# Copyright (C) 2005 Tresys Technology, LLC # # / # /.* system_u:object_r:default_t / -d system_u:object_r:root_t /\.journal <> # # /boot # /boot/\.journal <> /boot/lost\+found(/.*)? system_u:object_r:lost_found_t # # /etc # /etc(/.*)? system_u:object_r:etc_t /etc/\.fstab\.hal\..+ -- system_u:object_r:etc_runtime_t /etc/asound\.state -- system_u:object_r:etc_runtime_t /etc/blkid\.tab.* -- system_u:object_r:etc_runtime_t /etc/fstab\.REVOKE -- system_u:object_r:etc_runtime_t /etc/HOSTNAME -- system_u:object_r:etc_runtime_t /etc/ioctl\.save -- system_u:object_r:etc_runtime_t /etc/issue -- system_u:object_r:etc_runtime_t /etc/issue\.net -- system_u:object_r:etc_runtime_t /etc/localtime -l system_u:object_r:etc_t /etc/mtab -- system_u:object_r:etc_runtime_t /etc/motd -- system_u:object_r:etc_runtime_t /etc/nohotplug -- system_u:object_r:etc_runtime_t /etc/nologin.* -- system_u:object_r:etc_runtime_t /etc/init\.d/functions -- system_u:object_r:etc_t /etc/network/ifstate -- system_u:object_r:etc_runtime_t /etc/ptal/ptal-printd-like -- system_u:object_r:etc_runtime_t /etc/rc\.d/init\.d/functions -- system_u:object_r:etc_t /etc/sysconfig/hwconf -- system_u:object_r:etc_runtime_t /etc/sysconfig/iptables\.save -- system_u:object_r:etc_runtime_t /etc/sysconfig/firstboot -- system_u:object_r:etc_runtime_t ifdef(`distro_gentoo', ` /etc/profile\.env -- system_u:object_r:etc_runtime_t /etc/csh\.env -- system_u:object_r:etc_runtime_t /etc/env\.d/.* -- system_u:object_r:etc_runtime_t ') # # /initrd # # initrd mount point, only used during boot /initrd -d system_u:object_r:root_t # # /lost+found # /lost\+found(/.*)? system_u:object_r:lost_found_t # # /media # # Mount points; do not relabel subdirectories, since # we don't want to change any removable media by default. /media(/[^/]*)? -d system_u:object_r:mnt_t /media/[^/]*/.* <> # # /mnt # /mnt(/[^/]*)? -d system_u:object_r:mnt_t /mnt/[^/]*/.* <> # # /opt # /opt(/.*)? system_u:object_r:usr_t /opt/.*/var/lib(64)?(/.*)? system_u:object_r:var_lib_t # # /proc # /proc(/.*)? <> # # /selinux # /selinux(/.*)? <> # # /sys # /sys(/.*)? <> # # /tmp # /tmp -d system_u:object_r:tmp_t /tmp/.* <> /tmp/\.journal <> /tmp/lost\+found(/.*)? system_u:object_r:lost_found_t # # /usr # /usr(/.*)? system_u:object_r:usr_t /usr/\.journal <> /usr/lost\+found(/.*)? system_u:object_r:lost_found_t /usr/etc(/.*)? system_u:object_r:etc_t /usr/inclu.e(/.*)? system_u:object_r:usr_t /usr/local/\.journal <> /usr/local/lost\+found(/.*)? system_u:object_r:lost_found_t /usr/share(/.*)?/lib(64)?(/.*)? system_u:object_r:usr_t /usr/src(/.*)? system_u:object_r:src_t /usr/tmp -d system_u:object_r:tmp_t /usr/tmp/.* <> # # /var # /var(/.*)? system_u:object_r:var_t /var/\.journal <> /var/lost\+found(/.*)? system_u:object_r:lost_found_t /var/db/.*\.db -- system_u:object_r:etc_t /var/ftp/etc(/.*)? system_u:object_r:etc_t /var/lib/nfs/rpc_pipefs(/.*)? <> /usr/local/etc(/.*)? system_u:object_r:etc_t /usr/local/src(/.*)? system_u:object_r:src_t /var/lock(/.*)? system_u:object_r:var_lock_t /var/run(/.*)? system_u:object_r:var_run_t /var/run/.*\.*pid <> /var/spool(/.*)? system_u:object_r:var_spool_t /var/tmp -d system_u:object_r:tmp_t /var/tmp/.* <> /var/tmp/vi\.recover -d system_u:object_r:tmp_t