1# Label inodes with the fs label. 2genfscon rootfs / u:object_r:rootfs:s0 3# proc labeling can be further refined (longest matching prefix). 4genfscon proc / u:object_r:proc:s0 5genfscon proc /config.gz u:object_r:config_gz:s0 6genfscon proc /interrupts u:object_r:proc_interrupts:s0 7genfscon proc /iomem u:object_r:proc_iomem:s0 8genfscon proc /meminfo u:object_r:proc_meminfo:s0 9genfscon proc /misc u:object_r:proc_misc:s0 10genfscon proc /modules u:object_r:proc_modules:s0 11genfscon proc /net u:object_r:proc_net:s0 12genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid_proc:s0 13genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0 14genfscon proc /softirqs u:object_r:proc_timer:s0 15genfscon proc /stat u:object_r:proc_stat:s0 16genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0 17genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0 18genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0 19genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0 20genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0 21genfscon proc /sys/kernel/dmesg_restrict u:object_r:proc_security:s0 22genfscon proc /sys/kernel/hotplug u:object_r:usermodehelper:s0 23genfscon proc /sys/kernel/kptr_restrict u:object_r:proc_security:s0 24genfscon proc /sys/kernel/modprobe u:object_r:usermodehelper:s0 25genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security:s0 26genfscon proc /sys/kernel/perf_event_max_sample_rate u:object_r:proc_perf:s0 27genfscon proc /sys/kernel/poweroff_cmd u:object_r:usermodehelper:s0 28genfscon proc /sys/kernel/randomize_va_space u:object_r:proc_security:s0 29genfscon proc /sys/kernel/usermodehelper u:object_r:usermodehelper:s0 30genfscon proc /sys/net u:object_r:proc_net:s0 31genfscon proc /sys/vm/mmap_min_addr u:object_r:proc_security:s0 32genfscon proc /sys/vm/mmap_rnd_bits u:object_r:proc_security:s0 33genfscon proc /sys/vm/mmap_rnd_compat_bits u:object_r:proc_security:s0 34genfscon proc /sys/vm/drop_caches u:object_r:proc_drop_caches:s0 35genfscon proc /sys/vm/overcommit_memory u:object_r:proc_overcommit_memory:s0 36genfscon proc /timer_list u:object_r:proc_timer:s0 37genfscon proc /timer_stats u:object_r:proc_timer:s0 38genfscon proc /tty/drivers u:object_r:proc_tty_drivers:s0 39genfscon proc /uid_cputime/show_uid_stat u:object_r:proc_uid_cputime_showstat:s0 40genfscon proc /uid_cputime/remove_uid_range u:object_r:proc_uid_cputime_removeuid:s0 41genfscon proc /uid_io/stats u:object_r:proc_uid_io_stats:s0 42genfscon proc /uid_procstat/set u:object_r:proc_uid_procstat_set:s0 43genfscon proc /zoneinfo u:object_r:proc_zoneinfo:s0 44 45# selinuxfs booleans can be individually labeled. 46genfscon selinuxfs / u:object_r:selinuxfs:s0 47genfscon cgroup / u:object_r:cgroup:s0 48# sysfs labels can be set by userspace. 49genfscon sysfs / u:object_r:sysfs:s0 50genfscon sysfs /devices/system/cpu u:object_r:sysfs_devices_system_cpu:s0 51genfscon inotifyfs / u:object_r:inotify:s0 52genfscon vfat / u:object_r:vfat:s0 53genfscon debugfs / u:object_r:debugfs:s0 54genfscon tracefs / u:object_r:debugfs_tracing:s0 55genfscon fuse / u:object_r:fuse:s0 56genfscon configfs / u:object_r:configfs:s0 57genfscon sdcardfs / u:object_r:sdcardfs:s0 58genfscon pstore / u:object_r:pstorefs:s0 59genfscon functionfs / u:object_r:functionfs:s0 60genfscon usbfs / u:object_r:usbfs:s0 61genfscon binfmt_misc / u:object_r:binfmt_miscfs:s0 62