1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
HOME_DIR/\.cache/containers(/.*)? gen_context(system_u:object_r:container_cache_home_t,s0)
HOME_DIR/\.config/containers(/.*)? gen_context(system_u:object_r:container_conf_home_t,s0)
HOME_DIR/\.config/cni(/.*)? gen_context(system_u:object_r:container_conf_home_t,s0)
HOME_DIR/\.config/docker(/.*)? gen_context(system_u:object_r:container_conf_home_t,s0)
HOME_DIR/\.local/share/containers(/.*)? gen_context(system_u:object_r:container_data_home_t,s0)
HOME_DIR/\.local/share/containers/storage/overlay(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0)
HOME_DIR/\.local/share/containers/storage/overlay2(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0)
HOME_DIR/\.local/share/containers/storage/overlay-layers(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0)
HOME_DIR/\.local/share/containers/storage/overlay2-layers(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0)
HOME_DIR/\.local/share/containers/storage/overlay-images(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0)
HOME_DIR/\.local/share/containers/storage/overlay2-images(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0)
HOME_DIR/\.local/share/containers/storage/volumes/[^/]+/.* gen_context(system_u:object_r:container_file_t,s0)
HOME_DIR/\.local/share/docker(/.*)? gen_context(system_u:object_r:container_data_home_t,s0)
HOME_DIR/\.local/share/docker/.*/config\.env -- gen_context(system_u:object_r:container_ro_file_t,s0)
HOME_DIR/\.local/share/docker/containers/.*/.*\.log -- gen_context(system_u:object_r:container_log_t,s0)
HOME_DIR/\.local/share/docker/containers/.*/hostname -- gen_context(system_u:object_r:container_ro_file_t,s0)
HOME_DIR/\.local/share/docker/containers/.*/hosts -- gen_context(system_u:object_r:container_ro_file_t,s0)
HOME_DIR/\.local/share/docker/init(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0)
HOME_DIR/\.local/share/docker/fuse-overlayfs(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0)
HOME_DIR/\.local/share/docker/volumes(/.*)? gen_context(system_u:object_r:container_file_t,s0)
HOME_DIR/\.docker(/.*)? gen_context(system_u:object_r:container_conf_home_t,s0)
/usr/bin/crun -- gen_context(system_u:object_r:container_engine_exec_t,s0)
/usr/bin/runc -- gen_context(system_u:object_r:container_engine_exec_t,s0)
/usr/lib/systemd/system/docker.* -- gen_context(system_u:object_r:container_engine_unit_t,s0)
/usr/lib/systemd/system/containerd.* -- gen_context(system_u:object_r:container_engine_unit_t,s0)
/usr/lib/systemd/system/container-.* -- gen_context(system_u:object_r:container_unit_t,s0)
/usr/sbin/runc -- gen_context(system_u:object_r:container_engine_exec_t,s0)
/opt/cni(/.*)? gen_context(system_u:object_r:container_plugin_t,s0)
/opt/local-path-provisioner(/.*)? gen_context(system_u:object_r:container_file_t,s0)
/etc/containers(/.*)? gen_context(system_u:object_r:container_config_t,s0)
/etc/cni(/.*)? gen_context(system_u:object_r:container_config_t,s0)
/etc/docker(/.*)? gen_context(system_u:object_r:container_config_t,s0)
/etc/containerd(/.*)? gen_context(system_u:object_r:container_config_t,s0)
/run/containers(/.*)? gen_context(system_u:object_r:container_runtime_t,s0)
/run/crun(/.*)? gen_context(system_u:object_r:container_runtime_t,s0)
/run/libpod(/.*)? gen_context(system_u:object_r:container_runtime_t,s0)
/run/runc(/.*)? gen_context(system_u:object_r:container_runtime_t,s0)
/run/docker(/.*)? gen_context(system_u:object_r:container_runtime_t,s0)
/run/docker\.pid -- gen_context(system_u:object_r:container_runtime_t,s0)
/run/docker\.sock -s gen_context(system_u:object_r:container_runtime_t,s0)
/run/containerd(/.*)? gen_context(system_u:object_r:container_runtime_t,s0)
/run/containerd/[^/]+/sandboxes/[^/]+/shm(/.*)? gen_context(system_u:object_r:container_engine_tmpfs_t,s0)
/run/ipcns(/.*)? gen_context(system_u:object_r:container_runtime_t,s0)
/run/pidns(/.*)? gen_context(system_u:object_r:container_runtime_t,s0)
/run/userns(/.*)? gen_context(system_u:object_r:container_runtime_t,s0)
/run/utsns(/.*)? gen_context(system_u:object_r:container_runtime_t,s0)
/run/user/%{USERID}/netns(/.*)? gen_context(system_u:object_r:container_runtime_t,s0)
/var/cache/containers(/.*)? gen_context(system_u:object_r:container_engine_cache_t,s0)
/var/lib/cni(/.*)? gen_context(system_u:object_r:container_var_lib_t,s0)
/var/lib/containers(/.*)? gen_context(system_u:object_r:container_var_lib_t,s0)
/var/lib/containers/atomic(/.*)? <<none>>
/var/lib/containers/volumes/[^/]+/.* gen_context(system_u:object_r:container_file_t,s0)
/var/lib/containers/overlay(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0)
/var/lib/containers/overlay2(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0)
/var/lib/containers/overlay-layers(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0)
/var/lib/containers/overlay-images(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0)
/var/lib/containers/overlay2-layers(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0)
/var/lib/containers/overlay2-images(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0)
/var/lib/containers/storage/overlay(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0)
/var/lib/containers/storage/overlay2(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0)
/var/lib/containers/storage/overlay-layers(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0)
/var/lib/containers/storage/overlay-images(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0)
/var/lib/containers/storage/overlay2-layers(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0)
/var/lib/containers/storage/overlay2-images(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0)
/var/lib/containers/storage/volumes/[^/]+/.* gen_context(system_u:object_r:container_file_t,s0)
/var/lib/crio(/.*)? gen_context(system_u:object_r:container_var_lib_t,s0)
/var/lib/docker(/.*)? gen_context(system_u:object_r:container_var_lib_t,s0)
/var/lib/docker/.*/config\.env -- gen_context(system_u:object_r:container_ro_file_t,s0)
/var/lib/docker/containers/.*/.*\.log -- gen_context(system_u:object_r:container_log_t,s0)
/var/lib/docker/containers/.*/hostname -- gen_context(system_u:object_r:container_ro_file_t,s0)
/var/lib/docker/containers/.*/hosts -- gen_context(system_u:object_r:container_ro_file_t,s0)
/var/lib/docker/init(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0)
/var/lib/docker/overlay(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0)
/var/lib/docker/overlay2(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0)
/var/lib/docker/volumes/[^/]+/.* gen_context(system_u:object_r:container_file_t,s0)
/var/lib/containerd(/.*)? gen_context(system_u:object_r:container_var_lib_t,s0)
/var/lib/containerd/[^/]+/sandboxes(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0)
/var/lib/containerd/[^/]+/snapshots(/.*)? gen_context(system_u:object_r:container_ro_file_t,s0)
/var/lib/kubelet(/.*)? gen_context(system_u:object_r:container_var_lib_t,s0)
/var/lib/kubelet/device-plugins(/.*)? gen_context(system_u:object_r:container_file_t,s0)
/var/lib/kubelet/pods(/.*)? gen_context(system_u:object_r:container_file_t,s0)
/var/lib/kubelet/plugins(/.*)? gen_context(system_u:object_r:container_file_t,s0)
/var/lib/kubelet/plugins_registry(/.*)? gen_context(system_u:object_r:container_file_t,s0)
/var/lib/calico(/.*)? gen_context(system_u:object_r:container_file_t,s0)
/var/lib/etcd(/.*)? gen_context(system_u:object_r:container_file_t,s0)
/var/lib/kube-proxy(/.*)? gen_context(system_u:object_r:container_file_t,s0)
/var/lib/rook(/.*)? gen_context(system_u:object_r:container_file_t,s0)
/var/lib/rook/rook-ceph/[^/]+/[^/]+/block -b gen_context(system_u:object_r:container_device_t,s0)
/var/local-path-provisioner(/.*)? gen_context(system_u:object_r:container_file_t,s0)
/var/log/containerd(/.*)? gen_context(system_u:object_r:container_log_t,s0)
/var/log/containers(/.*)? gen_context(system_u:object_r:container_log_t,s0)
/var/log/crio(/.*)? gen_context(system_u:object_r:container_log_t,s0)
/var/log/pods(/.*)? gen_context(system_u:object_r:container_log_t,s0)
/var/log/kubelet(/.*)? gen_context(system_u:object_r:container_log_t,s0)
/var/log/kubernetes(/.*)? gen_context(system_u:object_r:container_log_t,s0)
/var/log/calico(/.*)? gen_context(system_u:object_r:container_log_t,s0)
/var/log/kube-apiserver(/.*)? gen_context(system_u:object_r:container_log_t,s0)
/var/log/kube-controller-manager(/.*)? gen_context(system_u:object_r:container_log_t,s0)
/var/log/kube-proxy(/.*)? gen_context(system_u:object_r:container_log_t,s0)
/var/log/kube-scheduler(/.*)? gen_context(system_u:object_r:container_log_t,s0)
|
GitWeb