#
# This file describes the security contexts to be applied to files
# when the security policy is installed.  The setfiles program
# reads this file and labels files accordingly.
#
# Each specification has the form:
#       regexp [ -type ] ( context | <<none>> )
#
# By default, the regexp is an anchored match on both ends (i.e. a 
# caret (^) is prepended and a dollar sign ($) is appended automatically).
# This default may be overridden by using .* at the beginning and/or
# end of the regular expression.  
#
# The optional type field specifies the file type as shown in the mode
# field by ls, e.g. use -d to match only directories or -- to match only
# regular files.
# 
# The value of <<none> may be used to indicate that matching files
# should not be relabeled.
#
# The last matching specification is used.
#
# If there are multiple hard links to a file that match 
# different specifications and those specifications indicate
# different security contexts, then a warning is displayed
# but the file is still labeled based on the last matching
# specification other than <<none>>.
#
# Some of the files listed here get re-created during boot and therefore
# need type transition rules to retain the correct type. These files are
# listed here anyway so that if the setfiles program is used on a running
# system it doesn't relabel them to something we don't want. An example of
# this is /var/run/utmp.
#

#
# The security context for all files not otherwise specified.
#
/.*				system_u:object_r:file_t

#
# The root directory.
#
/				system_u:object_r:root_t

#
# The policy configuration and its sources.
#
/ss_policy			system_u:object_r:policy_config_t
/usr/src/slinux/policy(|/.*)	system_u:object_r:policy_src_t

# 
# The superuser home directory.
#
/root(|/.*)			system_u:object_r:sysadm_home_t
/root/\.netscape(|/.*)		system_u:object_r:sysadm_netscape_rw_t
/root/\.mime\.types		system_u:object_r:sysadm_netscape_rw_t
/root/\.mailcap			system_u:object_r:sysadm_netscape_rw_t


# 
# Other user home directories.
#
/home(|/.*)			system_u:object_r:user_home_t
/home/.*/\.netscape(|/.*)	system_u:object_r:user_netscape_rw_t
/home/.*/\.mime\.types		system_u:object_r:user_netscape_rw_t
/home/.*/\.mailcap		system_u:object_r:user_netscape_rw_t

#
# /bin
#
/bin(|/.*)			system_u:object_r:bin_t
/bin/login			system_u:object_r:login_exec_t
/bin/tcsh			system_u:object_r:shell_exec_t
/bin/bash			system_u:object_r:shell_exec_t
/bin/ash			system_u:object_r:shell_exec_t
/bin/su				system_u:object_r:su_exec_t
/bin/ls				system_u:object_r:ls_exec_t
/bin/mount                    system_u:object_r:mount_exec_t

#
# /boot
#
/boot(|/.*)			system_u:object_r:boot_t
/boot/kernel.h			system_u:object_r:boot_runtime_t

#
# /dev
#
/dev(|/.*)			system_u:object_r:device_t
/dev/null			system_u:object_r:null_device_t
/dev/zero			system_u:object_r:zero_device_t
/dev/console			system_u:object_r:console_device_t
/dev/(kmem|mem|port)		system_u:object_r:memory_device_t
/dev/random			system_u:object_r:random_device_t
/dev/urandom			system_u:object_r:random_device_t
/dev/[^/]*tty[^/]*		system_u:object_r:tty_device_t
/dev/vcs[^/]*			system_u:object_r:tty_device_t
/dev/tty			system_u:object_r:devtty_t
/dev/sd[^/]*			system_u:object_r:fixed_disk_device_t
/dev/hd[^/]*			system_u:object_r:fixed_disk_device_t
/dev/scd[^/]*			system_u:object_r:removable_device_t
/dev/fd[^/]*			system_u:object_r:removable_device_t
/dev/rtc			system_u:object_r:clock_device_t
/dev/initctl			system_u:object_r:initctl_t
/dev/log			system_u:object_r:devlog_t
/dev/printer			system_u:object_r:printer_t
/dev/psaux			system_u:object_r:psaux_t
/dev/gpmctl			system_u:object_r:gpmctl_t
/dev/ptmx			system_u:object_r:ptmx_t
/dev/sequencer			system_u:object_r:misc_device_t
/dev/dsp.*			system_u:object_r:misc_device_t
/dev/audio			system_u:object_r:misc_device_t
/dev/cdrom			system_u:object_r:misc_device_t
/dev/fb				system_u:object_r:misc_device_t
/dev/apm_bios			system_u:object_r:apm_bios_t

