2012-07-11 16:46:38 -07:00
|
|
|
# Label inodes with the fs label.
|
|
|
|
|
genfscon rootfs / u:object_r:rootfs:s0
|
|
|
|
|
# proc labeling can be further refined (longest matching prefix).
|
|
|
|
|
genfscon proc / u:object_r:proc:s0
|
2015-07-13 08:39:17 -07:00
|
|
|
genfscon proc /iomem u:object_r:proc_iomem:s0
|
2014-01-07 11:41:47 -08:00
|
|
|
genfscon proc /net u:object_r:proc_net:s0
|
2012-07-19 11:07:04 -07:00
|
|
|
genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid_proc:s0
|
2014-09-26 10:51:12 -07:00
|
|
|
genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
|
2014-03-05 06:50:08 -08:00
|
|
|
genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
|
2013-12-06 06:31:40 -08:00
|
|
|
genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
|
|
|
|
|
genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
|
|
|
|
|
genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
|
|
|
|
|
genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0
|
|
|
|
|
genfscon proc /sys/kernel/dmesg_restrict u:object_r:proc_security:s0
|
|
|
|
|
genfscon proc /sys/kernel/hotplug u:object_r:usermodehelper:s0
|
|
|
|
|
genfscon proc /sys/kernel/kptr_restrict u:object_r:proc_security:s0
|
|
|
|
|
genfscon proc /sys/kernel/modprobe u:object_r:usermodehelper:s0
|
|
|
|
|
genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security:s0
|
|
|
|
|
genfscon proc /sys/kernel/poweroff_cmd u:object_r:usermodehelper:s0
|
|
|
|
|
genfscon proc /sys/kernel/randomize_va_space u:object_r:proc_security:s0
|
|
|
|
|
genfscon proc /sys/kernel/usermodehelper u:object_r:usermodehelper:s0
|
2014-01-07 10:46:56 -08:00
|
|
|
genfscon proc /sys/net u:object_r:proc_net:s0
|
2013-12-09 10:24:25 -08:00
|
|
|
genfscon proc /sys/vm/mmap_min_addr u:object_r:proc_security:s0
|
2015-05-14 20:55:31 -07:00
|
|
|
genfscon proc /sys/vm/drop_caches u:object_r:proc_drop_caches:s0
|
2015-05-12 17:14:35 -07:00
|
|
|
genfscon proc /uid_cputime/show_uid_stat u:object_r:proc_uid_cputime_showstat:s0
|
|
|
|
|
genfscon proc /uid_cputime/remove_uid_range u:object_r:proc_uid_cputime_removeuid:s0
|
|
|
|
|
|
2012-07-11 16:46:38 -07:00
|
|
|
# selinuxfs booleans can be individually labeled.
|
|
|
|
|
genfscon selinuxfs / u:object_r:selinuxfs:s0
|
|
|
|
|
genfscon cgroup / u:object_r:cgroup:s0
|
|
|
|
|
# sysfs labels can be set by userspace.
|
|
|
|
|
genfscon sysfs / u:object_r:sysfs:s0
|
|
|
|
|
genfscon inotifyfs / u:object_r:inotify:s0
|
2014-07-08 11:45:09 -07:00
|
|
|
genfscon vfat / u:object_r:vfat:s0
|
2012-07-11 16:46:38 -07:00
|
|
|
genfscon debugfs / u:object_r:debugfs:s0
|
2014-07-08 11:45:09 -07:00
|
|
|
genfscon fuse / u:object_r:fuse:s0
|
2014-04-09 21:32:54 -07:00
|
|
|
genfscon pstore / u:object_r:pstorefs:s0
|
2014-04-15 14:53:05 -07:00
|
|
|
genfscon functionfs / u:object_r:functionfs:s0
|
2014-06-07 07:31:31 -07:00
|
|
|
genfscon usbfs / u:object_r:usbfs:s0
|
2015-04-10 17:42:49 -07:00
|
|
|
genfscon binfmt_misc / u:object_r:binfmt_miscfs:s0
|
