selinux-refpolicy/refpolicy/policy/modules/system/files.fc

193 lines
5.8 KiB
Plaintext
Raw Normal View History

2005-05-10 19:51:00 +00:00
#
# /
#
2005-05-18 21:02:15 +00:00
/.* context_template(system_u:object_r:default_t,s0)
/ -d context_template(system_u:object_r:root_t,s0)
2005-05-10 19:51:00 +00:00
/\.journal <<none>>
2005-09-13 13:06:07 +00:00
ifdef(`distro_redhat',`
/\.autofsck -- context_template(system_u:object_r:etc_runtime_t,s0)
/\.autorelabel -- context_template(system_u:object_r:etc_runtime_t,s0)
/fastboot -- context_template(system_u:object_r:etc_runtime_t,s0)
/forcefsck -- context_template(system_u:object_r:etc_runtime_t,s0)
/fsckoptions -- context_template(system_u:object_r:etc_runtime_t,s0)
2005-09-14 18:33:53 +00:00
/halt -- context_template(system_u:object_r:etc_runtime_t,s0)
2005-09-13 13:06:07 +00:00
/poweroff -- context_template(system_u:object_r:etc_runtime_t,s0)
')
2005-05-10 19:51:00 +00:00
#
# /boot
#
/boot/\.journal <<none>>
2005-09-16 19:36:10 +00:00
/boot/lost\+found -d context_template(system_u:object_r:lost_found_t,s0)
/boot/lost\+found/.* <<none>>
2005-05-10 19:51:00 +00:00
#
# /etc
#
2005-05-18 21:02:15 +00:00
/etc(/.*)? context_template(system_u:object_r:etc_t,s0)
/etc/\.fstab\.hal\..+ -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/asound\.state -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/blkid\.tab.* -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/fstab\.REVOKE -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/HOSTNAME -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/ioctl\.save -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/issue -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/issue\.net -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/localtime -l context_template(system_u:object_r:etc_t,s0)
/etc/mtab -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/motd -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/nohotplug -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/nologin.* -- context_template(system_u:object_r:etc_runtime_t,s0)
2005-05-10 19:51:00 +00:00
2005-05-18 21:02:15 +00:00
/etc/init\.d/functions -- context_template(system_u:object_r:etc_t,s0)
2005-09-13 13:06:07 +00:00
ifdef(`distro_suse',`
/etc/init\.d/\.depend.* -- context_template(system_u:object_r:etc_runtime_t,s0)
')
2005-05-10 19:51:00 +00:00
2005-07-14 18:15:47 +00:00
/etc/ipsec\.d/examples(/.*)? context_template(system_u:object_r:etc_t,s0)
2005-05-18 21:02:15 +00:00
/etc/network/ifstate -- context_template(system_u:object_r:etc_runtime_t,s0)
2005-05-10 20:06:04 +00:00
2005-05-18 21:02:15 +00:00
/etc/ptal/ptal-printd-like -- context_template(system_u:object_r:etc_runtime_t,s0)
2005-05-10 19:51:00 +00:00
2005-05-18 21:02:15 +00:00
/etc/rc\.d/init\.d/functions -- context_template(system_u:object_r:etc_t,s0)
2005-05-10 19:51:00 +00:00
2005-05-18 21:02:15 +00:00
/etc/sysconfig/hwconf -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/sysconfig/iptables\.save -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/sysconfig/firstboot -- context_template(system_u:object_r:etc_runtime_t,s0)
2005-05-10 19:51:00 +00:00
ifdef(`distro_gentoo', `
2005-05-18 21:02:15 +00:00
/etc/profile\.env -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/csh\.env -- context_template(system_u:object_r:etc_runtime_t,s0)
/etc/env\.d/.* -- context_template(system_u:object_r:etc_runtime_t,s0)
2005-05-10 19:51:00 +00:00
')
2005-06-08 22:32:43 +00:00
# HOME_ROOT expands to all valid home directory prefixes found in /etc/passwd
HOME_ROOT -d context_template(system_u:object_r:home_root_t,s0)
HOME_ROOT/\.journal <<none>>
2005-09-16 19:36:10 +00:00
HOME_ROOT/lost\+found -d context_template(system_u:object_r:lost_found_t,s0)
HOME_ROOT/lost\+found/.* <<none>>
2005-06-08 22:32:43 +00:00
2005-05-10 19:51:00 +00:00
#
# /initrd
#
# initrd mount point, only used during boot
2005-05-18 21:02:15 +00:00
/initrd -d context_template(system_u:object_r:root_t,s0)
2005-05-10 19:51:00 +00:00
#
# /lost+found
#
2005-09-16 19:36:10 +00:00
/lost\+found -d context_template(system_u:object_r:lost_found_t,s0)
