William Roberts | dc10723 | 2012-07-11 16:46:38 -0700 | [diff] [blame] | 1 | # Label inodes with the fs label. |
| 2 | genfscon rootfs / u:object_r:rootfs:s0 |
| 3 | # proc labeling can be further refined (longest matching prefix). |
| 4 | genfscon proc / u:object_r:proc:s0 |
Robert Craig | 1bf61c4 | 2014-01-07 14:41:47 -0500 | [diff] [blame] | 5 | genfscon proc /net u:object_r:proc_net:s0 |
hqjiang | 4c06d27 | 2012-07-19 11:07:04 -0700 | [diff] [blame] | 6 | genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid_proc:s0 |
Stephen Smalley | 3dad7b6 | 2014-03-05 09:50:08 -0500 | [diff] [blame] | 7 | genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0 |
Stephen Smalley | 7adb999 | 2013-12-06 09:31:40 -0500 | [diff] [blame] | 8 | genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0 |
| 9 | genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0 |
| 10 | genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0 |
| 11 | genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0 |
| 12 | genfscon proc /sys/kernel/dmesg_restrict u:object_r:proc_security:s0 |
| 13 | genfscon proc /sys/kernel/hotplug u:object_r:usermodehelper:s0 |
| 14 | genfscon proc /sys/kernel/kptr_restrict u:object_r:proc_security:s0 |
| 15 | genfscon proc /sys/kernel/modprobe u:object_r:usermodehelper:s0 |
| 16 | genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security:s0 |
| 17 | genfscon proc /sys/kernel/poweroff_cmd u:object_r:usermodehelper:s0 |
| 18 | genfscon proc /sys/kernel/randomize_va_space u:object_r:proc_security:s0 |
| 19 | genfscon proc /sys/kernel/usermodehelper u:object_r:usermodehelper:s0 |
Robert Craig | 529fcbe | 2014-01-07 13:46:56 -0500 | [diff] [blame] | 20 | genfscon proc /sys/net u:object_r:proc_net:s0 |
Stephen Smalley | e6a7b37 | 2013-12-09 13:24:25 -0500 | [diff] [blame] | 21 | genfscon proc /sys/vm/mmap_min_addr u:object_r:proc_security:s0 |
William Roberts | dc10723 | 2012-07-11 16:46:38 -0700 | [diff] [blame] | 22 | # selinuxfs booleans can be individually labeled. |
| 23 | genfscon selinuxfs / u:object_r:selinuxfs:s0 |
| 24 | genfscon cgroup / u:object_r:cgroup:s0 |
| 25 | # sysfs labels can be set by userspace. |
| 26 | genfscon sysfs / u:object_r:sysfs:s0 |
| 27 | genfscon inotifyfs / u:object_r:inotify:s0 |
William Roberts | c195ec3 | 2013-03-06 16:26:36 -0800 | [diff] [blame] | 28 | genfscon vfat / u:object_r:sdcard_external:s0 |
William Roberts | dc10723 | 2012-07-11 16:46:38 -0700 | [diff] [blame] | 29 | genfscon debugfs / u:object_r:debugfs:s0 |
William Roberts | c195ec3 | 2013-03-06 16:26:36 -0800 | [diff] [blame] | 30 | genfscon fuse / u:object_r:sdcard_internal:s0 |
jaejyn.shin | 318e0c9 | 2014-04-10 13:32:54 +0900 | [diff] [blame] | 31 | genfscon pstore / u:object_r:pstorefs:s0 |
Nick Kralevich | 77cc055 | 2014-04-15 14:53:05 -0700 | [diff] [blame] | 32 | genfscon functionfs / u:object_r:functionfs:s0 |