Add a TOC to aid navigation and convert to markdown. Signed-off-by: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx> --- src/file_labeling_statements.md | 260 ++++++++++++-------------------- 1 file changed, 96 insertions(+), 164 deletions(-) diff --git a/src/file_labeling_statements.md b/src/file_labeling_statements.md index 34c2ca8..47d0309 100644 --- a/src/file_labeling_statements.md +++ b/src/file_labeling_statements.md @@ -1,5 +1,10 @@ # File System Labeling Statements +- [*fs_use_xattr*](#fs_use_xattr) +- [*fs_use_task*](#fs_use_task) +- [*fs_use_trans*](#fs_use_trans) +- [*genfscon*](#genfscon) + There are four types of file labeling statements: *fs_use_xattr*, *fs_use_task*, *fs_use_trans* and *genfscon* that are explained below. @@ -30,49 +35,33 @@ fs_use_xattr fs_name fs_context; **Where:** -<table> -<tbody> -<tr> -<td><code>fs_use_xattr</code></td> -<td>The <code>fs_use_xattr</code> keyword.</td> -</tr> -<tr> -<td><code>fs_name</code></td> -<td>The filesystem name that supports extended attributes. Example names are: encfs, ext2, ext3, ext4, ext4dev, gfs, gfs2, jffs2, jfs, lustre and xfs.</td> -</tr> -<tr> -<td><code>fs_context</code></td> -<td>The security context allocated to the filesystem.</td> -</tr> -</tbody> -</table> +*fs_use_xattr* + +The *fs_use_xattr* keyword. + +*fs_name* + +The filesystem name that supports extended attributes. Example names are: +*encfs*, *ext2*, *ext3*, *ext4*, *ext4dev*, *gfs*, *gfs2*, *jffs2*, *jfs*, +*lustre* and *xfs*. + +*fs_context* + +The security context allocated to the filesystem. **The statement is valid in:** -<table style="text-align:center"> -<tbody> -<tr style="background-color:#D3D3D3;"> -<td><strong>Monolithic Policy</strong></td> -<td><strong>Base Policy</strong></td> -<td><strong>Module Policy</strong></td> -</tr> -<tr> -<td>Yes</td> -<td>Yes</td> -<td>No</td> -</tr> -<tr style="background-color:#D3D3D3;"> -<td><strong>Conditional Policy <code>if</code> Statement</strong></td> -<td><strong><code>optional</code> Statement</strong></td> -<td><strong><code>require</code> Statement</strong></td> -</tr> -<tr> -<td>No</td> -<td>No</td> -<td>No</td> -</tr> -</tbody> -</table> +Policy Type + +| Monolithic Policy | Base Policy | Module Policy | +| ----------------------- | ----------------------- | ----------------------- | +| Yes | Yes | No | + +Conditional Policy Statements + +| *if* Statement | *optional* Statement | *require* Statement | +| ----------------------- | ----------------------- | ----------------------- | +| No | No | No | **Example:** @@ -99,49 +88,30 @@ fs_use_task fs_name fs_context; **Where:** -<table> -<tbody> -<tr> -<td><code>fs_use_task</code></td> -<td>The <code>fs_use_task</code> keyword.</td> -</tr> -<tr> -<td><code>fs_name</code></td> -<td>Filesystem name that supports task related services. Example valid names are: eventpollfs, pipefs and sockfs.</td> -</tr> -<tr> -<td><code>fs_context</code></td> -<td>The security context allocated to the task based filesystem.</td> -</tr> -</tbody> -</table> +*fs_use_task* + +The *fs_use_task* keyword. + +*fs_name* + +Filesystem name that supports task related services. Example valid names are: +*eventpollfs*, *pipefs* and *sockfs*. + +*fs_context* + +The security context allocated to the task based filesystem. **The statement is valid in:** -<table style="text-align:center"> -<tbody> -<tr style="background-color:#D3D3D3;"> -<td><strong>Monolithic Policy</strong></td> -<td><strong>Base Policy</strong></td> -<td><strong>Module Policy</strong></td> -</tr> -<tr> -<td>Yes</td> -<td>Yes</td> -<td>No</td> -</tr> -<tr style="background-color:#D3D3D3;"> -<td><strong>Conditional Policy <code>if</code> Statement</strong></td> -<td><strong><code>optional</code> Statement</strong></td> -<td><strong><code>require</code> Statement</strong></td> -</tr> -<tr> -<td>No</td> -<td>No</td> -<td>No</td> -</tr> -</tbody> -</table> +| Monolithic Policy | Base Policy | Module Policy | +| ----------------------- | ----------------------- | ----------------------- | +| Yes | Yes | No | + +Conditional Policy Statements + +| *if* Statement | *optional* Statement | *require* Statement | +| ----------------------- | ----------------------- | ----------------------- | +| No | No | No | **Example:** @@ -171,49 +141,30 @@ fs_use_trans fs_name fs_context; **Where:** -<table> -<tbody> -<tr> -<td><code>fs_use_trans</code></td> -<td>The <code>fs_use_trans</code> keyword.