admin,acct.if,acct_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 acct_exec_t:file { getattr read execute };
allow $1 acct_t:process transition;
allow acct_t $1:fd use;
allow acct_t $1:fifo_file { getattr read write append ioctl lock };
allow acct_t $1:process sigchld;
admin,acct.if,acct_exec'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 acct_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
admin,acct.if,acct_exec_data'
allow $1 var_t:dir { getattr search };
allow $1 acct_data_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
admin,acct.if,acct_manage_data'
allow $1 var_t:dir { getattr search };
allow $1 acct_data_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 acct_data_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 acct_data_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 acct_data_t:lnk_file { create read getattr setattr unlink rename };
admin,alsa.if,alsa_domtrans'
allow $1 alsa_exec_t:file { getattr read execute };
allow $1 alsa_t:process transition;
allow alsa_t $1:fd use;
allow alsa_t $1:fifo_file { getattr read write append ioctl lock };
allow alsa_t $1:process sigchld;
admin,alsa.if,alsa_rw_semaphores'
allow $1 alsa_t:sem { unix_read unix_write associate read write };
admin,alsa.if,alsa_rw_shared_mem'
allow $1 alsa_t:shm { unix_read unix_write { associate getattr setattr create destroy read write lock unix_read unix_write } };
admin,alsa.if,alsa_read_rw_config'
allow $1 alsa_etc_rw_t:dir { getattr search read lock ioctl };
allow $1 alsa_etc_rw_t:dir { getattr search };
allow $1 alsa_etc_rw_t:file { getattr read lock ioctl };
allow $1 alsa_etc_rw_t:dir { getattr search };
allow $1 alsa_etc_rw_t:lnk_file { getattr read };
admin,alsa.if,alsa_read_lib'
allow $1 alsa_var_lib_t:dir { getattr search };
allow $1 alsa_var_lib_t:file { getattr read lock ioctl };
admin,amanda.if,amanda_domtrans_recover'
allow $1 amanda_recover_exec_t:file { getattr read execute };
allow $1 amanda_recover_t:process transition;
allow amanda_recover_t $1:fd use;
allow amanda_recover_t $1:fifo_file { getattr read write append ioctl lock };
allow amanda_recover_t $1:process sigchld;
admin,amanda.if,amanda_run_recover'
admin,amanda.if,amanda_search_lib'
allow $1 amanda_usr_lib_t:dir { getattr search };
allow $1 usr_t:dir { getattr search };
admin,amanda.if,amanda_dontaudit_read_dumpdates'
admin,amanda.if,amanda_rw_dumpdates_files'
allow $1 amanda_dumpdates_t:file { getattr read write append ioctl lock };
admin,amanda.if,amanda_manage_lib'
allow $1 amanda_usr_lib_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 usr_t:dir { getattr search };
admin,amanda.if,amanda_append_log_files'
allow $1 amanda_log_t:file { { getattr read lock ioctl } { getattr append lock ioctl } };
admin,amanda.if,amanda_search_var_lib'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 amanda_var_lib_t:dir { getattr search };
admin,amtu.if,amtu_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 amtu_exec_t:file { getattr read execute };
allow $1 amtu_t:process transition;
allow amtu_t $1:fd use;
allow amtu_t $1:fifo_file { getattr read write append ioctl lock };
allow amtu_t $1:process sigchld;
admin,amtu.if,amtu_run'
admin,apt.if,apt_domtrans'
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 apt_exec_t:file { getattr read execute };
allow $1 apt_t:process transition;
allow apt_t $1:fd use;
allow apt_t $1:fifo_file { getattr read write append ioctl lock };
allow apt_t $1:process sigchld;
admin,apt.if,apt_run'
admin,apt.if,apt_use_fds'
allow $1 apt_t:fd use;
admin,apt.if,apt_read_pipes'
allow $1 apt_t:fifo_file { getattr read lock ioctl };
admin,apt.if,apt_rw_pipes'
allow $1 apt_t:fifo_file { getattr read write append ioctl lock };
admin,apt.if,apt_use_ptys'
allow $1 apt_devpts_t:chr_file { getattr read write ioctl };
admin,apt.if,apt_read_db'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 apt_var_lib_t:dir { getattr search read lock ioctl };
allow $1 apt_var_lib_t:dir { getattr search };
allow $1 apt_var_lib_t:file { getattr read lock ioctl };
allow $1 apt_var_lib_t:dir { getattr search };
allow $1 apt_var_lib_t:lnk_file { getattr read };
admin,apt.if,apt_manage_db'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 apt_var_lib_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 apt_var_lib_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 apt_var_lib_t:dir { getattr search };
allow $1 apt_var_lib_t:lnk_file { getattr read write lock ioctl };
allow $1 apt_var_lib_t:dir { getattr search lock ioctl write remove_name };
allow $1 apt_var_lib_t:lnk_file { getattr unlink };
admin,apt.if,apt_dontaudit_manage_db'
admin,backup.if,backup_domtrans'
allow $1 backup_exec_t:file { getattr read execute };
allow $1 backup_t:process transition;
allow backup_t $1:fd use;
allow backup_t $1:fifo_file { getattr read write append ioctl lock };
allow backup_t $1:process sigchld;
admin,backup.if,backup_run'
admin,bootloader.if,bootloader_domtrans'
allow $1 bootloader_exec_t:file { getattr read execute };
allow $1 bootloader_t:process transition;
allow bootloader_t $1:fd use;
allow bootloader_t $1:fifo_file { getattr read write append ioctl lock };
allow bootloader_t $1:process sigchld;
admin,bootloader.if,bootloader_run'
