960373dddd
can_exec($1,exec_type)
117 lines
3.1 KiB
Plaintext
117 lines
3.1 KiB
Plaintext
# Copyright (C) 2005 Tresys Technology, LLC
|
|
|
|
policy_module(filesystem,1.0)
|
|
|
|
attribute fs_type;
|
|
|
|
########################################
|
|
#
|
|
# fs_t is the default type for persistent
|
|
# filesystems with extended attributes
|
|
#
|
|
type fs_t, fs_type;
|
|
|
|
########################################
|
|
#
|
|
# Non-persistent/pseudo filesystems
|
|
#
|
|
type bdev_t, fs_type;
|
|
genfscon bdev / system_u:object_r:bdev_t
|
|
|
|
type binfmt_misc_fs_t, fs_type;
|
|
genfscon binfmt_misc / system_u:object_r:binfmt_misc_fs_t
|
|
|
|
type eventpollfs_t, fs_type;
|
|
genfscon eventpollfs / system_u:object_r:eventpollfs_t
|
|
|
|
type futexfs_t, fs_type;
|
|
genfscon futexfs / system_u:object_r:futexfs_t
|
|
|
|
type nfsd_fs_t, fs_type;
|
|
genfscon nfsd / system_u:object_r:nfsd_fs_t
|
|
|
|
type ramfs_t, fs_type;
|
|
allow ramfs_t self:filesystem associate;
|
|
genfscon ramfs / system_u:object_r:ramfs_t
|
|
|
|
type romfs_t, fs_type;
|
|
allow romfs_t self:filesystem associate;
|
|
genfscon romfs / system_u:object_r:romfs_t
|
|
genfscon cramfs / system_u:object_r:romfs_t
|
|
|
|
type rpc_pipefs_t, fs_type;
|
|
genfscon rpc_pipefs / system_u:object_r:rpc_pipefs_t
|
|
|
|
#
|
|
# tmpfs_t is the type for tmpfs filesystems
|
|
#
|
|
type tmpfs_t, fs_type;
|
|
allow tmpfs_t self:filesystem associate;
|
|
allow tmpfs_t autofs_t:filesystem associate;
|
|
allow tmpfs_t cifs_t:filesystem associate;
|
|
allow tmpfs_t dosfs_t:filesystem associate;
|
|
allow tmpfs_t iso9660_t:filesystem associate;
|
|
allow tmpfs_t nfs_t:filesystem associate;
|
|
allow tmpfs_t removable_t:filesystem associate;
|
|
allow tmpfs_t usbfs_t:filesystem associate;
|
|
|
|
########################################
|
|
#
|
|
# Filesystems without extended attribute support
|
|
#
|
|
type autofs_t, fs_type;
|
|
allow autofs_t self:filesystem associate;
|
|
genfscon autofs / system_u:object_r:autofs_t
|
|
genfscon automount / system_u:object_r:autofs_t
|
|
|
|
#
|
|
# cifs_t is the type for filesystems and their
|
|
# files shared from Windows servers
|
|
#
|
|
type cifs_t alias sambafs_t, fs_type;
|
|
allow cifs_t self:filesystem associate;
|
|
genfscon cifs / system_u:object_r:cifs_t
|
|
genfscon smbfs / system_u:object_r:cifs_t
|
|
|
|
#
|
|
# dosfs_t is the type for fat and vfat
|
|
# filesystems and their files.
|
|
#
|
|
type dosfs_t, fs_type;
|
|
allow dosfs_t self:filesystem associate;
|
|
genfscon vfat / system_u:object_r:dosfs_t
|
|
genfscon msdos / system_u:object_r:dosfs_t
|
|
genfscon fat / system_u:object_r:dosfs_t
|
|
genfscon ntfs / system_u:object_r:dosfs_t
|
|
|
|
#
|
|
# iso9660_t is the type for CD filesystems
|
|
# and their files.
|
|
#
|
|
type iso9660_t, fs_type;
|
|
allow iso9660_t self:filesystem associate;
|
|
genfscon iso9660 / system_u:object_r:iso9660_t
|
|
genfscon udf / system_u:object_r:iso9660_t
|
|
|
|
#
|
|
# removable_t is the default type of all removable media
|
|
#
|
|
type removable_t, fs_type;
|
|
allow removable_t self:filesystem associate;
|
|
allow removable_t autofs_t:filesystem associate;
|
|
allow removable_t cifs_t:filesystem associate;
|
|
allow removable_t dosfs_t:filesystem associate;
|
|
allow removable_t iso9660_t:filesystem associate;
|
|
allow removable_t nfs_t:filesystem associate;
|
|
allow removable_t usbfs_t:filesystem associate;
|
|
|
|
#
|
|
# nfs_t is the default type for NFS file systems
|
|
# and their files.
|
|
#
|
|
type nfs_t, fs_type;
|
|
allow nfs_t self:filesystem associate;
|
|
genfscon nfs / system_u:object_r:nfs_t
|
|
genfscon nfs4 / system_u:object_r:nfs_t
|
|
genfscon afs / system_u:object_r:nfs_t
|