xref: /freebsd/share/security/lomac-policy.contexts (revision a03411e84728e9b267056fd31c7d1d9d1dc1b01e)
1#
2# This is a sample LOMAC policy based upon the PLM defined in the
3# original FreeBSD LOMAC port.  It may be configured on a
4# system via setfsmac(8).
5
6.*				lomac/high
7/sbin/dhclient			lomac/high[low]
8/dev(/.*)?			lomac/equal
9# This is not an exhaustive list of all "privileged" devices.
10/dev/mdctl			lomac/high
11/dev/pci			lomac/high
12/dev/k?mem			lomac/high
13/dev/io				lomac/high
14/dev/agp.*			lomac/high
15(/var)?/tmp(/.*)?		lomac/equal
16/tmp/\.X11-unix			lomac/high[equal]
17/tmp/\.X11-unix/.*		lomac/equal
18/proc(/.*)?			lomac/equal
19/mnt.*				lomac/low
20(/usr)?/home			lomac/high[low]
21(/usr)?/home/.*			lomac/low
22/var/mail(/.*)?			lomac/low
23/var/spool/mqueue(/.*)?		lomac/low
24(/mnt)?/cdrom(/.*)?		lomac/high
25(/usr)?/home/(ftp|samba)(/.*)?	lomac/high
26/var/log/sendmail\.st		lomac/low
27/var/run/utx.active		lomac/equal
28/var/log/utx.(lastlogin|log)	lomac/equal
29