admin,bootloader.if,bootloader_read_config'
allow $1 bootloader_etc_t:file { getattr read lock ioctl };
admin,bootloader.if,bootloader_rw_config'
allow $1 bootloader_etc_t:file { getattr read write append ioctl lock };
admin,bootloader.if,bootloader_rw_tmp_files'
allow $1 bootloader_tmp_t:file { getattr read write append ioctl lock };
admin,bootloader.if,bootloader_create_runtime_file'
allow $1 boot_runtime_t:file { { getattr create open } { getattr read write append ioctl lock } };
allow $1 boot_t:dir { read getattr lock search ioctl add_name remove_name write };
admin,brctl.if,brctl_domtrans'
allow $1 brctl_exec_t:file { getattr read execute };
allow $1 brctl_t:process transition;
allow brctl_t $1:fd use;
allow brctl_t $1:fifo_file { getattr read write append ioctl lock };
allow brctl_t $1:process sigchld;
admin,certwatch.if,certwatch_domtrans'
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 certwatch_exec_t:file { getattr read execute };
allow $1 certwatch_t:process transition;
allow certwatch_t $1:fd use;
allow certwatch_t $1:fifo_file { getattr read write append ioctl lock };
allow certwatch_t $1:process sigchld;
admin,certwatch.if,certwatch_run'
admin,certwatch.if,certwatach_run'
admin,consoletype.if,consoletype_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 consoletype_exec_t:file { getattr read execute };
allow $1 consoletype_t:process transition;
allow consoletype_t $1:fd use;
allow consoletype_t $1:fifo_file { getattr read write append ioctl lock };
allow consoletype_t $1:process sigchld;
admin,consoletype.if,consoletype_run'
admin,consoletype.if,consoletype_exec'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 consoletype_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
admin,ddcprobe.if,ddcprobe_domtrans'
allow $1 ddcprobe_exec_t:file { getattr read execute };
allow $1 ddcprobe_t:process transition;
allow ddcprobe_t $1:fd use;
allow ddcprobe_t $1:fifo_file { getattr read write append ioctl lock };
allow ddcprobe_t $1:process sigchld;
admin,ddcprobe.if,ddcprobe_run'
admin,dmesg.if,dmesg_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 dmesg_exec_t:file { getattr read execute };
allow $1 dmesg_t:process transition;
allow dmesg_t $1:fd use;
allow dmesg_t $1:fifo_file { getattr read write append ioctl lock };
allow dmesg_t $1:process sigchld;
admin,dmesg.if,dmesg_exec'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 dmesg_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
admin,dmidecode.if,dmidecode_domtrans'
allow $1 dmidecode_exec_t:file { getattr read execute };
allow $1 dmidecode_t:process transition;
allow $1 dmidecode_t:fd use;
allow dmidecode_t $1:fd use;
allow dmidecode_t $1:fifo_file { getattr read write append ioctl lock };
allow dmidecode_t $1:process sigchld;
admin,dmidecode.if,dmidecode_run'
admin,dpkg.if,dpkg_domtrans'
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 dpkg_exec_t:file { getattr read execute };
allow $1 dpkg_t:process transition;
allow dpkg_t $1:fd use;
allow dpkg_t $1:fifo_file { getattr read write append ioctl lock };
allow dpkg_t $1:process sigchld;
admin,dpkg.if,dpkg_domtrans_script'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search read lock ioctl };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:lnk_file { getattr read };
allow $1 shell_exec_t:file { getattr read execute };
allow $1 dpkg_script_t:process transition;
allow dpkg_script_t $1:fd use;
allow dpkg_script_t $1:fifo_file { getattr read write append ioctl lock };
allow dpkg_script_t $1:process sigchld;
admin,dpkg.if,dpkg_run'
allow dpkg_script_t bin_t:dir { getattr search };
allow dpkg_script_t bin_t:dir { getattr search };
allow dpkg_script_t load_policy_exec_t:file { getattr read execute };
allow dpkg_script_t load_policy_t:process transition;
allow load_policy_t dpkg_script_t:fd use;
allow load_policy_t dpkg_script_t:fifo_file { getattr read write append ioctl lock };
allow load_policy_t dpkg_script_t:process sigchld;
admin,dpkg.if,dpkg_use_fds'
allow $1 dpkg_t:fd use;
admin,dpkg.if,dpkg_read_pipes'
allow $1 dpkg_t:fifo_file { getattr read lock ioctl };
admin,dpkg.if,dpkg_rw_pipes'
allow $1 dpkg_t:fifo_file { getattr read write append ioctl lock };
admin,dpkg.if,dpkg_use_script_fds'
allow $1 dpkg_script_t:fd use;
admin,dpkg.if,dpkg_read_db'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 dpkg_var_lib_t:dir { getattr search read lock ioctl };
allow $1 dpkg_var_lib_t:dir { getattr search };
allow $1 dpkg_var_lib_t:file { getattr read lock ioctl };
allow $1 dpkg_var_lib_t:dir { getattr search };
allow $1 dpkg_var_lib_t:lnk_file { getattr read };
admin,dpkg.if,dpkg_manage_db'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 dpkg_var_lib_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 dpkg_var_lib_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 dpkg_var_lib_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 dpkg_var_lib_t:lnk_file { create read getattr setattr unlink rename };
admin,dpkg.if,dpkg_dontaudit_manage_db'
admin,dpkg.if,dpkg_lock_db'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 dpkg_var_lib_t:dir { getattr search read lock ioctl };
allow $1 dpkg_lock_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
admin,firstboot.if,firstboot_domtrans'
