r:zero_device_t,s0)
|
||||
|
||||
/dev/cpu/.* -c context_template(system_u:object_r:cpu_device_t,s0)
|
||||
/dev/cpu/mtrr -c context_template(system_u:object_r:mtrr_device_t,s0)
|
||||
/dev/cpu/.* -c gen_context(system_u:object_r:cpu_device_t,s0)
|
||||
/dev/cpu/mtrr -c gen_context(system_u:object_r:mtrr_device_t,s0)
|
||||
|
||||
/dev/dri/.+ -c context_template(system_u:object_r:dri_device_t,s0)
|
||||
/dev/dri/.+ -c gen_context(system_u:object_r:dri_device_t,s0)
|
||||
|
||||
/dev/input/.*mouse.* -c context_template(system_u:object_r:mouse_device_t,s0)
|
||||
/dev/input/event.* -c context_template(system_u:object_r:event_device_t,s0)
|
||||
/dev/input/mice -c context_template(system_u:object_r:mouse_device_t,s0)
|
||||
/dev/input/js.* -c context_template(system_u:object_r:mouse_device_t,s0)
|
||||
/dev/input/.*mouse.* -c gen_context(system_u:object_r:mouse_device_t,s0)
|
||||
/dev/input/event.* -c gen_context(system_u:object_r:event_device_t,s0)
|
||||
/dev/input/mice -c gen_context(system_u:object_r:mouse_device_t,s0)
|
||||
/dev/input/js.* -c gen_context(system_u:object_r:mouse_device_t,s0)
|
||||
|
||||
/dev/mapper/control -c context_template(system_u:object_r:lvm_control_t,s0)
|
||||
/dev/mapper/control -c gen_context(system_u:object_r:lvm_control_t,s0)
|
||||
|
||||
/dev/pts(/.*)? <<none>>
|
||||
|
||||
/dev/s(ou)?nd/.* -c context_template(system_u:object_r:sound_device_t,s0)
|
||||
/dev/s(ou)?nd/.* -c gen_context(system_u:object_r:sound_device_t,s0)
|
||||
|
||||
/dev/usb/dc2xx.* -c context_template(system_u:object_r:scanner_device_t,s0)
|
||||
/dev/usb/lp.* -c context_template(system_u:object_r:printer_device_t,s0)
|
||||
/dev/usb/mdc800.* -c context_template(system_u:object_r:scanner_device_t,s0)
|
||||
/dev/usb/scanner.* -c context_template(system_u:object_r:scanner_device_t,s0)
|
||||
/dev/usb/dc2xx.* -c gen_context(system_u:object_r:scanner_device_t,s0)
|
||||
/dev/usb/lp.* -c gen_context(system_u:object_r:printer_device_t,s0)
|
||||
/dev/usb/mdc800.* -c gen_context(system_u:object_r:scanner_device_t,s0)
|
||||
/dev/usb/scanner.* -c gen_context(system_u:object_r:scanner_device_t,s0)
|
||||
|
||||
ifdef(`distro_redhat',`
|
||||
# originally from named.fc
|
||||
/var/named/chroot/dev/null -c context_template(system_u:object_r:null_device_t,s0)
|
||||
/var/named/chroot/dev/random -c context_template(system_u:object_r:random_device_t,s0)
|
||||
/var/named/chroot/dev/zero -c context_template(system_u:object_r:zero_device_t,s0)
|
||||
/var/named/chroot/dev/null -c gen_context(system_u:object_r:null_device_t,s0)
|
||||
/var/named/chroot/dev/random -c gen_context(system_u:object_r:random_device_t,s0)
|
||||
/var/named/chroot/dev/zero -c gen_context(system_u:object_r:zero_device_t,s0)
|
||||
')
|
||||
|
|
|
|||
|
|
@ -114,7 +114,7 @@ fs_associate_tmpfs(mouse_device_t)
|
|||
type mtrr_device_t, device_node;
|
||||
fs_associate(mtrr_device_t)
|
||||
fs_associate_tmpfs(mtrr_device_t)
|
||||
genfscon proc /mtrr context_template(system_u:object_r:mtrr_device_t,s0)
|
||||
genfscon proc /mtrr gen_context(system_u:object_r:mtrr_device_t,s0)
|
||||
|
||||
#
|
||||
# null_device_t is the type of /dev/null.
|
||||
|
|
@ -123,7 +123,7 @@ type null_device_t, device_node;
|
|||
fs_associate(null_device_t)
|
||||
fs_associate_tmpfs(null_device_t)
|
||||
mls_trusted_object(null_device_t)
|
||||
sid devnull context_template(system_u:object_r:null_device_t,s0)
|
||||
sid devnull gen_context(system_u:object_r:null_device_t,s0)
|
||||
|
||||
#
|
||||
# Type for /dev/pmu
|
||||
|
|
@ -160,7 +160,7 @@ fs_associate_tmpfs(sound_device_t)
|
|||
type sysfs_t;
|
||||
files_mountpoint(sysfs_t)
|
||||
fs_type(sysfs_t)
|
||||
genfscon sysfs / context_template(system_u:object_r:sysfs_t,s0)
|
||||
genfscon sysfs / gen_context(system_u:object_r:sysfs_t,s0)
|
||||
|
||||
#
|
||||
# urandom_device_t is the type of /dev/urandom
|
||||
|
|
@ -175,8 +175,8 @@ fs_associate_tmpfs(urandom_device_t)
|
|||
type usbfs_t alias usbdevfs_t;
|
||||
files_mountpoint(usbfs_t)
|
||||
fs_make_noxattr_fs(usbfs_t)
|
||||
genfscon usbfs / context_template(system_u:object_r:usbfs_t,s0)
|
||||
genfscon usbdevfs / context_template(system_u:object_r:usbfs_t,s0)
|
||||
genfscon usbfs / gen_context(system_u:object_r:usbfs_t,s0)
|
||||
genfscon usbdevfs / gen_context(system_u:object_r:usbfs_t,s0)
|
||||
|
||||
type v4l_device_t, device_node;
|
||||
fs_associate(v4l_device_t)
|
||||
|
|
|
|||
|
|
@ -15,64 +15,64 @@ attribute noxattrfs;
|
|||
# filesystems with extended attributes
|
||||
#
|
||||
type fs_t, filesystem_type;
|
||||
sid fs context_template(system_u:object_r:fs_t,s0)
|
||||
sid fs gen_context(system_u:object_r:fs_t,s0)
|
||||
|
||||
# Use xattrs for the following filesystem types.
|
||||
# Requires that a security xattr handler exist for the filesystem.
|
||||
fs_use_xattr ext2 context_template(system_u:object_r:fs_t,s0);
|
||||
fs_use_xattr ext3 context_template(system_u:object_r:fs_t,s0);
|
||||
fs_use_xattr jfs context_template(system_u:object_r:fs_t,s0);
|
||||
fs_use_xattr reiserfs context_template(system_u:object_r:fs_t,s0);
|
||||
fs_use_xattr xfs context_template(system_u:object_r:fs_t,s0);
|
||||
fs_use_xattr ext2 gen_context(system_u:object_r:fs_t,s0);
|
||||
fs_use_xattr ext3 gen_context(system_u:object_r:fs_t,s0);
|
||||
fs_use_xattr jfs gen_context(system_u:object_r:fs_t,s0);
|
||||
fs_use_xattr reiserfs gen_context(system_u:object_r:fs_t,s0);
|
||||
fs_use_xattr xfs gen_context(system_u:object_r:fs_t,s0);
|
||||
|
||||
# Use the allocating task SID to label inodes in the following filesystem
|
||||
# types, and label the filesystem itself with the specified context.
|
||||
# This is appropriate for pseudo filesystems that represent objects
|
||||
# like pipes and sockets, so that these objects are labeled with the same
|
||||
# type as the creating task.
|
||||
fs_use_task pipefs context_template(system_u:object_r:fs_t,s0);
|
||||
fs_use_task sockfs context_template(system_u:object_r:fs_t,s0);
|
||||
fs_use_task pipefs gen_context(system_u:object_r:fs_t,s0);
|
||||
fs_use_task sockfs gen_context(system_u:object_r:fs_t,s0);
|
||||
|
||||
##############################
|
||||
#
|
||||
# Non-persistent/pseudo filesystems
|
||||
#
|
||||
type bdev_t, filesystem_type;
|
||||
genfscon bdev / context_template(system_u:object_r:bdev_t,s0)
|
||||
genfscon bdev / gen_context(system_u:object_r:bdev_t,s0)
|
||||
|
||||
type binfmt_misc_fs_t, filesystem_type;
|
||||
files_mountpoint(binfmt_misc_fs_t)
|
||||
genfscon binfmt_misc / context_template(system_u:object_r:binfmt_misc_fs_t,s0)
|
||||
genfscon binfmt_misc / gen_context(system_u:object_r:binfmt_misc_fs_t,s0)
|
||||
|
||||
type eventpollfs_t, filesystem_type;
|
||||
genfscon eventpollfs / context_template(system_u:object_r:eventpollfs_t,s0)
|
||||
genfscon eventpollfs / gen_context(system_u:object_r:eventpollfs_t,s0)
|
||||
|
||||
type futexfs_t, filesystem_type;
|
||||
genfscon futexfs / context_template(system_u:object_r:futexfs_t,s0)
|
||||
genfscon futexfs / gen_context(system_u:object_r:futexfs_t,s0)
|
||||
|
||||
type hugetlbfs_t, filesystem_type;
|
||||
files_mountpoint(hugetlbfs_t)
|
||||
allow hugetlbfs_t self:filesystem associate;
|
||||
genfscon hugetlbfs / context_template(system_u:object_r:hugetlbfs_t,s0)
|
||||
genfscon hugetlbfs / gen_context(system_u:object_r:hugetlbfs_t,s0)
|
||||
|
||||
type inotifyfs_t, filesystem_type;
|
||||
allow inotifyfs_t self:filesystem associate;
|
||||
genfscon inotifyfs / context_template(system_u:object_r:inotifyfs_t,s0)
|
||||
genfscon inotifyfs / gen_context(system_u:object_r:inotifyfs_t,s0)
|
||||
|
||||
type nfsd_fs_t, filesystem_type;
|
||||
genfscon nfsd / context_template(system_u:object_r:nfsd_fs_t,s0)
|
||||
genfscon nfsd / gen_context(system_u:object_r:nfsd_fs_t,s0)
|
||||
|
||||
type ramfs_t, filesystem_type;
|
||||
allow ramfs_t self:filesystem associate;
|
||||
genfscon ramfs / context_template(system_u:object_r:ramfs_t,s0)
|
||||
genfscon ramfs / gen_context(system_u:object_r:ramfs_t,s0)
|
||||
|
||||
type romfs_t, filesystem_type;
|
||||
allow romfs_t self:filesystem associate;
|
||||
genfscon romfs / context_template(system_u:object_r:romfs_t,s0)
|
||||
genfscon cramfs / context_template(system_u:object_r:romfs_t,s0)
|
||||
genfscon romfs / gen_context(system_u:object_r:romfs_t,s0)
|
||||
genfscon cramfs / gen_context(system_u:object_r:romfs_t,s0)
|
||||
|
||||
type rpc_pipefs_t, filesystem_type;
|
||||
genfscon rpc_pipefs / context_template(system_u:object_r:rpc_pipefs_t,s0)
|
||||
genfscon rpc_pipefs / gen_context(system_u:object_r:rpc_pipefs_t,s0)
|
||||
|
||||
#
|
||||
# tmpfs_t is the type for tmpfs filesystems
|
||||
|
|
@ -86,9 +86,9 @@ files_mountpoint(tmpfs_t)
|
|||
# and label the filesystem itself with the specified context.
|
||||
# This is appropriate for pseudo filesystems like devpts and tmpfs
|
||||
# where we want to label objects with a derived type.
|
||||
fs_use_trans mqueue context_template(system_u:object_r:tmpfs_t,s0);
|
||||
fs_use_trans shm context_template(system_u:object_r:tmpfs_t,s0);
|
||||
fs_use_trans tmpfs context_template(system_u:object_r:tmpfs_t,s0);
|
||||
fs_use_trans mqueue gen_context(system_u:object_r:tmpfs_t,s0);
|
||||
fs_use_trans shm gen_context(system_u:object_r:tmpfs_t,s0);
|
||||
fs_use_trans tmpfs gen_context(system_u:object_r:tmpfs_t,s0);
|
||||
|
||||
allow tmpfs_t self:filesystem associate;
|
||||
allow tmpfs_t noxattrfs:filesystem associate;
|
||||
|
|
@ -99,8 +99,8 @@ allow tmpfs_t noxattrfs:filesystem associate;
|
|||
#
|
||||
type autofs_t, filesystem_type, noxattrfs;
|
||||
allow autofs_t self:filesystem associate;
|
||||
genfscon autofs / context_template(system_u:object_r:autofs_t,s0)
|
||||
genfscon automount / context_template(system_u:object_r:autofs_t,s0)
|
||||
genfscon autofs / gen_context(system_u:object_r:autofs_t,s0)
|
||||
genfscon automount / gen_context(system_u:object_r:autofs_t,s0)
|
||||
|
||||
#
|
||||
# cifs_t is the type for filesystems and their
|
||||
|
|
@ -108,8 +108,8 @@ genfscon automount / context_template(system_u:object_r:autofs_t,s0)
|
|||
#
|
||||
type cifs_t alias sambafs_t, filesystem_type, noxattrfs;
|
||||
allow cifs_t self:filesystem associate;
|
||||
genfscon cifs / context_template(system_u:object_r:cifs_t,s0)
|
||||
genfscon smbfs / context_template(system_u:object_r:cifs_t,s0)
|
||||
genfscon cifs / gen_context(system_u:object_r:cifs_t,s0)
|
||||
genfscon smbfs / gen_context(system_u:object_r:cifs_t,s0)
|
||||
|
||||
#
|
||||
# dosfs_t is the type for fat and vfat
|
||||
|
|
@ -117,10 +117,10 @@ genfscon smbfs / context_template(system_u:object_r:cifs_t,s0)
|
|||
#
|
||||
type dosfs_t, filesystem_type, noxattrfs;
|
||||
allow dosfs_t self:filesystem associate;
|
||||
genfscon fat / context_template(system_u:object_r:dosfs_t,s0)
|
||||
genfscon msdos / context_template(system_u:object_r:dosfs_t,s0)
|
||||
genfscon ntfs / context_template(system_u:object_r:dosfs_t,s0)
|
||||
genfscon vfat / context_template(system_u:object_r:dosfs_t,s0)
|
||||
genfscon fat / gen_context(system_u:object_r:dosfs_t,s0)
|
||||
genfscon msdos / gen_context(system_u:object_r:dosfs_t,s0)
|
||||
genfscon ntfs / gen_context(system_u:object_r:dosfs_t,s0)
|
||||
genfscon vfat / gen_context(system_u:object_r:dosfs_t,s0)
|
||||
|
||||
#
|
||||
# iso9660_t is the type for CD filesystems
|
||||
|
|
@ -128,8 +128,8 @@ genfscon vfat / context_template(system_u:object_r:dosfs_t,s0)
|
|||
#
|
||||
type iso9660_t, filesystem_type, noxattrfs;
|
||||
allow iso9660_t self:filesystem associate;
|
||||
genfscon iso9660 / context_template(system_u:object_r:iso9660_t,s0)
|
||||
genfscon udf / context_template(system_u:object_r:iso9660_t,s0)
|
||||
genfscon iso9660 / gen_context(system_u:object_r:iso9660_t,s0)
|
||||
genfscon udf / gen_context(system_u:object_r:iso9660_t,s0)
|
||||
|
||||
#
|
||||
# removable_t is the default type of all removable media
|
||||
|
|
@ -144,6 +144,6 @@ allow removable_t noxattrfs:filesystem associate;
|
|||
type nfs_t, filesystem_type, noxattrfs;
|
||||
files_mountpoint(nfs_t)
|
||||
allow nfs_t self:filesystem associate;
|
||||
genfscon nfs / context_template(system_u:object_r:nfs_t,s0)
|
||||
genfscon nfs4 / context_template(system_u:object_r:nfs_t,s0)
|
||||
genfscon afs / context_template(system_u:object_r:nfs_t,s0)
|
||||
genfscon nfs / gen_context(system_u:object_r:nfs_t,s0)
|
||||
genfscon nfs4 / gen_context(system_u:object_r:nfs_t,s0)
|
||||
genfscon afs / gen_context(system_u:object_r:nfs_t,s0)
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ type kernel_t, can_load_kernmodule;
|
|||
domain_base_type(kernel_t)
|
||||
mls_rangetrans_source(kernel_t)
|
||||
role system_r types kernel_t;
|
||||
sid kernel context_template(system_u:system_r:kernel_t,s0 - s9:c0.c127, c0.c127)
|
||||
sid kernel gen_context(system_u:system_r:kernel_t,s0 - s9:c0.c127, c0.c127)
|
||||
|
||||
#
|
||||
# DebugFS
|
||||
|
|
@ -38,7 +38,7 @@ sid kernel context_template(system_u:system_r:kernel_t,s0 - s9:c0.c127, c0.c127)
|
|||
type debugfs_t;
|
||||
fs_type(debugfs_t)
|
||||
allow debugfs_t self:filesystem associate;
|
||||
genfscon debugfs / context_template(system_u:object_r:debugfs_t,s0)
|
||||
genfscon debugfs / gen_context(system_u:object_r:debugfs_t,s0)
|
||||
|
||||
#
|
||||
# Procfs types
|
||||
|
|
@ -47,24 +47,24 @@ genfscon debugfs / context_template(system_u:object_r:debugfs_t,s0)
|
|||
type proc_t, proc_type;
|
||||
files_mountpoint(proc_t)
|
||||
fs_type(proc_t)
|
||||
genfscon proc / context_template(system_u:object_r:proc_t,s0)
|
||||
genfscon proc /sysvipc context_template(system_u:object_r:proc_t,s0)
|
||||
genfscon proc / gen_context(system_u:object_r:proc_t,s0)
|
||||
genfscon proc /sysvipc gen_context(system_u:object_r:proc_t,s0)
|
||||
|
||||
# kernel message interface
|
||||
type proc_kmsg_t, proc_type;
|
||||
genfscon proc /kmsg context_template(system_u:object_r:proc_kmsg_t,s0)
|
||||
genfscon proc /kmsg gen_context(system_u:object_r:proc_kmsg_t,s0)
|
||||
neverallow ~can_receive_kernel_messages proc_kmsg_t:file ~getattr;
|
||||
|
||||
# /proc kcore: inaccessible
|
||||
type proc_kcore_t, proc_type;
|
||||
neverallow { domain -kern_unconfined } proc_kcore_t:file ~getattr;
|
||||
genfscon proc /kcore context_template(system_u:object_r:proc_kcore_t,s0)
|
||||
genfscon proc /kcore gen_context(system_u:object_r:proc_kcore_t,s0)
|
||||
|
||||
type proc_mdstat_t, proc_type;
|
||||
genfscon proc /mdstat context_template(system_u:object_r:proc_mdstat_t,s0)
|
||||
genfscon proc /mdstat gen_context(system_u:object_r:proc_mdstat_t,s0)
|
||||
|
||||
type proc_net_t, proc_type;
|
||||
genfscon proc /net context_template(system_u:object_r:proc_net_t,s0)
|
||||
genfscon proc /net gen_context(system_u:object_r:proc_net_t,s0)
|
||||
|
||||
#
|
||||
# Sysctl types
|
||||
|
|
@ -73,49 +73,49 @@ genfscon proc /net context_template(system_u:object_r:proc_net_t,s0)
|
|||
# /proc/sys directory, base directory of sysctls
|
||||
type sysctl_t, sysctl_type;
|
||||
files_mountpoint(sysctl_t)
|
||||
sid sysctl context_template(system_u:object_r:sysctl_t,s0)
|
||||
genfscon proc /sys context_template(system_u:object_r:sysctl_t,s0)
|
||||
sid sysctl gen_context(system_u:object_r:sysctl_t,s0)
|
||||
genfscon proc /sys gen_context(system_u:object_r:sysctl_t,s0)
|
||||
|
||||
# /proc/irq directory and files
|
||||
type sysctl_irq_t, sysctl_type;
|
||||
genfscon proc /irq context_template(system_u:object_r:sysctl_irq_t,s0)
|
||||
genfscon proc /irq gen_context(system_u:object_r:sysctl_irq_t,s0)
|
||||
|
||||
# /proc/net/rpc directory and files
|
||||
type sysctl_rpc_t, sysctl_type;
|
||||
genfscon proc /net/rpc context_template(system_u:object_r:sysctl_rpc_t,s0)
|
||||
genfscon proc /net/rpc gen_context(system_u:object_r:sysctl_rpc_t,s0)
|
||||
|
||||
# /proc/sys/fs directory and files
|
||||
type sysctl_fs_t, sysctl_type;
|
||||
files_mountpoint(sysctl_fs_t)
|
||||
genfscon proc /sys/fs context_template(system_u:object_r:sysctl_fs_t,s0)
|
||||
genfscon proc /sys/fs gen_context(system_u:object_r:sysctl_fs_t,s0)
|
||||
|
||||
# /proc/sys/kernel directory and files
|
||||
type sysctl_kernel_t, sysctl_type;
|
||||
genfscon proc /sys/kernel context_template(system_u:object_r:sysctl_kernel_t,s0)
|
||||
genfscon proc /sys/kernel gen_context(system_u:object_r:sysctl_kernel_t,s0)
|
||||
|
||||
# /proc/sys/kernel/modprobe file
|
||||
type sysctl_modprobe_t, sysctl_type;
|
||||
genfscon proc /sys/kernel/modprobe context_template(system_u:object_r:sysctl_modprobe_t,s0)
|
||||
genfscon proc /sys/kernel/modprobe gen_context(system_u:object_r:sysctl_modprobe_t,s0)
|
||||
|
||||
# /proc/sys/kernel/hotplug file
|
||||
type sysctl_hotplug_t, sysctl_type;
|
||||
genfscon proc /sys/kernel/hotplug context_template(system_u:object_r:sysctl_hotplug_t,s0)
|
||||
genfscon proc /sys/kernel/hotplug gen_context(system_u:object_r:sysctl_hotplug_t,s0)
|
||||
|
||||
# /proc/sys/net directory and files
|
||||
type sysctl_net_t, sysctl_type;
|
||||
genfscon proc /sys/net context_template(system_u:object_r:sysctl_net_t,s0)
|
||||
genfscon proc /sys/net gen_context(system_u:object_r:sysctl_net_t,s0)
|
||||
|
||||
# /proc/sys/net/unix directory and files
|
||||
type sysctl_net_unix_t, sysctl_type;
|
||||
genfscon proc /sys/net/unix context_template(system_u:object_r:sysctl_net_unix_t,s0)
|
||||
genfscon proc /sys/net/unix gen_context(system_u:object_r:sysctl_net_unix_t,s0)
|
||||
|
||||
# /proc/sys/vm directory and files
|
||||
type sysctl_vm_t, sysctl_type;
|
||||
genfscon proc /sys/vm context_template(system_u:object_r:sysctl_vm_t,s0)
|
||||
genfscon proc /sys/vm gen_context(system_u:object_r:sysctl_vm_t,s0)
|
||||
|
||||
# /proc/sys/dev directory and files
|
||||
type sysctl_dev_t, sysctl_type;
|
||||
genfscon proc /sys/dev context_template(system_u:object_r:sysctl_dev_t,s0)
|
||||
genfscon proc /sys/dev gen_context(system_u:object_r:sysctl_dev_t,s0)
|
||||
|
||||
#
|
||||
# unlabeled_t is the type of unlabeled objects.
|
||||
|
|
@ -123,26 +123,26 @@ genfscon proc /sys/dev context_template(system_u:object_r:sysctl_dev_t,s0)
