initial commit
This commit is contained in:
parent
63a310c8cf
commit
f8ec0ad43b
28
refpolicy/policy/modules/admin/usermanage.fc
Normal file
28
refpolicy/policy/modules/admin/usermanage.fc
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
# Copyright (C) 2005 Tresys Technology, LLC
|
||||||
|
|
||||||
|
/usr/bin/chage -- system_u:object_r:passwd_exec_t
|
||||||
|
/usr/bin/chfn -- system_u:object_r:chfn_exec_t
|
||||||
|
/usr/bin/chsh -- system_u:object_r:chfn_exec_t
|
||||||
|
/usr/bin/gpasswd -- system_u:object_r:groupadd_exec_t
|
||||||
|
/usr/bin/passwd -- system_u:object_r:passwd_exec_t
|
||||||
|
/usr/bin/vigr -- system_u:object_r:admin_passwd_exec_t
|
||||||
|
/usr/bin/vipw -- system_u:object_r:admin_passwd_exec_t
|
||||||
|
|
||||||
|
/usr/lib(64)?/cracklib_dict.* -- system_u:object_r:crack_db_t
|
||||||
|
|
||||||
|
/usr/sbin/crack_[a-z]* -- system_u:object_r:crack_exec_t
|
||||||
|
/usr/sbin/gpasswd -- system_u:object_r:groupadd_exec_t
|
||||||
|
/usr/sbin/groupadd -- system_u:object_r:groupadd_exec_t
|
||||||
|
/usr/sbin/groupdel -- system_u:object_r:groupadd_exec_t
|
||||||
|
/usr/sbin/groupmod -- system_u:object_r:groupadd_exec_t
|
||||||
|
/usr/sbin/grpconv -- system_u:object_r:admin_passwd_exec_t
|
||||||
|
/usr/sbin/grpunconv -- system_u:object_r:admin_passwd_exec_t
|
||||||
|
/usr/sbin/pwconv -- system_u:object_r:admin_passwd_exec_t
|
||||||
|
/usr/sbin/pwunconv -- system_u:object_r:admin_passwd_exec_t
|
||||||
|
/usr/sbin/useradd -- system_u:object_r:useradd_exec_t
|
||||||
|
/usr/sbin/userdel -- system_u:object_r:useradd_exec_t
|
||||||
|
/usr/sbin/usermod -- system_u:object_r:useradd_exec_t
|
||||||
|
/usr/sbin/vigr -- system_u:object_r:admin_passwd_exec_t
|
||||||
|
/usr/sbin/vipw -- system_u:object_r:admin_passwd_exec_t
|
||||||
|
|
||||||
|
/var/cache/cracklib(/.*)? system_u:object_r:crack_db_t
|
36
refpolicy/policy/modules/system/authlogin.fc
Normal file
36
refpolicy/policy/modules/system/authlogin.fc
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
# Copyright (C) 2005 Tresys Technology, LLC
|
||||||
|
|
||||||
|
/bin/login -- system_u:object_r:login_exec_t
|
||||||
|
|
||||||
|
/etc/\.pwd\.lock -- system_u:object_r:shadow_t
|
||||||
|
/etc/group\.lock -- system_u:object_r:shadow_t
|
||||||
|
/etc/gshadow.* -- system_u:object_r:shadow_t
|
||||||
|
/etc/passwd\.lock -- system_u:object_r:shadow_t
|
||||||
|
/etc/shadow.* -- system_u:object_r:shadow_t
|
||||||
|
|
||||||
|
/lib(64)?/security/pam_krb5/pam_krb5_storetmp -- system_u:object_r:pam_exec_t
|
||||||
|
|
||||||
|
/sbin/pam_console_apply -- system_u:object_r:pam_console_exec_t
|
||||||
|
/sbin/pam_timestamp_check -- system_u:object_r:pam_exec_t
|
||||||
|
/sbin/unix_chkpwd -- system_u:object_r:chkpwd_exec_t
|
||||||
|
/sbin/unix_verify -- system_u:object_r:chkpwd_exec_t
|
||||||
|
ifdef(`distro_suse', `
|
||||||
|
/sbin/unix2_chkpwd -- system_u:object_r:chkpwd_exec_t
|
||||||
|
')
|
||||||
|
|
||||||
|
/usr/kerberos/sbin/login\.krb5 -- system_u:object_r:login_exec_t