allow $1 firstboot_exec_t:file { getattr read execute };
allow $1 firstboot_t:process transition;
allow firstboot_t $1:fd use;
allow firstboot_t $1:fifo_file { getattr read write append ioctl lock };
allow firstboot_t $1:process sigchld;
admin,firstboot.if,firstboot_run'
admin,firstboot.if,firstboot_use_fds'
allow $1 firstboot_t:fd use;
admin,firstboot.if,firstboot_dontaudit_use_fds'
admin,firstboot.if,firstboot_write_pipes'
allow $1 firstboot_t:fifo_file write;
admin,firstboot.if,firstboot_rw_pipes'
allow $1 firstboot_t:fifo_file { read write };
admin,firstboot.if,firstboot_dontaudit_rw_pipes'
admin,firstboot.if,firstboot_dontaudit_rw_stream_sockets'
admin,kismet.if,kismet_domtrans'
allow $1 kismet_exec_t:file { getattr read execute };
allow $1 kismet_t:process transition;
allow kismet_t $1:fd use;
allow kismet_t $1:fifo_file { getattr read write append ioctl lock };
allow kismet_t $1:process sigchld;
admin,kismet.if,kismet_run'
admin,kismet.if,kismet_read_pid_files'
allow $1 kismet_var_run_t:file { getattr read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
admin,kismet.if,kismet_manage_pid_files'
allow $1 kismet_var_run_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
admin,kismet.if,kismet_search_lib'
allow $1 kismet_var_lib_t:dir { getattr search };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
admin,kismet.if,kismet_read_lib_files'
allow $1 kismet_var_lib_t:file { getattr read lock ioctl };
allow $1 kismet_var_lib_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
admin,kismet.if,kismet_manage_lib_files'
allow $1 kismet_var_lib_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 kismet_var_lib_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
admin,kismet.if,kismet_manage_lib'
allow $1 kismet_var_lib_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 kismet_var_lib_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 kismet_var_lib_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 kismet_var_lib_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 kismet_var_lib_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 kismet_var_lib_t:lnk_file { create read getattr setattr unlink rename };
admin,kismet.if,kismet_read_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 kismet_log_t:dir { getattr search };
allow $1 kismet_log_t:file { getattr read lock ioctl };
admin,kismet.if,kismet_append_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 kismet_log_t:dir { getattr search };
allow $1 kismet_log_t:file { getattr append lock ioctl };
admin,kismet.if,kismet_manage_log'
allow $1 kismet_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 kismet_log_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 kismet_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 kismet_log_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 kismet_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 kismet_log_t:lnk_file { create read getattr setattr unlink rename };
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
admin,kismet.if,kismet_admin'
allow $1 kismet_t:dir { search getattr read };
allow $1 kismet_t:{ file lnk_file } { read getattr };
allow $1 kismet_t:process getattr;
allow $1 kismet_t:process { ptrace { sigchld sigkill sigstop signull signal } };
admin,kudzu.if,kudzu_domtrans'
allow $1 kudzu_exec_t:file { getattr read execute };
allow $1 kudzu_t:process transition;
allow kudzu_t $1:fd use;
allow kudzu_t $1:fifo_file { getattr read write append ioctl lock };
allow kudzu_t $1:process sigchld;
admin,kudzu.if,kudzu_run'
admin,kudzu.if,kudzu_getattr_exec_files'
allow $1 kudzu_exec_t:file getattr;
admin,logrotate.if,logrotate_domtrans'
allow $1 logrotate_exec_t:file { getattr read execute };
allow $1 logrotate_t:process transition;
allow logrotate_t $1:fd use;
allow logrotate_t $1:fifo_file { getattr read write append ioctl lock };
allow logrotate_t $1:process sigchld;
admin,logrotate.if,logrotate_run'
admin,logrotate.if,logrotate_exec'
allow $1 logrotate_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
admin,logrotate.if,logrotate_use_fds'
allow $1 logrotate_t:fd use;
admin,logrotate.if,logrotate_dontaudit_use_fds'
admin,logrotate.if,logrotate_read_tmp_files'
allow $1 tmp_t:dir { getattr search };
allow $1 logrotate_tmp_t:file { getattr read lock ioctl };
admin,logwatch.if,logwatch_read_tmp_files'
allow $1 tmp_t:dir { getattr search };
allow $1 logwatch_tmp_t:file { getattr read lock ioctl };
admin,logwatch.if,logwatch_search_cache_dir'
allow $1 logwatch_cache_t:dir { getattr search };
admin,mrtg.if,mrtg_append_create_logs'
allow $1 mrtg_log_t:dir { getattr search };
allow $1 mrtg_log_t:file { getattr append lock ioctl };
allow $1 mrtg_log_t:dir { getattr search lock ioctl write add_name };
allow $1 mrtg_log_t:file { getattr create open };
admin,netutils.if,netutils_domtrans'
allow $1 netutils_exec_t:file { getattr read execute };
allow $1 netutils_t:process transition;
allow netutils_t $1:fd use;
allow netutils_t $1:fifo_file { getattr read write append ioctl lock };
allow netutils_t $1:process sigchld;
admin,netutils.if,netutils_run'
admin,netutils.if,netutils_exec'
allow $1 netutils_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
admin,netutils.if,netutils_signal'
allow $1 netutils_t:process signal;
