9461b60657
Remove permissive domain from cmirrord and dontaudit sys_tty_config Split out unconfined_domain() calls from other unconfined_ calls so we can disable unconfined.pp and leave unconfineduser virt needs to be able to read processes to clearance for MLS
18 lines
1.0 KiB
Plaintext
18 lines
1.0 KiB
Plaintext
HOME_DIR -d gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
|
|
HOME_DIR -l gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
|
|
HOME_DIR/.+ gen_context(system_u:object_r:user_home_t,s0)
|
|
/tmp/gconfd-USER -d gen_context(system_u:object_r:user_tmp_t,s0)
|
|
/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
|
|
/root/\.cert(/.*)? gen_context(system_u:object_r:home_cert_t,s0)
|
|
/root/\.debug(/.*)? <<none>>
|
|
/dev/shm/pulse-shm.* gen_context(system_u:object_r:user_tmpfs_t,s0)
|
|
/dev/shm/mono.* gen_context(system_u:object_r:user_tmpfs_t,s0)
|
|
HOME_DIR/bin(/.*)? gen_context(system_u:object_r:home_bin_t,s0)
|
|
HOME_DIR/local/bin(/.*)? gen_context(system_u:object_r:home_bin_t,s0)
|
|
HOME_DIR/Audio(/.*)? gen_context(system_u:object_r:audio_home_t,s0)
|
|
HOME_DIR/Music(/.*)? gen_context(system_u:object_r:audio_home_t,s0)
|
|
HOME_DIR/\.cert(/.*)? gen_context(system_u:object_r:home_cert_t,s0)
|
|
HOME_DIR/\.pki(/.*)? gen_context(system_u:object_r:home_cert_t,s0)
|
|
HOME_DIR/\.gvfs(/.*)? <<none>>
|
|
HOME_DIR/\.debug(/.*)? <<none>>
|