#
# This file describes the security contexts to be applied to files
# when the security policy is installed.  The setfiles program
# reads this file and labels files accordingly.
#
# Each specification has the form:
#       regexp [ -type ] ( context | <<none>> )
#
# By default, the regexp is an anchored match on both ends (i.e. a 
# caret (^) is prepended and a dollar sign ($) is appended automatically).
# This default may be overridden by using .* at the beginning and/or
# end of the regular expression.  
#
# The optional type field specifies the file type as shown in the mode
# field by ls, e.g. use -d to match only directories or -- to match only
# regular files.
# 
# The value of <<none> may be used to indicate that matching files
# should not be relabeled.
#
# The last matching specification is used.
#
# If there are multiple hard links to a file that match 
# different specifications and those specifications indicate
# different security contexts, then a warning is displayed
# but the file is still labeled based on the last matching
# specification other than <<none>>.
#
# Some of the files listed here get re-created during boot and therefore
# need type transition rules to retain the correct type. These files are
# listed here anyway so that if the setfiles program is used on a running
# system it does not relabel them to something we do not want. An example of
# this is /var/run/utmp.
#

#
# The security context for all files not otherwise specified.
#
/.*				system_u:object_r:file_t

#
# The root directory.
#
/			-d	system_u:object_r:root_t

#
# A common mount point
/mnt(/.*)?		-d	system_u:object_r:mnt_t

#
# /var
#
/var(/.*)?			system_u:object_r:var_t
/var/catman(/.*)?		system_u:object_r:catman_t
/var/cache/man(/.*)?		system_u:object_r:catman_t
/var/yp(/.*)?			system_u:object_r:var_yp_t
/var/lib(64)?(/.*)?			system_u:object_r:var_lib_t
/var/lib(64)?/nfs(/.*)?		system_u:object_r:var_lib_nfs_t
/var/lib(64)?/texmf(/.*)?		system_u:object_r:tetex_data_t
/var/cache/fonts(/.*)?		system_u:object_r:tetex_data_t
/var/lock(/.*)?			system_u:object_r:var_lock_t
/var/tmp		-d	system_u:object_r:tmp_t
/var/tmp/.*			<<none>>
/var/tmp/vi\.recover	-d	system_u:object_r:tmp_t

#
# /var/ftp
#
/var/ftp/bin(/.*)?		system_u:object_r:bin_t
/var/ftp/bin/ls		--	system_u:object_r:ls_exec_t
/var/ftp/lib(64)?(/.*)?		system_u:object_r:lib_t
/var/ftp/lib(64)?/ld.*\.so.* --	system_u:object_r:ld_so_t
/var/ftp/lib(64)?/lib.*\.so.* --	system_u:object_r:shlib_t
/var/ftp/etc(/.*)?		system_u:object_r:etc_t

# 
# The superuser home directory.
#
/root(/.*)?			system_u:object_r:sysadm_home_t
/root			-d	system_u:object_r:sysadm_home_dir_t

# 
# Ordinary user home directories.
#
/home			-d	system_u:object_r:home_root_t
/home/[^/]+		-d	system_u:object_r:user_home_dir_t
/home/[^/]+/.+			system_u:object_r:user_home_t

#
# /bin
#
/bin(/.*)?			system_u:object_r:bin_t
/bin/k?sh		--	system_u:object_r:shell_exec_t
/bin/tcsh		--	system_u:object_r:shell_exec_t
/bin/bash		--	system_u:object_r:shell_exec_t
/bin/bash2		--	system_u:object_r:shell_exec_t
/bin/sash		--	system_u:object_r:shell_exec_t
/bin/d?ash		--	system_u:object_r:shell_exec_t
/bin/zsh.*		--	system_u:object_r:shell_exec_t
/bin/ls			--	system_u:object_r:ls_exec_t

#
# /boot
#
/boot(/.*)?			system_u:object_r:boot_t
/boot/System\.map-.*	--	system_u:object_r:system_map_t
/boot/kernel\.h.*	--	system_u:object_r:boot_runtime_t

#
# /u?dev
#
/u?dev(/.*)?			system_u:object_r:device_t
/u?dev/pts(/.*)?			<<none>>
/u?dev/cpu/.*		-c	system_u:object_r:cpu_device_t
/u?dev/MAKEDEV		--	system_u:object_r:sbin_t
/u?dev/null		-c	system_u:object_r:null_device_t
/u?dev/full		-c	system_u:object_r:null_device_t
/u?dev/zero		-c	system_u:object_r:zero_device_t
/u?dev/console		-c	system_u:object_r:console_device_t
/u?dev/(kmem|mem|port)	-c	system_u:object_r:memory_device_t
/u?dev/nvram		-c	system_u:object_r:memory_device_t
/u?dev/random		-c	system_u:object_r:random_device_t
/u?dev/urandom		-c	system_u:object_r:urandom_device_t
/u?dev/.*tty[^/]*		-c	system_u:object_r:tty_device_t
/u?dev/cu.*		-c	system_u:object_r:tty_device_t
/u?dev/vcs[^/]*		-c	system_u:object_r:tty_device_t
/u?dev/ip2[^/]*		-c	system_u:object_r:tty_device_t
/u?dev/tty		-c	system_u:object_r:devtty_t
/u?dev/[shmx]d[^/]*	-b	system_u:object_r:fixed_disk_device_t
/u?dev/sg[0-9]+		-c	system_u:object_r:scsi_generic_device_t
/u?dev/rd.*		-b	system_u:object_r:fixed_disk_device_t
/u?dev/i2o/hd[^/]*	-b	system_u:object_r:fixed_disk_device_t
/u?dev/ubd[^/]*		-b	system_u:object_r:fixed_disk_device_t
/u?dev/cciss/[^/]*	-b	system_u:object_r:fixed_disk_device_t
/u?dev/ida/[^/]*		-b	system_u:object_r:fixed_disk_device_t
/u?dev/dasd[^/]*		-b	system_u:object_r:fixed_disk_device_t
/u?dev/flash[^/]*		-b	system_u:object_r:fixed_disk_device_t
/u?dev/nb[^/]+		-b	system_u:object_r:fixed_disk_device_t
/u?dev/ataraid/.*		-b	system_u:object_r:fixed_disk_device_t
/u?dev/loop.*		-b	system_u:object_r:fixed_disk_device_t
/u?dev/ram.*		-b	system_u:object_r:fixed_disk_device_t
/u?dev/rawctl		-c	system_u:object_r:fixed_disk_device_t
/u?dev/raw/raw[0-9]+	-c	system_u:object_r:fixed_disk_device_t
/u?dev/initrd		-b	system_u:object_r:fixed_disk_device_t
/u?dev/jsfd		-b	system_u:object_r:fixed_disk_device_t
/u?dev/jsflash		-c	system_u:object_r:fixed_disk_device_t
/u?dev/s(cd|r)[^/]*	-b	system_u:object_r:removable_device_t
/u?dev/usb/rio500		-c	system_u:object_r:removable_device_t
/u?dev/fd[^/]+		-b	system_u:object_r:removable_device_t
# I think a parallel port disk is a removable device...
/u?dev/pd[a-d][^/]*	-b	system_u:object_r:removable_device_t
/u?dev/p[fg][0-3]		-b	system_u:object_r:removable_device_t
/u?dev/aztcd		-b	system_u:object_r:removable_device_t
/u?dev/bpcd		-b	system_u:object_r:removable_device_t
/u?dev/gscd		-b	system_u:object_r:removable_device_t
/u?dev/hitcd		-b	system_u:object_r:removable_device_t
/u?dev/pcd[0-3]		-b	system_u:object_r:removable_device_t
/u?dev/mcdx?		-b	system_u:object_r:removable_device_t
/u?dev/cdu.*		-b	system_u:object_r:removable_device_t
/u?dev/cm20.*		-b	system_u:object_r:removable_device_t
/u?dev/optcd		-b	system_u:object_r:removable_device_t
/u?dev/sbpcd.*		-b	system_u:object_r:removable_device_t
/u?dev/sjcd		-b	system_u:object_r:removable_device_t
/u?dev/sonycd		-b	system_u:object_r:removable_device_t
# parallel port ATAPI generic device
/u?dev/pg[0-3]		-c	system_u:object_r:removable_device_t
/u?dev/rtc		-c	system_u:object_r:clock_device_t
/u?dev/psaux		-c	system_u:object_r:mouse_device_t
/u?dev/atibm		-c	system_u:object_r:mouse_device_t
/u?dev/logibm		-c	system_u:object_r:mouse_device_t
/u?dev/.*mouse.*		-c	system_u:object_r:mouse_device_t
/u?dev/input/.*mouse.*	-c	system_u:object_r:mouse_device_t
/u?dev/input/mice		-c	system_u:object_r:mouse_device_t
/u?dev/input/js.*		-c	system_u:object_r:mouse_device_t
/u?dev/ptmx		-c	system_u:object_r:ptmx_t
/u?dev/sequencer			system_u:object_r:misc_device_t
/u?dev/fb[0-9]*		-c	system_u:object_r:framebuf_device_t
/u?dev/apm_bios		-c	system_u:object_r:apm_bios_t
/u?dev/cpu/mtrr		-c	system_u:object_r:mtrr_device_t
/u?dev/(radio|video|vbi|vtx).* -c	system_u:object_r:v4l_device_t
/u?dev/winradio.		-c	system_u:object_r:v4l_device_t
/u?dev/vttuner		-c	system_u:object_r:v4l_device_t
/u?dev/tlk[0-3]		-c	system_u:object_r:v4l_device_t
/u?dev/mixer.*		-c	system_u:object_r:sound_device_t
/u?dev/dsp.*		-c	system_u:object_r:sound_device_t
/u?dev/audio.*		-c	system_u:object_r:sound_device_t
/u?dev/r?midi.*		-c	system_u:object_r:sound_device_t
/u?dev/smpte.*		-c	system_u:object_r:sound_device_t
/u?dev/sndstat		-c	system_u:object_r:sound_device_t
/u?dev/beep		-c	system_u:object_r:sound_device_t
/u?dev/patmgr[01]		-c	system_u:object_r:sound_device_t
/u?dev/mpu401.*		-c	system_u:object_r:sound_device_t
/u?dev/srnd[0-7]		-c	system_u:object_r:sound_device_t
/u?dev/aload.*		-c	system_u:object_r:sound_device_t
/u?dev/amidi.*		-c	system_u:object_r:sound_device_t
/u?dev/amixer.*		-c	system_u:object_r:sound_device_t
/u?dev/snd/.*		-c	system_u:object_r:sound_device_t
/u?dev/n?[hs]t[0-9].*	-c	system_u:object_r:tape_device_t
/u?dev/(n?raw)?qft[0-3]	-c	system_u:object_r:tape_device_t
/u?dev/n?z?qft[0-3]	-c	system_u:object_r:tape_device_t
/u?dev/n?tpqic[12].*	-c	system_u:object_r:tape_device_t
/u?dev/ht[0-1]		-b	system_u:object_r:tape_device_t
/u?dev/n?osst[0-3].*	-c	system_u:object_r:tape_device_t
/u?dev/n?pt[0-9]+		-c	system_u:object_r:tape_device_t
/u?dev/usb/scanner.*	-c	system_u:object_r:scanner_device_t
/u?dev/usb/dc2xx.*	-c	system_u:object_r:scanner_device_t
/u?dev/usb/mdc800.*	-c	system_u:object_r:scanner_device_t
/u?dev/mmetfgrab		-c	system_u:object_r:scanner_device_t

/proc(/.*)?			<<none>>
/sys(/.*)?			<<none>>
/selinux(/.*)?			<<none>>
/opt(/.*)?			system_u:object_r:usr_t

#
# /etc
#
/etc(/.*)?			system_u:object_r:etc_t
/etc/shadow.*		--	system_u:object_r:shadow_t
/etc/gshadow.*		--	system_u:object_r:shadow_t
/etc/blkid.tab		--	system_u:object_r:etc_runtime_t
/etc/fstab\.REVOKE	--	system_u:object_r:etc_runtime_t
/etc/HOSTNAME		--	system_u:object_r:etc_runtime_t
/etc/ioctl\.save	--	system_u:object_r:etc_runtime_t
/etc/mtab		--	system_u:object_r:etc_runtime_t
/etc/motd		--	system_u:object_r:etc_runtime_t
/etc/issue		--	system_u:object_r:etc_runtime_t
/etc/issue\.net		--	system_u:object_r:etc_runtime_t
/etc/sysconfig/hwconf	--	system_u:object_r:etc_runtime_t
/etc/asound\.state	--	system_u:object_r:etc_runtime_t
/etc/ld\.so\.cache	--	system_u:object_r:ld_so_cache_t
/etc/ld\.so\.preload	--	system_u:object_r:ld_so_cache_t
/etc/yp\.conf.*		--	system_u:object_r:resolv_conf_t
/etc/resolv\.conf.*	--	system_u:object_r:resolv_conf_t
/etc/selinux(/.*)?		system_u:object_r:policy_src_t
/etc/security/selinux(/.*)?	system_u:object_r:policy_config_t	
/etc/security/selinux/src(/.*)?	system_u:object_r:policy_src_t
/etc/security/default_context.*	system_u:object_r:default_context_t
/etc/services		--	system_u:object_r:etc_t

