file contains security contexts which are applied to files on the system when a security policy installed. This file is read by the setfiles
program and uses the information to label files. Below are some examples and explanations.
# The security context for all files not otherwise specified. /.* system_u:object_r:file_t
This line sets the security context on files that do not have a specified context. system_u is the idenity for system processes and daemons and is the default identity for files owned by the system.
# The root directory.
/ -d system_u:object_r:root_t
Set the context with a type of root_t for the actual root directory (specified by the -d). /mnt
also have the type root_t.
/home/[^/]+ -d system_u:object_r:user_home_dir_t /home/[^/]+/.+ system_u:object_r:user_home_t
For the actual /home
directory, set the type to user_home_dir_t. For files underneath it, set the type to user_home_t.
You should be able to get a general understanding of everything else in this file, and it does help to have a good understanding of regular expressions.
In the middle column, you may see -- which refers to a regular file. -d refers to a directory. Nothing listed means anything is matched. If you do an "ls -l" command, the first character of the first column of output is what appears in the middle column. So if something was a symbolic link you'd see -l, -b for a block device and so forth.