rpms / selinux-policy

Clone
Source Code
GIT

Blame refpolicy/policy/modules/kernel/filesystem.te

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   f0c985ca80941d8ef70fcb84f5ee33443957c706
  2.   refpolicy
  3.   policy
  4.   modules
  5.   kernel
  6.   filesystem.te
Blob History Raw
Chris PeBenito e181fe
Chris PeBenito 960373 
policy_module(filesystem,1.0)
Chris PeBenito 960373
Chris PeBenito b4cd15 
attribute fs_type;
Chris PeBenito fe040c 
attribute noxattrfs;
Chris PeBenito b4cd15
Chris PeBenito b4cd15 
########################################
Chris PeBenito b4cd15 
#
Chris PeBenito b4cd15 
# fs_t is the default type for persistent
Chris PeBenito b4cd15 
# filesystems with extended attributes
Chris PeBenito b4cd15 
#
Chris PeBenito b4cd15 
type fs_t, fs_type;
Chris PeBenito cabfa5 
sid fs context_template(system_u:object_r:fs_t,s0)
Chris PeBenito cabfa5
Chris PeBenito cabfa5 
# Use xattrs for the following filesystem types.
Chris PeBenito cabfa5 
# Requires that a security xattr handler exist for the filesystem.
Chris PeBenito cabfa5 
fs_use_xattr ext2 context_template(system_u:object_r:fs_t,s0);
Chris PeBenito cabfa5 
fs_use_xattr ext3 context_template(system_u:object_r:fs_t,s0);
Chris PeBenito cabfa5 
fs_use_xattr jfs context_template(system_u:object_r:fs_t,s0);
Chris PeBenito cabfa5 
fs_use_xattr xfs context_template(system_u:object_r:fs_t,s0);
Chris PeBenito cabfa5
Chris PeBenito cabfa5 
# Use the allocating task SID to label inodes in the following filesystem
Chris PeBenito cabfa5 
# types, and label the filesystem itself with the specified context.
Chris PeBenito cabfa5 
# This is appropriate for pseudo filesystems that represent objects
Chris PeBenito cabfa5 
# like pipes and sockets, so that these objects are labeled with the same
Chris PeBenito cabfa5 
# type as the creating task.
Chris PeBenito cabfa5 
fs_use_task pipefs context_template(system_u:object_r:fs_t,s0);
Chris PeBenito cabfa5 
fs_use_task sockfs context_template(system_u:object_r:fs_t,s0);
Chris PeBenito b4cd15
Chris PeBenito b4cd15 
########################################
Chris PeBenito b4cd15 
#
Chris PeBenito b4cd15 
# Non-persistent/pseudo filesystems
Chris PeBenito b4cd15 
#
Chris PeBenito b4cd15 
type bdev_t, fs_type;
Chris PeBenito e32c0d 
genfscon bdev / context_template(system_u:object_r:bdev_t,s0)
Chris PeBenito b4cd15
Chris PeBenito b4cd15 
type binfmt_misc_fs_t, fs_type;
Chris PeBenito e32c0d 
genfscon binfmt_misc / context_template(system_u:object_r:binfmt_misc_fs_t,s0)
Chris PeBenito b4cd15
Chris PeBenito b4cd15 
type eventpollfs_t, fs_type;
Chris PeBenito e32c0d 
genfscon eventpollfs / context_template(system_u:object_r:eventpollfs_t,s0)
Chris PeBenito b4cd15
Chris PeBenito b4cd15 
type futexfs_t, fs_type;
Chris PeBenito e32c0d 
genfscon futexfs / context_template(system_u:object_r:futexfs_t,s0)
Chris PeBenito b4cd15
Chris PeBenito b4cd15 
type nfsd_fs_t, fs_type;
Chris PeBenito e32c0d 
genfscon nfsd / context_template(system_u:object_r:nfsd_fs_t,s0)
Chris PeBenito b4cd15
Chris PeBenito b4cd15 
type ramfs_t, fs_type;
Chris PeBenito b4cd15 
allow ramfs_t self:filesystem associate;
Chris PeBenito e32c0d 
genfscon ramfs / context_template(system_u:object_r:ramfs_t,s0)
Chris PeBenito b4cd15
Chris PeBenito b4cd15 
type romfs_t, fs_type;
Chris PeBenito b4cd15 
allow romfs_t self:filesystem associate;
Chris PeBenito e32c0d 
genfscon romfs / context_template(system_u:object_r:romfs_t,s0)
Chris PeBenito e32c0d 
genfscon cramfs / context_template(system_u:object_r:romfs_t,s0)
Chris PeBenito b4cd15
Chris PeBenito b4cd15 
type rpc_pipefs_t, fs_type;
Chris PeBenito e32c0d 
genfscon rpc_pipefs / context_template(system_u:object_r:rpc_pipefs_t,s0)
Chris PeBenito b4cd15
Chris PeBenito b4cd15 
#
Chris PeBenito b4cd15 
# tmpfs_t is the type for tmpfs filesystems
Chris PeBenito b4cd15 
#
Chris PeBenito b4cd15 
type tmpfs_t, fs_type;
Chris PeBenito f5c42b 
