-/etank/games/bf1942/bf1942/serverfiles/bf1942_lnxded.* -- gen_context(system_u:object_r:bf1942_exec_t,s0)
-/etank/games/bf1942/bf1942/serverfiles/pb/.*\.so gen_context(system_u:object_r:bf1942_exec_t,s0)
-/etank/games/bf1942/bf1942(/.*)? gen_context(system_u:object_r:bf1942_ro_t,s0)
-/etank/games/bf1942/bf1942/serverfiles/mods/[^/]+/settings gen_context(system_u:object_r:bf1942_rw_t,s0)
-/etank/games/bf1942/bf1942/serverfiles/mods/[^/]+/logs(/.*)? gen_context(system_u:object_r:bf1942_rw_t,s0)
-/etank/games/bf1942/bf1942/serverfiles/mods/[^/]+/settings/maplist.con gen_context(system_u:object_r:bf1942_rw_t,s0)
+/var/games/bf1942/bf1942/serverfiles/bf1942_lnxded.* -- gen_context(system_u:object_r:bf1942_exec_t,s0)
+/var/games/bf1942/bf1942/serverfiles/pb/.*\.so gen_context(system_u:object_r:bf1942_exec_t,s0)
+/var/games/bf1942/bf1942(/.*)? gen_context(system_u:object_r:bf1942_ro_t,s0)
+/var/games/bf1942/bf1942/serverfiles/mods/[^/]+/settings gen_context(system_u:object_r:bf1942_rw_t,s0)
+/var/games/bf1942/bf1942/serverfiles/mods/[^/]+/logs(/.*)? gen_context(system_u:object_r:bf1942_rw_t,s0)
+/var/games/bf1942/bf1942/serverfiles/mods/[^/]+/settings/maplist.con gen_context(system_u:object_r:bf1942_rw_t,s0)
-policy_module(bf1942, 0.1.6)
+policy_module(bf1942, 0.1.7)
+
+require {
+ type games_data_t;
+}
# File context for the executable process
type bf1942_t;
# The BF1942 binary executes itself
allow bf1942_t bf1942_exec_t:file execute_no_trans;
+
+list_dirs_pattern(bf1942_t, games_data_t, games_data_t)
# /opt/cod4/.+/log(/.*)? gen_context(system_u:object_r:cod4_rw_t,s0)
-/etank/games/cod4/cod4_lnxded(-bin)? -- gen_context(system_u:object_r:cod4_exec_t,s0)
-/etank/games/cod4/libstdc\+\+\.so\.6 -- gen_context(system_u:object_r:cod4_exec_t,s0)
-/etank/games/cod4/libgcc_s\.so\.1 -- gen_context(system_u:object_r:cod4_exec_t,s0)
-/etank/games/cod4(/.*)? gen_context(system_u:object_r:cod4_ro_t,s0)
-/etank/games/cod4/.callofduty4(/.*)? gen_context(system_u:object_r:cod4_rw_t,s0)
+/var/games/cod4/cod4_lnxded(-bin)? -- gen_context(system_u:object_r:cod4_exec_t,s0)
+/var/games/cod4/libstdc\+\+\.so\.6 -- gen_context(system_u:object_r:cod4_exec_t,s0)
+/var/games/cod4/libgcc_s\.so\.1 -- gen_context(system_u:object_r:cod4_exec_t,s0)
+/var/games/cod4(/.*)? gen_context(system_u:object_r:cod4_ro_t,s0)
+/var/games/cod4/.callofduty4(/.*)? gen_context(system_u:object_r:cod4_rw_t,s0)
-policy_module(cod4, 0.1.33)
+policy_module(cod4, 0.1.38)
+
+require {
+ type games_data_t;
+}
# File context for the executable process
type cod4_t;
sysnet_dns_name_resolve(cod4_t)
allow init_t cod4_t:process { noatsecure };
+
+list_dirs_pattern(cod4_t, games_data_t, games_data_t)
-/etank/games/q3a/q3ded -- gen_context(system_u:object_r:q3a_exec_t,s0)
-/etank/games/q3a/ioq3ded\.(x86_64|i386) -- gen_context(system_u:object_r:q3a_exec_t,s0)
-/etank/games/q3a/.*/qagamei386.so -- gen_context(system_u:object_r:q3a_exec_t,s0)
-/etank/games/q3a(/.*)? gen_context(system_u:object_r:q3a_ro_t,s0)
