#This configuration file aids the learning process by tweaking
#the learning algorithm for specific paths.
#
#It accepts lines in the form of <command> <pathname>
#Where <command> can be inherit-learn, no-learn, inherit-no-learn,
#high-reduce-path, dont-reduce-path, protected-path, high-protected-path,
#and always-reduce-path
#
#inherit-learn, no-learn, and inherit-no-learn operate only with
#full learning
#
#high-reduce-path, dont-reduce-path, always-reduce-path, protected-path, 
#and high-protected-path operate on both full and and regular learning 
#(subject and role learning)
#
#inherit-learn changes the learning process for the specified path
#by throwing all learned accesses for every binary executed by the
#processes contained in the pathname into the subject specified
#by the pathname.  This is useful for cron in the case of full
#system learning, so that scripts that eventually end up executing
#mv or rm with privilege don't cause the root policy to grant
#that privilege to mv or rm in all cases.
#
#no-learn allows processes within the path to perform any operation
#that normal system usage would allow without restriction.  If
#a process is generating a huge number of learning logs, it may be
#best to use this command on that process and configure its policy
#manually.
#
#inherit-no-learn combines the above two cases, such that processes
#within the specified path will be able to perform any normal system
#operation without restriction as will any binaries executed by
#these processes.
#
#high-reduce-path modifies the heuristics of the learning process
#to weight in favor of reducing accesses for this path
#
#dont-reduce-path modifies the heuristics of the learning process
#so that it will never reduce accesses for this path
#
#always-reduce-path modifies the heuristics of the learning process
#so that the path specified will always have all files and directories
#within it reduced to the path specified.
#
#protected-path specifies a path on your system that is considered an
#important resource.  Any process that modifies one of these paths
#is given its own subject in the learning process, facilitating
#a secure policy.
#
#high-protected-path specifies a path that should be hidden from
#all processes but those that access it directly.  It is recommended
#to use highly sensitive files for this command.
#
#regular expressions are not supported for pathnames in this config file

always-reduce-path /dev/pts

high-reduce-path /tmp
high-reduce-path /var/tmp
high-reduce-path /proc
high-reduce-path /lib
high-reduce-path /lib64
high-reduce-path /lib/tls
high-reduce-path /lib64/tls
high-reduce-path /lib/security
high-reduce-path /lib/modules
high-reduce-path /usr/lib
high-reduce-path /usr/lib/tls
high-reduce-path /usr/lib64/tls
high-reduce-path /var/lib
high-reduce-path /usr/bin
high-reduce-path /usr/sbin
high-reduce-path /sbin
high-reduce-path /bin
high-reduce-path /usr/local/share
high-reduce-path /usr/local/bin
high-reduce-path /usr/local/sbin
high-reduce-path /usr/local/etc
high-reduce-path /usr/local/lib
high-reduce-path /usr/share
high-reduce-path /usr/share/locale
high-reduce-path /usr/share/zoneinfo
high-reduce-path /usr/X11R6/lib

dont-reduce-path /
dont-reduce-path /home
dont-reduce-path /dev
dont-reduce-path /usr
dont-reduce-path /var
dont-reduce-path /opt

protected-path /etc
protected-path /lib
protected-path /boot
protected-path /usr
protected-path /opt
protected-path /var
protected-path /dev/log
protected-path /root

high-protected-path /etc/ssh
high-protected-path /proc/kcore
high-protected-path /proc/sys
high-protected-path /proc/bus
high-protected-path /etc/shadow
high-protected-path /etc/passwd
high-protected-path /var/log
high-protected-path /dev/mem
high-protected-path /dev/kmem
high-protected-path /dev/port
high-protected-path /dev/log

inherit-learn /etc/cron.hourly
inherit-learn /etc/cron.daily
inherit-learn /etc/cron.weekly
inherit-learn /etc/cron.monthly