files_make_file(tmpfs_t)
Chris PeBenito f5c42b
Chris PeBenito cabfa5 
# Use a transition SID based on the allocating task SID and the
Chris PeBenito cabfa5 
# filesystem SID to label inodes in the following filesystem types,
Chris PeBenito cabfa5 
# and label the filesystem itself with the specified context.
Chris PeBenito cabfa5 
# This is appropriate for pseudo filesystems like devpts and tmpfs
Chris PeBenito cabfa5 
# where we want to label objects with a derived type.
Chris PeBenito cabfa5 
fs_use_trans tmpfs context_template(system_u:object_r:tmpfs_t,s0);
Chris PeBenito cabfa5 
fs_use_trans shm context_template(system_u:object_r:tmpfs_t,s0);
Chris PeBenito cabfa5
Chris PeBenito b4cd15 
allow tmpfs_t self:filesystem associate;
Chris PeBenito fe040c 
allow tmpfs_t noxattrfs:filesystem associate;
Chris PeBenito b4cd15
Chris PeBenito b4cd15 
########################################
Chris PeBenito b4cd15 
#
Chris PeBenito b4cd15 
# Filesystems without extended attribute support
Chris PeBenito b4cd15 
#
Chris PeBenito fe040c 
type autofs_t, fs_type, noxattrfs;
Chris PeBenito b4cd15 
allow autofs_t self:filesystem associate;
Chris PeBenito e32c0d 
genfscon autofs / context_template(system_u:object_r:autofs_t,s0)
Chris PeBenito e32c0d 
genfscon automount / context_template(system_u:object_r:autofs_t,s0)
Chris PeBenito b4cd15
Chris PeBenito b4cd15 
#
Chris PeBenito b4cd15 
# cifs_t is the type for filesystems and their
Chris PeBenito b4cd15 
# files shared from Windows servers
Chris PeBenito b4cd15 
#
Chris PeBenito fe040c 
type cifs_t alias sambafs_t, fs_type, noxattrfs;
Chris PeBenito b4cd15 
allow cifs_t self:filesystem associate;
Chris PeBenito e32c0d 
genfscon cifs / context_template(system_u:object_r:cifs_t,s0)
Chris PeBenito e32c0d 
genfscon smbfs / context_template(system_u:object_r:cifs_t,s0)
Chris PeBenito b4cd15
Chris PeBenito b4cd15 
#
Chris PeBenito b4cd15 
# dosfs_t is the type for fat and vfat
Chris PeBenito b4cd15 
# filesystems and their files.
Chris PeBenito b4cd15 
#
Chris PeBenito fe040c 
type dosfs_t, fs_type, noxattrfs;
Chris PeBenito b4cd15 
allow dosfs_t self:filesystem associate;
Chris PeBenito e32c0d 
genfscon vfat / context_template(system_u:object_r:dosfs_t,s0)
Chris PeBenito e32c0d 
genfscon msdos / context_template(system_u:object_r:dosfs_t,s0)
Chris PeBenito e32c0d 
genfscon fat / context_template(system_u:object_r:dosfs_t,s0)
Chris PeBenito e32c0d 
genfscon ntfs / context_template(system_u:object_r:dosfs_t,s0)
Chris PeBenito b4cd15
Chris PeBenito b4cd15 
#
Chris PeBenito b4cd15 
# iso9660_t is the type for CD filesystems
Chris PeBenito b4cd15 
# and their files.
Chris PeBenito b4cd15 
#
Chris PeBenito fe040c 
type iso9660_t, fs_type, noxattrfs;
Chris PeBenito b4cd15 
allow iso9660_t self:filesystem associate;
Chris PeBenito e32c0d 
genfscon iso9660 / context_template(system_u:object_r:iso9660_t,s0)
Chris PeBenito e32c0d 
genfscon udf / context_template(system_u:object_r:iso9660_t,s0)
Chris PeBenito b4cd15
Chris PeBenito b4cd15 
#
Chris PeBenito 33bc0d 
# removable_t is the default type of all removable media
Chris PeBenito 33bc0d 
#
Chris PeBenito fe040c 
type removable_t, fs_type, noxattrfs;
Chris PeBenito fe040c 
allow removable_t noxattrfs:filesystem associate;
Chris PeBenito 33bc0d
Chris PeBenito 33bc0d 
#
Chris PeBenito b4cd15 
# nfs_t is the default type for NFS file systems
Chris PeBenito b4cd15 
# and their files.
Chris PeBenito b4cd15 
#
Chris PeBenito fe040c 
type nfs_t, fs_type, noxattrfs;
Chris PeBenito a2d824 
files_make_mountpoint(nfs_t)
Chris PeBenito b4cd15 
allow nfs_t self:filesystem associate;
Chris PeBenito e32c0d 
genfscon nfs / context_template(system_u:object_r:nfs_t,s0)
Chris PeBenito e32c0d 
genfscon nfs4 / context_template(system_u:object_r:nfs_t,s0)
Chris PeBenito e32c0d 
genfscon afs / context_template(system_u:object_r:nfs_t,s0)

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation