summaryrefslogtreecommitdiffstats
path: root/share/security
diff options
context:
space:
mode:
Diffstat (limited to 'share/security')
-rw-r--r--share/security/lomac-policy.contexts29
1 files changed, 29 insertions, 0 deletions
diff --git a/share/security/lomac-policy.contexts b/share/security/lomac-policy.contexts
new file mode 100644
index 0000000..e01bd28
--- /dev/null
+++ b/share/security/lomac-policy.contexts
@@ -0,0 +1,29 @@
+# $FreeBSD$
+#
+# This is a sample LOMAC policy based upon the PLM defined in the
+# original FreeBSD LOMAC port. It may be configured on a
+# system via setfsmac(8).
+
+.* lomac/high
+/sbin/dhclient lomac/high[low]
+/dev(/.*)? lomac/equal
+# This is not an exhaustive list of all "privileged" devices.
+/dev/mdctl lomac/high
+/dev/pci lomac/high
+/dev/k?mem lomac/high
+/dev/io lomac/high
+/dev/agp.* lomac/high
+(/var)?/tmp(/.*)? lomac/equal
+/tmp/\.X11-unix lomac/high[equal]
+/tmp/\.X11-unix/.* lomac/equal
+/proc(/.*)? lomac/equal
+/mnt.* lomac/low
+(/usr)?/home lomac/high[low]
+(/usr)?/home/.* lomac/low
+/var/mail(/.*)? lomac/low
+/var/spool/mqueue(/.*)? lomac/low
+(/mnt)?/cdrom(/.*)? lomac/high
+(/usr)?/home/(ftp|samba)(/.*)? lomac/high
+/var/log/sendmail\.st lomac/low
+/var/run/utmp lomac/equal
+/var/log/(lastlog|wtmp) lomac/equal
OpenPOWER on IntegriCloud