#
# /lib(64)?
#
/lib(64)?(/.*)?			system_u:object_r:lib_t
/lib(64)?/ld.*\.so.*		--	system_u:object_r:ld_so_t
/lib(64)?/tls/ld.*\.so.*	--	system_u:object_r:ld_so_t
/lib(64)?/lib.*\.so.*	--	system_u:object_r:shlib_t
/lib(64)?/[^/]*/lib.*\.so.*	--	system_u:object_r:shlib_t
/lib(64)?/devfsd/.*\.so.*	--	system_u:object_r:shlib_t
/lib(64)?/security/.*\.so.*	--	system_u:object_r:shlib_t
/lib(64)?/tls/i686/cmov/.*\.so.* --	system_u:object_r:shlib_t
/lib(64)?/libSegFault.so	--	system_u:object_r:lib_t

#
# /sbin
#
/sbin(/.*)?			system_u:object_r:sbin_t

#
# /tmp
#
/tmp			-d	system_u:object_r:tmp_t
/tmp/.*				<<none>>
/tmp/orbit.*			system_u:object_r:user_tmp_t
/tmp/\.ICE-unix(/.*)?		system_u:object_r:user_tmp_t

#
# /usr
#
/usr(/.*)?			system_u:object_r:usr_t
/usr/etc(/.*)?			system_u:object_r:etc_t
/usr/libexec(/.*)?		system_u:object_r:lib_t
/usr/src(/.*)?			system_u:object_r:src_t
/usr/tmp(/.*)?			system_u:object_r:tmp_t
/usr/man(/.*)?			system_u:object_r:man_t
/usr/share/man(/.*)?		system_u:object_r:man_t
/usr/share/mc/extfs/.*	--	system_u:object_r:bin_t

#
# /usr/bin
#
/usr/bin(/.*)?			system_u:object_r:bin_t

#
# /usr/lib(64)?
#
/usr/lib(64)?(/.*)?			system_u:object_r:lib_t
/usr/lib(64)?/lib.*\.so.*	--	system_u:object_r:shlib_t
/usr/lib(64)?/python.*\.so	--	system_u:object_r:shlib_t
/usr/lib(64)?/.*/lib[^/]*\.so.* --	system_u:object_r:shlib_t
/usr/lib(64)?/.*/.*\.so	--	system_u:object_r:shlib_t
/usr/lib(64)?/autofs/.*\.so	--	system_u:object_r:shlib_t
/usr/lib(64)?/perl5/man(/.*)?	system_u:object_r:man_t
/usr/lib(64)?/perl.*\.so	--	system_u:object_r:shlib_t
/usr/lib(64)?/selinux(/.*)?		system_u:object_r:policy_src_t
/usr/lib(64)?/emacsen-common/.*	system_u:object_r:bin_t
/usr/lib(64)?/.*/bin(/.*)?		system_u:object_r:bin_t
/usr/lib(64)?/gconv/.*\.so	--	system_u:object_r:shlib_t
/usr/share/guile/g-wrapped/.*\.so -- system_u:object_r:shlib_t
/usr/share/selinux(/.*)?	system_u:object_r:policy_src_t
/usr/games(/.*)?		system_u:object_r:bin_t

#
# /usr/.*glibc.*-linux/lib(64)?
#
/usr/.*glibc.*-linux/lib(64)?(/.*)?	system_u:object_r:lib_t
/usr/.*glibc.*-linux/lib(64)?/ld.*\.so.* system_u:object_r:ld_so_t
/usr/.*glibc.*-linux/lib(64)?/lib.*\.so.* system_u:object_r:shlib_t

# /usr/.*redhat-linux/lib(64)?
#
/usr/.*redhat-linux/lib(64)?(/.*)?	system_u:object_r:lib_t
/usr/.*redhat-linux/lib(64)?/ld.*\.so.* system_u:object_r:ld_so_t
/usr/.*redhat-linux/lib(64)?/lib.*\.so.* system_u:object_r:shlib_t

#
# /usr/.*linux-libc.*/lib(64)?
#
/usr/.*linux-libc.*/lib(64)?(/.*)? system_u:object_r:lib_t
/usr/.*linux-libc.*/lib(64)?/ld.*\.so.* system_u:object_r:ld_so_t
/usr/.*linux-libc.*/lib(64)?/lib.*\.so.* system_u:object_r:shlib_t

#
# /usr/local
#
/usr/local/etc(/.*)?		system_u:object_r:etc_t
/usr/local/src(/.*)?		system_u:object_r:src_t
/usr/local/sbin(/.*)?		system_u:object_r:sbin_t
/usr/local/man(/.*)?		system_u:object_r:man_t

#
# /usr/local/bin
#
/usr/local/bin(/.*)?		system_u:object_r:bin_t

#
# /usr/local/lib(64)?
#
/usr/local/lib(64)?(/.*)?		system_u:object_r:lib_t
/usr/local/lib(64)?/.*\.so.*	--	system_u:object_r:shlib_t

#
# /usr/sbin
#
/usr/sbin(/.*)?			system_u:object_r:sbin_t

#
# /usr/X11R6/(.*/)?bin
#
/usr/X11R6/(.*/)?bin(/.*)?	system_u:object_r:bin_t

#
# /usr/X11R6/(.*/)?lib(64)?
#
/usr/X11R6/(.*/)?lib(64)?(/.*)?		system_u:object_r:lib_t
/usr/X11R6/(.*/)?lib(64)?/lib.*\.so.* --	system_u:object_r:shlib_t

#
# /usr/X11R6/man
#
/usr/X11R6/man(/.*)?		system_u:object_r:man_t

#
# /usr/kerberos
#
/usr/kerberos/bin(/.*)?		system_u:object_r:bin_t
/usr/kerberos/sbin(/.*)?	system_u:object_r:sbin_t
/usr/kerberos/lib(64)?(/.*)?		system_u:object_r:lib_t
/usr/kerberos/lib(64)?/lib.*\.so.* -- system_u:object_r:shlib_t

#
# /usr/local/selinux
#
/usr/local/selinux/bin(/.*)?		system_u:object_r:bin_t
/usr/local/selinux/sbin(/.*)?		system_u:object_r:bin_t
/usr/local/selinux/lib(64)?(/.*)?		system_u:object_r:lib_t
/usr/local/selinux/libexec(/.*)?	system_u:object_r:lib_t

/usr/X11R6/lib(64)?/X11/fonts(/.*)?		system_u:object_r:fonts_t
/usr/share/fonts(/.*)?			system_u:object_r:fonts_t

#
# /var/run
#
/var/run(/.*)?			system_u:object_r:var_run_t
/var/run/.*\.*pid		<<none>>

#
# /var/spool
#
/var/spool(/.*)?		system_u:object_r:var_spool_t
/var/spool/texmf(/.*)?		system_u:object_r:tetex_data_t

# 
# /var/log
#
/var/log(/.*)?			system_u:object_r:var_log_t
/var/log/wtmp.*		--	system_u:object_r:wtmp_t
/var/log/btmp.*		--	system_u:object_r:faillog_t
/var/log/faillog	--	system_u:object_r:faillog_t
/var/log/ksyms.*	--	system_u:object_r:var_log_ksyms_t
/var/log/dmesg		--	system_u:object_r:dmesg_log_t
/var/log/lastlog	--	system_u:object_r:lastlog_t
/var/log/ksymoops(/.*)?		system_u:object_r:var_log_ksyms_t
/var/log/syslog		--	system_u:object_r:var_log_t

#
# Journal files
#
/\.journal			<<none>>
/usr/\.journal			<<none>>
/boot/\.journal			<<none>>
/home/\.journal			<<none>>
/var/\.journal			<<none>>
/tmp/\.journal			<<none>>
/usr/local/\.journal		<<none>>

#
# Lost and found directories.
#
/lost\+found(/.*)?		system_u:object_r:lost_found_t
/usr/lost\+found(/.*)?		system_u:object_r:lost_found_t
/boot/lost\+found(/.*)?		system_u:object_r:lost_found_t
/home/lost\+found(/.*)?		system_u:object_r:lost_found_t
/var/lost\+found(/.*)?		system_u:object_r:lost_found_t
/tmp/lost\+found(/.*)?		system_u:object_r:lost_found_t
/usr/local/lost\+found(/.*)?	system_u:object_r:lost_found_t

#
# system localization
#
/usr/share/zoneinfo/.*		system_u:object_r:locale_t
/usr/share/locale/.*		system_u:object_r:locale_t
/usr/lib(64)?/locale/.*		system_u:object_r:locale_t
/etc/localtime		--	system_u:object_r:locale_t
/etc/localtime		-l	system_u:object_r:etc_t

#
# initrd mount point, only used during boot
#
/initrd			-d	system_u:object_r:root_t

#
# The Sun Java development kit, RPM install
#
/usr/java/j2sdk.*/bin(/.*)?		system_u:object_r:bin_t
/usr/java/j2sdk.*/jre/lib(64)?/i386(/.*)?	system_u:object_r:lib_t

#
#  The krb5.conf file is always being tested for writability, so
#  we defined a type to dontautit
#
/etc/krb5.conf		--	system_u:object_r:krb5_conf_t
# berkeley process accounting
/usr/sbin/accton	--	system_u:object_r:acct_exec_t
/var/account(/.*)?		system_u:object_r:acct_data_t
/etc/cron\.(daily|monthly)/acct -- system_u:object_r:acct_exec_t
#
# Author:  Carsten Grohmann <carstengrohmann@gmx.de>
#
# $Id: amanda.fc,v 1.2 2003/11/19 20:15:23 hdholm Exp $
#