admin,netutils.if,netutils_domtrans_ping'
allow $1 ping_exec_t:file { getattr read execute };
allow $1 ping_t:process transition;
allow ping_t $1:fd use;
allow ping_t $1:fifo_file { getattr read write append ioctl lock };
allow ping_t $1:process sigchld;
admin,netutils.if,netutils_kill_ping'
allow $1 ping_t:process sigkill;
admin,netutils.if,netutils_signal_ping'
allow $1 ping_t:process signal;
admin,netutils.if,netutils_run_ping'
admin,netutils.if,netutils_run_ping_cond'
admin,netutils.if,netutils_exec_ping'
allow $1 ping_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
admin,netutils.if,netutils_domtrans_traceroute'
allow $1 traceroute_exec_t:file { getattr read execute };
allow $1 traceroute_t:process transition;
allow traceroute_t $1:fd use;
allow traceroute_t $1:fifo_file { getattr read write append ioctl lock };
allow traceroute_t $1:process sigchld;
admin,netutils.if,netutils_run_traceroute'
admin,netutils.if,netutils_run_traceroute_cond'
admin,netutils.if,netutils_exec_traceroute'
allow $1 traceroute_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
admin,portage.if,portage_domtrans'
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 portage_exec_t:file { getattr read execute };
allow $1 portage_t:process transition;
allow portage_t $1:fd use;
allow portage_t $1:fifo_file { getattr read write append ioctl lock };
allow portage_t $1:process sigchld;
admin,portage.if,portage_run'
admin,portage.if,portage_compile_domain'
allow $1 self:capability { fowner fsetid mknod setgid setuid chown dac_override net };
allow $1 self:process { setpgid setsched setrlimit { sigchld sigkill sigstop signull signal } execmem };
allow $1 self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow $1 self:fd use;
allow $1 self:fifo_file { getattr read write append ioctl lock };
allow $1 self:shm { associate getattr setattr create destroy read write lock unix_read unix_write };
allow $1 self:sem { associate getattr setattr create destroy read write unix_read unix_write };
allow $1 self:msgq { associate getattr setattr create destroy read write enqueue unix_read unix_write };
allow $1 self:msg { send receive };
allow $1 self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 self:unix_stream_socket { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } listen accept };
allow $1 self:unix_dgram_socket sendto;
allow $1 self:unix_stream_socket connectto;
allow $1 self:tcp_socket { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } listen accept };
allow $1 self:udp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 self:rawip_socket { create ioctl };
allow $1 self:netlink_selinux_socket { bind create read };
allow $1 self:dbus send_msg;
allow $1 portage_devpts_t:chr_file { { getattr read write append ioctl lock } setattr };
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 ptmx_t:chr_file { getattr read write append ioctl lock };
allow $1 devpts_t:dir { getattr search read lock ioctl };
allow $1 devpts_t:filesystem getattr;
allow $1 portage_log_t:dir setattr;
allow $1 portage_log_t:file { { getattr write append lock ioctl } setattr };
allow portage_sandbox_t portage_tmp_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1 portage_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 portage_tmp_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 portage_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 portage_tmp_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 portage_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 portage_tmp_t:lnk_file { create read getattr setattr unlink rename };
allow $1 portage_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 portage_tmp_t:fifo_file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 portage_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 portage_tmp_t:sock_file { create getattr setattr read write rename link unlink ioctl lock append };
allow $1 tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 portage_tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 portage_tmpfs_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 portage_tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 portage_tmpfs_t:lnk_file { create read getattr setattr unlink rename };
allow $1 portage_tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 portage_tmpfs_t:fifo_file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 portage_tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 portage_tmpfs_t:sock_file { create getattr setattr read write rename link unlink ioctl lock append };
allow portage_tmpfs_t tmpfs_t:filesystem associate;
allow $1 tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:file { getattr read lock ioctl };
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:lnk_file { getattr read };
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:dir { getattr search read lock ioctl };
allow $1 { proc_t proc_net_t }:dir { getattr search };
allow $1 proc_net_t:file { getattr read lock ioctl };
allow $1 { proc_t proc_net_t }:dir { getattr search };
allow $1 proc_net_t:lnk_file { getattr read };
allow $1 proc_t:dir { getattr search };
allow $1 proc_net_t:dir { getattr search read lock ioctl };
allow $1 proc_t:dir { getattr search };
