xref: /freebsd/share/security/lomac-policy.contexts (revision d4eeb02986980bf33dd56c41ceb9fc5f180c0d47)
1# $FreeBSD$
2#
3# This is a sample LOMAC policy based upon the PLM defined in the
4# original FreeBSD LOMAC port.  It may be configured on a
5# system via setfsmac(8).
6
7.*				lomac/high
8/sbin/dhclient			lomac/high[low]
9/dev(/.*)?			lomac/equal
10# This is not an exhaustive list of all "privileged" devices.
11/dev/mdctl			lomac/high
12/dev/pci			lomac/high
13/dev/k?mem			lomac/high
14/dev/io				lomac/high
15/dev/agp.*			lomac/high
16(/var)?/tmp(/.*)?		lomac/equal
17/tmp/\.X11-unix			lomac/high[equal]
18/tmp/\.X11-unix/.*		lomac/equal
19/proc(/.*)?			lomac/equal
20/mnt.*				lomac/low
21(/usr)?/home			lomac/high[low]
22(/usr)?/home/.*			lomac/low
23/var/mail(/.*)?			lomac/low
24/var/spool/mqueue(/.*)?		lomac/low
25(/mnt)?/cdrom(/.*)?		lomac/high
26(/usr)?/home/(ftp|samba)(/.*)?	lomac/high
27/var/log/sendmail\.st		lomac/low
28/var/run/utx.active		lomac/equal
29/var/log/utx.(lastlogin|log)	lomac/equal
30