</td> -</tr> -<tr> -<td><code>fs_name</code></td> -<td>Filesystem name that supports transition rules. Example names are: mqueue, shm, tmpfs and devpts.</td> -</tr> -<tr> -<td><code>fs_context</code></td> -<td>The security context allocated to the transition based on that of the filesystem.</td> -</tr> -</tbody> -</table> +*fs_use_trans* + +The *fs_use_trans* keyword. + +*fs_name* + +Filesystem name that supports transition rules. Example names are: +*mqueue*, *shm*, *tmpfs* and *devpts*. + +*fs_context* + +The security context allocated to the transition based on that of the filesystem. **The statement is valid in:** -<table style="text-align:center"> -<tbody> -<tr style="background-color:#D3D3D3;"> -<td><strong>Monolithic Policy</strong></td> -<td><strong>Base Policy</strong></td> -<td><strong>Module Policy</strong></td> -</tr> -<tr> -<td>Yes</td> -<td>Yes</td> -<td>No</td> -</tr> -<tr style="background-color:#D3D3D3;"> -<td><strong>Conditional Policy <code>if</code> Statement</strong></td> -<td><strong><code>optional</code> Statement</strong></td> -<td><strong><code>require</code> Statement</strong></td> -</tr> -<tr> -<td>No</td> -<td>No</td> -<td>No</td> -</tr> -</tbody> -</table> +| Monolithic Policy | Base Policy | Module Policy | +| ----------------------- | ----------------------- | ----------------------- | +| Yes | Yes | No | + +Conditional Policy Statements + +| *if* Statement | *optional* Statement | *require* Statement | +| ----------------------- | ----------------------- | ----------------------- | +| No | No | No | **Example:** @@ -247,53 +198,34 @@ genfscon fs_name partial_path fs_context **Where:** -<table> -<tbody> -<tr> -<td><code>genfscon</code></td> -<td>The <code>genfscon</code> keyword.</td> -</tr> -<tr> -<td><code>fs_name</code></td> -<td>The filesystem name.</td> -</tr> -<tr> -<td><code>partial_path</code></td> -<td>If <code>fs_name</code> is <code>proc</code>, then the partial path (see the examples). For all other types, this must be <code>/</code>.</td> -</tr> -<tr> -<td><code>fs_context</code></td> -<td>The security context allocated to the filesystem</td> -</tr> -</tbody> -</table> +*genfscon* + +The *genfscon* keyword. + +*fs_name* + +The filesystem name. + +*partial_path* + +If *fs_name* is *proc*, then the partial path (see the examples). For all other +types, this must be */*. + +*fs_context* + +The security context allocated to the filesystem **The statement is valid in:** -<table style="text-align:center"> -<tbody> -<tr style="background-color:#D3D3D3;"> -<td><strong>Monolithic Policy</strong></td> -<td><strong>Base Policy</strong></td> -<td><strong>Module Policy</strong></td> -</tr> -<tr> -<td>Yes</td> -<td>Yes</td> -<td>No</td> -</tr> -<tr style="background-color:#D3D3D3;"> -<td><strong>Conditional Policy <code>if</code> Statement</strong></td> -<td><strong><code>optional</code> Statement</strong></td> -<td><strong><code>require</code> Statement</strong></td> -</tr> -<tr> -<td>No</td> -<td>No</td> -<td>No</td> -</tr> -</tbody> -</table> +| Monolithic Policy | Base Policy | Module Policy | +| ----------------------- | ----------------------- | ----------------------- | +| Yes | Yes | No | + +Conditional Policy Statements + +| *if* Statement | *optional* Statement | *require* Statement | +| ----------------------- | ----------------------- | ----------------------- | +| No | No | No | **MLS Examples:** -- 2.26.2