allow $1 proc_mdstat_t:file { getattr read lock ioctl };
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:dir { getattr search read lock ioctl };
allow $1 proc_t:dir { getattr search };
allow $1 proc_kcore_t:file { getattr };
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:dir { getattr search read lock ioctl };
allow $1 proc_t:dir { getattr search };
allow $1 proc_kmsg_t:file { getattr };
allow $1 { proc_t sysctl_t sysctl_kernel_t }:dir { getattr search };
allow $1 sysctl_kernel_t:file { getattr read lock ioctl };
allow $1 { proc_t sysctl_t }:dir { getattr search };
allow $1 sysctl_kernel_t:dir { getattr search read lock ioctl };
allow $1 exec_type:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search read lock ioctl };
allow $1 bin_t:dir { getattr search };
allow $1 exec_type:lnk_file { getattr read };
allow $1 unlabeled_t:tcp_socket recvfrom;
allow $1 unlabeled_t:udp_socket recvfrom;
allow $1 unlabeled_t:rawip_socket recvfrom;
allow $1 unlabeled_t:peer recv;
allow $1 unlabeled_t:association { sendto recvfrom };
allow $1 unlabeled_t:packet { send recv };
allow $1 netlabel_peer_t:peer recv;
allow $1 netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow $1 netif_t:netif { tcp_send tcp_recv egress ingress };
allow $1 netif_t:netif { udp_send egress };
allow $1 netif_t:netif { udp_recv ingress };
allow $1 netif_t:netif { rawip_send egress };
allow $1 netif_t:netif { rawip_recv ingress };
allow $1 node_type:node { tcp_send tcp_recv sendto recvfrom };
allow $1 node_type:node { udp_send sendto };
allow $1 node_type:node { udp_recv recvfrom };
allow $1 node_type:node { rawip_send sendto };
allow $1 node_type:node { rawip_recv recvfrom };
allow $1 port_type:tcp_socket { send_msg recv_msg };
allow $1 port_type:udp_socket send_msg;
allow $1 port_type:udp_socket recv_msg;
allow $1 reserved_port_type:tcp_socket name_connect;
allow $1 distccd_port_t:tcp_socket name_connect;
allow $1 sysfs_t:dir { getattr search };
allow $1 sysfs_t:file { getattr read lock ioctl };
allow $1 sysfs_t:dir { getattr search };
allow $1 sysfs_t:lnk_file { getattr read };
allow $1 sysfs_t:dir { getattr search };
allow $1 sysfs_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 random_device_t:chr_file { getattr read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 urandom_device_t:chr_file { getattr read lock ioctl };
allow $1 privfd:fd use;
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 etc_t:dir { getattr search };
allow $1 etc_t:lnk_file { getattr read };
allow $1 etc_t:dir { getattr search };
allow $1 etc_t:file { getattr read execute execute_no_trans };
allow $1 usr_t:dir { getattr search };
allow $1 src_t:dir { getattr search read lock ioctl };
allow $1 src_t:dir { getattr search };
allow $1 src_t:file { getattr read execute execute_no_trans };
allow $1 src_t:dir { getattr search };
allow $1 src_t:lnk_file { getattr read };
allow $1 fs_t:filesystem getattr;
allow $1 noxattrfs:dir { getattr search read lock ioctl };
allow $1 noxattrfs:dir { getattr search };
allow $1 noxattrfs:file { getattr read lock ioctl };
allow $1 noxattrfs:dir { getattr search };
allow $1 noxattrfs:lnk_file { getattr read };
allow $1 autofs_t:dir { getattr search };
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read write append ioctl lock };
allow $1 security_t:security compute_av;
allow $1 { file_type -shadow_t }:dir { getattr search read lock ioctl };
allow $1 { file_type -shadow_t }:dir { getattr search };
allow $1 { file_type -shadow_t }:file { getattr read lock ioctl };
allow $1 { file_type -shadow_t }:dir { getattr search };
allow $1 { file_type -shadow_t }:lnk_file { getattr read };
allow $1 usr_t:dir { getattr search };
allow $1 lib_t:dir { getattr search read lock ioctl };
allow $1 lib_t:dir { getattr search };
allow $1 lib_t:lnk_file { getattr read };
allow $1 lib_t:dir { getattr search };
allow $1 lib_t:file { getattr read execute execute_no_trans };
allow $1 lib_t:dir { getattr search read lock ioctl };
allow $1 lib_t:dir { getattr search };
allow $1 { lib_t ld_so_t }:lnk_file { getattr read };
allow $1 lib_t:dir { getattr search };
allow $1 ld_so_t:file { getattr read execute execute_no_trans };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 ldconfig_exec_t:file { getattr read execute };
allow $1 ldconfig_t:process transition;
allow ldconfig_t $1:fd use;
allow ldconfig_t $1:fifo_file { getattr read write append ioctl lock };
allow ldconfig_t $1:process sigchld;
allow $1 devlog_t:lnk_file read;
allow $1 devlog_t:sock_file { getattr read write append };
allow $1 syslogd_t:unix_dgram_socket sendto;
allow $1 syslogd_t:unix_stream_socket connectto;
allow $1 self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 self:unix_stream_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 console_device_t:chr_file { getattr read write append ioctl lock };
allow $1 user_tty_device_t:chr_file { getattr read write ioctl };
allow $1 user_devpts_t:chr_file { getattr read write ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 devpts_t:dir { getattr search read lock ioctl };
admin,portage.if,portage_domtrans_gcc_config'
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 gcc_config_exec_t:file { getattr read execute };
