4
# Define the security context for each initial SID
7
sid kernel system_u:system_r:kernel_t
8
sid security system_u:object_r:security_t
9
sid unlabeled system_u:object_r:unlabeled_t
10
sid fs system_u:object_r:fs_t
11
sid file system_u:object_r:file_t
12
# Persistent label mapping is gone. This initial SID can be removed.
13
sid file_labels system_u:object_r:unlabeled_t
14
# init_t is still used, but an initial SID is no longer required.
15
sid init system_u:object_r:unlabeled_t
16
# any_socket is no longer used.
17
sid any_socket system_u:object_r:unlabeled_t
18
sid port system_u:object_r:port_t
19
sid netif system_u:object_r:netif_t
20
# netmsg is no longer used.
21
sid netmsg system_u:object_r:unlabeled_t
22
sid node system_u:object_r:node_t
23
# These sockets are now labeled with the kernel SID,
24
# and do not require their own initial SIDs.
25
sid igmp_packet system_u:object_r:unlabeled_t
26
sid icmp_socket system_u:object_r:unlabeled_t
27
sid tcp_socket system_u:object_r:unlabeled_t
28
# Most of the sysctl SIDs are now computed at runtime
29
# from genfs_contexts, so the corresponding initial SIDs
30
# are no longer required.
31
sid sysctl_modprobe system_u:object_r:unlabeled_t
32
# But we still need the base sysctl initial SID as a default.
33
sid sysctl system_u:object_r:sysctl_t
34
sid sysctl_fs system_u:object_r:unlabeled_t
35
sid sysctl_kernel system_u:object_r:unlabeled_t
36
sid sysctl_net system_u:object_r:unlabeled_t
37
sid sysctl_net_unix system_u:object_r:unlabeled_t
38
sid sysctl_vm system_u:object_r:unlabeled_t
39
sid sysctl_dev system_u:object_r:unlabeled_t
40
# No longer used, can be removed.
41
sid kmod system_u:object_r:unlabeled_t
42
sid policy system_u:object_r:unlabeled_t
43
sid scmp_packet system_u:object_r:unlabeled_t
44
sid devnull system_u:object_r:null_device_t