On Fri, 29 Mar 2002 12:43, Wichert Akkerman wrote: > Previously Russell Coker wrote: > > I need to have a script run after every package is installed. > > What for?
So assign SIDs to new files for NSA SE Linux. I've attached my latest file_contexts file which has a list of regular expressions used to determine which files have each SID. The program setfiles is used to apply them. After each package is installed (but before the postinst is run) I want to run: dpkg -L package | setfiles /etc/selinux/file_contexts - Then after the postinst I want to run: find /etc | setfiles /etc/selinux/file_contexts - To deal with packages that create files in /etc as part of their postinst. -- If you send email to me or to a mailing list that I use which has >4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void.
# # This file describes the security contexts to be applied to files # when the security policy is installed. The setfiles program # reads this file and labels files accordingly. # # Each specification has the form: # regexp [ -type ] ( context | <<none>> ) # # By default, the regexp is an anchored match on both ends (i.e. a # caret (^) is prepended and a dollar sign ($) is appended automatically). # This default may be overridden by using .* at the beginning and/or # end of the regular expression. # # The optional type field specifies the file type as shown in the mode # field by ls, e.g. use -d to match only directories or -- to match only # regular files. # # The value of <<none> may be used to indicate that matching files # should not be relabeled. # # The last matching specification is used. # # If there are multiple hard links to a file that match # different specifications and those specifications indicate # different security contexts, then a warning is displayed # but the file is still labeled based on the last matching # specification other than <<none>>. # # Some of the files listed here get re-created during boot and therefore # need type transition rules to retain the correct type. These files are # listed here anyway so that if the setfiles program is used on a running # system it doesn't relabel them to something we don't want. An example of # this is /var/run/utmp. # # # The security context for all files not otherwise specified. # /.* system_u:object_r:file_t # # The root directory. # / system_u:object_r:root_t # # The policy configuration. # /ss_policy system_u:object_r:policy_config_t # # /var # /var(|/.*) system_u:object_r:var_t /var/catman(|/.*) system_u:object_r:catman_t /var/cache/man(|/.*) system_u:object_r:catman_t /var/yp(|/.*) system_u:object_r:var_yp_t /var/lib(|/.*) system_u:object_r:var_lib_t /var/lib/nfs(|/.*) system_u:object_r:var_lib_nfs_t /var/lib/rpm(|/.*) system_u:object_r:var_lib_rpm_t /var/lib/ntp(|/.*) system_u:object_r:var_lib_ntp_t /var/lib/dhcp system_u:object_r:dhcp_state_t /var/lib/dhcp/dhclient.* system_u:object_r:dhcpc_state_t /var/lib/dhcp/dhcpd.leases.* system_u:object_r:dhcpd_state_t /var/lib/ldap(|/.*) system_u:object_r:slapd_db_t /var/lib/ldap/replog(|/.*) system_u:object_r:slapd_replog_t /var/lock(|/.*) system_u:object_r:var_lock_t /var/tmp(|/.*) system_u:object_r:tmp_t /var/www/html(|/.