# Distro-specific customizations.

# Comment out all but the one that matches your distro.
# The policy .te files can then wrap distro-specific customizations with
# appropriate ifdefs.






# Allow users to execute the mount command

# Allow rpm to run unconfined.


# Allow privileged utilities like hotplug and insmod to run unconfined.


# Allow rc scripts to run unconfined, including any daemon
# started by an rc script that does not have a domain transition
# explicitly defined.

# Allow sysadm_t to directly start daemons


# Do not audit things that we know to be broken but which
# are not security risks


# Allow user_r to reach sysadm_r via su, sudo, or userhelper.
# Otherwise, only staff_r can do so.


# Allow xinetd to run unconfined, including any services it starts
# that do not have a domain transition explicitly defined.







































































































































































#
# This file describes the security contexts to be applied to files
# when the security policy is installed.  The setfiles program
# reads this file and labels files accordingly.
#
# Each specification has the form:
#       regexp [ -type ] ( context | <<none>> )
#
# By default, the regexp is an anchored match on both ends (i.e. a 
# caret (^) is prepended and a dollar sign ($) is appended automatically).
# This default may be overridden by using .* at the beginning and/or
# end of the regular expression.  
#
# The optional type field specifies the file type as shown in the mode
# field by ls, e.g. use -d to match only directories or -- to match only
# regular files.
#
# The value of <<none> may be used to indicate that matching files
# should not be relabeled.
#
# The last matching specification is used.
#
# If there are multiple hard links to a file that match
# different specifications and those specifications indicate
# different security contexts, then a warning is displayed
# but the file is still labeled based on the last matching
# specification other than <<none>>.
#
# Some of the files listed here get re-created during boot and therefore
# need type transition rules to retain the correct type. These files are
# listed here anyway so that if the setfiles program is used on a running
# system it does not relabel them to something we do not want. An example of
# this is /var/run/utmp.
#

#
# The security context for all files not otherwise specified.
#
/.*				system_u:object_r:default_t

#
# The root directory.
#
/			-d	system_u:object_r:root_t

#
# Ordinary user home directories.
# HOME_ROOT expands to all valid home directory prefixes found in /etc/passwd
# HOME_DIR expands to each user's home directory,
#                  and to HOME_ROOT/[^/]+ for each HOME_ROOT.
# ROLE expands to each user's role when role != user_r, and to "user" otherwise.
#
/home		-d	system_u:object_r:home_root_t
/home/[^/]+		-d	system_u:object_r:user_home_dir_t
/home/[^/]+/.+			system_u:object_r:user_home_t


#
# Mount points; do not relabel subdirectories, since
# we don't want to change any removable media by default.
/mnt(/[^/]*)?		-d	system_u:object_r:mnt_t
/mnt/[^/]*/.*			<<none>>
/media(/[^/]*)?		-d	system_u:object_r:mnt_t
/media/[^/]*/.*			<<none>>

#
# /var
#
/var(/.*)?			system_u:object_r:var_t
/var/catman(/.*)?		system_u:object_r:catman_t
/var/cache/man(/.*)?		system_u:object_r:catman_t
/var/yp(/.*)?			system_u:object_r:var_yp_t
/var/lib(/.*)?			system_u:object_r:var_lib_t
/var/lib/nfs(/.*)?		system_u:object_r:var_lib_nfs_t
/var/lib/texmf(/.*)?		system_u:object_r:tetex_data_t
/var/cache/fonts(/.*)?		system_u:object_r:tetex_data_t
/var/lock(/.*)?			system_u:object_r:var_lock_t
/var/tmp		-d	system_u:object_r:tmp_t
/var/tmp/.*			<<none>>
/var/tmp/vi\.recover	-d	system_u:object_r:tmp_t
/var/lib/nfs/rpc_pipefs(/*)?	<<none>>
/var/mailman/bin(/.*)?		system_u:object_r:bin_t
/var/mailman/pythonlib(/.*)?/.*\.so(\..*)?	-- system_u:object_r:shlib_t

#
# /var/ftp
#
/var/ftp/bin(/.*)?		system_u:object_r:bin_t
/var/ftp/bin/ls		--	system_u:object_r:ls_exec_t
/var/ftp/lib(64)?(/.*)?		system_u:object_r:lib_t
/var/ftp/lib(64)?/ld[^/]*\.so(\.[^/]*)* --	system_u:object_r:ld_so_t
/var/ftp/lib(64)?/lib[^/]*\.so(\.[^/]*)* --	system_u:object_r:shlib_t
/var/ftp/etc(/.*)?		system_u:object_r:etc_t

#
# /bin
#
/bin(/.*)?			system_u:object_r:bin_t
/bin/tcsh		--	system_u:object_r:shell_exec_t
/bin/bash		--	system_u:object_r:shell_exec_t
/bin/bash2		--	system_u:object_r:shell_exec_t
/bin/sash		--	system_u:object_r:shell_exec_t
/bin/d?ash		--	system_u:object_r:shell_exec_t
/bin/zsh.*		--	system_u:object_r:shell_exec_t
/usr/sbin/sesh		--	system_u:object_r:shell_exec_t
/bin/ls			--	system_u:object_r:ls_exec_t

#
# /boot
#
/boot(/.*)?			system_u:object_r:boot_t
/boot/System\.map-.*	--	system_u:object_r:system_map_t

#
# /dev
#
/u?dev(/.*)?			system_u:object_r:device_t
/u?dev/pts(/.*)?		<<none>>
/u?dev/cpu/.*		-c	system_u:object_r:cpu_device_t
/u?dev/microcode	-c	system_u:object_r:cpu_device_t
/u?dev/MAKEDEV		--	system_u:object_r:sbin_t
/u?dev/null		-c	system_u:object_r:null_device_t
/u?dev/full		-c	system_u:object_r:null_device_t
/u?dev/zero		-c	system_u:object_r:zero_device_t
/u?dev/console		-c	system_u:object_r:console_device_t
/u?dev/xconsole		-p	system_u:object_r:xconsole_device_t
/u?dev/(kmem|mem|port)	-c	system_u:object_r:memory_device_t
/u?dev/nvram		-c	system_u:object_r:memory_device_t
/u?dev/random		-c	system_u:object_r:random_device_t
/u?dev/urandom		-c	system_u:object_r:urandom_device_t
/u?dev/capi.*		-c	system_u:object_r:tty_device_t
/u?dev/dcbri[0-9]+	-c	system_u:object_r:tty_device_t
/u?dev/irlpt[0-9]+	-c	system_u:object_r:printer_device_t
/u?dev/ircomm[0-9]+	-c	system_u:object_r:tty_device_t
/u?dev/isdn.*		-c	system_u:object_r:tty_device_t
/u?dev/.*tty[^/]*	-c	system_u:object_r:tty_device_t
/u?dev/[pt]ty[abcdepqrstuvwxyz][0-9a-f]	-c system_u:object_r:bsdpty_device_t
/u?dev/cu.*		-c	system_u:object_r:tty_device_t
/u?dev/vcs[^/]*		-c	system_u:object_r:tty_device_t
/u?dev/ip2[^/]*		-c	system_u:object_r:tty_device_t
/u?dev/hvc.*		-c	system_u:object_r:tty_device_t
/u?dev/hvsi.*		-c	system_u:object_r:tty_device_t
/u?dev/ttySG.*		-c	system_u:object_r:tty_device_t
/u?dev/tty		-c	system_u:object_r:devtty_t
/dev/lp.*		-c	system_u:object_r:printer_device_t
/dev/par.*		-c	system_u:object_r:printer_device_t
/dev/usb/lp.*		-c	system_u:object_r:printer_device_t
/dev/usblp.*		-c	system_u:object_r:printer_device_t

/dev/root		-b	system_u:object_r:fixed_disk_device_t

/u?dev/[shmx]d[^/]*	-b	system_u:object_r:fixed_disk_device_t
/u?dev/dm-[0-9]+	-b	system_u:object_r:fixed_disk_device_t
/u?dev/sg[0-9]+		-c	system_u:object_r:scsi_generic_device_t
/u?dev/rd.*		-b	system_u:object_r:fixed_disk_device_t
/u?dev/i2o/hd[^/]*	-b	system_u:object_r:fixed_disk_device_t
/u?dev/ubd[^/]*		-b	system_u:object_r:fixed_disk_device_t
/u?dev/cciss/[^/]*	-b	system_u:object_r:fixed_disk_device_t
/u?dev/ida/[^/]*	-b	system_u:object_r:fixed_disk_device_t
/u?dev/dasd[^/]*	-b	system_u:object_r:fixed_disk_device_t
/u?dev/flash[^/]*	-b	system_u:object_r:fixed_disk_device_t
/u?dev/nb[^/]+		-b	system_u:object_r:fixed_disk_device_t
/u?dev/ataraid/.*	-b	system_u:object_r:fixed_disk_device_t
/u?dev/loop.*		-b	system_u:object_r:fixed_disk_device_t
/u?dev/net/.*		-c	system_u:object_r:tun_tap_device_t
/u?dev/ram.*		-b	system_u:object_r:fixed_disk_device_t
/u?dev/rawctl		-c	system_u:object_r:fixed_disk_device_t
/u?dev/raw/raw[0-9]+	-c	system_u:object_r:fixed_disk_device_t
/u?dev/scramdisk/.*	-b	system_u:object_r:fixed_disk_device_t
/u?dev/initrd		-b	system_u:object_r:fixed_disk_device_t
/u?dev/jsfd		-b	system_u:object_r:fixed_disk_device_t
/u?dev/js.*		-c	system_u:object_r:mouse_device_t
/u?dev/jsflash		-c	system_u:object_r:fixed_disk_device_t
/u?dev/s(cd|r)[^/]*	-b	system_u:object_r:removable_device_t
/u?dev/usb/rio500	-c	system_u:object_r:removable_device_t
/u?dev/fd[^/]+		-b	system_u:object_r:removable_device_t
# I think a parallel port disk is a removable device...
/u?dev/pd[a-d][^/]*	-b	system_u:object_r:removable_device_t
/u?dev/p[fg][0-3]	-b	system_u:object_r:removable_device_t
/u?dev/aztcd		-b	system_u:object_r:removable_device_t
/u?dev/bpcd		-b	system_u:object_r:removable_device_t
/u?dev/gscd		-b	system_u:object_r:removable_device_t
/u?dev/hitcd		-b	system_u:object_r:removable_device_t
/u?dev/pcd[0-3]		-b	system_u:object_r:removable_device_t
/u?dev/mcdx?		-b	system_u:object_r:removable_device_t
/u?dev/cdu.*		-b	system_u:object_r:removable_device_t
/u?dev/cm20.*		-b	system_u:object_r:removable_device_t
/u?dev/optcd		-b	system_u:object_r:removable_device_t
/u?dev/sbpcd.*		-b	system_u:object_r:removable_device_t
/u?dev/sjcd		-b	system_u:object_r:removable_device_t
/u?dev/sonycd		-b	system_u:object_r:removable_device_t
# parallel port ATAPI generic device
/u?dev/pg[0-3]		-c	system_u:object_r:removable_device_t
/u?dev/rtc		-c	system_u:object_r:clock_device_t
/u?dev/psaux		-c	system_u:object_r:mouse_device_t
/u?dev/atibm		-c	system_u:object_r:mouse_device_t
/u?dev/logibm		-c	system_u:object_r:mouse_device_t
/u?dev/.*mouse.*	-c	system_u:object_r:mouse_device_t
/u?dev/input/.*mouse.*	-c	system_u:object_r:mouse_device_t
/u?dev/input/event.*	-c	system_u:object_r:event_device_t
/u?dev/input/mice	-c	system_u:object_r:mouse_device_t
/u?dev/input/js.*	-c	system_u:object_r:mouse_device_t
/u?dev/ptmx		-c	system_u:object_r:ptmx_t
/u?dev/sequencer	-c	system_u:object_r:misc_device_t
/u?dev/fb[0-9]*		-c	system_u:object_r:framebuf_device_t
/u?dev/apm_bios		-c	system_u:object_r:apm_bios_t
/u?dev/cpu/mtrr		-c	system_u:object_r:mtrr_device_t
/u?dev/pmu		-c	system_u:object_r:power_device_t
/u?dev/(radio|video|vbi|vtx).* -c	system_u:object_r:v4l_device_t
/u?dev/winradio.	-c	system_u:object_r:v4l_device_t
/u?dev/vttuner		-c	system_u:object_r:v4l_device_t
/u?dev/tlk[0-3]		-c	system_u:object_r:v4l_device_t
/u?dev/adsp		-c	system_u:object_r:sound_device_t
/u?dev/mixer.*		-c	system_u:object_r:sound_device_t
/u?dev/dsp.*		-c	system_u:object_r:sound_device_t
/u?dev/audio.*		-c	system_u:object_r:sound_device_t
/u?dev/r?midi.*		-c	system_u:object_r:sound_device_t
/u?dev/sequencer2	-c	system_u:object_r:sound_device_t
/u?dev/smpte.*		-c	system_u:object_r:sound_device_t
/u?dev/sndstat		-c	system_u:object_r:sound_device_t
/u?dev/beep		-c	system_u:object_r:sound_device_t
/u?dev/patmgr[01]	-c	system_u:object_r:sound_device_t
/u?dev/mpu401.*		-c	system_u:object_r:sound_device_t
/u?dev/srnd[0-7]	-c	system_u:object_r:sound_device_t
/u?dev/aload.*		-c	system_u:object_r:sound_device_t
/u?dev/amidi.*		-c	system_u:object_r:sound_device_t
/u?dev/amixer.*		-c	system_u:object_r:sound_device_t
/u?dev/snd/.*		-c	system_u:object_r:sound_device_t
/u?dev/n?[hs]t[0-9].*	-c	system_u:object_r:tape_device_t
/u?dev/n?(raw)?[qr]ft[0-3] -c	system_u:object_r:tape_device_t
/u?dev/n?z?qft[0-3]	-c	system_u:object_r:tape_device_t
/u?dev/n?tpqic[12].*	-c	system_u:object_r:tape_device_t
/u?dev/ht[0-1]		-b	system_u:object_r:tape_device_t
/u?dev/n?osst[0-3].*	-c	system_u:object_r:tape_device_t
/u?dev/n?pt[0-9]+	-c	system_u:object_r:tape_device_t
/u?dev/tape.*		-c	system_u:object_r:tape_device_t

/u?dev/usb/scanner.*	-c	system_u:object_r:scanner_device_t
/u?dev/usb/dc2xx.*	-c	system_u:object_r:scanner_device_t
/u?dev/usb/mdc800.*	-c	system_u:object_r:scanner_device_t
/u?dev/usb/tty.*	-c	system_u:object_r:usbtty_device_t
/u?dev/mmetfgrab	-c	system_u:object_r:scanner_device_t
/u?dev/nvidia.*		-c	system_u:object_r:xserver_misc_device_t
/u?dev/dri/.+		-c	system_u:object_r:dri_device_t
/u?dev/radeon		-c	system_u:object_r:dri_device_t
/u?dev/agpgart		-c	system_u:object_r:agp_device_t

#
# Misc
#
/proc(/.*)?			<<none>>
/sys(/.*)?			<<none>>
/selinux(/.*)?			<<none>>

#
# /opt
#
/opt(/.*)?			system_u:object_r:usr_t
/opt/.*/lib(64)?(/.*)?				system_u:object_r:lib_t
/opt/.*/lib(64)?/.*\.so(\.[^/]*)*	--	system_u:object_r:shlib_t
/opt/.*/libexec(/.*)?	system_u:object_r:bin_t
/opt/.*/bin(/.*)?		system_u:object_r:bin_t
/opt/.*/sbin(/.*)?		system_u:object_r:sbin_t
/opt/.*/man(/.*)?		system_u:object_r:man_t
/opt/.*/var/lib(64)?(/.*)?		system_u:object_r:var_lib_t