|
||||||
|
|
||||||
|
/usr/sbin/utempter -- system_u:object_r:utempter_exec_t
|
||||||
|
|
||||||
|
/var/db/shadow.* -- system_u:object_r:shadow_t
|
||||||
|
|
||||||
|
/var/log/btmp.* -- system_u:object_r:faillog_t
|
||||||
|
/var/log/dmesg -- system_u:object_r:var_log_t
|
||||||
|
/var/log/faillog -- system_u:object_r:faillog_t
|
||||||
|
/var/log/lastlog -- system_u:object_r:lastlog_t
|
||||||
|
/var/log/syslog -- system_u:object_r:var_log_t
|
||||||
|
/var/log/wtmp.* -- system_u:object_r:wtmp_t
|
||||||
|
|
||||||
|
/var/run/console(/.*)? system_u:object_r:pam_var_console_t
|
||||||
|
|
||||||
|
/var/run/sudo(/.*)? system_u:object_r:pam_var_run_t
|
86
refpolicy/policy/modules/system/corecommands.fc
Normal file
86
refpolicy/policy/modules/system/corecommands.fc
Normal file
@ -0,0 +1,86 @@
|
|||||||
|
# Copyright (C) 2005 Tresys Technology, LLC
|
||||||
|
|
||||||
|
#
|
||||||
|
# /bin
|
||||||
|
#
|
||||||
|
/bin(/.*)? system_u:object_r:bin_t
|
||||||
|
/bin/d?ash -- system_u:object_r:shell_exec_t
|
||||||
|
/bin/bash -- system_u:object_r:shell_exec_t
|
||||||
|
/bin/bash2 -- system_u:object_r:shell_exec_t
|
||||||
|
/bin/ls -- system_u:object_r:ls_exec_t
|
||||||
|
/bin/sash -- system_u:object_r:shell_exec_t
|
||||||
|
/bin/tcsh -- system_u:object_r:shell_exec_t
|
||||||
|
/bin/zsh.* -- system_u:object_r:shell_exec_t
|
||||||
|
|
||||||
|
#
|
||||||
|
# /dev
|
||||||
|
#
|
||||||
|
/dev/MAKEDEV -- system_u:object_r:sbin_t
|
||||||
|
|
||||||
|
#
|
||||||
|
# /etc
|
||||||
|
#
|
||||||
|
/etc/hotplug/.*agent -- system_u:object_r:sbin_t
|
||||||
|
/etc/hotplug/.*rc -- system_u:object_r:sbin_t
|
||||||
|
|
||||||
|
/etc/hotplug/hotplug\.functions -- system_u:object_r:sbin_t
|
||||||
|
|
||||||
|
/etc/hotplug\.d/default/default.* system_u:object_r:sbin_t
|
||||||
|
|
||||||
|
/etc/netplug\.d(/.*)? system_u:object_r:sbin_t
|
||||||
|
|
||||||
|
ifdef(`targeted_policy', `
|
||||||
|
/etc/X11/prefdm -- system_u:object_r:bin_t
|
||||||
|
')
|
||||||
|
|
||||||
|
#
|
||||||
|
# /sbin
|
||||||
|
#
|
||||||
|
/sbin(/.*)? system_u:object_r:sbin_t
|
||||||
|
/sbin/insmod_ksymoops_clean -- system_u:object_r:sbin_t
|
||||||
|
|
||||||
|
#
|
||||||
|
# /opt
|
||||||
|
#
|
||||||
|
/opt/.*/bin(/.*)? system_u:object_r:bin_t
|
||||||
|
|
||||||
|
/opt/.*/libexec(/.*)? system_u:object_r:bin_t
|
||||||
|
|
||||||
|
/opt/.*/sbin(/.*)? system_u:object_r:sbin_t
|
||||||
|
|
||||||
|
#
|
||||||
|
# /usr
|
||||||
|
#
|
||||||
|
ifdef(`distro_gentoo', `
|
||||||
|
/usr/.*-.*-linux-gnu/gcc-bin/.*(/.*)? system_u:object_r:bin_t
|
||||||
|
')
|
||||||
|
|
||||||
|
/usr(/.*)?/Bin(/.*)? system_u:object_r:bin_t
|
||||||
|
|
||||||
|
/usr(/.*)?/bin(/.*)? system_u:object_r:bin_t
|
||||||
|
|
||||||
|
/usr(/.*)?/sbin(/.*)? system_u:object_r:sbin_t
|
||||||
|
|
||||||
|
/usr/lib(64)?/emacsen-common/.* system_u:object_r:bin_t
|
||||||
|
|
||||||
|
/usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird -- system_u:object_r:bin_t
|
||||||
|
/usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird-bin -- system_u:object_r:bin_t
|
||||||
|
/usr/lib(64)?/[^/]*thunderbird[^/]*/run-mozilla\.sh -- system_u:object_r:bin_t
|
||||||
|
/usr/lib(64)?/[^/]*thunderbird[^/]*/mozilla-xremote-client -- system_u:object_r:bin_t
|
||||||
|
|
||||||
|
/usr/libexec(/.*)? system_u:object_r:bin_t
|
||||||
|
|
||||||
|
/usr/sbin/sesh -- system_u:object_r:shell_exec_t
|
||||||
|
|
||||||
|
/usr/share/gnucash/finance-quote-check -- system_u:object_r:bin_t
|
||||||
|
/usr/share/gnucash/finance-quote-helper -- system_u:object_r:bin_t
|
||||||
|
|
||||||
|
/usr/share/mc/extfs/.* -- system_u:object_r:bin_t
|
||||||
|
|
||||||
|
#
|
||||||
|
# /var
|
||||||
|
#
|
||||||
|
/var/mailman/bin(/.*)? system_u:object_r:bin_t
|
||||||
|
|
||||||
|
/var/ftp/bin(/.*)? system_u:object_r:bin_t
|
||||||
|
/var/ftp/bin/ls -- system_u:object_r:ls_exec_t
|
157
refpolicy/policy/modules/system/files.fc
Normal file
157
refpolicy/policy/modules/system/files.fc
Normal file
@ -0,0 +1,157 @@
|
|||||||
|
# Copyright (C) 2005 Tresys Technology, LLC
|
||||||
|
|
||||||
|
#
|
||||||
|
# /
|
||||||
|
#
|
||||||
|
/.* system_u:object_r:default_t
|
||||||
|
/ -d system_u:object_r:root_t
|
||||||
|
/\.journal <<none>>
|
||||||
|
|
||||||
|
#
|
||||||
|
# /boot
|
||||||
|
#
|
||||||
|
/boot/\.journal <<none>>
|
||||||
|
|
||||||
|
/boot/lost\+found(/.*)? system_u:object_r:lost_found_t
|
||||||
|
|
||||||
|
#
|
||||||
|
# /etc
|
||||||
|
#
|
||||||
|
/etc(/.*)? system_u:object_r:etc_t
|
||||||
|
/etc/\.fstab\.hal\..+ -- system_u:object_r:etc_runtime_t
|
||||||
|
/etc/asound\.state -- system_u:object_r:etc_runtime_t
|
||||||
|
/etc/blkid\.tab.* -- system_u:object_r:etc_runtime_t
|
||||||
|
/etc/fstab\.REVOKE -- system_u:object_r:etc_runtime_t
|
||||||
|
/etc/HOSTNAME -- system_u:object_r:etc_runtime_t
|
||||||
|
/etc/ioctl\.save -- system_u:object_r:etc_runtime_t
|
||||||
|
/etc/issue -- system_u:object_r:etc_runtime_t
|
||||||
|
/etc/issue\.net -- system_u:object_r:etc_runtime_t
|
||||||
|
/etc/localtime -l system_u:object_r:etc_t
|
||||||
|
/etc/mtab -- system_u:object_r:etc_runtime_t
|
||||||
|
/etc/motd -- system_u:object_r:etc_runtime_t
|
||||||
|
/etc/nohotplug -- system_u:object_r:etc_runtime_t
|
||||||
|
/etc/nologin.* -- system_u:object_r:etc_runtime_t
|
||||||
|
|
||||||
|
/etc/init\.d/functions -- system_u:object_r:etc_t
|
||||||
|
|
||||||
|
/etc/ptal/ptal-printd-like -- system_u:object_r:etc_runtime_t
|
||||||
|
|
||||||
|
/etc/rc\.d/init\.d/functions -- system_u:object_r:etc_t
|
||||||
|
|
||||||
|
/etc/sysconfig/hwconf -- system_u:object_r:etc_runtime_t
|
||||||
|
/etc/sysconfig/iptables\.save -- system_u:object_r:etc_runtime_t
|
||||||
|
/etc/sysconfig/firstboot -- system_u:object_r:etc_runtime_t
|
||||||
|
|
||||||
|
ifdef(`distro_gentoo', `
|
||||||
|
/etc/profile\.env -- system_u:object_r:etc_runtime_t
|
||||||
|
/etc/csh\.env -- system_u:object_r:etc_runtime_t
|
||||||
|
/etc/env\.d/.* -- system_u:object_r:etc_runtime_t
|
||||||
|
')
