|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
# File contexts for VMWare.
|
|
Chris PeBenito |
0fbfa5 |
# Contributed by Mark Westerman (mark.westerman@westcam.com)
|
|
Chris PeBenito |
0fbfa5 |
# Changes made by NAI Labs.
|
|
Chris PeBenito |
0fbfa5 |
# Tested with VMWare 3.1
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
/usr/bin/vmnet-bridge -- system_u:object_r:vmware_exec_t
|
|
Chris PeBenito |
0fbfa5 |
/usr/bin/vmnet-dhcpd -- system_u:object_r:vmware_exec_t
|
|
Chris PeBenito |
0fbfa5 |
/usr/bin/vmnet-natd -- system_u:object_r:vmware_exec_t
|
|
Chris PeBenito |
0fbfa5 |
/usr/bin/vmnet-netifup -- system_u:object_r:vmware_exec_t
|
|
Chris PeBenito |
0fbfa5 |
/usr/bin/vmnet-sniffer -- system_u:object_r:vmware_exec_t
|
|
Chris PeBenito |
0fbfa5 |
/usr/bin/vmware-nmbd -- system_u:object_r:vmware_exec_t
|
|
Chris PeBenito |
0fbfa5 |
/usr/bin/vmware-ping -- system_u:object_r:vmware_exec_t
|
|
Chris PeBenito |
0fbfa5 |
/usr/bin/vmware-smbd -- system_u:object_r:vmware_exec_t
|
|
Chris PeBenito |
0fbfa5 |
/usr/bin/vmware-smbpasswd -- system_u:object_r:vmware_exec_t
|
|
Chris PeBenito |
0fbfa5 |
/usr/bin/vmware-smbpasswd\.bin -- system_u:object_r:vmware_exec_t
|
|
Chris PeBenito |
0fbfa5 |
/usr/bin/vmware-wizard -- system_u:object_r:vmware_user_exec_t
|
|
Chris PeBenito |
0fbfa5 |
/usr/bin/vmware -- system_u:object_r:vmware_user_exec_t
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
/dev/vmmon -c system_u:object_r:vmware_device_t
|
|
Chris PeBenito |
0fbfa5 |
/dev/vmnet.* -c system_u:object_r:vmware_device_t
|
|
Chris PeBenito |
0fbfa5 |
/dev/plex86 -c system_u:object_r:vmware_device_t
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
/etc/vmware.*(/.*)? system_u:object_r:vmware_sys_conf_t
|
|
Chris PeBenito |
0fbfa5 |
/usr/lib(64)?/vmware/config -- system_u:object_r:vmware_sys_conf_t
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
/usr/lib(64)?/vmware/bin/vmware-mks -- system_u:object_r:vmware_user_exec_t
|
|
Chris PeBenito |
0fbfa5 |
/usr/lib(64)?/vmware/bin/vmware-ui -- system_u:object_r:vmware_user_exec_t
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
# This is only an example of how to protect vmware session configuration
|
|
Chris PeBenito |
0fbfa5 |
# files. A general user can execute vmware and start a vmware session
|
|
Chris PeBenito |
0fbfa5 |
# but the user can not modify the session configuration information
|
|
Chris PeBenito |
0fbfa5 |
#/usr/local/vmware(/.*)? system_u:object_r:vmware_user_file_t
|
|
Chris PeBenito |
0fbfa5 |
#/usr/local/vmware/[^/]*/.*\.cfg -- system_u:object_r:vmware_user_conf_t
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# The rules below assume that the user VMWare virtual disks are in the
|
|
Chris PeBenito |
0fbfa5 |
# ~/vmware, and the preferences and license files are in ~/.vmware.
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
HOME_DIR/\.vmware(/.*)? system_u:object_r:ROLE_vmware_file_t
|
|
Chris PeBenito |
0fbfa5 |
HOME_DIR/vmware(/.*)? system_u:object_r:ROLE_vmware_file_t
|
|
Chris PeBenito |
0fbfa5 |
HOME_DIR/\.vmware[^/]*/.*\.cfg -- system_u:object_r:ROLE_vmware_conf_t
|