diff options
Diffstat (limited to 'policy/modules/system/selinuxutil.fc')
| -rw-r--r-- | policy/modules/system/selinuxutil.fc | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/policy/modules/system/selinuxutil.fc b/policy/modules/system/selinuxutil.fc new file mode 100644 index 00000000..83848fcd --- /dev/null +++ b/policy/modules/system/selinuxutil.fc @@ -0,0 +1,53 @@ +# SELinux userland utilities + +# +# /etc +# +/etc/selinux(/.*)? gen_context(system_u:object_r:selinux_config_t,s0) +/etc/selinux/([^/]*/)?contexts(/.*)? gen_context(system_u:object_r:default_context_t,s0) +/etc/selinux/([^/]*/)?contexts/files(/.*)? gen_context(system_u:object_r:file_context_t,s0) +/etc/selinux/([^/]*/)?policy(/.*)? gen_context(system_u:object_r:policy_config_t,mls_systemhigh) +/etc/selinux/([^/]*/)?setrans\.conf -- gen_context(system_u:object_r:selinux_config_t,mls_systemhigh) +/etc/selinux/([^/]*/)?seusers -- gen_context(system_u:object_r:selinux_config_t,mls_systemhigh) +/etc/selinux/([^/]*/)?modules/(active|tmp|previous)(/.*)? gen_context(system_u:object_r:semanage_store_t,s0) +/etc/selinux/([^/]*/)?modules/semanage\.read\.LOCK -- gen_context(system_u:object_r:semanage_read_lock_t,s0) +/etc/selinux/([^/]*/)?modules/semanage\.trans\.LOCK -- gen_context(system_u:object_r:semanage_trans_lock_t,s0) +/etc/selinux/([^/]*/)?users(/.*)? -- gen_context(system_u:object_r:selinux_config_t,mls_systemhigh) + +# +# /root +# +/root/\.default_contexts -- gen_context(system_u:object_r:default_context_t,s0) + +# +# /sbin +# +/sbin/load_policy -- gen_context(system_u:object_r:load_policy_exec_t,s0) +/sbin/restorecon -- gen_context(system_u:object_r:setfiles_exec_t,s0) +/sbin/setfiles.* -- gen_context(system_u:object_r:setfiles_exec_t,s0) + +# +# /usr +# +/usr/bin/checkpolicy -- gen_context(system_u:object_r:checkpolicy_exec_t,s0) +/usr/bin/newrole -- gen_context(system_u:object_r:newrole_exec_t,s0) + +/usr/lib(64)?/selinux(/.*)? gen_context(system_u:object_r:policy_src_t,s0) + +/usr/sbin/load_policy -- gen_context(system_u:object_r:load_policy_exec_t,s0) +/usr/sbin/restorecond -- gen_context(system_u:object_r:restorecond_exec_t,s0) +/usr/sbin/run_init -- gen_context(system_u:object_r:run_init_exec_t,s0) +/usr/sbin/setfiles.* -- gen_context(system_u:object_r:setfiles_exec_t,s0) +/usr/sbin/setsebool -- gen_context(system_u:object_r:semanage_exec_t,s0) +/usr/sbin/semanage -- gen_context(system_u:object_r:semanage_exec_t,s0) +/usr/sbin/semodule -- gen_context(system_u:object_r:semanage_exec_t,s0) + +# +# /var/lib +# +/var/lib/selinux(/.*)? gen_context(system_u:object_r:semanage_var_lib_t,s0) + +# +# /var/run +# +/var/run/restorecond\.pid -- gen_context(system_u:object_r:restorecond_var_run_t,s0) |