SELinux [Electronic resources]

Bill McCarty

نسخه متنی -صفحه : 100/ 72
نمايش فراداده

Appendix D. SELinux General Types

This appendix includes several tables describing SELinux general types: types that tend to be referenced by multiple domains. The types shown in Tables 1 through 5 are those present in the Fedora Core 2 implementation of SELinux. SELinux developers may introduce new types or delete existing types in other SELinux releases.

Table D-1. Device-related types

Type

Description

agp_device_t

AGP video device: /dev/agpgart

apm_bios_t

APM BIOS

clock_device_t

Hardware clock device: /dev/rtc

console_device_t

Console device: /dev/console

cpu_device_t

CPU device: /dev/cpu/*

devfs_control_t

Devfs filesystem.

device_t

Device

devtty_t

tty device

dri_device_t

DRI device: /dev/dri, /dev/dri/.*

event_device_t

Event device: /dev/input/event.*

fixed_disk_device_t

Fixed disk drive

framebuf_device_t

Framebuffer device: /dev/fb[0-9]*

memory_device_t

Memory device: /dev/kmem, /dev/mem, /dev/port, /dev/nvram

misc_device_t

Miscellaneous device (for instance, /dev/sequencer)

mouse_device_t

Mouse

mtrr_device_t

Memory type range register device: /dev/cpu/mtrr

null_device_t

/dev/null

ppp_device_t

/dev/ppp, /dev/pppox, /dev/ippp

random_device_t

Entropy generator: /dev/random

removable_device_t

Device having removable media (for instance, a CD-ROM device)

scanner_device_t

Scanner

scsi_generic_device_t

Generic SCSI device: /dev/sg[0-9]+

sound_device_t

Sound device

tape_device_t

Magnetic tape device

tty_device_t

tty device

tun_tap_device_t

Network tunnel or tap device: /dev/net/tun/*, /dev/net/tap/*

urandom_device_t

Entropy generator: /dev/urandom

v4l_device_t

Radio or tuner device

zero_device_t

/dev/zero

Table D-2. File-related types

Type

Description

at_spool_t

At-related files in /var/spool/at

bdev_t

Bdev filesystem

bin_t

Binary executables in /bin

boot_runtime_t

Boot configuration files, such as grub.conf

boot_t

Bootable kernel and RAM disk files such as /vmlinuz

catman_t

Man page catalog files

cifs_t

Alias for sambafs_t

cron_spool_t

cron files

default_t

A default file context

dosfs_t

MSDOS , FAT , VFAT , or NTFS filesystem

etc_aliases_t

/etc/aliases and related files

etc_runtime_t

Volatile files in /etc and subdirectories

etc_t

Nonvolatile files in /etc and subdirectories

eventpollfs_t

Event-poll filesystem

faillog_t

/var/log/faillog and related login failure log files

file_t

Default type of unlabeled file

fonts_t

Font file

fs_t

Default type for filesystems

futexfs_t

Futex filesystem

home_root_t

Type for directory containing user home directories

iso9660_t

ISO9660 filesystem

krb5_conf_t

/etc/krb5.conf and related Kerberos files

lastlog_t

/var/log/lastlog and related login log files

ld_so_cache_t

/etc/ld.so.cache and related shared library cache files

ld_so_t

/etc/ld.so.conf and related shared library configuration files

lib_t

Modules, libraries, and related files in /lib

locale_t

/usr/share/locale, /usr/share/zoneinfo and localization files

lost_found_t

Lost and found directories and the files they contain

ls_exec_t

/bin/ls

mail_spool_t

/var/mail, /var/spool/mail, and related files

man_t

/usr/man, /usr/share/man, and related files

mnt_t

/mnt and related files

mqueue_spool_t

/var/spool/mqueue and related files.

net_conf_t

Network configuration files, such as /etc/resolv.conf

nfsd_fs_t

NFSD filesystem

poly_t

Polyinstantiated directory (defined, but not used, in sample policy)

print_spool_t

/var/spool/lpd, /var/spool/cups, and related files

ramfs_t

RAMFS filesystem

readable_t

Files and directories readable by ordinary users

resolv_conf_t

Alias for net_conf_t

romfs_t

ROMFS or CRAMFS filesystem

root_t

Root filesystem

rpc_pipefs_t

RPC pipe filesystem

sambafs_t

Samba (CIFS ) filesystem

sbin_t

/sbin, /usr/sbin, and related files

shadow_t

/etc/shadow and related files

shell_exec_t

Executable shell, such as /bin/bash

shlib_t

Shared libraries in /lib, /usr/lib, and elsewhere

src_t

/usr/local/src and related files

swapfile_t

Swap file

sysfs_t

SYS filesystem

system_map_t

/boot/System.map and related files

test_file_t

(Defined, but not used, in sample policy)

tetex_data_t

Texmf-related files in /var/spool/texmf, /var/lib/texmf, and elsewhere

tmpfs_t

TMPFS filesystem

tmp_t

User-created files in /tmp and elsewhere

udev_runtime_t

UDEV table file

unlabeled_t

Unlabeled file

usbdevfs_t

USB DEV filesystem

usbfs_t

USB filesystem

usr_t

/usr, /opt and related files

var_lib_nfs_t

/var/lib/nfs and related files

var_lib_t

/var/lib and related files

var_lock_t

/var/lock and related files

var_log_ksyms_t

/var/log/ksyms and related files

var_log_t

/var/log/dmesg, /var/log/syslog, and related files

var_run_t

/var/run and related files

var_spool_t

/var/spool and related files

var_t

/var and related files

var_yp_t

/var/yp and related files

wtmp_t

/var/log/wtmp and related files

The descriptions given in Table D-2 are abbreviated. The types listed in the table are often used to label a variety of files beyond those identified in the concise descriptions given in the table.

Table D-3. Types related to networking

Type

Description

any_socket_t

Obsolete type used to refer to UDP or raw IP socket

icmp_socket_t

Socket used to send ICMP messages

igmp_packet_t

IGMP packet

netif_eth0_t

Network interface eth0

netif_eth1_t

Network interface eth1

netif_eth2_t

Network interface eth2

netif_ippp0_t

Network interface ippp0

netif_ipsec0_t

Network interface ipsec0

netif_ipsec1_t

Network interface ipsec1

netif_ipsec2_t

Network interface ipsec2

netif_lo_t

Network interface lo

netif_t

A network interface

netmsg_eth0_t

Network message arriving on interface eth0

netmsg_eth1_t

Network message arriving on interface eth1

netmsg_eth2_t

Network message arriving on interface eth2

netmsg_ippp0_t

Network message arriving on interface ippp0

netmsg_ipsec0_t

Network message arriving on interface ipsec0

netmsg_ipsec1_t

Network message arriving on interface ipsec1

netmsg_ipsec2_t

Network message arriving on interface ipsec2

netmsg_lo_t

Network message arriving on interface lo

netmsg_t

Network message arriving on any interface

node_compat_ipv4_t

IP address of IPv4-compatible host

node_inaddr_any_t

IP address of any host

node_internal_t

IP address of LAN host

node_link_local_t

IP address of LAN host

node_lo_t

IP address of loopback interface

node_mapped_ipv4_t

IP address of host having a mapped IPv4 address

node_multicast_t

IP address of host having a multicast address

node_site_local_t

IP address of host associated with local site

node_t

Default type of network node

node_unspec_t

Network node of unspecified type

pop_port_t

Post Office Protocol port

port_t

TCP/IP port

scmp_packet_t

SCMP (ST Control Message Protocol) packet

tcp_socket_t

Socket used to send TCP data

xserver_port_t

X server port

Table D-4. Types related to /proc

Type

Description

proc_kcore_t

/proc/kcore and related files

proc_kmsg_t

/proc/kmsg and related files

proc_t

/proc filesystem and related files

sysctl_dev_t

/proc/sys/dev and related files

sysctl_fs_t

/proc/sys/fs and related files

sysctl_hotplug_t

/proc/sys/kernel/hotplug and related files

sysctl_irq_t

/proc/irq and related procfs files

sysctl_kernel_t

/proc/sys/kernel and related files

sysctl_modprobe_t

/proc/sys/kernel/modprobe and related files

sysctl_net_t

/proc/sys/net and related files

sysctl_net_unix_t

/proc/sys/net/unix and related files

sysctl_rpc_t

/proc/net/rpc and related files

sysctl_t

/proc/sys and related files

sysctl_vm_t

/proc/sys/vm and related files

Table D-5. Types related to SELinux

Type

Description

default_context_t

Type of /etc/security/default_contexts file

file_labels_t

Type of the persistent label mapping stored in a filesystem

no_access_t

Type of objects that should be accessed only administratively

policy_config_t

Type of /etc/security/selinux/*

policy_src_t

Type of the policy source files

security_t

Target type used when checking permissions in the security class; also the type of selinuxfs i-nodes