|
|||
# have labels that are no longer valid are treated as having this type.
|
||||
#
|
||||
type unlabeled_t;
|
||||
sid unlabeled context_template(system_u:object_r:unlabeled_t,s0)
|
||||
sid unlabeled gen_context(system_u:object_r:unlabeled_t,s0)
|
||||
|
||||
# These initial sids are no longer used, and can be removed:
|
||||
sid any_socket context_template(system_u:object_r:unlabeled_t,s0)
|
||||
sid file_labels context_template(system_u:object_r:unlabeled_t,s0)
|
||||
sid icmp_socket context_template(system_u:object_r:unlabeled_t,s0)
|
||||
sid igmp_packet context_template(system_u:object_r:unlabeled_t,s0)
|
||||
sid init context_template(system_u:object_r:unlabeled_t,s0)
|
||||
sid kmod context_template(system_u:object_r:unlabeled_t,s0)
|
||||
sid netmsg context_template(system_u:object_r:unlabeled_t,s0)
|
||||
sid policy context_template(system_u:object_r:unlabeled_t,s0)
|
||||
sid scmp_packet context_template(system_u:object_r:unlabeled_t,s0)
|
||||
sid sysctl_modprobe context_template(system_u:object_r:unlabeled_t,s0)
|
||||
sid sysctl_fs context_template(system_u:object_r:unlabeled_t,s0)
|
||||
sid sysctl_kernel context_template(system_u:object_r:unlabeled_t,s0)
|
||||
sid sysctl_net context_template(system_u:object_r:unlabeled_t,s0)
|
||||
sid sysctl_net_unix context_template(system_u:object_r:unlabeled_t,s0)
|
||||
sid sysctl_vm context_template(system_u:object_r:unlabeled_t,s0)
|
||||
sid sysctl_dev context_template(system_u:object_r:unlabeled_t,s0)
|
||||
sid tcp_socket context_template(system_u:object_r:unlabeled_t,s0)
|
||||
sid any_socket gen_context(system_u:object_r:unlabeled_t,s0)
|
||||
sid file_labels gen_context(system_u:object_r:unlabeled_t,s0)
|
||||
sid icmp_socket gen_context(system_u:object_r:unlabeled_t,s0)
|
||||
sid igmp_packet gen_context(system_u:object_r:unlabeled_t,s0)
|
||||
sid init gen_context(system_u:object_r:unlabeled_t,s0)
|
||||
sid kmod gen_context(system_u:object_r:unlabeled_t,s0)
|
||||
sid netmsg gen_context(system_u:object_r:unlabeled_t,s0)
|
||||
sid policy gen_context(system_u:object_r:unlabeled_t,s0)
|
||||
sid scmp_packet gen_context(system_u:object_r:unlabeled_t,s0)
|
||||
sid sysctl_modprobe gen_context(system_u:object_r:unlabeled_t,s0)
|
||||
sid sysctl_fs gen_context(system_u:object_r:unlabeled_t,s0)
|
||||
sid sysctl_kernel gen_context(system_u:object_r:unlabeled_t,s0)
|
||||
sid sysctl_net gen_context(system_u:object_r:unlabeled_t,s0)
|
||||
sid sysctl_net_unix gen_context(system_u:object_r:unlabeled_t,s0)
|
||||
sid sysctl_vm gen_context(system_u:object_r:unlabeled_t,s0)
|
||||
sid sysctl_dev gen_context(system_u:object_r:unlabeled_t,s0)
|
||||
sid tcp_socket gen_context(system_u:object_r:unlabeled_t,s0)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
|
|||
|
|
@ -18,8 +18,8 @@ attribute can_setsecparam;
|
|||
type security_t;
|
||||
fs_type(security_t)
|
||||
mls_trusted_object(security_t)
|
||||
sid security context_template(system_u:object_r:security_t,s0)
|
||||
genfscon selinuxfs / context_template(system_u:object_r:security_t,s0)
|
||||
sid security gen_context(system_u:object_r:security_t,s0)
|
||||
genfscon selinuxfs / gen_context(system_u:object_r:security_t,s0)
|
||||
|
||||
neverallow ~can_load_policy security_t:security load_policy;
|
||||
neverallow ~can_setenforce security_t:security setenforce;
|
||||
|
|
|
|||
|
|
@ -1,60 +1,60 @@
|
|||
|
||||
/dev/n?(raw)?[qr]ft[0-3] -c context_template(system_u:object_r:tape_device_t,s0)
|
||||
/dev/n?[hs]t[0-9].* -c context_template(system_u:object_r:tape_device_t,s0)
|
||||
/dev/n?z?qft[0-3] -c context_template(system_u:object_r:tape_device_t,s0)
|
||||
/dev/n?osst[0-3].* -c context_template(system_u:object_r:tape_device_t,s0)
|
||||
/dev/n?pt[0-9]+ -c context_template(system_u:object_r:tape_device_t,s0)
|
||||
/dev/n?tpqic[12].* -c context_template(system_u:object_r:tape_device_t,s0)
|
||||
/dev/[shmx]d[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/aztcd -b context_template(system_u:object_r:removable_device_t,s0)
|
||||
/dev/bpcd -b context_template(system_u:object_r:removable_device_t,s0)
|
||||
/dev/cdu.* -b context_template(system_u:object_r:removable_device_t,s0)
|
||||
/dev/cm20.* -b context_template(system_u:object_r:removable_device_t,s0)
|
||||
/dev/dasd[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/dm-[0-9]+ -b context_template(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/fd[^/]+ -b context_template(system_u:object_r:removable_device_t,s0)
|
||||
/dev/flash[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/gscd -b context_template(system_u:object_r:removable_device_t,s0)
|
||||
/dev/hitcd -b context_template(system_u:object_r:removable_device_t,s0)
|
||||
/dev/ht[0-1] -b context_template(system_u:object_r:tape_device_t,s0)
|
||||
/dev/initrd -b context_template(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/jsfd -b context_template(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/jsflash -c context_template(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/loop.* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/lvm -c context_template(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/mcdx? -b context_template(system_u:object_r:removable_device_t,s0)
|
||||
/dev/nb[^/]+ -b context_template(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/optcd -b context_template(system_u:object_r:removable_device_t,s0)
|
||||
/dev/p[fg][0-3] -b context_template(system_u:object_r:removable_device_t,s0)
|
||||
/dev/pcd[0-3] -b context_template(system_u:object_r:removable_device_t,s0)
|
||||
/dev/pd[a-d][^/]* -b context_template(system_u:object_r:removable_device_t,s0)
|
||||
/dev/pg[0-3] -c context_template(system_u:object_r:removable_device_t,s0)
|
||||
/dev/ram.* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/rawctl -c context_template(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/rd.* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/n?(raw)?[qr]ft[0-3] -c gen_context(system_u:object_r:tape_device_t,s0)
|
||||
/dev/n?[hs]t[0-9].* -c gen_context(system_u:object_r:tape_device_t,s0)
|
||||
/dev/n?z?qft[0-3] -c gen_context(system_u:object_r:tape_device_t,s0)
|
||||
/dev/n?osst[0-3].* -c gen_context(system_u:object_r:tape_device_t,s0)
|
||||
/dev/n?pt[0-9]+ -c gen_context(system_u:object_r:tape_device_t,s0)
|
||||
/dev/n?tpqic[12].* -c gen_context(system_u:object_r:tape_device_t,s0)
|
||||
/dev/[shmx]d[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/aztcd -b gen_context(system_u:object_r:removable_device_t,s0)
|
||||
/dev/bpcd -b gen_context(system_u:object_r:removable_device_t,s0)
|
||||
/dev/cdu.* -b gen_context(system_u:object_r:removable_device_t,s0)
|
||||
/dev/cm20.* -b gen_context(system_u:object_r:removable_device_t,s0)
|
||||
/dev/dasd[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/dm-[0-9]+ -b gen_context(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/fd[^/]+ -b gen_context(system_u:object_r:removable_device_t,s0)
|
||||
/dev/flash[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/gscd -b gen_context(system_u:object_r:removable_device_t,s0)
|
||||
/dev/hitcd -b gen_context(system_u:object_r:removable_device_t,s0)
|
||||
/dev/ht[0-1] -b gen_context(system_u:object_r:tape_device_t,s0)
|
||||
/dev/initrd -b gen_context(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/jsfd -b gen_context(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/jsflash -c gen_context(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/loop.* -b gen_context(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/lvm -c gen_context(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/mcdx? -b gen_context(system_u:object_r:removable_device_t,s0)
|
||||
/dev/nb[^/]+ -b gen_context(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/optcd -b gen_context(system_u:object_r:removable_device_t,s0)
|
||||
/dev/p[fg][0-3] -b gen_context(system_u:object_r:removable_device_t,s0)
|
||||
/dev/pcd[0-3] -b gen_context(system_u:object_r:removable_device_t,s0)
|
||||
/dev/pd[a-d][^/]* -b gen_context(system_u:object_r:removable_device_t,s0)
|
||||
/dev/pg[0-3] -c gen_context(system_u:object_r:removable_device_t,s0)
|
||||
/dev/ram.* -b gen_context(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/rawctl -c gen_context(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/rd.* -b gen_context(system_u:object_r:fixed_disk_device_t,s0)
|
||||
ifdef(`distro_redhat', `
|
||||
/dev/root -b context_template(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/root -b gen_context(system_u:object_r:fixed_disk_device_t,s0)
|
||||
')
|
||||
/dev/s(cd|r)[^/]* -b context_template(system_u:object_r:removable_device_t,s0)
|
||||
/dev/sbpcd.* -b context_template(system_u:object_r:removable_device_t,s0)
|
||||
/dev/sg[0-9]+ -c context_template(system_u:object_r:scsi_generic_device_t,s0)
|
||||
/dev/sjcd -b context_template(system_u:object_r:removable_device_t,s0)
|
||||
/dev/sonycd -b context_template(system_u:object_r:removable_device_t,s0)
|
||||
/dev/tape.* -c context_template(system_u:object_r:tape_device_t,s0)
|
||||
/dev/ubd[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/s(cd|r)[^/]* -b gen_context(system_u:object_r:removable_device_t,s0)
|
||||
/dev/sbpcd.* -b gen_context(system_u:object_r:removable_device_t,s0)
|
||||
/dev/sg[0-9]+ -c gen_context(system_u:object_r:scsi_generic_device_t,s0)
|
||||
/dev/sjcd -b gen_context(system_u:object_r:removable_device_t,s0)
|
||||
/dev/sonycd -b gen_context(system_u:object_r:removable_device_t,s0)
|
||||
/dev/tape.* -c gen_context(system_u:object_r:tape_device_t,s0)
|
||||
/dev/ubd[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,s0)
|
||||
|
||||
/dev/ataraid/.* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/ataraid/.* -b gen_context(system_u:object_r:fixed_disk_device_t,s0)
|
||||
|
||||
/dev/cciss/[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/cciss/[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,s0)
|
||||
|
||||
/dev/i2o/hd[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/i2o/hd[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,s0)
|
||||
|
||||
/dev/ida/[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/ida/[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,s0)
|
||||
|
||||
/dev/mapper/.* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/mapper/.* -b gen_context(system_u:object_r:fixed_disk_device_t,s0)
|
||||
|
||||
/dev/raw/raw[0-9]+ -c context_template(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/raw/raw[0-9]+ -c gen_context(system_u:object_r:fixed_disk_device_t,s0)
|
||||
|
||||
/dev/scramdisk/.* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
|
||||
/dev/scramdisk/.* -b gen_context(system_u:object_r:fixed_disk_device_t,s0)
|
||||
|
||||
/dev/usb/rio500 -c context_template(system_u:object_r:removable_device_t,s0)
|
||||
/dev/usb/rio500 -c gen_context(system_u:object_r:removable_device_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,23 +1,23 @@
|
|||
|
||||
/dev/.*tty[^/]* -c context_template(system_u:object_r:tty_device_t,s0)
|
||||
/dev/[pt]ty[abcdepqrstuvwxyz][0-9a-f] -c context_template(system_u:object_r:bsdpty_device_t,s0)
|
||||
/dev/adb.* -c context_template(system_u:object_r:tty_device_t,s0)
|
||||
/dev/capi.* -c context_template(system_u:object_r:tty_device_t,s0)
|
||||
/dev/cu.* -c context_template(system_u:object_r:tty_device_t,s0)
|
||||
/dev/dcbri[0-9]+ -c context_template(system_u:object_r:tty_device_t,s0)
|
||||
/dev/hvc.* -c context_template(system_u:object_r:tty_device_t,s0)
|
||||
/dev/hvsi.* -c context_template(system_u:object_r:tty_device_t,s0)
|
||||
/dev/ircomm[0-9]+ -c context_template(system_u:object_r:tty_device_t,s0)
|
||||
/dev/ip2[^/]* -c context_template(system_u:object_r:tty_device_t,s0)
|
||||
/dev/isdn.* -c context_template(system_u:object_r:tty_device_t,s0)
|
||||
/dev/ptmx -c context_template(system_u:object_r:ptmx_t,s0)
|
||||
/dev/tty -c context_template(system_u:object_r:devtty_t,s0)
|
||||
/dev/ttySG.* -c context_template(system_u:object_r:tty_device_t,s0)
|
||||
/dev/.*tty[^/]* -c gen_context(system_u:object_r:tty_device_t,s0)
|
||||
/dev/[pt]ty[abcdepqrstuvwxyz][0-9a-f] -c gen_context(system_u:object_r:bsdpty_device_t,s0)
|
||||
/dev/adb.* -c gen_context(system_u:object_r:tty_device_t,s0)
|
||||
/dev/capi.* -c gen_context(system_u:object_r:tty_device_t,s0)
|
||||
/dev/cu.* -c gen_context(system_u:object_r:tty_device_t,s0)
|
||||
/dev/dcbri[0-9]+ -c gen_context(system_u:object_r:tty_device_t,s0)
|
||||
/dev/hvc.* -c gen_context(system_u:object_r:tty_device_t,s0)
|
||||
/dev/hvsi.* -c gen_context(system_u:object_r:tty_device_t,s0)
|
||||
/dev/ircomm[0-9]+ -c gen_context(system_u:object_r:tty_device_t,s0)
|
||||
/dev/ip2[^/]* -c gen_context(system_u:object_r:tty_device_t,s0)
|
||||
/dev/isdn.* -c gen_context(system_u:object_r:tty_device_t,s0)
|
||||
/dev/ptmx -c gen_context(system_u:object_r:ptmx_t,s0)
|
||||
/dev/tty -c gen_context(system_u:object_r:devtty_t,s0)
|
||||
/dev/ttySG.* -c gen_context(system_u:object_r:tty_device_t,s0)
|
||||
|
||||
/dev/pty/.* -c context_template(system_u:object_r:bsdpty_device_t,s0)
|
||||
/dev/pty/.* -c gen_context(system_u:object_r:bsdpty_device_t,s0)
|
||||
|
||||
/dev/vcc?/.* -c context_template(system_u:object_r:tty_device_t,s0)
|
||||
/dev/vcc?/.* -c gen_context(system_u:object_r:tty_device_t,s0)
|
||||
|
||||
/dev/vcs[^/]* -c context_template(system_u:object_r:tty_device_t,s0)
|
||||
/dev/vcs[^/]* -c gen_context(system_u:object_r:tty_device_t,s0)
|
||||
|
||||
/dev/usb/tty.* -c context_template(system_u:object_r:usbtty_device_t,s0)
|
||||
/dev/usb/tty.* -c gen_context(system_u:object_r:usbtty_device_t,s0)
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ dev_node(console_device_t)
|
|||
type devpts_t;
|
||||
files_mountpoint(devpts_t)
|
||||
fs_type(devpts_t)
|
||||
fs_use_trans devpts context_template(system_u:object_r:devpts_t,s0);
|
||||
fs_use_trans devpts gen_context(system_u:object_r:devpts_t,s0);
|
||||
|
||||
#
|
||||
# devtty_t is the type of /dev/tty.
|
||||
|
|
|
|||
|
|
@ -1,66 +1,66 @@
|
|||
|
||||
HOME_DIR/((www)|(web)|(public_html))(/.+)? context_template(system_u:object_r:httpd_ROLE_content_t,s0)
|
||||
HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_ROLE_content_t,s0)
|
||||
|
||||
/etc/apache(2)?(/.*)? context_template(system_u:object_r:httpd_config_t,s0)
|
||||
/etc/apache-ssl(2)?(/.*)? context_template(system_u:object_r:httpd_config_t,s0)
|
||||
/etc/htdig(/.*)? context_template(system_u:object_r:httpd_sys_content_t,s0)
|
||||
/etc/httpd -d context_template(system_u:object_r:httpd_config_t,s0)
|
||||
/etc/httpd/conf.* context_template(system_u:object_r:httpd_config_t,s0)
|
||||
/etc/httpd/logs context_template(system_u:object_r:httpd_log_t,s0)
|
||||
/etc/httpd/modules context_template(system_u:object_r:httpd_modules_t,s0)
|
||||
/etc/vhosts -- context_template(system_u:object_r:httpd_config_t,s0)
|
||||
/etc/apache(2)?(/.*)? gen_context(system_u:object_r:httpd_config_t,s0)
|
||||
/etc/apache-ssl(2)?(/.*)? gen_context(system_u:object_r:httpd_config_t,s0)
|
||||
/etc/htdig(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
|
||||
/etc/httpd -d gen_context(system_u:object_r:httpd_config_t,s0)
|
||||
/etc/httpd/conf.* gen_context(system_u:object_r:httpd_config_t,s0)
|
||||
/etc/httpd/logs gen_context(system_u:object_r:httpd_log_t,s0)
|
||||
/etc/httpd/modules gen_context(system_u:object_r:httpd_modules_t,s0)
|
||||
/etc/vhosts -- gen_context(system_u:object_r:httpd_config_t,s0)
|
||||
|
||||
/srv/([^/]*/)?www(/.*)? context_template(system_u:object_r:httpd_sys_content_t,s0)
|
||||
/srv/([^/]*/)?www(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
|
||||
|
||||
/usr/bin/htsslpass -- context_template(system_u:object_r:httpd_helper_exec_t,s0)
|
||||
/usr/bin/htsslpass -- gen_context(system_u:object_r:httpd_helper_exec_t,s0)
|
||||
|
||||
/usr/lib/apache-ssl/.+ -- context_template(system_u:object_r:httpd_exec_t,s0)
|
||||
/usr/lib/cgi-bin(/.*)? context_template(system_u:object_r:httpd_sys_script_exec_t,s0)
|
||||
/usr/lib(64)?/apache(/.*)? context_template(system_u:object_r:httpd_modules_t,s0)
|
||||
/usr/lib(64)?/apache2/modules(/.*)? context_template(system_u:object_r:httpd_modules_t,s0)
|
||||
/usr/lib(64)?/apache(2)?/suexec(2)? -- context_template(system_u:object_r:httpd_suexec_exec_t,s0)
|
||||
/usr/lib(64)?/cgi-bin/(nph-)?cgiwrap(d)? -- context_template(system_u:object_r:httpd_suexec_exec_t,s0)
|
||||
/usr/lib(64)?/httpd(/.*)? context_template(system_u:object_r:httpd_modules_t,s0)
|
||||
/usr/lib/apache-ssl/.+ -- gen_context(system_u:object_r:httpd_exec_t,s0)
|
||||
/usr/lib/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
|
||||
/usr/lib(64)?/apache(/.*)? gen_context(system_u:object_r:httpd_modules_t,s0)
|
||||
/usr/lib(64)?/apache2/modules(/.*)? gen_context(system_u:object_r:httpd_modules_t,s0)
|
||||
/usr/lib(64)?/apache(2)?/suexec(2)? -- gen_context(system_u:object_r:httpd_suexec_exec_t,s0)
|
||||
/usr/lib(64)?/cgi-bin/(nph-)?cgiwrap(d)? -- gen_context(system_u:object_r:httpd_suexec_exec_t,s0)
|
||||
/usr/lib(64)?/httpd(/.*)? gen_context(system_u:object_r:httpd_modules_t,s0)
|
||||
|
||||
/usr/sbin/apache(2)? -- context_template(system_u:object_r:httpd_exec_t,s0)
|
||||
/usr/sbin/apache-ssl(2)? -- context_template(system_u:object_r:httpd_exec_t,s0)
|
||||
/usr/sbin/httpd(\.worker)? -- context_template(system_u:object_r:httpd_exec_t,s0)
|
||||
/usr/sbin/apache(2)? -- gen_context(system_u:object_r:httpd_exec_t,s0)
|
||||
/usr/sbin/apache-ssl(2)? -- gen_context(system_u:object_r:httpd_exec_t,s0)
|
||||
/usr/sbin/httpd(\.worker)? -- gen_context(system_u:object_r:httpd_exec_t,s0)
|
||||
ifdef(`distro_suse', `
|
||||
/usr/sbin/httpd2-.* -- context_template(system_u:object_r:httpd_exec_t,s0)
|
||||
/usr/sbin/httpd2-.* -- gen_context(system_u:object_r:httpd_exec_t,s0)
|
||||
')
|
||||
/usr/sbin/suexec -- context_template(system_u:object_r:httpd_suexec_exec_t,s0)
|
||||
/usr/sbin/suexec -- gen_context(system_u:object_r:httpd_suexec_exec_t,s0)
|
||||
|
||||
/usr/share/htdig(/.*)? context_template(system_u:object_r:httpd_sys_content_t,s0)
|
||||
/usr/share/htdig(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
|
||||
|
||||
/var/cache/httpd(/.*)? context_template(system_u:object_r:httpd_cache_t,s0)
|
||||
/var/cache/mod_ssl(/.*)? context_template(system_u:object_r:httpd_cache_t,s0)
|
||||
/var/cache/php-eaccelerator(/.*)? context_template(system_u:object_r:httpd_cache_t,s0)
|
||||
/var/cache/php-mmcache(/.*)? context_template(system_u:object_r:httpd_cache_t,s0)
|
||||
/var/cache/ssl.*\.sem -- context_template(system_u:object_r:httpd_cache_t,s0)
|
||||
/var/cache/httpd(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0)
|
||||
/var/cache/mod_ssl(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0)
|
||||
/var/cache/php-eaccelerator(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0)
|
||||
/var/cache/php-mmcache(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0)
|
||||
/var/cache/ssl.*\.sem -- gen_context(system_u:object_r:httpd_cache_t,s0)
|
||||
|
||||
/var/lib/htdig(/.*)? context_template(system_u:object_r:httpd_sys_content_t,s0)
|
||||
/var/lib/httpd(/.*)? context_template(system_u:object_r:httpd_var_lib_t,s0)
|
||||
/var/lib/php/session(/.*)? context_template(system_u:object_r:httpd_var_run_t,s0)
|
||||
/var/lib/squirrelmail/prefs(/.*)? context_template(system_u:object_r:httpd_squirrelmail_t,s0)
|
||||
/var/lib/htdig(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
|
||||
/var/lib/httpd(/.*)? gen_context(system_u:object_r:httpd_var_lib_t,s0)
|
||||
/var/lib/php/session(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0)
|
||||
/var/lib/squirrelmail/prefs(/.*)? gen_context(system_u:object_r:httpd_squirrelmail_t,s0)
|
||||
|
||||
/var/log/apache(2)?(/.*)? context_template(system_u:object_r:httpd_log_t,s0)
|
||||
/var/log/apache-ssl(2)?(/.*)? context_template(system_u:object_r:httpd_log_t,s0)
|
||||
/var/log/cgiwrap\.log.* -- context_template(system_u:object_r:httpd_log_t,s0)
|
||||
/var/log/httpd(/.*)? context_template(system_u:object_r:httpd_log_t,s0)
|
||||
/var/log/apache(2)?(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
|
||||
/var/log/apache-ssl(2)?(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
|
||||
/var/log/cgiwrap\.log.* -- gen_context(system_u:object_r:httpd_log_t,s0)
|
||||
/var/log/httpd(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
|
||||
ifdef(`distro_debian', `
|
||||
/var/log/horde2(/.*)? context_template(system_u:object_r:httpd_log_t,s0)
|
||||