#
# /etc
#
/etc(/.*)?			system_u:object_r:etc_t
/var/db/.*\.db		--	system_u:object_r:etc_t
/etc/\.pwd\.lock	--	system_u:object_r:shadow_t
/etc/passwd\.lock	--	system_u:object_r:shadow_t
/etc/group\.lock	--	system_u:object_r:shadow_t
/etc/shadow.*		--	system_u:object_r:shadow_t
/etc/gshadow.*		--	system_u:object_r:shadow_t
/var/db/shadow.*	--	system_u:object_r:shadow_t
/etc/blkid\.tab		--	system_u:object_r:etc_runtime_t
/etc/fstab\.REVOKE	--	system_u:object_r:etc_runtime_t
/etc/HOSTNAME		--	system_u:object_r:etc_runtime_t
/etc/ioctl\.save	--	system_u:object_r:etc_runtime_t
/etc/mtab		--	system_u:object_r:etc_runtime_t
/etc/motd		--	system_u:object_r:etc_runtime_t
/etc/issue		--	system_u:object_r:etc_runtime_t
/etc/issue\.net		--	system_u:object_r:etc_runtime_t
/etc/sysconfig/hwconf	--	system_u:object_r:etc_runtime_t
/etc/sysconfig/iptables\.save -- system_u:object_r:etc_runtime_t
/etc/sysconfig/firstboot --	system_u:object_r:etc_runtime_t
/etc/asound\.state	--	system_u:object_r:etc_runtime_t
/etc/ptal/ptal-printd-like -- 	system_u:object_r:etc_runtime_t

/etc/ld\.so\.cache	--	system_u:object_r:ld_so_cache_t
/etc/ld\.so\.preload	--	system_u:object_r:ld_so_cache_t
/etc/yp\.conf.*		--	system_u:object_r:net_conf_t
/etc/resolv\.conf.*	--	system_u:object_r:net_conf_t

/etc/selinux(/.*)?		system_u:object_r:selinux_config_t
/etc/security/selinux(/.*)?	system_u:object_r:policy_config_t	
/etc/security/selinux/src(/.*)?	system_u:object_r:policy_src_t
/etc/security/default_contexts.*	system_u:object_r:default_context_t
/etc/services		--	system_u:object_r:etc_t

/etc/selinux/[^/]*/policy(/.*)?	system_u:object_r:policy_config_t
/etc/selinux/[^/]*/src(/.*)?	system_u:object_r:policy_src_t
/etc/selinux/[^/]*/contexts(/.*)?	system_u:object_r:default_context_t
/etc/selinux/[^/]*/contexts/files(/.*)? system_u:object_r:file_context_t


#
# /lib(64)?
#
/lib(64)?(/.*)?					system_u:object_r:lib_t
/lib(64)?/.*\.so(\.[^/]*)*		--	system_u:object_r:shlib_t
/lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)*	--	system_u:object_r:ld_so_t

#
# /sbin
#
/sbin(/.*)?			system_u:object_r:sbin_t

#
# /tmp
#
/tmp			-d	system_u:object_r:tmp_t
/tmp/.*				<<none>>

#
# /usr
#
/usr(/.*)?			system_u:object_r:usr_t
/usr(/.*)?/lib(64)?(/.*)?	system_u:object_r:lib_t
/usr(/.*)?/lib(64)?/.*\.so(\.[^/]*)*	--	system_u:object_r:shlib_t
/usr(/.*)?/java/.*\.so(\.[^/]*)*	--	system_u:object_r:shlib_t
/usr(/.*)?/java/.*\.jar	--	system_u:object_r:shlib_t
/usr(/.*)?/java/.*\.jsa	--	system_u:object_r:shlib_t
/usr(/.*)?/lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* system_u:object_r:ld_so_t
/usr(/.*)?/bin(/.*)?		system_u:object_r:bin_t
/usr(/.*)?/Bin(/.*)?		system_u:object_r:bin_t
/usr(/.*)?/sbin(/.*)?		system_u:object_r:sbin_t
/usr/etc(/.*)?			system_u:object_r:etc_t
/usr/inclu.e(/.*)?		system_u:object_r:usr_t
/usr/libexec(/.*)?		system_u:object_r:bin_t
/usr/src(/.*)?			system_u:object_r:src_t
/usr/tmp		-d	system_u:object_r:tmp_t
/usr/tmp/.*			<<none>>
/usr/man(/.*)?			system_u:object_r:man_t
/usr/share/man(/.*)?		system_u:object_r:man_t
/usr/share/mc/extfs/.*	--	system_u:object_r:bin_t
/usr/share(/.*)?/lib(64)?(/.*)?	system_u:object_r:usr_t



#
# /usr/lib(64)?
#
/usr/lib(64)?/perl5/man(/.*)?	system_u:object_r:man_t
/usr/lib(64)?/selinux(/.*)?		system_u:object_r:policy_src_t
/usr/lib(64)?/emacsen-common/.*	system_u:object_r:bin_t

#
# /usr/local
#
/usr/local/etc(/.*)?		system_u:object_r:etc_t
/usr/local/src(/.*)?		system_u:object_r:src_t
/usr/local/man(/.*)?		system_u:object_r:man_t

#
# /usr/X11R6/man
#
/usr/X11R6/man(/.*)?		system_u:object_r:man_t

#
# Fonts dir
#
/usr/X11R6/lib/X11/fonts(/.*)?		system_u:object_r:fonts_t

/usr/share/fonts(/.*)?			system_u:object_r:fonts_t
/usr/share/ghostscript/fonts(/.*)?	system_u:object_r:fonts_t
/usr/local/share/fonts(/.*)?		system_u:object_r:fonts_t

#
# /var/run
#
/var/run(/.*)?			system_u:object_r:var_run_t
/var/run/.*\.*pid		<<none>>

#
# /var/spool
#
/var/spool(/.*)?		system_u:object_r:var_spool_t
/var/spool/texmf(/.*)?		system_u:object_r:tetex_data_t
/var/spool/(client)?mqueue(/.*)?	system_u:object_r:mqueue_spool_t

# 
# /var/log
#
/var/log(/.*)?			system_u:object_r:var_log_t
/var/log/wtmp.*		--	system_u:object_r:wtmp_t
/var/log/btmp.*		--	system_u:object_r:faillog_t
/var/log/faillog	--	system_u:object_r:faillog_t
/var/log/ksyms.*	--	system_u:object_r:var_log_ksyms_t
/var/log/dmesg		--	system_u:object_r:var_log_t
/var/log/lastlog	--	system_u:object_r:lastlog_t
/var/log/ksymoops(/.*)?		system_u:object_r:var_log_ksyms_t
/var/log/syslog		--	system_u:object_r:var_log_t

#
# Journal files
#
/\.journal			<<none>>
/usr/\.journal			<<none>>
/boot/\.journal			<<none>>
/home/\.journal		<<none>>
/var/\.journal			<<none>>
/tmp/\.journal			<<none>>
/usr/local/\.journal		<<none>>

#
# Lost and found directories.
#
/lost\+found(/.*)?		system_u:object_r:lost_found_t
/usr/lost\+found(/.*)?		system_u:object_r:lost_found_t
/boot/lost\+found(/.*)?		system_u:object_r:lost_found_t
/home/lost\+found(/.*)?	system_u:object_r:lost_found_t
/var/lost\+found(/.*)?		system_u:object_r:lost_found_t
/tmp/lost\+found(/.*)?		system_u:object_r:lost_found_t
/usr/local/lost\+found(/.*)?	system_u:object_r:lost_found_t

#
# system localization
#
/usr/share/zoneinfo(/.*)?	system_u:object_r:locale_t
/usr/share/locale(/.*)?		system_u:object_r:locale_t
/usr/lib/locale(/.*)?		system_u:object_r:locale_t
/etc/localtime		--	system_u:object_r:locale_t
/etc/localtime		-l	system_u:object_r:etc_t

#
# Gnu Cash
#
/usr/share/gnucash/finance-quote-check -- system_u:object_r:bin_t
/usr/share/gnucash/finance-quote-helper -- system_u:object_r:bin_t

#
# initrd mount point, only used during boot
#
/initrd			-d	system_u:object_r:root_t

#
#  The krb5.conf file is always being tested for writability, so
#  we defined a type to dontaudit
#
/etc/krb5\.conf		--	system_u:object_r:krb5_conf_t

#
# Thunderbird
#
/usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird --      system_u:object_r:bin_t
/usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird-bin -- system_u:object_r:bin_t
/usr/lib(64)?/[^/]*thunderbird[^/]*/run-mozilla\.sh -- system_u:object_r:bin_t
/usr/lib(64)?/[^/]*thunderbird[^/]*/mozilla-xremote-client -- system_u:object_r:bin_t

/usr/share/system-config-network(/netconfig)?/[^/]+\.py -- system_u:object_r:bin_t
/etc/sysconfig/networking/profiles/.*/resolv\.conf -- system_u:object_r:net_conf_t
/etc/sysconfig/network-scripts/.*resolv\.conf -- system_u:object_r:net_conf_t
/usr/share/rhn/rhn_applet/applet\.py -- system_u:object_r:bin_t
/usr/share/rhn/rhn_applet/eggtrayiconmodule\.so -- system_u:object_r:shlib_t
/usr/share/rhn/rhn_applet/needed-packages\.py	--	system_u:object_r:bin_t
/usr/share/authconfig/authconfig-gtk\.py -- system_u:object_r:bin_t
/usr/share/hwbrowser/hwbrowser -- system_u:object_r:bin_t
/usr/share/system-config-httpd/system-config-httpd -- system_u:object_r:bin_t
/usr/share/system-config-services/system-config-services -- system_u:object_r:bin_t
/usr/share/system-logviewer/system-logviewer\.py -- system_u:object_r:bin_t
/usr/share/system-config-date/system-config-date\.py -- system_u:object_r:bin_t
/usr/share/system-config-display/system-config-display -- system_u:object_r:bin_t
/usr/share/system-config-keyboard/system-config-keyboard -- system_u:object_r:bin_t
/usr/share/system-config-language/system-config-language -- system_u:object_r:bin_t
/usr/share/system-config-mouse/system-config-mouse -- system_u:object_r:bin_t
/usr/share/system-config-netboot/system-config-netboot\.py -- system_u:object_r:bin_t
/usr/share/system-config-netboot/pxeos\.py -- system_u:object_r:bin_t
/usr/share/system-config-netboot/pxeboot\.py -- system_u:object_r:bin_t
/usr/share/system-config-nfs/system-config-nfs\.py -- system_u:object_r:bin_t
/usr/share/system-config-rootpassword/system-config-rootpassword -- system_u:object_r:bin_t
/usr/share/system-config-samba/system-config-samba\.py -- system_u:object_r:bin_t
/usr/share/system-config-securitylevel/system-config-securitylevel\.py -- system_u:object_r:bin_t
/usr/share/system-config-services/serviceconf\.py -- system_u:object_r:bin_t
/usr/share/system-config-soundcard/system-config-soundcard -- system_u:object_r:bin_t
/usr/share/system-config-users/system-config-users -- system_u:object_r:bin_t
/usr/share/switchdesk/switchdesk-gui\.py	--	system_u:object_r:bin_t
/usr/share/system-config-network/neat-control\.py	--	system_u:object_r:bin_t
/usr/share/system-config-nfs/nfs-export\.py	--	system_u:object_r:bin_t
/usr/share/pydict/pydict\.py	--	system_u:object_r:bin_t
/usr/share/cvs/contrib/rcs2log	--	system_u:object_r:bin_t
/usr/share/pwlib/make/ptlib-config --	system_u:object_r:bin_t
/usr/share/texmf/web2c/mktexdir	--	system_u:object_r:bin_t
/usr/share/texmf/web2c/mktexnam	--	system_u:object_r:bin_t
/usr/share/texmf/web2c/mktexupd	--	system_u:object_r:bin_t



# berkeley process accounting
/sbin/accton	--	system_u:object_r:acct_exec_t
/usr/sbin/accton	--	system_u:object_r:acct_exec_t
/var/account(/.*)?		system_u:object_r:acct_data_t
/etc/cron\.(daily|monthly)/acct -- system_u:object_r:acct_exec_t
#
# Author:  Carsten Grohmann <carstengrohmann@gmx.de>
#

# amanda
/etc/amanda(/.*)?			system_u:object_r:amanda_config_t
/etc/amanda/.*/tapelist(/.*)?		system_u:object_r:amanda_data_t
/etc/amandates				system_u:object_r:amanda_amandates_t
/etc/dumpdates				system_u:object_r:amanda_dumpdates_t
/tmp/amanda(/.*)?			system_u:object_r:amanda_tmp_t
/usr/lib(64)?/amanda			-d	system_u:object_r:amanda_usr_lib_t
/usr/lib(64)?/amanda/amandad		--	system_u:object_r:amanda_inetd_exec_t
/usr/lib(64)?/amanda/amcat\.awk	--	system_u:object_r:amanda_script_exec_t
/usr/lib(64)?/amanda/amcleanupdisk	--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/amidxtaped	--	system_u:object_r:amanda_inetd_exec_t
/usr/lib(64)?/amanda/amindexd	--	system_u:object_r:amanda_inetd_exec_t
/usr/lib(64)?/amanda/amlogroll	--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/amplot\.awk	--	system_u:object_r:amanda_script_exec_t
/usr/lib(64)?/amanda/amplot\.g	--	system_u:object_r:amanda_script_exec_t
/usr/lib(64)?/amanda/amplot\.gp	--	system_u:object_r:amanda_script_exec_t
/usr/lib(64)?/amanda/amtrmidx	--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/amtrmlog	--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/calcsize	--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/chg-chio	--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/chg-chs		--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/chg-manual	--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/chg-mtx		--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/chg-multi	--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/chg-rth		--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/chg-scsi	--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/chg-zd-mtx	--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/driver		--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/dumper		--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/killpgrp	--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/patch-system	--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/planner		--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/rundump		--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/runtar		--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/selfcheck	--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/sendbackup	--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/sendsize	--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/taper		--	system_u:object_r:amanda_exec_t
/usr/lib(64)?/amanda/versionsuffix	--	system_u:object_r:amanda_exec_t
/usr/sbin/amadmin		--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amcheck		--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amcheckdb		--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amcleanup		--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amdump		--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amflush		--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amgetconf		--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amlabel		--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amoverview		--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amplot		--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amrecover		--	system_u:object_r:amanda_recover_exec_t
/usr/sbin/amreport		--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amrestore		--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amrmtape		--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amstatus		--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amtape		--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amtoc			--	system_u:object_r:amanda_user_exec_t
/usr/sbin/amverify		--	system_u:object_r:amanda_user_exec_t
/var/lib/amanda			-d	system_u:object_r:amanda_var_lib_t
/var/lib/amanda/\.amandahosts	--	system_u:object_r:amanda_config_t
/var/lib/amanda/\.bashrc	--	system_u:object_r:amanda_shellconfig_t
/var/lib/amanda/\.profile	--	system_u:object_r:amanda_shellconfig_t
/var/lib/amanda/disklist	--	system_u:object_r:amanda_data_t
/var/lib/amanda/gnutar-lists(/.*)?	system_u:object_r:amanda_gnutarlists_t
/var/lib/amanda/index			system_u:object_r:amanda_data_t
#
# Anaconda file context
# currently anaconda does not have any file context since it is started during install
# This is a placeholder to stop makefile from complaining
#
# apache
/home/[^/]+/((www)|(web)|(public_html))(/.+)? system_u:object_r:httpd_user_content_t
/var/www(/.*)?			system_u:object_r:httpd_sys_content_t
/var/www/cgi-bin(/.*)?		system_u:object_r:httpd_sys_script_exec_t
/usr/lib/cgi-bin(/.*)?		system_u:object_r:httpd_sys_script_exec_t
/var/www/perl(/.*)?		system_u:object_r:httpd_sys_script_exec_t
/var/www/icons(/.*)?		system_u:object_r:httpd_sys_content_t
/var/cache/httpd(/.*)?		system_u:object_r:httpd_cache_t
/etc/httpd		-d	system_u:object_r:httpd_config_t
/etc/httpd/conf.*		system_u:object_r:httpd_config_t
/etc/httpd/logs			system_u:object_r:httpd_log_t
/etc/httpd/modules		system_u:object_r:httpd_modules_t
/etc/apache(2)?(/.*)?		system_u:object_r:httpd_config_t
/etc/vhosts		--	system_u:object_r:httpd_config_t
/usr/lib(64)?/apache(/.*)?		system_u:object_r:httpd_modules_t
/usr/lib(64)?/apache2/modules(/.*)?	system_u:object_r:httpd_modules_t
/usr/lib(64)?/httpd(/.*)?		system_u:object_r:httpd_modules_t
/usr/sbin/httpd		--	system_u:object_r:httpd_exec_t
/usr/sbin/apache(2)?	--	system_u:object_r:httpd_exec_t
/usr/sbin/suexec	--	system_u:object_r:httpd_suexec_exec_t
/usr/lib(64)?/cgi-bin/(nph-)?cgiwrap(d)? -- system_u:object_r:httpd_suexec_exec_t
/usr/lib(64)?/apache(2)?/suexec(2)? -- system_u:object_r:httpd_suexec_exec_t
/var/log/httpd(/.*)?		system_u:object_r:httpd_log_t
/var/log/apache(2)?(/.*)?	system_u:object_r:httpd_log_t
/var/log/cgiwrap\.log.*	--	system_u:object_r:httpd_log_t
/var/cache/ssl.*\.sem	--	system_u:object_r:httpd_cache_t
/var/cache/mod_ssl(/.*)?	system_u:object_r:httpd_cache_t
/var/run/apache(2)?\.pid.* --	system_u:object_r:httpd_var_run_t
/var/lib/httpd(/.*)?		system_u:object_r:httpd_var_lib_t
/var/lib/php/session(/.*)?	system_u:object_r:httpd_var_run_t
/etc/apache-ssl(2)?(/.*)?	system_u:object_r:httpd_config_t
/usr/lib/apache-ssl(/.*)? --	system_u:object_r:httpd_exec_t
/usr/sbin/apache-ssl(2)? --	system_u:object_r:httpd_exec_t
/var/log/apache-ssl(2)?(/.*)?	system_u:object_r:httpd_log_t
/var/run/apache-ssl(2)?\.pid.* -- system_u:object_r:httpd_var_run_t
/var/run/gcache_port	-s	system_u:object_r:httpd_var_run_t