|
||||||
|
|
||||||
|
#
|
||||||
|
# /initrd
|
||||||
|
#
|
||||||
|
# initrd mount point, only used during boot
|
||||||
|
/initrd -d system_u:object_r:root_t
|
||||||
|
|
||||||
|
#
|
||||||
|
# /lost+found
|
||||||
|
#
|
||||||
|
/lost\+found(/.*)? system_u:object_r:lost_found_t
|
||||||
|
|
||||||
|
#
|
||||||
|
# /media
|
||||||
|
#
|
||||||
|
# Mount points; do not relabel subdirectories, since
|
||||||
|
# we don't want to change any removable media by default.
|
||||||
|
/media(/[^/]*)? -d system_u:object_r:mnt_t
|
||||||
|
/media/[^/]*/.* <<none>>
|
||||||
|
|
||||||
|
#
|
||||||
|
# /mnt
|
||||||
|
#
|
||||||
|
/mnt(/[^/]*)? -d system_u:object_r:mnt_t
|
||||||
|
/mnt/[^/]*/.* <<none>>
|
||||||
|
|
||||||
|
#
|
||||||
|
# /opt
|
||||||
|
#
|
||||||
|
/opt(/.*)? system_u:object_r:usr_t
|
||||||
|
|
||||||
|
/opt/.*/var/lib(64)?(/.*)? system_u:object_r:var_lib_t
|
||||||
|
|
||||||
|
#
|
||||||
|
# /proc
|
||||||
|
#
|
||||||
|
/proc(/.*)? <<none>>
|
||||||
|
|
||||||
|
#
|
||||||
|
# /selinux
|
||||||
|
#
|
||||||
|
/selinux(/.*)? <<none>>
|
||||||
|
|
||||||
|
#
|
||||||
|
# /sys
|
||||||
|
#
|
||||||
|
/sys(/.*)? <<none>>
|
||||||
|
|
||||||
|
#
|
||||||
|
# /tmp
|
||||||
|
#
|
||||||
|
/tmp -d system_u:object_r:tmp_t
|
||||||
|
/tmp/.* <<none>>
|
||||||
|
/tmp/\.journal <<none>>
|
||||||
|
|
||||||
|
/tmp/lost\+found(/.*)? system_u:object_r:lost_found_t
|
||||||
|
|
||||||
|
#
|
||||||
|
# /usr
|
||||||
|
#
|
||||||
|
/usr(/.*)? system_u:object_r:usr_t
|
||||||
|
/usr/\.journal <<none>>
|
||||||
|
|
||||||
|
/usr/lost\+found(/.*)? system_u:object_r:lost_found_t
|
||||||
|
|
||||||
|
/usr/etc(/.*)? system_u:object_r:etc_t
|
||||||
|
|
||||||
|
/usr/inclu.e(/.*)? system_u:object_r:usr_t
|
||||||
|
|
||||||
|
/usr/local/\.journal <<none>>
|
||||||
|
/usr/local/lost\+found(/.*)? system_u:object_r:lost_found_t
|
||||||
|
|
||||||
|
/usr/share(/.*)?/lib(64)?(/.*)? system_u:object_r:usr_t
|
||||||
|
|
||||||
|
/usr/src(/.*)? system_u:object_r:src_t
|
||||||
|
|
||||||
|
/usr/tmp -d system_u:object_r:tmp_t
|
||||||
|
/usr/tmp/.* <<none>>
|
||||||
|
|
||||||
|
#
|
||||||
|
# /var
|
||||||
|
#
|
||||||
|
/var(/.*)? system_u:object_r:var_t
|
||||||
|
/var/\.journal <<none>>
|
||||||
|
|
||||||
|
/var/lost\+found(/.*)? system_u:object_r:lost_found_t
|
||||||
|
|
||||||
|
/var/db/.*\.db -- system_u:object_r:etc_t
|
||||||
|
|
||||||
|
/var/ftp/etc(/.*)? system_u:object_r:etc_t
|
||||||
|
|
||||||
|
/var/lib/nfs/rpc_pipefs(/.*)? <<none>>
|
||||||
|
|
||||||
|
/usr/local/etc(/.*)? system_u:object_r:etc_t
|
||||||
|
|
||||||
|
/usr/local/src(/.*)? system_u:object_r:src_t
|
||||||
|
|
||||||
|
/var/lock(/.*)? system_u:object_r:var_lock_t
|
||||||
|
|
||||||
|
/var/run(/.*)? system_u:object_r:var_run_t
|
||||||
|
/var/run/.*\.*pid <<none>>
|
||||||
|
|
||||||
|
/var/spool(/.*)? system_u:object_r:var_spool_t
|
||||||
|
|
||||||
|
/var/tmp -d system_u:object_r:tmp_t
|
||||||
|
/var/tmp/.* <<none>>
|
||||||
|
|
||||||
|
/var/tmp/vi\.recover -d system_u:object_r:tmp_t
|