# amanda
/etc/amanda(/.*)?			system_u:object_r:amanda_config_t
/etc/amanda/.*/tapelist(/.*)?		system_u:object_r:amanda_data_t
/etc/amandates				system_u:object_r:amanda_amandates_t
/etc/dumpdates				system_u:object_r:amanda_dumpdates_t
/root/restore			-d	system_u:object_r:amanda_recover_dir_t
/tmp/amanda(/.*)?			system_u:object_r:amanda_tmp_t
/usr/lib(64)?/amanda			-d	system_u:object_r:amanda_usr_lib_t
/usr/lib(64)?/amanda/amandad		--	system_u:object_r:amanda_inetd_exec_t
/usr/lib(64)?/amanda/amcat\.awk	--	system_u:object_r:amanda_script_exec_t
/usr/lib(64)?/amanda/amcleanupdisk	--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/amidxtaped	--	system_u:object_r:amanda_inetd_exec_t
/usr/lib(64)?/amanda/amindexd	--	system_u:object_r:amanda_inetd_exec_t
/usr/lib(64)?/amanda/amlogroll	--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/amplot\.awk	--	system_u:object_r:amanda_script_exec_t
/usr/lib(64)?/amanda/amplot\.g	--	system_u:object_r:amanda_script_exec_t
/usr/lib(64)?/amanda/amplot\.gp	--	system_u:object_r:amanda_script_exec_t
/usr/lib(64)?/amanda/amtrmidx	--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/amtrmlog	--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/calcsize	--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/chg-chio	--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/chg-chs		--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/chg-manual	--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/chg-mtx		--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/chg-multi	--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/chg-rth		--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/chg-scsi	--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/chg-zd-mtx	--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/driver		--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/dumper		--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/killpgrp	--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/patch-system	--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/planner		--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/rundump		--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/runtar		--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/selfcheck	--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/sendbackup	--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/sendsize	--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/taper		--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/versionsuffix	--	system_u:object_r:amanda_exec_t
/usr/sbin/amadmin		--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amcheck		--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amcheckdb		--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amcleanup		--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amdump		--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amflush		--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amgetconf		--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amlabel		--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amoverview		--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amplot		--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amrecover		--	system_u:object_r:amanda_recover_exec_t
/usr/sbin/amreport		--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amrestore		--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amrmtape		--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amstatus		--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amtape		--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amtoc			--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amverify		--	system_u:object_r:amanda_user_exec_t
/var/lib(64)?/amanda			-d	system_u:object_r:amanda_var_lib_t
/var/lib(64)?/amanda/\.amandahosts	--	system_u:object_r:amanda_config_t
/var/lib(64)?/amanda/\.bashrc	--	system_u:object_r:amanda_shellconfig_t
/var/lib(64)?/amanda/\.profile	--	system_u:object_r:amanda_shellconfig_t
/var/lib(64)?/amanda/disklist	--	system_u:object_r:amanda_data_t
/var/lib(64)?/amanda/gnutar-lists(/.*)?	system_u:object_r:amanda_gnutarlists_t
/var/lib(64)?/amanda/index			system_u:object_r:amanda_data_t
# amavis
/usr/sbin/amavisd.*		--	system_u:object_r:amavisd_exec_t
/etc/amavisd.conf		--	system_u:object_r:amavisd_etc_t
/var/log/amavisd.log 		--	system_u:object_r:amavisd_log_t
/var/lib(64)?/amavis(/.*)?	 		system_u:object_r:amavisd_lib_t
/var/run/amavis(/.*)?	 		system_u:object_r:amavisd_var_run_t
#
# Anaconda file context
# currently anaconda does not have any file context since it is started during install
# This is a placeholder to stop makefile from complaining
#
# apache
/home/[^/]+/((www)|(web)|(public_html))(/.+)? system_u:object_r:httpd_user_content_t
/var/www		-d	system_u:object_r:httpd_sys_content_t
/var/www/html(/.*)?		system_u:object_r:httpd_sys_content_t
/var/www/mrtg(/.*)?		system_u:object_r:httpd_sys_content_t
/var/www/cgi-bin(/.*)?		system_u:object_r:httpd_sys_script_exec_t
/usr/lib(64)?/cgi-bin(/.*)?		system_u:object_r:httpd_sys_script_exec_t
/var/www/perl(/.*)?		system_u:object_r:httpd_sys_script_exec_t
/var/www/icons(/.*)?		system_u:object_r:httpd_sys_content_t
/var/cache/httpd(/.*)?		system_u:object_r:httpd_cache_t
/etc/httpd		-d	system_u:object_r:httpd_config_t
/etc/httpd/conf.*		system_u:object_r:httpd_config_t
/etc/httpd/logs			system_u:object_r:httpd_log_t
/etc/httpd/modules		system_u:object_r:httpd_modules_t
/etc/apache(2)?(/.*)?		system_u:object_r:httpd_config_t
/etc/vhosts		--	system_u:object_r:httpd_config_t
/usr/lib(64)?/apache(/.*)?		system_u:object_r:httpd_modules_t
/usr/lib(64)?/apache2/modules(/.*)?	system_u:object_r:httpd_modules_t
/usr/lib(64)?/httpd(/.*)?		system_u:object_r:httpd_modules_t
/usr/sbin/httpd		--	system_u:object_r:httpd_exec_t
/usr/sbin/apache(2)?	--	system_u:object_r:httpd_exec_t
/usr/sbin/suexec	--	system_u:object_r:httpd_suexec_exec_t
/usr/lib(64)?/cgi-bin/(nph-)?cgiwrap(d)? -- system_u:object_r:httpd_suexec_exec_t
/usr/lib(64)?/apache(2)?/suexec(2)? -- system_u:object_r:httpd_suexec_exec_t
/var/log/httpd(/.*)?		system_u:object_r:httpd_log_t
/var/log/apache(2)?(/.*)?	system_u:object_r:httpd_log_t
/var/log/cgiwrap.log.*	--	system_u:object_r:httpd_log_t
/var/cache/ssl.*\.sem	--	system_u:object_r:httpd_cache_t
/var/cache/mod_ssl(/.*)?	system_u:object_r:httpd_cache_t
/var/run/apache(2)?.pid.* --	system_u:object_r:httpd_var_run_t
# apmd
/usr/sbin/apmd		--	system_u:object_r:apmd_exec_t
/usr/sbin/acpid		--	system_u:object_r:apmd_exec_t
/usr/bin/apm		--	system_u:object_r:apm_exec_t
/var/run/apmd\.pid	--	system_u:object_r:apmd_var_run_t
/var/run/.?acpid.socket	-s	system_u:object_r:apmd_var_run_t
/var/log/acpid		--	system_u:object_r:apmd_log_t
# atd
/usr/sbin/atd		--	system_u:object_r:atd_exec_t
/var/spool/at(/.*)?		system_u:object_r:at_spool_t
/var/run/atd\.pid	--	system_u:object_r:atd_var_run_t
# authbind
/etc/authbind(/.*)?		system_u:object_r:etc_authbind_t
/usr/lib(64)?/authbind/helper --	system_u:object_r:authbind_exec_t
# automount
/usr/sbin/automount	--	system_u:object_r:automount_exec_t
/etc/apm/event\.d/autofs --	system_u:object_r:automount_exec_t
/var/run/autofs(/.*)?		system_u:object_r:automount_var_run_t
# backup
# label programs that do backups to other files on disk (IE a cron job that
# calls tar) in backup_exec_t and label the directory for storing them as
# backup_store_t, Debian uses /var/backups
#/usr/local/bin/backup-script -- system_u:object_r:backup_exec_t
/var/backups(/.*)?		system_u:object_r:backup_store_t
# bluetooth
/etc/bluetooth(/.*)?		system_u:object_r:bluetooth_conf_t
/usr/bin/rfcomm		--	system_u:object_r:bluetooth_exec_t
/usr/sbin/hcid		--	system_u:object_r:bluetooth_exec_t
/usr/sbin/sdpd		--	system_u:object_r:bluetooth_exec_t
/usr/sbin/hciattach	--	system_u:object_r:bluetooth_exec_t
/var/run/sdp		--	system_u:object_r:bluetooth_var_run_t
# bootloader
/etc/lilo\.conf.*	--	system_u:object_r:etc_bootloader_t
/initrd\.img.*		-l	system_u:object_r:boot_t
/sbin/lilo.*		--	system_u:object_r:bootloader_exec_t
/sbin/grub.*		--	system_u:object_r:bootloader_exec_t
/vmlinuz.*		-l	system_u:object_r:boot_t
/usr/sbin/mkinitrd	--	system_u:object_r:bootloader_exec_t
/sbin/mkinitrd		--	system_u:object_r:bootloader_exec_t
/etc/mkinitrd/scripts/.* --	system_u:object_r:bootloader_exec_t
# squid
/etc/cron\.daily/calamaris --	system_u:object_r:calamaris_exec_t
/var/www/calamaris(/.*)?	system_u:object_r:calamaris_www_t
/var/log/calamaris(/.*)?	system_u:object_r:calamaris_log_t
# canna
/usr/bin/cannaping	--	system_u:object_r:canna_exec_t
/usr/bin/catdic		--	system_u:object_r:canna_exec_t
/var/log/canna(/.*)?		system_u:object_r:canna_log_t
# cardmgr
/sbin/cardmgr		--	system_u:object_r:cardmgr_exec_t
/sbin/cardctl		--	system_u:object_r:cardctl_exec_t
/var/run/stab		--	system_u:object_r:cardmgr_var_run_t
/var/run/cardmgr.pid	--	system_u:object_r:cardmgr_var_run_t
/etc/apm/event\.d/pcmcia --	system_u:object_r:cardmgr_exec_t
/var/lib(64)?/pcmcia(/.*)?		system_u:object_r:cardmgr_var_run_t
# checkpolicy
/usr/bin/checkpolicy		--	system_u:object_r:checkpolicy_exec_t
# chkpwd
/sbin/unix_chkpwd	--	system_u:object_r:chkpwd_exec_t
/sbin/unix_verify	--	system_u:object_r:chkpwd_exec_t
/usr/sbin/chroot	--	system_u:object_r:chroot_exec_t
/usr/sbin/ciped.*	--	system_u:object_r:ciped_exec_t
/etc/cipe/ip-up.*	--	system_u:object_r:bin_t
/etc/cipe/ip-down.*	--	system_u:object_r:bin_t
# clamscan
/usr/bin/clamscan	--	system_u:object_r:clamscan_exec_t
/usr/bin/freshclam	--	system_u:object_r:freshclam_exec_t
/usr/sbin/clamav-freshclam-handledaemon	-- system_u:object_r:freshclam_exec_t
/usr/sbin/clamd		--	system_u:object_r:clamd_exec_t
/var/lib(64)?/clamav(/.*)?		system_u:object_r:clamav_var_lib_t
/var/log/clam-update.log --	system_u:object_r:freshclam_log_t
/var/log/clamav-freshclam.log.* -- system_u:object_r:freshclam_log_t
/var/run/clamd.ctl	-s	system_u:object_r:clamd_var_run_t
/var/run/clamd.pid	--	system_u:object_r:clamd_var_run_t
# config services
/usr/share/redhat-config-services(/.*)?		system_u:object_r:cfg_srv_exec_t
/etc/security/console.apps/redhat-config-services -- system_u:object_r:cfg_srv_conf_t
# Red Hat config users program
/etc/security/console.apps/redhat-config-users	-- system_u:object_r:config_users_conf_t
/usr/share/redhat-config-users(/.*)		   system_u:object_r:config_users_exec_t
# consoletype
/sbin/consoletype	--	system_u:object_r:consoletype_exec_t
# courier pop, imap, and webmail
/usr/lib(64)?/courier(/.*)?			system_u:object_r:bin_t
/usr/lib(64)?/courier/rootcerts(/.*)?	system_u:object_r:etc_courier_t
/usr/lib(64)?/courier/authlib/.*	--	system_u:object_r:courier_authdaemon_exec_t
/usr/lib(64)?/courier/courier/.*	--	system_u:object_r:courier_exec_t
/usr/lib(64)?/courier/courier/courierpop.* -- system_u:object_r:courier_pop_exec_t
/usr/lib(64)?/courier/courier/imaplogin --	system_u:object_r:courier_pop_exec_t
/usr/lib(64)?/courier/courier/pcpd	--	system_u:object_r:courier_pcp_exec_t
/usr/lib(64)?/courier/imapd		--	system_u:object_r:courier_pop_exec_t
/usr/lib(64)?/courier/pop3d		--	system_u:object_r:courier_pop_exec_t
/usr/lib(64)?/courier/sqwebmail/cleancache.pl -- system_u:object_r:sqwebmail_cron_exec_t
/usr/bin/imapd			--	system_u:object_r:courier_pop_exec_t
/usr/sbin/courierlogger		--	system_u:object_r:courier_exec_t
/usr/sbin/courierldapaliasd	--	system_u:object_r:courier_exec_t
/usr/sbin/couriertcpd		--	system_u:object_r:courier_tcpd_exec_t
/var/run/courier(.*)?			system_u:object_r:courier_var_run_t
/etc/courier(/.*)?			system_u:object_r:etc_courier_t
# cpucontrol
/sbin/microcode_ctl	--	system_u:object_r:cpucontrol_exec_t
/etc/firmware/.*	--	system_u:object_r:cpucontrol_conf_t
# crack - for password checking
/usr/sbin/crack_[a-z]*	--	system_u:object_r:crack_exec_t
/var/cache/cracklib(/.*)?	system_u:object_r:crack_db_t
/usr/lib(64)?/cracklib_dict.* --	system_u:object_r:crack_db_t
# crond
/etc/crontab		--	system_u:object_r:system_cron_spool_t
/etc/cron\.d(/.*)?		system_u:object_r:system_cron_spool_t
/usr/sbin/cron(d)?	--	system_u:object_r:crond_exec_t
/usr/sbin/anacron	--	system_u:object_r:anacron_exec_t
/var/spool/cron		-d	system_u:object_r:cron_spool_t
/var/spool/cron/crontabs -d	system_u:object_r:cron_spool_t
/var/spool/cron/crontabs/.*	<<none>>
/var/spool/cron/crontabs/root -- system_u:object_r:sysadm_cron_spool_t
/var/log/cron		--	system_u:object_r:crond_log_t
/var/run/crond\.reboot	--	system_u:object_r:crond_var_run_t
/var/run/crond\.pid	--	system_u:object_r:crond_var_run_t
# fcron
/usr/sbin/fcron		--	system_u:object_r:crond_exec_t
/var/spool/fcron	-d	system_u:object_r:cron_spool_t
/var/spool/fcron/.*		<<none>>
/var/spool/fcron/systab.orig --	system_u:object_r:system_cron_spool_t
/var/spool/fcron/systab	 --	system_u:object_r:system_cron_spool_t
/var/spool/fcron/new.systab --	system_u:object_r:system_cron_spool_t
/var/run/fcron\.fifo	-s	system_u:object_r:crond_var_run_t
/var/run/fcron\.pid	--	system_u:object_r:crond_var_run_t
# crontab
/usr/bin/(f)?crontab	--	system_u:object_r:crontab_exec_t
# cups printing
/etc/cups(/.*)?			system_u:object_r:etc_cupsd_t
/usr/share/cups(/.*)?		system_u:object_r:etc_cupsd_t
/var/cache/alchemist/printconf.* system_u:object_r:etc_cupsd_t
/etc/cups/client\.conf	--	system_u:object_r:etc_t
/etc/cups/printers.conf.* --	system_u:object_r:etc_cupsd_rw_t
/etc/cups/ppd/.*	--	system_u:object_r:etc_cupsd_rw_t
/etc/cups/certs		-d	system_u:object_r:etc_cupsd_rw_t
/etc/cups/certs/.*	--	system_u:object_r:etc_cupsd_rw_t
/etc/cups/ppds.dat	--	system_u:object_r:etc_cupsd_rw_t
/etc/printcap\.cups	--	system_u:object_r:etc_cupsd_t
/usr/lib(64)?/cups/backend/.* --	system_u:object_r:cupsd_exec_t
/usr/lib(64)?/cups/daemon/.*	 --	system_u:object_r:cupsd_exec_t
/usr/sbin/cupsd		--	system_u:object_r:cupsd_exec_t
/usr/sbin/printconf-backend --	system_u:object_r:cupsd_exec_t
/var/log/cups(/.*)?		system_u:object_r:cupsd_log_t
/var/spool/cups(/.*)?		system_u:object_r:print_spool_t
/var/run/cups/printcap	--	system_u:object_r:cupsd_var_run_t
/usr/lib(64)?/cups/filter/.*	--	system_u:object_r:bin_t
/usr/lib(64)?/cups/cgi-bin/.* --	system_u:object_r:bin_t
/usr/bin/dbus-daemon-1	--	system_u:object_r:dbusd_exec_t
/etc/dbus-1(/.*)?		system_u:object_r:etc_dbusd_t
/var/run/dbus(/.*)?		system_u:object_r:dbusd_var_run_t
# ddt - Dynamic DNS client
/usr/sbin/ddtcd		--	system_u:object_r:ddt_client_exec_t
/var/run/ddtcd\.pid	--	system_u:object_r:ddt_client_var_run_t
/etc/ddtcd\.conf	--	system_u:object_r:etc_ddt_client_t
/var/lib(64)?/ddt-client(/.*)?	system_u:object_r:var_lib_ddt_client_t
/var/log/ddtcd\.log.*	--	system_u:object_r:var_log_ddt_client_t
# devfsd
/etc/devfs(/.*)?		system_u:object_r:etc_devfsd_t
/sbin/devfsd.*		--	system_u:object_r:devfsd_exec_t
/etc/init\.d/makedev	--	system_u:object_r:devfsd_exec_t
# dhcpcd 
/etc/dhcpc.*(/.*)?		system_u:object_r:etc_dhcp_t
/etc/dhclient.*conf	--	system_u:object_r:etc_dhcp_t
/etc/dhclient-script	--	system_u:object_r:etc_dhcp_t
/sbin/dhcpcd		--	system_u:object_r:dhcpc_exec_t
/sbin/dhclient.*	--	system_u:object_r:dhcpc_exec_t
/var/lib(64)?/dhcp(3)?/dhclient.*	system_u:object_r:dhcpc_state_t
/var/run/dhclient.*\.pid --	system_u:object_r:dhcpc_var_run_t
# pump
/sbin/pump		--	system_u:object_r:dhcpc_exec_t

