github.com/hugh712/snapd@v0.0.0-20200910133618-1a99902bd583/data/selinux/snappy.fc (about) 1 # This file is part of snapd-selinux 2 # Skeleton derived from Fedora selinux-policy, Copyright (C) 2016 Red Hat, Inc. 3 # Copyright (C) 2016 Neal Gompa 4 # 5 # This program is free software; you can redistribute it and/or modify 6 # it under the terms of the GNU General Public License as published by 7 # the Free Software Foundation; either version 2 of the License, or 8 # (at your option) any later version. 9 # 10 # This program is distributed in the hope that it will be useful, 11 # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 # GNU Library General Public License for more details. 14 # 15 # You should have received a copy of the GNU General Public License 16 # along with this program; if not, write to the Free Software 17 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 18 19 20 HOME_DIR/snap(/.*)? gen_context(system_u:object_r:snappy_home_t,s0) 21 /root/snap(/.*)? gen_context(system_u:object_r:snappy_home_t,s0) 22 23 /usr/bin/snap -- gen_context(system_u:object_r:snappy_cli_exec_t,s0) 24 /usr/bin/snapctl -- gen_context(system_u:object_r:snappy_cli_exec_t,s0) 25 26 ifdef(`distro_redhat',` 27 /usr/libexec/snapd/snapctl -- gen_context(system_u:object_r:snappy_cli_exec_t,s0) 28 /usr/libexec/snapd/snap-confine -- gen_context(system_u:object_r:snappy_confine_exec_t,s0) 29 /usr/libexec/snapd/snap-update-ns -- gen_context(system_u:object_r:snappy_mount_exec_t,s0) 30 /usr/libexec/snapd/snap-discard-ns -- gen_context(system_u:object_r:snappy_mount_exec_t,s0) 31 /usr/libexec/snapd/.* -- gen_context(system_u:object_r:snappy_exec_t,s0) 32 /etc/sysconfig/snapd -- gen_context(system_u:object_r:snappy_config_t,s0) 33 /usr/lib/systemd/system/snapd.* -- gen_context(system_u:object_r:snappy_unit_file_t,s0) 34 ') 35 36 ifdef(`distro_debian',` 37 /usr/lib/snapd/snapctl -- gen_context(system_u:object_r:snappy_cli_exec_t,s0) 38 /usr/lib/snapd/snap-confine -- gen_context(system_u:object_r:snappy_confine_exec_t,s0) 39 /usr/lib/snapd/snap-update-ns -- gen_context(system_u:object_r:snappy_mount_exec_t,s0) 40 /usr/lib/snapd/snap-discard-ns -- gen_context(system_u:object_r:snappy_mount_exec_t,s0) 41 /usr/lib/snapd/.* -- gen_context(system_u:object_r:snappy_exec_t,s0) 42 /etc/default/snapd -- gen_context(system_u:object_r:snappy_config_t,s0) 43 /lib/systemd/system/snapd.* -- gen_context(system_u:object_r:snappy_unit_file_t,s0) 44 ') 45 46 /var/run/snapd(/.*)? gen_context(system_u:object_r:snappy_var_run_t,s0) 47 /var/run/snapd\.socket -s gen_context(system_u:object_r:snappy_var_run_t,s0) 48 /var/run/snapd-snap\.socket -s gen_context(system_u:object_r:snappy_var_run_t,s0) 49 /var/lib/snapd(/.*)? gen_context(system_u:object_r:snappy_var_lib_t,s0) 50 /var/cache/snapd(/.*)? gen_context(system_u:object_r:snappy_var_cache_t,s0) 51 /var/snap(/.*)? gen_context(system_u:object_r:snappy_var_t,s0) 52 53 /run/snapd(/.*)? gen_context(system_u:object_r:snappy_var_run_t,s0) 54 /run/snapd\.socket -s gen_context(system_u:object_r:snappy_var_run_t,s0) 55 /run/snapd-snap\.socket -s gen_context(system_u:object_r:snappy_var_run_t,s0)