selinux-refpolicy/policy/modules/kernel/corecommands.fc

433 lines
25 KiB
Plaintext
Raw Normal View History

2005-05-10 19:51:00 +00:00
#
# /dev
#
2007-03-23 23:24:59 +00:00
/dev/MAKEDEV -- gen_context(system_u:object_r:bin_t,s0)
2005-11-03 18:08:36 +00:00
#
# /emul
#
ifdef(`distro_redhat',`
/emul/ia32-linux/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
2007-03-23 23:24:59 +00:00
/emul/ia32-linux/sbin(/.*)? gen_context(system_u:object_r:bin_t,s0)
2005-11-03 18:08:36 +00:00
/emul/ia32-linux/usr(/.*)?/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/emul/ia32-linux/usr(/.*)?/Bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
2007-03-23 23:24:59 +00:00
/emul/ia32-linux/usr(/.*)?/sbin(/.*)? gen_context(system_u:object_r:bin_t,s0)
2005-11-03 18:08:36 +00:00
/emul/ia32-linux/usr/libexec(/.*)? gen_context(system_u:object_r:bin_t,s0)
')
2005-05-10 19:51:00 +00:00
#
# /etc
#
2009-06-11 15:00:48 +00:00
/etc/acpi/actions(/.*)? gen_context(system_u:object_r:bin_t,s0)
2007-12-12 15:55:21 +00:00
/etc/apcupsd/apccontrol -- gen_context(system_u:object_r:bin_t,s0)
/etc/apcupsd/changeme -- gen_context(system_u:object_r:bin_t,s0)
/etc/apcupsd/commfailure -- gen_context(system_u:object_r:bin_t,s0)
/etc/apcupsd/commok -- gen_context(system_u:object_r:bin_t,s0)
/etc/apcupsd/masterconnect -- gen_context(system_u:object_r:bin_t,s0)
/etc/apcupsd/mastertimeout -- gen_context(system_u:object_r:bin_t,s0)
/etc/apcupsd/offbattery -- gen_context(system_u:object_r:bin_t,s0)
/etc/apcupsd/onbattery -- gen_context(system_u:object_r:bin_t,s0)
2010-03-05 15:51:39 +00:00
/etc/avahi/.*\.action -- gen_context(system_u:object_r:bin_t,s0)
2006-03-24 19:22:19 +00:00
/etc/cipe/ip-up.* -- gen_context(system_u:object_r:bin_t,s0)
/etc/cipe/ip-down.* -- gen_context(system_u:object_r:bin_t,s0)
/etc/ConsoleKit/run-seat\.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
/etc/ConsoleKit/run-session\.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
2008-12-02 22:40:49 +00:00
2010-03-05 15:51:39 +00:00
/etc/cron.daily(/.*)? gen_context(system_u:object_r:bin_t,s0)
/etc/cron.hourly(/.*)? gen_context(system_u:object_r:bin_t,s0)
/etc/cron.weekly(/.*)? gen_context(system_u:object_r:bin_t,s0)
/etc/cron.monthly(/.*)? gen_context(system_u:object_r:bin_t,s0)
2007-10-29 18:35:32 +00:00
2009-11-23 18:47:36 +00:00
/etc/dhcp/dhclient\.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
2007-03-23 23:24:59 +00:00
/etc/hotplug/.*agent -- gen_context(system_u:object_r:bin_t,s0)
/etc/hotplug/.*rc -- gen_context(system_u:object_r:bin_t,s0)
/etc/hotplug/hotplug\.functions -- gen_context(system_u:object_r:bin_t,s0)
/etc/hotplug\.d/default/default.* gen_context(system_u:object_r:bin_t,s0)
2005-05-10 19:51:00 +00:00
/etc/kde/env(/.*)? gen_context(system_u:object_r:bin_t,s0)
/etc/kde/shutdown(/.*)? gen_context(system_u:object_r:bin_t,s0)
2009-03-05 14:43:03 +00:00
/etc/mail/make -- gen_context(system_u:object_r:bin_t,s0)
2012-08-08 12:44:07 +00:00
/etc/mcelog/.*-error-trigger -- gen_context(system_u:object_r:bin_t,s0)
/etc/mcelog/.*\.local -- gen_context(system_u:object_r:bin_t,s0)
ifdef(`distro_redhat',`
label /etc/mcelog/mcelog.setup correctly (for RHEL) I am seeing the following denials when mcelog.service is attempting to execute /etc/mcelog/mcelog.setup (on RHEL 7). It should be labeled bin_t. Sep 21 02:45:50 localhost audit: type=AVC msg=audit(1505961383.859:28): avc: denied { execute } for pid=626 comm="(og.setup)" name="mcelog.setup" dev="dm-0" ino=718731 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mcelog_etc_t:s0 tclass=file Sep 21 02:45:50 localhost audit: type=AVC msg=audit(1505961383.859:28): avc: denied { read open } for pid=626 comm="(og.setup)" path="/etc/mcelog/mcelog.setup" dev="dm-0" ino=718731 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mcelog_etc_t:s0 tclass=file Sep 21 02:45:50 localhost audit: type=AVC msg=audit(1505961383.859:28): avc: denied { execute_no_trans } for pid=626 comm="(og.setup)" path="/etc/mcelog/mcelog.setup" dev="dm-0" ino=718731 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mcelog_etc_t:s0 tclass=file Sep 21 02:45:50 localhost audit: type=SYSCALL msg=audit(1505961383.859:28): arch=c000003e syscall=59 success=yes exit=0 a0=55a0ddd00260 a1=55a0ddcd1be0 a2=55a0ddd02e90 a3=3 items=3 ppid=1 pid=626 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mcelog.setup" exe="/usr/bin/bash" subj=system_u:system_r:init_t:s0 key=(null) Sep 21 02:45:50 localhost audit: type=EXECVE msg=audit(1505961383.859:28): argc=2 a0="/bin/sh" a1="/etc/mcelog/mcelog.setup" Sep 21 02:45:50 localhost audit: type=PATH msg=audit(1505961383.859:28): item=0 name="/etc/mcelog/mcelog.setup" inode=718731 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:mcelog_etc_t:s0 objtype=NORMAL Sep 21 02:45:50 localhost audit: type=AVC msg=audit(1505961383.862:29): avc: denied { ioctl } for pid=626 comm="mcelog.setup" path="/etc/mcelog/mcelog.setup" dev="dm-0" ino=718731 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mcelog_etc_t:s0 tclass=file Sep 21 02:45:50 localhost audit: type=SYSCALL msg=audit(1505961383.862:29): arch=c000003e syscall=16 success=no exit=-25 a0=3 a1=5401 a2=7ffec57f28f0 a3=7ffec57f2690 items=0 ppid=1 pid=626 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mcelog.setup" exe="/usr/bin/bash" subj=system_u:system_r:init_t:s0 key=(null) Sep 21 02:45:50 localhost audit: type=AVC msg=audit(1505961383.867:30): avc: denied { getattr } for pid=626 comm="mcelog.setup" path="/etc/mcelog/mcelog.setup" dev="dm-0" ino=718731 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:mcelog_etc_t:s0 tclass=file Sep 21 02:45:50 localhost audit: type=SYSCALL msg=audit(1505961383.867:30): arch=c000003e syscall=5 success=yes exit=0 a0=ff a1=7ffec57f2890 a2=7ffec57f2890 a3=7ffec57f25a0 items=0 ppid=1 pid=626 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mcelog.setup" exe="/usr/bin/bash" subj=system_u:system_r:init_t:s0 key=(null) Signed-off-by: Dave Sugar <dsugar@tresys.com>
2017-09-21 05:02:15 +00:00
/etc/mcelog/mcelog.setup -- gen_context(system_u:object_r:bin_t,s0)
/etc/mcelog/triggers(/.*)? gen_context(system_u:object_r:bin_t,s0)
2012-08-08 12:44:07 +00:00
')
2010-03-05 15:51:39 +00:00
/etc/mgetty\+sendfax/new_fax -- gen_context(system_u:object_r:bin_t,s0)
2009-03-05 14:43:03 +00:00
2007-03-23 23:24:59 +00:00
/etc/netplug\.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
2005-05-10 19:51:00 +00:00
/etc/PackageKit/events(/.*)? gen_context(system_u:object_r:bin_t,s0)
/etc/pki/tls/certs/make-dummy-cert -- gen_context(system_u:object_r:bin_t,s0)
/etc/pki/tls/misc(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
/etc/pm/power\.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
/etc/pm/sleep\.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
2005-11-03 18:08:36 +00:00
/etc/ppp/ip-down\..* -- gen_context(system_u:object_r:bin_t,s0)
/etc/ppp/ip-up\..* -- gen_context(system_u:object_r:bin_t,s0)
/etc/ppp/ipv6-up\..* -- gen_context(system_u:object_r:bin_t,s0)
/etc/ppp/ipv6-down\..* -- gen_context(system_u:object_r:bin_t,s0)
2005-10-14 20:00:07 +00:00
/etc/profile.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
2009-06-11 15:00:48 +00:00
/etc/racoon/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
/etc/rc\.d/init\.d/functions -- gen_context(system_u:object_r:bin_t,s0)
2009-06-26 14:40:13 +00:00
/etc/security/namespace.init -- gen_context(system_u:object_r:bin_t,s0)
/etc/sysconfig/crond -- gen_context(system_u:object_r:bin_t,s0)
/etc/sysconfig/init -- gen_context(system_u:object_r:bin_t,s0)
/etc/sysconfig/netconsole -- gen_context(system_u:object_r:bin_t,s0)
/etc/sysconfig/readonly-root -- gen_context(system_u:object_r:bin_t,s0)
2009-03-05 14:43:03 +00:00
/etc/sysconfig/network-scripts/ifup.* gen_context(system_u:object_r:bin_t,s0)