*) system_u:object_r:httpd_sys_content_t /var/www/cgi-bin(|/.*) system_u:object_r:httpd_sys_script_t /var/www/perl(|/.*) system_u:object_r:httpd_sys_script_t /var/www/icons(|/.*) system_u:object_r:httpd_sys_content_t /var/cache/httpd(|/.*) system_u:object_r:httpd_cache_t /var/named(|/.*) system_u:object_r:named_conf_t /var/cache/squid(|/.*) system_u:object_r:squid_cache_t # # /var/ftp # /var/ftp/bin system_u:object_r:bin_t /var/ftp/lib system_u:object_r:lib_t /var/ftp/lib/ld.*\.so.* system_u:object_r:ld_so_t /var/ftp/lib/lib.*\.so.* system_u:object_r:shlib_t /var/ftp/etc system_u:object_r:etc_t # # The superuser home directory. # /root(|/.*) system_u:object_r:sysadm_home_t /root/\.netscape(|/.*) system_u:object_r:sysadm_netscape_rw_t /root/\.mozilla(|/.*) system_u:object_r:sysadm_netscape_rw_t /root/.*/\.gnupg(|/.*) system_u:object_r:sysadm_gpg_secret_t # # Other user home directories. # /home(|/.*) system_u:object_r:user_home_t /home/.*/\.netscape(|/.*) system_u:object_r:user_netscape_rw_t /home/.*/\.mozilla(|/.*) system_u:object_r:user_netscape_rw_t /home/.*/\.gnupg(|/.*) system_u:object_r:user_gpg_secret_t # # /bin # /bin(|/.*) system_u:object_r:bin_t /bin/login system_u:object_r:login_exec_t /bin/tcsh system_u:object_r:shell_exec_t /bin/bash system_u:object_r:shell_exec_t /bin/ash system_u:object_r:shell_exec_t /bin/su system_u:object_r:su_exec_t /bin/ls$ system_u:object_r:ls_exec_t /bin/mount system_u:object_r:mount_exec_t /bin/umount system_u:object_r:mount_exec_t /bin/ping system_u:object_r:ping_exec_t /bin/rpm system_u:object_r:rpm_exec_t /bin/dmesg system_u:object_r:dmesg_exec_t # # /boot # /boot(|/.*) system_u:object_r:boot_t /boot/kernel.h(|.*) system_u:object_r:boot_runtime_t # # /dev # /dev(|/.*) system_u:object_r:device_t /dev/MAKEDEV system_u:object_r:sbin_t /dev/null system_u:object_r:null_device_t /dev/zero system_u:object_r:zero_device_t /dev/console system_u:object_r:console_device_t /dev/(kmem|mem|port) system_u:object_r:memory_device_t /dev/random system_u:object_r:random_device_t /dev/urandom system_u:object_r:random_device_t /dev/[^/]*tty[^/]* system_u:object_r:tty_device_t /dev/vcs[^/]* system_u:object_r:tty_device_t /dev/tty system_u:object_r:devtty_t /dev/sd[^/]* system_u:object_r:fixed_disk_device_t /dev/hd[^/]* system_u:object_r:fixed_disk_device_t /dev/scd[^/]* system_u:object_r:removable_device_t /dev/fd[^/]* system_u:object_r:removable_device_t /dev/rtc system_u:object_r:clock_device_t /dev/initctl system_u:object_r:initctl_t /dev/log system_u:object_r:devlog_t /dev/printer system_u:object_r:printer_t /dev/psaux system_u:object_r:mouse_device_t /dev/.*mouse.* -c system_u:object_r:mouse_device_t /dev/input/.*mouse.* system_u:object_r:mouse_device_t /dev/gpmctl system_u:object_r:gpmctl_t /dev/ptmx system_u:object_r:ptmx_t /dev/sequencer system_u:object_r:misc_device_t /dev/agpgart system_u:object_r:agp_device_t /dev/dri(|/.*) system_u:object_r:dri_device_t /dev/apm_bios system_u:object_r:apm_bios_t /dev/ppp system_u:object_r:ppp_device_t # # /etc # /etc(|/.*) system_u:object_r:etc_t /etc/rc.d/rc system_u:object_r:initrc_exec_t /etc/rc.d/rc.sysinit system_u:object_r:initrc_exec_t /etc/rc.d/rc.local system_u:object_r:initrc_exec_t /etc/init.d/rc system_u:object_r:initrc_exec_t /etc/init.d/rcS system_u:object_r:initrc_exec_t /etc/aliases system_u:object_r:etc_aliases_t /etc/aliases.db system_u:object_r:etc_aliases_t /etc/mail(|/.