This appendix includes several tables describing SELinux general types: types that tend to be referenced by multiple domains. The types shown in Tables 1 through 5 are those present in the Fedora Core 2 implementation of SELinux. SELinux developers may introduce new types or delete existing types in other SELinux releases.
Type
Description
agp_device_t
AGP video device: /dev/agpgart
apm_bios_t
APM BIOS
clock_device_t
Hardware clock device: /dev/rtc
console_device_t
Console device: /dev/console
cpu_device_t
CPU device: /dev/cpu/*
devfs_control_t
Devfs filesystem.
device_t
Device
devtty_t
tty device
dri_device_t
DRI device: /dev/dri, /dev/dri/.*
event_device_t
Event device: /dev/input/event.*
fixed_disk_device_t
Fixed disk drive
framebuf_device_t
Framebuffer device: /dev/fb[0-9]*
memory_device_t
Memory device: /dev/kmem, /dev/mem, /dev/port, /dev/nvram
misc_device_t
Miscellaneous device (for instance, /dev/sequencer)
mouse_device_t
Mouse
mtrr_device_t
Memory type range register device: /dev/cpu/mtrr
null_device_t
/dev/null
ppp_device_t
/dev/ppp, /dev/pppox, /dev/ippp
random_device_t
Entropy generator: /dev/random
removable_device_t
Device having removable media (for instance, a CD-ROM device)
scanner_device_t
Scanner
scsi_generic_device_t
Generic SCSI device: /dev/sg[0-9]+
sound_device_t
Sound device
tape_device_t
Magnetic tape device
tty_device_t
tty device
tun_tap_device_t
Network tunnel or tap device: /dev/net/tun/*, /dev/net/tap/*
urandom_device_t
Entropy generator: /dev/urandom
v4l_device_t
Radio or tuner device
zero_device_t
/dev/zero
Type
Description
at_spool_t
At-related files in /var/spool/at
bdev_t
Bdev filesystem
bin_t
Binary executables in /bin
boot_runtime_t
Boot configuration files, such as grub.conf
boot_t
Bootable kernel and RAM disk files such as /vmlinuz
catman_t
Man page catalog files
cifs_t
Alias for sambafs_t
cron_spool_t
cron files
default_t
A default file context
dosfs_t
MSDOS , FAT , VFAT , or NTFS filesystem
etc_aliases_t
/etc/aliases and related files
etc_runtime_t
Volatile files in /etc and subdirectories
etc_t
Nonvolatile files in /etc and subdirectories
eventpollfs_t
Event-poll filesystem
faillog_t
/var/log/faillog and related login failure log files
file_t
Default type of unlabeled file
fonts_t
Font file
fs_t
Default type for filesystems
futexfs_t
Futex filesystem
home_root_t
Type for directory containing user home directories
iso9660_t
ISO9660 filesystem
krb5_conf_t
/etc/krb5.conf and related Kerberos files
lastlog_t
/var/log/lastlog and related login log files
ld_so_cache_t
/etc/ld.so.cache and related shared library cache files
ld_so_t
/etc/ld.so.conf and related shared library configuration files
lib_t
Modules, libraries, and related files in /lib
locale_t
/usr/share/locale, /usr/share/zoneinfo and localization files
lost_found_t
Lost and found directories and the files they contain
ls_exec_t
/bin/ls
mail_spool_t
/var/mail, /var/spool/mail, and related files
man_t
/usr/man, /usr/share/man, and related files
mnt_t
/mnt and related files
mqueue_spool_t
/var/spool/mqueue and related files.