/var/lib/squirrelmail/prefs(/.*)?	system_u:object_r:httpd_squirrelmail_t
/usr/bin/htsslpass --	system_u:object_r:httpd_helper_exec_t
/usr/share/htdig(/.*)?		system_u:object_r:httpd_sys_content_t
/var/lib/htdig(/.*)?		system_u:object_r:httpd_sys_content_t
/etc/htdig(/.*)?		system_u:object_r:httpd_sys_content_t
# apmd
/usr/sbin/apmd		--	system_u:object_r:apmd_exec_t
/usr/sbin/acpid		--	system_u:object_r:apmd_exec_t
/usr/bin/apm		--	system_u:object_r:apm_exec_t
/var/run/apmd\.pid	--	system_u:object_r:apmd_var_run_t
/var/run/\.?acpid\.socket	-s	system_u:object_r:apmd_var_run_t
/var/log/acpid		--	system_u:object_r:apmd_log_t
/var/lib/acpi(/.*)?		system_u:object_r:apmd_var_lib_t
# arpwatch - keep track of ethernet/ip address pairings
/usr/sbin/arpwatch	--	system_u:object_r:arpwatch_exec_t
/var/arpwatch(/.*)?		system_u:object_r:arpwatch_data_t
/var/lib/arpwatch(/.*)?		system_u:object_r:arpwatch_data_t
# auditd
/sbin/auditd		--	system_u:object_r:auditd_exec_t
# automount
/usr/sbin/automount	--	system_u:object_r:automount_exec_t
/etc/apm/event\.d/autofs --	system_u:object_r:automount_exec_t
/var/run/autofs(/.*)?		system_u:object_r:automount_var_run_t
/etc/auto\..+		--	system_u:object_r:automount_etc_t
# backup
# label programs that do backups to other files on disk (IE a cron job that
# calls tar) in backup_exec_t and label the directory for storing them as
# backup_store_t, Debian uses /var/backups
#/usr/local/bin/backup-script -- system_u:object_r:backup_exec_t
/var/backups(/.*)?		system_u:object_r:backup_store_t
# bluetooth
/etc/bluetooth(/.*)?		system_u:object_r:bluetooth_conf_t
/usr/bin/rfcomm		--	system_u:object_r:bluetooth_exec_t
/usr/sbin/hcid		--	system_u:object_r:bluetooth_exec_t
/usr/sbin/sdpd		--	system_u:object_r:bluetooth_exec_t
/usr/sbin/hciattach	--	system_u:object_r:bluetooth_exec_t
/var/run/sdp		--	system_u:object_r:bluetooth_var_run_t
# bootloader
/etc/lilo\.conf.*	--	system_u:object_r:bootloader_etc_t
/initrd\.img.*		-l	system_u:object_r:boot_t
/sbin/lilo.*		--	system_u:object_r:bootloader_exec_t
/sbin/grub.*		--	system_u:object_r:bootloader_exec_t
/vmlinuz.*		-l	system_u:object_r:boot_t
/usr/sbin/mkinitrd	--	system_u:object_r:bootloader_exec_t
/sbin/mkinitrd		--	system_u:object_r:bootloader_exec_t
/etc/mkinitrd/scripts/.* --	system_u:object_r:bootloader_exec_t
/sbin/ybin.*		--	system_u:object_r:bootloader_exec_t
/etc/yaboot\.conf.*	--	system_u:object_r:bootloader_etc_t
# squid
/etc/cron\.daily/calamaris --	system_u:object_r:calamaris_exec_t
/var/www/calamaris(/.*)?	system_u:object_r:calamaris_www_t
/var/log/calamaris(/.*)?	system_u:object_r:calamaris_log_t
# canna.fc
/usr/sbin/cannaserver	--	system_u:object_r:canna_exec_t
/usr/sbin/jserver	--	system_u:object_r:canna_exec_t
/usr/bin/cannaping	--	system_u:object_r:canna_exec_t
/usr/bin/catdic		--	system_u:object_r:canna_exec_t
/var/log/canna(/.*)?		system_u:object_r:canna_log_t
/var/log/wnn(/.*)?		system_u:object_r:canna_log_t
/var/lib/canna/dic(/.*)?	system_u:object_r:canna_var_lib_t
/var/lib/wnn/dic(/.*)?	system_u:object_r:canna_var_lib_t
/var/run/\.iroha_unix	-d	system_u:object_r:canna_var_run_t
/var/run/\.iroha_unix/.* -s	system_u:object_r:canna_var_run_t
/var/run/wnn-unix(/.*)		system_u:object_r:canna_var_run_t
# cardmgr
/sbin/cardmgr		--	system_u:object_r:cardmgr_exec_t
/sbin/cardctl		--	system_u:object_r:cardctl_exec_t
/var/run/stab		--	system_u:object_r:cardmgr_var_run_t
/var/run/cardmgr\.pid	--	system_u:object_r:cardmgr_var_run_t
/etc/apm/event\.d/pcmcia --	system_u:object_r:cardmgr_exec_t
/var/lib/pcmcia(/.*)?		system_u:object_r:cardmgr_var_run_t
# cdrecord
/usr/bin/cdrecord	--	system_u:object_r:cdrecord_exec_t

# checkpolicy
/usr/bin/checkpolicy		--	system_u:object_r:checkpolicy_exec_t
/etc/selinux/policy/policy.* -- system_u:object_r:policy_config_t
/etc/selinux/.*/src/policy/policy.* -- system_u:object_r:policy_config_t	
# chkpwd
/sbin/unix_chkpwd	--	system_u:object_r:chkpwd_exec_t
/sbin/unix_verify	--	system_u:object_r:chkpwd_exec_t

/usr/sbin/chroot	--	system_u:object_r:chroot_exec_t
# biff server
/usr/sbin/in\.comsat	--	system_u:object_r:comsat_exec_t
# consoletype
/sbin/consoletype	--	system_u:object_r:consoletype_exec_t
# cpucontrol
/sbin/microcode_ctl	--	system_u:object_r:cpucontrol_exec_t
/etc/firmware/.*	--	system_u:object_r:cpucontrol_conf_t
# cpuspeed
/usr/sbin/cpuspeed	--	system_u:object_r:cpuspeed_exec_t
# crack - for password checking
/usr/sbin/crack_[a-z]*	--	system_u:object_r:crack_exec_t
/var/cache/cracklib(/.*)?	system_u:object_r:crack_db_t
/usr/lib(64)?/cracklib_dict.* --	system_u:object_r:crack_db_t
# crond
/etc/crontab		--	system_u:object_r:system_cron_spool_t
/etc/cron\.d(/.*)?		system_u:object_r:system_cron_spool_t
/usr/sbin/cron(d)?	--	system_u:object_r:crond_exec_t
/usr/sbin/anacron	--	system_u:object_r:anacron_exec_t
/var/spool/cron		-d	system_u:object_r:cron_spool_t
/var/spool/cron/crontabs -d	system_u:object_r:cron_spool_t
/var/spool/cron/crontabs/.* -- <<none>>
/var/spool/cron/crontabs/root -- system_u:object_r:sysadm_cron_spool_t
/var/spool/cron/root	--	system_u:object_r:sysadm_cron_spool_t
/var/spool/cron/[^/]*	--	<<none>>
/var/log/cron.*		--	system_u:object_r:crond_log_t
/var/run/crond\.reboot	--	system_u:object_r:crond_var_run_t
/var/run/crond?\.pid	--	system_u:object_r:crond_var_run_t
# fcron
/usr/sbin/fcron		--	system_u:object_r:crond_exec_t
/var/spool/fcron	-d	system_u:object_r:cron_spool_t
/var/spool/fcron/.*		<<none>>
/var/spool/fcron/systab\.orig --	system_u:object_r:system_cron_spool_t
/var/spool/fcron/systab	 --	system_u:object_r:system_cron_spool_t
/var/spool/fcron/new\.systab --	system_u:object_r:system_cron_spool_t
/var/run/fcron\.fifo	-s	system_u:object_r:crond_var_run_t
/var/run/fcron\.pid	--	system_u:object_r:crond_var_run_t
# atd
/usr/sbin/atd		--	system_u:object_r:crond_exec_t
/var/spool/at		-d	system_u:object_r:cron_spool_t
/var/spool/at/spool	-d	system_u:object_r:cron_spool_t
/var/spool/at/[^/]*	--	<<none>>
/var/run/atd\.pid	--	system_u:object_r:crond_var_run_t
# crontab
/usr/bin/(f)?crontab	--	system_u:object_r:crontab_exec_t
/usr/bin/at		--	system_u:object_r:crontab_exec_t
# cups printing
/etc/cups(/.*)?			system_u:object_r:cupsd_etc_t
/usr/share/cups(/.*)?		system_u:object_r:cupsd_etc_t
/etc/alchemist/namespace/printconf(/.*)? system_u:object_r:cupsd_rw_etc_t
/var/cache/alchemist/printconf.* system_u:object_r:cupsd_rw_etc_t
/etc/cups/client\.conf	--	system_u:object_r:etc_t
/etc/cups/cupsd\.conf.* --	system_u:object_r:cupsd_rw_etc_t
/etc/cups/lpoptions	--	system_u:object_r:cupsd_rw_etc_t
/etc/cups/printers\.conf.* --	system_u:object_r:cupsd_rw_etc_t
/etc/cups/ppd/.*	--	system_u:object_r:cupsd_rw_etc_t
/etc/cups/certs		-d	system_u:object_r:cupsd_rw_etc_t
/etc/cups/certs/.*	--	system_u:object_r:cupsd_rw_etc_t
/var/lib/cups/certs	-d	system_u:object_r:cupsd_rw_etc_t
/var/lib/cups/certs/.*	--	system_u:object_r:cupsd_rw_etc_t
/etc/cups/ppds\.dat	--	system_u:object_r:cupsd_rw_etc_t
/etc/cups/lpoptions.* 	--	system_u:object_r:cupsd_rw_etc_t
/etc/printcap.* 	--	system_u:object_r:cupsd_rw_etc_t
/usr/lib(64)?/cups/backend/.* --	system_u:object_r:cupsd_exec_t
/usr/lib(64)?/cups/daemon/.*	 --	system_u:object_r:cupsd_exec_t
/usr/sbin/cupsd		--	system_u:object_r:cupsd_exec_t

# cupsd_config depends on hald
/usr/bin/cups-config-daemon --	system_u:object_r:cupsd_config_exec_t
/usr/sbin/hal_lpadmin --	system_u:object_r:cupsd_config_exec_t
/usr/sbin/printconf-backend --	system_u:object_r:cupsd_config_exec_t

/var/log/cups(/.*)?		system_u:object_r:cupsd_log_t
/var/spool/cups(/.*)?		system_u:object_r:print_spool_t
/var/run/cups/printcap	--	system_u:object_r:cupsd_var_run_t
/usr/lib(64)?/cups/filter/.*	--	system_u:object_r:bin_t
/usr/lib(64)?/cups/cgi-bin/.* --	system_u:object_r:bin_t
/usr/bin/lpr\.cups	--	system_u:object_r:lpr_exec_t
/usr/bin/lpq\.cups	--	system_u:object_r:lpr_exec_t
/usr/bin/lprm\.cups	--	system_u:object_r:lpr_exec_t
/usr/sbin/ptal-printd	--	system_u:object_r:ptal_exec_t
/usr/sbin/ptal-mlcd	--	system_u:object_r:ptal_exec_t
/var/run/ptal-printd(/.*)?	system_u:object_r:ptal_var_run_t
/var/run/ptal-mlcd(/.*)?	system_u:object_r:ptal_var_run_t
/usr/share/foomatic/db/oldprinterids 	--	system_u:object_r:cupsd_rw_etc_t
# cyrus
/var/lib/imap(/.*)?				system_u:object_r:cyrus_var_lib_t
/usr/lib(64)?/cyrus-imapd/.*		 	--	system_u:object_r:bin_t
/usr/lib(64)?/cyrus-imapd/cyrus-master 		--	system_u:object_r:cyrus_exec_t	
# A dictionary server for the SKK Japanese input method system.
/usr/sbin/dbskkd-cdb	--	system_u:object_r:dbskkd_exec_t
/usr/bin/dbus-daemon-1	--	system_u:object_r:system_dbusd_exec_t
/etc/dbus-1(/.*)?		system_u:object_r:etc_dbusd_t
/var/run/dbus(/.*)?		system_u:object_r:system_dbusd_var_run_t
# dhcpcd 
/etc/dhcpc.*			system_u:object_r:dhcp_etc_t
/etc/dhcp3?/dhclient.*		system_u:object_r:dhcp_etc_t
/etc/dhclient.*conf	--	system_u:object_r:dhcp_etc_t
/etc/dhclient-script	--	system_u:object_r:dhcp_etc_t
/sbin/dhcpcd		--	system_u:object_r:dhcpc_exec_t
/sbin/dhclient.*	--	system_u:object_r:dhcpc_exec_t
/var/lib/dhcp(3)?/dhclient.*	system_u:object_r:dhcpc_state_t
/var/run/dhclient.*\.pid --	system_u:object_r:dhcpc_var_run_t
/var/run/dhclient.*\.leases --	system_u:object_r:dhcpc_var_run_t
# pump
/sbin/pump		--	system_u:object_r:dhcpc_exec_t

