#
# This file describes the security contexts to be applied to files
# when the security policy is installed.  The setfiles program
# reads this file and labels files accordingly.
#
# Each specification has the form:
#       regexp [ -type ] ( context | <<none>> )
#
# By default, the regexp is an anchored match on both ends (i.e. a 
# caret (^) is prepended and a dollar sign ($) is appended automatically).
# This default may be overridden by using .* at the beginning and/or
# end of the regular expression.  
#
# The optional type field specifies the file type as shown in the mode
# field by ls, e.g. use -d to match only directories or -- to match only
# regular files.
# 
# The value of <<none> may be used to indicate that matching files
# should not be relabeled.
#
# The last matching specification is used.
#
# If there are multiple hard links to a file that match 
# different specifications and those specifications indicate
# different security contexts, then a warning is displayed
# but the file is still labeled based on the last matching
# specification other than <<none>>.
#
# Some of the files listed here get re-created during boot and therefore
# need type transition rules to retain the correct type. These files are
# listed here anyway so that if the setfiles program is used on a running
# system it doesn't relabel them to something we don't want. An example of
# this is /var/run/utmp.
#

#
# The security context for all files not otherwise specified.
#
/.*				system_u:object_r:file_t

#
# The root directory.
#
/				system_u:object_r:root_t

#
# The policy configuration.
#
/ss_policy			system_u:object_r:policy_config_t

#
# /var
#
/var(|/.*)			system_u:object_r:var_t
/var/catman(|/.*)		system_u:object_r:catman_t
/var/cache/man(|/.*)		system_u:object_r:catman_t
/var/yp(|/.*)			system_u:object_r:var_yp_t
/var/lib(|/.*)			system_u:object_r:var_lib_t
/var/lib/nfs(|/.*)		system_u:object_r:var_lib_nfs_t
/var/lib/rpm(|/.*)		system_u:object_r:var_lib_rpm_t
/var/lock(|/.*)			system_u:object_r:var_lock_t
/var/tmp(|/.*)			system_u:object_r:tmp_t
/var/www/html(|/.*)		system_u:object_r:httpd_sys_content_t
/var/www/cgi-bin(|/.*)		system_u:object_r:httpd_sys_script_t
/var/www/perl(|/.*)		system_u:object_r:httpd_sys_script_t
/var/www/icons(|/.*)		system_u:object_r:httpd_sys_content_t
/var/cache/httpd(|/.*)		system_u:object_r:httpd_cache_t
/var/named(|/.*)      		system_u:object_r:named_conf_t
/var/cache/squid(|/.*)		system_u:object_r:squid_cache_t

#
# /var/ftp
#
/var/ftp/bin			system_u:object_r:bin_t
/var/ftp/lib			system_u:object_r:lib_t
/var/ftp/lib/ld.*\.so.*		system_u:object_r:ld_so_t
/var/ftp/lib/lib.*\.so.*	system_u:object_r:shlib_t
/var/ftp/etc			system_u:object_r:etc_t

# 
# The superuser home directory.
#
/root(|/.*)			system_u:object_r:sysadm_home_t
/root/\.netscape(|/.*)		system_u:object_r:sysadm_netscape_rw_t
/root/\.mozilla(|/.*)		system_u:object_r:sysadm_netscape_rw_t

# 
# Other user home directories.
#
/home(|/.*)			system_u:object_r:user_home_t
/home/.*/\.netscape(|/.*)	system_u:object_r:user_netscape_rw_t
/home/.*/\.mozilla(|/.*)	system_u:object_r:user_netscape_rw_t

#
# /bin
#
/bin(|/.*)			system_u:object_r:bin_t
/bin/login			system_u:object_r:login_exec_t
/bin/tcsh			system_u:object_r:shell_exec_t
/bin/bash			system_u:object_r:shell_exec_t
/bin/ash			system_u:object_r:shell_exec_t
/bin/su				system_u:object_r:su_exec_t
/bin/ls				system_u:object_r:ls_exec_t
/bin/mount 	                system_u:object_r:mount_exec_t
/bin/umount                     system_u:object_r:mount_exec_t
/bin/ping 			system_u:object_r:ping_exec_t
/bin/rpm 			system_u:object_r:rpm_exec_t