/var/lib(64)?/dhcp(3)?	-d	system_u:object_r:dhcp_state_t


# dhcpd
/etc/dhcpd.conf		--	system_u:object_r:etc_dhcp_t
/etc/dhcp3(/.*)?		system_u:object_r:etc_dhcp_t
/usr/sbin/dhcpd.*	--	system_u:object_r:dhcpd_exec_t
/var/lib(64)?/?/dhcpd\.leases.* -- system_u:object_r:dhcpd_state_t
/var/run/dhcpd\.pid	-d	system_u:object_r:dhcpd_var_run_t

# dictd
/etc/dictd.conf		--	system_u:object_r:etc_dictd_t
/usr/sbin/dictd		--	system_u:object_r:dictd_exec_t
/var/lib(64)?/dictd(/.*)?		system_u:object_r:var_lib_dictd_t
# dmesg
/bin/dmesg	--	system_u:object_r:dmesg_exec_t
# fingerd
/usr/sbin/in\.fingerd	--	system_u:object_r:fingerd_exec_t
/usr/sbin/[cef]fingerd	--	system_u:object_r:fingerd_exec_t
/etc/cron.weekly/(c)?fingerd -- system_u:object_r:fingerd_exec_t
/etc/cfingerd(/.*)?		system_u:object_r:etc_fingerd_t
/var/log/cfingerd\.log.* --	system_u:object_r:fingerd_log_t
# fs admin daemons
/usr/sbin/smartd	--	system_u:object_r:fsdaemon_exec_t
/var/run/smartd.pid	--	system_u:object_r:fsdaemon_var_run_t
# fs admin utilities
/sbin/fsck.*		--	system_u:object_r:fsadm_exec_t
/sbin/mkfs.*		--	system_u:object_r:fsadm_exec_t
/sbin/e2fsck		--	system_u:object_r:fsadm_exec_t
/sbin/mkdosfs		--	system_u:object_r:fsadm_exec_t
/sbin/dosfsck		--	system_u:object_r:fsadm_exec_t
/sbin/reiserfs(ck|tune)	--	system_u:object_r:fsadm_exec_t
/sbin/mkreiserfs	--	system_u:object_r:fsadm_exec_t
/sbin/resize.*fs	--	system_u:object_r:fsadm_exec_t
/sbin/e2label		--	system_u:object_r:fsadm_exec_t
/sbin/findfs		--	system_u:object_r:fsadm_exec_t
/sbin/mkfs		--	system_u:object_r:fsadm_exec_t
/sbin/mke2fs		--	system_u:object_r:fsadm_exec_t
/sbin/mkswap		--	system_u:object_r:fsadm_exec_t
/sbin/scsi_info		--	system_u:object_r:fsadm_exec_t
/sbin/sfdisk		--	system_u:object_r:fsadm_exec_t
/sbin/cfdisk		--	system_u:object_r:fsadm_exec_t
/sbin/fdisk		--	system_u:object_r:fsadm_exec_t
/sbin/parted		--	system_u:object_r:fsadm_exec_t
/sbin/tune2fs		--	system_u:object_r:fsadm_exec_t
/sbin/dumpe2fs		--	system_u:object_r:fsadm_exec_t
/sbin/swapon		--	system_u:object_r:fsadm_exec_t
/sbin/hdparm		--	system_u:object_r:fsadm_exec_t
/sbin/raidstart		--	system_u:object_r:fsadm_exec_t
/sbin/mkraid		--	system_u:object_r:fsadm_exec_t
/sbin/blockdev		--	system_u:object_r:fsadm_exec_t
/sbin/losetup		--	system_u:object_r:fsadm_exec_t
/sbin/jfs_.*		--	system_u:object_r:fsadm_exec_t
/usr/sbin/smartctl	--	system_u:object_r:fsadm_exec_t
/sbin/install-mbr	--	system_u:object_r:fsadm_exec_t
/usr/bin/scsi_unique_id	--	system_u:object_r:fsadm_exec_t
/usr/bin/raw		--	system_u:object_r:fsadm_exec_t
/sbin/partx		--	system_u:object_r:fsadm_exec_t
/usr/bin/partition_uuid	--	system_u:object_r:fsadm_exec_t
# ftpd
/usr/sbin/in\.ftpd	--	system_u:object_r:ftpd_exec_t
/usr/sbin/proftpd	--	system_u:object_r:ftpd_exec_t
/usr/sbin/muddleftpd	--	system_u:object_r:ftpd_exec_t
/usr/sbin/ftpwho	--	system_u:object_r:ftpd_exec_t
/usr/kerberos/sbin/ftpd	--	system_u:object_r:ftpd_exec_t
/usr/sbin/vsftpd	--	system_u:object_r:ftpd_exec_t
/etc/proftpd\.conf	--	system_u:object_r:etc_ftpd_t
/var/run/proftpd/proftpd-inetd -- system_u:object_r:ftpd_var_run_t
/var/log/muddleftpd\.log.* --	system_u:object_r:xferlog_t
/var/log/xferlog.*	--	system_u:object_r:xferlog_t
/var/log/xferreport.*	--	system_u:object_r:xferlog_t
/etc/cron\.monthly/proftpd --	system_u:object_r:ftpd_exec_t
#  games
/usr/games/.*	--	system_u:object_r:games_exec_t
/usr/lib(64)?/games/.* --	system_u:object_r:games_exec_t
/var/games(/.*)?	system_u:object_r:games_data_t
/usr/bin/micq	--	system_u:object_r:games_exec_t
# getty
/sbin/.*getty		--	system_u:object_r:getty_exec_t
/etc/mgetty(/.*)?		system_u:object_r:etc_getty_t
# gnome-pty-helper
/usr/sbin/gnome-pty-helper --	system_u:object_r:gph_exec_t
/usr/lib(64)?/vte/gnome-pty-helper --	system_u:object_r:gph_exec_t
# gpg
/home/[^/]+/\.gnupg(/.+)?	system_u:object_r:user_gpg_secret_t
/root/\.gnupg(/.+)?		system_u:object_r:sysadm_gpg_secret_t
/usr/bin/gpg		--	system_u:object_r:gpg_exec_t
# gpm
/dev/gpmctl		-s	system_u:object_r:gpmctl_t
/usr/sbin/gpm		--	system_u:object_r:gpm_exec_t
/bin/hostname		--	system_u:object_r:hostname_exec_t
# hotplug
/etc/hotplug/.*		--	system_u:object_r:etc_hotplug_t
/sbin/hotplug		--	system_u:object_r:hotplug_exec_t
# hwclock
/sbin/hwclock		--	system_u:object_r:hwclock_exec_t
/etc/adjtime		--	system_u:object_r:adjtime_t
# ifconfig
/sbin/ifconfig		--	system_u:object_r:ifconfig_exec_t
/sbin/iwconfig		--	system_u:object_r:ifconfig_exec_t
/sbin/ip		--	system_u:object_r:ifconfig_exec_t
/sbin/tc		--	system_u:object_r:ifconfig_exec_t
/bin/ip			--	system_u:object_r:ifconfig_exec_t
/sbin/ethtool		--	system_u:object_r:ifconfig_exec_t
/sbin/mii-tool		--	system_u:object_r:ifconfig_exec_t
#  imazesrv
/usr/share/games/imaze(/.*)?	system_u:object_r:imazesrv_data_t
/usr/games/imazesrv --	system_u:object_r:imazesrv_exec_t
/var/log/imaze.log --	system_u:object_r:imazesrv_log_t
# inetd
/usr/sbin/inetd		--	system_u:object_r:inetd_exec_t
/usr/sbin/xinetd	--	system_u:object_r:inetd_exec_t
/usr/sbin/rlinetd	--	system_u:object_r:inetd_exec_t
/usr/sbin/identd	--	system_u:object_r:inetd_child_exec_t
/usr/sbin/in\..*d	--	system_u:object_r:inetd_child_exec_t
/var/log/(x)?inetd\.log	--	system_u:object_r:inetd_log_t
# init
/dev/initctl		-p	system_u:object_r:initctl_t
/sbin/init		--	system_u:object_r:init_exec_t
/sbin/sulogin		--	system_u:object_r:sulogin_exec_t
# init rc scripts
/etc/X11/prefdm		--	system_u:object_r:initrc_exec_t
/etc/rc\.d/rc		--	system_u:object_r:initrc_exec_t
/etc/rc\.d/rc\.sysinit	--	system_u:object_r:initrc_exec_t
/etc/rc\.d/rc\.local	--	system_u:object_r:initrc_exec_t
/etc/rc\.d/init\.d/.*	--	system_u:object_r:initrc_exec_t
/etc/rc\.d/init\.d/functions -- system_u:object_r:etc_t
/etc/init\.d/.*		--	system_u:object_r:initrc_exec_t
/etc/init\.d/functions	--	system_u:object_r:etc_t
/var/run/utmp		--	system_u:object_r:initrc_var_run_t
/var/run/runlevel\.dir		system_u:object_r:initrc_var_run_t
/var/run/random-seed	--	system_u:object_r:initrc_var_run_t
/var/run/setmixer_flag	--	system_u:object_r:initrc_var_run_t
# run_init
/usr/sbin/run_init	--	system_u:object_r:run_init_exec_t
/usr/sbin/open_init_pty	--	system_u:object_r:initrc_exec_t
/etc/nologin.*		--	system_u:object_r:etc_runtime_t
/etc/nohotplug		--	system_u:object_r:etc_runtime_t
/usr/share/firstboot(/.*)	system_u:object_r:initrc_exec_t
# IPSEC utilities and daemon.

/etc/ipsec\.secrets	--	system_u:object_r:ipsec_key_file_t
/etc/ipsec\.conf	--	system_u:object_r:ipsec_conf_file_t
/etc/ipsec\.d(/.*)?		system_u:object_r:ipsec_key_file_t
/usr/lib(64)?/ipsec/.*	--	system_u:object_r:ipsec_mgmt_exec_t
/usr/local/lib(64)?/ipsec/.*	--	system_u:object_r:ipsec_mgmt_exec_t
/usr/lib(64)?/ipsec/eroute	--	system_u:object_r:ipsec_exec_t
/usr/local/lib(64)?/ipsec/eroute --	system_u:object_r:ipsec_exec_t
/usr/lib(64)?/ipsec/klipsdebug --	system_u:object_r:ipsec_exec_t
/usr/local/lib(64)?/ipsec/klipsdebug -- system_u:object_r:ipsec_exec_t
/usr/lib(64)?/ipsec/pluto	--	system_u:object_r:ipsec_exec_t
/usr/local/lib(64)?/ipsec/pluto --	system_u:object_r:ipsec_exec_t
/usr/lib(64)?/ipsec/spi	--	system_u:object_r:ipsec_exec_t
/usr/local/lib(64)?/ipsec/spi --	system_u:object_r:ipsec_exec_t
/usr/sbin/ipsec		--	system_u:object_r:ipsec_mgmt_exec_t
/usr/local/sbin/ipsec	--	system_u:object_r:ipsec_mgmt_exec_t
/var/run/ipsec\.info		system_u:object_r:ipsec_var_run_t
/var/run/pluto\.ctl		system_u:object_r:ipsec_var_run_t
# iptables
/usr/sbin/ipchains.*	--	system_u:object_r:iptables_exec_t
/usr/sbin/iptables.* 	--	system_u:object_r:iptables_exec_t
/usr/sbin/ip6tables.*	--	system_u:object_r:iptables_exec_t
# irc clients
/usr/bin/[st]irc	--	system_u:object_r:irc_exec_t
/usr/bin/ircII		--	system_u:object_r:irc_exec_t
/usr/bin/tinyirc	--	system_u:object_r:irc_exec_t
/home/[^/]+/.ircmotd	--	system_u:object_r:user_home_irc_t
# ircd - irc server
/usr/sbin/(dancer-)?ircd --	system_u:object_r:ircd_exec_t
/etc/(dancer-)?ircd(/.*)?	system_u:object_r:etc_ircd_t
/var/log/(dancer-)?ircd(/.*)?	system_u:object_r:ircd_log_t
/var/lib(64)?/dancer-ircd(/.*)?	system_u:object_r:ircd_var_lib_t
/var/run/dancer-ircd(/.*)?	system_u:object_r:ircd_var_run_t
# irqbalance
/usr/sbin/irqbalance	-- system_u:object_r:irqbalance_exec_t
# jabberd
/usr/sbin/jabberd		system_u:object_r:jabberd_exec_t
/var/lib(64)?/jabber			system_u:object_r:jabberd_var_lib_t
# klogd
/sbin/klogd		--	system_u:object_r:klogd_exec_t
/usr/sbin/klogd		--	system_u:object_r:klogd_exec_t
/var/run/klogd\.pid	--	system_u:object_r:klogd_var_run_t
# kudzu
/usr/sbin/kudzu	--	system_u:object_r:kudzu_exec_t
# lcd
/usr/sbin/lcd.*		--	system_u:object_r:lcd_exec_t
/sbin/ldconfig		--	system_u:object_r:ldconfig_exec_t
# load_policy
/usr/sbin/load_policy		--	system_u:object_r:load_policy_exec_t
/sbin/load_policy		--	system_u:object_r:load_policy_exec_t
# loadkeys
/bin/unikeys		--	system_u:object_r:loadkeys_exec_t
/bin/loadkeys		--	system_u:object_r:loadkeys_exec_t
# login
/bin/login		--	system_u:object_r:login_exec_t
# logrotate
/usr/sbin/logrotate	--	system_u:object_r:logrotate_exec_t
/usr/sbin/logcheck	--	system_u:object_r:logrotate_exec_t
/etc/cron\.(daily|weekly)/sysklogd -- system_u:object_r:logrotate_exec_t
/var/lib(64)?/logrotate.status --	system_u:object_r:logrotate_var_lib_t
/var/lib(64)?/logcheck(/.*)?		system_u:object_r:logrotate_var_lib_t
# using a hard-coded name under /var/tmp is a bug - new version fixes it
/var/tmp/logcheck	-d	system_u:object_r:logrotate_tmp_t
# lpd
/dev/printer		-s	system_u:object_r:printer_t
/dev/lp.*		-c	system_u:object_r:printer_device_t
/dev/par.*		-c	system_u:object_r:printer_device_t
/dev/usb/lp.*		-c	system_u:object_r:printer_device_t
/usr/sbin/lpd		--	system_u:object_r:lpd_exec_t
/usr/sbin/checkpc	--	system_u:object_r:checkpc_exec_t
/var/spool/lpd(/.*)?		system_u:object_r:print_spool_t
/usr/share/printconf/.* --	system_u:object_r:printconf_t
/var/run/lprng(/.*)?		system_u:object_r:lpd_var_run_t
# lp utilities.
/usr/bin/lpr		--	system_u:object_r:lpr_exec_t
/usr/bin/lpq		--	system_u:object_r:lpr_exec_t
/usr/bin/lprm		--	system_u:object_r:lpr_exec_t
# lrrd
/usr/bin/lrrd-.*		--	system_u:object_r:lrrd_exec_t
/usr/sbin/lrrd-.*		--	system_u:object_r:lrrd_exec_t
/usr/share/lrrd/lrrd-.*		--	system_u:object_r:lrrd_exec_t
/usr/share/lrrd/plugins/.*	--	system_u:object_r:lrrd_exec_t
/var/run/lrrd(/.*)?			system_u:object_r:lrrd_var_run_t
/var/log/lrrd.*			--	system_u:object_r:lrrd_log_t
/var/lib(64)?/lrrd(/.*)?			system_u:object_r:lrrd_var_lib_t
/var/www/lrrd(.*)?			system_u:object_r:lrrd_var_lib_t
/etc/lrrd(/.*)?				system_u:object_r:etc_lrrd_t
# lvm
/sbin/lvmiopversion	--	system_u:object_r:lvm_exec_t
/etc/lvm(/.*)?		--	system_u:object_r:etc_lvm_t
/etc/lvm/\.cache	--	system_u:object_r:lvm_metadata_t
/etc/lvm/archive(/.*)?		system_u:object_r:lvm_metadata_t
/etc/lvm/backup(/.*)?		system_u:object_r:lvm_metadata_t
/etc/lvmtab(/.*)?		system_u:object_r:lvm_metadata_t
/etc/lvmtab\.d(/.*)?		system_u:object_r:lvm_metadata_t
# LVM creates lock files in /var before /var is mounted
# configure LVM to put lockfiles in /etc/lvm/lock instead
# for this policy to work (unless you have no separate /var)
/etc/lvm/lock(/.*)?		system_u:object_r:lvm_lock_t
/var/lock/lvm(/.*)?		system_u:object_r:lvm_lock_t
/dev/lvm		-c	system_u:object_r:fixed_disk_device_t
/dev/mapper/.*		-b	system_u:object_r:fixed_disk_device_t
/lib(64)?/lvm-10(/.*)		system_u:object_r:lvm_exec_t
/lib(64)?/lvm-200(/.*)		system_u:object_r:lvm_exec_t
/lib(64)?/lvm-default		system_u:object_r:bin_t
# mailman list server
/usr/lib(64)?/cgi-bin/mailman/.* --	system_u:object_r:mailman_cgi_exec_t
/var/log/mailman(/.*)?		system_u:object_r:mailman_log_t
/usr/lib(64)?/mailman/cron/qrunner -- system_u:object_r:mailman_queue_exec_t
/var/lib(64)?/mailman(/.*)?		system_u:object_r:mailman_data_t
/var/lib(64)?/mailman/cron	--	system_u:object_r:bin_t
/usr/lib(64)?/mailman/mail/wrapper -- system_u:object_r:mailman_mail_exec_t
/var/lib(64)?/mailman/archives(/.*)?	system_u:object_r:mailman_archive_t
/etc/cron\.daily/mailman --	system_u:object_r:mailman_queue_exec_t
/etc/cron\.monthly/mailman --	system_u:object_r:mailman_queue_exec_t
# module utilities
/etc/modules\.conf.*	--	system_u:object_r:modules_conf_t
/etc/modprobe\.conf.*	--	system_u:object_r:modules_conf_t
/lib(64)?/modules/modprobe.conf --	system_u:object_r:modules_conf_t
/lib(64)?/modules(/.*)?		system_u:object_r:modules_object_t
/lib(64)?/modules/[^/]+/modules\..+ -- system_u:object_r:modules_dep_t
/lib(64)?/modules/modprobe\.conf.* -- system_u:object_r:modules_conf_t
/sbin/depmod.*		--	system_u:object_r:depmod_exec_t
/sbin/modprobe.*	--	system_u:object_r:insmod_exec_t
/sbin/insmod.*		--	system_u:object_r:insmod_exec_t
/sbin/insmod_ksymoops_clean --	system_u:object_r:sbin_t
/sbin/rmmod.*		--	system_u:object_r:insmod_exec_t
/sbin/update-modules	--	system_u:object_r:update_modules_exec_t
# monopd
/etc/monopd.conf	--	system_u:object_r:etc_monopd_t
/usr/sbin/monopd	--	system_u:object_r:monopd_exec_t
/usr/share/monopd/games(/.*)?	system_u:object_r:share_monopd_t
# mount
/bin/mount			--	system_u:object_r:mount_exec_t
/bin/umount			--	system_u:object_r:mount_exec_t
#  netscape/mozilla
/root/\.netscape(/.*)?		system_u:object_r:sysadm_mozilla_rw_t
/root/\.mozilla(/.*)?		system_u:object_r:sysadm_mozilla_rw_t
/home/[^/]+/\.netscape(/.*)?	system_u:object_r:user_mozilla_rw_t
/home/[^/]+/\.mozilla(/.*)?	system_u:object_r:user_mozilla_rw_t
/usr/bin/netscape	--	system_u:object_r:mozilla_exec_t
/usr/bin/mozilla	--	system_u:object_r:mozilla_exec_t
/usr/bin/mozilla-snapshot --	system_u:object_r:mozilla_exec_t
/usr/bin/mozilla-[0-9].* --	system_u:object_r:mozilla_exec_t
/usr/bin/mozilla-bin-[0-9].* --	system_u:object_r:mozilla_exec_t
/usr/lib(64)?/netscape/.+/communicator/communicator-smotif.real -- system_u:object_r:mozilla_exec_t
/usr/lib(64)?/netscape/base-4/wrapper -- system_u:object_r:mozilla_exec_t
/usr/lib(64)?/mozilla/reg.+	--	system_u:object_r:mozilla_exec_t
/usr/lib(64)?/mozilla/mozilla-.* --	system_u:object_r:mozilla_exec_t
/usr/lib(64)?/mozilla-snapshot/reg.+	 --	system_u:object_r:mozilla_exec_t
/usr/lib(64)?/mozilla-snapshot/mozilla-.* --	system_u:object_r:mozilla_exec_t
# mrtg - traffic grapher
/usr/bin/mrtg		--	system_u:object_r:mrtg_exec_t
/var/lib(64)?/mrtg(/.*)?		system_u:object_r:var_lib_mrtg_t
/var/lock/mrtg(/.*)?		system_u:object_r:mrtg_lock_t
/etc/mrtg.*			system_u:object_r:etc_mrtg_t
/etc/mrtg/mrtg.ok	--	system_u:object_r:mrtg_lock_t
/var/log/mrtg(/.*)?		system_u:object_r:mrtg_log_t
# types for general mail servers
/usr/sbin/sendmail(.sendmail)?	-- system_u:object_r:sendmail_exec_t
/usr/lib(64)?/sendmail		-- system_u:object_r:sendmail_exec_t
/etc/aliases		--	system_u:object_r:etc_aliases_t
/etc/aliases\.db	--	system_u:object_r:etc_aliases_t
/var/spool/mail(/.*)?		system_u:object_r:mail_spool_t
/var/mail(/.*)?			system_u:object_r:mail_spool_t
/etc/mail(/.*)?				system_u:object_r:etc_mail_t
# mysql database server
/usr/sbin/mysqld	--	system_u:object_r:mysqld_exec_t
/var/run/mysqld(/.*)?		system_u:object_r:mysqld_var_run_t
/var/log/mysql.*	--	system_u:object_r:mysqld_log_t
/var/lib(64)?/mysql(/.*)?		system_u:object_r:mysqld_db_t
/etc/my\.cnf		--	system_u:object_r:etc_mysqld_t
/etc/mysql(/.*)?		system_u:object_r:etc_mysqld_t
# named
/var/named(/.*)?      		system_u:object_r:named_conf_t
/etc/named\.conf	--	system_u:object_r:named_conf_t
/etc/bind(/.*)?			system_u:object_r:named_zone_t
/etc/bind/named\.conf	--	system_u:object_r:named_conf_t
/etc/bind/rndc\.key	--	system_u:object_r:rndc_conf_t
/etc/rndc.*		--	system_u:object_r:rndc_conf_t
/usr/sbin/named.*      	--	system_u:object_r:named_exec_t
/usr/sbin/r?ndc		--	system_u:object_r:ndc_exec_t
/var/cache/bind(/.*)?		system_u:object_r:named_cache_t
/var/run/ndc		-s	system_u:object_r:named_var_run_t
/var/run/bind(/.*)?		system_u:object_r:named_var_run_t
/var/run/named.*		system_u:object_r:named_var_run_t
/usr/sbin/lwresd	--	system_u:object_r:named_exec_t
# nessusd - network scanning server
/usr/sbin/nessusd	--	system_u:object_r:nessusd_exec_t
/usr/lib(64)?/nessus/plugins/.* --	system_u:object_r:nessusd_exec_t
/var/lib(64)?/nessus(/.*)?	 	system_u:object_r:nessusd_db_t
/var/log/nessus(/.*)?		system_u:object_r:nessusd_log_t
/etc/nessus/nessusd\.conf --	system_u:object_r:etc_nessusd_t
# netsaint - network monitoring server
/usr/sbin/netsaint		--	system_u:object_r:netsaint_exec_t
#/var/run/netsaint(/.*)?		system_u:object_r:netsaint_var_run_t
/etc/netsaint(/.*)?			system_u:object_r:etc_netsaint_t
/var/log/netsaint(/.*)?			system_u:object_r:netsaint_log_t
/usr/lib(64)?/netsaint/plugins(/.*)?		system_u:object_r:bin_t
/usr/lib(64)?/cgi-bin/netsaint/.+	--	system_u:object_r:netsaint_cgi_exec_t
# network utilities
/sbin/arping		--	system_u:object_r:netutils_exec_t
/usr/sbin/tcpdump	--	system_u:object_r:netutils_exec_t
/etc/network/ifstate	--	system_u:object_r:etc_runtime_t
# newrole
/usr/bin/newrole	--		system_u:object_r:newrole_exec_t
# nscd
/usr/sbin/nscd		--	system_u:object_r:nscd_exec_t
/var/run/\.nscd_socket	-s	system_u:object_r:nscd_var_run_t
/var/run/nscd\.pid	--	system_u:object_r:nscd_var_run_t
# nsd
/etc/nsd(/.*)?       		system_u:object_r:nsd_conf_t
/etc/nsd/primary(/.*)?		system_u:object_r:nsd_zone_t
/etc/nsd/secondary(/.*)?	system_u:object_r:nsd_zone_t
/etc/nsd/nsd.db		--	system_u:object_r:nsd_zone_t
/var/lib(64)?/nsd(/.*)?		system_u:object_r:nsd_zone_t
/usr/sbin/nsd      	--	system_u:object_r:nsd_exec_t
/usr/sbin/nsdc      	--	system_u:object_r:nsd_exec_t
/usr/sbin/nsd-notify	--	system_u:object_r:nsd_exec_t
/usr/sbin/zonec		--	system_u:object_r:nsd_exec_t
/var/run/nsd\.pid	--	system_u:object_r:nsd_var_run_t
/var/lib(64)?/ntp(/.*)?			system_u:object_r:ntp_drift_t
/etc/ntp/data(/.*)?			system_u:object_r:ntp_drift_t
/etc/ntp\.conf			--	system_u:object_r:etc_ntp_t
/usr/sbin/ntpd			--	system_u:object_r:ntpd_exec_t
/usr/sbin/ntpdate		--	system_u:object_r:ntpd_exec_t
/var/log/ntpstats(/.*)?			system_u:object_r:ntpd_log_t
/var/log/ntpd.*			--	system_u:object_r:ntpd_log_t
/var/log/xntpd.*		--	system_u:object_r:ntpd_log_t
/var/run/ntpd.pid		--	system_u:object_r:ntpd_var_run_t
/etc/cron\.(daily|weekly)/ntp-simple -- system_u:object_r:ntpd_exec_t
/var/lib(64)?/oav-virussignatures -- system_u:object_r:oav_update_var_lib_t
/var/lib(64)?/oav-update(/.*)?	system_u:object_r:oav_update_var_lib_t
/usr/sbin/oav-update	--	system_u:object_r:oav_update_exec_t
/etc/oav-update(/.*)?		system_u:object_r:oav_update_etc_t
/etc/openca(/.*)?		system_u:object_r:openca_etc_t
/etc/openca/rbac(/.*)?		system_u:object_r:openca_etc_writeable_t
/etc/openca/*.\.in(/.*)?	system_u:object_r:openca_etc_in_t
/var/lib(64)?/openca(/.*)?		system_u:object_r:openca_var_lib_t
/var/lib(64)?/openca/crypto/keys(/.*)?	system_u:object_r:openca_var_lib_keys_t
/usr/share/openca(/.*)?		system_u:object_r:openca_usr_share_t
/usr/share/openca/htdocs(/.*)?	system_u:object_r:httpd_sys_content_t
/usr/share/openca/cgi-bin/ca(/.*)?	system_u:object_r:openca_ca_exec_t
/var/run/sudo(/.*)?			system_u:object_r:pam_var_run_t
/sbin/pam_timestamp_check	 --	system_u:object_r:pam_exec_t
# pam_console_apply
/sbin/pam_console_apply	 --	system_u:object_r:pam_console_exec_t
# spasswd
/usr/bin/passwd		--	system_u:object_r:passwd_exec_t
/usr/bin/chsh		--	system_u:object_r:chfn_exec_t
/usr/bin/chfn		--	system_u:object_r:chfn_exec_t
/usr/sbin/vipw		--	system_u:object_r:admin_passwd_exec_t
/usr/sbin/vigr		--	system_u:object_r:admin_passwd_exec_t
/usr/bin/vipw		--	system_u:object_r:admin_passwd_exec_t
/usr/bin/vigr		--	system_u:object_r:admin_passwd_exec_t
# perdition POP and IMAP proxy
/usr/sbin/perdition	--	system_u:object_r:perdition_exec_t
/etc/perdition(/.*)?		system_u:object_r:etc_perdition_t
# ping
/bin/ping.* 		--	system_u:object_r:ping_exec_t
/usr/sbin/hping2	--	system_u:object_r:ping_exec_t
# portmap
/sbin/portmap		--	system_u:object_r:portmap_exec_t
/sbin/pmap_dump		--	system_u:object_r:portmap_exec_t
# portslave
/usr/sbin/portslave	--	system_u:object_r:portslave_exec_t
/usr/sbin/ctlportslave	--	system_u:object_r:portslave_exec_t
/etc/portslave(/.*)?		system_u:object_r:portslave_etc_t
/var/run/radius.((id)|(seq)) -- system_u:object_r:pppd_var_run_t
# postfix
/etc/mail/postfix-script.* -- system_u:object_r:postfix_exec_t
/etc/mail/prng_exch	--	system_u:object_r:postfix_prng_t
/usr/lib(64)?/postfix/.*	--	system_u:object_r:postfix_exec_t
/usr/lib(64)?/postfix/cleanup --	system_u:object_r:postfix_cleanup_exec_t
/usr/lib(64)?/postfix/local	--	system_u:object_r:postfix_local_exec_t
/usr/lib(64)?/postfix/master	--	system_u:object_r:postfix_master_exec_t
/usr/lib(64)?/postfix/pickup	--	system_u:object_r:postfix_pickup_exec_t
/usr/lib(64)?/postfix/(n)?qmgr --	system_u:object_r:postfix_qmgr_exec_t
/usr/lib(64)?/postfix/showq	--	system_u:object_r:postfix_showq_exec_t
/usr/lib(64)?/postfix/smtp	--	system_u:object_r:postfix_smtp_exec_t
/usr/lib(64)?/postfix/smtpd	--	system_u:object_r:postfix_smtpd_exec_t
/usr/lib(64)?/postfix/bounce	--	system_u:object_r:postfix_bounce_exec_t
/usr/lib(64)?/postfix/pipe	--	system_u:object_r:postfix_pipe_exec_t
/usr/sbin/postalias	--	system_u:object_r:postfix_master_exec_t
/usr/sbin/postcat	--	system_u:object_r:postfix_master_exec_t
/usr/sbin/postconf	--	system_u:object_r:postfix_master_exec_t
/usr/sbin/postdrop	--	system_u:object_r:postfix_postdrop_exec_t
/usr/sbin/postfix	--	system_u:object_r:postfix_master_exec_t
/usr/sbin/postkick	--	system_u:object_r:postfix_master_exec_t
/usr/sbin/postlock	--	system_u:object_r:postfix_master_exec_t
/usr/sbin/postlog	--	system_u:object_r:postfix_master_exec_t
/usr/sbin/postmap	--	system_u:object_r:postfix_master_exec_t
/usr/sbin/postqueue	--	system_u:object_r:postfix_postqueue_exec_t
/usr/sbin/postsuper	--	system_u:object_r:postfix_postsuper_exec_t
/usr/sbin/rmail		--	system_u:object_r:sendmail_exec_t
/var/spool/postfix(/[^/]+)?	system_u:object_r:postfix_spool_t
/var/spool/postfix/active(/.*)?	system_u:object_r:postfix_spool_t
/var/spool/postfix/hold(/.*)?	system_u:object_r:postfix_spool_t
/var/spool/postfix/incoming(/.*)? system_u:object_r:postfix_spool_t
/var/spool/postfix/maildrop(/.*)? system_u:object_r:postfix_spool_maildrop_t
/var/spool/postfix/pid	-d	system_u:object_r:var_run_t
/var/spool/postfix/pid/.*	system_u:object_r:postfix_var_run_t
/var/spool/postfix/private(/.*)? system_u:object_r:postfix_private_t
/var/spool/postfix/public(/.*)? system_u:object_r:postfix_public_t
/var/spool/postfix/defer(red)?(/.*)? system_u:object_r:postfix_spool_t
/var/spool/postfix/bounce(/.*)? system_u:object_r:postfix_spool_bounce_t
/var/spool/postfix/flush(/.*)?	system_u:object_r:postfix_spool_flush_t
/var/spool/postfix/etc(/.*)?	system_u:object_r:etc_t
/var/spool/postfix/lib(64)?(/.*)?	system_u:object_r:lib_t
/var/spool/postfix/usr(/.*)?	system_u:object_r:lib_t
/var/spool/postfix/lib(64)?/ld.*\.so.* -- system_u:object_r:ld_so_t
/var/spool/postfix/lib(64)?/lib.*\.so.* -- system_u:object_r:shlib_t
/var/spool/postfix/lib(64)?/[^/]*/lib.*\.so.* -- system_u:object_r:shlib_t
/var/spool/postfix/lib(64)?/devfsd/.*\.so.* -- system_u:object_r:shlib_t
# postgresql - ldap server
/usr/lib(64)?/postgresql/bin/.* --	system_u:object_r:postgresql_exec_t
/var/lib(64)?/postgres(/.*)?		system_u:object_r:postgresql_db_t
/var/run/postgresql(/.*)?	system_u:object_r:postgresql_var_run_t
/etc/postgresql(/.*)?		system_u:object_r:etc_postgresql_t
/var/log/postgres\.log.* --	system_u:object_r:postgresql_log_t
/var/log/postgresql(/.*)?	system_u:object_r:postgresql_log_t
# pppd
/usr/sbin/pppd		--	system_u:object_r:pppd_exec_t
/usr/sbin/ipppd		--	system_u:object_r:pppd_exec_t
/dev/ppp		-c	system_u:object_r:ppp_device_t
/dev/pppox.*		-c	system_u:object_r:ppp_device_t
/dev/ippp.*		-c	system_u:object_r:ppp_device_t
/var/run/pppd\.tdb	--	system_u:object_r:pppd_var_run_t
/etc/ppp/.*secrets	--	system_u:object_r:pppd_secret_t
/var/run/(i)?ppp.*pid	--	system_u:object_r:pppd_var_run_t
/var/log/ppp-connect-errors.* -- system_u:object_r:pppd_log_t
# prelink - prelink ELF shared libraries and binaries to speed up startup time
/usr/sbin/prelink		--	system_u:object_r:prelink_exec_t
/etc/prelink.conf		--	system_u:object_r:etc_prelink_t
/var/log/prelink.log		--	system_u:object_r:prelink_log_t
/etc/prelink.cache		--	system_u:object_r:prelink_cache_t
# privoxy
/usr/sbin/privoxy	--	system_u:object_r:privoxy_exec_t
/var/log/privoxy(/.*)?		system_u:object_r:privoxy_log_t
# procmail
/usr/bin/procmail	--	system_u:object_r:procmail_exec_t
# quota system
/var/lib(64)?/quota(/.*)?		system_u:object_r:quota_flag_t
/sbin/quota(check|on)	--	system_u:object_r:quota_exec_t
/(|home/|var/)a?quota.(user|group) -- system_u:object_r:quota_db_t
# radius
/etc/raddb(/.*)?                system_u:object_r:etc_radiusd_t
/usr/sbin/radiusd	--	system_u:object_r:radiusd_exec_t
/var/log/radiusd-freeradius(/.*)?       system_u:object_r:radiusd_log_t
/var/log/radius\.log.*	--	system_u:object_r:radiusd_log_t
/var/log/radius(/.*)?		system_u:object_r:radiusd_log_t
/var/log/radacct(/.*)?		system_u:object_r:radiusd_log_t
/var/log/radutmp	--	system_u:object_r:radiusd_log_t
/var/log/radwtmp.*	--	system_u:object_r:radiusd_log_t
/etc/cron\.(daily|monthly)/radiusd -- system_u:object_r:radiusd_exec_t
/etc/cron\.(daily|weekly|monthly)/freeradius -- system_u:object_r:radiusd_exec_t
/var/run/radiusd\.pid	--	system_u:object_r:radiusd_var_run_t
/var/run/radiusd(/.*)?		system_u:object_r:radiusd_var_run_t
# radvd
/etc/radvd\.conf	--	system_u:object_r:etc_radvd_t
/usr/sbin/radvd		--	system_u:object_r:radvd_exec_t
/var/run/radvd\.pid	--	system_u:object_r:radvd_var_run_t
/usr/bin/rhgb		--	system_u:object_r:rhgb_exec_t
#/etc/dbus-1(/.*)?		system_u:object_r:etc_dbusd_t
# rlogind and telnetd
/usr/sbin/in\.rlogind	--	system_u:object_r:rlogind_exec_t
/usr/sbin/in\.telnetd	--	system_u:object_r:rlogind_exec_t
/usr/lib(64)?/telnetlogin	--	system_u:object_r:rlogind_exec_t
/usr/kerberos/sbin/klogind --	system_u:object_r:rlogind_exec_t
/usr/kerberos/sbin/telnetd --	system_u:object_r:rlogind_exec_t
# RPC daemons
/sbin/rpc\..*		--	system_u:object_r:rpcd_exec_t
/usr/sbin/rpc\..*	--	system_u:object_r:rpcd_exec_t
/usr/sbin/rpc\.nfsd	--	system_u:object_r:nfsd_exec_t
/usr/sbin/exportfs	--	system_u:object_r:nfsd_exec_t
/usr/sbin/rpc\.mountd	--	system_u:object_r:nfsd_exec_t
/var/run/rpc.statd.pid	--	system_u:object_r:rpcd_var_run_t
/var/run/rpc.statd(/.*)?	system_u:object_r:rpcd_var_run_t
# rpm
/var/lib(64)?/rpm(/.*)?		system_u:object_r:rpm_var_lib_t
/var/lib(64)?/alternatives(/.*)?	system_u:object_r:rpm_var_lib_t
/bin/rpm 		--	system_u:object_r:rpm_exec_t
/var/log/rpmpkgs.*	--	system_u:object_r:rpm_log_t
/usr/share/redhat-config-network(/netconfig)?/[^/]+.py -- system_u:object_r:bin_t
/etc/sysconfig/networking/profiles/.*/resolv.conf -- system_u:object_r:resolv_conf_t
/etc/sysconfig/network-scripts/.*resolv.conf -- system_u:object_r:resolv_conf_t
#Red Hat daemons
/usr/sbin/swat		--	system_u:object_r:inetd_child_exec_t
/usr/sbin/in\.comsat	--	system_u:object_r:inetd_child_exec_t
/usr/bin/fam		--	system_u:object_r:inetd_child_exec_t
/usr/sbin/dbskkd-cdb	--	system_u:object_r:inetd_child_exec_t
/usr/sbin/imapd		--	system_u:object_r:inetd_child_exec_t
/usr/sbin/ipop2d	--	system_u:object_r:inetd_child_exec_t
/usr/bin/ktalkd		--	system_u:object_r:inetd_child_exec_t
/usr/sbin/ipop3d	--	system_u:object_r:inetd_child_exec_t
/usr/bin/rsync		--	system_u:object_r:inetd_child_exec_t
/usr/share/rhn/rhn_applet/applet.py -- system_u:object_r:bin_t
/usr/share/rhn/rhn_applet/eggtrayiconmodule.so -- system_u:object_r:shlib_t
/usr/share/authconfig/authconfig-gtk.py -- system_u:object_r:bin_t
/usr/share/hwbrowser/hwbrowser -- system_u:object_r:bin_t
/usr/share/redhat-config-httpd/redhat-config-httpd -- system_u:object_r:bin_t
/usr/share/redhat-config-services/redhat-config-services -- system_u:object_r:bin_t
/usr/share/redhat-logviewer/redhat-logviewer.py -- system_u:object_r:bin_t
/usr/share/system-config-date/system-config-date.py -- system_u:object_r:bin_t
/usr/share/system-config-display/system-config-display -- system_u:object_r:bin_t
/usr/share/system-config-keyboard/system-config-keyboard -- system_u:object_r:bin_t
/usr/share/system-config-language/system-config-language -- system_u:object_r:bin_t
/usr/share/system-config-mouse/system-config-mouse -- system_u:object_r:bin_t
/usr/share/system-config-netboot/system-config-netboot.py -- system_u:object_r:bin_t
/usr/share/system-config-nfs/system-config-nfs.py -- system_u:object_r:bin_t
/usr/share/system-config-rootpassword/system-config-rootpassword -- system_u:object_r:bin_t
/usr/share/system-config-samba/system-config-samba.py -- system_u:object_r:bin_t
/usr/share/system-config-securitylevel/system-config-securitylevel.py -- system_u:object_r:bin_t
/usr/share/system-config-services/serviceconf.py -- system_u:object_r:bin_t
/usr/share/system-config-soundcard/system-config-soundcard -- system_u:object_r:bin_t
/usr/share/system-config-users/system-config-users -- system_u:object_r:bin_t
# rshd.
/usr/sbin/in\.rshd	--	system_u:object_r:rshd_exec_t
/usr/kerberos/sbin/kshd	--	system_u:object_r:rshd_exec_t
# samba scripts
/usr/sbin/smbd		--	system_u:object_r:smbd_exec_t
/usr/sbin/nmbd		--	system_u:object_r:nmbd_exec_t
/etc/samba(/.*)?		system_u:object_r:samba_etc_t
/var/log/samba(/.*)?		system_u:object_r:samba_log_t
/var/cache/samba(/.*)?		system_u:object_r:samba_var_t
/var/lib(64)?/samba(/.*)?		system_u:object_r:samba_var_t
/etc/samba/secrets\.tdb	--	system_u:object_r:samba_secrets_t
/etc/samba/MACHINE\.SID	--	system_u:object_r:samba_secrets_t
# samba really wants write access to smbpasswd
/etc/samba/smbpasswd	--	system_u:object_r:samba_secrets_t
/var/run/samba/locking\.tdb --	system_u:object_r:smbd_var_run_t
/var/run/samba/connections\.tdb -- system_u:object_r:smbd_var_run_t
/var/run/samba/sessionid\.tdb -- system_u:object_r:smbd_var_run_t
/var/run/samba/brlock\.tdb --	system_u:object_r:smbd_var_run_t
/var/run/samba/namelist\.debug -- system_u:object_r:nmbd_var_run_t
/var/run/samba/messages\.tdb --	system_u:object_r:nmbd_var_run_t
/var/run/samba/unexpected\.tdb -- system_u:object_r:nmbd_var_run_t
/var/run/samba/smbd\.pid --	system_u:object_r:smbd_var_run_t
/var/run/samba/nmbd\.pid --	system_u:object_r:nmbd_var_run_t
# scannerdaemon
/usr/sbin/scannerdaemon		--	system_u:object_r:scannerdaemon_exec_t
/etc/scannerdaemon/scannerdaemon\.conf -- system_u:object_r:scannerdaemon_etc_t
/var/log/scannerdaemon\.log 	--	system_u:object_r:scannerdaemon_log_t
# screen
/usr/bin/screen		--	system_u:object_r:screen_exec_t
/home/[^/]+/\.screenrc	--	system_u:object_r:user_home_screen_t
/var/run/screen/S-[^/]+	-d	system_u:object_r:screen_dir_t
/var/run/screen/S-[^/]+/.*	<<none>>
# sendmail
/var/spool/(client)?mqueue(/.*)?	system_u:object_r:mqueue_spool_t
/var/log/sendmail\.st		--	system_u:object_r:sendmail_log_t
/var/log/mail(/.*)?			system_u:object_r:sendmail_log_t
# setfiles
/usr/sbin/setfiles.*	--	system_u:object_r:setfiles_exec_t
# seuser
/usr/bin/seuser	system_u:object_r:seuser_exec_t
/usr/apol/seuser.conf system_u:object_r:seuser_conf_t