allow $1 gcc_config_t:process transition;
allow gcc_config_t $1:fd use;
allow gcc_config_t $1:fifo_file { getattr read write append ioctl lock };
allow gcc_config_t $1:process sigchld;
admin,portage.if,portage_run_gcc_config'
admin,prelink.if,prelink_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 prelink_exec_t:file { getattr read execute };
allow $1 prelink_t:process transition;
allow prelink_t $1:fd use;
allow prelink_t $1:fifo_file { getattr read write append ioctl lock };
allow prelink_t $1:process sigchld;
admin,prelink.if,prelink_run'
admin,prelink.if,prelink_object_file'
admin,prelink.if,prelink_read_cache'
allow $1 etc_t:dir { getattr search };
allow $1 prelink_cache_t:file { getattr read lock ioctl };
admin,prelink.if,prelink_delete_cache'
allow $1 prelink_cache_t:file unlink;
allow $1 etc_t:dir { read getattr lock search ioctl add_name remove_name write };
admin,prelink.if,prelink_manage_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 prelink_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 prelink_log_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
admin,quota.if,quota_domtrans'
allow $1 quota_exec_t:file { getattr read execute };
allow $1 quota_t:process transition;
allow quota_t $1:fd use;
allow quota_t $1:fifo_file { getattr read write append ioctl lock };
allow quota_t $1:process sigchld;
admin,quota.if,quota_run'
admin,quota.if,quota_dontaudit_getattr_db'
admin,quota.if,quota_manage_flags'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 quota_flag_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 quota_flag_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
admin,rpm.if,rpm_domtrans'
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 rpm_exec_t:file { getattr read execute };
allow $1 rpm_t:process transition;
allow rpm_t $1:fd use;
allow rpm_t $1:fifo_file { getattr read write append ioctl lock };
allow rpm_t $1:process sigchld;
admin,rpm.if,rpm_domtrans_script'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search read lock ioctl };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:lnk_file { getattr read };
allow $1 shell_exec_t:file { getattr read execute };
allow $1 rpm_script_t:process transition;
allow rpm_script_t $1:fd use;
allow rpm_script_t $1:fifo_file { getattr read write append ioctl lock };
allow rpm_script_t $1:process sigchld;
admin,rpm.if,rpm_run'
allow rpm_script_t bin_t:dir { getattr search };
allow rpm_script_t bin_t:dir { getattr search };
allow rpm_script_t load_policy_exec_t:file { getattr read execute };
allow rpm_script_t load_policy_t:process transition;
allow load_policy_t rpm_script_t:fd use;
allow load_policy_t rpm_script_t:fifo_file { getattr read write append ioctl lock };
allow load_policy_t rpm_script_t:process sigchld;
allow rpm_script_t usr_t:dir { getattr search };
allow rpm_script_t bin_t:dir { getattr search };
allow rpm_script_t bin_t:dir { getattr search };
allow rpm_script_t semanage_exec_t:file { getattr read execute };
allow rpm_script_t semanage_t:process transition;
allow semanage_t rpm_script_t:fd use;
allow semanage_t rpm_script_t:fifo_file { getattr read write append ioctl lock };
allow semanage_t rpm_script_t:process sigchld;
allow semanage_t usr_t:dir { getattr search };
allow semanage_t bin_t:dir { getattr search };
allow semanage_t bin_t:dir { getattr search };
allow semanage_t setfiles_exec_t:file { getattr read execute };
allow semanage_t setfiles_t:process transition;
allow setfiles_t semanage_t:fd use;
allow setfiles_t semanage_t:fifo_file { getattr read write append ioctl lock };
allow setfiles_t semanage_t:process sigchld;
allow semanage_t bin_t:dir { getattr search };
allow semanage_t bin_t:dir { getattr search };
allow semanage_t load_policy_exec_t:file { getattr read execute };
allow semanage_t load_policy_t:process transition;
allow load_policy_t semanage_t:fd use;
allow load_policy_t semanage_t:fifo_file { getattr read write append ioctl lock };
allow load_policy_t semanage_t:process sigchld;
allow rpm_script_t usr_t:dir { getattr search };
allow rpm_script_t bin_t:dir { getattr search };
allow rpm_script_t bin_t:dir { getattr search };
allow rpm_script_t setfiles_exec_t:file { getattr read execute };
allow rpm_script_t setfiles_t:process transition;
allow setfiles_t rpm_script_t:fd use;
allow setfiles_t rpm_script_t:fifo_file { getattr read write append ioctl lock };
allow setfiles_t rpm_script_t:process sigchld;
admin,rpm.if,rpm_exec'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 rpm_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
admin,rpm.if,rpm_use_fds'
allow $1 rpm_t:fd use;
admin,rpm.if,rpm_read_pipes'
allow $1 rpm_t:fifo_file { getattr read lock ioctl };
admin,rpm.if,rpm_rw_pipes'
allow $1 rpm_t:fifo_file { getattr read write append ioctl lock };
admin,rpm.if,rpm_dbus_chat'
allow $1 rpm_t:dbus send_msg;
allow rpm_t $1:dbus send_msg;
admin,rpm.if,rpm_manage_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 rpm_log_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
admin,rpm.if,rpm_use_script_fds'
allow $1 rpm_script_t:fd use;
admin,rpm.if,rpm_manage_script_tmp_files'
allow $1 tmp_t:dir { getattr search };
allow $1 rpm_script_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 rpm_script_tmp_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