#
# /boot
#
/boot(|/.*)			system_u:object_r:boot_t
/boot/kernel.h(|.*)		system_u:object_r:boot_runtime_t

#
# /dev
#
/dev(|/.*)			system_u:object_r:device_t
/dev/MAKEDEV			system_u:object_r:sbin_t
/dev/null			system_u:object_r:null_device_t
/dev/zero			system_u:object_r:zero_device_t
/dev/console			system_u:object_r:console_device_t
/dev/(kmem|mem|port)		system_u:object_r:memory_device_t
/dev/random			system_u:object_r:random_device_t
/dev/urandom			system_u:object_r:random_device_t
/dev/[^/]*tty[^/]*		system_u:object_r:tty_device_t
/dev/vcs[^/]*			system_u:object_r:tty_device_t
/dev/tty			system_u:object_r:devtty_t
/dev/sd[^/]*			system_u:object_r:fixed_disk_device_t
/dev/hd[^/]*			system_u:object_r:fixed_disk_device_t
/dev/scd[^/]*			system_u:object_r:removable_device_t
/dev/fd[^/]*			system_u:object_r:removable_device_t
/dev/rtc			system_u:object_r:clock_device_t
/dev/initctl			system_u:object_r:initctl_t
/dev/log			system_u:object_r:devlog_t
/dev/printer			system_u:object_r:printer_t
/dev/psaux			system_u:object_r:mouse_device_t
/dev/.*mouse.*	-c		system_u:object_r:mouse_device_t
/dev/input/.*mouse.*		system_u:object_r:mouse_device_t
/dev/gpmctl			system_u:object_r:gpmctl_t
/dev/ptmx			system_u:object_r:ptmx_t
/dev/sequencer			system_u:object_r:misc_device_t
/dev/agpgart			system_u:object_r:agp_device_t
/dev/dri(|/.*)			system_u:object_r:dri_device_t
/dev/apm_bios			system_u:object_r:apm_bios_t
/dev/ppp			system_u:object_r:ppp_device_t

#
# /etc
#
/etc(|/.*)			system_u:object_r:etc_t
/etc/rc.d/rc			system_u:object_r:initrc_exec_t
/etc/rc.d/rc.sysinit		system_u:object_r:initrc_exec_t
/etc/rc.d/rc.local		system_u:object_r:initrc_exec_t
/etc/aliases			system_u:object_r:etc_aliases_t
/etc/aliases.db			system_u:object_r:etc_aliases_t
/etc/mail(|/.*)			system_u:object_r:etc_mail_t
/etc/modules.conf		system_u:object_r:modules_conf_t
/etc/fstab.REVOKE		system_u:object_r:etc_runtime_t
/etc/HOSTNAME			system_u:object_r:etc_runtime_t
/etc/ioctl.save			system_u:object_r:etc_runtime_t
/etc/mtab			system_u:object_r:etc_runtime_t
/etc/issue			system_u:object_r:etc_runtime_t
/etc/issue.net			system_u:object_r:etc_runtime_t
/etc/sysconfig/hwconf		system_u:object_r:etc_runtime_t
/etc/crontab			system_u:object_r:system_crond_script_t
/etc/cron.d(|/.*)		system_u:object_r:system_crond_script_t
/etc/security/cron_context.*	system_u:object_r:cron_context_t
/etc/ssh/primes                 system_u:object_r:sshd_key_t
/etc/ssh/ssh_host_key 		system_u:object_r:sshd_key_t
/etc/ssh/ssh_host_dsa_key       system_u:object_r:sshd_key_t
/etc/ssh/ssh_host_rsa_key       system_u:object_r:sshd_key_t
/etc/ld.so.cache		system_u:object_r:ld_so_cache_t
/etc/httpd			system_u:object_r:httpd_config_t
/etc/httpd/conf(|/.*)		system_u:object_r:httpd_config_t
/etc/httpd/logs			system_u:object_r:httpd_log_files_t
/etc/httpd/modules		system_u:object_r:httpd_modules_t
/etc/resolv.conf.*		system_u:object_r:resolv_conf_t
/etc/adjtime                    system_u:object_r:adjtime_t
/etc/named.conf       		system_u:object_r:named_conf_t
/etc/mrtg(|/.*)			system_u:object_r:etc_mrtg_t
/etc/dhcpc.*(|/.*)		system_u:object_r:etc_dhcpc_t
/etc/dhclient.conf		system_u:object_r:etc_dhcpc_t
/etc/dhclient-script		system_u:object_r:etc_dhcpc_t