*) system_u:object_r:etc_mail_t /etc/modules.conf system_u:object_r:modules_conf_t /etc/fstab.REVOKE system_u:object_r:etc_runtime_t /etc/HOSTNAME system_u:object_r:etc_runtime_t /etc/ioctl.save system_u:object_r:etc_runtime_t /etc/mtab system_u:object_r:etc_runtime_t /etc/issue system_u:object_r:etc_runtime_t /etc/issue.net system_u:object_r:etc_runtime_t /etc/sysconfig/hwconf system_u:object_r:etc_runtime_t /etc/crontab system_u:object_r:system_crond_script_t /etc/cron.d(|/.*) system_u:object_r:system_crond_script_t /etc/security/cron_context.* system_u:object_r:cron_context_t /etc/ssh/primes system_u:object_r:sshd_key_t /etc/ssh/ssh_host_key system_u:object_r:sshd_key_t /etc/ssh/ssh_host_dsa_key system_u:object_r:sshd_key_t /etc/ssh/ssh_host_rsa_key system_u:object_r:sshd_key_t /etc/ld.so.cache system_u:object_r:ld_so_cache_t /etc/ld.so.preload system_u:object_r:ld_so_cache_t /etc/httpd system_u:object_r:httpd_config_t /etc/httpd/conf(|/.*) system_u:object_r:httpd_config_t /etc/httpd/logs system_u:object_r:httpd_log_files_t /etc/httpd/modules system_u:object_r:httpd_modules_t /etc/resolv.conf.* system_u:object_r:resolv_conf_t /etc/adjtime system_u:object_r:adjtime_t /etc/named.conf system_u:object_r:named_conf_t /etc/mrtg(|/.*) system_u:object_r:etc_mrtg_t /etc/dhcpc.*(|/.*) system_u:object_r:etc_dhcpc_t /etc/dhclient.conf system_u:object_r:etc_dhcpc_t /etc/dhclient-script system_u:object_r:etc_dhcpc_t /etc/dhcpd.conf system_u:object_r:etc_dhcpd_t /etc/courier(|/.*) system_u:object_r:etc_courier_t /etc/ntp.conf system_u:object_r:etc_ntp_t /etc/postfix(|/.*) system_u:object_r:etc_postfix_t /etc/postfix/postfix-script.* system_u:object_r:postfix_exec_t /etc/radvd.conf system_u:object_r:etc_radvd_t /etc/cups(|/.*) system_u:object_r:etc_cupsd_t /etc/printcap.cups system_u:object_r:etc_cupsd_t /etc/raddb(|/.*) system_u:object_r:etc_radiusd_t # # /lib # /lib(|/.*) system_u:object_r:lib_t /lib/ld.*\.so.* system_u:object_r:ld_so_t /lib/lib.*\.so.* system_u:object_r:shlib_t /lib/[^/]*/lib.*\.so.* system_u:object_r:shlib_t /lib/security/.*\.so.* system_u:object_r:shlib_t /lib/modules(|/.*) system_u:object_r:modules_object_t /lib/modules/[^/]*/modules\..* system_u:object_r:modules_dep_t # # /sbin # /sbin(|/.*) system_u:object_r:sbin_t /sbin/ifconfig system_u:object_r:ifconfig_exec_t /sbin/depmod system_u:object_r:depmod_exec_t /sbin/modprobe system_u:object_r:insmod_exec_t /sbin/insmod system_u:object_r:insmod_exec_t /sbin/insmod.static system_u:object_r:insmod_exec_t /sbin/rmmod system_u:object_r:insmod_exec_t /sbin/init system_u:object_r:init_exec_t /sbin/sulogin system_u:object_r:sulogin_exec_t /sbin/.*getty system_u:object_r:getty_exec_t /sbin/syslogd system_u:object_r:syslogd_exec_t /sbin/minilogd system_u:object_r:syslogd_exec_t /sbin/klogd system_u:object_r:klogd_exec_t /sbin/ypbind system_u:object_r:ypbind_exec_t /sbin/portmap system_u:object_r:portmap_exec_t /sbin/rpc\..