12
refpolicy/policy/modules/system/hotplug.fc
Normal file
12
refpolicy/policy/modules/system/hotplug.fc
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
# Copyright (C) 2005 Tresys Technology, LLC
|
||||||
|
|
||||||
|
/etc/hotplug(/.*)? system_u:object_r:hotplug_etc_t
|
||||||
|
/etc/hotplug/firmware.agent -- system_u:object_r:hotplug_exec_t
|
||||||
|
|
||||||
|
/etc/hotplug\.d/.* -- system_u:object_r:hotplug_exec_t
|
||||||
|
|
||||||
|
/sbin/hotplug -- system_u:object_r:hotplug_exec_t
|
||||||
|
/sbin/netplugd -- system_u:object_r:hotplug_exec_t
|
||||||
|
|
||||||
|
/var/run/usb(/.*)? system_u:object_r:hotplug_var_run_t
|
||||||
|
/var/run/hotplug(/.*)? system_u:object_r:hotplug_var_run_t
|
64
refpolicy/policy/modules/system/init.fc
Normal file
64
refpolicy/policy/modules/system/init.fc
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
# Copyright (C) 2005 Tresys Technology, LLC
|
||||||
|
|
||||||
|
#
|
||||||
|
# /
|
||||||
|
#
|
||||||
|
ifdef(`distro_redhat', `
|
||||||
|
/\.autofsck -- system_u:object_r:etc_runtime_t
|
||||||
|
/halt -- system_u:object_r:etc_runtime_t
|
||||||
|
')
|
||||||
|
|
||||||
|
#
|
||||||
|
# /etc
|
||||||
|
#
|
||||||
|
/etc/init\.d/.* -- system_u:object_r:initrc_exec_t
|
||||||
|
|
||||||
|
/etc/rc\.d/rc -- system_u:object_r:initrc_exec_t
|
||||||
|
/etc/rc\.d/rc\.sysinit -- system_u:object_r:initrc_exec_t
|
||||||
|
/etc/rc\.d/rc\.local -- system_u:object_r:initrc_exec_t
|
||||||
|
|
||||||
|
/etc/rc\.d/init\.d/.* -- system_u:object_r:initrc_exec_t
|
||||||
|
|
||||||
|
ifdef(`targeted_policy', `', `
|
||||||
|
/etc/X11/prefdm -- system_u:object_r:initrc_exec_t
|
||||||
|
')
|
||||||
|
|
||||||
|
#
|
||||||
|
# /dev
|
||||||
|
#
|
||||||
|
/dev/initctl -p system_u:object_r:initctl_t
|
||||||
|
|
||||||
|
#
|
||||||
|
# /sbin
|
||||||
|
#
|
||||||
|
/sbin/init -- system_u:object_r:init_exec_t
|
||||||
|
ifdef(`distro_gentoo', `
|
||||||
|
/sbin/rc -- system_u:object_r:initrc_exec_t
|
||||||
|
/sbin/runscript -- system_u:object_r:initrc_exec_t
|
||||||
|
/sbin/runscript\.sh -- system_u:object_r:initrc_exec_t
|
||||||
|
')
|
||||||
|
|
||||||
|
#
|
||||||
|
# /usr
|
||||||
|
#
|
||||||
|
/usr/sbin/run_init -- system_u:object_r:run_init_exec_t
|
||||||
|
/usr/sbin/open_init_pty -- system_u:object_r:initrc_exec_t
|
||||||
|
|
||||||
|
#
|
||||||
|
# /var
|
||||||
|
#
|
||||||
|
ifdef(`distro_gentoo', `
|
||||||
|
/var/lib/init\.d(/.*)? system_u:object_r:initrc_state_t
|
||||||
|
')
|
||||||
|
|
||||||
|
/var/run/utmp -- system_u:object_r:initrc_var_run_t
|
||||||
|
/var/run/runlevel\.dir system_u:object_r:initrc_var_run_t
|
||||||
|
/var/run/random-seed -- system_u:object_r:initrc_var_run_t
|
||||||
|
/var/run/setmixer_flag -- system_u:object_r:initrc_var_run_t
|
||||||
|
|
||||||
|
ifdef(`distro_suse', `
|
||||||
|
/var/run/sysconfig(/.*)? system_u:object_r:initrc_var_run_t
|
||||||
|
/var/run/keymap -- system_u:object_r:initrc_var_run_t
|
||||||
|
/var/run/numlock-on -- system_u:object_r:initrc_var_run_t
|
||||||
|
')
