dist/measure.selinux

   1 #
   2 # Integrity measure policy
   3 #
   4 #
   5 # PROC_SUPER_MAGIC
   6 dont_measure fsmagic=0x9fa0
   7 # dont_appraise fsmagic=0x9fa0
   8 #
   9 # SYSFS_MAGIC
  10 dont_measure fsmagic=0x62656572
  11 # dont_appraise fsmagic=0x62656572
  12 #
  13 # DEBUGFS_MAGIC
  14 dont_measure fsmagic=0x64626720
  15 # dont_appraise fsmagic=0x64626720
  16 #
  17 # TMPFS_MAGIC
  18 dont_measure fsmagic=0x01021994
  19 # dont_appraise fsmagic=0x01021994
  20 #
  21 # SECURITYFS_MAGIC
  22 dont_measure fsmagic=0x73636673
  23 # dont_appraise fsmagic=0x73636673
  24 #
  25 # SELINUXFS_MAGIC
  26 dont_measure fsmagic=0xf97cff8c
  27 # dont_appraise fsmagic=0xf97cff8c
  28 #
  29 # var_log_t files
  30 dont_measure obj_type=var_log_t
  31 # dont_appraise obj_type=var_log_t
  32 #
  33 # auditd_log_t files
  34 dont_measure obj_type=auditd_log_t
  35 # dont_appraise obj_type=auditd_log_t
  36 #
  37 # Don't measure files touched by AIDE
  38 # Fedora12
  39 #   unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 28862 20.3  0.1 30492 3396 pts/0 D+ 19:49   0:01 aide -i
  40 #     update AIDE policy e.g. "system_u:system_r:aide_t"
  41 # for now
  42 dont_measure subj_type=unconfined_t
  43 # dont_appraise obj_type=unconfined_t
  44 #
  45 #
  46 measure func=FILE_MMAP mask=MAY_EXEC
  47 measure func=BPRM_CHECK mask=MAY_EXEC
  48 # measure func=FILE_CHECK mask=MAY_READ uid=0
  49 measure func=PATH_CHECK mask=MAY_READ uid=0
  50 # appraise owner=0