| 1 |
# FLASK |
|---|
| 2 |
|
|---|
| 3 |
# |
|---|
| 4 |
# Define the security context for each initial SID |
|---|
| 5 |
# sid sidname context |
|---|
| 6 |
|
|---|
| 7 |
sid kernel system_u:system_r:kernel_t:s15:c0.c255 |
|---|
| 8 |
sid security system_u:object_r:security_t:s15:c0.c255 |
|---|
| 9 |
sid unlabeled system_u:object_r:unlabeled_t:s15:c0.c255 |
|---|
| 10 |
sid fs system_u:object_r:fs_t:s0 |
|---|
| 11 |
sid file system_u:object_r:file_t:s0 |
|---|
| 12 |
# Persistent label mapping is gone. This initial SID can be removed. |
|---|
| 13 |
sid file_labels system_u:object_r:unlabeled_t:s15:c0.c255 |
|---|
| 14 |
# init_t is still used, but an initial SID is no longer required. |
|---|
| 15 |
sid init system_u:object_r:unlabeled_t:s15:c0.c255 |
|---|
| 16 |
# any_socket is no longer used. |
|---|
| 17 |
sid any_socket system_u:object_r:unlabeled_t:s15:c0.c255 |
|---|
| 18 |
sid port system_u:object_r:port_t:s0 |
|---|
| 19 |
sid netif system_u:object_r:netif_t:s0 |
|---|
| 20 |
# netmsg is no longer used. |
|---|
| 21 |
sid netmsg system_u:object_r:unlabeled_t:s15:c0.c255 |
|---|
| 22 |
sid node system_u:object_r:node_t:s0 |
|---|
| 23 |
# These sockets are now labeled with the kernel SID, |
|---|
| 24 |
# and do not require their own initial SIDs. |
|---|
| 25 |
sid igmp_packet system_u:object_r:unlabeled_t:s15:c0.c255 |
|---|
| 26 |
sid icmp_socket system_u:object_r:unlabeled_t:s15:c0.c255 |
|---|
| 27 |
sid tcp_socket system_u:object_r:unlabeled_t:s15:c0.c255 |
|---|
| 28 |
# Most of the sysctl SIDs are now computed at runtime |
|---|
| 29 |
# from genfs_contexts, so the corresponding initial SIDs |
|---|
| 30 |
# are no longer required. |
|---|
| 31 |
sid sysctl_modprobe system_u:object_r:unlabeled_t:s15:c0.c255 |
|---|
| 32 |
# But we still need the base sysctl initial SID as a default. |
|---|
| 33 |
sid sysctl system_u:object_r:sysctl_t:s0 |
|---|
| 34 |
sid sysctl_fs system_u:object_r:unlabeled_t:s15:c0.c255 |
|---|
| 35 |
sid sysctl_kernel system_u:object_r:unlabeled_t:s15:c0.c255 |
|---|
| 36 |
sid sysctl_net system_u:object_r:unlabeled_t:s15:c0.c255 |
|---|
| 37 |
sid sysctl_net_unix system_u:object_r:unlabeled_t:s15:c0.c255 |
|---|
| 38 |
sid sysctl_vm system_u:object_r:unlabeled_t:s15:c0.c255 |
|---|
| 39 |
sid sysctl_dev system_u:object_r:unlabeled_t:s15:c0.c255 |
|---|
| 40 |
# No longer used, can be removed. |
|---|
| 41 |
sid kmod system_u:object_r:unlabeled_t:s15:c0.c255 |
|---|
| 42 |
sid policy system_u:object_r:unlabeled_t:s15:c0.c255 |
|---|
| 43 |
sid scmp_packet system_u:object_r:unlabeled_t:s15:c0.c255 |
|---|
| 44 |
sid devnull system_u:object_r:null_device_t:s0 |
|---|
| 45 |
|
|---|
| 46 |
# FLASK |
|---|