#
# /etc
#
/etc(|/.*)			system_u:object_r:etc_t
/etc/rc.d/rc			system_u:object_r:initrc_exec_t
/etc/rc.d/rc.sysinit		system_u:object_r:initrc_exec_t
/etc/rc.d/rc.local		system_u:object_r:initrc_exec_t
/etc/auth(|/.*)			system_u:object_r:etc_auth_t
/etc/aliases			system_u:object_r:etc_aliases_t
/etc/aliases.db			system_u:object_r:etc_aliases_t
/etc/mail(|/.*)			system_u:object_r:etc_mail_t
/etc/conf.modules		system_u:object_r:modules_conf_t
/etc/HOSTNAME			system_u:object_r:etc_runtime_t
/etc/ioctl.save			system_u:object_r:etc_runtime_t
/etc/mtab			system_u:object_r:etc_runtime_t
/etc/issue			system_u:object_r:etc_runtime_t
/etc/issue.net			system_u:object_r:etc_runtime_t
/etc/sysconfig/hwconf		system_u:object_r:etc_runtime_t
/etc/crontab			system_u:object_r:system_crond_script_t
/etc/cron.d(|/.*)		system_u:object_r:system_crond_script_t
/etc/security/cron_context.*	system_u:object_r:cron_context_t
/etc/ssh_host_key               system_u:object_r:sshd_key_t
/etc/ssh_random_seed            system_u:object_r:sshd_key_t

#
# /lib
#
/lib(|/.*)			system_u:object_r:lib_t
/lib/ld.*\.so.*			system_u:object_r:ld_so_t
/lib/lib.*\.so.*		system_u:object_r:shlib_t
/lib/security/.*\.so.*		system_u:object_r:shlib_t
/lib/modules(|/.*)		system_u:object_r:modules_object_t
/lib/modules/[^/]*/modules\..* system_u:object_r:modules_dep_t

#
# /sbin
#
/sbin(|/.*)			system_u:object_r:sbin_t
/sbin/ifconfig			system_u:object_r:ifconfig_exec_t
/sbin/depmod			system_u:object_r:depmod_exec_t
/sbin/modprobe			system_u:object_r:modprobe_exec_t
/sbin/insmod			system_u:object_r:insmod_exec_t
/sbin/insmod.static		system_u:object_r:insmod_exec_t
/sbin/rmmod			system_u:object_r:rmmod_exec_t
/sbin/rmmod.static		system_u:object_r:rmmod_exec_t
/sbin/init		  	system_u:object_r:init_exec_t
/sbin/sulogin			system_u:object_r:sulogin_exec_t
/sbin/mingetty			system_u:object_r:getty_exec_t
/sbin/getty			system_u:object_r:getty_exec_t
/sbin/uugetty			system_u:object_r:getty_exec_t
/sbin/syslogd			system_u:object_r:syslogd_exec_t
/sbin/minilogd			system_u:object_r:syslogd_exec_t
/sbin/klogd			system_u:object_r:klogd_exec_t
/sbin/ypbind			system_u:object_r:ypbind_exec_t
/sbin/portmap			system_u:object_r:portmap_exec_t
/sbin/rpc\..*			system_u:object_r:rpcd_exec_t
/sbin/cardmgr			system_u:object_r:cardmgr_exec_t
/sbin/fsck			system_u:object_r:fsadm_exec_t
/sbin/fsck\.ext2		system_u:object_r:fsadm_exec_t
/sbin/e2fsck			system_u:object_r:fsadm_exec_t
/sbin/e2label			system_u:object_r:fsadm_exec_t
/sbin/mkfs			system_u:object_r:fsadm_exec_t
/sbin/mke2fs			system_u:object_r:fsadm_exec_t
/sbin/mkfs.ext2			system_u:object_r:fsadm_exec_t
/sbin/mkswap			system_u:object_r:fsadm_exec_t
/sbin/scsi_info			system_u:object_r:fsadm_exec_t
/sbin/sfdisk			system_u:object_r:fsadm_exec_t
/sbin/cfdisk			system_u:object_r:fsadm_exec_t
/sbin/fdisk			system_u:object_r:fsadm_exec_t
/sbin/tune2fs			system_u:object_r:fsadm_exec_t
/sbin/dumpe2fs			system_u:object_r:fsadm_exec_t
/sbin/swapon			system_u:object_r:fsadm_exec_t
/sbin/hdparm                    system_u:object_r:fsadm_exec_t
/sbin/pwdb_chkpwd		system_u:object_r:chkpwd_exec_t