/etc/sysconfig/network-scripts/ifdown.* gen_context(system_u:object_r:bin_t,s0)
2012-05-10 14:33:54 +00:00
/etc/sysconfig/network-scripts/net.* gen_context(system_u:object_r:bin_t,s0)
/etc/sysconfig/network-scripts/init.* gen_context(system_u:object_r:bin_t,s0)
2005-11-10 16:53:50 +00:00
/etc/vmware-tools(/.*)? gen_context(system_u:object_r:bin_t,s0)
2005-11-11 14:12:23 +00:00
/etc/X11/xdm/GiveConsole -- gen_context(system_u:object_r:bin_t,s0)
/etc/X11/xdm/TakeConsole -- gen_context(system_u:object_r:bin_t,s0)
/etc/X11/xdm/Xsetup_0 -- gen_context(system_u:object_r:bin_t,s0)
/etc/X11/xinit(/.*)? gen_context(system_u:object_r:bin_t,s0)
/etc/xen/qemu-ifup -- gen_context(system_u:object_r:bin_t,s0)
/etc/xen/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
2005-08-03 17:56:26 +00:00
ifdef(`distro_debian',`
2005-11-03 18:08:36 +00:00
/etc/mysql/debian-start -- gen_context(system_u:object_r:bin_t,s0)
2005-08-03 17:56:26 +00:00
')
2005-05-10 19:51:00 +00:00
#
# /opt
#
/opt/(.*/)?bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
2005-05-10 19:51:00 +00:00
/opt/(.*/)?libexec(/.*)? gen_context(system_u:object_r:bin_t,s0)
2005-05-10 19:51:00 +00:00
2007-03-23 23:24:59 +00:00
/opt/(.*/)?sbin(/.*)? gen_context(system_u:object_r:bin_t,s0)
2005-05-10 19:51:00 +00:00
/opt/google/talkplugin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/opt/gutenprint/cups/lib/filter(/.*)? gen_context(system_u:object_r:bin_t,s0)
/opt/OpenPrinting-Gutenprint/cups/lib/filter(/.*)? gen_context(system_u:object_r:bin_t,s0)
2006-04-26 20:30:08 +00:00
ifdef(`distro_gentoo',`
2006-08-18 18:20:22 +00:00
/opt/RealPlayer/realplay(\.bin)? gen_context(system_u:object_r:bin_t,s0)
/opt/RealPlayer/postint(/.*)? gen_context(system_u:object_r:bin_t,s0)
/opt/vmware/workstation/lib/lib/wrapper-gtk24\.sh -- gen_context(system_u:object_r:bin_t,s0)
2006-04-26 20:30:08 +00:00
')
2005-05-10 19:51:00 +00:00
#
# /usr
#
/usr/(.*/)?Bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/(.*/)?bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/bin/d?ash -- gen_context(system_u:object_r:shell_exec_t,s0)
/usr/bin/bash -- gen_context(system_u:object_r:shell_exec_t,s0)
/usr/bin/bash2 -- gen_context(system_u:object_r:shell_exec_t,s0)
2009-06-11 15:00:48 +00:00
/usr/bin/fish -- gen_context(system_u:object_r:shell_exec_t,s0)
/usr/bin/git-shell -- gen_context(system_u:object_r:shell_exec_t,s0)
/usr/bin/insmod_ksymoops_clean -- gen_context(system_u:object_r:bin_t,s0)
/usr/bin/ksh.* -- gen_context(system_u:object_r:shell_exec_t,s0)
/usr/bin/mkfs\.cramfs -- gen_context(system_u:object_r:bin_t,s0)
/usr/bin/mksh -- gen_context(system_u:object_r:shell_exec_t,s0)
/usr/bin/mountpoint -- gen_context(system_u:object_r:bin_t,s0)
/usr/bin/nologin -- gen_context(system_u:object_r:shell_exec_t,s0)
/usr/bin/sash -- gen_context(system_u:object_r:shell_exec_t,s0)
/usr/bin/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
2008-06-18 13:15:25 +00:00
/usr/bin/scponly -- gen_context(system_u:object_r:shell_exec_t,s0)
/usr/bin/scponlyc -- gen_context(system_u:object_r:shell_exec_t,s0)
/usr/bin/smrsh -- gen_context(system_u:object_r:shell_exec_t,s0)
/usr/bin/tcsh -- gen_context(system_u:object_r:shell_exec_t,s0)
/usr/bin/yash -- gen_context(system_u:object_r:shell_exec_t,s0)
/usr/bin/zsh.* -- gen_context(system_u:object_r:shell_exec_t,s0)
2008-06-18 13:15:25 +00:00
/usr/lib/(.*/)?bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
2017-04-06 20:59:47 +00:00
/usr/lib/postfix/configure-instance\.sh -- gen_context(system_u:object_r:bin_t,s0)
2005-05-10 19:51:00 +00:00
2007-03-23 23:24:59 +00:00
/usr/(.*/)?sbin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/(.*/)?sbin(/.*)? gen_context(system_u:object_r:bin_t,s0)
2005-05-10 19:51:00 +00:00
/usr/lib/at-spi2-core(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/avahi/avahi-daemon-check-dns\.sh -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/bridge-utils/.*\.sh -- gen_context(system_u:object_r:bin_t,s0)
