[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dpkg triggers

On Fri, 29 Mar 2002 12:43, Wichert Akkerman wrote:
> Previously Russell Coker wrote:
> > I need to have a script run after every package is installed.
>
> What for?

So assign SIDs to new files for NSA SE Linux.

I've attached my latest file_contexts file which has a list of regular 
expressions used to determine which files have each SID.  The program 
setfiles is used to apply them.

After each package is installed (but before the postinst is run) I want to 
run:
dpkg -L package | setfiles /etc/selinux/file_contexts -

Then after the postinst I want to run:
find /etc | setfiles /etc/selinux/file_contexts -

To deal with packages that create files in /etc as part of their postinst.

-- 
If you send email to me or to a mailing list that I use which has >4 lines
of legalistic junk at the end then you are specifically authorizing me to do
whatever I wish with the message and all other messages from your domain, by
posting the message you agree that your long legalistic sig is void.

#
# This file describes the security contexts to be applied to files
# when the security policy is installed.  The setfiles program
# reads this file and labels files accordingly.
#
# Each specification has the form:
#       regexp [ -type ] ( context | <<none>> )
#
# By default, the regexp is an anchored match on both ends (i.e. a 
# caret (^) is prepended and a dollar sign ($) is appended automatically).
# This default may be overridden by using .* at the beginning and/or
# end of the regular expression.  
#
# The optional type field specifies the file type as shown in the mode
# field by ls, e.g. use -d to match only directories or -- to match only
# regular files.
# 
# The value of <<none> may be used to indicate that matching files
# should not be relabeled.
#
# The last matching specification is used.
#
# If there are multiple hard links to a file that match 
# different specifications and those specifications indicate
# different security contexts, then a warning is displayed
# but the file is still labeled based on the last matching
# specification other than <<none>>.
#
# Some of the files listed here get re-created during boot and therefore
# need type transition rules to retain the correct type. These files are
# listed here anyway so that if the setfiles program is used on a running
# system it doesn't relabel them to something we don't want. An example of
# this is /var/run/utmp.
#

#
# The security context for all files not otherwise specified.
#
/.*				system_u:object_r:file_t

#
# The root directory.
#
/				system_u:object_r:root_t

#
# The policy configuration.
#
/ss_policy			system_u:object_r:policy_config_t

#
# /var
#
/var(|/.*)			system_u:object_r:var_t
/var/catman(|/.*)		system_u:object_r:catman_t
/var/cache/man(|/.*)		system_u:object_r:catman_t
/var/yp(|/.*)			system_u:object_r:var_yp_t
/var/lib(|/.*)			system_u:object_r:var_lib_t
/var/lib/nfs(|/.*)		system_u:object_r:var_lib_nfs_t
/var/lib/rpm(|/.*)		system_u:object_r:var_lib_rpm_t
/var/lib/ntp(|/.*)		system_u:object_r:var_lib_ntp_t
/var/lib/dhcp			system_u:object_r:dhcp_state_t
/var/lib/dhcp/dhclient.*	system_u:object_r:dhcpc_state_t
/var/lib/dhcp/dhcpd.leases.*	system_u:object_r:dhcpd_state_t
/var/lib/ldap(|/.*)		system_u:object_r:slapd_db_t
/var/lib/ldap/replog(|/.*)	system_u:object_r:slapd_replog_t
/var/lock(|/.*)			system_u:object_r:var_lock_t
/var/tmp(|/.*)			system_u:object_r:tmp_t
/var/www/html(|/.*)		system_u:object_r:httpd_sys_content_t
/var/www/cgi-bin(|/.*)		system_u:object_r:httpd_sys_script_t
/var/www/perl(|/.*)		system_u:object_r:httpd_sys_script_t
/var/www/icons(|/.*)		system_u:object_r:httpd_sys_content_t
/var/cache/httpd(|/.*)		system_u:object_r:httpd_cache_t
/var/named(|/.*)      		system_u:object_r:named_conf_t
/var/cache/squid(|/.*)		system_u:object_r:squid_cache_t

