#

# File contexts for VMWare.

# Contributed by Mark Westerman (mark.westerman@westcam.com)

# Changes made by NAI Labs.

# Tested with VMWare 3.1

#

/usr/bin/vmnet-bridge	--	system_u:object_r:vmware_exec_t

/usr/bin/vmnet-dhcpd	--	system_u:object_r:vmware_exec_t

/usr/bin/vmnet-natd	--	system_u:object_r:vmware_exec_t

/usr/bin/vmnet-netifup	--	system_u:object_r:vmware_exec_t

/usr/bin/vmnet-sniffer	--	system_u:object_r:vmware_exec_t

/usr/bin/vmware-nmbd	--	system_u:object_r:vmware_exec_t

/usr/bin/vmware-ping	--	system_u:object_r:vmware_exec_t

/usr/bin/vmware-smbd	--	system_u:object_r:vmware_exec_t

/usr/bin/vmware-smbpasswd --	system_u:object_r:vmware_exec_t

/usr/bin/vmware-smbpasswd\.bin -- system_u:object_r:vmware_exec_t

/usr/bin/vmware-wizard	--	system_u:object_r:vmware_user_exec_t

/usr/bin/vmware		--	system_u:object_r:vmware_user_exec_t

/dev/vmmon		-c	system_u:object_r:vmware_device_t

/dev/vmnet.*		-c	system_u:object_r:vmware_device_t

/dev/plex86		-c	system_u:object_r:vmware_device_t

/etc/vmware.*(/.*)?		system_u:object_r:vmware_sys_conf_t

/usr/lib(64)?/vmware/config	--	system_u:object_r:vmware_sys_conf_t

/usr/lib(64)?/vmware/bin/vmware-mks -- system_u:object_r:vmware_user_exec_t

/usr/lib(64)?/vmware/bin/vmware-ui -- system_u:object_r:vmware_user_exec_t

#

# This is only an example of how to protect vmware session configuration

# files.  A general user can execute vmware and start a vmware session

# but the user can not modify the session configuration information

#/usr/local/vmware(/.*)?	system_u:object_r:vmware_user_file_t

#/usr/local/vmware/[^/]*/.*\.cfg -- system_u:object_r:vmware_user_conf_t

# The rules below assume that the user VMWare virtual disks are in the

# ~/vmware, and the preferences and license files are in ~/.vmware.

#

HOME_DIR/\.vmware(/.*)?	system_u:object_r:ROLE_vmware_file_t

HOME_DIR/vmware(/.*)?	system_u:object_r:ROLE_vmware_file_t

HOME_DIR/\.vmware[^/]*/.*\.cfg	--	system_u:object_r:ROLE_vmware_conf_t