selinux-refpolicy/refpolicy/policy/modules/system/lvm.fc

92 lines
4.4 KiB
Plaintext

# Copyright (C) 2005 Tresys Technology, LLC
# LVM creates lock files in /var before /var is mounted
# configure LVM to put lockfiles in /etc/lvm/lock instead
# for this policy to work (unless you have no separate /var)
#
# /etc
#
/etc/lvm(/.*)? context_template(system_u:object_r:lvm_etc_t,s0)
/etc/lvm/\.cache -- context_template(system_u:object_r:lvm_metadata_t,s0)
/etc/lvm/archive(/.*)? context_template(system_u:object_r:lvm_metadata_t,s0)
/etc/lvm/backup(/.*)? context_template(system_u:object_r:lvm_metadata_t,s0)
/etc/lvm/lock(/.*)? context_template(system_u:object_r:lvm_lock_t,s0)
/etc/lvmtab(/.*)? context_template(system_u:object_r:lvm_metadata_t,s0)
/etc/lvmtab\.d(/.*)? context_template(system_u:object_r:lvm_metadata_t,s0)
#
# /lib
#
/lib/lvm-10(/.*) -- context_template(system_u:object_r:lvm_exec_t,s0)
/lib/lvm-200(/.*) -- context_template(system_u:object_r:lvm_exec_t,s0)
#
# /sbin
#
/sbin/cryptsetup -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/dmsetup -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/dmsetup\.static -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/e2fsadm -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvchange -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvcreate -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvdisplay -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvextend -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvm -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvm\.static -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvmchange -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvmdiskscan -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvmiopversion -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvmsadc -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvmsar -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvreduce -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvremove -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvrename -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvresize -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvs -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/lvscan -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/pvchange -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/pvcreate -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/pvdata -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/pvdisplay -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/pvmove -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/pvremove -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/pvs -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/pvscan -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgcfgbackup -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgcfgrestore -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgchange -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgchange\.static -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgck -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgcreate -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgdisplay -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgexport -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgextend -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgimport -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgmerge -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgmknodes -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgreduce -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgremove -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgrename -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgs -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgscan -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgscan\.static -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgsplit -- context_template(system_u:object_r:lvm_exec_t,s0)
/sbin/vgwrapper -- context_template(system_u:object_r:lvm_exec_t,s0)
#
# /usr
#
/usr/sbin/lvm -- context_template(system_u:object_r:lvm_exec_t,s0)
#
# /var
#
/var/lock/lvm(/.*)? context_template(system_u:object_r:lvm_lock_t,s0)