github.com/hugh712/snapd@v0.0.0-20200910133618-1a99902bd583/data/selinux/snappy.fc (about)

     1  # This file is part of snapd-selinux
     2  # Skeleton derived from Fedora selinux-policy, Copyright (C) 2016 Red Hat, Inc.
     3  # Copyright (C) 2016 Neal Gompa
     4  #
     5  # This program is free software; you can redistribute it and/or modify
     6  # it under the terms of the GNU General Public License as published by
     7  # the Free Software Foundation; either version 2 of the License, or
     8  # (at your option) any later version.
     9  #
    10  # This program is distributed in the hope that it will be useful,
    11  # but WITHOUT ANY WARRANTY; without even the implied warranty of
    12  # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13  # GNU Library General Public License for more details.
    14  #
    15  # You should have received a copy of the GNU General Public License
    16  # along with this program; if not, write to the Free Software
    17  # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
    18  
    19  
    20  HOME_DIR/snap(/.*)?			gen_context(system_u:object_r:snappy_home_t,s0)
    21  /root/snap(/.*)?			gen_context(system_u:object_r:snappy_home_t,s0)
    22  
    23  /usr/bin/snap			--	gen_context(system_u:object_r:snappy_cli_exec_t,s0)
    24  /usr/bin/snapctl		--	gen_context(system_u:object_r:snappy_cli_exec_t,s0)
    25  
    26  ifdef(`distro_redhat',`
    27  /usr/libexec/snapd/snapctl		--	gen_context(system_u:object_r:snappy_cli_exec_t,s0)
    28  /usr/libexec/snapd/snap-confine		--	gen_context(system_u:object_r:snappy_confine_exec_t,s0)
    29  /usr/libexec/snapd/snap-update-ns		--	gen_context(system_u:object_r:snappy_mount_exec_t,s0)
    30  /usr/libexec/snapd/snap-discard-ns		--	gen_context(system_u:object_r:snappy_mount_exec_t,s0)
    31  /usr/libexec/snapd/.*		--	gen_context(system_u:object_r:snappy_exec_t,s0)
    32  /etc/sysconfig/snapd		-- 	gen_context(system_u:object_r:snappy_config_t,s0)
    33  /usr/lib/systemd/system/snapd.* --	gen_context(system_u:object_r:snappy_unit_file_t,s0)
    34  ')
    35  
    36  ifdef(`distro_debian',`
    37  /usr/lib/snapd/snapctl		--	gen_context(system_u:object_r:snappy_cli_exec_t,s0)
    38  /usr/lib/snapd/snap-confine		--	gen_context(system_u:object_r:snappy_confine_exec_t,s0)
    39  /usr/lib/snapd/snap-update-ns		--	gen_context(system_u:object_r:snappy_mount_exec_t,s0)
    40  /usr/lib/snapd/snap-discard-ns		--	gen_context(system_u:object_r:snappy_mount_exec_t,s0)
    41  /usr/lib/snapd/.*  		--	gen_context(system_u:object_r:snappy_exec_t,s0)
    42  /etc/default/snapd		-- 	gen_context(system_u:object_r:snappy_config_t,s0)
    43  /lib/systemd/system/snapd.* 	--	gen_context(system_u:object_r:snappy_unit_file_t,s0)
    44  ')
    45  
    46  /var/run/snapd(/.*)?	        gen_context(system_u:object_r:snappy_var_run_t,s0)
    47  /var/run/snapd\.socket 		-s	gen_context(system_u:object_r:snappy_var_run_t,s0)
    48  /var/run/snapd-snap\.socket 	-s	gen_context(system_u:object_r:snappy_var_run_t,s0)
    49  /var/lib/snapd(/.*)?			gen_context(system_u:object_r:snappy_var_lib_t,s0)
    50  /var/cache/snapd(/.*)?			gen_context(system_u:object_r:snappy_var_cache_t,s0)
    51  /var/snap(/.*)?				gen_context(system_u:object_r:snappy_var_t,s0)
    52  
    53  /run/snapd(/.*)?	        gen_context(system_u:object_r:snappy_var_run_t,s0)
    54  /run/snapd\.socket 		-s	gen_context(system_u:object_r:snappy_var_run_t,s0)
    55  /run/snapd-snap\.socket 	-s	gen_context(system_u:object_r:snappy_var_run_t,s0)