* system_u:object_r:rpcd_exec_t /sbin/cardmgr system_u:object_r:cardmgr_exec_t /sbin/fsck system_u:object_r:fsadm_exec_t /sbin/fsck\.ext2 system_u:object_r:fsadm_exec_t /sbin/fsck\.ext3 system_u:object_r:fsadm_exec_t /sbin/e2fsck system_u:object_r:fsadm_exec_t /sbin/e2label system_u:object_r:fsadm_exec_t /sbin/mkfs system_u:object_r:fsadm_exec_t /sbin/mke2fs system_u:object_r:fsadm_exec_t /sbin/mkfs.ext2 system_u:object_r:fsadm_exec_t /sbin/mkswap system_u:object_r:fsadm_exec_t /sbin/scsi_info system_u:object_r:fsadm_exec_t /sbin/sfdisk system_u:object_r:fsadm_exec_t /sbin/cfdisk system_u:object_r:fsadm_exec_t /sbin/fdisk system_u:object_r:fsadm_exec_t /sbin/tune2fs system_u:object_r:fsadm_exec_t /sbin/dumpe2fs system_u:object_r:fsadm_exec_t /sbin/swapon system_u:object_r:fsadm_exec_t /sbin/hdparm system_u:object_r:fsadm_exec_t /sbin/.*_chkpwd system_u:object_r:chkpwd_exec_t /sbin/pump system_u:object_r:pump_exec_t /sbin/hwclock system_u:object_r:hwclock_exec_t /sbin/ip system_u:object_r:netutils_exec_t /sbin/arping system_u:object_r:netutils_exec_t /sbin/dhcpcd system_u:object_r:dhcpc_exec_t /sbin/dhclient.* system_u:object_r:dhcpc_exec_t /sbin/ipchains system_u:object_r:ipchains_exec_t /sbin/ipchains-restore system_u:object_r:ipchains_exec_t /sbin/ipchains-save system_u:object_r:ipchains_exec_t /sbin/iptables system_u:object_r:ipchains_exec_t /sbin/devfsd system_u:object_r:devfsd_exec_t /sbin/run_init system_u:object_r:run_init_exec_t /sbin/ldconfig system_u:object_r:ldconfig_exec_t # # /tmp # /tmp(|/.*) system_u:object_r:tmp_t /tmp/orbit.* system_u:object_r:user_tmp_t /tmp/.ICE-unix(|/.*) system_u:object_r:user_tmp_t /tmp/.X11-unix(|/.*) system_u:object_r:user_xserver_tmp_t /tmp/.X0-lock system_u:object_r:user_xserver_tmp_t /tmp/.font-unix(|/.*) system_u:object_r:xfs_tmp_t # # /usr # /usr(|/.*) system_u:object_r:usr_t /usr/etc(|/.*) system_u:object_r:etc_t /usr/libexec(|/.*) system_u:object_r:lib_t /usr/src(|/.*) system_u:object_r:src_t /usr/tmp(|/.*) system_u:object_r:tmp_t /usr/man(|/.*) system_u:object_r:man_t # # /usr/bin # /usr/bin(|/.*) system_u:object_r:bin_t /usr/bin/lpr system_u:object_r:lpr_exec_t /usr/bin/lpq system_u:object_r:lpr_exec_t /usr/bin/lprm system_u:object_r:lpr_exec_t /usr/bin/makemap system_u:object_r:sbin_t /usr/bin/netscape system_u:object_r:netscape_exec_t /usr/bin/mozilla.* system_u:object_r:netscape_exec_t /usr/bin/crontab system_u:object_r:crontab_exec_t /usr/bin/ssh system_u:object_r:ssh_exec_t /usr/bin/mesg system_u:object_r:mesg_exec_t /usr/bin/spasswd system_u:object_r:passwd_exec_t /usr/bin/schsh system_u:object_r:passwd_exec_t /usr/bin/schfn system_u:object_r:passwd_exec_t /usr/bin/newrole system_u:object_r:newrole_exec_t /usr/bin/kcheckpass system_u:object_r:kcheckpass_exec_t /usr/bin/gpg system_u:object_r:gpg_exec_t # # /usr/lib # /usr/lib(|/.*) system_u:object_r:lib_t /usr/lib/lib.*\.so.* system_u:object_r:shlib_t /usr/lib/[^/]*/lib.*\.so.* system_u:object_r:shlib_t /usr/lib/autofs/.*\.so system_u:object_r:shlib_t /usr/lib/perl5/man(|/.*) system_u:object_r:man_t /usr/lib/perl.*\.so system_u:object_r:shlib_t /usr/lib/locale/.*/LC_.* system_u:object_r:writeable_t /usr/share/locale/.*/LC_.* system_u:object_r:writeable_t /usr/lib/apache(|/.*) system_u:object_r:httpd_modules_t /usr/lib/courier(|/.