#
# /lib
#
/lib(|/.*)			system_u:object_r:lib_t
/lib/ld.*\.so.*			system_u:object_r:ld_so_t
/lib/lib.*\.so.*		system_u:object_r:shlib_t
/lib/[^/]*/lib.*\.so.*		system_u:object_r:shlib_t
/lib/security/.*\.so.*		system_u:object_r:shlib_t
/lib/modules(|/.*)		system_u:object_r:modules_object_t
/lib/modules/[^/]*/modules\..* system_u:object_r:modules_dep_t

#
# /sbin
#
/sbin(|/.*)			system_u:object_r:sbin_t
/sbin/ifconfig			system_u:object_r:ifconfig_exec_t
/sbin/depmod			system_u:object_r:depmod_exec_t
/sbin/modprobe			system_u:object_r:modprobe_exec_t
/sbin/insmod			system_u:object_r:insmod_exec_t
/sbin/insmod.static		system_u:object_r:insmod_exec_t
/sbin/rmmod			system_u:object_r:rmmod_exec_t
/sbin/init		  	system_u:object_r:init_exec_t
/sbin/sulogin			system_u:object_r:sulogin_exec_t
/sbin/.*getty			system_u:object_r:getty_exec_t
/sbin/syslogd			system_u:object_r:syslogd_exec_t
/sbin/minilogd			system_u:object_r:syslogd_exec_t
/sbin/klogd			system_u:object_r:klogd_exec_t
/sbin/ypbind			system_u:object_r:ypbind_exec_t
/sbin/portmap			system_u:object_r:portmap_exec_t
/sbin/rpc\..*			system_u:object_r:rpcd_exec_t
/sbin/cardmgr			system_u:object_r:cardmgr_exec_t
/sbin/fsck			system_u:object_r:fsadm_exec_t
/sbin/fsck\.ext2		system_u:object_r:fsadm_exec_t
/sbin/fsck\.ext3		system_u:object_r:fsadm_exec_t
/sbin/e2fsck			system_u:object_r:fsadm_exec_t
/sbin/e2label			system_u:object_r:fsadm_exec_t
/sbin/mkfs			system_u:object_r:fsadm_exec_t
/sbin/mke2fs			system_u:object_r:fsadm_exec_t
/sbin/mkfs.ext2			system_u:object_r:fsadm_exec_t
/sbin/mkswap			system_u:object_r:fsadm_exec_t
/sbin/scsi_info			system_u:object_r:fsadm_exec_t
/sbin/sfdisk			system_u:object_r:fsadm_exec_t
/sbin/cfdisk			system_u:object_r:fsadm_exec_t
/sbin/fdisk			system_u:object_r:fsadm_exec_t
/sbin/tune2fs			system_u:object_r:fsadm_exec_t
/sbin/dumpe2fs			system_u:object_r:fsadm_exec_t
/sbin/swapon			system_u:object_r:fsadm_exec_t
/sbin/hdparm                    system_u:object_r:fsadm_exec_t
/sbin/.*_chkpwd			system_u:object_r:chkpwd_exec_t
/sbin/pump			system_u:object_r:pump_exec_t
/sbin/hwclock                   system_u:object_r:hwclock_exec_t
/sbin/ip			system_u:object_r:netutils_exec_t
/sbin/arping			system_u:object_r:netutils_exec_t
/sbin/dhcpcd			system_u:object_r:dhcpc_exec_t
/sbin/dhclient.*		system_u:object_r:dhcpc_exec_t
/sbin/ipchains			system_u:object_r:ipchains_exec_t
/sbin/ipchains-restore		system_u:object_r:ipchains_exec_t
/sbin/ipchains-save		system_u:object_r:ipchains_exec_t
/sbin/iptables			system_u:object_r:ipchains_exec_t