#
# /var/ftp
#
/var/ftp/bin			system_u:object_r:bin_t
/var/ftp/lib			system_u:object_r:lib_t
/var/ftp/lib/ld.*\.so.*		system_u:object_r:ld_so_t
/var/ftp/lib/lib.*\.so.*	system_u:object_r:shlib_t
/var/ftp/etc			system_u:object_r:etc_t

# 
# The superuser home directory.
#
/root(|/.*)			system_u:object_r:sysadm_home_t
/root/\.netscape(|/.*)		system_u:object_r:sysadm_netscape_rw_t
/root/\.mozilla(|/.*)		system_u:object_r:sysadm_netscape_rw_t
/root/.*/\.gnupg(|/.*)		system_u:object_r:sysadm_gpg_secret_t

# 
# Other user home directories.
#
/home(|/.*)			system_u:object_r:user_home_t
/home/.*/\.netscape(|/.*)	system_u:object_r:user_netscape_rw_t
/home/.*/\.mozilla(|/.*)	system_u:object_r:user_netscape_rw_t
/home/.*/\.gnupg(|/.*)		system_u:object_r:user_gpg_secret_t

#
# /bin
#
/bin(|/.*)			system_u:object_r:bin_t
/bin/login			system_u:object_r:login_exec_t
/bin/tcsh			system_u:object_r:shell_exec_t
/bin/bash			system_u:object_r:shell_exec_t
/bin/ash			system_u:object_r:shell_exec_t
/bin/su				system_u:object_r:su_exec_t
/bin/ls$			system_u:object_r:ls_exec_t
/bin/mount 	                system_u:object_r:mount_exec_t
/bin/umount                     system_u:object_r:mount_exec_t
/bin/ping 			system_u:object_r:ping_exec_t
/bin/rpm 			system_u:object_r:rpm_exec_t
/bin/dmesg 			system_u:object_r:dmesg_exec_t

#
# /boot
#
/boot(|/.*)			system_u:object_r:boot_t
/boot/kernel.h(|.*)		system_u:object_r:boot_runtime_t

#
# /dev
#
/dev(|/.*)			system_u:object_r:device_t
/dev/MAKEDEV			system_u:object_r:sbin_t
/dev/null			system_u:object_r:null_device_t
/dev/zero			system_u:object_r:zero_device_t
/dev/console			system_u:object_r:console_device_t
/dev/(kmem|mem|port)		system_u:object_r:memory_device_t
/dev/random			system_u:object_r:random_device_t
/dev/urandom			system_u:object_r:random_device_t
/dev/[^/]*tty[^/]*		system_u:object_r:tty_device_t
/dev/vcs[^/]*			system_u:object_r:tty_device_t
/dev/tty			system_u:object_r:devtty_t
/dev/sd[^/]*			system_u:object_r:fixed_disk_device_t
/dev/hd[^/]*			system_u:object_r:fixed_disk_device_t
/dev/scd[^/]*			system_u:object_r:removable_device_t
/dev/fd[^/]*			system_u:object_r:removable_device_t
/dev/rtc			system_u:object_r:clock_device_t
/dev/initctl			system_u:object_r:initctl_t
/dev/log			system_u:object_r:devlog_t
/dev/printer			system_u:object_r:printer_t
/dev/psaux			system_u:object_r:mouse_device_t
/dev/.*mouse.*	-c		system_u:object_r:mouse_device_t
/dev/input/.*mouse.*		system_u:object_r:mouse_device_t
/dev/gpmctl			system_u:object_r:gpmctl_t
/dev/ptmx			system_u:object_r:ptmx_t
/dev/sequencer			system_u:object_r:misc_device_t
/dev/agpgart			system_u:object_r:agp_device_t
/dev/dri(|/.*)			system_u:object_r:dri_device_t
/dev/apm_bios			system_u:object_r:apm_bios_t
/dev/ppp			system_u:object_r:ppp_device_t

#
# /etc
#
/etc(|/.*)			system_u:object_r:etc_t
/etc/rc.d/rc			system_u:object_r:initrc_exec_t
/etc/rc.d/rc.sysinit		system_u:object_r:initrc_exec_t
/etc/rc.d/rc.local		system_u:object_r:initrc_exec_t
/etc/init.d/rc			system_u:object_r:initrc_exec_t
/etc/init.d/rcS			system_u:object_r:initrc_exec_t
/etc/aliases			system_u:object_r:etc_aliases_t
/etc/aliases.db			system_u:object_r:etc_aliases_t
/etc/mail(|/.*)			system_u:object_r:etc_mail_t
/etc/modules.conf		system_u:object_r:modules_conf_t
/etc/fstab.REVOKE		system_u:object_r:etc_runtime_t
/etc/HOSTNAME			system_u:object_r:etc_runtime_t
/etc/ioctl.save			system_u:object_r:etc_runtime_t
/etc/mtab			system_u:object_r:etc_runtime_t
/etc/issue			system_u:object_r:etc_runtime_t
/etc/issue.net			system_u:object_r:etc_runtime_t
/etc/sysconfig/hwconf		system_u:object_r:etc_runtime_t
/etc/crontab			system_u:object_r:system_crond_script_t
/etc/cron.d(|/.*)		system_u:object_r:system_crond_script_t
/etc/security/cron_context.*	system_u:object_r:cron_context_t
/etc/ssh/primes                 system_u:object_r:sshd_key_t
/etc/ssh/ssh_host_key 		system_u:object_r:sshd_key_t
/etc/ssh/ssh_host_dsa_key       system_u:object_r:sshd_key_t
/etc/ssh/ssh_host_rsa_key       system_u:object_r:sshd_key_t
/etc/ld.so.cache		system_u:object_r:ld_so_cache_t
/etc/ld.so.preload		system_u:object_r:ld_so_cache_t
/etc/httpd			system_u:object_r:httpd_config_t
/etc/httpd/conf(|/.*)		system_u:object_r:httpd_config_t
/etc/httpd/logs			system_u:object_r:httpd_log_files_t
/etc/httpd/modules		system_u:object_r:httpd_modules_t
/etc/resolv.conf.*		system_u:object_r:resolv_conf_t
/etc/adjtime                    system_u:object_r:adjtime_t
/etc/named.conf       		system_u:object_r:named_conf_t
/etc/mrtg(|/.*)			system_u:object_r:etc_mrtg_t
/etc/dhcpc.*(|/.*)		system_u:object_r:etc_dhcpc_t
/etc/dhclient.conf		system_u:object_r:etc_dhcpc_t
/etc/dhclient-script		system_u:object_r:etc_dhcpc_t
/etc/dhcpd.conf			system_u:object_r:etc_dhcpd_t
/etc/courier(|/.*)		system_u:object_r:etc_courier_t
/etc/ntp.conf			system_u:object_r:etc_ntp_t
/etc/postfix(|/.*)		system_u:object_r:etc_postfix_t
/etc/postfix/postfix-script.*	system_u:object_r:postfix_exec_t
/etc/radvd.conf			system_u:object_r:etc_radvd_t
/etc/cups(|/.*)			system_u:object_r:etc_cupsd_t
/etc/printcap.cups		system_u:object_r:etc_cupsd_t
/etc/raddb(|/.*)		system_u:object_r:etc_radiusd_t

#
# /lib
#
/lib(|/.*)			system_u:object_r:lib_t
/lib/ld.*\.so.*			system_u:object_r:ld_so_t
/lib/lib.*\.so.*		system_u:object_r:shlib_t
/lib/[^/]*/lib.*\.so.*		system_u:object_r:shlib_t
/lib/security/.*\.so.*		system_u:object_r:shlib_t
/lib/modules(|/.*)		system_u:object_r:modules_object_t
/lib/modules/[^/]*/modules\..* system_u:object_r:modules_dep_t