/var/log/horde2(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
|
||||
')
|
||||
|
||||
/var/run/apache.* context_template(system_u:object_r:httpd_var_run_t,s0)
|
||||
/var/run/gcache_port -s context_template(system_u:object_r:httpd_var_run_t,s0)
|
||||
/var/run/apache.* gen_context(system_u:object_r:httpd_var_run_t,s0)
|
||||
/var/run/gcache_port -s gen_context(system_u:object_r:httpd_var_run_t,s0)
|
||||
|
||||
/var/spool/gosa(/.*)? context_template(system_u:object_r:httpd_sys_script_rw_t,s0)
|
||||
/var/spool/squirrelmail(/.*)? context_template(system_u:object_r:squirrelmail_spool_t,s0)
|
||||
/var/spool/gosa(/.*)? gen_context(system_u:object_r:httpd_sys_script_rw_t,s0)
|
||||
/var/spool/squirrelmail(/.*)? gen_context(system_u:object_r:squirrelmail_spool_t,s0)
|
||||
ifdef(`targeted_policy', `', `
|
||||
/var/spool/cron/apache -- context_template(system_u:object_r:user_cron_spool_t,s0)
|
||||
/var/spool/cron/apache -- gen_context(system_u:object_r:user_cron_spool_t,s0)
|
||||
')
|
||||
|
||||
/var/www(/.*)? context_template(system_u:object_r:httpd_sys_content_t,s0)
|
||||
/var/www/cgi-bin(/.*)? context_template(system_u:object_r:httpd_sys_script_exec_t,s0)
|
||||
/var/www/icons(/.*)? context_template(system_u:object_r:httpd_sys_content_t,s0)
|
||||
/var/www/perl(/.*)? context_template(system_u:object_r:httpd_sys_script_exec_t,s0)
|
||||
/var/www(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
|
||||
/var/www/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
|
||||
/var/www/icons(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
|
||||
/var/www/perl(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,45 +1,45 @@
|
|||
/etc/rndc.* -- context_template(system_u:object_r:named_conf_t,s0)
|
||||
/etc/rndc\.key -- context_template(system_u:object_r:dnssec_t,s0)
|
||||
/etc/rndc.* -- gen_context(system_u:object_r:named_conf_t,s0)
|
||||
/etc/rndc\.key -- gen_context(system_u:object_r:dnssec_t,s0)
|
||||
|
||||
/usr/sbin/lwresd -- context_template(system_u:object_r:named_exec_t,s0)
|
||||
/usr/sbin/named -- context_template(system_u:object_r:named_exec_t,s0)
|
||||
/usr/sbin/named-checkconf -- context_template(system_u:object_r:named_checkconf_exec_t,s0)
|
||||
/usr/sbin/r?ndc -- context_template(system_u:object_r:ndc_exec_t,s0)
|
||||
/usr/sbin/lwresd -- gen_context(system_u:object_r:named_exec_t,s0)
|
||||
/usr/sbin/named -- gen_context(system_u:object_r:named_exec_t,s0)
|
||||
/usr/sbin/named-checkconf -- gen_context(system_u:object_r:named_checkconf_exec_t,s0)
|
||||
/usr/sbin/r?ndc -- gen_context(system_u:object_r:ndc_exec_t,s0)
|
||||
|
||||
/var/log/named.* -- context_template(system_u:object_r:named_log_t,s0)
|
||||
/var/log/named.* -- gen_context(system_u:object_r:named_log_t,s0)
|
||||
|
||||
/var/run/ndc -s context_template(system_u:object_r:named_var_run_t,s0)
|
||||
/var/run/bind(/.*)? context_template(system_u:object_r:named_var_run_t,s0)
|
||||
/var/run/named(/.*)? context_template(system_u:object_r:named_var_run_t,s0)
|
||||
/var/run/ndc -s gen_context(system_u:object_r:named_var_run_t,s0)
|
||||
/var/run/bind(/.*)? gen_context(system_u:object_r:named_var_run_t,s0)
|
||||
/var/run/named(/.*)? gen_context(system_u:object_r:named_var_run_t,s0)
|
||||
|
||||
ifdef(`distro_debian',`
|
||||
/etc/bind(/.*)? context_template(system_u:object_r:named_zone_t,s0)
|
||||
/etc/bind/named\.conf -- context_template(system_u:object_r:named_conf_t,s0)
|
||||
/etc/bind/rndc\.key -- context_template(system_u:object_r:dnssec_t,s0)
|
||||
/var/cache/bind(/.*)? context_template(system_u:object_r:named_cache_t,s0)
|
||||
/etc/bind(/.*)? gen_context(system_u:object_r:named_zone_t,s0)
|
||||
/etc/bind/named\.conf -- gen_context(system_u:object_r:named_conf_t,s0)
|
||||
/etc/bind/rndc\.key -- gen_context(system_u:object_r:dnssec_t,s0)
|
||||
/var/cache/bind(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
|
||||
')
|
||||
|
||||
ifdef(`distro_gentoo',`
|
||||
/etc/bind(/.*)? context_template(system_u:object_r:named_zone_t,s0)
|
||||
/etc/bind/named\.conf -- context_template(system_u:object_r:named_conf_t,s0)
|
||||
/etc/bind/rndc\.key -- context_template(system_u:object_r:dnssec_t,s0)
|
||||
/var/bind(/.*)? context_template(system_u:object_r:named_cache_t,s0)
|
||||
/var/bind/pri(/.*)? context_template(system_u:object_r:named_zone_t,s0)
|
||||
/etc/bind(/.*)? gen_context(system_u:object_r:named_zone_t,s0)
|
||||
/etc/bind/named\.conf -- gen_context(system_u:object_r:named_conf_t,s0)
|
||||
/etc/bind/rndc\.key -- gen_context(system_u:object_r:dnssec_t,s0)
|
||||
/var/bind(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
|
||||
/var/bind/pri(/.*)? gen_context(system_u:object_r:named_zone_t,s0)
|
||||
')
|
||||
|
||||
ifdef(`distro_redhat',`
|
||||
/etc/named\.conf -- context_template(system_u:object_r:named_conf_t,s0)
|
||||
/var/named(/.*)? context_template(system_u:object_r:named_zone_t,s0)
|
||||
/var/named/slaves(/.*)? context_template(system_u:object_r:named_cache_t,s0)
|
||||
/var/named/data(/.*)? context_template(system_u:object_r:named_cache_t,s0)
|
||||
/var/named/named\.ca -- context_template(system_u:object_r:named_conf_t,s0)
|
||||
/var/named/chroot(/.*)? context_template(system_u:object_r:named_conf_t,s0)
|
||||
/var/named/chroot/etc(/.*)? context_template(system_u:object_r:named_conf_t,s0)
|
||||
/var/named/chroot/etc/rndc.key -- context_template(system_u:object_r:dnssec_t,s0)
|
||||
/var/named/chroot/var/run/named.* context_template(system_u:object_r:named_var_run_t,s0)
|
||||
/var/named/chroot/var/tmp(/.*)? context_template(system_u:object_r:named_cache_t,s0)
|
||||
/var/named/chroot/var/named(/.*)? context_template(system_u:object_r:named_zone_t,s0)
|
||||
/var/named/chroot/var/named/slaves(/.*)? context_template(system_u:object_r:named_cache_t,s0)
|
||||
/var/named/chroot/var/named/data(/.*)? context_template(system_u:object_r:named_cache_t,s0)
|
||||
/var/named/chroot/var/named/named\.ca -- context_template(system_u:object_r:named_conf_t,s0)
|
||||
/etc/named\.conf -- gen_context(system_u:object_r:named_conf_t,s0)
|
||||
/var/named(/.*)? gen_context(system_u:object_r:named_zone_t,s0)
|
||||
/var/named/slaves(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
|
||||
/var/named/data(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
|
||||
/var/named/named\.ca -- gen_context(system_u:object_r:named_conf_t,s0)
|
||||
/var/named/chroot(/.*)? gen_context(system_u:object_r:named_conf_t,s0)
|
||||
/var/named/chroot/etc(/.*)? gen_context(system_u:object_r:named_conf_t,s0)
|
||||
/var/named/chroot/etc/rndc.key -- gen_context(system_u:object_r:dnssec_t,s0)
|
||||
/var/named/chroot/var/run/named.* gen_context(system_u:object_r:named_var_run_t,s0)
|
||||
/var/named/chroot/var/tmp(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
|
||||
/var/named/chroot/var/named(/.*)? gen_context(system_u:object_r:named_zone_t,s0)
|
||||
/var/named/chroot/var/named/slaves(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
|
||||
/var/named/chroot/var/named/data(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
|
||||
/var/named/chroot/var/named/named\.ca -- gen_context(system_u:object_r:named_conf_t,s0)
|
||||
')
|
||||
|
|
|
|||
|
|
@ -1,2 +1,2 @@
|
|||
|
||||
/usr/sbin/in\.comsat -- context_template(system_u:object_r:comsat_exec_t,s0)
|
||||
/usr/sbin/in\.comsat -- gen_context(system_u:object_r:comsat_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
|
||||
/etc/firmware/.* -- context_template(system_u:object_r:cpucontrol_conf_t,s0)
|
||||
/etc/firmware/.* -- gen_context(system_u:object_r:cpucontrol_conf_t,s0)
|
||||
|
||||
/sbin/microcode_ctl -- context_template(system_u:object_r:cpucontrol_exec_t,s0)
|
||||
/sbin/microcode_ctl -- gen_context(system_u:object_r:cpucontrol_exec_t,s0)
|
||||
|
||||
/usr/sbin/cpuspeed -- context_template(system_u:object_r:cpuspeed_exec_t,s0)
|
||||
/usr/sbin/powernowd -- context_template(system_u:object_r:cpuspeed_exec_t,s0)
|
||||
/usr/sbin/cpuspeed -- gen_context(system_u:object_r:cpuspeed_exec_t,s0)
|
||||
/usr/sbin/powernowd -- gen_context(system_u:object_r:cpuspeed_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,40 +1,40 @@
|
|||
|
||||
/etc/cron\.d(/.*)? context_template(system_u:object_r:system_cron_spool_t,s0)
|
||||
/etc/crontab -- context_template(system_u:object_r:system_cron_spool_t,s0)
|
||||
/etc/cron\.d(/.*)? gen_context(system_u:object_r:system_cron_spool_t,s0)
|
||||
/etc/crontab -- gen_context(system_u:object_r:system_cron_spool_t,s0)
|
||||
|
||||
/usr/bin/at -- context_template(system_u:object_r:crontab_exec_t,s0)
|
||||
/usr/bin/(f)?crontab -- context_template(system_u:object_r:crontab_exec_t,s0)
|
||||
/usr/bin/at -- gen_context(system_u:object_r:crontab_exec_t,s0)
|
||||
/usr/bin/(f)?crontab -- gen_context(system_u:object_r:crontab_exec_t,s0)
|
||||
|
||||
/usr/sbin/anacron -- context_template(system_u:object_r:anacron_exec_t,s0)
|
||||
/usr/sbin/atd -- context_template(system_u:object_r:crond_exec_t,s0)
|
||||
/usr/sbin/cron(d)? -- context_template(system_u:object_r:crond_exec_t,s0)
|
||||
/usr/sbin/fcron -- context_template(system_u:object_r:crond_exec_t,s0)
|
||||
/usr/sbin/anacron -- gen_context(system_u:object_r:anacron_exec_t,s0)
|
||||
/usr/sbin/atd -- gen_context(system_u:object_r:crond_exec_t,s0)
|
||||
/usr/sbin/cron(d)? -- gen_context(system_u:object_r:crond_exec_t,s0)
|
||||
/usr/sbin/fcron -- gen_context(system_u:object_r:crond_exec_t,s0)
|
||||
|
||||
/var/run/atd\.pid -- context_template(system_u:object_r:crond_var_run_t,s0)
|
||||
/var/run/crond?\.pid -- context_template(system_u:object_r:crond_var_run_t,s0)
|
||||
/var/run/crond\.reboot -- context_template(system_u:object_r:crond_var_run_t,s0)
|
||||
/var/run/fcron\.fifo -s context_template(system_u:object_r:crond_var_run_t,s0)
|
||||
/var/run/fcron\.pid -- context_template(system_u:object_r:crond_var_run_t,s0)
|
||||
/var/run/atd\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
|
||||
/var/run/crond?\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
|
||||
/var/run/crond\.reboot -- gen_context(system_u:object_r:crond_var_run_t,s0)
|
||||
/var/run/fcron\.fifo -s gen_context(system_u:object_r:crond_var_run_t,s0)
|
||||
/var/run/fcron\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
|
||||
|
||||
/var/spool/at -d context_template(system_u:object_r:cron_spool_t,s0)
|
||||
/var/spool/at/spool -d context_template(system_u:object_r:cron_spool_t,s0)
|
||||
/var/spool/at -d gen_context(system_u:object_r:cron_spool_t,s0)
|
||||
/var/spool/at/spool -d gen_context(system_u:object_r:cron_spool_t,s0)
|
||||
/var/spool/at/[^/]* -- <<none>>
|
||||
|
||||
/var/spool/cron -d context_template(system_u:object_r:cron_spool_t,s0)
|
||||
#/var/spool/cron/root -- context_template(system_u:object_r:sysadm_cron_spool_t,s0)
|
||||
/var/spool/cron -d gen_context(system_u:object_r:cron_spool_t,s0)
|
||||
#/var/spool/cron/root -- gen_context(system_u:object_r:sysadm_cron_spool_t,s0)
|
||||
/var/spool/cron/[^/]* -- <<none>>
|
||||
ifdef(`distro_suse', `
|
||||
/var/spool/cron/lastrun -d context_template(system_u:object_r:crond_tmp_t,s0)
|
||||
/var/spool/cron/lastrun -d gen_context(system_u:object_r:crond_tmp_t,s0)
|
||||
/var/spool/cron/lastrun/[^/]* -- <<none>>
|
||||
/var/spool/cron/tabs -d context_template(system_u:object_r:cron_spool_t,s0)
|
||||
/var/spool/cron/tabs -d gen_context(system_u:object_r:cron_spool_t,s0)
|
||||
')
|
||||
|
||||
/var/spool/cron/crontabs -d context_template(system_u:object_r:cron_spool_t,s0)
|
||||
/var/spool/cron/crontabs -d gen_context(system_u:object_r:cron_spool_t,s0)
|
||||
/var/spool/cron/crontabs/.* -- <<none>>
|
||||
#/var/spool/cron/crontabs/root -- context_template(system_u:object_r:sysadm_cron_spool_t,s0)
|
||||
#/var/spool/cron/crontabs/root -- gen_context(system_u:object_r:sysadm_cron_spool_t,s0)
|
||||
|
||||
/var/spool/fcron -d context_template(system_u:object_r:cron_spool_t,s0)
|
||||
/var/spool/fcron -d gen_context(system_u:object_r:cron_spool_t,s0)
|
||||
/var/spool/fcron/.* <<none>>
|
||||
/var/spool/fcron/systab\.orig -- context_template(system_u:object_r:system_cron_spool_t,s0)
|
||||
/var/spool/fcron/systab -- context_template(system_u:object_r:system_cron_spool_t,s0)
|
||||
/var/spool/fcron/new\.systab -- context_template(system_u:object_r:system_cron_spool_t,s0)
|
||||
/var/spool/fcron/systab\.orig -- gen_context(system_u:object_r:system_cron_spool_t,s0)
|
||||
/var/spool/fcron/systab -- gen_context(system_u:object_r:system_cron_spool_t,s0)
|
||||
/var/spool/fcron/new\.systab -- gen_context(system_u:object_r:system_cron_spool_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,2 +1,2 @@
|
|||
|
||||
/usr/bin/cvs -- context_template(system_u:object_r:cvs_exec_t,s0)
|
||||
/usr/bin/cvs -- gen_context(system_u:object_r:cvs_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/etc/dbus-1(/.*)? context_template(system_u:object_r:etc_dbusd_t,s0)
|
||||
/etc/dbus-1(/.*)? gen_context(system_u:object_r:etc_dbusd_t,s0)
|
||||
|
||||
/usr/bin/dbus-daemon(-1)? -- context_template(system_u:object_r:system_dbusd_exec_t,s0)
|
||||
/usr/bin/dbus-daemon(-1)? -- gen_context(system_u:object_r:system_dbusd_exec_t,s0)
|
||||
|
||||
/var/run/dbus(/.*)? context_template(system_u:object_r:system_dbusd_var_run_t,s0)
|
||||
/var/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
|
||||
/usr/sbin/dhcpd.* -- context_template(system_u:object_r:dhcpd_exec_t,s0)
|
||||
/usr/sbin/dhcpd.* -- gen_context(system_u:object_r:dhcpd_exec_t,s0)
|
||||
|
||||
/var/lib/dhcp(3)?/dhcpd\.leases.* -- context_template(system_u:object_r:dhcpd_state_t,s0)
|
||||
/var/lib/dhcp(3)?/dhcpd\.leases.* -- gen_context(system_u:object_r:dhcpd_state_t,s0)
|
||||
|
||||
/var/run/dhcpd\.pid -- context_template(system_u:object_r:dhcpd_var_run_t,s0)
|
||||
/var/run/dhcpd\.pid -- gen_context(system_u:object_r:dhcpd_var_run_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
|
||||
/etc/dictd\.conf -- context_template(system_u:object_r:dictd_etc_t,s0)
|
||||
/etc/dictd\.conf -- gen_context(system_u:object_r:dictd_etc_t,s0)
|
||||
|
||||
/usr/sbin/dictd -- context_template(system_u:object_r:dictd_exec_t,s0)
|
||||
/usr/sbin/dictd -- gen_context(system_u:object_r:dictd_exec_t,s0)
|
||||
|
||||
/var/lib/dictd(/.*)? context_template(system_u:object_r:dictd_var_lib_t,s0)
|
||||
/var/lib/dictd(/.*)? gen_context(system_u:object_r:dictd_var_lib_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,26 +1,26 @@
|
|||
#
|
||||
# /etc
|
||||
#
|
||||
/etc/proftpd\.conf -- context_template(system_u:object_r:ftpd_etc_t,s0)
|
||||
/etc/cron\.monthly/proftpd -- context_template(system_u:object_r:ftpd_exec_t,s0)
|
||||
/etc/proftpd\.conf -- gen_context(system_u:object_r:ftpd_etc_t,s0)
|
||||
/etc/cron\.monthly/proftpd -- gen_context(system_u:object_r:ftpd_exec_t,s0)
|
||||
|
||||
#
|
||||
# /usr
|
||||
#
|
||||
/usr/kerberos/sbin/ftpd -- context_template(system_u:object_r:ftpd_exec_t,s0)
|
||||
/usr/kerberos/sbin/ftpd -- gen_context(system_u:object_r:ftpd_exec_t,s0)
|
||||
|
||||
/usr/sbin/ftpwho -- context_template(system_u:object_r:ftpd_exec_t,s0)
|
||||
/usr/sbin/in\.ftpd -- context_template(system_u:object_r:ftpd_exec_t,s0)
|
||||
/usr/sbin/muddleftpd -- context_template(system_u:object_r:ftpd_exec_t,s0)
|
||||
/usr/sbin/proftpd -- context_template(system_u:object_r:ftpd_exec_t,s0)
|
||||
/usr/sbin/vsftpd -- context_template(system_u:object_r:ftpd_exec_t,s0)
|
||||
/usr/sbin/ftpwho -- gen_context(system_u:object_r:ftpd_exec_t,s0)
|
||||
/usr/sbin/in\.ftpd -- gen_context(system_u:object_r:ftpd_exec_t,s0)
|
||||
/usr/sbin/muddleftpd -- gen_context(system_u:object_r:ftpd_exec_t,s0)
|
||||
/usr/sbin/proftpd -- gen_context(system_u:object_r:ftpd_exec_t,s0)
|
||||
/usr/sbin/vsftpd -- gen_context(system_u:object_r:ftpd_exec_t,s0)
|
||||
|
||||
#
|
||||
# /var
|
||||
#
|
||||
/var/run/proftpd/proftpd-inetd -- context_template(system_u:object_r:ftpd_var_run_t,s0)
|
||||
/var/run/proftpd/proftpd\.scoreboard -- context_template(system_u:object_r:ftpd_var_run_t,s0)
|
||||
/var/run/proftpd/proftpd-inetd -- gen_context(system_u:object_r:ftpd_var_run_t,s0)
|
||||
/var/run/proftpd/proftpd\.scoreboard -- gen_context(system_u:object_r:ftpd_var_run_t,s0)
|
||||
|
||||
/var/log/muddleftpd\.log.* -- context_template(system_u:object_r:xferlog_t,s0)
|
||||
/var/log/xferlog.* -- context_template(system_u:object_r:xferlog_t,s0)
|
||||
/var/log/xferreport.* -- context_template(system_u:object_r:xferlog_t,s0)
|
||||
/var/log/muddleftpd\.log.* -- gen_context(system_u:object_r:xferlog_t,s0)
|
||||
/var/log/xferlog.* -- gen_context(system_u:object_r:xferlog_t,s0)
|
||||
/var/log/xferreport.* -- gen_context(system_u:object_r:xferlog_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
|
||||
/dev/gpmctl -s context_template(system_u:object_r:gpmctl_t,s0)
|
||||
/dev/gpmdata -p context_template(system_u:object_r:gpmctl_t,s0)
|
||||
/dev/gpmctl -s gen_context(system_u:object_r:gpmctl_t,s0)
|
||||
/dev/gpmdata -p gen_context(system_u:object_r:gpmctl_t,s0)
|
||||
|
||||
/etc/gpm(/.*)? context_template(system_u:object_r:gpm_conf_t,s0)
|
||||
/etc/gpm(/.*)? gen_context(system_u:object_r:gpm_conf_t,s0)
|
||||
|
||||
/usr/sbin/gpm -- context_template(system_u:object_r:gpm_exec_t,s0)
|
||||
/usr/sbin/gpm -- gen_context(system_u:object_r:gpm_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
|
||||
/etc/hal/device\.d/printer_remove\.hal -- context_template(system_u:object_r:hald_exec_t,s0)
|
||||
/etc/hal/capability\.d/printer_update\.hal -- context_template(system_u:object_r:hald_exec_t,s0)
|
||||
/etc/hal/device\.d/printer_remove\.hal -- gen_context(system_u:object_r:hald_exec_t,s0)
|
||||
/etc/hal/capability\.d/printer_update\.hal -- gen_context(system_u:object_r:hald_exec_t,s0)
|
||||
|
||||
/usr/libexec/hal-hotplug-map -- context_template(system_u:object_r:hald_exec_t,s0)
|
||||
/usr/libexec/hal-hotplug-map -- gen_context(system_u:object_r:hald_exec_t,s0)
|
||||
|
||||
/usr/sbin/hald -- context_template(system_u:object_r:hald_exec_t,s0)
|
||||
/usr/sbin/hald -- gen_context(system_u:object_r:hald_exec_t,s0)
|
||||
|
||||
/usr/share/hal/device-manager/hal-device-manager -- context_template(system_u:object_r:bin_t,s0)
|
||||
/usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
/usr/bin/mDNSResponder -- context_template(system_u:object_r:howl_exec_t,s0)
|
||||
/usr/bin/nifd -- context_template(system_u:object_r:howl_exec_t,s0)
|
||||
/usr/bin/mDNSResponder -- gen_context(system_u:object_r:howl_exec_t,s0)
|
||||
/usr/bin/nifd -- gen_context(system_u:object_r:howl_exec_t,s0)
|
||||
|
||||
/var/run/nifd\.pid -- context_template(system_u:object_r:howl_var_run_t,s0)
|
||||
/var/run/nifd\.pid -- gen_context(system_u:object_r:howl_var_run_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
|
||||
/usr/sbin/identd -- context_template(system_u:object_r:inetd_child_exec_t,s0)
|
||||
/usr/sbin/in\..*d -- context_template(system_u:object_r:inetd_child_exec_t,s0)
|
||||
/usr/sbin/inetd -- context_template(system_u:object_r:inetd_exec_t,s0)
|
||||
/usr/sbin/rlinetd -- context_template(system_u:object_r:inetd_exec_t,s0)
|
||||
/usr/sbin/xinetd -- context_template(system_u:object_r:inetd_exec_t,s0)
|
||||
/usr/sbin/identd -- gen_context(system_u:object_r:inetd_child_exec_t,s0)
|
||||
/usr/sbin/in\..*d -- gen_context(system_u:object_r:inetd_child_exec_t,s0)
|
||||
/usr/sbin/inetd -- gen_context(system_u:object_r:inetd_exec_t,s0)
|
||||
/usr/sbin/rlinetd -- gen_context(system_u:object_r:inetd_exec_t,s0)
|
||||
/usr/sbin/xinetd -- gen_context(system_u:object_r:inetd_exec_t,s0)
|
||||
|
||||
/var/log/(x)?inetd\.log -- context_template(system_u:object_r:inetd_log_t,s0)
|
||||
/var/log/(x)?inetd\.log -- gen_context(system_u:object_r:inetd_log_t,s0)
|
||||
|
||||
/var/run/inetd\.pid -- context_template(system_u:object_r:inetd_var_run_t,s0)
|
||||
/var/run/inetd\.pid -- gen_context(system_u:object_r:inetd_var_run_t,s0)
|
||||
|
|
|
|||
|
|
@ -2,60 +2,60 @@
|
|||
#
|
||||
# /etc
|
||||
#
|
||||
/etc/news(/.*)? context_template(system_u:object_r:innd_etc_t,s0)
|
||||
/etc/news/boot -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/etc/news(/.*)? gen_context(system_u:object_r:innd_etc_t,s0)
|
||||
/etc/news/boot -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
|
||||
#
|
||||
# /usr
|
||||
#
|
||||
/usr/bin/inews -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/bin/rnews -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/bin/rpost -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/bin/suck -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/bin/inews -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/bin/rnews -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/bin/rpost -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/bin/suck -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