#
# /tmp
#
/tmp(|/.*)			system_u:object_r:tmp_t
/tmp/orbit.*			system_u:object_r:user_tmp_t
/tmp/.ICE-unix(|/.*)		system_u:object_r:user_tmp_t
/tmp/.X11-unix(|/.*)		system_u:object_r:user_xserver_tmp_t
/tmp/.X0-lock			system_u:object_r:user_xserver_tmp_t
/tmp/.font-unix(|/.*)		system_u:object_r:xfs_tmp_t

#
# /usr
#
/usr(|/.*)			system_u:object_r:usr_t
/usr/etc(|/.*)			system_u:object_r:etc_t
/usr/libexec(|/.*)		system_u:object_r:lib_t
/usr/src(|/.*)			system_u:object_r:src_t
/usr/tmp(|/.*)			system_u:object_r:tmp_t
/usr/man(|/.*)			system_u:object_r:man_t

#
# /usr/bin
#
/usr/bin(|/.*)			system_u:object_r:bin_t
/usr/bin/lpr			system_u:object_r:lpr_exec_t
/usr/bin/lpq			system_u:object_r:lpr_exec_t
/usr/bin/lprm			system_u:object_r:lpr_exec_t
/usr/bin/makemap		system_u:object_r:sbin_t
/usr/bin/netscape		system_u:object_r:netscape_exec_t
/usr/bin/mozilla		system_u:object_r:netscape_exec_t
/usr/bin/crontab		system_u:object_r:crontab_exec_t
/usr/bin/ssh			system_u:object_r:ssh_exec_t


#
# /usr/lib
#
/usr/lib(|/.*)			system_u:object_r:lib_t
/usr/lib/lib.*\.so.*		system_u:object_r:shlib_t
/usr/lib/[^/]*/lib.*\.so.*	system_u:object_r:shlib_t
/usr/lib/autofs/.*\.so		system_u:object_r:shlib_t
/usr/lib/perl5/man(|/.*)	system_u:object_r:man_t
/usr/lib/perl.*\.so		system_u:object_r:shlib_t
/usr/lib/locale/.*/LC_.* 	system_u:object_r:writeable_t
/usr/share/locale/.*/LC_.* 	system_u:object_r:writeable_t
/usr/lib/apache(|/.*)		system_u:object_r:httpd_modules_t

#
# /usr/.*glibc.*-linux/lib
#
/usr/.*glibc.*-linux/lib(|/.*)	system_u:object_r:lib_t
/usr/.*glibc.*-linux/lib/ld.*\.so.* system_u:object_r:ld_so_t
/usr/.*glibc.*-linux/lib/lib.*\.so.* system_u:object_r:shlib_t

# /usr/.*redhat-linux/lib
#
/usr/.*redhat-linux/lib(|/.*)	system_u:object_r:lib_t
/usr/.*redhat-linux/lib/ld.*\.so.* system_u:object_r:ld_so_t
/usr/.*redhat-linux/lib/lib.*\.so.* system_u:object_r:shlib_t

#
# /usr/.*linux-libc.*/lib
#
/usr/.*linux-libc.*/lib(|/.*) system_u:object_r:lib_t
/usr/.*linux-libc.*/lib/ld.*\.so.* system_u:object_r:ld_so_t
/usr/.*linux-libc.*/lib/lib.*\.so.* system_u:object_r:shlib_t

#
# /usr/local
#
/usr/local/etc(|/.*)		system_u:object_r:etc_t
/usr/local/src(|/.*)		system_u:object_r:src_t
/usr/local/sbin(|/.*)		system_u:object_r:sbin_t
/usr/local/man(|/.*)		system_u:object_r:man_t