-/etank/games/q3a/.q3a(/.*)? gen_context(system_u:object_r:q3a_rw_t,s0)
+/var/games/q3a/q3ded -- gen_context(system_u:object_r:q3a_exec_t,s0)
+/var/games/q3a/ioq3ded\.(x86_64|i386) -- gen_context(system_u:object_r:q3a_exec_t,s0)
+/var/games/q3a/.*/qagamei386.so -- gen_context(system_u:object_r:q3a_exec_t,s0)
+/var/games/q3a(/.*)? gen_context(system_u:object_r:q3a_ro_t,s0)
+/var/games/q3a/.q3a(/.*)? gen_context(system_u:object_r:q3a_rw_t,s0)
-policy_module(q3a, 0.1.25)
+policy_module(q3a, 0.1.26)
+
+require {
+ type games_data_t;
+}
# File context for the executable process
type q3a_t;
dev_read_urand(q3a_t)
allow q3a_t self:process execmem;
+
+list_dirs_pattern(q3a_t, games_data_t, games_data_t)
-/etank/games/quake2/quake2/quake2ded([^/]*)? -- gen_context(system_u:object_r:quake2_exec_t,s0)
-/etank/games/quake2/quake2/.*/game(x86_64|i386)\.so -- gen_context(system_u:object_r:quake2_exec_t,s0)
-/etank/games/quake2/quake2(/.*)? gen_context(system_u:object_r:quake2_ro_t,s0)
-/etank/games/quake2/quake2/lithium/save(/.*)? gen_context(system_u:object_r:quake2_rw_t,s0)
-/etank/games/quake2/quake2/lithium/log(/.*)? gen_context(system_u:object_r:quake2_rw_t,s0)
-/etank/games/quake2/quake2/lithium/.*log gen_context(system_u:object_r:quake2_rw_t,s0)
-#/etank/games/quake2/.quake2(/.*)? gen_context(system_u:object_r:quake2_rw_t,s0)
+/var/games/quake2/quake2/quake2ded([^/]*)? -- gen_context(system_u:object_r:quake2_exec_t,s0)
+/var/games/quake2/quake2/.*/game(x86_64|i386)\.so -- gen_context(system_u:object_r:quake2_exec_t,s0)
+/var/games/quake2/quake2(/.*)? gen_context(system_u:object_r:quake2_ro_t,s0)
+/var/games/quake2/quake2/lithium/save(/.*)? gen_context(system_u:object_r:quake2_rw_t,s0)
+/var/games/quake2/quake2/lithium/log(/.*)? gen_context(system_u:object_r:quake2_rw_t,s0)
+/var/games/quake2/quake2/lithium/.*log gen_context(system_u:object_r:quake2_rw_t,s0)
+#/var/games/quake2/.quake2(/.*)? gen_context(system_u:object_r:quake2_rw_t,s0)
-policy_module(quake2, 0.1.11)
+policy_module(quake2, 0.1.12)
+
+require {
+ type games_data_t;
+}
# File context for the executable process
type quake2_t;
sysnet_dns_name_resolve(quake2_t)
allow quake2_t self:process execmem;
+
+list_dirs_pattern(quake2_t, games_data_t, games_data_t)
-/etank/games/tesseract/tesseract/bin_unix/linux(_64)?_(server|client) -- gen_context(system_u:object_r:tesseract_exec_t,s0)
-/etank/games/tesseract/tesseract(/.*)? gen_context(system_u:object_r:tesseract_ro_t,s0)
+/var/games/tesseract/tesseract/bin_unix/linux(_64)?_(server|client) -- gen_context(system_u:object_r:tesseract_exec_t,s0)
+/var/games/tesseract/tesseract(/.*)? gen_context(system_u:object_r:tesseract_ro_t,s0)
-/etank/games/tf2/tf2/bin(/.*)? -- gen_context(system_u:object_r:tf2_exec_t,s0)
-/etank/games/tf2/tf2/srcds_linux -- gen_context(system_u:object_r:tf2_exec_t,s0)
-/etank/games/tf2/tf2/tf/bin/server_srv.so -- gen_context(system_u:object_r:tf2_exec_t,s0)
-/etank/games/tf2/Steam/linux32/steamclient.so -- gen_context(system_u:object_r:tf2_exec_t,s0)