|
||||
/usr/sbin/in\.nnrpd -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/sbin/innd.* -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/sbin/in\.nnrpd -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/sbin/innd.* -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
|
||||
/var/lib/news(/.*)? context_template(system_u:object_r:innd_var_lib_t,s0)
|
||||
/var/lib/news(/.*)? gen_context(system_u:object_r:innd_var_lib_t,s0)
|
||||
|
||||
/usr/lib(64)?/news/bin/innd -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/actsync -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/archive -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/batcher -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/buffchan -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/convdate -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/ctlinnd -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/cvtbatch -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/expire -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/expireover -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/fastrm -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/filechan -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/getlist -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/grephistory -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/inews -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/innconfval -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/inndf -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/inndstart -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/innfeed -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/innxbatch -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/innxmit -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/makedbz -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/makehistory -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/newsrequeue -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/nnrpd -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/nntpget -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/ovdb_recover -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/overchan -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/prunehistory -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/rnews -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/shlock -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/shrinkfile -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/sm -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/startinnfeed -- context_template(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/innd -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/actsync -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/archive -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/batcher -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/buffchan -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/convdate -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/ctlinnd -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/cvtbatch -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/expire -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/expireover -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/fastrm -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/filechan -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/getlist -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/grephistory -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/inews -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/innconfval -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/inndf -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/inndstart -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/innfeed -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/innxbatch -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/innxmit -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/makedbz -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/makehistory -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/newsrequeue -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/nnrpd -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/nntpget -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/ovdb_recover -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/overchan -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/prunehistory -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/rnews -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/shlock -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/shrinkfile -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/sm -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
/usr/lib(64)?/news/bin/startinnfeed -- gen_context(system_u:object_r:innd_exec_t,s0)
|
||||
|
||||
/var/log/news(/.*)? context_template(system_u:object_r:innd_log_t,s0)
|
||||
/var/log/news(/.*)? gen_context(system_u:object_r:innd_log_t,s0)
|
||||
|
||||
/var/run/innd(/.*)? context_template(system_u:object_r:innd_var_run_t,s0)
|
||||
/var/run/news(/.*)? context_template(system_u:object_r:innd_var_run_t,s0)
|
||||
/var/run/innd(/.*)? gen_context(system_u:object_r:innd_var_run_t,s0)
|
||||
/var/run/news(/.*)? gen_context(system_u:object_r:innd_var_run_t,s0)
|
||||
|
||||
/var/spool/news(/.*)? context_template(system_u:object_r:news_spool_t,s0)
|
||||
/var/spool/news(/.*)? gen_context(system_u:object_r:news_spool_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,18 +1,18 @@
|
|||
/etc/krb5\.conf -- context_template(system_u:object_r:krb5_conf_t,s0)
|
||||
/etc/krb5\.keytab context_template(system_u:object_r:krb5_keytab_t,s0)
|
||||
/etc/krb5\.conf -- gen_context(system_u:object_r:krb5_conf_t,s0)
|
||||
/etc/krb5\.keytab gen_context(system_u:object_r:krb5_keytab_t,s0)
|
||||
|
||||
/etc/krb5kdc(/.*)? context_template(system_u:object_r:krb5kdc_conf_t,s0)
|
||||
/etc/krb5kdc/kadm5.keytab -- context_template(system_u:object_r:krb5_keytab_t,s0)
|
||||
/etc/krb5kdc/principal.* context_template(system_u:object_r:krb5kdc_principal_t,s0)
|
||||
/etc/krb5kdc(/.*)? gen_context(system_u:object_r:krb5kdc_conf_t,s0)
|
||||
/etc/krb5kdc/kadm5.keytab -- gen_context(system_u:object_r:krb5_keytab_t,s0)
|
||||
/etc/krb5kdc/principal.* gen_context(system_u:object_r:krb5kdc_principal_t,s0)
|
||||
|
||||
/usr(/local)?(/kerberos)?/sbin/krb5kdc -- context_template(system_u:object_r:krb5kdc_exec_t,s0)
|
||||
/usr(/local)?(/kerberos)?/sbin/kadmind -- context_template(system_u:object_r:kadmind_exec_t,s0)
|
||||
/usr(/local)?(/kerberos)?/sbin/krb5kdc -- gen_context(system_u:object_r:krb5kdc_exec_t,s0)
|
||||
/usr(/local)?(/kerberos)?/sbin/kadmind -- gen_context(system_u:object_r:kadmind_exec_t,s0)
|
||||
|
||||
/usr/local/var/krb5kdc(/.*)? context_template(system_u:object_r:krb5kdc_conf_t,s0)
|
||||
/usr/local/var/krb5kdc/principal.* context_template(system_u:object_r:krb5kdc_principal_t,s0)
|
||||
/usr/local/var/krb5kdc(/.*)? gen_context(system_u:object_r:krb5kdc_conf_t,s0)
|
||||
/usr/local/var/krb5kdc/principal.* gen_context(system_u:object_r:krb5kdc_principal_t,s0)
|
||||
|
||||
/var/kerberos/krb5kdc(/.*)? context_template(system_u:object_r:krb5kdc_conf_t,s0)
|
||||
/var/kerberos/krb5kdc/principal.* context_template(system_u:object_r:krb5kdc_principal_t,s0)
|
||||
/var/kerberos/krb5kdc(/.*)? gen_context(system_u:object_r:krb5kdc_conf_t,s0)
|
||||
/var/kerberos/krb5kdc/principal.* gen_context(system_u:object_r:krb5kdc_principal_t,s0)
|
||||
|
||||
/var/log/krb5kdc\.log context_template(system_u:object_r:krb5kdc_log_t,s0)
|
||||
/var/log/kadmin(d)?\.log context_template(system_u:object_r:kadmind_log_t,s0)
|
||||
/var/log/krb5kdc\.log gen_context(system_u:object_r:krb5kdc_log_t,s0)
|
||||
/var/log/kadmin(d)?\.log gen_context(system_u:object_r:kadmind_log_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,2 +1,2 @@
|
|||
|
||||
/usr/bin/ktalkd -- context_template(system_u:object_r:ktalkd_exec_t,s0)
|
||||
/usr/bin/ktalkd -- gen_context(system_u:object_r:ktalkd_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
|
||||
/etc/ldap/slapd\.conf -- context_template(system_u:object_r:slapd_etc_t,s0)
|
||||
/etc/ldap/slapd\.conf -- gen_context(system_u:object_r:slapd_etc_t,s0)
|
||||
|
||||
/usr/sbin/slapd -- context_template(system_u:object_r:slapd_exec_t,s0)
|
||||
/usr/sbin/slapd -- gen_context(system_u:object_r:slapd_exec_t,s0)
|
||||
|
||||
/var/lib/ldap(/.*)? context_template(system_u:object_r:slapd_db_t,s0)
|
||||
/var/lib/ldap/replog(/.*)? context_template(system_u:object_r:slapd_replog_t,s0)
|
||||
/var/lib/ldap(/.*)? gen_context(system_u:object_r:slapd_db_t,s0)
|
||||
/var/lib/ldap/replog(/.*)? gen_context(system_u:object_r:slapd_replog_t,s0)
|
||||
|
||||
/var/run/slapd\.args -- context_template(system_u:object_r:slapd_var_run_t,s0)
|
||||
/var/run/slapd\.pid -- context_template(system_u:object_r:slapd_var_run_t,s0)
|
||||
/var/run/slapd\.args -- gen_context(system_u:object_r:slapd_var_run_t,s0)
|
||||
/var/run/slapd\.pid -- gen_context(system_u:object_r:slapd_var_run_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,20 +1,20 @@
|
|||
|
||||
/etc/aliases -- context_template(system_u:object_r:etc_aliases_t,s0)
|
||||
/etc/aliases\.db -- context_template(system_u:object_r:etc_aliases_t,s0)
|
||||
/etc/aliases -- gen_context(system_u:object_r:etc_aliases_t,s0)
|
||||
/etc/aliases\.db -- gen_context(system_u:object_r:etc_aliases_t,s0)
|
||||
|
||||
ifdef(`sendmail.te',`',`
|
||||
/usr/lib(64)?/sendmail -- context_template(system_u:object_r:sendmail_exec_t,s0)
|
||||
/usr/lib(64)?/sendmail -- gen_context(system_u:object_r:sendmail_exec_t,s0)
|
||||
|
||||
/usr/sbin/sendmail(.sendmail)? -- context_template(system_u:object_r:sendmail_exec_t,s0)
|
||||
/usr/sbin/sendmail(.sendmail)? -- gen_context(system_u:object_r:sendmail_exec_t,s0)
|
||||
')
|
||||
|
||||
/var/mail(/.*)? context_template(system_u:object_r:mail_spool_t,s0)
|
||||
/var/mail(/.*)? gen_context(system_u:object_r:mail_spool_t,s0)
|
||||
|
||||
/var/spool/(client)?mqueue(/.*)? context_template(system_u:object_r:mqueue_spool_t,s0)
|
||||
/var/spool/(client)?mqueue(/.*)? gen_context(system_u:object_r:mqueue_spool_t,s0)
|
||||
|
||||
/var/spool/mail(/.*)? context_template(system_u:object_r:mail_spool_t,s0)
|
||||
/var/spool/mail(/.*)? gen_context(system_u:object_r:mail_spool_t,s0)
|
||||
|
||||
ifdef(`postfix.te', `', `
|
||||
/usr/sbin/sendmail.postfix -- context_template(system_u:object_r:sendmail_exec_t,s0)
|
||||
/var/spool/postfix(/.*)? context_template(system_u:object_r:mail_spool_t,s0)
|
||||
/usr/sbin/sendmail.postfix -- gen_context(system_u:object_r:sendmail_exec_t,s0)
|
||||
/var/spool/postfix(/.*)? gen_context(system_u:object_r:mail_spool_t,s0)
|
||||
')
|
||||
|
|
|
|||
|
|
@ -3,22 +3,22 @@
|
|||
#
|
||||
# /etc
|
||||
#
|
||||
/etc/my\.cnf -- context_template(system_u:object_r:mysqld_etc_t,s0)
|
||||
/etc/mysql(/.*)? context_template(system_u:object_r:mysqld_etc_t,s0)
|
||||
/etc/my\.cnf -- gen_context(system_u:object_r:mysqld_etc_t,s0)
|
||||
/etc/mysql(/.*)? gen_context(system_u:object_r:mysqld_etc_t,s0)
|
||||
|
||||
#
|
||||
# /usr
|
||||
#
|
||||
/usr/libexec/mysqld -- context_template(system_u:object_r:mysqld_exec_t,s0)
|
||||
/usr/libexec/mysqld -- gen_context(system_u:object_r:mysqld_exec_t,s0)
|
||||
|
||||
/usr/sbin/mysqld(-max)? -- context_template(system_u:object_r:mysqld_exec_t,s0)
|
||||
/usr/sbin/mysqld(-max)? -- gen_context(system_u:object_r:mysqld_exec_t,s0)
|
||||
|
||||
#
|
||||
# /var
|
||||
#
|
||||
/var/lib/mysql(/.*)? context_template(system_u:object_r:mysqld_db_t,s0)
|
||||
/var/lib/mysql/mysql\.sock -s context_template(system_u:object_r:mysqld_var_run_t,s0)
|
||||
/var/lib/mysql(/.*)? gen_context(system_u:object_r:mysqld_db_t,s0)
|
||||
/var/lib/mysql/mysql\.sock -s gen_context(system_u:object_r:mysqld_var_run_t,s0)
|
||||
|
||||
/var/log/mysql.* -- context_template(system_u:object_r:mysqld_log_t,s0)
|
||||
/var/log/mysql.* -- gen_context(system_u:object_r:mysqld_log_t,s0)
|
||||
|
||||
/var/run/mysqld(/.*)? context_template(system_u:object_r:mysqld_var_run_t,s0)
|
||||
/var/run/mysqld(/.*)? gen_context(system_u:object_r:mysqld_var_run_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
|
||||
/etc/ypserv\.conf -- context_template(system_u:object_r:ypserv_conf_t,s0)
|
||||
/etc/ypserv\.conf -- gen_context(system_u:object_r:ypserv_conf_t,s0)
|
||||
|
||||
/sbin/ypbind -- context_template(system_u:object_r:ypbind_exec_t,s0)
|
||||
/sbin/ypbind -- gen_context(system_u:object_r:ypbind_exec_t,s0)
|
||||
|
||||
/usr/sbin/ypserv -- context_template(system_u:object_r:ypserv_exec_t,s0)
|
||||
/usr/sbin/ypserv -- gen_context(system_u:object_r:ypserv_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
|
||||
/usr/sbin/nscd -- context_template(system_u:object_r:nscd_exec_t,s0)
|
||||
/usr/sbin/nscd -- gen_context(system_u:object_r:nscd_exec_t,s0)
|
||||
|
||||
/var/db/nscd(/.*)? context_template(system_u:object_r:nscd_var_run_t,s0)
|
||||
/var/db/nscd(/.*)? gen_context(system_u:object_r:nscd_var_run_t,s0)
|
||||
|
||||
/var/log/nscd\.log.* -- context_template(system_u:object_r:nscd_log_t,s0)
|
||||
/var/log/nscd\.log.* -- gen_context(system_u:object_r:nscd_log_t,s0)
|
||||
|
||||
/var/run/nscd\.pid -- context_template(system_u:object_r:nscd_var_run_t,s0)
|
||||
/var/run/\.nscd_socket -s context_template(system_u:object_r:nscd_var_run_t,s0)
|
||||
/var/run/nscd\.pid -- gen_context(system_u:object_r:nscd_var_run_t,s0)
|
||||
/var/run/\.nscd_socket -s gen_context(system_u:object_r:nscd_var_run_t,s0)
|
||||
|
||||
/var/run/nscd(/.*)? context_template(system_u:object_r:nscd_var_run_t,s0)
|
||||
/var/run/nscd(/.*)? gen_context(system_u:object_r:nscd_var_run_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,19 +1,19 @@
|
|||
|
||||
/etc/ntp(d)?\.conf.* -- context_template(system_u:object_r:net_conf_t,s0)
|
||||
/etc/ntp(d)?\.conf.* -- gen_context(system_u:object_r:net_conf_t,s0)
|
||||
|
||||
/etc/cron\.(daily|weekly)/ntp-simple -- context_template(system_u:object_r:ntpd_exec_t,s0)
|
||||
/etc/cron\.(daily|weekly)/ntp-server -- context_template(system_u:object_r:ntpd_exec_t,s0)
|
||||
/etc/cron\.(daily|weekly)/ntp-simple -- gen_context(system_u:object_r:ntpd_exec_t,s0)
|
||||
/etc/cron\.(daily|weekly)/ntp-server -- gen_context(system_u:object_r:ntpd_exec_t,s0)
|
||||
|
||||
/etc/ntp/step-tickers.* -- context_template(system_u:object_r:net_conf_t,s0)
|
||||
/etc/ntp/data(/.*)? context_template(system_u:object_r:ntp_drift_t,s0)
|
||||
/etc/ntp/step-tickers.* -- gen_context(system_u:object_r:net_conf_t,s0)
|
||||
/etc/ntp/data(/.*)? gen_context(system_u:object_r:ntp_drift_t,s0)
|
||||
|
||||
/usr/sbin/ntpd -- context_template(system_u:object_r:ntpd_exec_t,s0)
|
||||
/usr/sbin/ntpdate -- context_template(system_u:object_r:ntpdate_exec_t,s0)
|
||||
/usr/sbin/ntpd -- gen_context(system_u:object_r:ntpd_exec_t,s0)
|
||||
/usr/sbin/ntpdate -- gen_context(system_u:object_r:ntpdate_exec_t,s0)
|
||||
|
||||
/var/lib/ntp(/.*)? context_template(system_u:object_r:ntp_drift_t,s0)
|
||||
/var/lib/ntp(/.*)? gen_context(system_u:object_r:ntp_drift_t,s0)
|
||||
|
||||
/var/log/ntp.* -- context_template(system_u:object_r:ntpd_log_t,s0)
|
||||
/var/log/ntpstats(/.*)? context_template(system_u:object_r:ntpd_log_t,s0)
|
||||
/var/log/xntpd.* -- context_template(system_u:object_r:ntpd_log_t,s0)
|
||||
/var/log/ntp.* -- gen_context(system_u:object_r:ntpd_log_t,s0)
|
||||
/var/log/ntpstats(/.*)? gen_context(system_u:object_r:ntpd_log_t,s0)
|
||||
/var/log/xntpd.* -- gen_context(system_u:object_r:ntpd_log_t,s0)
|
||||
|
||||
/var/run/ntpd\.pid -- context_template(system_u:object_r:ntpd_var_run_t,s0)
|
||||
/var/run/ntpd\.pid -- gen_context(system_u:object_r:ntpd_var_run_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,12 +1,12 @@
|
|||
|
||||
/sbin/portmap -- context_template(system_u:object_r:portmap_exec_t,s0)
|
||||
/sbin/portmap -- gen_context(system_u:object_r:portmap_exec_t,s0)
|
||||
|
||||
ifdef(`distro_debian',`
|
||||
/sbin/pmap_dump -- context_template(system_u:object_r:portmap_helper_exec_t,s0)
|
||||
/sbin/pmap_set -- context_template(system_u:object_r:portmap_helper_exec_t,s0)
|
||||
/sbin/pmap_dump -- gen_context(system_u:object_r:portmap_helper_exec_t,s0)
|
||||
/sbin/pmap_set -- gen_context(system_u:object_r:portmap_helper_exec_t,s0)
|
||||
', `
|
||||
/usr/sbin/pmap_dump -- context_template(system_u:object_r:portmap_helper_exec_t,s0)
|
||||
/usr/sbin/pmap_set -- context_template(system_u:object_r:portmap_helper_exec_t,s0)
|
||||
/usr/sbin/pmap_dump -- gen_context(system_u:object_r:portmap_helper_exec_t,s0)
|
||||
/usr/sbin/pmap_set -- gen_context(system_u:object_r:portmap_helper_exec_t,s0)
|
||||
')
|
||||
|
||||
/var/run/portmap.upgrade-state -- context_template(system_u:object_r:portmap_var_run_t,s0)
|
||||
/var/run/portmap.upgrade-state -- gen_context(system_u:object_r:portmap_var_run_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,36 +1,36 @@
|
|||
#
|
||||
# /etc
|
||||
#
|
||||
/etc/postgresql(/.*)? context_template(system_u:object_r:postgresql_etc_t,s0)
|
||||
/etc/postgresql(/.*)? gen_context(system_u:object_r:postgresql_etc_t,s0)
|
||||
|
||||
#
|
||||
# /usr
|
||||
#
|
||||
/usr/bin/initdb -- context_template(system_u:object_r:postgresql_exec_t,s0)
|
||||
/usr/bin/postgres -- context_template(system_u:object_r:postgresql_exec_t,s0)
|
||||
/usr/bin/initdb -- gen_context(system_u:object_r:postgresql_exec_t,s0)
|
||||
/usr/bin/postgres -- gen_context(system_u:object_r:postgresql_exec_t,s0)
|
||||
|
||||
/usr/lib/pgsql/test/regres(/.*)? context_template(system_u:object_r:postgresql_db_t,s0)
|
||||
/usr/lib/pgsql/test/regress/pg_regress -- context_template(system_u:object_r:postgresql_exec_t,s0)
|
||||
/usr/lib/pgsql/test/regres(/.*)? gen_context(system_u:object_r:postgresql_db_t,s0)
|
||||
/usr/lib/pgsql/test/regress/pg_regress -- gen_context(system_u:object_r:postgresql_exec_t,s0)
|
||||
|
||||
/usr/lib(64)?/postgresql/bin/.* -- context_template(system_u:object_r:postgresql_exec_t,s0)
|
||||
/usr/lib(64)?/postgresql/bin/.* -- gen_context(system_u:object_r:postgresql_exec_t,s0)
|
||||
|
||||
ifdef(`distro_redhat', `
|
||||
/usr/share/jonas/pgsql(/.*)? context_template(system_u:object_r:postgresql_db_t,s0)
|
||||
/usr/share/jonas/pgsql(/.*)? gen_context(system_u:object_r:postgresql_db_t,s0)
|
||||
')
|
||||
|
||||
#
|
||||
# /var
|
||||
#
|
||||
/var/lib/postgres(ql)?(/.*)? context_template(system_u:object_r:postgresql_db_t,s0)
|
||||
/var/lib/postgres(ql)?(/.*)? gen_context(system_u:object_r:postgresql_db_t,s0)
|
||||
|
||||
/var/lib/pgsql/data(/.*)? context_template(system_u:object_r:postgresql_db_t,s0)
|
||||
/var/lib/pgsql/pgstartup.log context_template(system_u:object_r:postgresql_log_t,s0)
|
||||
/var/lib/pgsql/data(/.*)? gen_context(system_u:object_r:postgresql_db_t,s0)
|
||||
/var/lib/pgsql/pgstartup.log gen_context(system_u:object_r:postgresql_log_t,s0)
|
||||
|
||||
/var/log/postgres\.log.* -- context_template(system_u:object_r:postgresql_log_t,s0)
|
||||
/var/log/postgresql(/.*)? context_template(system_u:object_r:postgresql_log_t,s0)
|
||||
/var/log/postgres\.log.* -- gen_context(system_u:object_r:postgresql_log_t,s0)
|
||||
/var/log/postgresql(/.*)? gen_context(system_u:object_r:postgresql_log_t,s0)
|
||||
|
||||
ifdef(`distro_redhat', `
|
||||
/var/log/rhdb/rhdb(/.*)? context_template(system_u:object_r:postgresql_log_t,s0)
|
||||
/var/log/rhdb/rhdb(/.*)? gen_context(system_u:object_r:postgresql_log_t,s0)
|
||||
')
|
||||
|
||||
/var/run/postgresql(/.*)? context_template(system_u:object_r:postgresql_var_run_t,s0)
|
||||
/var/run/postgresql(/.*)? gen_context(system_u:object_r:postgresql_var_run_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
|
||||
/usr/sbin/privoxy -- context_template(system_u:object_r:privoxy_exec_t,s0)
|
||||
/usr/sbin/privoxy -- gen_context(system_u:object_r:privoxy_exec_t,s0)
|
||||
|
||||
/var/log/privoxy(/.*)? context_template(system_u:object_r:privoxy_log_t,s0)
|
||||
/var/log/privoxy(/.*)? gen_context(system_u:object_r:privoxy_log_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
|
||||
/etc/radvd\.conf -- context_template(system_u:object_r:radvd_etc_t,s0)
|
||||