/lost\+found/.* <<none>>
2005-05-10 19:51:00 +00:00
#
# /media
#
# Mount points; do not relabel subdirectories, since
# we don't want to change any removable media by default.
2005-05-18 21:02:15 +00:00
/media(/[^/]*)? -d context_template(system_u:object_r:mnt_t,s0)
2005-05-10 19:51:00 +00:00
/media/[^/]*/.* <<none>>
#
# /mnt
#
2005-05-18 21:02:15 +00:00
/mnt(/[^/]*)? -d context_template(system_u:object_r:mnt_t,s0)
2005-05-10 19:51:00 +00:00
/mnt/[^/]*/.* <<none>>
#
# /opt
#
2005-05-18 21:02:15 +00:00
/opt(/.*)? context_template(system_u:object_r:usr_t,s0)
2005-05-10 19:51:00 +00:00
2005-09-16 19:36:10 +00:00
/opt/(.*)?/var/lib(64)?(/.*)? context_template(system_u:object_r:var_lib_t,s0)
2005-05-10 19:51:00 +00:00
#
# /proc
#
/proc(/.*)? <<none>>
#
# /selinux
#
/selinux(/.*)? <<none>>
2005-09-16 19:36:10 +00:00
#
# /srv
#
/srv(/.*)? context_template(system_u:object_r:var_t,s0)
2005-05-10 19:51:00 +00:00
#
# /sys
#
/sys(/.*)? <<none>>
#
# /tmp
#
2005-05-18 21:02:15 +00:00
/tmp -d context_template(system_u:object_r:tmp_t,s0)
2005-05-10 19:51:00 +00:00
/tmp/.* <<none>>
/tmp/\.journal <<none>>
2005-09-16 19:36:10 +00:00
/tmp/lost\+found -d context_template(system_u:object_r:lost_found_t,s0)
/tmp/lost\+found/.* <<none>>
2005-05-10 19:51:00 +00:00
#
# /usr
#
2005-05-18 21:02:15 +00:00
/usr(/.*)? context_template(system_u:object_r:usr_t,s0)
2005-05-10 19:51:00 +00:00
/usr/\.journal <<none>>
2005-05-18 21:02:15 +00:00
/usr/etc(/.*)? context_template(system_u:object_r:etc_t,s0)
2005-05-10 19:51:00 +00:00
2005-05-18 21:02:15 +00:00
/usr/inclu.e(/.*)? context_template(system_u:object_r:usr_t,s0)
2005-05-10 19:51:00 +00:00
/usr/local/\.journal <<none>>
2005-05-27 20:29:17 +00:00
/usr/local/etc(/.*)? context_template(system_u:object_r:etc_t,s0)
2005-09-16 19:36:10 +00:00
/usr/local/lost\+found -d context_template(system_u:object_r:lost_found_t,s0)
/usr/local/lost\+found/.* <<none>>
2005-05-10 19:51:00 +00:00
2005-05-27 20:29:17 +00:00
/usr/local/src(/.*)? context_template(system_u:object_r:src_t,s0)
2005-09-16 19:36:10 +00:00
/usr/lost\+found -d context_template(system_u:object_r:lost_found_t,s0)
/usr/lost\+found/.* <<none>>
2005-05-18 21:02:15 +00:00
/usr/share(/.*)?/lib(64)?(/.*)? context_template(system_u:object_r:usr_t,s0)
2005-05-10 19:51:00 +00:00
2005-05-18 21:02:15 +00:00
/usr/src(/.*)? context_template(system_u:object_r:src_t,s0)
2005-05-10 19:51:00 +00:00
2005-05-18 21:02:15 +00:00
/usr/tmp -d context_template(system_u:object_r:tmp_t,s0)
2005-05-10 19:51:00 +00:00
/usr/tmp/.* <<none>>
#
# /var
#
2005-05-18 21:02:15 +00:00
/var(/.*)? context_template(system_u:object_r:var_t,s0)
2005-05-10 19:51:00 +00:00
/var/\.journal <<none>>
2005-05-18 21:02:15 +00:00
/var/db/.*\.db -- context_template(system_u:object_r:etc_t,s0)
2005-05-10 19:51:00 +00:00
2005-05-18 21:02:15 +00:00
/var/ftp/etc(/.*)? context_template(system_u:object_r:etc_t,s0)
2005-05-10 19:51:00 +00:00
2005-05-27 20:29:17 +00:00
/var/lib(/.*)? context_template(system_u:object_r:var_lib_t,s0)
2005-05-10 19:51:00 +00:00
2005-05-27 20:29:17 +00:00
/var/lib/nfs/rpc_pipefs(/.*)? <<none>>
2005-05-10 19:51:00 +00:00
2005-05-18 21:02:15 +00:00
/var/lock(/.*)? context_template(system_u:object_r:var_lock_t,s0)
2005-05-10 19:51:00 +00:00
2005-09-16 19:36:10 +00:00
/var/lost\+found -d context_template(system_u:object_r:lost_found_t,s0)
/var/lost\+found/.* <<none>>
2005-05-27 20:29:17 +00:00
2005-05-18 21:02:15 +00:00
/var/run(/.*)? context_template(system_u:object_r:var_run_t,s0)
2005-05-10 19:51:00 +00:00
/var/run/.*\.*pid <<none>>
2005-05-18 21:02:15 +00:00
/var/spool(/.*)? context_template(system_u:object_r:var_spool_t,s0)
2005-05-10 19:51:00 +00:00
2005-05-18 21:02:15 +00:00
/var/tmp -d context_template(system_u:object_r:tmp_t,s0)
2005-05-10 19:51:00 +00:00
/var/tmp/.* <<none>>
2005-09-16 19:36:10 +00:00
/var/tmp/lost\+found -d context_template(system_u:object_r:lost_found_t,s0)
/var/tmp/lost\+found/.* <<none>>
2005-05-18 21:02:15 +00:00
/var/tmp/vi\.recover -d context_template(system_u:object_r:tmp_t,s0)