*) system_u:object_r:etc_courier_t /usr/lib/courier/pop3d system_u:object_r:courier_pop_exec_t /usr/lib/courier/imapd system_u:object_r:courier_pop_exec_t /usr/lib/courier/authlib/.* system_u:object_r:courier_authdaemon_exec_t /usr/lib/courier/courier/.* system_u:object_r:courier_exec_t /usr/lib/courier/courier/courierpop.* system_u:object_r:courier_pop_exec_t /usr/lib/courier/courier/courierpop3.* system_u:object_r:courier_pop_exec_t /usr/lib/courier/courier/imaplogin system_u:object_r:courier_pop_exec_t /usr/lib/courier/courier/pcpd system_u:object_r:courier_pcp_exec_t /usr/lib/postfix(|/.*) system_u:object_r:postfix_exec_t /usr/lib/postfix/master system_u:object_r:postfix_master_exec_t /usr/lib/netscape/base-4/wrapper system_u:object_r:netscape_exec_t /usr/lib/cups/backend system_u:object_r:cupsd_exec_t # # /usr/.*glibc.*-linux/lib # /usr/.*glibc.*-linux/lib(|/.*) system_u:object_r:lib_t /usr/.*glibc.*-linux/lib/ld.*\.so.* system_u:object_r:ld_so_t /usr/.*glibc.*-linux/lib/lib.*\.so.* system_u:object_r:shlib_t # /usr/.*redhat-linux/lib # /usr/.*redhat-linux/lib(|/.*) system_u:object_r:lib_t /usr/.*redhat-linux/lib/ld.*\.so.* system_u:object_r:ld_so_t /usr/.*redhat-linux/lib/lib.*\.so.* system_u:object_r:shlib_t # # /usr/.*linux-libc.*/lib # /usr/.*linux-libc.*/lib(|/.*) system_u:object_r:lib_t /usr/.*linux-libc.*/lib/ld.*\.so.* system_u:object_r:ld_so_t /usr/.*linux-libc.*/lib/lib.*\.so.* system_u:object_r:shlib_t # # /usr/local # /usr/local/etc(|/.*) system_u:object_r:etc_t /usr/local/src(|/.*) system_u:object_r:src_t /usr/local/sbin(|/.*) system_u:object_r:sbin_t /usr/local/man(|/.*) system_u:object_r:man_t # # /usr/local/bin # /usr/local/bin(|/.*) system_u:object_r:bin_t # # /usr/local/lib # /usr/local/lib(|/.*) system_u:object_r:lib_t # # /usr/sbin # /usr/sbin(|/.*) system_u:object_r:sbin_t /usr/sbin/syslogd system_u:object_r:syslogd_exec_t /usr/sbin/klogd system_u:object_r:klogd_exec_t /usr/sbin/apmd system_u:object_r:apmd_exec_t /usr/sbin/cron(|d) system_u:object_r:crond_exec_t /usr/sbin/atd system_u:object_r:atd_exec_t /usr/sbin/lpd system_u:object_r:lpd_exec_t /usr/sbin/cupsd system_u:object_r:cupsd_exec_t /usr/sbin/sshd system_u:object_r:sshd_exec_t /usr/sbin/inetd system_u:object_r:inetd_exec_t /usr/sbin/xinetd system_u:object_r:inetd_exec_t /usr/sbin/rlinetd system_u:object_r:inetd_exec_t /usr/sbin/tcpd system_u:object_r:tcpd_exec_t /usr/sbin/identd system_u:object_r:inetd_child_exec_t /usr/sbin/in\..*d system_u:object_r:inetd_child_exec_t /usr/sbin/in.rlogind system_u:object_r:rlogind_exec_t /usr/sbin/in.telnetd system_u:object_r:rlogind_exec_t /usr/sbin/in.rshd system_u:object_r:rshd_exec_t /usr/sbin/in.ftpd system_u:object_r:ftpd_exec_t /usr/sbin/sendmail system_u:object_r:sendmail_exec_t /usr/sbin/rpc\..