#
# /usr/local/bin
#
/usr/local/bin(|/.*)		system_u:object_r:bin_t

#
# /usr/local/lib
#
/usr/local/lib(|/.*)		system_u:object_r:lib_t

#
# /usr/sbin
#
/usr/sbin(|/.*)			system_u:object_r:sbin_t
/usr/sbin/syslogd		system_u:object_r:syslogd_exec_t
/usr/sbin/klogd			system_u:object_r:klogd_exec_t
/usr/sbin/apmd			system_u:object_r:apmd_exec_t
/usr/sbin/crond			system_u:object_r:crond_exec_t
/usr/sbin/atd			system_u:object_r:atd_exec_t
/usr/sbin/lpd			system_u:object_r:lpd_exec_t
/usr/sbin/sshd	        	system_u:object_r:sshd_exec_t
/usr/sbin/inetd			system_u:object_r:inetd_exec_t
/usr/sbin/xinetd		system_u:object_r:inetd_exec_t
/usr/sbin/tcpd			system_u:object_r:tcpd_exec_t
/usr/sbin/identd		system_u:object_r:inetd_child_exec_t
/usr/sbin/in\..*d		system_u:object_r:inetd_child_exec_t
/usr/sbin/in.rlogind		system_u:object_r:rlogind_exec_t
/usr/sbin/in.telnetd		system_u:object_r:rlogind_exec_t
/usr/sbin/in.rshd		system_u:object_r:rshd_exec_t
/usr/sbin/in.ftpd		system_u:object_r:ftpd_exec_t
/usr/sbin/sendmail		system_u:object_r:sendmail_exec_t
/usr/sbin/rpc\..*		system_u:object_r:rpcd_exec_t
/usr/sbin/gpm			system_u:object_r:gpm_exec_t
/usr/sbin/makemap		system_u:object_r:sbin_t
/usr/sbin/utempter		system_u:object_r:utempter_exec_t
/usr/sbin/gnome-pty-helper	system_u:object_r:gph_exec_t
/usr/sbin/logrotate		system_u:object_r:logrotate_exec_t
/usr/sbin/updfstab              system_u:object_r:fsadm_exec_t
/usr/sbin/httpd			system_u:object_r:httpd_exec_t
/usr/sbin/automount		system_u:object_r:automount_exec_t
/usr/sbin/anacron		system_u:object_r:anacron_exec_t
/usr/sbin/suexec		system_u:object_r:httpd_suexec_exec_t
/usr/sbin/named       		system_u:object_r:named_exec_t
/usr/sbin/checkpc		system_u:object_r:checkpc_exec_t
/usr/sbin/ipchains		system_u:object_r:ipchains_exec_t
/usr/sbin/pppd			system_u:object_r:pppd_exec_t
/usr/sbin/nscd			system_u:object_r:nscd_exec_t
/usr/sbin/squid			system_u:object_r:squid_exec_t

#
# /usr/X11R6/bin
#
/usr/X11R6/bin(|/.*)		system_u:object_r:bin_t
/usr/X11R6/bin/xfs		system_u:object_r:xfs_exec_t
/usr/X11R6/bin/Xwrapper		system_u:object_r:xserver_exec_t

#
# /usr/X11R6/lib
#
/usr/X11R6/lib(|/.*)		system_u:object_r:lib_t
/usr/X11R6/lib/lib.*\.so.*	system_u:object_r:shlib_t

#
# /usr/X11R6/man
#
/usr/X11R6/man(|/.*)		system_u:object_r:man_t

#
# /usr/kerberos
#
/usr/kerberos/bin(|/.*)		system_u:object_r:bin_t
/usr/kerberos/sbin(|/.*)	system_u:object_r:sbin_t
/usr/kerberos/lib(|/.*)		system_u:object_r:lib_t
/usr/kerberos/lib/lib.*\.so.*	system_u:object_r:shlib_t

#
# /usr/local/selinux
#
/usr/local/selinux/bin(|/.*)		system_u:object_r:bin_t
/usr/local/selinux/sbin(|/.*)		system_u:object_r:bin_t
/usr/local/selinux/lib(|/.*)		system_u:object_r:lib_t
/usr/local/selinux/libexec(|/.*)	system_u:object_r:lib_t
/usr/local/selinux/bin/spasswd		system_u:object_r:passwd_exec_t
/usr/local/selinux/bin/schsh		system_u:object_r:passwd_exec_t
/usr/local/selinux/bin/schfn		system_u:object_r:passwd_exec_t
/usr/local/selinux/bin/newrole		system_u:object_r:newrole_exec_t
/usr/local/selinux/bin/run_init		system_u:object_r:run_init_exec_t
/usr/local/selinux/bin/flmon            system_u:object_r:selopt_exec_t
/usr/local/selinux/sbin/ct              system_u:object_r:selopt_exec_t
/usr/local/selinux/sbin/pt              system_u:object_r:selopt_exec_t
/usr/local/selinux/sbin/scmpd           system_u:object_r:scmpd_exec_t