admin,rpm.if,rpm_read_db'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 rpm_var_lib_t:dir { getattr search read lock ioctl };
allow $1 rpm_var_lib_t:dir { getattr search };
allow $1 rpm_var_lib_t:file { getattr read lock ioctl };
allow $1 rpm_var_lib_t:dir { getattr search };
allow $1 rpm_var_lib_t:lnk_file { getattr read };
admin,rpm.if,rpm_manage_db'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 rpm_var_lib_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 rpm_var_lib_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 rpm_var_lib_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 rpm_var_lib_t:lnk_file { create read getattr setattr unlink rename };
admin,rpm.if,rpm_dontaudit_manage_db'
allow $2 $1_su_t:process signal;
allow $1_su_t self:capability { audit_control audit_write setuid setgid net_bind_service chown dac_override fowner sys_nice sys_resource };
allow $1_su_t self:key { search write };
allow $1_su_t self:process { setexec setsched setrlimit };
allow $1_su_t self:fifo_file { getattr read write append ioctl lock };
allow $1_su_t self:netlink_audit_socket { nlmsg_relay { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } nlmsg_read nlmsg_write } };
allow $1_su_t self:unix_stream_socket { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } listen accept };
allow $2 su_exec_t:file { getattr read execute };
allow $2 $1_su_t:process transition;
allow $1_su_t $2:fd use;
allow $1_su_t $2:fifo_file { getattr read write append ioctl lock };
allow $1_su_t $2:process sigchld;
allow $2 $1_su_t:fd use;
allow $2 $1_su_t:fifo_file { getattr read write append ioctl lock };
allow $2 $1_su_t:process sigchld;
allow $1_su_t su_exec_t:file entrypoint;
allow $1_su_t su_exec_t:file { { getattr read execute ioctl } ioctl lock };
allow $1_su_t fs_t:filesystem mount;
allow $1_su_t fs_t:filesystem unmount;
allow $1_su_t nfs_t:dir { getattr search };
allow $1_su_t cifs_t:dir { getattr search };
admin,su.if,su_exec'
allow $1 su_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1_sudo_t sudo_exec_t:file entrypoint;
allow $1_sudo_t sudo_exec_t:file { { getattr read execute ioctl } ioctl lock };
admin,sxid.if,sxid_read_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 sxid_log_t:file { getattr read lock ioctl };
admin,tmpreaper.if,tmpreaper_exec'
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 tmpreaper_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
admin,tripwire.if,tripwire_domtrans_tripwire'
allow $1 tripwire_exec_t:file { getattr read execute };
allow $1 tripwire_t:process transition;
allow tripwire_t $1:fd use;
allow tripwire_t $1:fifo_file { getattr read write append ioctl lock };
allow tripwire_t $1:process sigchld;
admin,tripwire.if,tripwire_run_tripwire'
admin,tripwire.if,tripwire_domtrans_twadmin'
allow $1 twadmin_exec_t:file { getattr read execute };
allow $1 twadmin_t:process transition;
allow twadmin_t $1:fd use;
allow twadmin_t $1:fifo_file { getattr read write append ioctl lock };
allow twadmin_t $1:process sigchld;
admin,tripwire.if,tripwire_run_twadmin'
admin,tripwire.if,tripwire_domtrans_twprint'
allow $1 twprint_exec_t:file { getattr read execute };
allow $1 twprint_t:process transition;
allow twprint_t $1:fd use;
allow twprint_t $1:fifo_file { getattr read write append ioctl lock };
allow twprint_t $1:process sigchld;
admin,tripwire.if,tripwire_run_twprint'
admin,tripwire.if,tripwire_domtrans_siggen'
allow $1 siggen_exec_t:file { getattr read execute };
allow $1 siggen_t:process transition;
allow siggen_t $1:fd use;
allow siggen_t $1:fifo_file { getattr read write append ioctl lock };
allow siggen_t $1:process sigchld;
admin,tripwire.if,tripwire_run_siggen'
admin,tzdata.if,tzdata_domtrans'
allow $1 tzdata_exec_t:file { getattr read execute };
allow $1 tzdata_t:process transition;
allow tzdata_t $1:fd use;
allow tzdata_t $1:fifo_file { getattr read write append ioctl lock };
allow tzdata_t $1:process sigchld;
admin,tzdata.if,tzdata_run'
admin,updfstab.if,updfstab_domtrans'
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 updfstab_exec_t:file { getattr read execute };
allow $1 updfstab_t:process transition;
allow updfstab_t $1:fd use;
allow updfstab_t $1:fifo_file { getattr read write append ioctl lock };
allow updfstab_t $1:process sigchld;
admin,usbmodules.if,usbmodules_domtrans'
allow $1 usbmodules_exec_t:file { getattr read execute };
allow $1 usbmodules_t:process transition;
allow usbmodules_t $1:fd use;
allow usbmodules_t $1:fifo_file { getattr read write append ioctl lock };
allow usbmodules_t $1:process sigchld;
admin,usbmodules.if,usbmodules_run'
admin,usermanage.if,usermanage_domtrans_chfn'
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 chfn_exec_t:file { getattr read execute };
allow $1 chfn_t:process transition;
allow chfn_t $1:fd use;
allow chfn_t $1:fifo_file { getattr read write append ioctl lock };
allow chfn_t $1:process sigchld;
admin,usermanage.if,usermanage_run_chfn'
admin,usermanage.if,usermanage_domtrans_groupadd'
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 groupadd_exec_t:file { getattr read execute };
allow $1 groupadd_t:process transition;
allow groupadd_t $1:fd use;