|
||||||
|
|
9
refpolicy/policy/modules/system/iptables.fc
Normal file
9
refpolicy/policy/modules/system/iptables.fc
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
# Copyright (C) 2005 Tresys Technology, LLC
|
||||||
|
|
||||||
|
/sbin/ip6tables.* -- system_u:object_r:iptables_exec_t
|
||||||
|
/sbin/ipchains.* -- system_u:object_r:iptables_exec_t
|
||||||
|
/sbin/iptables.* -- system_u:object_r:iptables_exec_t
|
||||||
|
|
||||||
|
/usr/sbin/ip6tables.* -- system_u:object_r:iptables_exec_t
|
||||||
|
/usr/sbin/ipchains.* -- system_u:object_r:iptables_exec_t
|
||||||
|
/usr/sbin/iptables.* -- system_u:object_r:iptables_exec_t
|
50
refpolicy/policy/modules/system/libraries.fc
Normal file
50
refpolicy/policy/modules/system/libraries.fc
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
# Copyright (C) 2005 Tresys Technology, LLC
|
||||||
|
|
||||||
|
#
|
||||||
|
# /etc
|
||||||
|
#
|
||||||
|
/etc/ld\.so\.cache -- system_u:object_r:ld_so_cache_t
|
||||||
|
/etc/ld\.so\.preload -- system_u:object_r:ld_so_cache_t
|
||||||
|
|
||||||
|
#
|
||||||
|
# /lib(64)?
|
||||||
|
#
|
||||||
|
/lib(64)?(/.*)? system_u:object_r:lib_t
|
||||||
|
/lib(64)?/.*\.so(\.[^/]*)* -- system_u:object_r:shlib_t
|
||||||
|
/lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* -- system_u:object_r:ld_so_t
|
||||||
|
|
||||||
|
#
|
||||||
|
# /opt
|
||||||
|
#
|
||||||
|
/opt/.*/lib(64)?(/.*)? system_u:object_r:lib_t
|
||||||
|
/opt/.*/lib(64)?/.*\.so(\.[^/]*)* -- system_u:object_r:shlib_t
|
||||||
|
|
||||||
|
#
|
||||||
|
# /usr
|
||||||
|
#
|
||||||
|
/usr(/.*)?/HelixPlayer/.*\.so(\.[^/]*)* -- system_u:object_r:texrel_shlib_t
|
||||||
|
|
||||||
|
/usr(/.*)?/java/.*\.so(\.[^/]*)* -- system_u:object_r:texrel_shlib_t
|
||||||
|
/usr(/.*)?/java/.*\.jar -- system_u:object_r:shlib_t
|
||||||
|
/usr(/.*)?/java/.*\.jsa -- system_u:object_r:shlib_t
|
||||||
|
|
||||||
|
/usr(/.*)?/lib(64)?(/.*)? system_u:object_r:lib_t
|
||||||
|
/usr(/.*)?/lib(64)?/.*\.so(\.[^/]*)* -- system_u:object_r:shlib_t
|
||||||
|
|
||||||
|
/usr(/.*)?/lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* system_u:object_r:ld_so_t
|
||||||
|
|
||||||
|
/usr(/.*)?/nvidia/.*\.so(\..*)? -- system_u:object_r:texrel_shlib_t
|
||||||
|
|
||||||
|
/usr/lib/win32/.* -- system_u:object_r:shlib_t
|
||||||
|
|
||||||
|
/usr/X11R6/lib/libGL\.so.* -- system_u:object_r:texrel_shlib_t
|
||||||
|
/usr/X11R6/lib/libXvMCNVIDIA\.so.* -- system_u:object_r:texrel_shlib_t
|
||||||
|
|
||||||
|
#
|
||||||
|
# /var
|
||||||
|
#
|
||||||
|
/var/ftp/lib(64)?(/.*)? system_u:object_r:lib_t
|
||||||
|
/var/ftp/lib(64)?/ld[^/]*\.so(\.[^/]*)* -- system_u:object_r:ld_so_t
|
||||||
|
/var/ftp/lib(64)?/lib[^/]*\.so(\.[^/]*)* -- system_u:object_r:shlib_t
|
||||||
|
|
||||||
|
/var/mailman/pythonlib(/.*)?/.*\.so(\..*)? -- system_u:object_r:shlib_t
|
3
refpolicy/policy/modules/system/locallogin.fc
Normal file
3
refpolicy/policy/modules/system/locallogin.fc
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
# Copyright (C) 2005 Tresys Technology, LLC
|
||||||
|
|
||||||
|
/sbin/sulogin -- system_u:object_r:sulogin_exec_t
|
55
refpolicy/policy/modules/system/miscfiles.fc
Normal file
55
refpolicy/policy/modules/system/miscfiles.fc
Normal file
@ -0,0 +1,55 @@
|
|||||||
|
# Copyright (C) 2005 Tresys Technology, LLC
|
||||||
|
|
||||||
|
#
|
||||||
|
# /etc
|
||||||
|
#
|
||||||
|
/etc/localtime -- system_u:object_r:locale_t
|
||||||
|
|
||||||
|
#
|
||||||
|
# /opt
|
||||||
|
#
|
||||||
|
/opt/.*/man(/.*)? system_u:object_r:man_t
|
||||||
|
|
||||||
|
#
|
||||||
|
# /usr
|
||||||
|
#
|
||||||
|
/usr/lib/locale(/.*)? system_u:object_r:locale_t
|
||||||
|
|
||||||
|
/usr/lib(64)?/perl5/man(/.*)? system_u:object_r:man_t
|
||||||
|
|
||||||
|
/usr/local/man(/.*)? system_u:object_r:man_t
|
||||||
|
|
||||||
|
/usr/local/share/fonts(/.*)? system_u:object_r:fonts_t
|
||||||
|
|
||||||
|
/usr/man(/.*)? system_u:object_r:man_t
|
||||||
|
|
||||||
|
/usr/share/fonts(/.*)? system_u:object_r:fonts_t
|
||||||
|
|
||||||
|