/var/lib/dhcp(3)?	-d	system_u:object_r:dhcp_state_t


# dhcpd
/etc/dhcpd\.conf	--	system_u:object_r:dhcp_etc_t
/etc/dhcp3(/.*)?		system_u:object_r:dhcp_etc_t
/usr/sbin/dhcpd.*	--	system_u:object_r:dhcpd_exec_t
/var/lib/dhcp(3)?/dhcpd\.leases.* -- system_u:object_r:dhcpd_state_t
/var/run/dhcpd\.pid	-d	system_u:object_r:dhcpd_var_run_t




# dictd
/etc/dictd\.conf		--	system_u:object_r:dictd_etc_t
/usr/sbin/dictd		--	system_u:object_r:dictd_exec_t
/var/lib/dictd(/.*)?		system_u:object_r:var_lib_dictd_t
# distcc
/usr/bin/distccd	--	system_u:object_r:distccd_exec_t
# dmesg
/bin/dmesg	--	system_u:object_r:dmesg_exec_t
# for Dovecot POP and IMAP server
/usr/sbin/dovecot		--	system_u:object_r:dovecot_exec_t

/usr/libexec/dovecot/dovecot-auth --	system_u:object_r:dovecot_auth_exec_t


/usr/share/ssl/certs/dovecot\.pem --	system_u:object_r:dovecot_cert_t
/usr/share/ssl/private/dovecot\.pem --	system_u:object_r:dovecot_cert_t
/var/run/dovecot(-login)?(/.*)?		system_u:object_r:dovecot_var_run_t
/usr/lib(64)?/dovecot/.+	--		system_u:object_r:bin_t
# fetchmail
/etc/fetchmailrc		--	system_u:object_r:fetchmail_etc_t
/usr/bin/fetchmail		--	system_u:object_r:fetchmail_exec_t
/var/run/fetchmail(/.*)?	--	system_u:object_r:fetchmail_var_run_t
/var/mail/\.fetchmail-UIDL-cache --	system_u:object_r:fetchmail_uidl_cache_t
# fingerd
/usr/sbin/in\.fingerd	--	system_u:object_r:fingerd_exec_t
/usr/sbin/[cef]fingerd	--	system_u:object_r:fingerd_exec_t
/etc/cron\.weekly/(c)?fingerd -- system_u:object_r:fingerd_exec_t
/etc/cfingerd(/.*)?		system_u:object_r:fingerd_etc_t
/var/log/cfingerd\.log.* --	system_u:object_r:fingerd_log_t
# firstboot
/usr/sbin/firstboot	-- system_u:object_r:firstboot_exec_t
/usr/share/firstboot	system_u:object_r:firstboot_rw_t
/usr/share/firstboot/firstboot\.py --	system_u:object_r:firstboot_exec_t
# fs admin daemons
/usr/sbin/smartd	--	system_u:object_r:fsdaemon_exec_t
/var/run/smartd\.pid	--	system_u:object_r:fsdaemon_var_run_t
/etc/smartd\.conf	--	system_u:object_r:etc_runtime_t
# fs admin utilities
/sbin/fsck.*		--	system_u:object_r:fsadm_exec_t
/sbin/mkfs.*		--	system_u:object_r:fsadm_exec_t
/sbin/e2fsck		--	system_u:object_r:fsadm_exec_t
/sbin/mkdosfs		--	system_u:object_r:fsadm_exec_t
/sbin/dosfsck		--	system_u:object_r:fsadm_exec_t
/sbin/reiserfs(ck|tune)	--	system_u:object_r:fsadm_exec_t
/sbin/mkreiserfs	--	system_u:object_r:fsadm_exec_t
/sbin/resize.*fs	--	system_u:object_r:fsadm_exec_t
/sbin/e2label		--	system_u:object_r:fsadm_exec_t
/sbin/findfs		--	system_u:object_r:fsadm_exec_t
/sbin/mkfs		--	system_u:object_r:fsadm_exec_t
/sbin/mke2fs		--	system_u:object_r:fsadm_exec_t
/sbin/mkswap		--	system_u:object_r:fsadm_exec_t
/sbin/scsi_info		--	system_u:object_r:fsadm_exec_t
/sbin/sfdisk		--	system_u:object_r:fsadm_exec_t
/sbin/cfdisk		--	system_u:object_r:fsadm_exec_t
/sbin/fdisk		--	system_u:object_r:fsadm_exec_t
/sbin/parted		--	system_u:object_r:fsadm_exec_t
/sbin/tune2fs		--	system_u:object_r:fsadm_exec_t
/sbin/dumpe2fs		--	system_u:object_r:fsadm_exec_t
/sbin/swapon.*		--	system_u:object_r:fsadm_exec_t
/sbin/hdparm		--	system_u:object_r:fsadm_exec_t
/sbin/raidstart		--	system_u:object_r:fsadm_exec_t
/sbin/mkraid		--	system_u:object_r:fsadm_exec_t
/sbin/blockdev		--	system_u:object_r:fsadm_exec_t
/sbin/losetup.*		--	system_u:object_r:fsadm_exec_t
/sbin/jfs_.*		--	system_u:object_r:fsadm_exec_t
/sbin/lsraid		--	system_u:object_r:fsadm_exec_t
/usr/sbin/smartctl	--	system_u:object_r:fsadm_exec_t
/sbin/install-mbr	--	system_u:object_r:fsadm_exec_t
/usr/bin/scsi_unique_id	--	system_u:object_r:fsadm_exec_t
/usr/bin/raw		--	system_u:object_r:fsadm_exec_t
/sbin/partx		--	system_u:object_r:fsadm_exec_t
/usr/bin/partition_uuid	--	system_u:object_r:fsadm_exec_t
/sbin/partprobe		--	system_u:object_r:fsadm_exec_t
# ftpd
/usr/sbin/in\.ftpd	--	system_u:object_r:ftpd_exec_t
/usr/sbin/proftpd	--	system_u:object_r:ftpd_exec_t
/usr/sbin/muddleftpd	--	system_u:object_r:ftpd_exec_t
/usr/sbin/ftpwho	--	system_u:object_r:ftpd_exec_t
/usr/kerberos/sbin/ftpd	--	system_u:object_r:ftpd_exec_t
/usr/sbin/vsftpd	--	system_u:object_r:ftpd_exec_t
/etc/proftpd\.conf	--	system_u:object_r:ftpd_etc_t
/var/run/proftpd/proftpd-inetd -- system_u:object_r:ftpd_var_run_t
/var/run/proftpd/proftpd\.scoreboard -- system_u:object_r:ftpd_var_run_t
/var/log/muddleftpd\.log.* --	system_u:object_r:xferlog_t
/var/log/xferlog.*	--	system_u:object_r:xferlog_t
/var/log/xferreport.*	--	system_u:object_r:xferlog_t
/etc/cron\.monthly/proftpd --	system_u:object_r:ftpd_exec_t
/var/ftp(/.*)?			system_u:object_r:ftpd_anon_t
#  games
/usr/lib(64)?/games/.* 	--	system_u:object_r:games_exec_t
/var/games(/.*)?		system_u:object_r:games_data_t
/usr/games/.*		--	system_u:object_r:games_exec_t
/var/lib/games(/.*)? 		system_u:object_r:games_data_t
/usr/bin/micq		--	system_u:object_r:games_exec_t
/usr/bin/blackjack	--	system_u:object_r:games_exec_t
/usr/bin/gataxx		--	system_u:object_r:games_exec_t
/usr/bin/glines		--	system_u:object_r:games_exec_t
/usr/bin/gnect		--	system_u:object_r:games_exec_t
/usr/bin/gnibbles	--	system_u:object_r:games_exec_t
/usr/bin/gnobots2	--	system_u:object_r:games_exec_t
/usr/bin/gnome-stones	--	system_u:object_r:games_exec_t
/usr/bin/gnomine	--	system_u:object_r:games_exec_t
/usr/bin/gnotravex	--	system_u:object_r:games_exec_t
/usr/bin/gnotski	--	system_u:object_r:games_exec_t
/usr/bin/gtali		--	system_u:object_r:games_exec_t
/usr/bin/iagno		--	system_u:object_r:games_exec_t
/usr/bin/mahjongg	--	system_u:object_r:games_exec_t
/usr/bin/same-gnome	--	system_u:object_r:games_exec_t
/usr/bin/sol		--	system_u:object_r:games_exec_t
/usr/bin/atlantik	--	system_u:object_r:games_exec_t
/usr/bin/kasteroids	--	system_u:object_r:games_exec_t
/usr/bin/katomic	--	system_u:object_r:games_exec_t
/usr/bin/kbackgammon	--	system_u:object_r:games_exec_t
/usr/bin/kbattleship	--	system_u:object_r:games_exec_t
/usr/bin/kblackbox	--	system_u:object_r:games_exec_t
/usr/bin/kbounce	--	system_u:object_r:games_exec_t
/usr/bin/kenolaba	--	system_u:object_r:games_exec_t
/usr/bin/kfouleggs	--	system_u:object_r:games_exec_t
/usr/bin/kgoldrunner	--	system_u:object_r:games_exec_t
/usr/bin/kjumpingcube	--	system_u:object_r:games_exec_t
/usr/bin/klickety	--	system_u:object_r:games_exec_t
/usr/bin/klines		--	system_u:object_r:games_exec_t
/usr/bin/kmahjongg	--	system_u:object_r:games_exec_t
/usr/bin/kmines		--	system_u:object_r:games_exec_t
/usr/bin/kolf		--	system_u:object_r:games_exec_t
/usr/bin/konquest	--	system_u:object_r:games_exec_t
/usr/bin/kpat		--	system_u:object_r:games_exec_t
/usr/bin/kpoker		--	system_u:object_r:games_exec_t
/usr/bin/kreversi	--	system_u:object_r:games_exec_t
/usr/bin/ksame		--	system_u:object_r:games_exec_t
/usr/bin/kshisen	--	system_u:object_r:games_exec_t
/usr/bin/ksirtet	--	system_u:object_r:games_exec_t
/usr/bin/ksmiletris	--	system_u:object_r:games_exec_t
/usr/bin/ksnake		--	system_u:object_r:games_exec_t
/usr/bin/ksokoban	--	system_u:object_r:games_exec_t
/usr/bin/kspaceduel	--	system_u:object_r:games_exec_t
/usr/bin/ktron		--	system_u:object_r:games_exec_t
/usr/bin/ktuberling	--	system_u:object_r:games_exec_t
/usr/bin/kwin4		--	system_u:object_r:games_exec_t
/usr/bin/kwin4proc	--	system_u:object_r:games_exec_t
/usr/bin/lskat		--	system_u:object_r:games_exec_t
/usr/bin/lskatproc	--	system_u:object_r:games_exec_t
/usr/bin/Maelstrom	--	system_u:object_r:games_exec_t

# getty
/sbin/.*getty		--	system_u:object_r:getty_exec_t
/etc/mgetty(/.*)?		system_u:object_r:getty_etc_t
# gnome-pty-helper
/usr/sbin/gnome-pty-helper --	system_u:object_r:gph_exec_t
/usr/lib(64)?/vte/gnome-pty-helper --	system_u:object_r:gph_exec_t
# gpg-agent
/usr/bin/gpg-agent	--	system_u:object_r:gpg_agent_exec_t
/usr/bin/pinentry.*	--	system_u:object_r:pinentry_exec_t
# gpg
/home/[^/]+/\.gnupg(/.+)?	system_u:object_r:user_gpg_secret_t
/usr/bin/gpg		--	system_u:object_r:gpg_exec_t
# gpm
/dev/gpmctl		-s	system_u:object_r:gpmctl_t
/dev/gpmdata		-p	system_u:object_r:gpmctl_t
/usr/sbin/gpm		--	system_u:object_r:gpm_exec_t
/etc/gpm(/.*)?			system_u:object_r:gpm_conf_t
# hald - hardware information daemon
/usr/sbin/hald		--	system_u:object_r:hald_exec_t
/usr/libexec/hal-hotplug-map -- system_u:object_r:hald_exec_t
/etc/hal/device\.d/printer_remove\.hal -- system_u:object_r:hald_exec_t
/etc/hal/capability\.d/printer_update\.hal -- system_u:object_r:hald_exec_t
/usr/share/hal/device-manager/hal-device-manager -- system_u:object_r:bin_t
/bin/hostname		--	system_u:object_r:hostname_exec_t
# hotplug
/etc/hotplug(/.*)?		system_u:object_r:hotplug_etc_t
/sbin/hotplug		--	system_u:object_r:hotplug_exec_t
/sbin/netplugd		--	system_u:object_r:hotplug_exec_t
/etc/hotplug\.d/.*	--	system_u:object_r:hotplug_exec_t
/etc/hotplug\.d/default/default.* system_u:object_r:sbin_t
/etc/netplug\.d(/.*)? 	 	system_u:object_r:sbin_t
/etc/hotplug/.*agent	--	system_u:object_r:sbin_t
/etc/hotplug/.*rc	-- 	system_u:object_r:sbin_t
/etc/hotplug/hotplug\.functions --	system_u:object_r:sbin_t
/var/run/usb(/.*)?		system_u:object_r:hotplug_var_run_t
/var/run/hotplug(/.*)?		system_u:object_r:hotplug_var_run_t
/etc/hotplug/firmware.agent	--	system_u:object_r:hotplug_exec_t
/usr/bin/nifd	--	system_u:object_r:howl_exec_t
/usr/bin/mDNSResponder	--	system_u:object_r:howl_exec_t
/var/run/nifd\.pid --	system_u:object_r:howl_var_run_t
# hwclock
/sbin/hwclock		--	system_u:object_r:hwclock_exec_t
/etc/adjtime		--	system_u:object_r:adjtime_t
# i18n_input.fc
/usr/sbin/htt                   --     system_u:object_r:i18n_input_exec_t
/usr/sbin/htt_server            --     system_u:object_r:i18n_input_exec_t
/usr/bin/httx                   --     system_u:object_r:i18n_input_exec_t
/usr/bin/htt_xbe                --     system_u:object_r:i18n_input_exec_t
/usr/lib(64)?/im/.*\.so.*       --     system_u:object_r:shlib_t
/var/run/iiim(/.*)?		       system_u:object_r:i18n_input_var_run_t
# ifconfig
/sbin/ifconfig		--	system_u:object_r:ifconfig_exec_t
/sbin/iwconfig		--	system_u:object_r:ifconfig_exec_t
/sbin/ip		--	system_u:object_r:ifconfig_exec_t
/sbin/tc		--	system_u:object_r:ifconfig_exec_t
/usr/sbin/tc		--	system_u:object_r:ifconfig_exec_t
/bin/ip			--	system_u:object_r:ifconfig_exec_t
/sbin/ethtool		--	system_u:object_r:ifconfig_exec_t
/sbin/mii-tool		--	system_u:object_r:ifconfig_exec_t
/sbin/ipx_interface	--	system_u:object_r:ifconfig_exec_t
/sbin/ipx_configure	--	system_u:object_r:ifconfig_exec_t
/sbin/ipx_internal_net	--	system_u:object_r:ifconfig_exec_t
# inetd
/usr/sbin/inetd		--	system_u:object_r:inetd_exec_t
/usr/sbin/xinetd	--	system_u:object_r:inetd_exec_t
/usr/sbin/rlinetd	--	system_u:object_r:inetd_exec_t
/usr/sbin/identd	--	system_u:object_r:inetd_child_exec_t
/usr/sbin/in\..*d	--	system_u:object_r:inetd_child_exec_t
/var/log/(x)?inetd\.log	--	system_u:object_r:inetd_log_t
/var/run/inetd\.pid	--	system_u:object_r:inetd_var_run_t
# init
/dev/initctl		-p	system_u:object_r:initctl_t
/sbin/init		--	system_u:object_r:init_exec_t
# init rc scripts
/etc/X11/prefdm		--	system_u:object_r:initrc_exec_t
/etc/rc\.d/rc		--	system_u:object_r:initrc_exec_t
/etc/rc\.d/rc\.sysinit	--	system_u:object_r:initrc_exec_t
/etc/rc\.d/rc\.local	--	system_u:object_r:initrc_exec_t
/etc/rc\.d/init\.d/.*	--	system_u:object_r:initrc_exec_t
/etc/rc\.d/init\.d/functions -- system_u:object_r:etc_t
/etc/init\.d/.*		--	system_u:object_r:initrc_exec_t
/etc/init\.d/functions	--	system_u:object_r:etc_t
/var/run/utmp		--	system_u:object_r:initrc_var_run_t
/var/run/runlevel\.dir		system_u:object_r:initrc_var_run_t
/var/run/random-seed	--	system_u:object_r:initrc_var_run_t
/var/run/setmixer_flag	--	system_u:object_r:initrc_var_run_t




# run_init
/usr/sbin/run_init	--	system_u:object_r:run_init_exec_t

/etc/nologin.*		--	system_u:object_r:etc_runtime_t
/etc/nohotplug		--	system_u:object_r:etc_runtime_t

/halt			--	system_u:object_r:etc_runtime_t
/\.autofsck		--	system_u:object_r:etc_runtime_t

# innd
/usr/sbin/innd.*	--	system_u:object_r:innd_exec_t
/var/run/innd(/.*)?		system_u:object_r:innd_var_run_t
/etc/news(/.*)?			system_u:object_r:innd_etc_t
/etc/news/boot		--	system_u:object_r:innd_exec_t
/var/spool/news(/.*)?		system_u:object_r:news_spool_t
/var/log/news(/.*)?		system_u:object_r:innd_log_t
/var/lib/news(/.*)?		system_u:object_r:innd_var_lib_t
/var/run/news(/.*)?	 	system_u:object_r:innd_var_run_t
/usr/sbin/in\.nnrpd	--	system_u:object_r:innd_exec_t
/usr/bin/inews		--	system_u:object_r:innd_exec_t
/usr/bin/rnews		--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin(/.*)?		system_u:object_r:bin_t
/usr/lib(64)?/news/bin/innd 	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/actsync	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/archive	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/batcher	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/buffchan	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/convdate	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/ctlinnd	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/cvtbatch	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/expire	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/expireover	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/fastrm	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/filechan	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/getlist	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/grephistory	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/inews	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/innconfval	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/inndf	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/inndstart	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/innfeed	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/innxbatch	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/innxmit	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/makedbz	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/makehistory	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/newsrequeue	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/nnrpd	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/nntpget	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/ovdb_recover	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/overchan	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/prunehistory	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/rnews	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/shlock	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/shrinkfile	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/sm	--	system_u:object_r:innd_exec_t
/usr/lib(64)?/news/bin/startinnfeed	--	system_u:object_r:innd_exec_t
# IPSEC utilities and daemon.

/etc/ipsec\.secrets	--	system_u:object_r:ipsec_key_file_t
/etc/ipsec\.conf	--	system_u:object_r:ipsec_conf_file_t
/etc/ipsec\.d(/.*)?		system_u:object_r:ipsec_key_file_t
/usr/lib(64)?/ipsec/.*	--	system_u:object_r:sbin_t
/usr/lib(64)?/ipsec/_plutoload -- 	system_u:object_r:ipsec_mgmt_exec_t
/usr/lib(64)?/ipsec/_plutorun  --	system_u:object_r:ipsec_mgmt_exec_t
/usr/local/lib(64)?/ipsec/.*	--	system_u:object_r:sbin_t
/usr/libexec/ipsec/eroute	--	system_u:object_r:ipsec_exec_t
/usr/lib(64)?/ipsec/eroute	--	system_u:object_r:ipsec_exec_t
/usr/local/lib(64)?/ipsec/eroute --	system_u:object_r:ipsec_exec_t
/usr/libexec/ipsec/klipsdebug	--	system_u:object_r:ipsec_exec_t
/usr/lib(64)?/ipsec/klipsdebug --	system_u:object_r:ipsec_exec_t
/usr/local/lib(64)?/ipsec/klipsdebug -- system_u:object_r:ipsec_exec_t
/usr/libexec/ipsec/pluto	--	system_u:object_r:ipsec_exec_t
/usr/lib(64)?/ipsec/pluto	--	system_u:object_r:ipsec_exec_t
/usr/local/lib(64)?/ipsec/pluto --	system_u:object_r:ipsec_exec_t
/usr/libexec/ipsec/spi	--	system_u:object_r:ipsec_exec_t
/usr/lib(64)?/ipsec/spi	--	system_u:object_r:ipsec_exec_t
/usr/local/lib(64)?/ipsec/spi --	system_u:object_r:ipsec_exec_t
/var/run/pluto(/.*)?		system_u:object_r:ipsec_var_run_t

# Kame
/usr/sbin/racoon	--	system_u:object_r:ipsec_exec_t
/usr/sbin/setkey	--	system_u:object_r:ipsec_exec_t
/etc/racoon(/.*)?		system_u:object_r:ipsec_conf_file_t
/etc/racoon/certs(/.*)?	system_u:object_r:ipsec_key_file_t
/etc/racoon/psk\.txt	--	system_u:object_r:ipsec_key_file_t
# iptables
/sbin/ipchains.*	--	system_u:object_r:iptables_exec_t
/sbin/iptables.* 	--	system_u:object_r:iptables_exec_t
/sbin/ip6tables.*	--	system_u:object_r:iptables_exec_t
/usr/sbin/ipchains.*	--	system_u:object_r:iptables_exec_t
/usr/sbin/iptables.* 	--	system_u:object_r:iptables_exec_t
/usr/sbin/ip6tables.*	--	system_u:object_r:iptables_exec_t

# irc clients
/usr/bin/[st]irc	--	system_u:object_r:irc_exec_t
/usr/bin/ircII		--	system_u:object_r:irc_exec_t
/usr/bin/tinyirc	--	system_u:object_r:irc_exec_t
/home/[^/]+/\.ircmotd	--	system_u:object_r:user_home_irc_t
# ircd - irc server
/usr/sbin/(dancer-)?ircd --	system_u:object_r:ircd_exec_t
/etc/(dancer-)?ircd(/.*)?	system_u:object_r:ircd_etc_t
/var/log/(dancer-)?ircd(/.*)?	system_u:object_r:ircd_log_t
/var/lib/dancer-ircd(/.*)?	system_u:object_r:ircd_var_lib_t
/var/run/dancer-ircd(/.*)?	system_u:object_r:ircd_var_run_t
# irqbalance
/usr/sbin/irqbalance	-- system_u:object_r:irqbalance_exec_t
# MIT Kerberos krbkdc, kadmind
/etc/krb5\.keytab       		system_u:object_r:krb5_keytab_t
/usr(/local)?(/kerberos)?/sbin/krb5kdc --	system_u:object_r:krb5kdc_exec_t
/usr(/local)?(/kerberos)?/sbin/kadmind --	system_u:object_r:kadmind_exec_t
/var/kerberos/krb5kdc(/.*)?		system_u:object_r:krb5kdc_conf_t
/usr/local/var/krb5kdc(/.*)?		system_u:object_r:krb5kdc_conf_t
/var/kerberos/krb5kdc/principal.*	system_u:object_r:krb5kdc_principal_t
/usr/local/var/krb5kdc/principal.*	system_u:object_r:krb5kdc_principal_t
/var/log/krb5kdc\.log			system_u:object_r:krb5kdc_log_t
/var/log/kadmind\.log			system_u:object_r:kadmind_log_t
/usr(/local)?/bin/ksu		--	system_u:object_r:su_exec_t
/usr/kerberos/sbin/login\.krb5	--	system_u:object_r:login_exec_t
# klogd
/sbin/klogd		--	system_u:object_r:klogd_exec_t
/usr/sbin/klogd		--	system_u:object_r:klogd_exec_t
/var/run/klogd\.pid	--	system_u:object_r:klogd_var_run_t
# kde talk daemon 
/usr/bin/ktalkd	--	system_u:object_r:ktalkd_exec_t
# kudzu
/usr/sbin/kudzu	--	system_u:object_r:kudzu_exec_t
/sbin/kmodule	--	system_u:object_r:kudzu_exec_t
/sbin/ldconfig		--	system_u:object_r:ldconfig_exec_t
# load_policy
/usr/sbin/load_policy		--	system_u:object_r:load_policy_exec_t
/sbin/load_policy		--	system_u:object_r:load_policy_exec_t
# loadkeys
/bin/unikeys		--	system_u:object_r:loadkeys_exec_t
/bin/loadkeys		--	system_u:object_r:loadkeys_exec_t
# lockdev 
/usr/sbin/lockdev	--	system_u:object_r:lockdev_exec_t
# login
/bin/login		--	system_u:object_r:login_exec_t
# logrotate
/usr/sbin/logrotate	--	system_u:object_r:logrotate_exec_t
/usr/sbin/logcheck	--	system_u:object_r:logrotate_exec_t

/etc/cron\.(daily|weekly)/sysklogd -- system_u:object_r:logrotate_exec_t
/var/lib/logrotate\.status --	system_u:object_r:logrotate_var_lib_t
/var/lib/logcheck(/.*)?		system_u:object_r:logrotate_var_lib_t
# using a hard-coded name under /var/tmp is a bug - new version fixes it
/var/tmp/logcheck	-d	system_u:object_r:logrotate_tmp_t
# lpd
/dev/printer		-s	system_u:object_r:printer_t
/usr/sbin/lpd		--	system_u:object_r:lpd_exec_t
/usr/sbin/checkpc	--	system_u:object_r:checkpc_exec_t
/var/spool/lpd(/.*)?		system_u:object_r:print_spool_t
/usr/share/printconf/.* --	system_u:object_r:printconf_t
/usr/share/printconf/util/print\.py -- system_u:object_r:bin_t
/var/run/lprng(/.*)?		system_u:object_r:lpd_var_run_t
# lp utilities.
/usr/bin/lpr		--	system_u:object_r:lpr_exec_t
/usr/bin/lpq		--	system_u:object_r:lpr_exec_t
/usr/bin/lprm		--	system_u:object_r:lpr_exec_t
# lvm
/sbin/lvmiopversion	--	system_u:object_r:lvm_exec_t
/etc/lvm(/.*)?			system_u:object_r:lvm_etc_t
/etc/lvm/\.cache	--	system_u:object_r:lvm_metadata_t
/etc/lvm/archive(/.*)?		system_u:object_r:lvm_metadata_t
/etc/lvm/backup(/.*)?		system_u:object_r:lvm_metadata_t
/etc/lvmtab(/.*)?		system_u:object_r:lvm_metadata_t
/etc/lvmtab\.d(/.*)?		system_u:object_r:lvm_metadata_t
# LVM creates lock files in /var before /var is mounted
# configure LVM to put lockfiles in /etc/lvm/lock instead
# for this policy to work (unless you have no separate /var)
/etc/lvm/lock(/.*)?		system_u:object_r:lvm_lock_t
/var/lock/lvm(/.*)?		system_u:object_r:lvm_lock_t
/dev/lvm		-c	system_u:object_r:fixed_disk_device_t
/dev/mapper/.*		-b	system_u:object_r:fixed_disk_device_t
/dev/mapper/control	-c	system_u:object_r:lvm_control_t
/lib/lvm-10(/.*)	--	system_u:object_r:lvm_exec_t
/lib/lvm-200(/.*)	--	system_u:object_r:lvm_exec_t
/sbin/e2fsadm		--	system_u:object_r:lvm_exec_t
/sbin/lvchange		--	system_u:object_r:lvm_exec_t
/sbin/lvcreate		--	system_u:object_r:lvm_exec_t
/sbin/lvdisplay		--	system_u:object_r:lvm_exec_t
/sbin/lvextend		--	system_u:object_r:lvm_exec_t
/sbin/lvmchange		--	system_u:object_r:lvm_exec_t
/sbin/lvmdiskscan	--	system_u:object_r:lvm_exec_t
/sbin/lvmsadc		--	system_u:object_r:lvm_exec_t
/sbin/lvmsar		--	system_u:object_r:lvm_exec_t
/sbin/lvreduce		--	system_u:object_r:lvm_exec_t
/sbin/lvremove		--	system_u:object_r:lvm_exec_t
/sbin/lvrename		--	system_u:object_r:lvm_exec_t
/sbin/lvscan		--	system_u:object_r:lvm_exec_t
/sbin/pvchange		--	system_u:object_r:lvm_exec_t
/sbin/pvcreate		--	system_u:object_r:lvm_exec_t
/sbin/pvdata		--	system_u:object_r:lvm_exec_t
/sbin/pvdisplay		--	system_u:object_r:lvm_exec_t
/sbin/pvmove		--	system_u:object_r:lvm_exec_t
/sbin/pvscan		--	system_u:object_r:lvm_exec_t
/sbin/vgcfgbackup	--	system_u:object_r:lvm_exec_t
/sbin/vgcfgrestore	--	system_u:object_r:lvm_exec_t
/sbin/vgchange		--	system_u:object_r:lvm_exec_t
/sbin/vgchange\.static	--	system_u:object_r:lvm_exec_t
/sbin/vgck		--	system_u:object_r:lvm_exec_t
/sbin/vgcreate		--	system_u:object_r:lvm_exec_t
/sbin/vgdisplay		--	system_u:object_r:lvm_exec_t
/sbin/vgexport		--	system_u:object_r:lvm_exec_t
/sbin/vgextend		--	system_u:object_r:lvm_exec_t
/sbin/vgimport		--	system_u:object_r:lvm_exec_t
/sbin/vgmerge		--	system_u:object_r:lvm_exec_t
/sbin/vgmknodes		--	system_u:object_r:lvm_exec_t
/sbin/vgreduce		--	system_u:object_r:lvm_exec_t
/sbin/vgremove		--	system_u:object_r:lvm_exec_t
/sbin/vgrename		--	system_u:object_r:lvm_exec_t
/sbin/vgscan		--	system_u:object_r:lvm_exec_t
/sbin/vgscan\.static	--	system_u:object_r:lvm_exec_t
/sbin/vgsplit		--	system_u:object_r:lvm_exec_t
/sbin/vgwrapper		--	system_u:object_r:lvm_exec_t
/sbin/cryptsetup	--	system_u:object_r:lvm_exec_t
/sbin/dmsetup      --      system_u:object_r:lvm_exec_t
/sbin/dmsetup\.static --    system_u:object_r:lvm_exec_t
/sbin/lvm          --      system_u:object_r:lvm_exec_t
/sbin/lvm\.static   --      system_u:object_r:lvm_exec_t
/usr/sbin/lvm		--	system_u:object_r:lvm_exec_t
/sbin/lvresize     --      system_u:object_r:lvm_exec_t
/sbin/lvs          --      system_u:object_r:lvm_exec_t
/sbin/pvremove     --      system_u:object_r:lvm_exec_t
/sbin/pvs          --      system_u:object_r:lvm_exec_t
/sbin/vgs          --      system_u:object_r:lvm_exec_t
# mailman list server
/var/lib/mailman(/.*)?		   system_u:object_r:mailman_data_t
/var/log/mailman(/.*)?		   system_u:object_r:mailman_log_t
/usr/lib/mailman/cron/.*	-- system_u:object_r:mailman_queue_exec_t
/usr/lib/mailman/bin/mailmanctl -- system_u:object_r:mailman_mail_exec_t
/var/run/mailman(/.*)?		   system_u:object_r:mailman_lock_t
/var/lib/mailman/archives(/.*)?	system_u:object_r:mailman_archive_t




