next up previous contents
Next: Procfs Types Up: General Types Previous: Device Types   Contents


File Types

The file.te file contains declarations for file types. At the end of the file, several rules are specified to define relationships among these file types.

The unlabeled type, unlabeled_t, is used to control access to files that do not yet support labeling. No domains are granted permissions to this type.

The default file system type, fs_t, is used to control access to the file system. This type is currently the only type defined for ext2 file systems, and it is automatically applied to an unlabeled ext2 file system when it is first mounted. All file types are allowed to be created in this file system type. All domains are allowed to get the attributes of this file system type. The kernel_t, initrc_t, and administrator domains are granted permissions to mount and unmount this type.

The default file type, file_t, is used to control access to files. This type is automatically applied to files in an unlabeled ext2 file system when it is first mounted. All root directory types can be mounted on a directory with this type. The initrc_t and administrator domains are granted permissions to use directories with this type as mount points. Every domain is granted permissions to read directories and files of this type.

The root directory type, root_t, is used to control access to the root directory. All domains are allowed to read files and directories with this type. Only the administrator domains are granted permissions to modify this type.

The lost-and-found directory type, lost_found_t, is used to control access to the lost+found directories and files. Only the file system administration program domain and the administrator domains are granted permissions to this type.

The boot type, boot_t, is used to control access to the boot directory and its files. The administrator domains can modify this type. Since /boot/kernel.h is automatically generated during system initialization, a separate type, boot_runtime_t, is defined for this file. An automatic file type transition is defined for the initrc_t domain to create this type in the boot directory type. All domains are allowed to read these two types.

The tmp directory type, tmp_t, is used to control access to temporary directories. All domains are granted permissions to create and unlink files in these directories. To provide separation among temporary files, a separate derived type is defined for each domain that creates temporary files, and an automatic file type transition is defined for each domain to create the corresponding derived type in the tmp directory type.

The etc_t type is used to control access to system configuration information. This type can be read by any domain but can only be modified by the passwd_t and administrator domains. This type can also be executed by several domains. Since several configuration files are created during system initialization, an etc_runtime_t type is also defined. Automatic file type transitions are defined for the init_t and initrc_t domains to create files of this type in the etc_t directory type. Sendmail requires write access to the aliases database and the /etc/mail directory, so separate etc_aliases_t and etc_mail_t types are defined. The sendmail_t domain can read and write these two types, and can create new files in /etc/mail.

The lib_t type is used to control access to system libraries. All domains are allowed to read this type, but only administrator domains can modify it. Several domains can execute this type.

The shlib_t type is used to control access to system shared libraries.The ld_so_t type is used to control access to system dynamic loaders. All domains are allowed to read these two types, to execute programs with the ld_so_t type, and to execute code with the shlib_t type. Only administrator domains can modify these types. The set of domains will be reviewed to determine if they all require access to shared libraries.

The bin_t type is used to control access to system binaries. All domains are allowed to read this type, and several domains are allowed to execute it. Only administrator domains can modify it. The sbin_t type is used to control access to superuser system binaries. This type is identical to bin_t except that init_t can execute it for the update program.

The man_t type is used to control access to system manual page directories and files. All domains are allowed to read this type, and the administrator domains can modify it. The system_crond_t domain can also modify it to update the whatis files.

The usr_t type is used to control access to the /usr directory. The src_t type is used to control access to system sources. These types are currently equivalent to the root directory type. They are separately defined to allow distinct permissions to be granted in the future.

The var_t type is used to control access to the /var directory. This type is currently equivalent to the root directory type, but is separately defined to allow distinct permissions to be granted in the future. Separate types are defined for several subdirectories of /var: catman_t, var_run_t, var_log_t, var_lock_t, var_lib_t, var_spool_t, and var_yp_t. The wtmp_t type is defined for the /var/log/wtmp file. All domains can read these types.

All of these types can be modified by the administrator domains. The catman_t type can be read and modified by the user domains. The var_run_t type can be modified by daemons and by the initrc_t domain. The var_log_t type can be modified by initrc_t, syslogd_t, crond_t, logrotate_t and the login domains. The var_lock_t type can be modified by initrc_t, system_crond_t, and the local login domain. The var_lib_t type can be modified by system_crond_t and logrotate_t. The var_yp_t type can be modified by ypbind_t. The wtmp_t type can be modified by init_t, initrc_t, getty_t, rlogind_t, utempter_t, and the domains for gnome-pty-helper and login.

To provide separation among files in /var/log, derived types are defined for some of the domains that create files in this directory, and the wtmp file is assigned a separate type. The logrotate program was modified to preserve the security contexts on the log files in this directory.

To provide separation among files in /var/run, derived types are defined for each domain that creates files in this directory. Consequently, the pid files are individually labeled based on the corresponding domain, and the utmp file is labeled with the initrc_var_run_t derived type. The initrc_t domain is allowed to read and unlink the derived types for the pid files for shutting down the system. Domains for init, getty, rlogind, utempter, gnome-pty-helper, su and login are granted read and write permissions to the utmp file.

The /var/spool directory is further refined into separate types for several of its subdirectories: at_spool_t, cron_spool_t, lpd_spool_t, mail_spool_t, and mqueue_spool_t. All of these types can be read or modified by the administrator domains. Each of the spool types can be accessed by the domains for the corresponding daemon and client programs. The login domains can test for the existence of mail spool files, and the user domains can read and write mail spool files. Derived types have been defined for several of these spool types to provide separation between spool files created by different user domains.


next up previous contents
Next: Procfs Types Up: General Types Previous: Device Types   Contents