#
# /var/run
#
/var/run(|/.*)			system_u:object_r:var_run_t
/var/run/utmp			system_u:object_r:initrc_var_run_t
/var/run/runlevel.dir		system_u:object_r:initrc_var_run_t
/var/run/random-seed		system_u:object_r:initrc_var_run_t
/var/run/.*\.*pid		<<none>>

#
# /var/spool
#
/var/spool(|/.*)		system_u:object_r:var_spool_t
/var/spool/at(|/.*)		system_u:object_r:at_spool_t
/var/spool/cron			system_u:object_r:cron_spool_t
/var/spool/cron/.*		system_u:object_r:user_cron_spool_t
/var/spool/lpd(|/.*)		system_u:object_r:lpd_spool_t
/var/spool/mail(|/.*)		system_u:object_r:mail_spool_t
/var/spool/mqueue(|/.*)		system_u:object_r:mqueue_spool_t

# 
# /var/log
#
/var/log(|/.*)			system_u:object_r:var_log_t
/var/log/wtmp			system_u:object_r:wtmp_t
/var/log/sendmail.st		system_u:object_r:sendmail_var_log_t
/var/log/cron			system_u:object_r:cron_log_t
/var/log/XFree86.*		system_u:object_r:xserver_var_log_t
/var/log/httpd(|/.*)		system_u:object_r:httpd_log_files_t
/var/log/sa(|/.*)		system_u:object_r:var_log_sa_t
/var/log/ksyms.*		system_u:object_r:var_log_ksyms_t
/var/log/rpmpkgs.*		system_u:object_r:var_log_rpm_t
/var/log/squid			system_u:object_r:var_log_squid_t
/var/log/lastlog		system_u:object_r:lastlog_t

#
# Snort definitions
#
/usr/sbin/snort		system_u:object_r:snort_exec_t
/etc/snort(|/.*)	system_u:object_r:snort_etc_t
/var/log/snort(|/.*)	system_u:object_r:snort_log_t

#
# IPSEC Definition
#
/etc/ipsec.secrets              system_u:object_r:ipsec_file_t
/usr/local/lib/ipsec(|/.*)      system_u:object_r:sbin_t
/usr/local/lib/ipsec/eroute     system_u:object_r:ipsec_exec_t
/usr/local/lib/ipsec/klipsdebug system_u:object_r:ipsec_exec_t
/usr/local/lib/ipsec/pluto      system_u:object_r:ipsec_exec_t
/usr/local/lib/ipsec/spi        system_u:object_r:ipsec_exec_t

# Files under /usr/share/printconf.
/usr/share/printconf/.*		system_u:object_r:printconf_t

#
# X Display Manager definitions
#
/usr/bin/[xgk]dm                system_u:object_r:xdm_exec_t
/var/[xgk]dm(|/.*)              system_u:object_r:xdm_log_t
/usr/var/[xgk]dm(|/.*)          system_u:object_r:xdm_log_t
# Uncomment if you are running an X Display Manager.
#/var/log/XFree86.*		system_u:object_r:xdm_log_t
#/tmp/.X11-unix(|/.*)            system_u:object_r:xdm_tmp_t
#/tmp/.X0-lock                   system_u:object_r:xdm_tmp_t

#
# For sound
#
/bin/aumix-minimal              system_u:object_r:sound_exec_t
/dev/mixer.*                    system_u:object_r:sound_device_t
/dev/dsp.*                      system_u:object_r:sound_device_t
/dev/audio.*                    system_u:object_r:sound_device_t
/dev/midi.*                     system_u:object_r:sound_device_t
/etc/\.aumixrc                  system_u:object_r:sound_file_t

#
# Persistent label mappings.
#
.*/\.\.\.security(|/.*)		system_u:object_r:file_labels_t

#
# Lost and found directories.
#
.*/lost\+found(|/.*)		system_u:object_r:lost_found_t