/usr/lib/mailman/cgi-bin/.*	 -- system_u:object_r:mailman_cgi_exec_t
/var/lock/mailman(/.*)?		    system_u:object_r:mailman_lock_t
/usr/lib/mailman/scripts/mailman -- system_u:object_r:mailman_mail_exec_t
/usr/lib/mailman/bin/qrunner  	 -- system_u:object_r:mailman_queue_exec_t
/etc/mailman(/.*)?		   system_u:object_r:mailman_data_t
/var/spool/mailman(/.*)?	   system_u:object_r:mailman_data_t

# mdadm - manage MD devices aka Linux Software Raid.
/sbin/mdmpd		--	system_u:object_r:mdadm_exec_t
/sbin/mdadm		--	system_u:object_r:mdadm_exec_t
/var/run/mdadm(/.*)?            system_u:object_r:mdadm_var_run_t 
# module utilities
/etc/modules\.conf.*	--	system_u:object_r:modules_conf_t
/etc/modprobe\.conf.*	--	system_u:object_r:modules_conf_t
/lib(64)?/modules/modprobe\.conf --	system_u:object_r:modules_conf_t
/lib(64)?/modules(/.*)?		system_u:object_r:modules_object_t
/lib(64)?/modules/[^/]+/modules\..+ -- system_u:object_r:modules_dep_t
/lib(64)?/modules/modprobe\.conf.* -- system_u:object_r:modules_conf_t
/sbin/depmod.*		--	system_u:object_r:depmod_exec_t
/sbin/modprobe.*	--	system_u:object_r:insmod_exec_t
/sbin/insmod.*		--	system_u:object_r:insmod_exec_t
/sbin/insmod_ksymoops_clean --	system_u:object_r:sbin_t
/sbin/rmmod.*		--	system_u:object_r:insmod_exec_t
/sbin/update-modules	--	system_u:object_r:update_modules_exec_t
/sbin/generate-modprobe\.conf -- system_u:object_r:update_modules_exec_t
# mount
/bin/mount.*			--	system_u:object_r:mount_exec_t
/bin/umount.*			--	system_u:object_r:mount_exec_t
#  netscape/mozilla
/home/[^/]+/\.galeon(/.*)?	system_u:object_r:user_mozilla_rw_t
/home/[^/]+/\.netscape(/.*)?	system_u:object_r:user_mozilla_rw_t
/home/[^/]+/\.mozilla(/.*)?	system_u:object_r:user_mozilla_rw_t
/home/[^/]+/\.phoenix(/.*)?	system_u:object_r:user_mozilla_rw_t
/home/[^/]+/\.gconfd(/.*)?		system_u:object_r:user_mozilla_rw_t
/home/[^/]+/\.gconf(/.*)?		system_u:object_r:user_mozilla_rw_t
/home/[^/]+/\.gnome2/epiphany(/.*)? system_u:object_r:user_mozilla_rw_t
/home/[^/]+/My.Downloads(/.*)?	system_u:object_r:user_mozilla_rw_t
/usr/bin/netscape	--	system_u:object_r:mozilla_exec_t
/usr/bin/mozilla	--	system_u:object_r:mozilla_exec_t
/usr/bin/mozilla-snapshot --	system_u:object_r:mozilla_exec_t
/usr/bin/epiphany-bin   --	system_u:object_r:mozilla_exec_t
/usr/bin/mozilla-[0-9].* --	system_u:object_r:mozilla_exec_t
/usr/bin/mozilla-bin-[0-9].* --	system_u:object_r:mozilla_exec_t
/usr/lib(64)?/galeon/galeon -- system_u:object_r:mozilla_exec_t
/usr/lib(64)?/netscape/.+/communicator/communicator-smotif\.real -- system_u:object_r:mozilla_exec_t
/usr/lib(64)?/netscape/base-4/wrapper -- system_u:object_r:mozilla_exec_t
/usr/lib(64)?/mozilla[^/]*/reg.+	--	system_u:object_r:mozilla_exec_t
/usr/lib(64)?/mozilla[^/]*/mozilla-.* --	system_u:object_r:mozilla_exec_t
/usr/lib(64)?/firefox[^/]*/mozilla-.* --	system_u:object_r:mozilla_exec_t
/usr/lib(64)?/[^/]*firefox[^/]*/firefox-bin --	system_u:object_r:mozilla_exec_t
/usr/lib(64)?/[^/]*firefox[^/]*/firefox --	system_u:object_r:bin_t
/etc/mozpluggerrc system_u:object_r:mozilla_conf_t
# mrtg - traffic grapher
/usr/bin/mrtg		--	system_u:object_r:mrtg_exec_t
/var/lib/mrtg(/.*)?		system_u:object_r:var_lib_mrtg_t
/var/lock/mrtg(/.*)?		system_u:object_r:mrtg_lock_t
/etc/mrtg.*			system_u:object_r:mrtg_etc_t
/etc/mrtg/mrtg\.ok	--	system_u:object_r:mrtg_lock_t
/var/log/mrtg(/.*)?		system_u:object_r:mrtg_log_t
# types for general mail servers
/usr/sbin/sendmail(.sendmail)?	-- system_u:object_r:sendmail_exec_t
/usr/lib(64)?/sendmail		-- system_u:object_r:sendmail_exec_t
/etc/aliases		--	system_u:object_r:etc_aliases_t
/etc/aliases\.db	--	system_u:object_r:etc_aliases_t
/var/spool/mail(/.*)?		system_u:object_r:mail_spool_t
/var/mail(/.*)?			system_u:object_r:mail_spool_t
# mysql database server
/usr/sbin/mysqld	--	system_u:object_r:mysqld_exec_t
/usr/libexec/mysqld	--	system_u:object_r:mysqld_exec_t
/var/run/mysqld(/.*)?		system_u:object_r:mysqld_var_run_t
/var/log/mysql.*	--	system_u:object_r:mysqld_log_t
/var/lib/mysql(/.*)?		system_u:object_r:mysqld_db_t
/var/lib/mysql/mysql\.sock -s	system_u:object_r:mysqld_var_run_t
/etc/my\.cnf		--	system_u:object_r:mysqld_etc_t
/etc/mysql(/.*)?		system_u:object_r:mysqld_etc_t

# named

/var/named(/.*)?		system_u:object_r:named_zone_t
/var/named/slaves(/.*)?		system_u:object_r:named_cache_t
/var/named/data(/.*)?		system_u:object_r:named_cache_t
/etc/named\.conf	--	system_u:object_r:named_conf_t
 
 
/etc/rndc.*		--	system_u:object_r:named_conf_t
/usr/sbin/named      	--	system_u:object_r:named_exec_t
/usr/sbin/r?ndc		--	system_u:object_r:ndc_exec_t
/var/run/ndc		-s	system_u:object_r:named_var_run_t
/var/run/bind(/.*)?		system_u:object_r:named_var_run_t
/var/run/named(/.*)?		system_u:object_r:named_var_run_t
/usr/sbin/lwresd	--	system_u:object_r:named_exec_t

/var/named/named\.ca	--	system_u:object_r:named_conf_t
/var/named/chroot(/.*)?		system_u:object_r:named_conf_t
/var/named/chroot/dev/null   -c	system_u:object_r:null_device_t
/var/named/chroot/dev/random -c	system_u:object_r:random_device_t
/var/named/chroot/dev/zero -c	system_u:object_r:zero_device_t
/var/named/chroot/etc/named\.conf -- system_u:object_r:named_conf_t
/var/named/chroot/etc/rndc.* -- system_u:object_r:named_conf_t
/var/named/chroot/var/run/named.* system_u:object_r:named_var_run_t
/var/named/chroot/var/tmp(/.*)? system_u:object_r:named_cache_t
/var/named/chroot/var/named(/.*)?	system_u:object_r:named_zone_t
/var/named/chroot/var/named/slaves(/.*)? system_u:object_r:named_cache_t
/var/named/chroot/var/named/data(/.*)? system_u:object_r:named_cache_t
/var/named/chroot/var/named/named\.ca	--	system_u:object_r:named_conf_t
 
 # network utilities
/sbin/arping		--	system_u:object_r:netutils_exec_t
/usr/sbin/tcpdump	--	system_u:object_r:netutils_exec_t
/etc/network/ifstate	--	system_u:object_r:etc_runtime_t
# newrole
/usr/bin/newrole	--		system_u:object_r:newrole_exec_t
# nscd
/usr/sbin/nscd		--	system_u:object_r:nscd_exec_t
/var/run/\.nscd_socket	-s	system_u:object_r:nscd_var_run_t
/var/run/nscd\.pid	--	system_u:object_r:nscd_var_run_t
/var/db/nscd(/.*)?		system_u:object_r:nscd_var_run_t
/var/run/nscd(/.*)?		system_u:object_r:nscd_var_run_t
/var/lib/ntp(/.*)?			system_u:object_r:ntp_drift_t
/etc/ntp/data(/.*)?			system_u:object_r:ntp_drift_t
/etc/ntp(d)?\.conf(.sv)?	--	system_u:object_r:net_conf_t
/etc/ntp/step-tickers		--	system_u:object_r:net_conf_t
/usr/sbin/ntpd			--	system_u:object_r:ntpd_exec_t
/usr/sbin/ntpdate		--	system_u:object_r:ntpdate_exec_t
/var/log/ntpstats(/.*)?			system_u:object_r:ntpd_log_t
/var/log/ntp.*			--	system_u:object_r:ntpd_log_t
/var/log/xntpd.*		--	system_u:object_r:ntpd_log_t
/var/run/ntpd\.pid		--	system_u:object_r:ntpd_var_run_t
/etc/cron\.(daily|weekly)/ntp-simple -- system_u:object_r:ntpd_exec_t
/etc/cron\.(daily|weekly)/ntp-server -- system_u:object_r:ntpd_exec_t
/var/run/sudo(/.*)?			system_u:object_r:pam_var_run_t
/sbin/pam_timestamp_check	 --	system_u:object_r:pam_exec_t
/lib(64)?/security/pam_krb5/pam_krb5_storetmp -- system_u:object_r:pam_exec_t
# pam_console_apply
/sbin/pam_console_apply	 --	system_u:object_r:pam_console_exec_t
/var/run/console(/.*)?	 	system_u:object_r:pam_var_console_t
# spasswd
/usr/bin/passwd		--	system_u:object_r:passwd_exec_t
/usr/bin/chage		--	system_u:object_r:passwd_exec_t
/usr/bin/chsh		--	system_u:object_r:chfn_exec_t
/usr/bin/chfn		--	system_u:object_r:chfn_exec_t
/usr/sbin/vipw		--	system_u:object_r:admin_passwd_exec_t
/usr/sbin/vigr		--	system_u:object_r:admin_passwd_exec_t
/usr/bin/vipw		--	system_u:object_r:admin_passwd_exec_t
/usr/bin/vigr		--	system_u:object_r:admin_passwd_exec_t
/usr/sbin/pwconv	--	system_u:object_r:admin_passwd_exec_t
/usr/sbin/pwunconv	--	system_u:object_r:admin_passwd_exec_t
/usr/sbin/grpconv	--	system_u:object_r:admin_passwd_exec_t
/usr/sbin/grpunconv	--	system_u:object_r:admin_passwd_exec_t
# ping
/bin/ping.* 		--	system_u:object_r:ping_exec_t
/usr/sbin/hping2	--	system_u:object_r:ping_exec_t
# portmap
/sbin/portmap		--	system_u:object_r:portmap_exec_t
/sbin/pmap_dump		--	system_u:object_r:portmap_exec_t
# postfix
/etc/postfix(/.*)?		system_u:object_r:postfix_etc_t

/etc/postfix/aliases.*		system_u:object_r:etc_aliases_t

/etc/postfix/postfix-script.* -- system_u:object_r:postfix_exec_t
/etc/postfix/prng_exch	--	system_u:object_r:postfix_prng_t
/usr/lib(exec)?/postfix/.*	--	system_u:object_r:postfix_exec_t
/usr/lib(exec)?/postfix/cleanup --	system_u:object_r:postfix_cleanup_exec_t
/usr/lib(exec)?/postfix/local	--	system_u:object_r:postfix_local_exec_t
/usr/lib(exec)?/postfix/master	--	system_u:object_r:postfix_master_exec_t
/usr/lib(exec)?/postfix/pickup	--	system_u:object_r:postfix_pickup_exec_t
/usr/lib(exec)?/postfix/(n)?qmgr --	system_u:object_r:postfix_qmgr_exec_t
/usr/lib(exec)?/postfix/showq	--	system_u:object_r:postfix_showq_exec_t
/usr/lib(exec)?/postfix/smtp	--	system_u:object_r:postfix_smtp_exec_t
/usr/lib(exec)?/postfix/smtpd	--	system_u:object_r:postfix_smtpd_exec_t
/usr/lib(exec)?/postfix/bounce	--	system_u:object_r:postfix_bounce_exec_t
/usr/lib(exec)?/postfix/pipe	--	system_u:object_r:postfix_pipe_exec_t
/usr/sbin/postalias	--	system_u:object_r:postfix_master_exec_t
/usr/sbin/postcat	--	system_u:object_r:postfix_master_exec_t
/usr/sbin/postdrop	--	system_u:object_r:postfix_postdrop_exec_t
/usr/sbin/postfix	--	system_u:object_r:postfix_master_exec_t
/usr/sbin/postkick	--	system_u:object_r:postfix_master_exec_t
/usr/sbin/postlock	--	system_u:object_r:postfix_master_exec_t
/usr/sbin/postlog	--	system_u:object_r:postfix_master_exec_t
/usr/sbin/postmap	--	system_u:object_r:postfix_map_exec_t
/usr/sbin/postqueue	--	system_u:object_r:postfix_postqueue_exec_t
/usr/sbin/postsuper	--	system_u:object_r:postfix_master_exec_t
/usr/sbin/rmail		--	system_u:object_r:sendmail_exec_t
/usr/sbin/sendmail.postfix --	system_u:object_r:sendmail_exec_t
/var/spool/postfix(/[^/]+)?	system_u:object_r:postfix_spool_t
/var/spool/postfix/active(/.*)?	system_u:object_r:postfix_spool_t
/var/spool/postfix/hold(/.*)?	system_u:object_r:postfix_spool_t
/var/spool/postfix/incoming(/.*)? system_u:object_r:postfix_spool_t
/var/spool/postfix/corrupt(/.*)? system_u:object_r:postfix_spool_t
/var/spool/postfix/maildrop(/.*)? system_u:object_r:postfix_spool_maildrop_t
/var/spool/postfix/pid	-d	system_u:object_r:var_run_t
/var/spool/postfix/pid/.*	system_u:object_r:postfix_var_run_t
/var/spool/postfix/private(/.*)? system_u:object_r:postfix_private_t
/var/spool/postfix/public(/.*)? system_u:object_r:postfix_public_t
/var/spool/postfix/defer(red)?(/.*)? system_u:object_r:postfix_spool_t
/var/spool/postfix/bounce(/.*)? system_u:object_r:postfix_spool_bounce_t
/var/spool/postfix/flush(/.*)?	system_u:object_r:postfix_spool_flush_t
/var/spool/postfix/etc(/.*)?	system_u:object_r:etc_t
/var/spool/postfix/lib(64)?(/.*)?	system_u:object_r:lib_t
/var/spool/postfix/usr(/.*)?	system_u:object_r:lib_t
/var/spool/postfix/lib(64)?/ld.*\.so.* -- system_u:object_r:ld_so_t
/var/spool/postfix/lib(64)?/lib.*\.so.* -- system_u:object_r:shlib_t
/var/spool/postfix/lib(64)?/[^/]*/lib.*\.so.* -- system_u:object_r:shlib_t
/var/spool/postfix/lib(64)?/devfsd/.*\.so.* -- system_u:object_r:shlib_t
# postgresql - ldap server
/usr/lib(64)?/postgresql/bin/.* --	system_u:object_r:postgresql_exec_t
/usr/bin/postgres	--	system_u:object_r:postgresql_exec_t
/usr/bin/pg_dump	--	system_u:object_r:postgresql_exec_t
/usr/bin/pg_dumpall	--	system_u:object_r:postgresql_exec_t
/usr/bin/pg_resetxlog	--	system_u:object_r:postgresql_exec_t