* system_u:object_r:rpcd_exec_t /usr/sbin/gpm system_u:object_r:gpm_exec_t /usr/sbin/makemap system_u:object_r:sbin_t /usr/sbin/utempter system_u:object_r:utempter_exec_t /usr/sbin/gnome-pty-helper system_u:object_r:gph_exec_t /usr/sbin/logrotate system_u:object_r:logrotate_exec_t /usr/sbin/updfstab system_u:object_r:fsadm_exec_t /usr/sbin/httpd system_u:object_r:httpd_exec_t /usr/sbin/apache system_u:object_r:httpd_exec_t /usr/sbin/automount system_u:object_r:automount_exec_t /usr/sbin/anacron system_u:object_r:anacron_exec_t /usr/sbin/fcron system_u:object_r:anacron_exec_t /usr/sbin/suexec system_u:object_r:httpd_suexec_exec_t /usr/sbin/named system_u:object_r:named_exec_t /usr/sbin/checkpc system_u:object_r:checkpc_exec_t /usr/sbin/ipchains system_u:object_r:ipchains_exec_t /usr/sbin/pppd system_u:object_r:pppd_exec_t /usr/sbin/nscd system_u:object_r:nscd_exec_t /usr/sbin/squid system_u:object_r:squid_exec_t /usr/sbin/radvd system_u:object_r:radvd_exec_t /usr/sbin/ntpd system_u:object_r:ntpd_exec_t /usr/sbin/dhcpd(|-.*) system_u:object_r:dhcpd_exec_t /usr/sbin/slapd system_u:object_r:slapd_exec_t /usr/sbin/couriertcpd system_u:object_r:courier_tcpd_exec_t /usr/sbin/courierlogger system_u:object_r:courier_exec_t /usr/sbin/postalias system_u:object_r:postfix_master_exec_t /usr/sbin/postcat system_u:object_r:postfix_master_exec_t /usr/sbin/postconf system_u:object_r:postfix_master_exec_t /usr/sbin/postdrop system_u:object_r:postfix_master_exec_t /usr/sbin/postfix system_u:object_r:postfix_master_exec_t /usr/sbin/postkick system_u:object_r:postfix_master_exec_t /usr/sbin/postlock system_u:object_r:postfix_master_exec_t /usr/sbin/postlog system_u:object_r:postfix_master_exec_t /usr/sbin/postmap system_u:object_r:postfix_master_exec_t /usr/sbin/postqueue system_u:object_r:postfix_master_exec_t /usr/sbin/postsuper system_u:object_r:postfix_master_exec_t /usr/sbin/rmail system_u:object_r:postfix_master_exec_t /usr/sbin/speedmgmt system_u:object_r:speedmgmt_exec_t /usr/sbin/portslave system_u:object_r:getty_exec_t /usr/sbin/radiusd system_u:object_r:radiusd_exec_t # # /usr/X11R6/bin # /usr/X11R6/bin(|/.*) system_u:object_r:bin_t /usr/X11R6/bin/xfs system_u:object_r:xfs_exec_t /usr/X11R6/bin/Xwrapper system_u:object_r:xserver_exec_t # # /usr/X11R6/lib # /usr/X11R6/lib(|/.*) system_u:object_r:lib_t /usr/X11R6/lib/lib.*\.so.* system_u:object_r:shlib_t # # /usr/X11R6/man # /usr/X11R6/man(|/.*) system_u:object_r:man_t # # /usr/kerberos # /usr/kerberos/bin(|/.*) system_u:object_r:bin_t /usr/kerberos/sbin(|/.*) system_u:object_r:sbin_t /usr/kerberos/lib(|/.*) system_u:object_r:lib_t /usr/kerberos/lib/lib.*\.so.* system_u:object_r:shlib_t # # /usr/local/selinux # /usr/local/selinux/bin(|/.*) system_u:object_r:bin_t /usr/local/selinux/sbin(|/.*) system_u:object_r:bin_t /usr/local/selinux/lib(|/.*) system_u:object_r:lib_t /usr/local/selinux/libexec(|/.*) system_u:object_r:lib_t /usr/local/selinux/bin/spasswd system_u:object_r:passwd_exec_t /usr/local/selinux/bin/schsh system_u:object_r:passwd_exec_t /usr/local/selinux/bin/schfn system_u:object_r:passwd_exec_t /usr/local/selinux/bin/newrole system_u:object_r:newrole_exec_t /usr/local/selinux/bin/run_init system_u:object_r:run_init_exec_t /usr/local/selinux/bin/flmon system_u:object_r:selopt_exec_t /usr/local/selinux/sbin/ct system_u:object_r:selopt_exec_t /usr/local/selinux/sbin/pt system_u:object_r:selopt_exec_t /usr/local/selinux/sbin/scmpd system_u:object_r:scmpd_exec_t # # /var/run # /var/run(|/.*) system_u:object_r:var_run_t /var/run/utmp system_u:object_r:initrc_var_run_t /var/run/runlevel.dir system_u:object_r:initrc_var_run_t /var/run/random-seed system_u:object_r:initrc_var_run_t /var/run/.*\.*pid <<none>> /var/run/courier.* system_u:object_r:courier_var_run_t /var/run/.nscd_socket system_u:object_r:nscd_var_run_t /var/run/slapd.args system_u:object_r:slapd_var_run_t # # /var/spool # /var/spool(|/.*) system_u:object_r:var_spool_t /var/spool/at(|/.*) system_u:object_r:at_spool_t /var/spool/cron system_u:object_r:cron_spool_t /var/spool/cron/crontabs system_u:object_r:cron_spool_t /var/spool/cron/crontabs/.* system_u:object_r:user_cron_spool_t /var/spool/lpd(|/.*) system_u:object_r:lpd_spool_t /var/spool/cups(|/.*) system_u:object_r:cupsd_spool_t /var/spool/mail(|/.*) system_u:object_r:mail_spool_t /var/spool/mqueue(|/.*) system_u:object_r:mqueue_spool_t /var/spool/postfix/pid system_u:object_r:var_run_t /var/spool/postfix/pid/.* system_u:object_r:postfix_var_run_t # # /var/log # /var/log(|/.*) system_u:object_r:var_log_t /var/log/syslog system_u:object_r:var_log_t /var/log/wtmp system_u:object_r:wtmp_t /var/log/sendmail.st system_u:object_r:sendmail_var_log_t /var/log/cron system_u:object_r:cron_log_t /var/log/XFree86.* system_u:object_r:xserver_var_log_t /var/log/httpd(|/.*) system_u:object_r:httpd_log_files_t /var/log/apache(|/.*) system_u:object_r:httpd_log_files_t /var/log/sa(|/.*) system_u:object_r:var_log_sa_t /var/log/ksyms.* system_u:object_r:var_log_ksyms_t /var/log/ksymoops(|/.*) system_u:object_r:var_log_ksyms_t /var/log/rpmpkgs.* system_u:object_r:var_log_rpm_t /var/log/squid(|/.*) system_u:object_r:var_log_squid_t /var/log/lastlog system_u:object_r:lastlog_t /var/log/ntpstats(|/.*) system_u:object_r:var_log_ntp_t /var/log/ntpd system_u:object_r:var_log_ntp_t /var/log/radiusd-freeradius(|/.*) system_u:object_r:var_log_radiusd_t # # Snort definitions # /usr/sbin/snort system_u:object_r:snort_exec_t /etc/snort(|/.*) system_u:object_r:snort_etc_t /var/log/snort(|/.*) system_u:object_r:snort_log_t # # IPSEC Definition # /etc/ipsec.secrets system_u:object_r:ipsec_file_t /usr/local/lib/ipsec(|/.*) system_u:object_r:sbin_t /usr/local/lib/ipsec/eroute system_u:object_r:ipsec_exec_t /usr/local/lib/ipsec/klipsdebug system_u:object_r:ipsec_exec_t /usr/local/lib/ipsec/pluto system_u:object_r:ipsec_exec_t /usr/local/lib/ipsec/spi system_u:object_r:ipsec_exec_t # Files under /usr/share/printconf. /usr/share/printconf/.* system_u:object_r:printconf_t # # X Display Manager definitions # /usr/bin/[xgk]dm system_u:object_r:xdm_exec_t /var/[xgk]dm(|/.*) system_u:object_r:xdm_log_t /usr/var/[xgk]dm(|/.*) system_u:object_r:xdm_log_t # Uncomment if you are running an X Display Manager. /var/log/XFree86.* system_u:object_r:xdm_log_t /var/log/kdm.log system_u:object_r:xdm_log_t /tmp/.X11-unix(|/.*) system_u:object_r:xdm_tmp_t /tmp/.X0-lock system_u:object_r:xdm_tmp_t # # For sound # /bin/aumix-minimal system_u:object_r:sound_exec_t /dev/mixer.* system_u:object_r:sound_device_t /dev/dsp.* system_u:object_r:sound_device_t /dev/audio.* system_u:object_r:sound_device_t /dev/midi.* system_u:object_r:sound_device_t /etc/\.aumixrc system_u:object_r:sound_file_t # # Persistent label mappings. # .*/\.\.\.security(|/.*) system_u:object_r:file_labels_t # # Lost and found directories. # .*/lost\+found(|/.*) system_u:object_r:lost_found_t