2005-11-09 18:29:03 +00:00
/usr/lib/ccache/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/dhcpcd/dhcpcd-hooks(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/dhcpcd/dhcpcd-run-hooks -- gen_context(system_u:object_r:bin_t,s0)
2017-04-06 20:59:47 +00:00
/usr/lib/dovecot/.+ gen_context(system_u:object_r:bin_t,s0)
2010-03-05 15:51:39 +00:00
/usr/lib/fence(/.*)? gen_context(system_u:object_r:bin_t,s0)
2005-11-03 18:08:36 +00:00
/usr/lib/pgsql/test/regress/.*\.sh -- gen_context(system_u:object_r:bin_t,s0)
2005-11-09 18:29:03 +00:00
/usr/lib/qt.*/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/wicd/monitor\.py -- gen_context(system_u:object_r:bin_t, s0)
2012-05-10 14:33:54 +00:00
/usr/lib/apt/methods.+ -- gen_context(system_u:object_r:bin_t,s0)
2017-05-07 17:44:58 +00:00
/usr/lib/ConsoleKit/.* -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/ConsoleKit/run-seat.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/ConsoleKit/run-session.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/ConsoleKit/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
2012-05-10 14:33:54 +00:00
/usr/lib/courier(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/cups(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/cyrus/.* -- gen_context(system_u:object_r:bin_t,s0)
2012-05-10 14:33:54 +00:00
/usr/lib/cyrus-imapd/.* -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/dconf/dconf-service -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/dpkg/.+ -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/emacsen-common/.* gen_context(system_u:object_r:bin_t,s0)
/usr/lib/evince/evinced -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/getconf(/.*)? gen_context(system_u:object_r:bin_t,s0)
2012-05-10 14:33:54 +00:00
/usr/lib/gimp/.*/plug-ins(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/git-core/git-shell -- gen_context(system_u:object_r:shell_exec_t,s0)
/usr/lib/git-core(/.*) -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/gnome-settings-daemon/.* -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/gvfs/gvfs.* -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/ipsec/.* -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/kde4/libexec/.* -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/mailman/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
2012-05-10 14:33:54 +00:00
/usr/lib/mailman/mail(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/mediawiki/math/texvc.* gen_context(system_u:object_r:bin_t,s0)
/usr/lib/misc/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/mon/alert.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
2012-05-10 14:33:54 +00:00
/usr/lib/nagios/plugins(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/netsaint/plugins(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/NetworkManager/nm-.* -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/networkmanager/nm-.* -- gen_context(system_u:object_r:bin_t,s0)
2012-05-10 14:33:54 +00:00
/usr/lib/news/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/nspluginwrapper/np.* gen_context(system_u:object_r:bin_t,s0)
/usr/lib/nut/.* -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/portage/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
2012-05-10 14:33:54 +00:00
/usr/lib/pm-utils(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/readahead(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/rpm/rpmd -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/rpm/rpmk -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/rpm/rpmq -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/rpm/rpmv -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:bin_t,s0)
2017-04-06 20:59:47 +00:00
/usr/lib/selinux/hll/pp -- gen_context(system_u:object_r:bin_t,s0)
2012-05-10 14:33:54 +00:00