/etc/radvd\.conf -- gen_context(system_u:object_r:radvd_etc_t,s0)
|
||||
|
||||
/usr/sbin/radvd -- context_template(system_u:object_r:radvd_exec_t,s0)
|
||||
/usr/sbin/radvd -- gen_context(system_u:object_r:radvd_exec_t,s0)
|
||||
|
||||
/var/run/radvd\.pid -- context_template(system_u:object_r:radvd_var_run_t,s0)
|
||||
/var/run/radvd(/.*)? context_template(system_u:object_r:radvd_var_run_t,s0)
|
||||
/var/run/radvd\.pid -- gen_context(system_u:object_r:radvd_var_run_t,s0)
|
||||
/var/run/radvd(/.*)? gen_context(system_u:object_r:radvd_var_run_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
|
||||
/usr/kerberos/sbin/klogind -- context_template(system_u:object_r:rlogind_exec_t,s0)
|
||||
/usr/kerberos/sbin/klogind -- gen_context(system_u:object_r:rlogind_exec_t,s0)
|
||||
|
||||
/usr/lib(64)?/telnetlogin -- context_template(system_u:object_r:rlogind_exec_t,s0)
|
||||
/usr/lib(64)?/telnetlogin -- gen_context(system_u:object_r:rlogind_exec_t,s0)
|
||||
|
||||
/usr/sbin/in\.rlogind -- context_template(system_u:object_r:rlogind_exec_t,s0)
|
||||
/usr/sbin/in\.rlogind -- gen_context(system_u:object_r:rlogind_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
|
||||
/usr/kerberos/sbin/kshd -- context_template(system_u:object_r:rshd_exec_t,s0)
|
||||
/usr/kerberos/sbin/kshd -- gen_context(system_u:object_r:rshd_exec_t,s0)
|
||||
|
||||
/usr/sbin/in\.rshd -- context_template(system_u:object_r:rshd_exec_t,s0)
|
||||
/usr/sbin/in\.rshd -- gen_context(system_u:object_r:rshd_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,2 +1,2 @@
|
|||
|
||||
/usr/bin/rsync -- context_template(system_u:object_r:rsync_exec_t,s0)
|
||||
/usr/bin/rsync -- gen_context(system_u:object_r:rsync_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -2,43 +2,43 @@
|
|||
#
|
||||
# /etc
|
||||
#
|
||||
/etc/samba/MACHINE\.SID -- context_template(system_u:object_r:samba_secrets_t,s0)
|
||||
/etc/samba/secrets\.tdb -- context_template(system_u:object_r:samba_secrets_t,s0)
|
||||
/etc/samba/smbpasswd -- context_template(system_u:object_r:samba_secrets_t,s0)
|
||||
/etc/samba(/.*)? context_template(system_u:object_r:samba_etc_t,s0)
|
||||
/etc/samba/MACHINE\.SID -- gen_context(system_u:object_r:samba_secrets_t,s0)
|
||||
/etc/samba/secrets\.tdb -- gen_context(system_u:object_r:samba_secrets_t,s0)
|
||||
/etc/samba/smbpasswd -- gen_context(system_u:object_r:samba_secrets_t,s0)
|
||||
/etc/samba(/.*)? gen_context(system_u:object_r:samba_etc_t,s0)
|
||||
|
||||
#
|
||||
# /usr
|
||||
#
|
||||
/usr/bin/net -- context_template(system_u:object_r:samba_net_exec_t,s0)
|
||||
/usr/bin/ntlm_auth -- context_template(system_u:object_r:winbind_helper_exec_t,s0)
|
||||
/usr/bin/smbmount -- context_template(system_u:object_r:smbmount_exec_t,s0)
|
||||
/usr/bin/smbmnt -- context_template(system_u:object_r:smbmount_exec_t,s0)
|
||||
/usr/bin/net -- gen_context(system_u:object_r:samba_net_exec_t,s0)
|
||||
/usr/bin/ntlm_auth -- gen_context(system_u:object_r:winbind_helper_exec_t,s0)
|
||||
/usr/bin/smbmount -- gen_context(system_u:object_r:smbmount_exec_t,s0)
|
||||
/usr/bin/smbmnt -- gen_context(system_u:object_r:smbmount_exec_t,s0)
|
||||
|
||||
/usr/sbin/nmbd -- context_template(system_u:object_r:nmbd_exec_t,s0)
|
||||
/usr/sbin/smbd -- context_template(system_u:object_r:smbd_exec_t,s0)
|
||||
/usr/sbin/winbindd -- context_template(system_u:object_r:winbind_exec_t,s0)
|
||||
/usr/sbin/nmbd -- gen_context(system_u:object_r:nmbd_exec_t,s0)
|
||||
/usr/sbin/smbd -- gen_context(system_u:object_r:smbd_exec_t,s0)
|
||||
/usr/sbin/winbindd -- gen_context(system_u:object_r:winbind_exec_t,s0)
|
||||
|
||||
#
|
||||
# /var
|
||||
#
|
||||
/var/cache/samba(/.*)? context_template(system_u:object_r:samba_var_t,s0)
|
||||
/var/cache/samba/winbindd_privileged(/.*)? context_template(system_u:object_r:winbind_var_run_t,s0)
|
||||
/var/cache/samba(/.*)? gen_context(system_u:object_r:samba_var_t,s0)
|
||||
/var/cache/samba/winbindd_privileged(/.*)? gen_context(system_u:object_r:winbind_var_run_t,s0)
|
||||
|
||||
/var/lib/samba(/.*)? context_template(system_u:object_r:samba_var_t,s0)
|
||||
/var/lib/samba(/.*)? gen_context(system_u:object_r:samba_var_t,s0)
|
||||
|
||||
/var/log/samba(/.*)? context_template(system_u:object_r:samba_log_t,s0)
|
||||
/var/log/samba(/.*)? gen_context(system_u:object_r:samba_log_t,s0)
|
||||
|
||||
/var/run/samba/brlock\.tdb -- context_template(system_u:object_r:smbd_var_run_t,s0)
|
||||
/var/run/samba/connections\.tdb -- context_template(system_u:object_r:smbd_var_run_t,s0)
|
||||
/var/run/samba/locking\.tdb -- context_template(system_u:object_r:smbd_var_run_t,s0)
|
||||
/var/run/samba/messages\.tdb -- context_template(system_u:object_r:nmbd_var_run_t,s0)
|
||||
/var/run/samba/namelist\.debug -- context_template(system_u:object_r:nmbd_var_run_t,s0)
|
||||
/var/run/samba/nmbd\.pid -- context_template(system_u:object_r:nmbd_var_run_t,s0)
|
||||
/var/run/samba/sessionid\.tdb -- context_template(system_u:object_r:smbd_var_run_t,s0)
|
||||
/var/run/samba/smbd\.pid -- context_template(system_u:object_r:smbd_var_run_t,s0)
|
||||
/var/run/samba/unexpected\.tdb -- context_template(system_u:object_r:nmbd_var_run_t,s0)
|
||||
/var/run/samba/brlock\.tdb -- gen_context(system_u:object_r:smbd_var_run_t,s0)
|
||||
/var/run/samba/connections\.tdb -- gen_context(system_u:object_r:smbd_var_run_t,s0)
|
||||
/var/run/samba/locking\.tdb -- gen_context(system_u:object_r:smbd_var_run_t,s0)
|
||||
/var/run/samba/messages\.tdb -- gen_context(system_u:object_r:nmbd_var_run_t,s0)
|
||||
/var/run/samba/namelist\.debug -- gen_context(system_u:object_r:nmbd_var_run_t,s0)
|
||||
/var/run/samba/nmbd\.pid -- gen_context(system_u:object_r:nmbd_var_run_t,s0)
|
||||
/var/run/samba/sessionid\.tdb -- gen_context(system_u:object_r:smbd_var_run_t,s0)
|
||||
/var/run/samba/smbd\.pid -- gen_context(system_u:object_r:smbd_var_run_t,s0)
|
||||
/var/run/samba/unexpected\.tdb -- gen_context(system_u:object_r:nmbd_var_run_t,s0)
|
||||
|
||||
/var/run/winbindd(/.*)? context_template(system_u:object_r:winbind_var_run_t,s0)
|
||||
/var/run/winbindd(/.*)? gen_context(system_u:object_r:winbind_var_run_t,s0)
|
||||
|
||||
/var/spool/samba(/.*)? context_template(system_u:object_r:samba_var_t,s0)
|
||||
/var/spool/samba(/.*)? gen_context(system_u:object_r:samba_var_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
# sendmail file contexts
|
||||
/etc/mail(/.*)? context_template(system_u:object_r:etc_mail_t,s0)
|
||||
/etc/mail(/.*)? gen_context(system_u:object_r:etc_mail_t,s0)
|
||||
|
||||
/var/log/sendmail\.st -- context_template(system_u:object_r:sendmail_log_t,s0)
|
||||
/var/log/mail(/.*)? context_template(system_u:object_r:sendmail_log_t,s0)
|
||||
/var/log/sendmail\.st -- gen_context(system_u:object_r:sendmail_log_t,s0)
|
||||
/var/log/mail(/.*)? gen_context(system_u:object_r:sendmail_log_t,s0)
|
||||
|
||||
/var/run/sendmail\.pid -- context_template(system_u:object_r:sendmail_var_run_t,s0)
|
||||
/var/run/sm-client\.pid -- context_template(system_u:object_r:sendmail_var_run_t,s0)
|
||||
/var/run/sendmail\.pid -- gen_context(system_u:object_r:sendmail_var_run_t,s0)
|
||||
/var/run/sm-client\.pid -- gen_context(system_u:object_r:sendmail_var_run_t,s0)
|
||||
|
|
|
|||
|
|
@ -3,24 +3,24 @@
|
|||
# /etc
|
||||
#
|
||||
|
||||
/etc/snmp/snmp(trap)?d\.conf -- context_template(system_u:object_r:snmpd_etc_t,s0)
|
||||
/etc/snmp/snmp(trap)?d\.conf -- gen_context(system_u:object_r:snmpd_etc_t,s0)
|
||||
|
||||
#
|
||||
# /usr
|
||||
#
|
||||
/usr/sbin/snmp(trap)?d -- context_template(system_u:object_r:snmpd_exec_t,s0)
|
||||
/usr/sbin/snmp(trap)?d -- gen_context(system_u:object_r:snmpd_exec_t,s0)
|
||||
|
||||
/usr/share/snmp/mibs/\.index -- context_template(system_u:object_r:snmpd_var_lib_t,s0)
|
||||
/usr/share/snmp/mibs/\.index -- gen_context(system_u:object_r:snmpd_var_lib_t,s0)
|
||||
|
||||
#
|
||||
# /var
|
||||
#
|
||||
/var/lib/net-snmp(/.*)? context_template(system_u:object_r:snmpd_var_lib_t,s0)
|
||||
/var/lib/snmp(/.*)? context_template(system_u:object_r:snmpd_var_lib_t,s0)
|
||||
/var/lib/net-snmp(/.*)? gen_context(system_u:object_r:snmpd_var_lib_t,s0)
|
||||
/var/lib/snmp(/.*)? gen_context(system_u:object_r:snmpd_var_lib_t,s0)
|
||||
|
||||
/var/log/snmpd\.log -- context_template(system_u:object_r:snmpd_log_t,s0)
|
||||
/var/log/snmpd\.log -- gen_context(system_u:object_r:snmpd_log_t,s0)
|
||||
|
||||
/var/net-snmp(/.*) context_template(system_u:object_r:snmpd_var_lib_t,s0)
|
||||
/var/net-snmp(/.*) gen_context(system_u:object_r:snmpd_var_lib_t,s0)
|
||||
|
||||
/var/run/snmpd -d context_template(system_u:object_r:snmpd_var_run_t,s0)
|
||||
/var/run/snmpd\.pid -- context_template(system_u:object_r:snmpd_var_run_t,s0)
|
||||
/var/run/snmpd -d gen_context(system_u:object_r:snmpd_var_run_t,s0)
|
||||
/var/run/snmpd\.pid -- gen_context(system_u:object_r:snmpd_var_run_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,14 +1,14 @@
|
|||
|
||||
/etc/squid(/.*)? context_template(system_u:object_r:squid_conf_t,s0)
|
||||
/etc/squid(/.*)? gen_context(system_u:object_r:squid_conf_t,s0)
|
||||
|
||||
/usr/sbin/squid -- context_template(system_u:object_r:squid_exec_t,s0)
|
||||
/usr/sbin/squid -- gen_context(system_u:object_r:squid_exec_t,s0)
|
||||
|
||||
/usr/share/squid(/.*)? context_template(system_u:object_r:squid_conf_t,s0)
|
||||
/usr/share/squid(/.*)? gen_context(system_u:object_r:squid_conf_t,s0)
|
||||
|
||||
/var/cache/squid(/.*)? context_template(system_u:object_r:squid_cache_t,s0)
|
||||
/var/cache/squid(/.*)? gen_context(system_u:object_r:squid_cache_t,s0)
|
||||
|
||||
/var/log/squid(/.*)? context_template(system_u:object_r:squid_log_t,s0)
|
||||
/var/log/squid(/.*)? gen_context(system_u:object_r:squid_log_t,s0)
|
||||
|
||||
/var/run/squid\.pid -- context_template(system_u:object_r:squid_var_run_t,s0)
|
||||
/var/run/squid\.pid -- gen_context(system_u:object_r:squid_var_run_t,s0)
|
||||
|
||||
/var/spool/squid(/.*)? context_template(system_u:object_r:squid_cache_t,s0)
|
||||
/var/spool/squid(/.*)? gen_context(system_u:object_r:squid_cache_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,18 +1,18 @@
|
|||
/etc/ssh/primes -- context_template(system_u:object_r:sshd_key_t,s0)
|
||||
/etc/ssh/ssh_host_key -- context_template(system_u:object_r:sshd_key_t,s0)
|
||||
/etc/ssh/ssh_host_dsa_key -- context_template(system_u:object_r:sshd_key_t,s0)
|
||||
/etc/ssh/ssh_host_rsa_key -- context_template(system_u:object_r:sshd_key_t,s0)
|
||||
/etc/ssh/primes -- gen_context(system_u:object_r:sshd_key_t,s0)
|
||||
/etc/ssh/ssh_host_key -- gen_context(system_u:object_r:sshd_key_t,s0)
|
||||
/etc/ssh/ssh_host_dsa_key -- gen_context(system_u:object_r:sshd_key_t,s0)
|
||||
/etc/ssh/ssh_host_rsa_key -- gen_context(system_u:object_r:sshd_key_t,s0)
|
||||
|
||||
/usr/bin/ssh -- context_template(system_u:object_r:ssh_exec_t,s0)
|
||||
/usr/bin/ssh-agent -- context_template(system_u:object_r:ssh_agent_exec_t,s0)
|
||||
/usr/bin/ssh-keygen -- context_template(system_u:object_r:ssh_keygen_exec_t,s0)
|
||||
/usr/bin/ssh -- gen_context(system_u:object_r:ssh_exec_t,s0)
|
||||
/usr/bin/ssh-agent -- gen_context(system_u:object_r:ssh_agent_exec_t,s0)
|
||||
/usr/bin/ssh-keygen -- gen_context(system_u:object_r:ssh_keygen_exec_t,s0)
|
||||
|
||||
/usr/libexec/openssh/ssh-keysign -- context_template(system_u:object_r:ssh_keysign_exec_t,s0)
|
||||
/usr/libexec/openssh/ssh-keysign -- gen_context(system_u:object_r:ssh_keysign_exec_t,s0)
|
||||
|
||||
/usr/sbin/sshd -- context_template(system_u:object_r:sshd_exec_t,s0)
|
||||
/usr/sbin/sshd -- gen_context(system_u:object_r:sshd_exec_t,s0)
|
||||
|
||||
/var/run/sshd\.init\.pid -- context_template(system_u:object_r:sshd_var_run_t,s0)
|
||||
/var/run/sshd\.init\.pid -- gen_context(system_u:object_r:sshd_var_run_t,s0)
|
||||
|
||||
ifdef(`targeted_policy', `', `
|
||||
HOME_DIR/\.ssh(/.*)? context_template(system_u:object_r:ROLE_home_ssh_t,s0)
|
||||
HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ROLE_home_ssh_t,s0)
|
||||
')
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
|
||||
/etc/stunnel(/.*)? context_template(system_u:object_r:stunnel_etc_t,s0)
|
||||
/etc/stunnel(/.*)? gen_context(system_u:object_r:stunnel_etc_t,s0)
|
||||
|
||||
/usr/sbin/stunnel -- context_template(system_u:object_r:stunnel_exec_t,s0)
|
||||
/usr/sbin/stunnel -- gen_context(system_u:object_r:stunnel_exec_t,s0)
|
||||
|
||||
/var/run/stunnel(/.*)? context_template(system_u:object_r:stunnel_var_run_t,s0)
|
||||
/var/run/stunnel(/.*)? gen_context(system_u:object_r:stunnel_var_run_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,2 +1,2 @@
|
|||
|
||||
/usr/sbin/tcpd -- context_template(system_u:object_r:tcpd_exec_t,s0)
|
||||
/usr/sbin/tcpd -- gen_context(system_u:object_r:tcpd_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
|
||||
/usr/sbin/in\.telnetd -- context_template(system_u:object_r:telnetd_exec_t,s0)
|
||||
/usr/sbin/in\.telnetd -- gen_context(system_u:object_r:telnetd_exec_t,s0)
|
||||
|
||||
/usr/kerberos/sbin/telnetd -- context_template(system_u:object_r:telnetd_exec_t,s0)
|
||||
/usr/kerberos/sbin/telnetd -- gen_context(system_u:object_r:telnetd_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
/usr/sbin/atftpd -- context_template(system_u:object_r:tftpd_exec_t,s0)
|
||||
/usr/sbin/in\.tftpd -- context_template(system_u:object_r:tftpd_exec_t,s0)
|
||||
/usr/sbin/atftpd -- gen_context(system_u:object_r:tftpd_exec_t,s0)
|
||||
/usr/sbin/in\.tftpd -- gen_context(system_u:object_r:tftpd_exec_t,s0)
|
||||
|
||||
/tftpboot(/.*)? context_template(system_u:object_r:tftpdir_t,s0)
|
||||
/tftpboot(/.*)? gen_context(system_u:object_r:tftpdir_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
|
||||
/usr/sbin/uucico -- context_template(system_u:object_r:uucpd_exec_t,s0)
|
||||
/usr/sbin/uucico -- gen_context(system_u:object_r:uucpd_exec_t,s0)
|
||||
|
||||
/var/spool/uucp(/.*)? context_template(system_u:object_r:uucpd_spool_t,s0)
|
||||
/var/spool/uucppublic(/.*)? context_template(system_u:object_r:uucpd_spool_t,s0)
|
||||
/var/spool/uucp(/.*)? gen_context(system_u:object_r:uucpd_spool_t,s0)
|
||||
/var/spool/uucppublic(/.*)? gen_context(system_u:object_r:uucpd_spool_t,s0)
|
||||
|
||||
/var/log/uucp(/.*)? context_template(system_u:object_r:uucpd_log_t,s0)
|
||||
/var/log/uucp(/.*)? gen_context(system_u:object_r:uucpd_log_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,16 +1,16 @@
|
|||
|
||||
/usr/sbin/bgpd -- context_template(system_u:object_r:zebra_exec_t,s0)
|
||||
/usr/sbin/zebra -- context_template(system_u:object_r:zebra_exec_t,s0)
|
||||
/usr/sbin/bgpd -- gen_context(system_u:object_r:zebra_exec_t,s0)
|
||||
/usr/sbin/zebra -- gen_context(system_u:object_r:zebra_exec_t,s0)
|
||||
|
||||
/etc/quagga(/.*)? context_template(system_u:object_r:zebra_conf_t,s0)
|
||||
/etc/zebra(/.*)? context_template(system_u:object_r:zebra_conf_t,s0)
|
||||
/etc/quagga(/.*)? gen_context(system_u:object_r:zebra_conf_t,s0)
|
||||
/etc/zebra(/.*)? gen_context(system_u:object_r:zebra_conf_t,s0)
|
||||
|
||||
/usr/sbin/ospf.* -- context_template(system_u:object_r:zebra_exec_t,s0)
|
||||
/usr/sbin/rip.* -- context_template(system_u:object_r:zebra_exec_t,s0)
|
||||
/usr/sbin/ospf.* -- gen_context(system_u:object_r:zebra_exec_t,s0)
|
||||
/usr/sbin/rip.* -- gen_context(system_u:object_r:zebra_exec_t,s0)
|
||||
|
||||
/var/log/quagga(/.*)? context_template(system_u:object_r:zebra_log_t,s0)
|
||||
/var/log/zebra(/.*)? context_template(system_u:object_r:zebra_log_t,s0)
|
||||
/var/log/quagga(/.*)? gen_context(system_u:object_r:zebra_log_t,s0)
|
||||
/var/log/zebra(/.*)? gen_context(system_u:object_r:zebra_log_t,s0)
|
||||
|
||||
/var/run/\.zebra -s context_template(system_u:object_r:zebra_var_run_t,s0)
|
||||
/var/run/\.zserv -s context_template(system_u:object_r:zebra_var_run_t,s0)
|
||||
/var/run/quagga(/.*)? context_template(system_u:object_r:zebra_var_run_t,s0)
|
||||
/var/run/\.zebra -s gen_context(system_u:object_r:zebra_var_run_t,s0)
|
||||
/var/run/\.zserv -s gen_context(system_u:object_r:zebra_var_run_t,s0)
|
||||
/var/run/quagga(/.*)? gen_context(system_u:object_r:zebra_var_run_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,35 +1,35 @@
|
|||
|
||||
/bin/login -- context_template(system_u:object_r:login_exec_t,s0)
|
||||
/bin/login -- gen_context(system_u:object_r:login_exec_t,s0)
|
||||
|
||||
/etc/\.pwd\.lock -- context_template(system_u:object_r:shadow_t,s0)
|
||||
/etc/group\.lock -- context_template(system_u:object_r:shadow_t,s0)
|
||||
/etc/gshadow.* -- context_template(system_u:object_r:shadow_t,s0)
|
||||
/etc/passwd\.lock -- context_template(system_u:object_r:shadow_t,s0)
|
||||
/etc/shadow.* -- context_template(system_u:object_r:shadow_t,s0)
|
||||
/etc/\.pwd\.lock -- gen_context(system_u:object_r:shadow_t,s0)
|
||||
/etc/group\.lock -- gen_context(system_u:object_r:shadow_t,s0)
|
||||
/etc/gshadow.* -- gen_context(system_u:object_r:shadow_t,s0)
|
||||
/etc/passwd\.lock -- gen_context(system_u:object_r:shadow_t,s0)
|
||||
/etc/shadow.* -- gen_context(system_u:object_r:shadow_t,s0)
|
||||
|
||||
/lib(64)?/security/pam_krb5/pam_krb5_storetmp -- context_template(system_u:object_r:pam_exec_t,s0)
|
||||
/lib(64)?/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:pam_exec_t,s0)
|
||||
|
||||
/sbin/pam_console_apply -- context_template(system_u:object_r:pam_console_exec_t,s0)
|
||||
/sbin/pam_timestamp_check -- context_template(system_u:object_r:pam_exec_t,s0)
|
||||
/sbin/unix_chkpwd -- context_template(system_u:object_r:chkpwd_exec_t,s0)
|
||||
/sbin/unix_verify -- context_template(system_u:object_r:chkpwd_exec_t,s0)
|
||||
/sbin/pam_console_apply -- gen_context(system_u:object_r:pam_console_exec_t,s0)
|
||||
/sbin/pam_timestamp_check -- gen_context(system_u:object_r:pam_exec_t,s0)
|
||||
/sbin/unix_chkpwd -- gen_context(system_u:object_r:chkpwd_exec_t,s0)
|
||||
/sbin/unix_verify -- gen_context(system_u:object_r:chkpwd_exec_t,s0)
|
||||
ifdef(`distro_suse', `
|
||||
/sbin/unix2_chkpwd -- context_template(system_u:object_r:chkpwd_exec_t,s0)
|
||||
/sbin/unix2_chkpwd -- gen_context(system_u:object_r:chkpwd_exec_t,s0)
|
||||
')
|
||||
|
||||
/usr/kerberos/sbin/login\.krb5 -- context_template(system_u:object_r:login_exec_t,s0)
|
||||
/usr/kerberos/sbin/login\.krb5 -- gen_context(system_u:object_r:login_exec_t,s0)
|
||||
|
||||
/usr/sbin/utempter -- context_template(system_u:object_r:utempter_exec_t,s0)
|
||||
/usr/sbin/utempter -- gen_context(system_u:object_r:utempter_exec_t,s0)
|
||||
|
||||
/var/db/shadow.* -- context_template(system_u:object_r:shadow_t,s0)
|
||||
/var/db/shadow.* -- gen_context(system_u:object_r:shadow_t,s0)
|
||||
|
||||
/var/log/btmp.* -- context_template(system_u:object_r:faillog_t,s0)
|
||||
/var/log/dmesg -- context_template(system_u:object_r:var_log_t,s0)
|
||||
/var/log/faillog -- context_template(system_u:object_r:faillog_t,s0)
|
||||
/var/log/lastlog -- context_template(system_u:object_r:lastlog_t,s0)
|
||||
/var/log/syslog -- context_template(system_u:object_r:var_log_t,s0)
|
||||
/var/log/wtmp.* -- context_template(system_u:object_r:wtmp_t,s0)
|
||||
/var/log/btmp.* -- gen_context(system_u:object_r:faillog_t,s0)
|
||||
/var/log/dmesg -- gen_context(system_u:object_r:var_log_t,s0)
|
||||
/var/log/faillog -- gen_context(system_u:object_r:faillog_t,s0)
|
||||
/var/log/lastlog -- gen_context(system_u:object_r:lastlog_t,s0)
|
||||
/var/log/syslog -- gen_context(system_u:object_r:var_log_t,s0)
|
||||
/var/log/wtmp.* -- gen_context(system_u:object_r:wtmp_t,s0)
|
||||
|
||||
/var/run/console(/.*)? context_template(system_u:object_r:pam_var_console_t,s0)
|
||||
/var/run/console(/.*)? gen_context(system_u:object_r:pam_var_console_t,s0)
|
||||
|
||||
/var/run/sudo(/.*)? context_template(system_u:object_r:pam_var_run_t,s0)
|
||||
/var/run/sudo(/.*)? gen_context(system_u:object_r:pam_var_run_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
/etc/adjtime -- context_template(system_u:object_r:adjtime_t,s0)
|
||||
/etc/adjtime -- gen_context(system_u:object_r:adjtime_t,s0)
|
||||
|
||||
/sbin/hwclock -- context_template(system_u:object_r:hwclock_exec_t,s0)
|
||||
/sbin/hwclock -- gen_context(system_u:object_r:hwclock_exec_t,s0)
|
||||
|
||||
|
|
|
|||
|
|
@ -2,111 +2,111 @@
|
|||
#
|
||||
# /bin
|
||||
#
|
||||
/bin(/.*)? context_template(system_u:object_r:bin_t,s0)
|
||||
/bin/d?ash -- context_template(system_u:object_r:shell_exec_t,s0)
|
||||
/bin/bash -- context_template(system_u:object_r:shell_exec_t,s0)
|
||||
/bin/bash2 -- context_template(system_u:object_r:shell_exec_t,s0)
|