# not sure whether the following binaries need labelling
/usr/bin/createlang	--	system_u:object_r:postgresql_exec_t
/usr/bin/droplang	--	system_u:object_r:postgresql_exec_t
/usr/bin/pg_encoding	--	system_u:object_r:postgresql_exec_t
/usr/bin/pg_id		--	system_u:object_r:postgresql_exec_t
/usr/bin/pg_restore	--	system_u:object_r:postgresql_exec_t

/var/lib/postgres(ql)?(/.*)? system_u:object_r:postgresql_db_t
/var/lib/pgsql(/.*)?		system_u:object_r:postgresql_db_t
/var/run/postgresql(/.*)?	system_u:object_r:postgresql_var_run_t
/etc/postgresql(/.*)?		system_u:object_r:postgresql_etc_t
/var/log/postgres\.log.* --	system_u:object_r:postgresql_log_t
/var/log/postgresql(/.*)?	system_u:object_r:postgresql_log_t
# pppd
/usr/sbin/pppd		--	system_u:object_r:pppd_exec_t
/usr/sbin/ipppd		--	system_u:object_r:pppd_exec_t
/dev/ppp		-c	system_u:object_r:ppp_device_t
/dev/pppox.*		-c	system_u:object_r:ppp_device_t
/dev/ippp.*		-c	system_u:object_r:ppp_device_t
/var/run/pppd\.tdb	--	system_u:object_r:pppd_var_run_t
/var/run/ppp(/.*)?		system_u:object_r:pppd_var_run_t
/etc/ppp		-d	system_u:object_r:pppd_etc_t
/etc/ppp/.*		--	system_u:object_r:pppd_etc_rw_t
/etc/ppp/.*secrets	--	system_u:object_r:pppd_secret_t
/var/run/(i)?ppp.*pid	--	system_u:object_r:pppd_var_run_t
/var/log/ppp-connect-errors.* -- system_u:object_r:pppd_log_t
/var/log/ppp(/.*)?	--	system_u:object_r:pppd_log_t
/etc/ppp/ip-down.*	--	system_u:object_r:bin_t
/etc/ppp/ip-up.*	--	system_u:object_r:bin_t
/etc/ppp/ipv6-up	--	system_u:object_r:bin_t
/etc/ppp/ipv6-down	--	system_u:object_r:bin_t
/etc/ppp/plugins/rp-pppoe\.so 	--	system_u:object_r:shlib_t
/etc/ppp/resolv\.conf 	--   system_u:object_r:pppd_etc_rw_t
# prelink - prelink ELF shared libraries and binaries to speed up startup time
/usr/sbin/prelink		--	system_u:object_r:prelink_exec_t

/etc/prelink\.conf		--	system_u:object_r:etc_prelink_t
/var/log/prelink\.log		--	system_u:object_r:prelink_log_t
/etc/prelink\.cache		--	system_u:object_r:prelink_cache_t
# privoxy
/usr/sbin/privoxy	--	system_u:object_r:privoxy_exec_t
/var/log/privoxy(/.*)?		system_u:object_r:privoxy_log_t
# procmail
/usr/bin/procmail	--	system_u:object_r:procmail_exec_t
# pxe network boot server
/usr/sbin/pxe		--	system_u:object_r:pxe_exec_t
/var/log/pxe\.log	--	system_u:object_r:pxe_log_t
/var/run/pxe\.pid	--	system_u:object_r:pxe_var_run_t

# quota system
/var/lib/quota(/.*)?		system_u:object_r:quota_flag_t
/sbin/quota(check|on)	--	system_u:object_r:quota_exec_t
/home/a?quota\.(user|group) -- system_u:object_r:quota_db_t
/var/a?quota\.(user|group) -- system_u:object_r:quota_db_t
# radius
/etc/raddb(/.*)?                system_u:object_r:radiusd_etc_t
/usr/sbin/radiusd	--	system_u:object_r:radiusd_exec_t
/usr/sbin/freeradius	--	system_u:object_r:radiusd_exec_t
/var/log/radiusd-freeradius(/.*)?       system_u:object_r:radiusd_log_t
/var/log/radius\.log.*	--	system_u:object_r:radiusd_log_t
/var/log/radius(/.*)?		system_u:object_r:radiusd_log_t
/var/log/freeradius(/.*)?	system_u:object_r:radiusd_log_t
/var/log/radacct(/.*)?		system_u:object_r:radiusd_log_t
/var/log/radutmp	--	system_u:object_r:radiusd_log_t
/var/log/radwtmp.*	--	system_u:object_r:radiusd_log_t
/etc/cron\.(daily|monthly)/radiusd -- system_u:object_r:radiusd_exec_t
/etc/cron\.(daily|weekly|monthly)/freeradius -- system_u:object_r:radiusd_exec_t
/var/run/radiusd\.pid	--	system_u:object_r:radiusd_var_run_t
/var/run/radiusd(/.*)?		system_u:object_r:radiusd_var_run_t
# radvd
/etc/radvd\.conf	--	system_u:object_r:radvd_etc_t
/usr/sbin/radvd		--	system_u:object_r:radvd_exec_t
/var/run/radvd\.pid	--	system_u:object_r:radvd_var_run_t
# restorecon
/sbin/restorecon	--	system_u:object_r:restorecon_exec_t
/usr/bin/rhgb		--	system_u:object_r:rhgb_exec_t
/etc/rhgb(/.*)?		-d	system_u:object_r:mnt_t
# rlogind and telnetd
/usr/sbin/in\.rlogind	--	system_u:object_r:rlogind_exec_t
/usr/sbin/in\.telnetd	--	system_u:object_r:rlogind_exec_t
/usr/lib(64)?/telnetlogin	--	system_u:object_r:rlogind_exec_t
/usr/kerberos/sbin/klogind --	system_u:object_r:rlogind_exec_t
/usr/kerberos/sbin/telnetd --	system_u:object_r:rlogind_exec_t
# RPC daemons
/sbin/rpc\..*		--	system_u:object_r:rpcd_exec_t
/usr/sbin/rpc\..*	--	system_u:object_r:rpcd_exec_t
/usr/sbin/rpc\.nfsd	--	system_u:object_r:nfsd_exec_t
/usr/sbin/exportfs	--	system_u:object_r:nfsd_exec_t
/usr/sbin/rpc\.mountd	--	system_u:object_r:nfsd_exec_t
/var/run/rpc\.statd\.pid	--	system_u:object_r:rpcd_var_run_t
/var/run/rpc\.statd(/.*)?	system_u:object_r:rpcd_var_run_t
/etc/exports		--	system_u:object_r:exports_t
# rpm
/var/lib/rpm(/.*)?		system_u:object_r:rpm_var_lib_t
/var/lib/alternatives(/.*)?	system_u:object_r:rpm_var_lib_t
/bin/rpm 		--	system_u:object_r:rpm_exec_t
/usr/bin/yum 		--	system_u:object_r:rpm_exec_t
/usr/bin/apt-get 	--	system_u:object_r:rpm_exec_t
/usr/bin/apt-shell    	-- 	system_u:object_r:rpm_exec_t
/usr/bin/synaptic   --    	system_u:object_r:rpm_exec_t 
/usr/lib(64)?/rpm/rpmd	-- 	system_u:object_r:bin_t
/usr/lib(64)?/rpm/rpmq	-- 	system_u:object_r:bin_t
/usr/lib(64)?/rpm/rpmk	-- 	system_u:object_r:bin_t
/usr/lib(64)?/rpm/rpmv	-- 	system_u:object_r:bin_t
/var/log/rpmpkgs.*	--	system_u:object_r:rpm_log_t
/var/log/yum\.log	--	system_u:object_r:rpm_log_t

/usr/sbin/up2date	--	system_u:object_r:rpm_exec_t
/usr/sbin/rhn_check	--	system_u:object_r:rpm_exec_t

# SuSE

# rshd.
/usr/sbin/in\.rshd	--	system_u:object_r:rshd_exec_t
/usr/kerberos/sbin/kshd	--	system_u:object_r:rshd_exec_t
# rsync program
/usr/bin/rsync	--	system_u:object_r:rsync_exec_t
# samba scripts
/usr/sbin/smbd		--	system_u:object_r:smbd_exec_t
/usr/sbin/nmbd		--	system_u:object_r:nmbd_exec_t
/etc/samba(/.*)?		system_u:object_r:samba_etc_t
/var/log/samba(/.*)?		system_u:object_r:samba_log_t
/var/cache/samba(/.*)?		system_u:object_r:samba_var_t
/var/lib/samba(/.*)?		system_u:object_r:samba_var_t
/etc/samba/secrets\.tdb	--	system_u:object_r:samba_secrets_t
/etc/samba/MACHINE\.SID	--	system_u:object_r:samba_secrets_t
# samba really wants write access to smbpasswd
/etc/samba/smbpasswd	--	system_u:object_r:samba_secrets_t
/var/run/samba/locking\.tdb --	system_u:object_r:smbd_var_run_t
/var/run/samba/connections\.tdb -- system_u:object_r:smbd_var_run_t
/var/run/samba/sessionid\.tdb -- system_u:object_r:smbd_var_run_t
/var/run/samba/brlock\.tdb --	system_u:object_r:smbd_var_run_t
/var/run/samba/namelist\.debug -- system_u:object_r:nmbd_var_run_t
/var/run/samba/messages\.tdb --	system_u:object_r:nmbd_var_run_t
/var/run/samba/unexpected\.tdb -- system_u:object_r:nmbd_var_run_t
/var/run/samba/smbd\.pid --	system_u:object_r:smbd_var_run_t
/var/run/samba/nmbd\.pid --	system_u:object_r:nmbd_var_run_t
/var/spool/samba(/.*)?		system_u:object_r:samba_var_t
# saslauthd 
/usr/sbin/saslauthd		--	system_u:object_r:saslauthd_exec_t
/var/run/saslauthd(/.*)?		system_u:object_r:saslauthd_var_run_t
# screen
/usr/bin/screen		--	system_u:object_r:screen_exec_t
/home/[^/]+/\.screenrc	--	system_u:object_r:user_home_screen_t
/var/run/screen/S-[^/]+	-d	system_u:object_r:screen_dir_t
/var/run/screen/S-[^/]+/.*	<<none>>
# sendmail
/etc/mail(/.*)?				system_u:object_r:etc_mail_t
/var/log/sendmail\.st		--	system_u:object_r:sendmail_log_t
/var/log/mail(/.*)?			system_u:object_r:sendmail_log_t
/var/run/sendmail\.pid		--	system_u:object_r:sendmail_var_run_t
/var/run/sm-client\.pid		--	system_u:object_r:sendmail_var_run_t
# setfiles
/usr/sbin/setfiles.*	--	system_u:object_r:setfiles_exec_t

# slapd - ldap server
/usr/sbin/slapd		--	system_u:object_r:slapd_exec_t
/var/lib/ldap(/.*)?		system_u:object_r:slapd_db_t
/var/lib/ldap/replog(/.*)?	system_u:object_r:slapd_replog_t
/var/run/slapd\.args	--	system_u:object_r:slapd_var_run_t
/etc/ldap/slapd\.conf	--	system_u:object_r:slapd_etc_t
/var/run/slapd\.pid	--	system_u:object_r:slapd_var_run_t
# locate - file locater
/usr/bin/slocate		--	system_u:object_r:locate_exec_t
/var/lib/slocate(/.*)?			system_u:object_r:var_lib_locate_t
/etc/updatedb\.conf		--	system_u:object_r:locate_etc_t
# slrnpull
/usr/bin/slrnpull	--	system_u:object_r:slrnpull_exec_t
/var/spool/slrnpull(/.*)?	system_u:object_r:slrnpull_spool_t
# snmpd
/usr/sbin/snmp(trap)?d	--	system_u:object_r:snmpd_exec_t
/var/lib/snmp(/.*)?		system_u:object_r:snmpd_var_lib_t
/var/lib/net-snmp(/.*)?	system_u:object_r:snmpd_var_lib_t
/etc/snmp/snmp(trap)?d\.conf -- system_u:object_r:snmpd_etc_t
/usr/share/snmp/mibs/\.index -- system_u:object_r:snmpd_var_lib_t
/var/run/snmpd\.pid	--	system_u:object_r:snmpd_var_run_t
/var/run/snmpd		-d	system_u:object_r:snmpd_var_run_t
/var/net-snmp(/.*)		system_u:object_r:snmpd_var_lib_t
/var/log/snmpd\.log	--	system_u:object_r:snmpd_log_t
# sound
/bin/aumix-minimal	--	system_u:object_r:sound_exec_t
/etc/\.aumixrc		--	system_u:object_r:sound_file_t
# spamassasin
/usr/bin/spamassassin	--	system_u:object_r:spamassassin_exec_t
/home/[^/]+/\.spamassassin(/.*)?	system_u:object_r:user_home_spamassassin_t
/usr/bin/spamc	--	system_u:object_r:spamc_exec_t
/usr/sbin/spamd		--	system_u:object_r:spamd_exec_t
/usr/bin/spamd		--	system_u:object_r:spamd_exec_t
/usr/bin/sa-learn	--	system_u:object_r:spamd_exec_t
# squid
/usr/sbin/squid		--	system_u:object_r:squid_exec_t
/var/cache/squid(/.*)?		system_u:object_r:squid_cache_t
/var/spool/squid(/.*)?		system_u:object_r:squid_cache_t
/var/log/squid(/.*)?		system_u:object_r:squid_log_t
/etc/squid(/.*)?		system_u:object_r:squid_conf_t
/var/run/squid\.pid	--	system_u:object_r:squid_var_run_t
/usr/share/squid(/.*)?		system_u:object_r:squid_conf_t
# ssh-agent
/usr/bin/ssh-agent	--	system_u:object_r:ssh_agent_exec_t
# ssh
/usr/bin/ssh		--	system_u:object_r:ssh_exec_t
/usr/bin/ssh-keygen	--	system_u:object_r:ssh_keygen_exec_t
# sshd
/etc/ssh/primes		--	system_u:object_r:sshd_key_t
/etc/ssh/ssh_host_key 	--	system_u:object_r:sshd_key_t
/etc/ssh/ssh_host_dsa_key --	system_u:object_r:sshd_key_t
/etc/ssh/ssh_host_rsa_key --	system_u:object_r:sshd_key_t
/usr/sbin/sshd	        --	system_u:object_r:sshd_exec_t
/home/[^/]+/\.ssh(/.*)?		system_u:object_r:user_home_ssh_t
/var/run/sshd\.init\.pid	--	system_u:object_r:sshd_var_run_t
# subsystems
/usr/lib(64)?/misc/sftp-server --	system_u:object_r:bin_t
/usr/libexec/openssh/sftp-server -- system_u:object_r:bin_t
/usr/lib(64)?/sftp-server	--	system_u:object_r:bin_t

