| William Roberts | dc10723 | 2012-07-11 16:46:38 -0700 | [diff] [blame] | 1 | # Label inodes with the fs label. |
| 2 | genfscon rootfs / u:object_r:rootfs:s0 |
| 3 | # proc labeling can be further refined (longest matching prefix). |
| 4 | genfscon proc / u:object_r:proc:s0 |
| Daniel Micay | 5423db6 | 2016-07-29 14:48:19 -0400 | [diff] [blame] | 5 | genfscon proc /interrupts u:object_r:proc_interrupts:s0 |
| dcashman | 26cd912 | 2015-07-13 08:39:17 -0700 | [diff] [blame] | 6 | genfscon proc /iomem u:object_r:proc_iomem:s0 |
| dcashman | f25ea5f | 2016-02-23 17:09:48 -0800 | [diff] [blame] | 7 | genfscon proc /meminfo u:object_r:proc_meminfo:s0 |
| Robert Craig | 1bf61c4 | 2014-01-07 14:41:47 -0500 | [diff] [blame] | 8 | genfscon proc /net u:object_r:proc_net:s0 |
| hqjiang | 4c06d27 | 2012-07-19 11:07:04 -0700 | [diff] [blame] | 9 | genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid_proc:s0 |
| Nick Kralevich | 2de0287 | 2014-09-26 10:51:12 -0700 | [diff] [blame] | 10 | genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0 |
| Daniel Micay | 5423db6 | 2016-07-29 14:48:19 -0400 | [diff] [blame] | 11 | genfscon proc /softirqs u:object_r:proc_timer:s0 |
| 12 | genfscon proc /stat u:object_r:proc_stat:s0 |
| Stephen Smalley | 3dad7b6 | 2014-03-05 09:50:08 -0500 | [diff] [blame] | 13 | genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0 |
| Stephen Smalley | 7adb999 | 2013-12-06 09:31:40 -0500 | [diff] [blame] | 14 | genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0 |
| 15 | genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0 |
| 16 | genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0 |
| 17 | genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0 |
| 18 | genfscon proc /sys/kernel/dmesg_restrict u:object_r:proc_security:s0 |
| 19 | genfscon proc /sys/kernel/hotplug u:object_r:usermodehelper:s0 |
| 20 | genfscon proc /sys/kernel/kptr_restrict u:object_r:proc_security:s0 |
| 21 | genfscon proc /sys/kernel/modprobe u:object_r:usermodehelper:s0 |
| 22 | genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security:s0 |
| 23 | genfscon proc /sys/kernel/poweroff_cmd u:object_r:usermodehelper:s0 |
| 24 | genfscon proc /sys/kernel/randomize_va_space u:object_r:proc_security:s0 |
| 25 | genfscon proc /sys/kernel/usermodehelper u:object_r:usermodehelper:s0 |
| Robert Craig | 529fcbe | 2014-01-07 13:46:56 -0500 | [diff] [blame] | 26 | genfscon proc /sys/net u:object_r:proc_net:s0 |
| Stephen Smalley | e6a7b37 | 2013-12-09 13:24:25 -0500 | [diff] [blame] | 27 | genfscon proc /sys/vm/mmap_min_addr u:object_r:proc_security:s0 |
| Jeff Sharkey | c960596 | 2015-05-14 20:55:31 -0700 | [diff] [blame] | 28 | genfscon proc /sys/vm/drop_caches u:object_r:proc_drop_caches:s0 |
| Jeff Vander Stoep | bc1986f | 2016-06-27 15:38:25 -0700 | [diff] [blame] | 29 | genfscon proc /sys/vm/overcommit_memory u:object_r:proc_overcommit_memory:s0 |
| Daniel Micay | 5423db6 | 2016-07-29 14:48:19 -0400 | [diff] [blame] | 30 | genfscon proc /timer_list u:object_r:proc_timer:s0 |
| 31 | genfscon proc /timer_stats u:object_r:proc_timer:s0 |
| Nick Kralevich | e427a2b | 2017-01-04 08:43:09 -0800 | [diff] [blame] | 32 | genfscon proc /tty/drivers u:object_r:proc_tty_drivers:s0 |
| Adam Lesinski | 3526a66 | 2015-05-12 17:14:35 -0700 | [diff] [blame] | 33 | genfscon proc /uid_cputime/show_uid_stat u:object_r:proc_uid_cputime_showstat:s0 |
| 34 | genfscon proc /uid_cputime/remove_uid_range u:object_r:proc_uid_cputime_removeuid:s0 |
| Jeff Sharkey | 828433c | 2017-01-17 18:33:50 -0700 | [diff] [blame] | 35 | genfscon proc /uid_procstat/set u:object_r:proc_uid_procstat_set:s0 |
| Daniel Micay | 7078e8b | 2016-08-08 13:48:01 -0400 | [diff] [blame] | 36 | genfscon proc /zoneinfo u:object_r:proc_zoneinfo:s0 |
| Adam Lesinski | 3526a66 | 2015-05-12 17:14:35 -0700 | [diff] [blame] | 37 | |
| William Roberts | dc10723 | 2012-07-11 16:46:38 -0700 | [diff] [blame] | 38 | # selinuxfs booleans can be individually labeled. |
| 39 | genfscon selinuxfs / u:object_r:selinuxfs:s0 |
| 40 | genfscon cgroup / u:object_r:cgroup:s0 |
| 41 | # sysfs labels can be set by userspace. |
| 42 | genfscon sysfs / u:object_r:sysfs:s0 |
| 43 | genfscon inotifyfs / u:object_r:inotify:s0 |
| Stephen Smalley | 374b2a1 | 2014-07-08 14:45:09 -0400 | [diff] [blame] | 44 | genfscon vfat / u:object_r:vfat:s0 |
| William Roberts | dc10723 | 2012-07-11 16:46:38 -0700 | [diff] [blame] | 45 | genfscon debugfs / u:object_r:debugfs:s0 |
| Christian Poetzsch | 4dafa72 | 2016-05-13 13:36:33 +0100 | [diff] [blame] | 46 | genfscon tracefs / u:object_r:debugfs_tracing:s0 |
| Stephen Smalley | 374b2a1 | 2014-07-08 14:45:09 -0400 | [diff] [blame] | 47 | genfscon fuse / u:object_r:fuse:s0 |
| Daniel Rosenberg | c15090b | 2016-03-01 16:13:50 -0800 | [diff] [blame] | 48 | genfscon configfs / u:object_r:configfs:s0 |
| 49 | genfscon sdcardfs / u:object_r:sdcardfs:s0 |
| jaejyn.shin | 318e0c9 | 2014-04-10 13:32:54 +0900 | [diff] [blame] | 50 | genfscon pstore / u:object_r:pstorefs:s0 |
| Nick Kralevich | 77cc055 | 2014-04-15 14:53:05 -0700 | [diff] [blame] | 51 | genfscon functionfs / u:object_r:functionfs:s0 |
| Nick Kralevich | 5a5fb85 | 2014-06-07 07:31:31 -0700 | [diff] [blame] | 52 | genfscon usbfs / u:object_r:usbfs:s0 |
| Nick Kralevich | fdc56c5 | 2015-04-10 17:42:49 -0700 | [diff] [blame] | 53 | genfscon binfmt_misc / u:object_r:binfmt_miscfs:s0 |