158 lines
3.4 KiB
Plaintext
158 lines
3.4 KiB
Plaintext
|
# Copyright (C) 2005 Tresys Technology, LLC
|
||
|
|
||
|
#
|
||
|
# /
|
||
|
#
|
||
|
/.* system_u:object_r:default_t
|
||
|
/ -d system_u:object_r:root_t
|
||
|
/\.journal <<none>>
|
||
|
|
||
|
#
|
||
|
# /boot
|
||
|
#
|
||
|
/boot/\.journal <<none>>
|
||
|
|
||
|
/boot/lost\+found(/.*)? system_u:object_r:lost_found_t
|
||
|
|
||
|
#
|
||
|
# /etc
|
||
|
#
|
||
|
/etc(/.*)? system_u:object_r:etc_t
|
||
|
/etc/\.fstab\.hal\..+ -- system_u:object_r:etc_runtime_t
|
||
|
/etc/asound\.state -- system_u:object_r:etc_runtime_t
|
||
|
/etc/blkid\.tab.* -- system_u:object_r:etc_runtime_t
|
||
|
/etc/fstab\.REVOKE -- system_u:object_r:etc_runtime_t
|
||
|
/etc/HOSTNAME -- system_u:object_r:etc_runtime_t
|
||
|
/etc/ioctl\.save -- system_u:object_r:etc_runtime_t
|
||
|
/etc/issue -- system_u:object_r:etc_runtime_t
|
||
|
/etc/issue\.net -- system_u:object_r:etc_runtime_t
|
||
|
/etc/localtime -l system_u:object_r:etc_t
|
||
|
/etc/mtab -- system_u:object_r:etc_runtime_t
|
||
|
/etc/motd -- system_u:object_r:etc_runtime_t
|
||
|
/etc/nohotplug -- system_u:object_r:etc_runtime_t
|
||
|
/etc/nologin.* -- system_u:object_r:etc_runtime_t
|
||
|
|
||
|
/etc/init\.d/functions -- system_u:object_r:etc_t
|
||
|
|
||
|
/etc/ptal/ptal-printd-like -- system_u:object_r:etc_runtime_t
|
||
|
|
||
|
/etc/rc\.d/init\.d/functions -- system_u:object_r:etc_t
|
||
|
|
||
|
/etc/sysconfig/hwconf -- system_u:object_r:etc_runtime_t
|
||
|
/etc/sysconfig/iptables\.save -- system_u:object_r:etc_runtime_t
|
||
|
/etc/sysconfig/firstboot -- system_u:object_r:etc_runtime_t
|
||
|
|
||
|
ifdef(`distro_gentoo', `
|
||
|
/etc/profile\.env -- system_u:object_r:etc_runtime_t
|
||
|
/etc/csh\.env -- system_u:object_r:etc_runtime_t
|
||
|
/etc/env\.d/.* -- system_u:object_r:etc_runtime_t
|
||
|
')
|
||
|
|
||
|
#
|
||
|
# /initrd
|
||
|
#
|
||
|
# initrd mount point, only used during boot
|
||
|
/initrd -d system_u:object_r:root_t
|
||
|
|
||
|
#
|
||
|
# /lost+found
|
||
|
#
|
||
|
/lost\+found(/.*)? system_u:object_r:lost_found_t
|
||
|
|
||
|
#
|
||
|
# /media
|
||
|
#
|
||
|
# Mount points; do not relabel subdirectories, since
|
||
|
# we don't want to change any removable media by default.
|
||
|
/media(/[^/]*)? -d system_u:object_r:mnt_t
|
||
|
/media/[^/]*/.* <<none>>
|
||
|
|
||
|
#
|
||
|
# /mnt
|
||
|
#
|
||
|
/mnt(/[^/]*)? -d system_u:object_r:mnt_t
|
||
|
/mnt/[^/]*/.* <<none>>
|
||
|
|
||
|
#
|
||
|
# /opt
|
||
|
#
|
||
|
/opt(/.*)? system_u:object_r:usr_t
|
||
|
|
||
|
/opt/.*/var/lib(64)?(/.*)? system_u:object_r:var_lib_t
|
||
|
|
||
|
#
|
||
|
# /proc
|
||
|
#
|
||
|
/proc(/.*)? <<none>>
|
||
|
|
||
|
#
|
||
|
# /selinux
|
||
|
#
|
||
|
/selinux(/.*)? <<none>>
|
||
|
|
||
|
#
|
||
|
# /sys
|
||
|
#
|
||
|
/sys(/.*)? <<none>>
|
||
|
|
||
|
#
|
||
|
# /tmp
|
||
|
#
|
||
|
/tmp -d system_u:object_r:tmp_t
|
||
|
/tmp/.* <<none>>
|
||
|
/tmp/\.journal <<none>>
|
||
|
|
||
|
/tmp/lost\+found(/.*)? system_u:object_r:lost_found_t
|
||
|
|
||
|
#
|
||
|
# /usr
|
||
|
#
|
||
|
/usr(/.*)? system_u:object_r:usr_t
|
||
|
/usr/\.journal <<none>>
|
||
|
|
||
|
/usr/lost\+found(/.*)? system_u:object_r:lost_found_t
|
||
|
|
||
|
/usr/etc(/.*)? system_u:object_r:etc_t
|
||
|
|
||
|
/usr/inclu.e(/.*)? system_u:object_r:usr_t
|
||
|
|
||
|
/usr/local/\.journal <<none>>
|
||
|
/usr/local/lost\+found(/.*)? system_u:object_r:lost_found_t
|
||
|
|
||
|
/usr/share(/.*)?/lib(64)?(/.*)? system_u:object_r:usr_t
|
||
|
|
||
|
/usr/src(/.*)? system_u:object_r:src_t
|
||
|
|
||
|
/usr/tmp -d system_u:object_r:tmp_t
|
||
|
/usr/tmp/.* <<none>>
|
||
|
|
||
|
#
|
||
|
# /var
|
||
|
#
|
||
|
/var(/.*)? system_u:object_r:var_t
|
||
|
/var/\.journal <<none>>
|
||
|
|
||
|
/var/lost\+found(/.*)? system_u:object_r:lost_found_t
|
||
|
|
||
|
/var/db/.*\.db -- system_u:object_r:etc_t
|
||
|
|
||
|
/var/ftp/etc(/.*)? system_u:object_r:etc_t
|
||
|
|
||
|
/var/lib/nfs/rpc_pipefs(/.*)? <<none>>
|
||
|
|
||
|
/usr/local/etc(/.*)? system_u:object_r:etc_t
|
||
|
|
||
|
/usr/local/src(/.*)? system_u:object_r:src_t
|
||
|
|
||
|
/var/lock(/.*)? system_u:object_r:var_lock_t
|
||
|
|
||
|
/var/run(/.*)? system_u:object_r:var_run_t
|
||
|
/var/run/.*\.*pid <<none>>
|
||
|
|
||
|
/var/spool(/.*)? system_u:object_r:var_spool_t
|
||
|
|
||
|
/var/tmp -d system_u:object_r:tmp_t
|
||
|
/var/tmp/.* <<none>>
|
||
|
|
||
|
/var/tmp/vi\.recover -d system_u:object_r:tmp_t
|