[people/stevee/selinux-policy.git] / refpolicy / policy / modules / system / files.te


policy_module(files,1.0)

attribute file_type;
attribute lockfile;
attribute mountpoint;
attribute pidfile;
attribute tmpfile;
attribute tmpfsfile;

# default_t is the default type for files that do not
# match any specification in the file_contexts configuration
# other than the generic /.* specification.
type default_t, file_type, mountpoint;
fs_associate(default_t)
fs_noxattr_associate(default_t)

#
# etc_t is the type of the system etc directories.
#
type etc_t, file_type;
fs_associate(etc_t)
fs_noxattr_associate(etc_t)

#
# etc_runtime_t is the type of various
# files in /etc that are automatically
# generated during initialization.
#
type etc_runtime_t, file_type;
fs_associate(etc_runtime_t)
fs_noxattr_associate(etc_runtime_t)

#
# file_t is the default type of a file that has not yet been
# assigned an extended attribute (EA) value (when using a filesystem
# that supports EAs).
#
type file_t, file_type, mountpoint;
fs_associate(file_t)
fs_noxattr_associate(file_t)
kernel_make_root_fs_mountpoint(file_t)
sid file context_template(system_u:object_r:file_t,s0)

#
# home_root_t is the type for the directory where user home directories
# are created
#
type home_root_t, file_type, mountpoint;
fs_associate(home_root_t)
fs_noxattr_associate(home_root_t)

#
# lost_found_t is the type for the lost+found directories.
#
type lost_found_t, file_type;
fs_associate(lost_found_t)
fs_noxattr_associate(lost_found_t)

#
# mnt_t is the type for mount points such as /mnt/cdrom
#
type mnt_t, file_type, mountpoint;
fs_associate(mnt_t)
fs_noxattr_associate(mnt_t)

type no_access_t, file_type;
fs_associate(no_access_t)
fs_noxattr_associate(no_access_t)

type poly_t, file_type;
fs_associate(poly_t)
fs_noxattr_associate(poly_t)

type readable_t, file_type;
fs_associate(readable_t)
fs_noxattr_associate(readable_t)

#
# root_t is the type for rootfs and the root directory.
#
type root_t, file_type, mountpoint;
fs_associate(root_t)
fs_noxattr_associate(root_t)
kernel_make_root_fs_mountpoint(root_t)
genfscon rootfs / context_template(system_u:object_r:root_t,s0)

#
# src_t is the type of files in the system src directories.
#
type src_t, file_type;
fs_associate(src_t)
fs_noxattr_associate(src_t)

#
# tmp_t is the type of the temporary directories
#
type tmp_t, file_type, tmpfile, mountpoint;
fs_associate(tmp_t)
fs_noxattr_associate(tmp_t)

#
# usr_t is the type for /usr.
#
type usr_t, file_type, mountpoint;
fs_associate(usr_t)
fs_noxattr_associate(usr_t)

#
# var_t is the type of /var
#
type var_t, file_type, mountpoint;
fs_associate(var_t)
fs_noxattr_associate(var_t)

#
# var_lib_t is the type of /var/lib
#
type var_lib_t, file_type;
fs_associate(var_lib_t)
fs_noxattr_associate(var_lib_t)

#
# var_lock_t is tye type of /var/lock
#
type var_lock_t, file_type, lockfile;
fs_associate(var_lock_t)
fs_noxattr_associate(var_lock_t)

#
# var_run_t is the type of /var/run, usually
# used for pid and other runtime files.
#
type var_run_t, file_type, pidfile;
fs_associate(var_run_t)
fs_noxattr_associate(var_run_t)

