1df9bd3e9SRobert Watson# 2df9bd3e9SRobert Watson# This is a sample LOMAC policy based upon the PLM defined in the 3df9bd3e9SRobert Watson# original FreeBSD LOMAC port. It may be configured on a 4df9bd3e9SRobert Watson# system via setfsmac(8). 5df9bd3e9SRobert Watson 6df9bd3e9SRobert Watson.* lomac/high 7df9bd3e9SRobert Watson/sbin/dhclient lomac/high[low] 8df9bd3e9SRobert Watson/dev(/.*)? lomac/equal 9df9bd3e9SRobert Watson# This is not an exhaustive list of all "privileged" devices. 10df9bd3e9SRobert Watson/dev/mdctl lomac/high 11df9bd3e9SRobert Watson/dev/pci lomac/high 12df9bd3e9SRobert Watson/dev/k?mem lomac/high 13df9bd3e9SRobert Watson/dev/io lomac/high 14df9bd3e9SRobert Watson/dev/agp.* lomac/high 15df9bd3e9SRobert Watson(/var)?/tmp(/.*)? lomac/equal 16df9bd3e9SRobert Watson/tmp/\.X11-unix lomac/high[equal] 17df9bd3e9SRobert Watson/tmp/\.X11-unix/.* lomac/equal 18df9bd3e9SRobert Watson/proc(/.*)? lomac/equal 19df9bd3e9SRobert Watson/mnt.* lomac/low 20df9bd3e9SRobert Watson(/usr)?/home lomac/high[low] 21df9bd3e9SRobert Watson(/usr)?/home/.* lomac/low 22df9bd3e9SRobert Watson/var/mail(/.*)? lomac/low 23df9bd3e9SRobert Watson/var/spool/mqueue(/.*)? lomac/low 24df9bd3e9SRobert Watson(/mnt)?/cdrom(/.*)? lomac/high 25df9bd3e9SRobert Watson(/usr)?/home/(ftp|samba)(/.*)? lomac/high 26df9bd3e9SRobert Watson/var/log/sendmail\.st lomac/low 270806dd92SEd Schouten/var/run/utx.active lomac/equal 280806dd92SEd Schouten/var/log/utx.(lastlogin|log) lomac/equal 29