#
# /sbin
#
/sbin(|/.*)			system_u:object_r:sbin_t
/sbin/ifconfig			system_u:object_r:ifconfig_exec_t
/sbin/depmod			system_u:object_r:depmod_exec_t
/sbin/modprobe			system_u:object_r:insmod_exec_t
/sbin/insmod			system_u:object_r:insmod_exec_t
/sbin/insmod.static		system_u:object_r:insmod_exec_t
/sbin/rmmod			system_u:object_r:insmod_exec_t
/sbin/init		  	system_u:object_r:init_exec_t
/sbin/sulogin			system_u:object_r:sulogin_exec_t
/sbin/.*getty			system_u:object_r:getty_exec_t
/sbin/syslogd			system_u:object_r:syslogd_exec_t
/sbin/minilogd			system_u:object_r:syslogd_exec_t
/sbin/klogd			system_u:object_r:klogd_exec_t
/sbin/ypbind			system_u:object_r:ypbind_exec_t
/sbin/portmap			system_u:object_r:portmap_exec_t
/sbin/rpc\..*			system_u:object_r:rpcd_exec_t
/sbin/cardmgr			system_u:object_r:cardmgr_exec_t
/sbin/fsck			system_u:object_r:fsadm_exec_t
/sbin/fsck\.ext2		system_u:object_r:fsadm_exec_t
/sbin/fsck\.ext3		system_u:object_r:fsadm_exec_t
/sbin/e2fsck			system_u:object_r:fsadm_exec_t
/sbin/e2label			system_u:object_r:fsadm_exec_t
/sbin/mkfs			system_u:object_r:fsadm_exec_t
/sbin/mke2fs			system_u:object_r:fsadm_exec_t
/sbin/mkfs.ext2			system_u:object_r:fsadm_exec_t
/sbin/mkswap			system_u:object_r:fsadm_exec_t
/sbin/scsi_info			system_u:object_r:fsadm_exec_t
/sbin/sfdisk			system_u:object_r:fsadm_exec_t
/sbin/cfdisk			system_u:object_r:fsadm_exec_t
/sbin/fdisk			system_u:object_r:fsadm_exec_t
/sbin/tune2fs			system_u:object_r:fsadm_exec_t
/sbin/dumpe2fs			system_u:object_r:fsadm_exec_t
/sbin/swapon			system_u:object_r:fsadm_exec_t
/sbin/hdparm                    system_u:object_r:fsadm_exec_t
/sbin/.*_chkpwd			system_u:object_r:chkpwd_exec_t
/sbin/pump			system_u:object_r:pump_exec_t
/sbin/hwclock                   system_u:object_r:hwclock_exec_t
/sbin/ip			system_u:object_r:netutils_exec_t
/sbin/arping			system_u:object_r:netutils_exec_t
/sbin/dhcpcd			system_u:object_r:dhcpc_exec_t
/sbin/dhclient.*		system_u:object_r:dhcpc_exec_t
/sbin/ipchains			system_u:object_r:ipchains_exec_t
/sbin/ipchains-restore		system_u:object_r:ipchains_exec_t
/sbin/ipchains-save		system_u:object_r:ipchains_exec_t
/sbin/iptables			system_u:object_r:ipchains_exec_t
/sbin/devfsd			system_u:object_r:devfsd_exec_t
/sbin/run_init			system_u:object_r:run_init_exec_t
/sbin/ldconfig			system_u:object_r:ldconfig_exec_t

#
# /tmp
#
/tmp(|/.*)			system_u:object_r:tmp_t
/tmp/orbit.*			system_u:object_r:user_tmp_t
/tmp/.ICE-unix(|/.*)		system_u:object_r:user_tmp_t
/tmp/.X11-unix(|/.*)		system_u:object_r:user_xserver_tmp_t
/tmp/.X0-lock			system_u:object_r:user_xserver_tmp_t
/tmp/.font-unix(|/.*)		system_u:object_r:xfs_tmp_t

#
# /usr
#
/usr(|/.*)			system_u:object_r:usr_t
/usr/etc(|/.*)			system_u:object_r:etc_t
/usr/libexec(|/.*)		system_u:object_r:lib_t
/usr/src(|/.*)			system_u:object_r:src_t
/usr/tmp(|/.*)			system_u:object_r:tmp_t
/usr/man(|/.*)			system_u:object_r:man_t