#
# /tmp
#
/tmp(|/.*)			system_u:object_r:tmp_t
/tmp/orbit.*			system_u:object_r:user_tmp_t
/tmp/.ICE-unix(|/.*)		system_u:object_r:user_tmp_t
/tmp/.X11-unix(|/.*)		system_u:object_r:user_xserver_tmp_t
/tmp/.X0-lock			system_u:object_r:user_xserver_tmp_t
/tmp/.font-unix(|/.*)		system_u:object_r:xfs_tmp_t

#
# /usr
#
/usr(|/.*)			system_u:object_r:usr_t
/usr/etc(|/.*)			system_u:object_r:etc_t
/usr/libexec(|/.*)		system_u:object_r:lib_t
/usr/src(|/.*)			system_u:object_r:src_t
/usr/tmp(|/.*)			system_u:object_r:tmp_t
/usr/man(|/.*)			system_u:object_r:man_t

#
# /usr/bin
#
/usr/bin(|/.*)			system_u:object_r:bin_t
/usr/bin/lpr			system_u:object_r:lpr_exec_t
/usr/bin/lpq			system_u:object_r:lpr_exec_t
/usr/bin/lprm			system_u:object_r:lpr_exec_t
/usr/bin/makemap		system_u:object_r:sbin_t
/usr/bin/netscape		system_u:object_r:netscape_exec_t
/usr/bin/crontab		system_u:object_r:crontab_exec_t


#
# /usr/lib
#
/usr/lib(|/.*)			system_u:object_r:lib_t
/usr/lib/lib.*\.so.*		system_u:object_r:shlib_t
/usr/lib/perl5/man(|/.*)	system_u:object_r:man_t

#
# /usr/.*glibc.*-linux/lib
#
/usr/.*glibc.*-linux/lib(|/.*)	system_u:object_r:lib_t
/usr/.*glibc.*-linux/lib/ld.*\.so.* system_u:object_r:ld_so_t
/usr/.*glibc.*-linux/lib/lib.*\.so.* system_u:object_r:shlib_t

#
# /usr/.*redhat-linux/lib
#
/usr/.*redhat-linux/lib(|/.*)	system_u:object_r:lib_t
/usr/.*redhat-linux/lib/ld.*\.so.* system_u:object_r:ld_so_t
/usr/.*redhat-linux/lib/lib.*\.so.* system_u:object_r:shlib_t

#
# /usr/.*linux-libc.*/lib
#
/usr/.*linux-libc.*/lib(|/.*) system_u:object_r:lib_t
/usr/.*linux-libc.*/lib/ld.*\.so.* system_u:object_r:ld_so_t
/usr/.*linux-libc.*/lib/lib.*\.so.* system_u:object_r:shlib_t

#
# /usr/local
#
/usr/local/etc(|/.*)		system_u:object_r:etc_t
/usr/local/etc/ssh_host_key     system_u:object_r:sshd_key_t
/usr/local/etc/ssh_host_dsa_key system_u:object_r:sshd_key_t
/usr/local/src(|/.*)		system_u:object_r:src_t
/usr/local/sbin(|/.*)		system_u:object_r:sbin_t
/usr/local/sbin/sshd	        system_u:object_r:sshd_exec_t
/usr/local/man(|/.*)		system_u:object_r:man_t