/usr/share/ghostscript/fonts(/.*)? system_u:object_r:fonts_t
|
||||||
|
|
||||||
|
/usr/share/locale(/.*)? system_u:object_r:locale_t
|
||||||
|
|
||||||
|
/usr/share/man(/.*)? system_u:object_r:man_t
|
||||||
|
|
||||||
|
/usr/share/zoneinfo(/.*)? system_u:object_r:locale_t
|
||||||
|
|
||||||
|
/usr/X11R6/lib/X11/fonts(/.*)? system_u:object_r:fonts_t
|
||||||
|
|
||||||
|
/usr/X11R6/man(/.*)? system_u:object_r:man_t
|
||||||
|
|
||||||
|
#
|
||||||
|
# /var
|
||||||
|
#
|
||||||
|
ifdef(`distro_debian', `
|
||||||
|
/var/lib/msttcorefonts(/.*)? system_u:object_r:fonts_t
|
||||||
|
')
|
||||||
|
|
||||||
|
/var/lib/texmf(/.*)? system_u:object_r:tetex_data_t
|
||||||
|
|
||||||
|
/var/cache/fonts(/.*)? system_u:object_r:tetex_data_t
|
||||||
|
|
||||||
|
/var/cache/man(/.*)? system_u:object_r:catman_t
|
||||||
|
|
||||||
|
/var/catman(/.*)? system_u:object_r:catman_t
|
||||||
|
|
||||||
|
/var/spool/texmf(/.*)? system_u:object_r:tetex_data_t
|
15
refpolicy/policy/modules/system/modutils.fc
Normal file
15
refpolicy/policy/modules/system/modutils.fc
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
# Copyright (C) 2005 Tresys Technology, LLC
|
||||||
|
|
||||||
|
/etc/modules\.conf.* -- system_u:object_r:modules_conf_t
|
||||||
|
/etc/modprobe\.conf.* -- system_u:object_r:modules_conf_t
|
||||||
|
|
||||||
|
/lib(64)?/modules/[^/]+/modules\..+ -- system_u:object_r:modules_dep_t
|
||||||
|
|
||||||
|
/lib(64)?/modules/modprobe\.conf -- system_u:object_r:modules_conf_t
|
||||||
|
|
||||||
|
/sbin/depmod.* -- system_u:object_r:depmod_exec_t
|
||||||
|
/sbin/generate-modprobe\.conf -- system_u:object_r:update_modules_exec_t
|
||||||
|
/sbin/insmod.* -- system_u:object_r:insmod_exec_t
|
||||||
|
/sbin/modprobe.* -- system_u:object_r:insmod_exec_t
|
||||||
|
/sbin/rmmod.* -- system_u:object_r:insmod_exec_t
|
||||||
|
/sbin/update-modules -- system_u:object_r:update_modules_exec_t
|
40
refpolicy/policy/modules/system/selinux.fc
Normal file
40
refpolicy/policy/modules/system/selinux.fc
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
# Copyright (C) 2005 Tresys Technology, LLC
|
||||||
|
|
||||||
|
#
|
||||||
|
# /etc
|
||||||
|
#
|
||||||
|
/etc/selinux(/.*)? system_u:object_r:selinux_config_t
|
||||||
|
|
||||||
|
/etc/selinux/([^/]*/)?contexts(/.*)? system_u:object_r:default_context_t
|
||||||
|
|
||||||
|
/etc/selinux/([^/]*/)?contexts/files(/.*)? system_u:object_r:file_context_t
|
||||||
|
|
||||||
|
/etc/selinux/([^/]*/)?policy(/.*)? system_u:object_r:policy_config_t
|
||||||
|
|
||||||
|
/etc/selinux/([^/]*/)?src(/.*)? system_u:object_r:policy_src_t
|
||||||
|
|
||||||
|
#
|
||||||
|
# /root
|
||||||
|
#
|
||||||
|
/root/\.default_contexts -- system_u:object_r:default_context_t
|
||||||
|
|
||||||
|
#
|
||||||
|
# /sbin
|
||||||
|
#
|
||||||
|
/sbin/load_policy -- system_u:object_r:load_policy_exec_t
|
||||||
|
/sbin/restorecon -- system_u:object_r:restorecon_exec_t
|
||||||
|
|
||||||
|
#
|
||||||
|
# /usr
|
||||||
|
#
|
||||||
|
/usr/bin/checkpolicy -- system_u:object_r:checkpolicy_exec_t
|
||||||
|
/usr/bin/newrole -- system_u:object_r:newrole_exec_t
|
||||||
|
|
||||||
|
/usr/lib(64)?/selinux(/.*)? system_u:object_r:policy_src_t
|
||||||
|
|
||||||
|
/usr/sbin/load_policy -- system_u:object_r:load_policy_exec_t
|
||||||
|
/usr/sbin/setfiles.* -- system_u:object_r:setfiles_exec_t
|
||||||
|
|
||||||
|
ifdef(`distro_debian', `
|
||||||
|
/usr/share/selinux(/.*)? system_u:object_r:policy_src_t
|
||||||
|
')
|
40
refpolicy/policy/modules/system/selinuxutil.fc
Normal file
40
refpolicy/policy/modules/system/selinuxutil.fc
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
# Copyright (C) 2005 Tresys Technology, LLC
|
||||||
|
|
||||||
|
#
|
||||||
|
# /etc
|
||||||
|
#
|
||||||
|
/etc/selinux(/.*)? system_u:object_r:selinux_config_t
|
||||||
|
|
||||||
|
/etc/selinux/([^/]*/)?contexts(/.*)? system_u:object_r:default_context_t
|
||||||
|
|
||||||
|
/etc/selinux/([^/]*/)?contexts/files(/.*)? system_u:object_r:file_context_t
|
||||||
|
|
||||||
|