/usr/lib/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/ssh(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/sudo/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
/usr/lib/systemd/systemd.* -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/systemd/system-generators(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/systemd/user-generators(/.*)? gen_context(system_u:object_r:bin_t,s0)
2014-06-30 19:28:51 +00:00
/usr/lib/tumbler-1/tumblerd -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/udev/[^/]* -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/udev/scsi_id -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/upstart(/.*)? gen_context(system_u:object_r:bin_t,s0)
2012-05-10 14:33:54 +00:00
/usr/lib/vte/gnome-pty-helper -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/xfce4/exo-1/exo-compose-mail-1 -- gen_context(system_u:object_r:bin_t,s0)
2012-05-10 14:33:54 +00:00
/usr/lib/xfce4/exo-1/exo-helper-1 -- gen_context(system_u:object_r:bin_t,s0)
2014-11-22 21:16:37 +00:00
/usr/lib/xfce4/notifyd/xfce4-notifyd -- gen_context(system_u:object_r:bin_t,s0)
2012-05-10 14:33:54 +00:00
/usr/lib/xfce4/panel/migrate -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/xfce4/panel/wrapper -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/xfce4/session/balou-export-theme -- gen_context(system_u:object_r:bin_t,s0)
2012-05-10 14:33:54 +00:00
/usr/lib/xfce4/session/balou-install-theme -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/xfce4/session/xfsm-shutdown-helper -- gen_context(system_u:object_r:bin_t,s0)
2012-05-10 14:33:54 +00:00
/usr/lib/xfce4/xfconf/xfconfd -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/xfce4/xfwm4/helper-dialog -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/couchdb/erlang/lib/couch-[0-9.]+/priv/couchspawnkillable -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/debug/bin(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
2012-05-10 14:33:54 +00:00
/usr/lib/debug/sbin(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/debug/usr/bin(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/debug/usr/sbin(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/selinux/hll(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/[^/]*thunderbird[^/]*/thunderbird -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/[^/]*thunderbird[^/]*/thunderbird-bin -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/[^/]*thunderbird[^/]*/open-browser\.sh -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/[^/]*/run-mozilla\.sh -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/[^/]*/mozilla-xremote-client -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/thunderbird.*/mozilla-xremote-client -- gen_context(system_u:object_r:bin_t,s0)
2005-11-03 18:08:36 +00:00
/usr/libexec(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/libexec/git-core/git-shell -- gen_context(system_u:object_r:shell_exec_t,s0)
/usr/libexec/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
2008-06-18 13:15:25 +00:00
2005-11-03 18:08:36 +00:00
/usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
2005-05-10 19:51:00 +00:00
2017-02-07 23:51:58 +00:00
/usr/local/(.*/)?bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/local/sbin(/.*)? gen_context(system_u:object_r:bin_t,s0)
2008-12-02 22:40:49 +00:00
/usr/local/Brother(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/local/Printer(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/local/linuxprinter/filters(/.*)? gen_context(system_u:object_r:bin_t,s0)
2005-07-14 18:15:47 +00:00
/usr/sbin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/sbin/insmod_ksymoops_clean -- gen_context(system_u:object_r:bin_t,s0)
/usr/sbin/mkfs\.cramfs -- gen_context(system_u:object_r:bin_t,s0)
/usr/sbin/nologin -- gen_context(system_u:object_r:shell_exec_t,s0)
2008-06-18 13:15:25 +00:00
/usr/sbin/scponlyc -- gen_context(system_u:object_r:shell_exec_t,s0)
2005-11-03 18:08:36 +00:00
/usr/sbin/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
2008-06-18 13:15:25 +00:00
/usr/sbin/smrsh -- gen_context(system_u:object_r:shell_exec_t,s0)
2005-05-10 19:51:00 +00:00
2017-04-06 20:59:47 +00:00
/usr/share/mdadm/checkarray -- gen_context(system_u:object_r:bin_t,s0)
2017-02-07 23:51:58 +00:00
/usr/share/(.*/)?bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/ajaxterm/ajaxterm.py.* -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/ajaxterm/qweb.py.* -- gen_context(system_u:object_r:bin_t,s0)
2006-06-09 13:47:58 +00:00
/usr/share/apr-0/build/[^/]+\.sh -- gen_context(system_u:object_r:bin_t,s0)
2006-06-09 13:49:22 +00:00
/usr/share/apr-0/build/libtool -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/build-1/[^/]+\.sh -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/build-1/libtool -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/dayplanner/dayplanner -- gen_context(system_u:object_r:bin_t,s0)
2006-03-08 18:43:05 +00:00
/usr/share/debconf/.+ -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/denyhosts/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/denyhosts/plugins(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/dput/execute-dput -- gen_context(system_u:object_r:bin_t,s0)
2009-11-23 18:47:36 +00:00
/usr/share/cluster/.*\.sh gen_context(system_u:object_r:bin_t,s0)
/usr/share/cluster/ocf-shellfuncs -- gen_context(system_u:object_r:bin_t,s0)
2009-11-23 18:47:36 +00:00
/usr/share/cluster/svclib_nfslock -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/cvs/contrib/rcs2log -- gen_context(system_u:object_r:bin_t,s0)
2010-03-05 15:51:39 +00:00
/usr/share/e16/misc(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/gedit/plugins/externaltools/tools(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/gedit-2/plugins/externaltools/tools(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/gitolite/hooks/common/update -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/gitolite/hooks/gitolite-admin/post-update -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/gnome-sound-recorder/org\.gnome\.SoundRecorder -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/gnucash/finance-quote-check -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/gnucash/finance-quote-helper -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0)
2006-01-11 15:28:14 +00:00
/usr/share/hal/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/libalpm/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
2005-11-03 18:08:36 +00:00
/usr/share/mc/extfs/.* -- gen_context(system_u:object_r:bin_t,s0)
2009-03-05 14:43:03 +00:00
/usr/share/Modules/init(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/org.gnome.Weather/org\.gnome\.Weather\.Application -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/org.gnome.Weather/org\.gnome\.Weather\.BackgroundService -- gen_context(system_u:object_r:bin_t,s0)
2005-11-03 18:08:36 +00:00
/usr/share/printconf/util/print\.py -- gen_context(system_u:object_r:bin_t,s0)
2009-06-11 15:00:48 +00:00
/usr/share/PackageKit/pk-upgrade-distro\.sh -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/PackageKit/helpers(/.*)? gen_context(system_u:object_r:bin_t,s0)
2017-04-06 20:59:47 +00:00
/usr/share/reportbug/handle_bugscript -- gen_context(system_u:object_r:bin_t,s0)
2009-11-23 18:47:36 +00:00
/usr/share/sandbox/sandboxX.sh -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/sectool/.*\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/selinux/devel/policygentool -- gen_context(system_u:object_r:bin_t,s0)
2009-11-23 18:47:36 +00:00
/usr/share/smolt/client(/.*)? gen_context(system_u:object_r:bin_t,s0)
2010-03-05 15:51:39 +00:00
/usr/share/shorewall/compiler\.pl -- gen_context(system_u:object_r:bin_t,s0)
2009-06-26 14:40:13 +00:00
/usr/share/shorewall/configpath -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/shorewall-perl(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/shorewall-shell(/.*)? gen_context(system_u:object_r:bin_t,s0)
2009-06-11 15:00:48 +00:00
/usr/share/shorewall-lite(/.*)? gen_context(system_u:object_r:bin_t,s0)
2009-06-26 14:40:13 +00:00
/usr/share/shorewall6-lite(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/spamassassin/sa-update\.cron gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-printer/applet\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/texlive/texmf-dist/scripts/checkcites/checkcites\.lua -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/texlive/texmf-dist/scripts/checklistings/checklistings\.sh -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/texlive/texmf-dist/scripts/fontools/autoinst -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/texlive/texmf-dist/scripts/match_parens/match_parens -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/texlive/texmf-dist/scripts/yplan/yplan -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/texmf-dist/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
2005-11-03 18:08:36 +00:00
/usr/share/turboprint/lib(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
2010-03-05 15:51:39 +00:00
/usr/share/vhostmd/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
2005-05-10 19:51:00 +00:00
2006-01-19 21:04:33 +00:00
/usr/X11R6/lib(64)?/X11/xkb/xkbcomp -- gen_context(system_u:object_r:bin_t,s0)
2005-11-09 18:29:03 +00:00
ifdef(`distro_debian',`
2012-09-10 16:11:13 +00:00
/usr/lib/gdm3/.* -- gen_context(system_u:object_r:bin_t,s0)
2012-09-10 16:11:14 +00:00
/usr/lib/udisks/.* -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/bug/.* -- gen_context(system_u:object_r:bin_t,s0)
')
2005-11-03 18:08:36 +00:00
ifdef(`distro_gentoo', `
/usr/.*-.*-linux-gnu/gcc-bin/.*(/.*)? gen_context(system_u:object_r:bin_t,s0)
2006-04-05 15:32:38 +00:00
/usr/.*-.*-linux-gnu/binutils-bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/rcscripts/addons(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/rcscripts/sh(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/rcscripts/net\.modules\.d/helpers\.d/dhclient-.* -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/rcscripts/net\.modules\.d/helpers\.d/udhcpc-.* -- gen_context(system_u:object_r:bin_t,s0)
2005-11-03 18:08:36 +00:00
')
ifdef(`distro_redhat', `
2007-10-29 18:35:32 +00:00
/etc/gdm/XKeepsCrashing[^/]* -- gen_context(system_u:object_r:bin_t,s0)
/etc/gdm/[^/]+ -d gen_context(system_u:object_r:bin_t,s0)
/etc/gdm/[^/]+/.* gen_context(system_u:object_r:bin_t,s0)
2005-11-03 18:08:36 +00:00
/usr/lib/.*/program(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
2009-06-26 14:40:13 +00:00
/usr/lib/vmware-tools/(s)?bin32(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/vmware-tools/(s)?bin64(/.*)? gen_context(system_u:object_r:bin_t,s0)
2005-11-03 18:08:36 +00:00
/usr/share/authconfig/authconfig-gtk\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/authconfig/authconfig-tui\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/authconfig/authconfig\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/clamav/clamd-gen -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/clamav/freshclam-sleep -- gen_context(system_u:object_r:bin_t,s0)
2009-03-05 14:43:03 +00:00
/usr/share/createrepo(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/fedora-usermgmt/wrapper -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/hplip/[^/]* -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/hwbrowser/hwbrowser -- gen_context(system_u:object_r:bin_t,s0)
2005-11-03 18:08:36 +00:00
/usr/share/pwlib/make/ptlib-config -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/pydict/pydict\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/rhn/rhn_applet/applet\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/rhn/rhn_applet/needed-packages\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/ssl/misc(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/switchdesk/switchdesk-gui\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-date/system-config-date\.py -- gen_context(system_u:object_r:bin_t,s0)
