# Copyright (C) 2005 Tresys Technology, LLC

policy_module(files,1.0)

attribute file_type;

attribute lockfile;

attribute pidfile;

attribute tmpfile;

attribute mountpoint;

# default_t is the default type for files that do not

# match any specification in the file_contexts configuration

# other than the generic /.* specification.

type default_t, file_type, mountpoint;

filesystem_associate(default_t)

filesystem_noxattr_associate(default_t)

#

# etc_t is the type of the system etc directories.

#

type etc_t, file_type;

filesystem_associate(etc_t)

filesystem_noxattr_associate(etc_t)

#

# etc_runtime_t is the type of various

# files in /etc that are automatically

# generated during initialization.

#

type etc_runtime_t, file_type;

filesystem_associate(etc_runtime_t)

filesystem_noxattr_associate(etc_runtime_t)

#

# file_t is the default type of a file that has not yet been

# assigned an extended attribute (EA) value (when using a filesystem

# that supports EAs).

#

type file_t, file_type, mountpoint;

filesystem_associate(file_t)

filesystem_noxattr_associate(file_t)

kernel_make_root_filesystem_mountpoint(file_t)

#

# home_root_t is the type for the directory where user home directories

# are created

#

type home_root_t, file_type, mountpoint;

filesystem_associate(home_root_t)

filesystem_noxattr_associate(home_root_t)

#

# lost_found_t is the type for the lost+found directories.

#

type lost_found_t, file_type;

filesystem_associate(lost_found_t)

filesystem_noxattr_associate(lost_found_t)

#

# mnt_t is the type for mount points such as /mnt/cdrom

#

type mnt_t, file_type, mountpoint;

filesystem_associate(mnt_t)

filesystem_noxattr_associate(mnt_t)

type no_access_t, file_type;

filesystem_associate(no_access_t)

filesystem_noxattr_associate(no_access_t)

type poly_t, file_type;

filesystem_associate(poly_t)

filesystem_noxattr_associate(poly_t)

type readable_t, file_type;

filesystem_associate(readable_t)

filesystem_noxattr_associate(readable_t)

#

# root_t is the type for rootfs and the root directory.

#

type root_t, file_type, mountpoint;

filesystem_associate(root_t)

filesystem_noxattr_associate(root_t)

kernel_read_directory_from(root_t)

kernel_make_root_filesystem_mountpoint(root_t)

genfscon rootfs / system_u:object_r:root_t

#

# src_t is the type of files in the system src directories.

#

type src_t, file_type;

filesystem_associate(src_t)

filesystem_noxattr_associate(src_t)

#

# tmp_t is the type of the temporary directories

#

type tmp_t, file_type, tmpfile, mountpoint;

filesystem_associate(tmp_t)

filesystem_noxattr_associate(tmp_t)

#

# usr_t is the type for /usr.

#

type usr_t, file_type, mountpoint;

filesystem_associate(usr_t)

filesystem_noxattr_associate(usr_t)

#

# var_t is the type of /var

#

type var_t, file_type, mountpoint;

filesystem_associate(var_t)

filesystem_noxattr_associate(var_t)

#

# var_lib_t is the type of /var/lib

#

type var_lib_t, file_type;

filesystem_associate(var_lib_t)

filesystem_noxattr_associate(var_lib_t)

#

# var_lock_t is tye type of /var/lock

#

type var_lock_t, file_type, lockfile;

filesystem_associate(var_lock_t)

filesystem_noxattr_associate(var_lock_t)

#

# var_run_t is the type of /var/run, usually

# used for pid and other runtime files.

#

type var_run_t, file_type, pidfile;

filesystem_associate(var_run_t)

filesystem_noxattr_associate(var_run_t)

#

# var_spool_t is the type of /var/spool

#

type var_spool_t, file_type;

filesystem_associate(var_spool_t)

filesystem_noxattr_associate(var_spool_t)