/etc/selinux/([^/]*/)?policy(/.*)? system_u:object_r:policy_config_t
|
||||||
|
|
||||||
|
/etc/selinux/([^/]*/)?src(/.*)? system_u:object_r:policy_src_t
|
||||||
|
|
||||||
|
#
|
||||||
|
# /root
|
||||||
|
#
|
||||||
|
/root/\.default_contexts -- system_u:object_r:default_context_t
|
||||||
|
|
||||||
|
#
|
||||||
|
# /sbin
|
||||||
|
#
|
||||||
|
/sbin/load_policy -- system_u:object_r:load_policy_exec_t
|
||||||
|
/sbin/restorecon -- system_u:object_r:restorecon_exec_t
|
||||||
|
|
||||||
|
#
|
||||||
|
# /usr
|
||||||
|
#
|
||||||
|
/usr/bin/checkpolicy -- system_u:object_r:checkpolicy_exec_t
|
||||||
|
/usr/bin/newrole -- system_u:object_r:newrole_exec_t
|
||||||
|
|
||||||
|
/usr/lib(64)?/selinux(/.*)? system_u:object_r:policy_src_t
|
||||||
|
|
||||||
|
/usr/sbin/load_policy -- system_u:object_r:load_policy_exec_t
|
||||||
|
/usr/sbin/setfiles.* -- system_u:object_r:setfiles_exec_t
|
||||||
|
|
||||||
|
ifdef(`distro_debian', `
|
||||||
|
/usr/share/selinux(/.*)? system_u:object_r:policy_src_t
|
||||||
|
')
|
47
refpolicy/policy/modules/system/sysnetwork.fc
Normal file
47
refpolicy/policy/modules/system/sysnetwork.fc
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
# Copyright (C) 2005 Tresys Technology, LLC
|
||||||
|
|
||||||
|
#
|
||||||
|
# /bin
|
||||||
|
#
|
||||||
|
/bin/ip -- system_u:object_r:ifconfig_exec_t
|
||||||
|
|
||||||
|
#
|
||||||
|
# /etc
|
||||||
|
#
|
||||||
|
/etc/dhclient.*conf -- system_u:object_r:dhcp_etc_t
|
||||||
|
/etc/dhclient-script -- system_u:object_r:dhcp_etc_t
|
||||||
|
/etc/dhcpc.* system_u:object_r:dhcp_etc_t
|
||||||
|
/etc/resolv\.conf.* -- system_u:object_r:net_conf_t
|
||||||
|
/etc/yp\.conf.* -- system_u:object_r:net_conf_t
|
||||||
|
|
||||||
|
/etc/dhcp3?/dhclient.* system_u:object_r:dhcp_etc_t
|
||||||
|
|
||||||
|
#
|
||||||
|
# /sbin
|
||||||
|
#
|
||||||
|
/sbin/dhclient.* -- system_u:object_r:dhcpc_exec_t
|
||||||
|
/sbin/dhcpcd -- system_u:object_r:dhcpc_exec_t
|
||||||
|
/sbin/ethtool -- system_u:object_r:ifconfig_exec_t
|
||||||
|
/sbin/ifconfig -- system_u:object_r:ifconfig_exec_t
|
||||||
|
/sbin/ip -- system_u:object_r:ifconfig_exec_t
|
||||||
|
/sbin/ipx_configure -- system_u:object_r:ifconfig_exec_t
|
||||||
|
/sbin/ipx_interface -- system_u:object_r:ifconfig_exec_t
|
||||||
|
/sbin/ipx_internal_net -- system_u:object_r:ifconfig_exec_t
|
||||||
|
/sbin/iwconfig -- system_u:object_r:ifconfig_exec_t
|
||||||
|
/sbin/mii-tool -- system_u:object_r:ifconfig_exec_t
|
||||||
|
/sbin/pump -- system_u:object_r:dhcpc_exec_t
|
||||||
|
/sbin/tc -- system_u:object_r:ifconfig_exec_t
|
||||||
|
|
||||||
|
#
|
||||||
|
# /usr
|
||||||
|
#
|
||||||
|
/usr/sbin/tc -- system_u:object_r:ifconfig_exec_t
|
||||||
|
|
||||||
|
#
|
||||||
|
# /var
|
||||||
|
#
|
||||||
|
/var/lib/dhcp3? -d system_u:object_r:dhcp_state_t
|
||||||
|
/var/lib/dhcp3?/dhclient.* system_u:object_r:dhcpc_state_t
|
||||||
|
|
||||||
|
/var/run/dhclient.*\.pid -- system_u:object_r:dhcpc_var_run_t
|
||||||
|
/var/run/dhclient.*\.leases -- system_u:object_r:dhcpc_var_run_t
|
18
refpolicy/policy/modules/system/udev.fc
Normal file
18
refpolicy/policy/modules/system/udev.fc
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
# udev
|
||||||
|
|
||||||
|
/dev/\.udev\.tdb -- system_u:object_r:udev_tbl_t
|
||||||
|
/dev/udev\.tbl -- system_u:object_r:udev_tbl_t
|
||||||
|
|
||||||
|
/etc/dev\.d/.+ -- system_u:object_r:udev_helper_exec_t
|
||||||
|
|
||||||
|
/etc/hotplug\.d/default/udev.* -- system_u:object_r:udev_helper_exec_t
|
||||||
|
|
||||||
|
/etc/udev/scripts/.+ -- system_u:object_r:udev_helper_exec_t
|
||||||
|
|
||||||
|
/sbin/start_udev -- system_u:object_r:udev_exec_t
|
||||||
|
/sbin/udev -- system_u:object_r:udev_exec_t
|
||||||
|
/sbin/udevd -- system_u:object_r:udev_exec_t
|
||||||
|
/sbin/udevsend -- system_u:object_r:udev_exec_t
|
||||||
|
/sbin/wait_for_sysfs -- system_u:object_r:udev_exec_t
|
||||||
|
|
||||||
|
/usr/bin/udevinfo -- system_u:object_r:udev_exec_t
|
Loading…
Reference in New Issue
Block a user