/usr/sbin/stunnel	--	system_u:object_r:stunnel_exec_t
/etc/stunnel(/.*)?          	system_u:object_r:stunnel_etc_t
/var/run/stunnel(/.*)?		system_u:object_r:stunnel_var_run_t
# su
/bin/su			--	system_u:object_r:su_exec_t
# sudo
/usr/bin/sudo		--	system_u:object_r:sudo_exec_t
# sulogin
/sbin/sulogin		--	system_u:object_r:sulogin_exec_t
# samba management tool
/usr/sbin/swat	--	system_u:object_r:swat_exec_t
# syslogd
/sbin/syslogd		--	system_u:object_r:syslogd_exec_t
/sbin/minilogd		--	system_u:object_r:syslogd_exec_t
/usr/sbin/syslogd	--	system_u:object_r:syslogd_exec_t
/sbin/syslog-ng		--	system_u:object_r:syslogd_exec_t
/dev/log		-s	system_u:object_r:devlog_t
/var/run/log		-s	system_u:object_r:devlog_t

/var/run/syslogd\.pid	--	system_u:object_r:syslogd_var_run_t
# sysstat and other sar programs
/usr/lib(64)?/atsar/atsa.*	--	system_u:object_r:sysstat_exec_t
/usr/lib(64)?/sysstat/sa.*	--	system_u:object_r:sysstat_exec_t
/usr/lib(64)?/sa/sadc	--	system_u:object_r:sysstat_exec_t
/var/log/atsar(/.*)?		system_u:object_r:sysstat_log_t
/var/log/sysstat(/.*)?		system_u:object_r:sysstat_log_t
/var/log/sa(/.*)?		system_u:object_r:sysstat_log_t
# tcpd
/usr/sbin/tcpd		--	system_u:object_r:tcpd_exec_t
# tftpd
/usr/sbin/in\.tftpd	--	system_u:object_r:tftpd_exec_t
/usr/sbin/atftpd	--	system_u:object_r:tftpd_exec_t
/tftpboot(/.*)?			system_u:object_r:tftpdir_t
# timidity
/usr/bin/timidity	--	system_u:object_r:timidity_exec_t
# tmpreaper or tmpwatch
/usr/sbin/tmpreaper	--	system_u:object_r:tmpreaper_exec_t
/usr/sbin/tmpwatch	--	system_u:object_r:tmpreaper_exec_t
# traceroute
/bin/traceroute.*	--	system_u:object_r:traceroute_exec_t
/usr/(s)?bin/traceroute.* --	system_u:object_r:traceroute_exec_t
/usr/bin/lft		--	system_u:object_r:traceroute_exec_t
/usr/bin/nmap		--	system_u:object_r:traceroute_exec_t
# tvtime
/usr/bin/tvtime		--	system_u:object_r:tvtime_exec_t

# udev
/sbin/udevsend	--	system_u:object_r:udev_exec_t
/sbin/udev	--	system_u:object_r:udev_exec_t
/sbin/udevd	--	system_u:object_r:udev_exec_t
/sbin/start_udev --	system_u:object_r:udev_exec_t
/usr/bin/udevinfo --	system_u:object_r:udev_exec_t
/etc/dev\.d/.+	--	system_u:object_r:udev_helper_exec_t
/etc/udev/scripts/.+	-- system_u:object_r:udev_helper_exec_t
/etc/hotplug\.d/default/udev.* -- system_u:object_r:udev_helper_exec_t
/dev/udev\.tbl	--	system_u:object_r:udev_tbl_t
/dev/\.udev\.tdb --	system_u:object_r:udev_tbl_t
/sbin/wait_for_sysfs -- system_u:object_r:udev_exec_t
# User Mode Linux
/usr/bin/uml_switch	--	system_u:object_r:uml_switch_exec_t
/var/run/uml-utilities(/.*)?	system_u:object_r:uml_switch_var_run_t
/home/[^/]+/\.uml(/.*)?		system_u:object_r:user_uml_rw_t
# Add programs here which should not be confined by SELinux
# e.g.:
# /usr/local/bin/appsrv	--	system_u:object_r:unconfined_exec_t
# updfstab
/usr/sbin/updfstab	--	system_u:object_r:updfstab_exec_t
/usr/sbin/fstab-sync	--	system_u:object_r:updfstab_exec_t
# usbmodules
/usr/sbin/usbmodules	--	system_u:object_r:usbmodules_exec_t
/sbin/usbmodules	--	system_u:object_r:usbmodules_exec_t
#useradd
/usr/sbin/usermod	--	system_u:object_r:useradd_exec_t
/usr/sbin/useradd	--	system_u:object_r:useradd_exec_t
/usr/sbin/userdel	--	system_u:object_r:useradd_exec_t
#groupadd
/usr/sbin/groupmod	--	system_u:object_r:groupadd_exec_t
/usr/sbin/groupadd	--	system_u:object_r:groupadd_exec_t
/usr/sbin/groupdel	--	system_u:object_r:groupadd_exec_t
/usr/bin/gpasswd	--	system_u:object_r:groupadd_exec_t
/usr/sbin/gpasswd	--	system_u:object_r:groupadd_exec_t
/etc/security/console.apps(/.*)?	system_u:object_r:userhelper_conf_t
/usr/sbin/userhelper		--	system_u:object_r:userhelper_exec_t
# usernetctl
/usr/sbin/usernetctl --	system_u:object_r:usernetctl_exec_t
# utempter
/usr/sbin/utempter	--	system_u:object_r:utempter_exec_t
#
# File contexts for VMWare.
# Contributed by Mark Westerman (mark.westerman@westcam.com)
# Changes made by NAI Labs.
# Tested with VMWare 3.1
#
/usr/bin/vmnet-bridge	--	system_u:object_r:vmware_exec_t
/usr/bin/vmnet-dhcpd	--	system_u:object_r:vmware_exec_t
/usr/bin/vmnet-natd	--	system_u:object_r:vmware_exec_t
/usr/bin/vmnet-netifup	--	system_u:object_r:vmware_exec_t
/usr/bin/vmnet-sniffer	--	system_u:object_r:vmware_exec_t
/usr/bin/vmware-nmbd	--	system_u:object_r:vmware_exec_t
/usr/bin/vmware-ping	--	system_u:object_r:vmware_exec_t
/usr/bin/vmware-smbd	--	system_u:object_r:vmware_exec_t
/usr/bin/vmware-smbpasswd --	system_u:object_r:vmware_exec_t
/usr/bin/vmware-smbpasswd\.bin -- system_u:object_r:vmware_exec_t
/usr/bin/vmware-wizard	--	system_u:object_r:vmware_user_exec_t
/usr/bin/vmware		--	system_u:object_r:vmware_user_exec_t

/dev/vmmon		-c	system_u:object_r:vmware_device_t
/dev/vmnet.*		-c	system_u:object_r:vmware_device_t
/dev/plex86		-c	system_u:object_r:vmware_device_t

/etc/vmware.*(/.*)?		system_u:object_r:vmware_sys_conf_t
/usr/lib(64)?/vmware/config	--	system_u:object_r:vmware_sys_conf_t

/usr/lib(64)?/vmware/bin/vmware-mks -- system_u:object_r:vmware_user_exec_t
/usr/lib(64)?/vmware/bin/vmware-ui -- system_u:object_r:vmware_user_exec_t

#
# This is only an example of how to protect vmware session configuration
# files.  A general user can execute vmware and start a vmware session
# but the user can not modify the session configuration information
#/usr/local/vmware(/.*)?	system_u:object_r:vmware_user_file_t
#/usr/local/vmware/[^/]*/.*\.cfg -- system_u:object_r:vmware_user_conf_t

# The rules below assume that the user VMWare virtual disks are in the
# ~/vmware, and the preferences and license files are in ~/.vmware.
#
/home/[^/]+/\.vmware(/.*)?	system_u:object_r:user_vmware_file_t
/home/[^/]+/vmware(/.*)?	system_u:object_r:user_vmware_file_t
/home/[^/]+/\.vmware[^/]*/.*\.cfg	--	system_u:object_r:user_vmware_conf_t
# vpnc
/usr/sbin/vpnc		--	system_u:object_r:vpnc_exec_t
/sbin/vpnc		--	system_u:object_r:vpnc_exec_t
#
# xauth
/usr/X11R6/bin/xauth	--	system_u:object_r:xauth_exec_t
/home/[^/]+/\.Xauthority.* --	system_u:object_r:user_home_xauth_t
# X Display Manager
/usr/bin/[xgkw]dm	--	system_u:object_r:xdm_exec_t
/usr/X11R6/bin/[xgkw]dm	--	system_u:object_r:xdm_exec_t
/opt/kde3/bin/kdm	--	system_u:object_r:xdm_exec_t
/usr/bin/gpe-dm		--	system_u:object_r:xdm_exec_t
/var/[xgk]dm(/.*)?		system_u:object_r:xserver_log_t
/usr/var/[xgkw]dm(/.*)?		system_u:object_r:xserver_log_t
/var/log/[kw]dm\.log	--	system_u:object_r:xserver_log_t
/var/log/gdm(/.*)?		system_u:object_r:xserver_log_t
/tmp/\.X0-lock		--	system_u:object_r:xdm_xserver_tmp_t
/etc/X11/Xsession[^/]*	--	system_u:object_r:xsession_exec_t
/etc/X11/wdm(/.*)?		system_u:object_r:xdm_rw_etc_t
/etc/X11/wdm/Xsetup.*	--	system_u:object_r:xsession_exec_t
/etc/X11/wdm/Xstartup.*	--	system_u:object_r:xsession_exec_t
/etc/X11/[wx]dm/Xreset.*	--	system_u:object_r:xsession_exec_t
/etc/X11/[wx]dm/Xsession	--	system_u:object_r:xsession_exec_t
/etc/kde/kdm/Xsession	--	system_u:object_r:xsession_exec_t
/var/run/xdmctl(/.*)?		system_u:object_r:xdm_var_run_t
/var/run/xdm\.pid	--	system_u:object_r:xdm_var_run_t
/var/lib/[xkw]dm(/.*)?		system_u:object_r:xdm_var_lib_t


#
# Additional Xsession scripts
#
/etc/X11/xdm/GiveConsole	--	system_u:object_r:bin_t
/etc/X11/xdm/TakeConsole	--	system_u:object_r:bin_t
/etc/X11/xdm/Xsetup_0		--	system_u:object_r:bin_t
/etc/X11/xinit(/.*)?			system_u:object_r:bin_t
#
# Rules for kde login
#
/etc/kde3?/kdm/Xstartup   --		system_u:object_r:xsession_exec_t
/etc/kde3?/kdm/Xreset     --		system_u:object_r:xsession_exec_t
/etc/kde3?/kdm/Xsession		--	system_u:object_r:xsession_exec_t
/etc/kde3?/kdm/backgroundrc	system_u:object_r:xdm_var_run_t
/usr/lib(64)?/qt-.*/etc/settings(/.*)?	system_u:object_r:xdm_var_run_t
# xfs
/tmp/\.font-unix(/.*)?		system_u:object_r:xfs_tmp_t
/usr/X11R6/bin/xfs	--	system_u:object_r:xfs_exec_t
/usr/X11R6/bin/xfs-xtt	--	system_u:object_r:xfs_exec_t
/usr/bin/xfstt		--	system_u:object_r:xfs_exec_t
# X server
/usr/X11R6/bin/Xwrapper	--	system_u:object_r:xserver_exec_t
/usr/X11R6/bin/X	--	system_u:object_r:xserver_exec_t
/usr/X11R6/bin/XFree86	--	system_u:object_r:xserver_exec_t
/usr/X11R6/bin/Xorg	--	system_u:object_r:xserver_exec_t
/usr/X11R6/bin/Xipaq	--	system_u:object_r:xserver_exec_t
/var/lib/xkb(/.*)?		system_u:object_r:var_lib_xkb_t
/usr/X11R6/lib/X11/xkb	-d	system_u:object_r:var_lib_xkb_t
/usr/X11R6/lib/X11/xkb/.* --	system_u:object_r:var_lib_xkb_t
/usr/X11R6/lib(64)?/X11/xkb/xkbcomp -- system_u:object_r:bin_t
/var/log/XFree86.*	--	system_u:object_r:xserver_log_t
/var/log/Xorg.*		--	system_u:object_r:xserver_log_t
/etc/init\.d/xfree86-common --	system_u:object_r:xserver_exec_t
/tmp/\.X11-unix		-d	system_u:object_r:xdm_tmp_t
/tmp/\.X11-unix/.*	-s	<<none>>
/tmp/\.ICE-unix		-d	system_u:object_r:xdm_xserver_tmp_t
/tmp/\.ICE-unix/.*	-s	<<none>>
# ypbind
/sbin/ypbind		--	system_u:object_r:ypbind_exec_t
# ypserv
/usr/sbin/ypserv		--	system_u:object_r:ypserv_exec_t
/etc/ypserv\.conf		--	system_u:object_r:ypserv_conf_t
# Zebra - BGP daemon
/usr/sbin/zebra		--	system_u:object_r:zebra_exec_t
/usr/sbin/bgpd		--	system_u:object_r:zebra_exec_t
/var/log/zebra(/.*)?		system_u:object_r:zebra_log_t
/etc/zebra(/.*)?		system_u:object_r:zebra_conf_t
/var/run/\.zserv	-s	system_u:object_r:zebra_var_run_t
/var/run/\.zebra	-s	system_u:object_r:zebra_var_run_t
# Quagga
/usr/sbin/rip.*  	--	system_u:object_r:zebra_exec_t
/usr/sbin/ospf.*  	--	system_u:object_r:zebra_exec_t
/etc/quagga(/.*)?		system_u:object_r:zebra_conf_t
/var/log/quagga(/.*)?		system_u:object_r:zebra_log_t
/var/run/quagga(/.*)?		system_u:object_r:zebra_var_run_t

#
# User-specific file contexts
#

/root		-d	root:object_r:staff_home_dir_t
/root/.+			root:object_r:staff_home_t
/root/((www)|(web)|(public_html))(/.+)? root:object_r:httpd_staff_content_t
/root/\.gnupg(/.+)?	root:object_r:staff_gpg_secret_t
/root/\.ircmotd	--	root:object_r:staff_home_irc_t
/root/\.galeon(/.*)?	root:object_r:staff_mozilla_rw_t
/root/\.netscape(/.*)?	root:object_r:staff_mozilla_rw_t
/root/\.mozilla(/.*)?	root:object_r:staff_mozilla_rw_t
/root/\.phoenix(/.*)?	root:object_r:staff_mozilla_rw_t
/root/\.gconfd(/.*)?		root:object_r:staff_mozilla_rw_t
/root/\.gconf(/.*)?		root:object_r:staff_mozilla_rw_t
/root/\.gnome2/epiphany(/.*)? root:object_r:staff_mozilla_rw_t
/root/My.Downloads(/.*)?	root:object_r:staff_mozilla_rw_t
/root/\.screenrc	--	root:object_r:staff_home_screen_t
/root/\.spamassassin(/.*)?	root:object_r:staff_home_spamassassin_t
/root/\.ssh(/.*)?		root:object_r:staff_home_ssh_t
/root/\.uml(/.*)?		root:object_r:staff_uml_rw_t
/root/\.Xauthority.* --	root:object_r:staff_home_xauth_t
/root/\.default_contexts	-- 	system_u:object_r:default_context_t
/root/restore			-d	system_u:object_r:amanda_recover_dir_t
