32 lines
1.4 KiB
Plaintext
32 lines
1.4 KiB
Plaintext
#
|
|
# Define the labeling behavior for inodes in particular filesystem types.
|
|
# This information was formerly hardcoded in the SELinux module.
|
|
|
|
# Use xattrs for the following filesystem types.
|
|
# Requires that a security xattr handler exist for the filesystem.
|
|
fs_use_xattr ext2 system_u:object_r:fs_t;
|
|
fs_use_xattr ext3 system_u:object_r:fs_t;
|
|
fs_use_xattr xfs system_u:object_r:fs_t;
|
|
fs_use_xattr jfs system_u:object_r:fs_t;
|
|
|
|
# Use the allocating task SID to label inodes in the following filesystem
|
|
# types, and label the filesystem itself with the specified context.
|
|
# This is appropriate for pseudo filesystems that represent objects
|
|
# like pipes and sockets, so that these objects are labeled with the same
|
|
# type as the creating task.
|
|
fs_use_task pipefs system_u:object_r:fs_t;
|
|
fs_use_task sockfs system_u:object_r:fs_t;
|
|
|
|
# Use a transition SID based on the allocating task SID and the
|
|
# filesystem SID to label inodes in the following filesystem types,
|
|
# and label the filesystem itself with the specified context.
|
|
# This is appropriate for pseudo filesystems like devpts and tmpfs
|
|
# where we want to label objects with a derived type.
|
|
fs_use_trans devpts system_u:object_r:devpts_t;
|
|
fs_use_trans tmpfs system_u:object_r:tmpfs_t;
|
|
fs_use_trans shm system_u:object_r:tmpfs_t;
|
|
|
|
# The separate genfs_contexts configuration can be used for filesystem
|
|
# types that cannot support persistent label mappings or use
|
|
# one of the fixed label schemes specified here.
|