# Copyright (C) 2005 Tresys Technology, LLC policy_module(files,1.0) attribute file_type; attribute lockfile; attribute pidfile; attribute tmpfile; attribute mountpoint; # default_t is the default type for files that do not # match any specification in the file_contexts configuration # other than the generic /.* specification. type default_t, file_type, mountpoint; filesystem_associate(default_t) filesystem_noxattr_associate(default_t) # # etc_t is the type of the system etc directories. # type etc_t, file_type; filesystem_associate(etc_t) filesystem_noxattr_associate(etc_t) # # etc_runtime_t is the type of various # files in /etc that are automatically # generated during initialization. # type etc_runtime_t, file_type; filesystem_associate(etc_runtime_t) filesystem_noxattr_associate(etc_runtime_t) # # file_t is the default type of a file that has not yet been # assigned an extended attribute (EA) value (when using a filesystem # that supports EAs). # type file_t, file_type, mountpoint; filesystem_associate(file_t) filesystem_noxattr_associate(file_t) kernel_make_root_filesystem_mountpoint(file_t) # # home_root_t is the type for the directory where user home directories # are created # type home_root_t, file_type, mountpoint; filesystem_associate(home_root_t) filesystem_noxattr_associate(home_root_t) # # lost_found_t is the type for the lost+found directories. # type lost_found_t, file_type; filesystem_associate(lost_found_t) filesystem_noxattr_associate(lost_found_t) # # mnt_t is the type for mount points such as /mnt/cdrom # type mnt_t, file_type, mountpoint; filesystem_associate(mnt_t) filesystem_noxattr_associate(mnt_t) type no_access_t, file_type; filesystem_associate(no_access_t) filesystem_noxattr_associate(no_access_t) type poly_t, file_type; filesystem_associate(poly_t) filesystem_noxattr_associate(poly_t) type readable_t, file_type; filesystem_associate(readable_t) filesystem_noxattr_associate(readable_t) # # root_t is the type for rootfs and the root directory. # type root_t, file_type, mountpoint; filesystem_associate(root_t) filesystem_noxattr_associate(root_t) kernel_read_directory_from(root_t) kernel_make_root_filesystem_mountpoint(root_t) genfscon rootfs / context_template(system_u:object_r:root_t,s0) # # src_t is the type of files in the system src directories. # type src_t, file_type; filesystem_associate(src_t) filesystem_noxattr_associate(src_t) # # tmp_t is the type of the temporary directories # type tmp_t, file_type, tmpfile, mountpoint; filesystem_associate(tmp_t) filesystem_noxattr_associate(tmp_t) # # usr_t is the type for /usr. # type usr_t, file_type, mountpoint; filesystem_associate(usr_t) filesystem_noxattr_associate(usr_t) # # var_t is the type of /var # type var_t, file_type, mountpoint; filesystem_associate(var_t) filesystem_noxattr_associate(var_t) # # var_lib_t is the type of /var/lib # type var_lib_t, file_type; filesystem_associate(var_lib_t) filesystem_noxattr_associate(var_lib_t) # # var_lock_t is tye type of /var/lock # type var_lock_t, file_type, lockfile; filesystem_associate(var_lock_t) filesystem_noxattr_associate(var_lock_t) # # var_run_t is the type of /var/run, usually # used for pid and other runtime files. # type var_run_t, file_type, pidfile; filesystem_associate(var_run_t) filesystem_noxattr_associate(var_run_t) # # var_spool_t is the type of /var/spool # type var_spool_t, file_type; filesystem_associate(var_spool_t) filesystem_noxattr_associate(var_spool_t)