#
# /usr/bin
#
/usr/bin(|/.*)			system_u:object_r:bin_t
/usr/bin/lpr			system_u:object_r:lpr_exec_t
/usr/bin/lpq			system_u:object_r:lpr_exec_t
/usr/bin/lprm			system_u:object_r:lpr_exec_t
/usr/bin/makemap		system_u:object_r:sbin_t
/usr/bin/netscape		system_u:object_r:netscape_exec_t
/usr/bin/mozilla.*		system_u:object_r:netscape_exec_t
/usr/bin/crontab		system_u:object_r:crontab_exec_t
/usr/bin/ssh			system_u:object_r:ssh_exec_t
/usr/bin/mesg			system_u:object_r:mesg_exec_t
/usr/bin/spasswd		system_u:object_r:passwd_exec_t
/usr/bin/schsh			system_u:object_r:passwd_exec_t
/usr/bin/schfn			system_u:object_r:passwd_exec_t
/usr/bin/newrole		system_u:object_r:newrole_exec_t
/usr/bin/kcheckpass		system_u:object_r:kcheckpass_exec_t
/usr/bin/gpg			system_u:object_r:gpg_exec_t

#
# /usr/lib
#
/usr/lib(|/.*)			system_u:object_r:lib_t
/usr/lib/lib.*\.so.*		system_u:object_r:shlib_t
/usr/lib/[^/]*/lib.*\.so.*	system_u:object_r:shlib_t
/usr/lib/autofs/.*\.so		system_u:object_r:shlib_t
/usr/lib/perl5/man(|/.*)	system_u:object_r:man_t
/usr/lib/perl.*\.so		system_u:object_r:shlib_t
/usr/lib/locale/.*/LC_.* 	system_u:object_r:writeable_t
/usr/share/locale/.*/LC_.* 	system_u:object_r:writeable_t
/usr/lib/apache(|/.*)		system_u:object_r:httpd_modules_t
/usr/lib/courier(|/.*)		system_u:object_r:etc_courier_t
/usr/lib/courier/pop3d		system_u:object_r:courier_pop_exec_t
/usr/lib/courier/imapd		system_u:object_r:courier_pop_exec_t
/usr/lib/courier/authlib/.*	system_u:object_r:courier_authdaemon_exec_t
/usr/lib/courier/courier/.*	system_u:object_r:courier_exec_t
/usr/lib/courier/courier/courierpop.*	system_u:object_r:courier_pop_exec_t
/usr/lib/courier/courier/courierpop3.*	system_u:object_r:courier_pop_exec_t
/usr/lib/courier/courier/imaplogin	system_u:object_r:courier_pop_exec_t
/usr/lib/courier/courier/pcpd		system_u:object_r:courier_pcp_exec_t
/usr/lib/postfix(|/.*)		system_u:object_r:postfix_exec_t
/usr/lib/postfix/master		system_u:object_r:postfix_master_exec_t
/usr/lib/netscape/base-4/wrapper	system_u:object_r:netscape_exec_t
/usr/lib/cups/backend		system_u:object_r:cupsd_exec_t

#
# /usr/.*glibc.*-linux/lib
#
/usr/.*glibc.*-linux/lib(|/.*)	system_u:object_r:lib_t
/usr/.*glibc.*-linux/lib/ld.*\.so.* system_u:object_r:ld_so_t
/usr/.*glibc.*-linux/lib/lib.*\.so.* system_u:object_r:shlib_t

# /usr/.*redhat-linux/lib
#
/usr/.*redhat-linux/lib(|/.*)	system_u:object_r:lib_t
/usr/.*redhat-linux/lib/ld.*\.so.* system_u:object_r:ld_so_t
/usr/.*redhat-linux/lib/lib.*\.so.* system_u:object_r:shlib_t

#
# /usr/.*linux-libc.*/lib
#
/usr/.*linux-libc.*/lib(|/.*) system_u:object_r:lib_t
/usr/.*linux-libc.*/lib/ld.*\.so.* system_u:object_r:ld_so_t
/usr/.*linux-libc.*/lib/lib.*\.so.* system_u:object_r:shlib_t

