rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity
13a4943d30
selinux-policy/mls/initial_sid_contexts
Chris PeBenito 31b7c0551d add fc mls policy
2005-11-22 19:28:03 +00:00

47 lines
2.0 KiB
Plaintext
Raw Blame History

# FLASK
#
# Define the security context for each initial SID
# sid sidname context
sid kernel system_u:system_r:kernel_t:s15:c0.c255
sid security system_u:object_r:security_t:s15:c0.c255
sid unlabeled system_u:object_r:unlabeled_t:s15:c0.c255
sid fs system_u:object_r:fs_t:s0
sid file system_u:object_r:file_t:s0
# Persistent label mapping is gone. This initial SID can be removed.
sid file_labels system_u:object_r:unlabeled_t:s15:c0.c255
# init_t is still used, but an initial SID is no longer required.
sid init system_u:object_r:unlabeled_t:s15:c0.c255
# any_socket is no longer used.
sid any_socket system_u:object_r:unlabeled_t:s15:c0.c255
sid port system_u:object_r:port_t:s0
sid netif system_u:object_r:netif_t:s0
# netmsg is no longer used.
sid netmsg system_u:object_r:unlabeled_t:s15:c0.c255
sid node system_u:object_r:node_t:s0
# These sockets are now labeled with the kernel SID,
# and do not require their own initial SIDs.
sid igmp_packet system_u:object_r:unlabeled_t:s15:c0.c255
sid icmp_socket system_u:object_r:unlabeled_t:s15:c0.c255
sid tcp_socket system_u:object_r:unlabeled_t:s15:c0.c255
# Most of the sysctl SIDs are now computed at runtime
# from genfs_contexts, so the corresponding initial SIDs
# are no longer required.
sid sysctl_modprobe system_u:object_r:unlabeled_t:s15:c0.c255
# But we still need the base sysctl initial SID as a default.
sid sysctl system_u:object_r:sysctl_t:s0
sid sysctl_fs system_u:object_r:unlabeled_t:s15:c0.c255
sid sysctl_kernel system_u:object_r:unlabeled_t:s15:c0.c255
sid sysctl_net system_u:object_r:unlabeled_t:s15:c0.c255
sid sysctl_net_unix system_u:object_r:unlabeled_t:s15:c0.c255
sid sysctl_vm system_u:object_r:unlabeled_t:s15:c0.c255
sid sysctl_dev system_u:object_r:unlabeled_t:s15:c0.c255
# No longer used, can be removed.
sid kmod system_u:object_r:unlabeled_t:s15:c0.c255
sid policy system_u:object_r:unlabeled_t:s15:c0.c255
sid scmp_packet system_u:object_r:unlabeled_t:s15:c0.c255
sid devnull system_u:object_r:null_device_t:s0
# FLASK
Reference in New Issue View Git Blame Copy Permalink