files: no default types for /run and /var/lock

encourage private types for /run and /var/lock by not providing default contexts anymore
This commit is contained in:
cgzones 2017-02-16 16:08:47 +01:00
parent d9980666a4
commit 7ff92a886a
1 changed files with 5 additions and 6 deletions

View File

@ -155,11 +155,7 @@ HOME_ROOT/lost\+found/.* <<none>>
#
/run -d gen_context(system_u:object_r:var_run_t,s0-mls_systemhigh)
/run -l gen_context(system_u:object_r:var_run_t,s0)
/run/.* gen_context(system_u:object_r:var_run_t,s0)
/run/.*\.*pid <<none>>
/run/lock -d gen_context(system_u:object_r:var_lock_t,s0)
/run/lock -l gen_context(system_u:object_r:var_lock_t,s0)
/run/.* <<none>>
#
# /selinux
@ -243,7 +239,10 @@ ifndef(`distro_redhat',`
/var/lib/nfs/rpc_pipefs(/.*)? <<none>>
/var/lock(/.*)? gen_context(system_u:object_r:var_lock_t,s0)
/var/lock -d gen_context(system_u:object_r:var_lock_t,s0-mls_systemhigh)
/var/lock -l gen_context(system_u:object_r:var_lock_t,s0)
/var/lock/subsys -d gen_context(system_u:object_r:var_lock_t,s0-mls_systemhigh)
/var/lock/.* <<none>>
/var/log/lost\+found -d gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
/var/log/lost\+found/.* <<none>>