net_conf_t
Network configuration files, such as /etc/resolv.conf
nfsd_fs_t
NFSD filesystem
poly_t
Polyinstantiated directory (defined, but not used, in sample policy)
print_spool_t
/var/spool/lpd, /var/spool/cups, and related files
ramfs_t
RAMFS filesystem
readable_t
Files and directories readable by ordinary users
resolv_conf_t
Alias for net_conf_t
romfs_t
ROMFS or CRAMFS filesystem
root_t
Root filesystem
rpc_pipefs_t
RPC pipe filesystem
sambafs_t
Samba (CIFS ) filesystem
sbin_t
/sbin, /usr/sbin, and related files
shadow_t
/etc/shadow and related files
shell_exec_t
Executable shell, such as /bin/bash
shlib_t
Shared libraries in /lib, /usr/lib, and elsewhere
src_t
/usr/local/src and related files
swapfile_t
Swap file
sysfs_t
SYS filesystem
system_map_t
/boot/System.map and related files
test_file_t
(Defined, but not used, in sample policy)
tetex_data_t
Texmf-related files in /var/spool/texmf, /var/lib/texmf, and elsewhere
tmpfs_t
TMPFS filesystem
tmp_t
User-created files in /tmp and elsewhere
udev_runtime_t
UDEV table file
unlabeled_t
Unlabeled file
usbdevfs_t
USB DEV filesystem
usbfs_t
USB filesystem
usr_t
/usr, /opt and related files
var_lib_nfs_t
/var/lib/nfs and related files
var_lib_t
/var/lib and related files
var_lock_t
/var/lock and related files
var_log_ksyms_t
/var/log/ksyms and related files
var_log_t
/var/log/dmesg, /var/log/syslog, and related files
var_run_t
/var/run and related files
var_spool_t
/var/spool and related files
var_t
/var and related files
var_yp_t
/var/yp and related files
wtmp_t
/var/log/wtmp and related files
The descriptions given in Table D-2 are abbreviated. The types listed in the table are often used to label a variety of files beyond those identified in the concise descriptions given in the table.
Type
Description
any_socket_t
Obsolete type used to refer to UDP or raw IP socket
icmp_socket_t
Socket used to send ICMP messages
igmp_packet_t
IGMP packet
netif_eth0_t
Network interface eth0
netif_eth1_t
Network interface eth1
netif_eth2_t
Network interface eth2
netif_ippp0_t
Network interface ippp0
netif_ipsec0_t
Network interface ipsec0
netif_ipsec1_t
Network interface ipsec1
netif_ipsec2_t
Network interface ipsec2
netif_lo_t
Network interface lo
netif_t
A network interface
netmsg_eth0_t
Network message arriving on interface eth0
netmsg_eth1_t
Network message arriving on interface eth1
netmsg_eth2_t
Network message arriving on interface eth2
netmsg_ippp0_t
Network message arriving on interface ippp0
netmsg_ipsec0_t
Network message arriving on interface ipsec0
netmsg_ipsec1_t
Network message arriving on interface ipsec1
netmsg_ipsec2_t
Network message arriving on interface ipsec2
netmsg_lo_t
Network message arriving on interface lo
netmsg_t
Network message arriving on any interface
node_compat_ipv4_t
IP address of IPv4-compatible host
node_inaddr_any_t
IP address of any host
node_internal_t
IP address of LAN host
node_link_local_t
IP address of LAN host
node_lo_t
IP address of loopback interface
node_mapped_ipv4_t
IP address of host having a mapped IPv4 address
node_multicast_t
IP address of host having a multicast address
node_site_local_t
IP address of host associated with local site
node_t
Default type of network node
node_unspec_t
Network node of unspecified type
pop_port_t
Post Office Protocol port
port_t
TCP/IP port
scmp_packet_t
SCMP (ST Control Message Protocol) packet
tcp_socket_t
Socket used to send TCP data
xserver_port_t
X server port
Type
Description
proc_kcore_t
/proc/kcore and related files
proc_kmsg_t
/proc/kmsg and related files
proc_t
/proc filesystem and related files
sysctl_dev_t
/proc/sys/dev and related files
sysctl_fs_t
/proc/sys/fs and related files
sysctl_hotplug_t
/proc/sys/kernel/hotplug and related files
sysctl_irq_t
/proc/irq and related procfs files
sysctl_kernel_t
/proc/sys/kernel and related files
sysctl_modprobe_t
/proc/sys/kernel/modprobe and related files
sysctl_net_t
/proc/sys/net and related files
sysctl_net_unix_t
/proc/sys/net/unix and related files
sysctl_rpc_t
/proc/net/rpc and related files
sysctl_t
/proc/sys and related files
sysctl_vm_t
/proc/sys/vm and related files
Type
Description
default_context_t
Type of /etc/security/default_contexts file
file_labels_t
Type of the persistent label mapping stored in a filesystem
no_access_t
Type of objects that should be accessed only administratively
policy_config_t
Type of /etc/security/selinux/*
policy_src_t
Type of the policy source files
security_t
Target type used when checking permissions in the security class; also the type of selinuxfs i-nodes