#
# /usr/local/bin
#
/usr/local/bin(|/.*)		system_u:object_r:bin_t
/usr/local/bin/tcsh		system_u:object_r:shell_exec_t

#
# /usr/local/lib
#
/usr/local/lib(|/.*)		system_u:object_r:lib_t
/usr/local/lib/lib.*\.so.*	system_u:object_r:shlib_t

#
# /usr/sbin
#
/usr/sbin(|/.*)			system_u:object_r:sbin_t
/usr/sbin/syslogd		system_u:object_r:syslogd_exec_t
/usr/sbin/klogd			system_u:object_r:klogd_exec_t
/usr/sbin/apmd			system_u:object_r:apmd_exec_t
/usr/sbin/crond			system_u:object_r:crond_exec_t
/usr/sbin/atd			system_u:object_r:atd_exec_t
/usr/sbin/lpd			system_u:object_r:lpd_exec_t
/usr/sbin/inetd			system_u:object_r:inetd_exec_t
/usr/sbin/tcpd			system_u:object_r:tcpd_exec_t
/usr/sbin/identd		system_u:object_r:inetd_child_exec_t
/usr/sbin/in\..*d		system_u:object_r:inetd_child_exec_t
/usr/sbin/in.rlogind		system_u:object_r:rlogind_exec_t
/usr/sbin/in.telnetd		system_u:object_r:rlogind_exec_t
/usr/sbin/in.rshd		system_u:object_r:rshd_exec_t
/usr/sbin/in.ftpd		system_u:object_r:ftpd_exec_t
/usr/sbin/in.ftpd-stage2	system_u:object_r:ftpd_stage2_exec_t
/usr/sbin/sendmail		system_u:object_r:sendmail_exec_t
/usr/sbin/rpc\..*		system_u:object_r:rpcd_exec_t
/usr/sbin/gpm			system_u:object_r:gpm_exec_t
/usr/sbin/makemap		system_u:object_r:sbin_t
/usr/sbin/utempter		system_u:object_r:utempter_exec_t
/usr/sbin/gnome-pty-helper	system_u:object_r:gph_exec_t
/usr/sbin/logrotate		system_u:object_r:logrotate_exec_t

#
# /usr/X11R6/bin
#
/usr/X11R6/bin(|/.*)		system_u:object_r:bin_t
/usr/X11R6/bin/xfs		system_u:object_r:xfs_exec_t
/usr/X11R6/bin/Xwrapper		system_u:object_r:xserver_exec_t

#
# /usr/X11R6/lib
#
/usr/X11R6/lib(|/.*)		system_u:object_r:lib_t
/usr/X11R6/lib/lib.*\.so.*	system_u:object_r:shlib_t

#
# /usr/X11R6/man
#
/usr/X11R6/man(|/.*)		system_u:object_r:man_t

#
# /usr/flask
#
/usr/flask/bin(|/.*)		system_u:object_r:bin_t
/usr/flask/sbin(|/.*)		system_u:object_r:bin_t
/usr/flask/libexec(|/.*)	system_u:object_r:lib_t
/usr/flask/bin/spasswd		system_u:object_r:passwd_exec_t
/usr/flask/bin/schsh		system_u:object_r:passwd_exec_t
/usr/flask/bin/schfn		system_u:object_r:passwd_exec_t
/usr/flask/bin/newrole		system_u:object_r:newrole_exec_t

#
# /var
#
/var(|/.*)			system_u:object_r:var_t
/var/catman(|/.*)		system_u:object_r:catman_t
/var/yp(|/.*)			system_u:object_r:var_yp_t
/var/lib(|/.*)			system_u:object_r:var_lib_t
/var/lock(|/.*)			system_u:object_r:var_lock_t
/var/tmp(|/.*)			system_u:object_r:tmp_t

#
# /var/run
#
/var/run(|/.*)			system_u:object_r:var_run_t
/var/run/utmp			system_u:object_r:initrc_var_run_t
/var/run/runlevel.dir		system_u:object_r:initrc_var_run_t
/var/run/random-seed		system_u:object_r:initrc_var_run_t
/var/run/.*\.*pid		<<none>>

#
# /var/spool
#
/var/spool(|/.*)		system_u:object_r:var_spool_t
/var/spool/at(|/.*)		system_u:object_r:at_spool_t
/var/spool/cron			system_u:object_r:cron_spool_t
/var/spool/cron/.*		system_u:object_r:user_cron_spool_t
/var/spool/lpd(|/.*)		system_u:object_r:lpd_spool_t
/var/spool/mail(|/.*)		system_u:object_r:mail_spool_t
/var/spool/mqueue(|/.*)		system_u:object_r:mqueue_spool_t

# 
# /var/log
#
/var/log(|/.*)			system_u:object_r:var_log_t
/var/log/wtmp			system_u:object_r:wtmp_t
/var/log/sendmail.st		system_u:object_r:sendmail_var_log_t
/var/log/cron			system_u:object_r:cron_log_t

#
# Persistent label mappings.
#
.*/\.\.\.security(|/.*)		system_u:object_r:file_labels_t

#
# Lost and found directories.
#
.*/lost\+found(|/.*)		system_u:object_r:lost_found_t