#
# var_spool_t is the type of /var/spool
#
type var_spool_t, file_type;
fs_associate(var_spool_t)
fs_noxattr_associate(var_spool_t)
Commit	Line	Data
e181fe05	1
960373dd CP	2	policy_module(files,1.0)
960373dd CP	3
b4cd1533 CP	4	attribute file_type;
b4cd1533 CP	5	attribute lockfile;
46410fd2	6	attribute mountpoint;
b4cd1533 CP	7	attribute pidfile;
b4cd1533 CP	8	attribute tmpfile;
46410fd2	9	attribute tmpfsfile;
b4cd1533 CP	10
	11	# default_t is the default type for files that do not
	12	# match any specification in the file_contexts configuration
	13	# other than the generic /.* specification.
a2d8246b	14	type default_t, file_type, mountpoint;
763c441e CP	15	fs_associate(default_t)
763c441e CP	16	fs_noxattr_associate(default_t)
b4cd1533 CP	17
	18	#
	19	# etc_t is the type of the system etc directories.
	20	#
	21	type etc_t, file_type;
763c441e CP	22	fs_associate(etc_t)
763c441e CP	23	fs_noxattr_associate(etc_t)
b4cd1533 CP	24
	25	#
	26	# etc_runtime_t is the type of various
	27	# files in /etc that are automatically
	28	# generated during initialization.
	29	#
	30	type etc_runtime_t, file_type;
763c441e CP	31	fs_associate(etc_runtime_t)
763c441e CP	32	fs_noxattr_associate(etc_runtime_t)
b4cd1533 CP	33
	34	#
	35	# file_t is the default type of a file that has not yet been
	36	# assigned an extended attribute (EA) value (when using a filesystem
	37	# that supports EAs).
	38	#
a2d8246b	39	type file_t, file_type, mountpoint;
763c441e CP	40	fs_associate(file_t)
	41	fs_noxattr_associate(file_t)
	42	kernel_make_root_fs_mountpoint(file_t)
cabfa520	43	sid file context_template(system_u:object_r:file_t,s0)
b4cd1533	44
b4cd1533 CP	45	#
	46	# home_root_t is the type for the directory where user home directories
	47	# are created
	48	#
a2d8246b	49	type home_root_t, file_type, mountpoint;
763c441e CP	50	fs_associate(home_root_t)
763c441e CP	51	fs_noxattr_associate(home_root_t)
b4cd1533 CP	52
	53	#
	54	# lost_found_t is the type for the lost+found directories.
	55	#
	56	type lost_found_t, file_type;
763c441e CP	57	fs_associate(lost_found_t)
763c441e CP	58	fs_noxattr_associate(lost_found_t)
b4cd1533 CP	59
	60	#
	61	# mnt_t is the type for mount points such as /mnt/cdrom
	62	#
a2d8246b	63	type mnt_t, file_type, mountpoint;
763c441e CP	64	fs_associate(mnt_t)
763c441e CP	65	fs_noxattr_associate(mnt_t)
b4cd1533	66
219bcf7a	67	type no_access_t, file_type;
763c441e CP	68	fs_associate(no_access_t)
763c441e CP	69	fs_noxattr_associate(no_access_t)
219bcf7a CP	70
219bcf7a CP	71	type poly_t, file_type;
763c441e CP	72	fs_associate(poly_t)
763c441e CP	73	fs_noxattr_associate(poly_t)
219bcf7a CP	74
219bcf7a CP	75	type readable_t, file_type;
763c441e CP	76	fs_associate(readable_t)
763c441e CP	77	fs_noxattr_associate(readable_t)
219bcf7a	78
a2d8246b CP	79	#
	80	# root_t is the type for rootfs and the root directory.
	81	#
	82	type root_t, file_type, mountpoint;
763c441e CP	83	fs_associate(root_t)
763c441e CP	84	fs_noxattr_associate(root_t)
763c441e	85	kernel_make_root_fs_mountpoint(root_t)
e32c0d3b	86	genfscon rootfs / context_template(system_u:object_r:root_t,s0)
a2d8246b	87
b4cd1533 CP	88	#
	89	# src_t is the type of files in the system src directories.
	90	#
	91	type src_t, file_type;
763c441e CP	92	fs_associate(src_t)
763c441e CP	93	fs_noxattr_associate(src_t)
b4cd1533 CP	94
	95	#
	96	# tmp_t is the type of the temporary directories
	97	#
a2d8246b	98	type tmp_t, file_type, tmpfile, mountpoint;
763c441e CP	99	fs_associate(tmp_t)
763c441e CP	100	fs_noxattr_associate(tmp_t)
b4cd1533 CP	101
	102	#
	103	# usr_t is the type for /usr.
	104	#
a2d8246b	105	type usr_t, file_type, mountpoint;
763c441e CP	106	fs_associate(usr_t)
763c441e CP	107	fs_noxattr_associate(usr_t)
b4cd1533 CP	108
	109	#
	110	# var_t is the type of /var
	111	#
a2d8246b	112	type var_t, file_type, mountpoint;
763c441e CP	113	fs_associate(var_t)
763c441e CP	114	fs_noxattr_associate(var_t)
b4cd1533 CP	115
	116	#
	117	# var_lib_t is the type of /var/lib
	118	#
	119	type var_lib_t, file_type;
763c441e CP	120	fs_associate(var_lib_t)
763c441e CP	121	fs_noxattr_associate(var_lib_t)
b4cd1533 CP	122
	123	#
	124	# var_lock_t is tye type of /var/lock
	125	#
	126	type var_lock_t, file_type, lockfile;
763c441e CP	127	fs_associate(var_lock_t)
763c441e CP	128	fs_noxattr_associate(var_lock_t)
b4cd1533 CP	129
	130	#
	131	# var_run_t is the type of /var/run, usually
	132	# used for pid and other runtime files.
	133	#
	134	type var_run_t, file_type, pidfile;
763c441e CP	135	fs_associate(var_run_t)
763c441e CP	136	fs_noxattr_associate(var_run_t)
b4cd1533 CP	137
	138	#
	139	# var_spool_t is the type of /var/spool
	140	#
	141	type var_spool_t, file_type;
763c441e CP	142	fs_associate(var_spool_t)
763c441e CP	143	fs_noxattr_associate(var_spool_t)