-/etank/games/tf2(/.*)? gen_context(system_u:object_r:tf2_ro_t,s0)
-/etank/games/tf2/Steam/update.sh gen_context(system_u:object_r:usr_t,s0)
-/etank/games/tf2/tf2/steam_appid.txt gen_context(system_u:object_r:tf2_rw_t,s0)
-/etank/games/tf2/tf2/tf/downloadlists(/.*)? gen_context(system_u:object_r:tf2_rw_t,s0)
-/etank/games/tf2/Steam/config(/.*)? gen_context(system_u:object_r:tf2_rw_t,s0)
-/etank/games/tf2/Steam/logs(/.*)? gen_context(system_u:object_r:tf2_rw_t,s0)
-/etank/games/tf2/tf2/tf/modelsounds.cache gen_context(system_u:object_r:tf2_rw_t,s0)
-/etank/games/tf2/tf2/tf/maps(/.*)? gen_context(system_u:object_r:tf2_ro_t,s0)
-/etank/games/tf2/tf2/tf/maps -d gen_context(system_u:object_r:tf2_rw_t,s0)
-/etank/games/tf2/tf2/tf/maps/(graphs|workshop)(/.*)? gen_context(system_u:object_r:tf2_rw_t,s0)
+/var/games/tf2/tf2/bin(/.*)? -- gen_context(system_u:object_r:tf2_exec_t,s0)
+/var/games/tf2/tf2/srcds_linux -- gen_context(system_u:object_r:tf2_exec_t,s0)
+/var/games/tf2/tf2/tf/bin/server_srv.so -- gen_context(system_u:object_r:tf2_exec_t,s0)
+/var/games/tf2/Steam/linux32/steamclient.so -- gen_context(system_u:object_r:tf2_exec_t,s0)
+/var/games/tf2(/.*)? gen_context(system_u:object_r:tf2_ro_t,s0)
+/var/games/tf2/Steam/update.sh gen_context(system_u:object_r:usr_t,s0)
+/var/games/tf2/tf2/steam_appid.txt gen_context(system_u:object_r:tf2_rw_t,s0)
+/var/games/tf2/tf2/tf/downloadlists(/.*)? gen_context(system_u:object_r:tf2_rw_t,s0)
+/var/games/tf2/Steam/config(/.*)? gen_context(system_u:object_r:tf2_rw_t,s0)
+/var/games/tf2/Steam/logs(/.*)? gen_context(system_u:object_r:tf2_rw_t,s0)
+/var/games/tf2/tf2/tf/modelsounds.cache gen_context(system_u:object_r:tf2_rw_t,s0)
+/var/games/tf2/tf2/tf/maps(/.*)? gen_context(system_u:object_r:tf2_ro_t,s0)
+/var/games/tf2/tf2/tf/maps -d gen_context(system_u:object_r:tf2_rw_t,s0)
+/var/games/tf2/tf2/tf/maps/(graphs|workshop)(/.*)? gen_context(system_u:object_r:tf2_rw_t,s0)
-policy_module(tf2, 0.1.29)
+policy_module(tf2, 0.1.30)
require {
type default_t;
+ type games_data_t;
}
# File context for the executable process
allow init_t tf2_t:process { noatsecure };
allow tf2_t self:process execmem;
+
+list_dirs_pattern(tf2_t, games_data_t, games_data_t)
-/etank/games/ut2004/ut2004/System/(ucc-bin|ucc-bin-linux-amd64) -- gen_context(system_u:object_r:ut2004_exec_t,s0)
-/etank/games/ut2004/ut2004(/.*)? gen_context(system_u:object_r:ut2004_ro_t,s0)
-/etank/games/ut2004/ut2004/System/UCC.log gen_context(system_u:object_r:ut2004_rw_t,s0)
-/etank/games/ut2004/ut2004/System/.*\.ini gen_context(system_u:object_r:ut2004_rw_t,s0)
+/var/games/ut2004/ut2004/System/(ucc-bin|ucc-bin-linux-amd64) -- gen_context(system_u:object_r:ut2004_exec_t,s0)
+/var/games/ut2004/ut2004(/.*)? gen_context(system_u:object_r:ut2004_ro_t,s0)
+/var/games/ut2004/ut2004/System/UCC.log gen_context(system_u:object_r:ut2004_rw_t,s0)
+/var/games/ut2004/ut2004/System/.*\.ini gen_context(system_u:object_r:ut2004_rw_t,s0)