#
# /usr/local
#
/usr/local/etc(|/.*)		system_u:object_r:etc_t
/usr/local/src(|/.*)		system_u:object_r:src_t
/usr/local/sbin(|/.*)		system_u:object_r:sbin_t
/usr/local/man(|/.*)		system_u:object_r:man_t

#
# /usr/local/bin
#
/usr/local/bin(|/.*)		system_u:object_r:bin_t

#
# /usr/local/lib
#
/usr/local/lib(|/.*)		system_u:object_r:lib_t

#
# /usr/sbin
#
/usr/sbin(|/.*)			system_u:object_r:sbin_t
/usr/sbin/syslogd		system_u:object_r:syslogd_exec_t
/usr/sbin/klogd			system_u:object_r:klogd_exec_t
/usr/sbin/apmd			system_u:object_r:apmd_exec_t
/usr/sbin/cron(|d)		system_u:object_r:crond_exec_t
/usr/sbin/atd			system_u:object_r:atd_exec_t
/usr/sbin/lpd			system_u:object_r:lpd_exec_t
/usr/sbin/cupsd			system_u:object_r:cupsd_exec_t
/usr/sbin/sshd	        	system_u:object_r:sshd_exec_t
/usr/sbin/inetd			system_u:object_r:inetd_exec_t
/usr/sbin/xinetd		system_u:object_r:inetd_exec_t
/usr/sbin/rlinetd		system_u:object_r:inetd_exec_t
/usr/sbin/tcpd			system_u:object_r:tcpd_exec_t
/usr/sbin/identd		system_u:object_r:inetd_child_exec_t
/usr/sbin/in\..*d		system_u:object_r:inetd_child_exec_t
/usr/sbin/in.rlogind		system_u:object_r:rlogind_exec_t
/usr/sbin/in.telnetd		system_u:object_r:rlogind_exec_t
/usr/sbin/in.rshd		system_u:object_r:rshd_exec_t
/usr/sbin/in.ftpd		system_u:object_r:ftpd_exec_t
/usr/sbin/sendmail		system_u:object_r:sendmail_exec_t
/usr/sbin/rpc\..*		system_u:object_r:rpcd_exec_t
/usr/sbin/gpm			system_u:object_r:gpm_exec_t
/usr/sbin/makemap		system_u:object_r:sbin_t
/usr/sbin/utempter		system_u:object_r:utempter_exec_t
/usr/sbin/gnome-pty-helper	system_u:object_r:gph_exec_t
/usr/sbin/logrotate		system_u:object_r:logrotate_exec_t
/usr/sbin/updfstab              system_u:object_r:fsadm_exec_t
/usr/sbin/httpd			system_u:object_r:httpd_exec_t
/usr/sbin/apache		system_u:object_r:httpd_exec_t
/usr/sbin/automount		system_u:object_r:automount_exec_t
/usr/sbin/anacron		system_u:object_r:anacron_exec_t
/usr/sbin/fcron			system_u:object_r:anacron_exec_t
/usr/sbin/suexec		system_u:object_r:httpd_suexec_exec_t
/usr/sbin/named       		system_u:object_r:named_exec_t
/usr/sbin/checkpc		system_u:object_r:checkpc_exec_t
/usr/sbin/ipchains		system_u:object_r:ipchains_exec_t
/usr/sbin/pppd			system_u:object_r:pppd_exec_t
/usr/sbin/nscd			system_u:object_r:nscd_exec_t
/usr/sbin/squid			system_u:object_r:squid_exec_t
/usr/sbin/radvd			system_u:object_r:radvd_exec_t
/usr/sbin/ntpd			system_u:object_r:ntpd_exec_t
/usr/sbin/dhcpd(|-.*)		system_u:object_r:dhcpd_exec_t
/usr/sbin/slapd			system_u:object_r:slapd_exec_t
/usr/sbin/couriertcpd		system_u:object_r:courier_tcpd_exec_t
/usr/sbin/courierlogger		system_u:object_r:courier_exec_t
/usr/sbin/postalias		system_u:object_r:postfix_master_exec_t
/usr/sbin/postcat		system_u:object_r:postfix_master_exec_t
/usr/sbin/postconf		system_u:object_r:postfix_master_exec_t
/usr/sbin/postdrop		system_u:object_r:postfix_master_exec_t
/usr/sbin/postfix		system_u:object_r:postfix_master_exec_t
/usr/sbin/postkick		system_u:object_r:postfix_master_exec_t
/usr/sbin/postlock		system_u:object_r:postfix_master_exec_t
/usr/sbin/postlog		system_u:object_r:postfix_master_exec_t
/usr/sbin/postmap		system_u:object_r:postfix_master_exec_t
/usr/sbin/postqueue		system_u:object_r:postfix_master_exec_t
/usr/sbin/postsuper		system_u:object_r:postfix_master_exec_t
/usr/sbin/rmail			system_u:object_r:postfix_master_exec_t
/usr/sbin/speedmgmt		system_u:object_r:speedmgmt_exec_t
/usr/sbin/portslave		system_u:object_r:getty_exec_t
/usr/sbin/radiusd		system_u:object_r:radiusd_exec_t

