Object Classes and kernel

Hi, how can kernel distinguishes objects in system and object in policy? I mean. How kernel know, that this allow rule is correct to /etc/passwd and not correct for /etc itself (as dir): allow httpd_t etc_t : file { ioctl read getattr lock open } ; Ok, it is written in policy, that it is a file, but it is only a object class. Is it defined somewher, that object class 'file' is file, and object class 'dir' is directory? How can I create new object class named foo, which will be usedd for named_pipe? Regards -- Artur Szymczak | RHCE: 100-001-734 | CAcert Assurer RHCA, RHCSS, RHCX, CLE11, CNI, UCP-1, UCI, Linux+, LPIC-2 GPG: C03A 385E 5C10 82C5 6564 C1E9 3D6A 616E B15D 122D http://CodzienneChodzenieZBogiem.blogspot.com/