||||
/bin/ls -- context_template(system_u:object_r:ls_exec_t,s0)
|
||||
/bin/sash -- context_template(system_u:object_r:shell_exec_t,s0)
|
||||
/bin/tcsh -- context_template(system_u:object_r:shell_exec_t,s0)
|
||||
/bin/zsh.* -- context_template(system_u:object_r:shell_exec_t,s0)
|
||||
/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/bin/d?ash -- gen_context(system_u:object_r:shell_exec_t,s0)
|
||||
/bin/bash -- gen_context(system_u:object_r:shell_exec_t,s0)
|
||||
/bin/bash2 -- gen_context(system_u:object_r:shell_exec_t,s0)
|
||||
/bin/ls -- gen_context(system_u:object_r:ls_exec_t,s0)
|
||||
/bin/sash -- gen_context(system_u:object_r:shell_exec_t,s0)
|
||||
/bin/tcsh -- gen_context(system_u:object_r:shell_exec_t,s0)
|
||||
/bin/zsh.* -- gen_context(system_u:object_r:shell_exec_t,s0)
|
||||
|
||||
#
|
||||
# /dev
|
||||
#
|
||||
/dev/MAKEDEV -- context_template(system_u:object_r:sbin_t,s0)
|
||||
/dev/MAKEDEV -- gen_context(system_u:object_r:sbin_t,s0)
|
||||
|
||||
#
|
||||
# /etc
|
||||
#
|
||||
/etc/hotplug/.*agent -- context_template(system_u:object_r:sbin_t,s0)
|
||||
/etc/hotplug/.*rc -- context_template(system_u:object_r:sbin_t,s0)
|
||||
/etc/hotplug/.*agent -- gen_context(system_u:object_r:sbin_t,s0)
|
||||
/etc/hotplug/.*rc -- gen_context(system_u:object_r:sbin_t,s0)
|
||||
|
||||
/etc/hotplug/hotplug\.functions -- context_template(system_u:object_r:sbin_t,s0)
|
||||
/etc/hotplug/hotplug\.functions -- gen_context(system_u:object_r:sbin_t,s0)
|
||||
|
||||
/etc/hotplug\.d/default/default.* context_template(system_u:object_r:sbin_t,s0)
|
||||
/etc/hotplug\.d/default/default.* gen_context(system_u:object_r:sbin_t,s0)
|
||||
|
||||
/etc/netplug\.d(/.*)? context_template(system_u:object_r:sbin_t,s0)
|
||||
/etc/netplug\.d(/.*)? gen_context(system_u:object_r:sbin_t,s0)
|
||||
|
||||
ifdef(`distro_debian',`
|
||||
/etc/mysql/debian-start -- context_template(system_u:object_r:bin_t,s0)
|
||||
/etc/mysql/debian-start -- gen_context(system_u:object_r:bin_t,s0)
|
||||
')
|
||||
|
||||
ifdef(`targeted_policy',`
|
||||
/etc/X11/prefdm -- context_template(system_u:object_r:bin_t,s0)
|
||||
/etc/X11/prefdm -- gen_context(system_u:object_r:bin_t,s0)
|
||||
')
|
||||
|
||||
#
|
||||
# /sbin
|
||||
#
|
||||
/sbin(/.*)? context_template(system_u:object_r:sbin_t,s0)
|
||||
/sbin/mkfs\.cramfs -- context_template(system_u:object_r:sbin_t,s0)
|
||||
/sbin/insmod_ksymoops_clean -- context_template(system_u:object_r:sbin_t,s0)
|
||||
/sbin(/.*)? gen_context(system_u:object_r:sbin_t,s0)
|
||||
/sbin/mkfs\.cramfs -- gen_context(system_u:object_r:sbin_t,s0)
|
||||
/sbin/insmod_ksymoops_clean -- gen_context(system_u:object_r:sbin_t,s0)
|
||||
|
||||
#
|
||||
# /opt
|
||||
#
|
||||
/opt/(.*)?/bin(/.*)? context_template(system_u:object_r:bin_t,s0)
|
||||
/opt/(.*)?/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
/opt/(.*)?/libexec(/.*)? context_template(system_u:object_r:bin_t,s0)
|
||||
/opt/(.*)?/libexec(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
/opt/(.*)?/sbin(/.*)? context_template(system_u:object_r:sbin_t,s0)
|
||||
/opt/(.*)?/sbin(/.*)? gen_context(system_u:object_r:sbin_t,s0)
|
||||
|
||||
#
|
||||
# /usr
|
||||
#
|
||||
ifdef(`distro_gentoo', `
|
||||
/usr/.*-.*-linux-gnu/gcc-bin/.*(/.*)? context_template(system_u:object_r:bin_t,s0)
|
||||
/usr/.*-.*-linux-gnu/gcc-bin/.*(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
')
|
||||
|
||||
/usr(/.*)?/Bin(/.*)? context_template(system_u:object_r:bin_t,s0)
|
||||
/usr(/.*)?/Bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
/usr(/.*)?/bin(/.*)? context_template(system_u:object_r:bin_t,s0)
|
||||
/usr(/.*)?/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
/usr(/.*)?/sbin(/.*)? context_template(system_u:object_r:sbin_t,s0)
|
||||
/usr(/.*)?/sbin(/.*)? gen_context(system_u:object_r:sbin_t,s0)
|
||||
|
||||
ifdef(`distro_suse', `
|
||||
/usr/lib/cron/run-crons -- context_template(system_u:object_r:bin_t,s0)
|
||||
/usr/lib/cron/run-crons -- gen_context(system_u:object_r:bin_t,s0)
|
||||
')
|
||||
|
||||
/usr/lib/pgsql/test/regress/.*\.sh -- context_template(system_u:object_r:bin_t,s0)
|
||||
/usr/lib/pgsql/test/regress/.*\.sh -- gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
/usr/lib(64)?/sftp-server -- context_template(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/emacsen-common/.* context_template(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/ipsec/.* -- context_template(system_u:object_r:sbin_t,s0)
|
||||
/usr/lib(64)?/misc/sftp-server -- context_template(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/news/bin(/.*)? context_template(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/emacsen-common/.* gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/ipsec/.* -- gen_context(system_u:object_r:sbin_t,s0)
|
||||
/usr/lib(64)?/misc/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/news/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
ifdef(`distro_suse', `
|
||||
/usr/lib(64)?/ssh/.* -- context_template(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/ssh/.* -- gen_context(system_u:object_r:bin_t,s0)
|
||||
')
|
||||
|
||||
/usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird -- context_template(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird-bin -- context_template(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/[^/]*thunderbird[^/]*/open-browser\.sh -- context_template(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/[^/]*/run-mozilla\.sh -- context_template(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/[^/]*/mozilla-xremote-client -- context_template(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird-bin -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/[^/]*thunderbird[^/]*/open-browser\.sh -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/[^/]*/run-mozilla\.sh -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/lib(64)?/[^/]*/mozilla-xremote-client -- gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
/usr/libexec(/.*)? context_template(system_u:object_r:bin_t,s0)
|
||||
/usr/libexec/openssh/sftp-server -- context_template(system_u:object_r:bin_t,s0)
|
||||
/usr/libexec(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
/usr/local/lib(64)?/ipsec/.* -- context_template(system_u:object_r:sbin_t,s0)
|
||||
/usr/local/lib(64)?/ipsec/.* -- gen_context(system_u:object_r:sbin_t,s0)
|
||||
|
||||
/usr/sbin/sesh -- context_template(system_u:object_r:shell_exec_t,s0)
|
||||
/usr/sbin/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
|
||||
|
||||
/usr/share/gnucash/finance-quote-check -- context_template(system_u:object_r:bin_t,s0)
|
||||
/usr/share/gnucash/finance-quote-helper -- context_template(system_u:object_r:bin_t,s0)
|
||||
/usr/share/mc/extfs/.* -- context_template(system_u:object_r:bin_t,s0)
|
||||
/usr/share/turboprint/lib(/.*)? -- context_template(system_u:object_r:bin_t,s0)
|
||||
/usr/share/gnucash/finance-quote-check -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/share/gnucash/finance-quote-helper -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/share/mc/extfs/.* -- gen_context(system_u:object_r:bin_t,s0)
|
||||
/usr/share/turboprint/lib(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
ifdef(`distro_suse',`
|
||||
/usr/share/apache2/[^/]* -- context_template(system_u:object_r:bin_t,s0)
|
||||
/usr/share/apache2/[^/]* -- gen_context(system_u:object_r:bin_t,s0)
|
||||
')
|
||||
|
||||
#
|
||||
# /var
|
||||
#
|
||||
/var/mailman/bin(/.*)? context_template(system_u:object_r:bin_t,s0)
|
||||
/var/mailman/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
|
||||
/var/ftp/bin(/.*)? context_template(system_u:object_r:bin_t,s0)
|
||||
/var/ftp/bin/ls -- context_template(system_u:object_r:ls_exec_t,s0)
|
||||
/var/ftp/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
|
||||
/var/ftp/bin/ls -- gen_context(system_u:object_r:ls_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -2,83 +2,83 @@
|
|||
#
|
||||
# /
|
||||
#
|
||||
/.* context_template(system_u:object_r:default_t,s0)
|
||||
/ -d context_template(system_u:object_r:root_t,s0)
|
||||
/.* gen_context(system_u:object_r:default_t,s0)
|
||||
/ -d gen_context(system_u:object_r:root_t,s0)
|
||||
/\.journal <<none>>
|
||||
ifdef(`distro_redhat',`
|
||||
/\.autofsck -- context_template(system_u:object_r:etc_runtime_t,s0)
|
||||
/\.autorelabel -- context_template(system_u:object_r:etc_runtime_t,s0)
|
||||
/fastboot -- context_template(system_u:object_r:etc_runtime_t,s0)
|
||||
/forcefsck -- context_template(system_u:object_r:etc_runtime_t,s0)
|
||||
/fsckoptions -- context_template(system_u:object_r:etc_runtime_t,s0)
|
||||
/halt -- context_template(system_u:object_r:etc_runtime_t,s0)
|
||||
/poweroff -- context_template(system_u:object_r:etc_runtime_t,s0)
|
||||
/\.autofsck -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
/\.autorelabel -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
/fastboot -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
/forcefsck -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
/fsckoptions -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
/halt -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
/poweroff -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
')
|
||||
|
||||
#
|
||||
# /boot
|
||||
#
|
||||
/boot/\.journal <<none>>
|
||||
/boot/lost\+found -d context_template(system_u:object_r:lost_found_t,s0)
|
||||
/boot/lost\+found -d gen_context(system_u:object_r:lost_found_t,s0)
|
||||
/boot/lost\+found/.* <<none>>
|
||||
|
||||
#
|
||||
# /etc
|
||||
#
|
||||
/etc(/.*)? context_template(system_u:object_r:etc_t,s0)
|
||||
/etc/\.fstab\.hal\..+ -- context_template(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/asound\.state -- context_template(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/blkid\.tab.* -- context_template(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/fstab\.REVOKE -- context_template(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/HOSTNAME -- context_template(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/ioctl\.save -- context_template(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/issue -- context_template(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/issue\.net -- context_template(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/localtime -l context_template(system_u:object_r:etc_t,s0)
|
||||
/etc/mtab -- context_template(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/motd -- context_template(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/nohotplug -- context_template(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/nologin.* -- context_template(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc(/.*)? gen_context(system_u:object_r:etc_t,s0)
|
||||
/etc/\.fstab\.hal\..+ -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/asound\.state -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/blkid\.tab.* -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/fstab\.REVOKE -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/HOSTNAME -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/ioctl\.save -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/issue -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/issue\.net -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/localtime -l gen_context(system_u:object_r:etc_t,s0)
|
||||
/etc/mtab -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/motd -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/nohotplug -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/nologin.* -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
|
||||
/etc/init\.d/functions -- context_template(system_u:object_r:etc_t,s0)
|
||||
/etc/init\.d/functions -- gen_context(system_u:object_r:etc_t,s0)
|
||||
ifdef(`distro_suse',`
|
||||
/etc/init\.d/\.depend.* -- context_template(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/init\.d/\.depend.* -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
')
|
||||
|
||||
/etc/ipsec\.d/examples(/.*)? context_template(system_u:object_r:etc_t,s0)
|
||||
/etc/ipsec\.d/examples(/.*)? gen_context(system_u:object_r:etc_t,s0)
|
||||
|
||||
/etc/network/ifstate -- context_template(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/network/ifstate -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
|
||||
/etc/ptal/ptal-printd-like -- context_template(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/ptal/ptal-printd-like -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
|
||||
/etc/rc\.d/init\.d/functions -- context_template(system_u:object_r:etc_t,s0)
|
||||
/etc/rc\.d/init\.d/functions -- gen_context(system_u:object_r:etc_t,s0)
|
||||
|
||||
/etc/sysconfig/hwconf -- context_template(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/sysconfig/iptables\.save -- context_template(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/sysconfig/firstboot -- context_template(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/sysconfig/hwconf -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/sysconfig/iptables\.save -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/sysconfig/firstboot -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
|
||||
ifdef(`distro_gentoo', `
|
||||
/etc/profile\.env -- context_template(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/csh\.env -- context_template(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/env\.d/.* -- context_template(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/profile\.env -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/csh\.env -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
/etc/env\.d/.* -- gen_context(system_u:object_r:etc_runtime_t,s0)
|
||||
')
|
||||
|
||||
# HOME_ROOT expands to all valid home directory prefixes found in /etc/passwd
|
||||
HOME_ROOT -d context_template(system_u:object_r:home_root_t,s0)
|
||||
HOME_ROOT -d gen_context(system_u:object_r:home_root_t,s0)
|
||||
HOME_ROOT/\.journal <<none>>
|
||||
HOME_ROOT/lost\+found -d context_template(system_u:object_r:lost_found_t,s0)
|
||||
HOME_ROOT/lost\+found -d gen_context(system_u:object_r:lost_found_t,s0)
|
||||
HOME_ROOT/lost\+found/.* <<none>>
|
||||
|
||||
#
|
||||
# /initrd
|
||||
#
|
||||
# initrd mount point, only used during boot
|
||||
/initrd -d context_template(system_u:object_r:root_t,s0)
|
||||
/initrd -d gen_context(system_u:object_r:root_t,s0)
|
||||
|
||||
#
|
||||
# /lost+found
|
||||
#
|
||||
/lost\+found -d context_template(system_u:object_r:lost_found_t,s0)
|
||||
/lost\+found -d gen_context(system_u:object_r:lost_found_t,s0)
|
||||
/lost\+found/.* <<none>>
|
||||
|
||||
#
|
||||
|
|
@ -86,21 +86,21 @@ HOME_ROOT/lost\+found/.* <<none>>
|
|||
#
|
||||
# Mount points; do not relabel subdirectories, since
|
||||
# we don't want to change any removable media by default.
|
||||
/media(/[^/]*)? -d context_template(system_u:object_r:mnt_t,s0)
|
||||
/media(/[^/]*)? -d gen_context(system_u:object_r:mnt_t,s0)
|
||||
/media/[^/]*/.* <<none>>
|
||||
|
||||
#
|
||||
# /mnt
|
||||
#
|
||||
/mnt(/[^/]*)? -d context_template(system_u:object_r:mnt_t,s0)
|
||||
/mnt(/[^/]*)? -d gen_context(system_u:object_r:mnt_t,s0)
|
||||
/mnt/[^/]*/.* <<none>>
|
||||
|
||||
#
|
||||
# /opt
|
||||
#
|
||||
/opt(/.*)? context_template(system_u:object_r:usr_t,s0)
|
||||
/opt(/.*)? gen_context(system_u:object_r:usr_t,s0)
|
||||
|
||||
/opt/(.*)?/var/lib(64)?(/.*)? context_template(system_u:object_r:var_lib_t,s0)
|
||||
/opt/(.*)?/var/lib(64)?(/.*)? gen_context(system_u:object_r:var_lib_t,s0)
|
||||
|
||||
#
|
||||
# /proc
|
||||
|
|
@ -115,7 +115,7 @@ HOME_ROOT/lost\+found/.* <<none>>
|
|||
#
|
||||
# /srv
|
||||
#
|
||||
/srv(/.*)? context_template(system_u:object_r:var_t,s0)
|
||||
/srv(/.*)? gen_context(system_u:object_r:var_t,s0)
|
||||
|
||||
#
|
||||
# /sys
|
||||
|
|
@ -125,68 +125,68 @@ HOME_ROOT/lost\+found/.* <<none>>
|
|||
#
|
||||
# /tmp
|
||||
#
|
||||
/tmp -d context_template(system_u:object_r:tmp_t,s0)
|
||||
/tmp -d gen_context(system_u:object_r:tmp_t,s0)
|
||||
/tmp/.* <<none>>
|
||||
/tmp/\.journal <<none>>
|
||||
|
||||
/tmp/lost\+found -d context_template(system_u:object_r:lost_found_t,s0)
|
||||
/tmp/lost\+found -d gen_context(system_u:object_r:lost_found_t,s0)
|
||||
/tmp/lost\+found/.* <<none>>
|
||||
|
||||
#
|
||||
# /usr
|
||||
#
|
||||
/usr(/.*)? context_template(system_u:object_r:usr_t,s0)
|
||||
/usr(/.*)? gen_context(system_u:object_r:usr_t,s0)
|
||||
/usr/\.journal <<none>>
|
||||
|
||||
/usr/etc(/.*)? context_template(system_u:object_r:etc_t,s0)
|
||||
/usr/etc(/.*)? gen_context(system_u:object_r:etc_t,s0)
|
||||
|
||||
/usr/inclu.e(/.*)? context_template(system_u:object_r:usr_t,s0)
|
||||
/usr/inclu.e(/.*)? gen_context(system_u:object_r:usr_t,s0)
|
||||
|
||||
/usr/local/\.journal <<none>>
|
||||
|
||||
/usr/local/etc(/.*)? context_template(system_u:object_r:etc_t,s0)
|
||||
/usr/local/etc(/.*)? gen_context(system_u:object_r:etc_t,s0)
|
||||
|
||||
/usr/local/lost\+found -d context_template(system_u:object_r:lost_found_t,s0)
|
||||
/usr/local/lost\+found -d gen_context(system_u:object_r:lost_found_t,s0)
|
||||
/usr/local/lost\+found/.* <<none>>
|
||||
|
||||
/usr/local/src(/.*)? context_template(system_u:object_r:src_t,s0)
|
||||
/usr/local/src(/.*)? gen_context(system_u:object_r:src_t,s0)
|
||||
|
||||
/usr/lost\+found -d context_template(system_u:object_r:lost_found_t,s0)
|
||||
/usr/lost\+found -d gen_context(system_u:object_r:lost_found_t,s0)
|
||||
/usr/lost\+found/.* <<none>>
|
||||
|
||||
/usr/share(/.*)?/lib(64)?(/.*)? context_template(system_u:object_r:usr_t,s0)
|
||||
/usr/share(/.*)?/lib(64)?(/.*)? gen_context(system_u:object_r:usr_t,s0)
|
||||
|
||||
/usr/src(/.*)? context_template(system_u:object_r:src_t,s0)
|
||||
/usr/src(/.*)? gen_context(system_u:object_r:src_t,s0)
|
||||
|
||||
/usr/tmp -d context_template(system_u:object_r:tmp_t,s0)
|
||||
/usr/tmp -d gen_context(system_u:object_r:tmp_t,s0)
|
||||
/usr/tmp/.* <<none>>
|
||||
|
||||
#
|
||||
# /var
|
||||
#
|
||||
/var(/.*)? context_template(system_u:object_r:var_t,s0)
|
||||
/var(/.*)? gen_context(system_u:object_r:var_t,s0)
|
||||
/var/\.journal <<none>>
|
||||
|
||||
/var/db/.*\.db -- context_template(system_u:object_r:etc_t,s0)
|
||||
/var/db/.*\.db -- gen_context(system_u:object_r:etc_t,s0)
|
||||
|
||||
/var/ftp/etc(/.*)? context_template(system_u:object_r:etc_t,s0)
|
||||
/var/ftp/etc(/.*)? gen_context(system_u:object_r:etc_t,s0)
|
||||
|
||||
/var/lib(/.*)? context_template(system_u:object_r:var_lib_t,s0)
|
||||
/var/lib(/.*)? gen_context(system_u:object_r:var_lib_t,s0)
|
||||
|
||||
/var/lib/nfs/rpc_pipefs(/.*)? <<none>>
|
||||
|
||||
/var/lock(/.*)? context_template(system_u:object_r:var_lock_t,s0)
|
||||
/var/lock(/.*)? gen_context(system_u:object_r:var_lock_t,s0)
|
||||
|
||||
/var/lost\+found -d context_template(system_u:object_r:lost_found_t,s0)
|
||||
/var/lost\+found -d gen_context(system_u:object_r:lost_found_t,s0)
|
||||
/var/lost\+found/.* <<none>>
|
||||
|
||||
/var/run(/.*)? context_template(system_u:object_r:var_run_t,s0)
|
||||
/var/run(/.*)? gen_context(system_u:object_r:var_run_t,s0)
|
||||
/var/run/.*\.*pid <<none>>
|
||||
|
||||
/var/spool(/.*)? context_template(system_u:object_r:var_spool_t,s0)
|
||||
/var/spool(/.*)? gen_context(system_u:object_r:var_spool_t,s0)
|
||||
|
||||
/var/tmp -d context_template(system_u:object_r:tmp_t,s0)
|
||||
/var/tmp -d gen_context(system_u:object_r:tmp_t,s0)
|
||||
/var/tmp/.* <<none>>
|
||||
/var/tmp/lost\+found -d context_template(system_u:object_r:lost_found_t,s0)
|
||||
/var/tmp/lost\+found -d gen_context(system_u:object_r:lost_found_t,s0)
|
||||
/var/tmp/lost\+found/.* <<none>>
|
||||
/var/tmp/vi\.recover -d context_template(system_u:object_r:tmp_t,s0)
|
||||
/var/tmp/vi\.recover -d gen_context(system_u:object_r:tmp_t,s0)
|
||||
|
|
|
|||
|
|
@ -61,7 +61,7 @@ type file_t, file_type, mountpoint;
|
|||
fs_associate(file_t)
|
||||
fs_associate_noxattr(file_t)
|
||||
kernel_rootfs_mountpoint(file_t)
|
||||
sid file context_template(system_u:object_r:file_t,s0)
|
||||
sid file gen_context(system_u:object_r:file_t,s0)
|
||||
|
||||
#
|
||||
# home_root_t is the type for the directory where user home directories
|
||||
|
|
@ -104,7 +104,7 @@ type root_t, file_type, mountpoint; #, polyparent
|
|||
fs_associate(root_t)
|
||||
fs_associate_noxattr(root_t)
|
||||
kernel_rootfs_mountpoint(root_t)
|
||||
genfscon rootfs / context_template(system_u:object_r:root_t,s0)
|
||||
genfscon rootfs / gen_context(system_u:object_r:root_t,s0)
|
||||
|
||||
#
|
||||
# src_t is the type of files in the system src directories.
|
||||
|
|
|
|||
|
|
@ -1,39 +1,39 @@
|
|||
/sbin/blockdev -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/cfdisk -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/dosfsck -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/dump -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/dumpe2fs -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/e2fsck -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/e2label -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/fdisk -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/findfs -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/fsck.* -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/hdparm -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/install-mbr -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/jfs_.* -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/losetup.* -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/lsraid -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/mkdosfs -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/mke2fs -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/mkfs.* -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/mkraid -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/mkreiserfs -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/mkswap -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/parted -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/partprobe -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/partx -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/raidautorun -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/raidstart -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/reiserfs(ck|tune) -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/resize.*fs -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/scsi_info -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/sfdisk -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/swapon.* -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/tune2fs -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/blockdev -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/cfdisk -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/dosfsck -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/dump -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/dumpe2fs -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/e2fsck -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/e2label -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/fdisk -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/findfs -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/fsck.* -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/hdparm -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/install-mbr -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/jfs_.* -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/losetup.* -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/lsraid -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/mkdosfs -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/mke2fs -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/mkfs.* -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/mkraid -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/mkreiserfs -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/mkswap -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/parted -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/partprobe -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/partx -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/raidautorun -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/raidstart -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/reiserfs(ck|tune) -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/resize.*fs -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/scsi_info -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/sfdisk -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/swapon.* -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/sbin/tune2fs -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
|
||||
/usr/bin/partition_uuid -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/usr/bin/raw -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/usr/bin/scsi_unique_id -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/usr/bin/syslinux -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/usr/bin/partition_uuid -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/usr/bin/raw -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/usr/bin/scsi_unique_id -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
/usr/bin/syslinux -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
|
||||
/usr/sbin/smartctl -- context_template(system_u:object_r:fsadm_exec_t,s0)
|
||||
/usr/sbin/smartctl -- gen_context(system_u:object_r:fsadm_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
|
||||
/etc/mgetty(/.*)? context_template(system_u:object_r:getty_etc_t,s0)
|
||||
/etc/mgetty(/.*)? gen_context(system_u:object_r:getty_etc_t,s0)
|
||||
|
||||
/sbin/.*getty -- context_template(system_u:object_r:getty_exec_t,s0)
|
||||
/sbin/.*getty -- gen_context(system_u:object_r:getty_exec_t,s0)
|
||||
|
||||
/var/log/mgetty\.log.* -- context_template(system_u:object_r:getty_log_t,s0)
|
||||
/var/log/mgetty\.log.* -- gen_context(system_u:object_r:getty_log_t,s0)
|
||||
|
||||
/var/run/mgetty\.pid.* -- context_template(system_u:object_r:getty_var_run_t,s0)
|
||||
/var/run/mgetty\.pid.* -- gen_context(system_u:object_r:getty_var_run_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,2 +1,2 @@
|
|||
|
||||
/bin/hostname -- context_template(system_u:object_r:hostname_exec_t,s0)
|
||||
/bin/hostname -- gen_context(system_u:object_r:hostname_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
|
||||
/etc/hotplug(/.*)? context_template(system_u:object_r:hotplug_etc_t,s0)
|
||||
/etc/hotplug/firmware.agent -- context_template(system_u:object_r:hotplug_exec_t,s0)
|
||||
/etc/hotplug(/.*)? gen_context(system_u:object_r:hotplug_etc_t,s0)
|
||||
/etc/hotplug/firmware.agent -- gen_context(system_u:object_r:hotplug_exec_t,s0)
|
||||
|
||||
/etc/hotplug\.d/.* -- context_template(system_u:object_r:hotplug_exec_t,s0)
|
||||
/etc/hotplug\.d/.* -- gen_context(system_u:object_r:hotplug_exec_t,s0)
|
||||
|
||||
/sbin/hotplug -- context_template(system_u:object_r:hotplug_exec_t,s0)
|
||||
/sbin/netplugd -- context_template(system_u:object_r:hotplug_exec_t,s0)
|
||||
/sbin/hotplug -- gen_context(system_u:object_r:hotplug_exec_t,s0)
|
||||
/sbin/netplugd -- gen_context(system_u:object_r:hotplug_exec_t,s0)
|
||||
|
||||
/var/run/usb(/.*)? context_template(system_u:object_r:hotplug_var_run_t,s0)
|
||||
/var/run/hotplug(/.*)? context_template(system_u:object_r:hotplug_var_run_t,s0)
|
||||
/var/run/usb(/.*)? gen_context(system_u:object_r:hotplug_var_run_t,s0)
|
||||
/var/run/hotplug(/.*)? gen_context(system_u:object_r:hotplug_var_run_t,s0)
|
||||
|
|
|
|||
|
|
@ -2,56 +2,56 @@
|
|||
#
|
||||
# /etc
|
||||
#
|
||||
/etc/init\.d/.* -- context_template(system_u:object_r:initrc_exec_t,s0)
|
||||
/etc/init\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0)
|
||||
|
||||
/etc/rc\.d/rc -- context_template(system_u:object_r:initrc_exec_t,s0)
|
||||
/etc/rc\.d/rc\.sysinit -- context_template(system_u:object_r:initrc_exec_t,s0)
|
||||
/etc/rc\.d/rc\.local -- context_template(system_u:object_r:initrc_exec_t,s0)
|
||||
/etc/rc\.d/rc -- gen_context(system_u:object_r:initrc_exec_t,s0)
|
||||
/etc/rc\.d/rc\.sysinit -- gen_context(system_u:object_r:initrc_exec_t,s0)
|
||||
/etc/rc\.d/rc\.local -- gen_context(system_u:object_r:initrc_exec_t,s0)
|
||||
|
||||
/etc/rc\.d/init\.d/.* -- context_template(system_u:object_r:initrc_exec_t,s0)
|
||||
/etc/rc\.d/init\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0)
|
||||
|
||||
ifdef(`targeted_policy', `', `
|
||||
/etc/X11/prefdm -- context_template(system_u:object_r:initrc_exec_t,s0)
|
||||
/etc/X11/prefdm -- gen_context(system_u:object_r:initrc_exec_t,s0)
|
||||
')
|
||||
|
||||
#
|
||||
# /dev
|
||||
#
|
||||
/dev/initctl -p context_template(system_u:object_r:initctl_t,s0)
|
||||
/dev/initctl -p gen_context(system_u:object_r:initctl_t,s0)
|
||||
|
||||
#
|
||||
# /sbin
|
||||
#
|
||||
/sbin/init -- context_template(system_u:object_r:init_exec_t,s0)
|
||||
/sbin/init -- gen_context(system_u:object_r:init_exec_t,s0)
|
||||
ifdef(`distro_gentoo', `
|
||||
/sbin/rc -- context_template(system_u:object_r:initrc_exec_t,s0)
|
||||
/sbin/runscript -- context_template(system_u:object_r:initrc_exec_t,s0)
|
||||
/sbin/runscript\.sh -- context_template(system_u:object_r:initrc_exec_t,s0)
|
||||
/sbin/rc -- gen_context(system_u:object_r:initrc_exec_t,s0)
|
||||
/sbin/runscript -- gen_context(system_u:object_r:initrc_exec_t,s0)
|
||||
/sbin/runscript\.sh -- gen_context(system_u:object_r:initrc_exec_t,s0)
|
||||
')
|
||||
|
||||
#
|
||||
# /usr
|
||||
#
|
||||
/usr/sbin/apachectl -- context_template(system_u:object_r:initrc_exec_t,s0)
|
||||
/usr/sbin/open_init_pty -- context_template(system_u:object_r:initrc_exec_t,s0)
|
||||
/usr/sbin/apachectl -- gen_context(system_u:object_r:initrc_exec_t,s0)
|
||||
/usr/sbin/open_init_pty -- gen_context(system_u:object_r:initrc_exec_t,s0)
|
||||
|
||||
#
|
||||
# /var
|
||||
#
|
||||
ifdef(`distro_gentoo', `
|
||||
/var/lib/init\.d(/.*)? context_template(system_u:object_r:initrc_state_t,s0)
|
||||
/var/lib/init\.d(/.*)? gen_context(system_u:object_r:initrc_state_t,s0)
|
||||
')
|
||||
|
||||
/var/run/utmp -- context_template(system_u:object_r:initrc_var_run_t,s0)
|
||||
/var/run/runlevel\.dir context_template(system_u:object_r:initrc_var_run_t,s0)
|
||||
/var/run/random-seed -- context_template(system_u:object_r:initrc_var_run_t,s0)
|
||||
/var/run/setmixer_flag -- context_template(system_u:object_r:initrc_var_run_t,s0)
|
||||
/var/run/utmp -- gen_context(system_u:object_r:initrc_var_run_t,s0)
|
||||
/var/run/runlevel\.dir gen_context(system_u:object_r:initrc_var_run_t,s0)
|
||||
/var/run/random-seed -- gen_context(system_u:object_r:initrc_var_run_t,s0)
|
||||
/var/run/setmixer_flag -- gen_context(system_u:object_r:initrc_var_run_t,s0)
|
||||
|
||||
ifdef(`distro_suse', `
|
||||
/var/run/bootsplashctl -p context_template(system_u:object_r:initrc_var_run_t,s0)
|
||||
/var/run/keymap -- context_template(system_u:object_r:initrc_var_run_t,s0)
|
||||
/var/run/numlock-on -- context_template(system_u:object_r:initrc_var_run_t,s0)
|
||||
/var/run/setleds-on -- context_template(system_u:object_r:initrc_var_run_t,s0)
|
||||
/var/run/sysconfig(/.*)? context_template(system_u:object_r:initrc_var_run_t,s0)
|
||||
/var/run/bootsplashctl -p gen_context(system_u:object_r:initrc_var_run_t,s0)
|
||||
/var/run/keymap -- gen_context(system_u:object_r:initrc_var_run_t,s0)
|
||||
/var/run/numlock-on -- gen_context(system_u:object_r:initrc_var_run_t,s0)
|
||||
/var/run/setleds-on -- gen_context(system_u:object_r:initrc_var_run_t,s0)
|
||||
/var/run/sysconfig(/.*)? gen_context(system_u:object_r:initrc_var_run_t,s0)
|
||||
')
|
||||
|
||||
|
|
|
|||
|
|
@ -1,32 +1,32 @@
|
|||
/etc/ipsec\.secrets -- context_template(system_u:object_r:ipsec_key_file_t,s0)
|
||||
/etc/ipsec\.conf -- context_template(system_u:object_r:ipsec_conf_file_t,s0)
|
||||
/etc/racoon/psk\.txt -- context_template(system_u:object_r:ipsec_key_file_t,s0)
|
||||
/etc/ipsec\.secrets -- gen_context(system_u:object_r:ipsec_key_file_t,s0)
|
||||
/etc/ipsec\.conf -- gen_context(system_u:object_r:ipsec_conf_file_t,s0)
|
||||
/etc/racoon/psk\.txt -- gen_context(system_u:object_r:ipsec_key_file_t,s0)
|
||||
|
||||
/etc/racoon(/.*)? context_template(system_u:object_r:ipsec_conf_file_t,s0)
|
||||
/etc/racoon/certs(/.*)? context_template(system_u:object_r:ipsec_key_file_t,s0)
|
||||
/etc/racoon(/.*)? gen_context(system_u:object_r:ipsec_conf_file_t,s0)
|
||||
/etc/racoon/certs(/.*)? gen_context(system_u:object_r:ipsec_key_file_t,s0)
|
||||
|
||||
/etc/ipsec\.d(/.*)? context_template(system_u:object_r:ipsec_key_file_t,s0)
|
||||
/etc/ipsec\.d(/.*)? gen_context(system_u:object_r:ipsec_key_file_t,s0)
|
||||
|
||||
/sbin/setkey -- context_template(system_u:object_r:ipsec_exec_t,s0)
|
||||
/sbin/setkey -- gen_context(system_u:object_r:ipsec_exec_t,s0)
|
||||
|
||||
/usr/lib(64)?/ipsec/_plutoload -- context_template(system_u:object_r:ipsec_mgmt_exec_t,s0)
|
||||
/usr/lib(64)?/ipsec/_plutorun -- context_template(system_u:object_r:ipsec_mgmt_exec_t,s0)
|
||||
/usr/lib(64)?/ipsec/eroute -- context_template(system_u:object_r:ipsec_exec_t,s0)
|
||||
/usr/lib(64)?/ipsec/klipsdebug -- context_template(system_u:object_r:ipsec_exec_t,s0)
|
||||
/usr/lib(64)?/ipsec/pluto -- context_template(system_u:object_r:ipsec_exec_t,s0)
|
||||
/usr/lib(64)?/ipsec/spi -- context_template(system_u:object_r:ipsec_exec_t,s0)
|
||||
/usr/lib(64)?/ipsec/_plutoload -- gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0)
|
||||
/usr/lib(64)?/ipsec/_plutorun -- gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0)
|
||||
/usr/lib(64)?/ipsec/eroute -- gen_context(system_u:object_r:ipsec_exec_t,s0)
|
||||
/usr/lib(64)?/ipsec/klipsdebug -- gen_context(system_u:object_r:ipsec_exec_t,s0)
|
||||
/usr/lib(64)?/ipsec/pluto -- gen_context(system_u:object_r:ipsec_exec_t,s0)
|
||||
/usr/lib(64)?/ipsec/spi -- gen_context(system_u:object_r:ipsec_exec_t,s0)
|
||||
|
||||
/usr/libexec/ipsec/eroute -- context_template(system_u:object_r:ipsec_exec_t,s0)
|
||||
/usr/libexec/ipsec/klipsdebug -- context_template(system_u:object_r:ipsec_exec_t,s0)
|
||||
/usr/libexec/ipsec/pluto -- context_template(system_u:object_r:ipsec_exec_t,s0)
|
||||
/usr/libexec/ipsec/spi -- context_template(system_u:object_r:ipsec_exec_t,s0)
|
||||
/usr/libexec/ipsec/eroute -- gen_context(system_u:object_r:ipsec_exec_t,s0)
|
||||
/usr/libexec/ipsec/klipsdebug -- gen_context(system_u:object_r:ipsec_exec_t,s0)
|
||||
/usr/libexec/ipsec/pluto -- gen_context(system_u:object_r:ipsec_exec_t,s0)
|
||||
/usr/libexec/ipsec/spi -- gen_context(system_u:object_r:ipsec_exec_t,s0)
|
||||
|
||||
/usr/local/lib(64)?/ipsec/eroute -- context_template(system_u:object_r:ipsec_exec_t,s0)
|
||||
/usr/local/lib(64)?/ipsec/klipsdebug -- context_template(system_u:object_r:ipsec_exec_t,s0)
|
||||
/usr/local/lib(64)?/ipsec/pluto -- context_template(system_u:object_r:ipsec_exec_t,s0)
|
||||
/usr/local/lib(64)?/ipsec/spi -- context_template(system_u:object_r:ipsec_exec_t,s0)
|
||||
/usr/local/lib(64)?/ipsec/eroute -- gen_context(system_u:object_r:ipsec_exec_t,s0)
|
||||
/usr/local/lib(64)?/ipsec/klipsdebug -- gen_context(system_u:object_r:ipsec_exec_t,s0)
|
||||
/usr/local/lib(64)?/ipsec/pluto -- gen_context(system_u:object_r:ipsec_exec_t,s0)
|
||||
/usr/local/lib(64)?/ipsec/spi -- gen_context(system_u:object_r:ipsec_exec_t,s0)
|
||||
|
||||
/usr/sbin/racoon -- context_template(system_u:object_r:ipsec_exec_t,s0)
|
||||
/usr/sbin/setkey -- context_template(system_u:object_r:ipsec_exec_t,s0)
|
||||
/usr/sbin/racoon -- gen_context(system_u:object_r:ipsec_exec_t,s0)
|
||||
/usr/sbin/setkey -- gen_context(system_u:object_r:ipsec_exec_t,s0)
|
||||
|
||||
/var/run/pluto(/.*)? context_template(system_u:object_r:ipsec_var_run_t,s0)
|
||||
/var/run/pluto(/.*)? gen_context(system_u:object_r:ipsec_var_run_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
|
||||
/sbin/ip6tables.* -- context_template(system_u:object_r:iptables_exec_t,s0)
|
||||
/sbin/ipchains.* -- context_template(system_u:object_r:iptables_exec_t,s0)
|
||||
/sbin/iptables.* -- context_template(system_u:object_r:iptables_exec_t,s0)
|
||||
/sbin/ip6tables.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
|
||||
/sbin/ipchains.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
|
||||
/sbin/iptables.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
|
||||
|
||||
/usr/sbin/ip6tables.* -- context_template(system_u:object_r:iptables_exec_t,s0)
|
||||
/usr/sbin/ipchains.* -- context_template(system_u:object_r:iptables_exec_t,s0)
|
||||
/usr/sbin/iptables.* -- context_template(system_u:object_r:iptables_exec_t,s0)
|
||||
/usr/sbin/ip6tables.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
|
||||
/usr/sbin/ipchains.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
|
||||
/usr/sbin/iptables.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -2,64 +2,64 @@
|
|||
#
|
||||
# /etc
|
||||
#
|
||||
/etc/ld\.so\.cache -- context_template(system_u:object_r:ld_so_cache_t,s0)
|
||||
/etc/ld\.so\.preload -- context_template(system_u:object_r:ld_so_cache_t,s0)
|
||||
/etc/ld\.so\.cache -- gen_context(system_u:object_r:ld_so_cache_t,s0)
|
||||
/etc/ld\.so\.preload -- gen_context(system_u:object_r:ld_so_cache_t,s0)
|
||||
|
||||
#
|
||||
# /lib(64)?
|
||||
#
|
||||
/lib(64)?(/.*)? context_template(system_u:object_r:lib_t,s0)
|
||||
/lib(64)?/.*\.so(\.[^/]*)* -- context_template(system_u:object_r:shlib_t,s0)
|
||||
/lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* -- context_template(system_u:object_r:ld_so_t,s0)
|
||||
/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
|
||||
/lib(64)?/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
|
||||
/lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0)
|
||||
|
||||
#
|
||||
# /opt
|
||||
#
|
||||
/opt/(.*)?/lib(64)?(/.*)? context_template(system_u:object_r:lib_t,s0)
|
||||
/opt/(.*)?/lib(64)?/.*\.so(\.[^/]*)* -- context_template(system_u:object_r:shlib_t,s0)
|
||||
/opt/(.*)?/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
|
||||
/opt/(.*)?/lib(64)?/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
|
||||
|
||||
#
|
||||
# /sbin
|
||||
#
|
||||
/sbin/ldconfig -- context_template(system_u:object_r:ldconfig_exec_t,s0)
|
||||
/sbin/ldconfig -- gen_context(system_u:object_r:ldconfig_exec_t,s0)
|
||||
|
||||
#
|
||||
# /usr
|
||||
#
|
||||
/usr(/.*)?/HelixPlayer/.*\.so(\.[^/]*)* -- context_template(system_u:object_r:texrel_shlib_t,s0)
|
||||
/usr(/.*)?/HelixPlayer/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
|
||||
|
||||
/usr(/.*)?/java/.*\.so(\.[^/]*)* -- context_template(system_u:object_r:texrel_shlib_t,s0)
|
||||
/usr(/.*)?/java/.*\.jar -- context_template(system_u:object_r:shlib_t,s0)
|
||||
/usr(/.*)?/java/.*\.jsa -- context_template(system_u:object_r:shlib_t,s0)
|
||||
/usr(/.*)?/java/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
|
||||
/usr(/.*)?/java/.*\.jar -- gen_context(system_u:object_r:shlib_t,s0)
|
||||
/usr(/.*)?/java/.*\.jsa -- gen_context(system_u:object_r:shlib_t,s0)
|
||||
|
||||
/usr(/.*)?/lib(64)?(/.*)? context_template(system_u:object_r:lib_t,s0)
|
||||
/usr(/.*)?/lib(64)?/.*\.so(\.[^/]*)* -- context_template(system_u:object_r:shlib_t,s0)
|
||||
/usr(/.*)?/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
|
||||
/usr(/.*)?/lib(64)?/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
|
||||
|
||||
/usr(/.*)?/lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* context_template(system_u:object_r:ld_so_t,s0)
|
||||
/usr(/.*)?/lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* gen_context(system_u:object_r:ld_so_t,s0)
|
||||
|
||||
/usr(/.*)?/nvidia/.*\.so(\..*)? -- context_template(system_u:object_r:texrel_shlib_t,s0)
|
||||
/usr(/.*)?/nvidia/.*\.so(\..*)? -- gen_context(system_u:object_r:texrel_shlib_t,s0)
|
||||
|
||||
/usr/lib/pgsql/test/regress/.*\.so -- context_template(system_u:object_r:shlib_t,s0)
|
||||
/usr/lib/pgsql/test/regress/.*\.so -- gen_context(system_u:object_r:shlib_t,s0)
|
||||
|
||||
/usr/lib/win32/.* -- context_template(system_u:object_r:shlib_t,s0)
|
||||
/usr/lib/win32/.* -- gen_context(system_u:object_r:shlib_t,s0)
|
||||
|
||||
/usr/lib(64)?/libGL(core)?/.so(\.[^/]*)* -- context_template(system_u:object_r:texrel_shlib_t,s0)
|
||||
/usr/lib(64)?/libGL(core)?/.so(\.[^/]*)* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
|
||||
|
||||
/usr/lib(64)?(/.*)?/libnvidia.*\.so(\.[^/]*)* -- context_template(system_u:object_r:texrel_shlib_t,s0)
|
||||
/usr/lib(64)?(/.*)?/libnvidia.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
|
||||
|
||||
/usr/(local/)?lib/wine/.*\.so -- context_template(system_u:object_r:texrel_shlib_t,s0)
|
||||
/usr/(local/)?lib/libfame-.*\.so.* -- context_template(system_u:object_r:texrel_shlib_t,s0)
|
||||
/usr/local/.*\.so(\.[^/]*)* -- context_template(system_u:object_r:shlib_t,s0)
|
||||
/usr/(local/)?lib/wine/.*\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
|
||||
/usr/(local/)?lib/libfame-.*\.so.* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
|
||||
/usr/local/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
|
||||
|
||||
/usr/X11R6/lib/libGL\.so.* -- context_template(system_u:object_r:texrel_shlib_t,s0)
|
||||
/usr/X11R6/lib/libXvMCNVIDIA\.so.* -- context_template(system_u:object_r:texrel_shlib_t,s0)
|
||||
/usr/X11R6/lib/libGL\.so.* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
|
||||
/usr/X11R6/lib/libXvMCNVIDIA\.so.* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
|
||||
|
||||
/usr/x11R6/lib/modules/extensions/libglx\.so(\.[^/]*)* -- context_template(system_u:object_r:texrel_shlib_t,s0)
|
||||
/usr/x11R6/lib/modules/extensions/libglx\.so(\.[^/]*)* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
|
||||
#
|
||||
# /var
|
||||
#
|
||||
/var/ftp/lib(64)?(/.*)? context_template(system_u:object_r:lib_t,s0)
|
||||
/var/ftp/lib(64)?/ld[^/]*\.so(\.[^/]*)* -- context_template(system_u:object_r:ld_so_t,s0)
|
||||
/var/ftp/lib(64)?/lib[^/]*\.so(\.[^/]*)* -- context_template(system_u:object_r:shlib_t,s0)
|
||||
/var/ftp/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
|
||||
/var/ftp/lib(64)?/ld[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0)
|
||||
/var/ftp/lib(64)?/lib[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
|
||||
|
||||
/var/mailman/pythonlib(/.*)?/.*\.so(\..*)? -- context_template(system_u:object_r:shlib_t,s0)
|
||||
/var/mailman/pythonlib(/.*)?/.*\.so(\..*)? -- gen_context(system_u:object_r:shlib_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,2 +1,2 @@
|
|||
|
||||
/sbin/sulogin -- context_template(system_u:object_r:sulogin_exec_t,s0)
|
||||
/sbin/sulogin -- gen_context(system_u:object_r:sulogin_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,30 +1,30 @@
|
|||
|
||||
/dev/log -s context_template(system_u:object_r:devlog_t,s0)
|
||||
/dev/log -s gen_context(system_u:object_r:devlog_t,s0)
|
||||
|
||||
/etc/auditd.conf -- context_template(system_u:object_r:auditd_etc_t,s0)
|
||||
/etc/audit.rules -- context_template(system_u:object_r:auditd_etc_t,s0)
|
||||
/etc/auditd.conf -- gen_context(system_u:object_r:auditd_etc_t,s0)
|
||||
/etc/audit.rules -- gen_context(system_u:object_r:auditd_etc_t,s0)
|
||||
|
||||
/sbin/auditctl -- context_template(system_u:object_r:auditctl_exec_t,s0)
|
||||
/sbin/auditd -- context_template(system_u:object_r:auditd_exec_t,s0)
|
||||
/sbin/klogd -- context_template(system_u:object_r:klogd_exec_t,s0)
|
||||
/sbin/minilogd -- context_template(system_u:object_r:syslogd_exec_t,s0)
|
||||
/sbin/syslogd -- context_template(system_u:object_r:syslogd_exec_t,s0)
|
||||
/sbin/syslog-ng -- context_template(system_u:object_r:syslogd_exec_t,s0)
|
||||
/sbin/auditctl -- gen_context(system_u:object_r:auditctl_exec_t,s0)
|
||||
/sbin/auditd -- gen_context(system_u:object_r:auditd_exec_t,s0)
|
||||
/sbin/klogd -- gen_context(system_u:object_r:klogd_exec_t,s0)
|
||||
/sbin/minilogd -- gen_context(system_u:object_r:syslogd_exec_t,s0)
|
||||
/sbin/syslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0)
|
||||
/sbin/syslog-ng -- gen_context(system_u:object_r:syslogd_exec_t,s0)
|
||||
|
||||
/usr/sbin/klogd -- context_template(system_u:object_r:klogd_exec_t,s0)
|
||||
/usr/sbin/metalog -- context_template(system_u:object_r:syslogd_exec_t,s0)
|
||||
/usr/sbin/syslogd -- context_template(system_u:object_r:syslogd_exec_t,s0)
|
||||
/usr/sbin/klogd -- gen_context(system_u:object_r:klogd_exec_t,s0)
|
||||
/usr/sbin/metalog -- gen_context(system_u:object_r:syslogd_exec_t,s0)
|
||||
/usr/sbin/syslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0)
|
||||
|
||||
ifdef(`distro_suse', `
|
||||
/var/lib/stunnel/dev/log -s context_template(system_u:object_r:devlog_t,s0)
|
||||
/var/lib/stunnel/dev/log -s gen_context(system_u:object_r:devlog_t,s0)
|
||||
')
|
||||
|
||||
/var/log(/.*)? context_template(system_u:object_r:var_log_t,s0)
|
||||
/var/log/audit.log -- context_template(system_u:object_r:auditd_log_t,s0)
|
||||
/var/log(/.*)? gen_context(system_u:object_r:var_log_t,s0)
|
||||
/var/log/audit.log -- gen_context(system_u:object_r:auditd_log_t,s0)
|
||||
|
||||
/var/log/audit(/.*)? context_template(system_u:object_r:auditd_log_t,s0)
|
||||
/var/log/audit(/.*)? gen_context(system_u:object_r:auditd_log_t,s0)
|
||||
|
||||
/var/run/klogd\.pid -- context_template(system_u:object_r:klogd_var_run_t,s0)
|
||||
/var/run/log -s context_template(system_u:object_r:devlog_t,s0)
|
||||
/var/run/metalog\.pid -- context_template(system_u:object_r:syslogd_var_run_t,s0)
|
||||
/var/run/syslogd\.pid -- context_template(system_u:object_r:syslogd_var_run_t,s0)
|
||||
/var/run/klogd\.pid -- gen_context(system_u:object_r:klogd_var_run_t,s0)
|
||||
/var/run/log -s gen_context(system_u:object_r:devlog_t,s0)
|
||||
/var/run/metalog\.pid -- gen_context(system_u:object_r:syslogd_var_run_t,s0)
|
||||
/var/run/syslogd\.pid -- gen_context(system_u:object_r:syslogd_var_run_t,s0)
|
||||
|
|
|
|||
|
|
@ -6,84 +6,84 @@
|
|||
#
|
||||
# /etc
|
||||
#
|
||||
/etc/lvm(/.*)? context_template(system_u:object_r:lvm_etc_t,s0)
|
||||
/etc/lvm/\.cache -- context_template(system_u:object_r:lvm_metadata_t,s0)
|
||||
/etc/lvm/archive(/.*)? context_template(system_u:object_r:lvm_metadata_t,s0)
|
||||
/etc/lvm/backup(/.*)? context_template(system_u:object_r:lvm_metadata_t,s0)
|
||||
/etc/lvm/lock(/.*)? context_template(system_u:object_r:lvm_lock_t,s0)
|
||||
/etc/lvm(/.*)? gen_context(system_u:object_r:lvm_etc_t,s0)
|
||||
/etc/lvm/\.cache -- gen_context(system_u:object_r:lvm_metadata_t,s0)
|
||||
/etc/lvm/archive(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
|
||||
/etc/lvm/backup(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
|
||||
/etc/lvm/lock(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0)
|
||||
|
||||
/etc/lvmtab(/.*)? context_template(system_u:object_r:lvm_metadata_t,s0)
|
||||
/etc/lvmtab\.d(/.*)? context_template(system_u:object_r:lvm_metadata_t,s0)
|
||||
/etc/lvmtab(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
|
||||
/etc/lvmtab\.d(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
|
||||
|
||||
#
|
||||
# /lib
|
||||
#
|
||||
/lib/lvm-10/.* -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/lib/lvm-200/.* -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/lib/lvm-10/.* -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/lib/lvm-200/.* -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
|
||||
#
|
||||
# /sbin
|
||||
#
|
||||
/sbin/cryptsetup -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/dmsetup -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/dmsetup\.static -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/e2fsadm -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvchange -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvcreate -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvdisplay -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvextend -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvm -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvm\.static -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvmchange -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvmdiskscan -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvmiopversion -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvmsadc -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvmsar -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvreduce -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvremove -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvrename -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvresize -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvs -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvscan -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/multipathd -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/pvchange -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/pvcreate -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/pvdata -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/pvdisplay -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/pvmove -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/pvremove -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/pvs -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/pvscan -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgcfgbackup -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgcfgrestore -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgchange -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgchange\.static -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgck -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgcreate -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgdisplay -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgexport -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgextend -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgimport -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgmerge -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgmknodes -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgreduce -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgremove -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgrename -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgs -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgscan -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgscan\.static -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgsplit -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgwrapper -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/cryptsetup -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/dmsetup -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/dmsetup\.static -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/e2fsadm -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvchange -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvcreate -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvdisplay -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvextend -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvm -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvm\.static -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvmchange -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvmdiskscan -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvmiopversion -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvmsadc -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvmsar -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvreduce -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvremove -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvrename -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvresize -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvs -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvscan -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/multipathd -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/pvchange -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/pvcreate -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/pvdata -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/pvdisplay -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/pvmove -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/pvremove -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/pvs -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/pvscan -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgcfgbackup -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgcfgrestore -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgchange -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgchange\.static -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgck -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgcreate -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgdisplay -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgexport -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgextend -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgimport -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgmerge -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgmknodes -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgreduce -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgremove -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgrename -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgs -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgscan -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgscan\.static -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgsplit -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/vgwrapper -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
|
||||
#
|
||||
# /usr
|
||||
#
|
||||
/usr/sbin/clvmd -- context_template(system_u:object_r:clvmd_exec_t,s0)
|
||||
/usr/sbin/lvm -- context_template(system_u:object_r:lvm_exec_t,s0)
|
||||
/usr/sbin/clvmd -- gen_context(system_u:object_r:clvmd_exec_t,s0)
|
||||
/usr/sbin/lvm -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
|
||||
#
|
||||
# /var
|
||||
#
|
||||
/var/lock/lvm(/.*)? context_template(system_u:object_r:lvm_lock_t,s0)
|
||||
/var/lock/lvm(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0)
|
||||
|
||||
/var/cache/multipathd(/.*)? context_template(system_u:object_r:lvm_metadata_t,s0)
|
||||
/var/cache/multipathd(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,58 +1,58 @@
|
|||
#
|
||||
# /etc
|
||||
#
|
||||
/etc/localtime -- context_template(system_u:object_r:locale_t,s0)
|
||||
/etc/pki(/.*)? context_template(system_u:object_r:cert_t,s0)
|
||||
/etc/localtime -- gen_context(system_u:object_r:locale_t,s0)
|
||||
/etc/pki(/.*)? gen_context(system_u:object_r:cert_t,s0)
|
||||
|
||||
#
|
||||
# /opt
|
||||
#
|
||||
/opt/(.*)?/man(/.*)? context_template(system_u:object_r:man_t,s0)
|
||||
/opt/(.*)?/man(/.*)? gen_context(system_u:object_r:man_t,s0)
|
||||
|
||||
#
|
||||
# /srv
|
||||
#
|
||||
/srv/([^/]*/)?ftp(/.*)? context_template(system_u:object_r:ftpd_anon_t,s0)
|
||||
/srv/([^/]*/)?rsync(/.*)? context_template(system_u:object_r:ftpd_anon_t,s0)
|
||||
/srv/([^/]*/)?ftp(/.*)? gen_context(system_u:object_r:ftpd_anon_t,s0)
|
||||
/srv/([^/]*/)?rsync(/.*)? gen_context(system_u:object_r:ftpd_anon_t,s0)
|
||||
|
||||
#
|
||||
# /usr
|
||||
#
|
||||
/usr/lib/locale(/.*)? context_template(system_u:object_r:locale_t,s0)
|
||||
/usr/lib/locale(/.*)? gen_context(system_u:object_r:locale_t,s0)
|
||||
|
||||
/usr/lib(64)?/perl5/man(/.*)? context_template(system_u:object_r:man_t,s0)
|
||||
/usr/lib(64)?/perl5/man(/.*)? gen_context(system_u:object_r:man_t,s0)
|
||||
|
||||
/usr/local/man(/.*)? context_template(system_u:object_r:man_t,s0)
|
||||
/usr/local/man(/.*)? gen_context(system_u:object_r:man_t,s0)
|
||||
|
||||
/usr/local/share/fonts(/.*)? context_template(system_u:object_r:fonts_t,s0)
|
||||
/usr/local/share/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)
|
||||
|
||||
/usr/man(/.*)? context_template(system_u:object_r:man_t,s0)
|
||||
/usr/man(/.*)? gen_context(system_u:object_r:man_t,s0)
|
||||
|
||||
/usr/share/fonts(/.*)? context_template(system_u:object_r:fonts_t,s0)
|
||||
/usr/share/ghostscript/fonts(/.*)? context_template(system_u:object_r:fonts_t,s0)
|
||||
/usr/share/locale(/.*)? context_template(system_u:object_r:locale_t,s0)
|
||||
/usr/share/man(/.*)? context_template(system_u:object_r:man_t,s0)
|
||||
/usr/share/zoneinfo(/.*)? context_template(system_u:object_r:locale_t,s0)
|
||||
/usr/share/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)
|
||||
/usr/share/ghostscript/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)
|
||||
/usr/share/locale(/.*)? gen_context(system_u:object_r:locale_t,s0)
|
||||
/usr/share/man(/.*)? gen_context(system_u:object_r:man_t,s0)
|
||||
/usr/share/zoneinfo(/.*)? gen_context(system_u:object_r:locale_t,s0)
|
||||
|
||||
/usr/share/ssl/certs(/.*)? context_template(system_u:object_r:cert_t,s0)
|
||||
/usr/share/ssl/private(/.*)? context_template(system_u:object_r:cert_t,s0)
|
||||
/usr/share/ssl/certs(/.*)? gen_context(system_u:object_r:cert_t,s0)
|
||||
/usr/share/ssl/private(/.*)? gen_context(system_u:object_r:cert_t,s0)
|
||||
|
||||
/usr/X11R6/lib/X11/fonts(/.*)? context_template(system_u:object_r:fonts_t,s0)
|
||||
/usr/X11R6/lib/X11/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)
|
||||
|
||||
/usr/X11R6/man(/.*)? context_template(system_u:object_r:man_t,s0)
|
||||
/usr/X11R6/man(/.*)? gen_context(system_u:object_r:man_t,s0)
|
||||
|
||||
#
|
||||
# /var
|
||||
#
|
||||
/var/ftp(/.*)? context_template(system_u:object_r:ftpd_anon_t,s0)
|
||||
/var/ftp(/.*)? gen_context(system_u:object_r:ftpd_anon_t,s0)
|
||||
|
||||
ifdef(`distro_debian', `
|
||||
/var/lib/msttcorefonts(/.*)? context_template(system_u:object_r:fonts_t,s0)
|
||||
/var/lib/msttcorefonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)
|
||||
')
|
||||
|
||||
/var/lib/texmf(/.*)? context_template(system_u:object_r:tetex_data_t,s0)
|
||||
/var/lib/texmf(/.*)? gen_context(system_u:object_r:tetex_data_t,s0)
|
||||
|
||||
/var/cache/fonts(/.*)? context_template(system_u:object_r:tetex_data_t,s0)
|
||||
/var/cache/man(/.*)? context_template(system_u:object_r:man_t,s0)
|
||||
/var/cache/fonts(/.*)? gen_context(system_u:object_r:tetex_data_t,s0)
|
||||
/var/cache/man(/.*)? gen_context(system_u:object_r:man_t,s0)
|
||||
|
||||
/var/spool/texmf(/.*)? context_template(system_u:object_r:tetex_data_t,s0)
|
||||
/var/spool/texmf(/.*)? gen_context(system_u:object_r:tetex_data_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,14 +1,14 @@
|
|||
|
||||
/etc/modules\.conf.* -- context_template(system_u:object_r:modules_conf_t,s0)
|
||||
/etc/modprobe\.conf.* -- context_template(system_u:object_r:modules_conf_t,s0)
|
||||
/etc/modules\.conf.* -- gen_context(system_u:object_r:modules_conf_t,s0)
|
||||
/etc/modprobe\.conf.* -- gen_context(system_u:object_r:modules_conf_t,s0)
|
||||
|
||||
/lib(64)?/modules/[^/]+/modules\..+ -- context_template(system_u:object_r:modules_dep_t,s0)
|
||||
/lib(64)?/modules/[^/]+/modules\..+ -- gen_context(system_u:object_r:modules_dep_t,s0)
|
||||
|
||||
/lib(64)?/modules/modprobe\.conf -- context_template(system_u:object_r:modules_conf_t,s0)
|
||||
/lib(64)?/modules/modprobe\.conf -- gen_context(system_u:object_r:modules_conf_t,s0)
|
||||
|
||||
/sbin/depmod.* -- context_template(system_u:object_r:depmod_exec_t,s0)
|
||||
/sbin/generate-modprobe\.conf -- context_template(system_u:object_r:update_modules_exec_t,s0)
|
||||
/sbin/insmod.* -- context_template(system_u:object_r:insmod_exec_t,s0)
|
||||
/sbin/modprobe.* -- context_template(system_u:object_r:insmod_exec_t,s0)
|
||||
/sbin/rmmod.* -- context_template(system_u:object_r:insmod_exec_t,s0)
|
||||
/sbin/update-modules -- context_template(system_u:object_r:update_modules_exec_t,s0)
|
||||
/sbin/depmod.* -- gen_context(system_u:object_r:depmod_exec_t,s0)
|
||||
/sbin/generate-modprobe\.conf -- gen_context(system_u:object_r:update_modules_exec_t,s0)
|
||||
/sbin/insmod.* -- gen_context(system_u:object_r:insmod_exec_t,s0)
|
||||
/sbin/modprobe.* -- gen_context(system_u:object_r:insmod_exec_t,s0)
|
||||
/sbin/rmmod.* -- gen_context(system_u:object_r:insmod_exec_t,s0)
|
||||
/sbin/update-modules -- gen_context(system_u:object_r:update_modules_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -3,5 +3,5 @@
|
|||
#
|
||||
# mount file contexts
|
||||
#
|
||||
/bin/mount.* -- context_template(system_u:object_r:mount_exec_t,s0)
|
||||
/bin/umount.* -- context_template(system_u:object_r:mount_exec_t,s0)
|
||||
/bin/mount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
|
||||
/bin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
|
||||
/etc/apm/event\.d/pcmcia -- context_template(system_u:object_r:cardmgr_exec_t,s0)
|
||||
/etc/apm/event\.d/pcmcia -- gen_context(system_u:object_r:cardmgr_exec_t,s0)
|
||||
|
||||
/sbin/cardctl -- context_template(system_u:object_r:cardctl_exec_t,s0)
|
||||
/sbin/cardmgr -- context_template(system_u:object_r:cardmgr_exec_t,s0)
|
||||
/sbin/cardctl -- gen_context(system_u:object_r:cardctl_exec_t,s0)
|
||||
/sbin/cardmgr -- gen_context(system_u:object_r:cardmgr_exec_t,s0)
|
||||
|
||||
/var/lib/pcmcia(/.*)? context_template(system_u:object_r:cardmgr_var_run_t,s0)
|
||||
/var/lib/pcmcia(/.*)? gen_context(system_u:object_r:cardmgr_var_run_t,s0)
|
||||
|
||||
/var/run/cardmgr\.pid -- context_template(system_u:object_r:cardmgr_var_run_t,s0)
|
||||
/var/run/stab -- context_template(system_u:object_r:cardmgr_var_run_t,s0)
|
||||
/var/run/cardmgr\.pid -- gen_context(system_u:object_r:cardmgr_var_run_t,s0)
|
||||
/var/run/stab -- gen_context(system_u:object_r:cardmgr_var_run_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
/sbin/mdadm -- context_template(system_u:object_r:mdadm_exec_t,s0)
|
||||
/sbin/mdmpd -- context_template(system_u:object_r:mdadm_exec_t,s0)
|
||||
/sbin/mdadm -- gen_context(system_u:object_r:mdadm_exec_t,s0)
|
||||
/sbin/mdmpd -- gen_context(system_u:object_r:mdadm_exec_t,s0)
|
||||
|
||||
/var/run/mdadm(/.*)? context_template(system_u:object_r:mdadm_var_run_t,s0)
|
||||
/var/run/mdadm(/.*)? gen_context(system_u:object_r:mdadm_var_run_t,s0)
|
||||
|
|
|
|||
|
|
@ -3,39 +3,39 @@
|
|||
#
|
||||
# /etc
|
||||
#
|
||||
/etc/selinux(/.*)? context_template(system_u:object_r:selinux_config_t,s0)
|
||||
/etc/selinux(/.*)? gen_context(system_u:object_r:selinux_config_t,s0)
|
||||
|
||||
/etc/selinux/([^/]*/)?contexts(/.*)? context_template(system_u:object_r:default_context_t,s0)
|
||||
/etc/selinux/([^/]*/)?contexts(/.*)? gen_context(system_u:object_r:default_context_t,s0)
|
||||
|
||||
/etc/selinux/([^/]*/)?contexts/files(/.*)? context_template(system_u:object_r:file_context_t,s0)
|
||||
/etc/selinux/([^/]*/)?contexts/files(/.*)? gen_context(system_u:object_r:file_context_t,s0)
|
||||
|
||||
/etc/selinux/([^/]*/)?policy(/.*)? context_template(system_u:object_r:policy_config_t,s0)
|
||||
/etc/selinux/([^/]*/)?policy(/.*)? gen_context(system_u:object_r:policy_config_t,s0)
|
||||
|
||||
/etc/selinux/([^/]*/)?src(/.*)? context_template(system_u:object_r:policy_src_t,s0)
|
||||
/etc/selinux/([^/]*/)?src(/.*)? gen_context(system_u:object_r:policy_src_t,s0)
|
||||
|
||||
#
|
||||
# /root
|
||||
#
|
||||
/root/\.default_contexts -- context_template(system_u:object_r:default_context_t,s0)
|
||||
/root/\.default_contexts -- gen_context(system_u:object_r:default_context_t,s0)
|
||||
|
||||
#
|
||||
# /sbin
|
||||
#
|
||||
/sbin/load_policy -- context_template(system_u:object_r:load_policy_exec_t,s0)
|
||||
/sbin/restorecon -- context_template(system_u:object_r:restorecon_exec_t,s0)
|
||||
/sbin/load_policy -- gen_context(system_u:object_r:load_policy_exec_t,s0)
|
||||
/sbin/restorecon -- gen_context(system_u:object_r:restorecon_exec_t,s0)
|
||||
|
||||
#
|
||||
# /usr
|
||||
#
|
||||
/usr/bin/checkpolicy -- context_template(system_u:object_r:checkpolicy_exec_t,s0)
|
||||
/usr/bin/newrole -- context_template(system_u:object_r:newrole_exec_t,s0)
|
||||
/usr/bin/checkpolicy -- gen_context(system_u:object_r:checkpolicy_exec_t,s0)
|
||||
/usr/bin/newrole -- gen_context(system_u:object_r:newrole_exec_t,s0)
|
||||
|
||||
/usr/lib(64)?/selinux(/.*)? context_template(system_u:object_r:policy_src_t,s0)
|
||||
/usr/lib(64)?/selinux(/.*)? gen_context(system_u:object_r:policy_src_t,s0)
|
||||
|
||||
/usr/sbin/load_policy -- context_template(system_u:object_r:load_policy_exec_t,s0)
|
||||
/usr/sbin/run_init -- context_template(system_u:object_r:run_init_exec_t,s0)
|
||||
/usr/sbin/setfiles.* -- context_template(system_u:object_r:setfiles_exec_t,s0)
|
||||
/usr/sbin/load_policy -- gen_context(system_u:object_r:load_policy_exec_t,s0)
|
||||
/usr/sbin/run_init -- gen_context(system_u:object_r:run_init_exec_t,s0)
|
||||
/usr/sbin/setfiles.* -- gen_context(system_u:object_r:setfiles_exec_t,s0)
|
||||
|
||||
ifdef(`distro_debian', `
|
||||
/usr/share/selinux(/.*)? context_template(system_u:object_r:policy_src_t,s0)
|
||||
/usr/share/selinux(/.*)? gen_context(system_u:object_r:policy_src_t,s0)
|
||||
')
|
||||
|
|
|
|||
|
|
@ -2,48 +2,48 @@
|
|||
#
|
||||
# /bin
|
||||
#
|
||||
/bin/ip -- context_template(system_u:object_r:ifconfig_exec_t,s0)
|
||||
/bin/ip -- gen_context(system_u:object_r:ifconfig_exec_t,s0)
|
||||
|
||||
#
|
||||
# /etc
|
||||
#
|
||||
/etc/dhclient.*conf -- context_template(system_u:object_r:dhcp_etc_t,s0)
|
||||
/etc/dhclient-script -- context_template(system_u:object_r:dhcp_etc_t,s0)
|
||||
/etc/dhcpc.* context_template(system_u:object_r:dhcp_etc_t,s0)
|
||||
/etc/dhcpd\.conf -- context_template(system_u:object_r:dhcp_etc_t,s0)
|
||||
/etc/resolv\.conf.* -- context_template(system_u:object_r:net_conf_t,s0)
|
||||
/etc/yp\.conf.* -- context_template(system_u:object_r:net_conf_t,s0)
|
||||
/etc/dhclient.*conf -- gen_context(system_u:object_r:dhcp_etc_t,s0)
|
||||
/etc/dhclient-script -- gen_context(system_u:object_r:dhcp_etc_t,s0)
|
||||
/etc/dhcpc.* gen_context(system_u:object_r:dhcp_etc_t,s0)
|
||||
/etc/dhcpd\.conf -- gen_context(system_u:object_r:dhcp_etc_t,s0)
|
||||
/etc/resolv\.conf.* -- gen_context(system_u:object_r:net_conf_t,s0)
|
||||
/etc/yp\.conf.* -- gen_context(system_u:object_r:net_conf_t,s0)
|
||||
|
||||
/etc/dhcp3(/.*)? context_template(system_u:object_r:dhcp_etc_t,s0)
|
||||
/etc/dhcp3?/dhclient.* context_template(system_u:object_r:dhcp_etc_t,s0)
|
||||
/etc/dhcp3(/.*)? gen_context(system_u:object_r:dhcp_etc_t,s0)
|
||||
/etc/dhcp3?/dhclient.* gen_context(system_u:object_r:dhcp_etc_t,s0)
|
||||
|
||||
#
|
||||
# /sbin
|
||||
#
|
||||
/sbin/dhclient.* -- context_template(system_u:object_r:dhcpc_exec_t,s0)
|
||||
/sbin/dhcpcd -- context_template(system_u:object_r:dhcpc_exec_t,s0)
|
||||
/sbin/ethtool -- context_template(system_u:object_r:ifconfig_exec_t,s0)
|
||||
/sbin/ifconfig -- context_template(system_u:object_r:ifconfig_exec_t,s0)
|
||||
/sbin/ip -- context_template(system_u:object_r:ifconfig_exec_t,s0)
|
||||
/sbin/ipx_configure -- context_template(system_u:object_r:ifconfig_exec_t,s0)
|
||||
/sbin/ipx_interface -- context_template(system_u:object_r:ifconfig_exec_t,s0)
|
||||
/sbin/ipx_internal_net -- context_template(system_u:object_r:ifconfig_exec_t,s0)
|
||||
/sbin/iwconfig -- context_template(system_u:object_r:ifconfig_exec_t,s0)
|
||||
/sbin/mii-tool -- context_template(system_u:object_r:ifconfig_exec_t,s0)
|
||||
/sbin/pump -- context_template(system_u:object_r:dhcpc_exec_t,s0)
|
||||
/sbin/tc -- context_template(system_u:object_r:ifconfig_exec_t,s0)
|
||||
/sbin/dhclient.* -- gen_context(system_u:object_r:dhcpc_exec_t,s0)
|
||||
/sbin/dhcpcd -- gen_context(system_u:object_r:dhcpc_exec_t,s0)
|
||||
/sbin/ethtool -- gen_context(system_u:object_r:ifconfig_exec_t,s0)
|
||||
/sbin/ifconfig -- gen_context(system_u:object_r:ifconfig_exec_t,s0)
|
||||
/sbin/ip -- gen_context(system_u:object_r:ifconfig_exec_t,s0)
|
||||
/sbin/ipx_configure -- gen_context(system_u:object_r:ifconfig_exec_t,s0)
|
||||
/sbin/ipx_interface -- gen_context(system_u:object_r:ifconfig_exec_t,s0)
|
||||
/sbin/ipx_internal_net -- gen_context(system_u:object_r:ifconfig_exec_t,s0)
|
||||
/sbin/iwconfig -- gen_context(system_u:object_r:ifconfig_exec_t,s0)
|
||||
/sbin/mii-tool -- gen_context(system_u:object_r:ifconfig_exec_t,s0)
|
||||
/sbin/pump -- gen_context(system_u:object_r:dhcpc_exec_t,s0)
|
||||
/sbin/tc -- gen_context(system_u:object_r:ifconfig_exec_t,s0)
|
||||
|
||||
#
|
||||
# /usr
|
||||
#
|
||||
/usr/sbin/tc -- context_template(system_u:object_r:ifconfig_exec_t,s0)
|
||||
/usr/sbin/tc -- gen_context(system_u:object_r:ifconfig_exec_t,s0)
|
||||
|
||||
#
|
||||
# /var
|
||||
#
|
||||
/var/lib/dhcp3? -d context_template(system_u:object_r:dhcp_state_t,s0)
|
||||
/var/lib/dhcp3?/dhclient.* context_template(system_u:object_r:dhcpc_state_t,s0)
|
||||
/var/lib/dhcpcd(/.*)? context_template(system_u:object_r:dhcpc_state_t,s0)
|
||||
/var/lib/dhcp3? -d gen_context(system_u:object_r:dhcp_state_t,s0)
|
||||
/var/lib/dhcp3?/dhclient.* gen_context(system_u:object_r:dhcpc_state_t,s0)
|
||||
/var/lib/dhcpcd(/.*)? gen_context(system_u:object_r:dhcpc_state_t,s0)
|
||||
|
||||
/var/run/dhclient.*\.pid -- context_template(system_u:object_r:dhcpc_var_run_t,s0)
|
||||
/var/run/dhclient.*\.leases -- context_template(system_u:object_r:dhcpc_var_run_t,s0)
|
||||
/var/run/dhclient.*\.pid -- gen_context(system_u:object_r:dhcpc_var_run_t,s0)
|
||||
/var/run/dhclient.*\.leases -- gen_context(system_u:object_r:dhcpc_var_run_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,19 +1,19 @@
|
|||
# udev
|
||||
|
||||
/dev/\.udevdb -- context_template(system_u:object_r:udev_tbl_t,s0)
|
||||
/dev/udev\.tbl -- context_template(system_u:object_r:udev_tbl_t,s0)
|
||||
/dev/\.udevdb -- gen_context(system_u:object_r:udev_tbl_t,s0)
|
||||
/dev/udev\.tbl -- gen_context(system_u:object_r:udev_tbl_t,s0)
|
||||
|
||||
/etc/dev\.d/.+ -- context_template(system_u:object_r:udev_helper_exec_t,s0)
|
||||
/etc/dev\.d/.+ -- gen_context(system_u:object_r:udev_helper_exec_t,s0)
|
||||
|
||||
/etc/hotplug\.d/default/udev.* -- context_template(system_u:object_r:udev_helper_exec_t,s0)
|
||||
/etc/hotplug\.d/default/udev.* -- gen_context(system_u:object_r:udev_helper_exec_t,s0)
|
||||
|
||||
/etc/udev/scripts/.+ -- context_template(system_u:object_r:udev_helper_exec_t,s0)
|
||||
/etc/udev/scripts/.+ -- gen_context(system_u:object_r:udev_helper_exec_t,s0)
|
||||
|
||||
/sbin/start_udev -- context_template(system_u:object_r:udev_exec_t,s0)
|
||||
/sbin/udev -- context_template(system_u:object_r:udev_exec_t,s0)
|
||||
/sbin/udevd -- context_template(system_u:object_r:udev_exec_t,s0)
|
||||
/sbin/udevsend -- context_template(system_u:object_r:udev_exec_t,s0)
|
||||
/sbin/udevstart -- context_template(system_u:object_r:udev_exec_t,s0)
|
||||
/sbin/wait_for_sysfs -- context_template(system_u:object_r:udev_exec_t,s0)
|
||||
/sbin/start_udev -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||
/sbin/udev -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||
/sbin/udevd -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||
/sbin/udevsend -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||
/sbin/udevstart -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||
/sbin/wait_for_sysfs -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||
|
||||
/usr/bin/udevinfo -- context_template(system_u:object_r:udev_exec_t,s0)
|
||||
/usr/bin/udevinfo -- gen_context(system_u:object_r:udev_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
# Add programs here which should not be confined by SELinux
|
||||
# e.g.:
|
||||
# /usr/local/bin/appsrv -- context_template(system_u:object_r:unconfined_exec_t,s0)
|
||||
# /usr/local/bin/appsrv -- gen_context(system_u:object_r:unconfined_exec_t,s0)
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
|
||||
|
||||
HOME_DIR -d context_template(system_u:object_r:ROLE_home_dir_t,s0)
|
||||
HOME_DIR/.+ context_template(system_u:object_r:ROLE_home_t,s0)
|
||||
HOME_DIR -d gen_context(system_u:object_r:ROLE_home_dir_t,s0)
|
||||
HOME_DIR/.+ gen_context(system_u:object_r:ROLE_home_t,s0)
|
||||
|
|
|
|||
|
|
@ -19,9 +19,9 @@ define(`gen_user',`user $1 roles { $2 }`'ifdef(`enable_mls', ` level $3 range $4
|
|||
|
||||
########################################
|
||||
#
|
||||
# gen_con(context,mls_sensitivity,[mcs_categories])
|
||||
# gen_context(context,mls_sensitivity,[mcs_categories])
|
||||
#
|
||||
define(`context_template',`$1`'ifdef(`enable_mls',`:$2')`'ifdef(`enable_mcs',`:s0`'ifelse(`$3',,,`:$3')')') dnl
|
||||
define(`gen_context',`$1`'ifdef(`enable_mls',`:$2')`'ifdef(`enable_mcs',`:s0`'ifelse(`$3',,,`:$3')')') dnl
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
|
|||
Loading…
Reference in New Issue