#
# /usr/X11R6/bin
#
/usr/X11R6/bin(|/.*)		system_u:object_r:bin_t
/usr/X11R6/bin/xfs		system_u:object_r:xfs_exec_t
/usr/X11R6/bin/Xwrapper		system_u:object_r:xserver_exec_t

#
# /usr/X11R6/lib
#
/usr/X11R6/lib(|/.*)		system_u:object_r:lib_t
/usr/X11R6/lib/lib.*\.so.*	system_u:object_r:shlib_t

#
# /usr/X11R6/man
#
/usr/X11R6/man(|/.*)		system_u:object_r:man_t

#
# /usr/kerberos
#
/usr/kerberos/bin(|/.*)		system_u:object_r:bin_t
/usr/kerberos/sbin(|/.*)	system_u:object_r:sbin_t
/usr/kerberos/lib(|/.*)		system_u:object_r:lib_t
/usr/kerberos/lib/lib.*\.so.*	system_u:object_r:shlib_t

#
# /usr/local/selinux
#
/usr/local/selinux/bin(|/.*)		system_u:object_r:bin_t
/usr/local/selinux/sbin(|/.*)		system_u:object_r:bin_t
/usr/local/selinux/lib(|/.*)		system_u:object_r:lib_t
/usr/local/selinux/libexec(|/.*)	system_u:object_r:lib_t
/usr/local/selinux/bin/spasswd		system_u:object_r:passwd_exec_t
/usr/local/selinux/bin/schsh		system_u:object_r:passwd_exec_t
/usr/local/selinux/bin/schfn		system_u:object_r:passwd_exec_t
/usr/local/selinux/bin/newrole		system_u:object_r:newrole_exec_t
/usr/local/selinux/bin/run_init		system_u:object_r:run_init_exec_t
/usr/local/selinux/bin/flmon            system_u:object_r:selopt_exec_t
/usr/local/selinux/sbin/ct              system_u:object_r:selopt_exec_t
/usr/local/selinux/sbin/pt              system_u:object_r:selopt_exec_t
/usr/local/selinux/sbin/scmpd           system_u:object_r:scmpd_exec_t

#
# /var/run
#
/var/run(|/.*)			system_u:object_r:var_run_t
/var/run/utmp			system_u:object_r:initrc_var_run_t
/var/run/runlevel.dir		system_u:object_r:initrc_var_run_t
/var/run/random-seed		system_u:object_r:initrc_var_run_t
/var/run/.*\.*pid		<<none>>
/var/run/courier.*		system_u:object_r:courier_var_run_t
/var/run/.nscd_socket		system_u:object_r:nscd_var_run_t
/var/run/slapd.args		system_u:object_r:slapd_var_run_t