# slapd - ldap server
/usr/sbin/slapd		--	system_u:object_r:slapd_exec_t
/var/lib(64)?/ldap(/.*)?		system_u:object_r:slapd_db_t
/var/lib(64)?/ldap/replog(/.*)?	system_u:object_r:slapd_replog_t
/var/run/slapd\.args	--	system_u:object_r:slapd_var_run_t
/etc/ldap/slapd\.conf	--	system_u:object_r:etc_slapd_t
/usr/lib(64)?/ldap/back.*so.* --	system_u:object_r:shlib_t
/var/run/slapd\.pid	--	system_u:object_r:slapd_var_run_t
# locate - file locater
/usr/bin/slocate		--	system_u:object_r:locate_exec_t
/var/lib(64)?/slocate(/.*)?			system_u:object_r:var_lib_locate_t
/etc/updatedb.conf		--	system_u:object_r:etc_locate_t
# snmpd
/usr/sbin/snmp(trap)?d	--	system_u:object_r:snmpd_exec_t
/var/lib(64)?/snmp(/.*)?		system_u:object_r:snmpd_var_lib_t
/etc/snmp/snmp(trap)?d\.conf -- system_u:object_r:etc_snmpd_t
/usr/share/snmp/mibs/\.index -- system_u:object_r:snmpd_var_lib_t
/var/run/snmpd\.pid	--	system_u:object_r:snmpd_var_run_t
/var/run/snmpd		-d	system_u:object_r:snmpd_var_run_t
# SNORT
/usr/sbin/snort	--	system_u:object_r:snort_exec_t
/etc/snort(/.*)?	system_u:object_r:snort_etc_t
/var/log/snort(/.*)?	system_u:object_r:snort_log_t
# sound servers, nas, yiff, etc
/usr/sbin/yiff		--	system_u:object_r:soundd_exec_t
/usr/bin/nasd		--	system_u:object_r:soundd_exec_t
/usr/bin/gpe-soundserver --	system_u:object_r:soundd_exec_t
/etc/nas(/.*)?			system_u:object_r:etc_soundd_t
/etc/yiff(/.*)?			system_u:object_r:etc_soundd_t
/var/state/yiff(/.*)?		system_u:object_r:soundd_state_t
/var/run/yiff-[0-9]+\.pid --	system_u:object_r:soundd_var_run_t
# sound
/bin/aumix-minimal	--	system_u:object_r:sound_exec_t
/etc/\.aumixrc		--	system_u:object_r:sound_file_t
/usr/sbin/spamd		--	system_u:object_r:spamd_exec_t
/usr/bin/spamd		--	system_u:object_r:spamd_exec_t
/usr/bin/sa-learn	--	system_u:object_r:spamd_exec_t
# speedmgmt
/usr/sbin/speedmgmt	--	system_u:object_r:speedmgmt_exec_t
# squid
/usr/sbin/squid		--	system_u:object_r:squid_exec_t
/var/cache/squid(/.*)?		system_u:object_r:squid_cache_t
/var/spool/squid(/.*)?		system_u:object_r:squid_cache_t
/var/log/squid(/.*)?		system_u:object_r:var_log_squid_t
/etc/squid\.conf	--	system_u:object_r:squid_conf_t
/var/run/squid\.pid	--	system_u:object_r:squid_var_run_t
/usr/share/squid(/.*)?		system_u:object_r:squid_conf_t
# ssh-agent
/usr/bin/ssh-agent	--	system_u:object_r:ssh_agent_exec_t
# ssh
/usr/bin/ssh		--	system_u:object_r:ssh_exec_t
# sshd
/etc/ssh/primes		--	system_u:object_r:sshd_key_t
/etc/ssh/ssh_host_key 	--	system_u:object_r:sshd_key_t
/etc/ssh/ssh_host_dsa_key --	system_u:object_r:sshd_key_t
/etc/ssh/ssh_host_rsa_key --	system_u:object_r:sshd_key_t
/usr/sbin/sshd	        --	system_u:object_r:sshd_exec_t
/root/\.ssh(/.*)?		system_u:object_r:sysadm_home_ssh_t
/home/[^/]+/\.ssh(/.*)?		system_u:object_r:user_home_ssh_t
# subsystems
/usr/lib(64)?/misc/sftp-server --	system_u:object_r:bin_t
/usr/libexec/openssh/sftp-server -- system_u:object_r:bin_t
/usr/lib(64)?/sftp-server	--	system_u:object_r:bin_t
# su
/bin/su			--	system_u:object_r:su_exec_t
# sudo
/usr/bin/sudo		--	system_u:object_r:sudo_exec_t
# sxid - ldap server
/usr/bin/sxid		--	system_u:object_r:sxid_exec_t
/var/log/sxid\.log.*	--	system_u:object_r:sxid_log_t
/var/log/setuid\.today.* --	system_u:object_r:sxid_log_t
/usr/sbin/checksecurity\.se --	system_u:object_r:sxid_exec_t
/var/log/setuid.*	--	system_u:object_r:sxid_log_t
# syslogd
/sbin/syslogd		--	system_u:object_r:syslogd_exec_t
/sbin/minilogd		--	system_u:object_r:syslogd_exec_t
/usr/sbin/syslogd	--	system_u:object_r:syslogd_exec_t
/sbin/syslog-ng		--	system_u:object_r:syslogd_exec_t
/dev/log		-s	system_u:object_r:devlog_t
/var/run/log		-s	system_u:object_r:devlog_t
/var/run/syslogd\.pid	--	system_u:object_r:syslogd_var_run_t
# sysstat and other sar programs
/usr/lib(64)?/atsar/atsa.*	--	system_u:object_r:sysstat_exec_t
/usr/lib(64)?/sysstat/sa.*	--	system_u:object_r:sysstat_exec_t
/usr/lib(64)?/sa/sadc	--	system_u:object_r:sysstat_exec_t
/var/log/atsar(/.*)?		system_u:object_r:var_log_sysstat_t
/var/log/sysstat(/.*)?		system_u:object_r:var_log_sysstat_t
/var/log/sa(/.*)?		system_u:object_r:var_log_sysstat_t
# tcpd
/usr/sbin/tcpd		--	system_u:object_r:tcpd_exec_t
# tftpd
/usr/sbin/in\.tftpd	--	system_u:object_r:tftpd_exec_t
/tftpboot(/.*)?			system_u:object_r:tftpdir_t
# tmpreaper or tmpwatch
/usr/sbin/tmpreaper	--	system_u:object_r:tmpreaper_exec_t
/usr/sbin/tmpwatch	--	system_u:object_r:tmpreaper_exec_t
# traceroute
/bin/traceroute.*	--	system_u:object_r:traceroute_exec_t
/usr/(s)?bin/traceroute.* --	system_u:object_r:traceroute_exec_t
/usr/bin/lft		--	system_u:object_r:traceroute_exec_t
/usr/bin/nmap		--	system_u:object_r:traceroute_exec_t
# transproxy - http transperant proxy
/usr/sbin/tproxy	--	system_u:object_r:transproxy_exec_t
/var/run/tproxy\.pid	--	system_u:object_r:transproxy_var_run_t
# udev
/sbin/udevsend	--	system_u:object_r:udev_exec_t
/sbin/udev	--	system_u:object_r:udev_exec_t
# User Mode Linux
/usr/bin/uml_switch	--	system_u:object_r:uml_switch_exec_t
/var/run/uml-utilities(/.*)?	system_u:object_r:uml_switch_var_run_t
/home/[^/]+/.uml(/.*)?		system_u:object_r:user_uml_rw_t
# User Mode Linux
# WARNING: Do not install this file on any machine that has hostile users.
/usr/lib(64)?/uml/uml_net	--	system_u:object_r:uml_net_exec_t
# updfstab
/usr/sbin/updfstab	--	system_u:object_r:updfstab_exec_t
# uptimed
/etc/uptimed.conf	--	system_u:object_r:etc_uptimed_t
/usr/sbin/uptimed	--	system_u:object_r:uptimed_exec_t
/var/spool/uptimed(/.*)?        system_u:object_r:uptimed_spool_t
# usbmodules
/usr/sbin/usbmodules	--	system_u:object_r:usbmodules_exec_t
/sbin/usbmodules	--	system_u:object_r:usbmodules_exec_t
#useradd
/usr/sbin/usermod	--	system_u:object_r:useradd_exec_t
/usr/sbin/useradd	--	system_u:object_r:useradd_exec_t
/usr/sbin/userdel	--	system_u:object_r:useradd_exec_t
#groupadd
/usr/sbin/groupmod	--	system_u:object_r:groupadd_exec_t
/usr/sbin/groupadd	--	system_u:object_r:groupadd_exec_t
/usr/sbin/groupdel	--	system_u:object_r:groupadd_exec_t
/usr/bin/gpasswd	--	system_u:object_r:groupadd_exec_t
/usr/sbin/gpasswd	--	system_u:object_r:groupadd_exec_t
/etc/security/console.apps(/.*)?	system_u:object_r:userhelper_conf_t
/usr/sbin/userhelper		--	system_u:object_r:userhelper_exec_t
# utempter
/usr/sbin/utempter	--	system_u:object_r:utempter_exec_t
#
# File contexts for VMWare.
# Contributed by Mark Westerman (mark.westerman@westcam.com)
# Changes made by NAI Labs.
# Tested with VMWare 3.1
#
/usr/bin/vmnet-bridge	--	system_u:object_r:vmware_exec_t
/usr/bin/vmnet-dhcpd	--	system_u:object_r:vmware_exec_t
/usr/bin/vmnet-natd	--	system_u:object_r:vmware_exec_t
/usr/bin/vmnet-netifup	--	system_u:object_r:vmware_exec_t
/usr/bin/vmnet-sniffer	--	system_u:object_r:vmware_exec_t
/usr/bin/vmware-config\.pl --	system_u:object_r:vmware_exec_t
/usr/bin/vmware-nmbd	--	system_u:object_r:vmware_exec_t
/usr/bin/vmware-ping	--	system_u:object_r:vmware_exec_t
/usr/bin/vmware-smbd	--	system_u:object_r:vmware_exec_t
/usr/bin/vmware-smbpasswd --	system_u:object_r:vmware_exec_t
/usr/bin/vmware-smbpasswd\.bin -- system_u:object_r:vmware_exec_t
/usr/bin/vmware-wizard	--	system_u:object_r:vmware_user_exec_t
/usr/bin/vmware		--	system_u:object_r:vmware_user_exec_t

