{{{ oval_metadata("All device files in /dev should be assigned an SELinux security context other than 'device_t' and 'unlabeled_t'.", rule_title=rule_title) }}} /dev ^.*$ state_block_or_char_device_file ^(block|character) special$ state_selinux_dev_device_t device_t state_selinux_dev_unlabeled_t unlabeled_t