#
# /var/spool
#
/var/spool(|/.*)		system_u:object_r:var_spool_t
/var/spool/at(|/.*)		system_u:object_r:at_spool_t
/var/spool/cron			system_u:object_r:cron_spool_t
/var/spool/cron/crontabs	system_u:object_r:cron_spool_t
/var/spool/cron/crontabs/.*	system_u:object_r:user_cron_spool_t
/var/spool/lpd(|/.*)		system_u:object_r:lpd_spool_t
/var/spool/cups(|/.*)		system_u:object_r:cupsd_spool_t
/var/spool/mail(|/.*)		system_u:object_r:mail_spool_t
/var/spool/mqueue(|/.*)		system_u:object_r:mqueue_spool_t
/var/spool/postfix/pid		system_u:object_r:var_run_t
/var/spool/postfix/pid/.*	system_u:object_r:postfix_var_run_t

# 
# /var/log
#
/var/log(|/.*)			system_u:object_r:var_log_t
/var/log/syslog			system_u:object_r:var_log_t
/var/log/wtmp			system_u:object_r:wtmp_t
/var/log/sendmail.st		system_u:object_r:sendmail_var_log_t
/var/log/cron			system_u:object_r:cron_log_t
/var/log/XFree86.*		system_u:object_r:xserver_var_log_t
/var/log/httpd(|/.*)		system_u:object_r:httpd_log_files_t
/var/log/apache(|/.*)		system_u:object_r:httpd_log_files_t
/var/log/sa(|/.*)		system_u:object_r:var_log_sa_t
/var/log/ksyms.*		system_u:object_r:var_log_ksyms_t
/var/log/ksymoops(|/.*)		system_u:object_r:var_log_ksyms_t
/var/log/rpmpkgs.*		system_u:object_r:var_log_rpm_t
/var/log/squid(|/.*)		system_u:object_r:var_log_squid_t
/var/log/lastlog		system_u:object_r:lastlog_t
/var/log/ntpstats(|/.*)		system_u:object_r:var_log_ntp_t
/var/log/ntpd			system_u:object_r:var_log_ntp_t
/var/log/radiusd-freeradius(|/.*)	system_u:object_r:var_log_radiusd_t

#
# Snort definitions
#
/usr/sbin/snort		system_u:object_r:snort_exec_t
/etc/snort(|/.*)	system_u:object_r:snort_etc_t
/var/log/snort(|/.*)	system_u:object_r:snort_log_t

#
# IPSEC Definition
#
/etc/ipsec.secrets              system_u:object_r:ipsec_file_t
/usr/local/lib/ipsec(|/.*)      system_u:object_r:sbin_t
/usr/local/lib/ipsec/eroute     system_u:object_r:ipsec_exec_t
/usr/local/lib/ipsec/klipsdebug system_u:object_r:ipsec_exec_t
/usr/local/lib/ipsec/pluto      system_u:object_r:ipsec_exec_t
/usr/local/lib/ipsec/spi        system_u:object_r:ipsec_exec_t

# Files under /usr/share/printconf.
/usr/share/printconf/.*		system_u:object_r:printconf_t

#
# X Display Manager definitions
#
/usr/bin/[xgk]dm                system_u:object_r:xdm_exec_t
/var/[xgk]dm(|/.*)              system_u:object_r:xdm_log_t
/usr/var/[xgk]dm(|/.*)          system_u:object_r:xdm_log_t
# Uncomment if you are running an X Display Manager.
/var/log/XFree86.*		system_u:object_r:xdm_log_t
/var/log/kdm.log		system_u:object_r:xdm_log_t
/tmp/.X11-unix(|/.*)            system_u:object_r:xdm_tmp_t
/tmp/.X0-lock                   system_u:object_r:xdm_tmp_t

#
# For sound
#
/bin/aumix-minimal              system_u:object_r:sound_exec_t
/dev/mixer.*                    system_u:object_r:sound_device_t
/dev/dsp.*                      system_u:object_r:sound_device_t
/dev/audio.*                    system_u:object_r:sound_device_t
/dev/midi.*                     system_u:object_r:sound_device_t
/etc/\.aumixrc                  system_u:object_r:sound_file_t

#
# Persistent label mappings.
#
.*/\.\.\.security(|/.*)		system_u:object_r:file_labels_t

#
# Lost and found directories.
#
.*/lost\+found(|/.*)		system_u:object_r:lost_found_t
Reply to: