The procfs.te file contains declarations for types used for the pseudo files in /proc. The proc_t type is the type for the /proc directory and its files. All domains are allowed to read this type. Due to the highly sensitive nature of the kmsg and kcore files, separate types are defined for these files: proc_kmsg_t and proc_kcore_t. Only the domain for klogd is allowed to read the proc_kmsg_t type. Currently, no domain is allowed to read the proc_kcore_t type.
The process-specific subdirectories of /proc are labeled with the domain of the corresponding process. Each domain is allowed to read files labeled with the domain. The initrc_t and administrator domains are allowed to read files labeled with any domain.
The sysctl_t type is the type for the /proc/sys directory and its files. A separate type is defined for several of the subdirectories of /proc/sys: sysctl_fs_t, sysctl_kernel_t, sysctl_net_t, sysctl_vm_t, and sysctl_dev_t. Since the modprobe path is especially security-critical, a separate type, sysctl_modprobe_t, is defined for /proc/sys/kernel/modprobe. These types are also used to control the use of the sysctl system call. All domains are allowed to read these types. Only the initrc_t domain and the administrator domains are allowed to write these types.