2009-11-23 18:47:36 +00:00
/usr/share/system-config-selinux/polgen\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-selinux/system-config-selinux\.py -- gen_context(system_u:object_r:bin_t,s0)
2005-11-03 18:08:36 +00:00
/usr/share/system-config-display/system-config-display -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-httpd/system-config-httpd -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-keyboard/system-config-keyboard -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-language/system-config-language -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-lvm/system-config-lvm\.py -- gen_context(system_u:object_r:bin_t,s0)
2005-11-03 18:08:36 +00:00
/usr/share/system-config-mouse/system-config-mouse -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-netboot/system-config-netboot\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-netboot/pxeos\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-netboot/pxeboot\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-network(/netconfig)?/[^/]+\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-network/neat-control\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-nfs/nfs-export\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-nfs/system-config-nfs\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-rootpassword/system-config-rootpassword -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-samba/system-config-samba\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-securitylevel/system-config-securitylevel\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-services/gui\.py -- gen_context(system_u:object_r:bin_t,s0)
2005-11-03 18:08:36 +00:00
/usr/share/system-config-services/serviceconf\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-services/system-config-services -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-soundcard/system-config-soundcard -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-config-users/system-config-users -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/system-logviewer/system-logviewer\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/texmf/web2c/mktexdir -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/texmf/web2c/mktexnam -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/texmf/web2c/mktexupd -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/texmf/texconfig/tcfmgr -- gen_context(system_u:object_r:bin_t,s0)
2005-11-03 18:08:36 +00:00
')
ifdef(`distro_suse', `
/usr/lib/cron/run-crons -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/samba/classic/.* -- gen_context(system_u:object_r:bin_t,s0)
2012-05-10 14:33:54 +00:00
/usr/lib/ssh/.* -- gen_context(system_u:object_r:bin_t,s0)
2005-11-03 18:08:36 +00:00
/usr/share/apache2/[^/]* -- gen_context(system_u:object_r:bin_t,s0)
2005-09-29 20:59:00 +00:00
')
2005-05-10 19:51:00 +00:00
#
# /var
#
2005-11-03 18:08:36 +00:00
/var/mailman/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
2005-05-10 19:51:00 +00:00
2005-11-03 18:08:36 +00:00
/var/ftp/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
2005-10-14 17:55:40 +00:00
/var/lib/asterisk/agi-bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/chkrootkit/.* -- gen_context(system_u:object_r:bin_t,s0)
2005-11-03 18:08:36 +00:00
/usr/lib/yp/.+ -- gen_context(system_u:object_r:bin_t,s0)
2009-06-26 14:40:13 +00:00
/var/qmail/bin -d gen_context(system_u:object_r:bin_t,s0)
/var/qmail/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/var/qmail/rc -- gen_context(system_u:object_r:bin_t,s0)
2006-04-05 15:32:38 +00:00
2005-11-03 18:08:36 +00:00
ifdef(`distro_suse',`
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
')