/dev/vmmon		-c	system_u:object_r:vmware_device_t
/dev/vmnet.*		-c	system_u:object_r:vmware_device_t
/dev/plex86		-c	system_u:object_r:vmware_device_t

/etc/vmware.*(/.*)?		system_u:object_r:vmware_sys_conf_t
/usr/lib(64)?/vmware/config	--	system_u:object_r:vmware_sys_conf_t

/usr/lib(64)?/vmware/bin/vmware-mks -- system_u:object_r:vmware_user_exec_t
/usr/lib(64)?/vmware/bin/vmware-ui -- system_u:object_r:vmware_user_exec_t

#
# This is only an example of how to protect vmware session configuration
# files.  A general user can execute vmware and start a vmware session
# but the user can not modify the session configuration information
#/usr/local/vmware(/.*)?	system_u:object_r:vmware_user_file_t
#/usr/local/vmware/[^/]*/.*\.cfg -- system_u:object_r:vmware_user_conf_t

# The rules below assume that the user VMWare virtual disks are in the
# ~/vmware, and the preferences and license files are in ~/.vmware.
#
/home/[^/]+/\.vmware(/.*)?	system_u:object_r:vmware_user_file_t
/home/[^/]+/\vmware(/.*)?	system_u:object_r:vmware_user_file_t
/home/[^/]+/\vmware[^/]*/.*\.cfg -- system_u:object_r:vmware_user_conf_t
# watchdog
/usr/sbin/watchdog	--	system_u:object_r:watchdog_exec_t
/dev/watchdog		-c	system_u:object_r:watchdog_device_t
/var/log/watchdog(/.*)?		system_u:object_r:watchdog_log_t
/var/run/watchdog\.pid	--	system_u:object_r:watchdog_var_run_t
# xauth
/usr/X11R6/bin/xauth	--	system_u:object_r:xauth_exec_t
/home/[^/]+/\.Xauthority.* --	system_u:object_r:user_home_xauth_t
/root/\.Xauthority.*	 --	system_u:object_r:sysadm_home_xauth_t
# X Display Manager
/usr/bin/[xgkw]dm	--	system_u:object_r:xdm_exec_t
/usr/X11R6/bin/[xgkw]dm	--	system_u:object_r:xdm_exec_t
/usr/bin/gpe-dm		--	system_u:object_r:xdm_exec_t
/var/[xgk]dm(/.*)?		system_u:object_r:xserver_log_t
/usr/var/[xgkw]dm(/.*)?		system_u:object_r:xserver_log_t
/var/log/[kw]dm\.log	--	system_u:object_r:xserver_log_t
/var/log/gdm(/.*)?		system_u:object_r:xserver_log_t
/tmp/\.X0-lock		--	system_u:object_r:xdm_tmp_t
/etc/X11/Xsession[^/]*	--	system_u:object_r:xsession_exec_t
/etc/X11/wdm(/.*)?		system_u:object_r:etc_xdm_t
/etc/X11/wdm/Xsetup.*	--	system_u:object_r:xsession_exec_t
/etc/X11/wdm/Xstartup.*	--	system_u:object_r:xsession_exec_t
/etc/X11/wdm/Xreset.*	--	system_u:object_r:xsession_exec_t
/etc/X11/wdm/Xsession	--	system_u:object_r:xsession_exec_t
/etc/X11/xdm/Xsession	--	system_u:object_r:xsession_exec_t
/var/run/xdmctl(/.*)?		system_u:object_r:xdm_var_run_t
/var/run/console.*		system_u:object_r:xdm_var_run_t
/var/lib(64)?/kdm(/.*)?		system_u:object_r:xdm_var_lib_t

#
# Additional Xsession scripts
#
/etc/X11/xdm/GiveConsole	--	system_u:object_r:bin_t
/etc/X11/xdm/TakeConsole	--	system_u:object_r:bin_t
/etc/X11/xdm/Xsetup_0		--	system_u:object_r:bin_t
/etc/X11/xinit(/.*)?			system_u:object_r:bin_t
#
# Rules for kde login
#
/etc/kde/kdm/Xstartup   --		system_u:object_r:bin_t
/etc/kde/kdm/Xreset     --		system_u:object_r:bin_t
/etc/kde/kdm/backgroundrc	system_u:object_r:xdm_var_run_t
/usr/lib(64)?/qt-3.2/etc/settings(/.*)?	system_u:object_r:xdm_var_run_t
# xfs
/tmp/\.font-unix(/.*)?		system_u:object_r:xfs_tmp_t
/usr/X11R6/bin/xfs	--	system_u:object_r:xfs_exec_t
# X server
/dev/agpgart		-c	system_u:object_r:agp_device_t
/dev/dri(/.*)?			system_u:object_r:dri_device_t
/usr/X11R6/bin/Xwrapper	--	system_u:object_r:xserver_exec_t
/usr/X11R6/bin/X	--	system_u:object_r:xserver_exec_t
/usr/X11R6/bin/XFree86	--	system_u:object_r:xserver_exec_t
/usr/X11R6/bin/Xipaq	--	system_u:object_r:xserver_exec_t
/var/lib(64)?/xkb(/.*)?		system_u:object_r:var_lib_xkb_t
/usr/X11R6/lib(64)?/X11/xkb	-d	system_u:object_r:var_lib_xkb_t
/usr/X11R6/lib(64)?/X11/xkb/.* --	system_u:object_r:var_lib_xkb_t
/usr/X11R6/lib(64)?/X11/xkb/xkbcomp -- system_u:object_r:bin_t
/var/log/XFree86.*	--	system_u:object_r:xserver_log_t
/etc/init\.d/xfree86-common --	system_u:object_r:xserver_exec_t
/tmp/\.X11-unix		-d	system_u:object_r:xdm_xserver_tmp_t
/tmp/\.X11-unix/.*	-s	<<none>>
# ypbind
/sbin/ypbind		--	system_u:object_r:ypbind_exec_t
# ypserv
/usr/sbin/ypserv		--	system_u:object_r:ypserv_exec_t
/etc/ypserv.conf		--	system_u:object_r:ypserv_conf_t
# Zebra - BGP daemon
/usr/sbin/zebra		--	system_u:object_r:zebra_exec_t
/usr/sbin/bgpd		--	system_u:object_r:zebra_exec_t
/var/log/zebra(/.*)?		system_u:object_r:zebra_log_t
/etc/zebra(/.*)?		system_u:object_r:zebra_conf_t