allow groupadd_t $1:fifo_file { getattr read write append ioctl lock };
allow groupadd_t $1:process sigchld;
admin,usermanage.if,usermanage_run_groupadd'
admin,usermanage.if,usermanage_domtrans_passwd'
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 passwd_exec_t:file { getattr read execute };
allow $1 passwd_t:process transition;
allow passwd_t $1:fd use;
allow passwd_t $1:fifo_file { getattr read write append ioctl lock };
allow passwd_t $1:process sigchld;
admin,usermanage.if,usermanage_run_passwd'
admin,usermanage.if,usermanage_domtrans_admin_passwd'
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 admin_passwd_exec_t:file { getattr read execute };
allow $1 sysadm_passwd_t:process transition;
allow sysadm_passwd_t $1:fd use;
allow sysadm_passwd_t $1:fifo_file { getattr read write append ioctl lock };
allow sysadm_passwd_t $1:process sigchld;
admin,usermanage.if,usermanage_run_admin_passwd'
admin,usermanage.if,usermanage_dontaudit_use_useradd_fds'
admin,usermanage.if,usermanage_domtrans_useradd'
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 useradd_exec_t:file { getattr read execute };
allow $1 useradd_t:process transition;
allow useradd_t $1:fd use;
allow useradd_t $1:fifo_file { getattr read write append ioctl lock };
allow useradd_t $1:process sigchld;
admin,usermanage.if,usermanage_run_useradd'
admin,usermanage.if,usermanage_read_crack_db'
allow $1 crack_db_t:dir { getattr search };
allow $1 crack_db_t:file { getattr read lock ioctl };
admin,vbetool.if,vbetool_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 vbetool_exec_t:file { getattr read execute };
allow $1 vbetool_t:process transition;
allow vbetool_t $1:fd use;
allow vbetool_t $1:fifo_file { getattr read write append ioctl lock };
allow vbetool_t $1:process sigchld;
admin,vpn.if,vpn_domtrans'
allow $1 vpnc_exec_t:file { getattr read execute };
allow $1 vpnc_t:process transition;
allow vpnc_t $1:fd use;
allow vpnc_t $1:fifo_file { getattr read write append ioctl lock };
allow vpnc_t $1:process sigchld;
admin,vpn.if,vpn_run'
allow vpnc_t bin_t:dir { getattr search };
allow vpnc_t bin_t:dir { getattr search };
allow vpnc_t bin_t:dir { getattr search };
allow vpnc_t bin_t:dir { getattr search };
allow vpnc_t ifconfig_exec_t:file { getattr read execute };
allow vpnc_t ifconfig_t:process transition;
allow ifconfig_t vpnc_t:fd use;
allow ifconfig_t vpnc_t:fifo_file { getattr read write append ioctl lock };
allow ifconfig_t vpnc_t:process sigchld;
admin,vpn.if,vpn_signal'
allow $1 vpnc_t:process signal;
admin,vpn.if,vpnc_dbus_chat'
allow $1 vpnc_t:dbus send_msg;
allow vpnc_t $1:dbus send_msg;
apps,ada.if,ada_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 ada_exec_t:file { getattr read execute };
allow $1 ada_t:process transition;
allow ada_t $1:fd use;
allow ada_t $1:fifo_file { getattr read write append ioctl lock };
allow ada_t $1:process sigchld;
apps,ada.if,ada_run'
apps,authbind.if,authbind_domtrans'
allow $1 authbind_exec_t:file { getattr read execute };
allow $1 authbind_t:process transition;
allow authbind_t $1:fd use;
allow authbind_t $1:fifo_file { getattr read write append ioctl lock };
allow authbind_t $1:process sigchld;
allow authbind_t $1:{ tcp_socket udp_socket } { ioctl read getattr write setattr append bind connect getopt setopt shutdown };
apps,awstats.if,awstats_rw_pipes'
allow $1 awstats_t:fifo_file { getattr read write append ioctl lock };
apps,awstats.if,awstats_cgi_exec'
allow $1 httpd_awstats_content_t:dir { getattr search };
allow $1 httpd_awstats_script_exec_t:dir { getattr search };
allow $1 httpd_awstats_script_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
apps,calamaris.if,calamaris_read_www_files'
allow $1 calamaris_www_t:dir { getattr search read lock ioctl };
allow $1 calamaris_www_t:dir { getattr search };
allow $1 calamaris_www_t:file { getattr read lock ioctl };
allow $1 calamaris_www_t:dir { getattr search };
allow $1 calamaris_www_t:lnk_file { getattr read };
apps,cdrecord.if,cdrecord_role'
allow $2 cdrecord_exec_t:file { getattr read execute };
allow $2 cdrecord_t:process transition;
allow cdrecord_t $2:fd use;
allow cdrecord_t $2:fifo_file { getattr read write append ioctl lock };
allow cdrecord_t $2:process sigchld;
allow cdrecord_t $2:unix_stream_socket { getattr read write ioctl };
allow $2 cdrecord_t:dir { search getattr read };
allow $2 cdrecord_t:{ file lnk_file } { read getattr };
allow $2 cdrecord_t:process getattr;
allow $2 cdrecord_t:process signal;
apps,ethereal.if,ethereal_role'
allow $2 ethereal_exec_t:file { getattr read execute };
allow $2 ethereal_t:process transition;
allow ethereal_t $2:fd use;
allow ethereal_t $2:process sigchld;
allow $2 ethereal_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 ethereal_home_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $2 ethereal_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 ethereal_home_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 ethereal_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 ethereal_home_t:lnk_file { create read getattr setattr unlink rename };
allow $2 ethereal_home_t:dir { getattr search };
allow $2 ethereal_home_t:dir { getattr relabelfrom relabelto };
allow $2 ethereal_home_t:dir { getattr search };
allow $2 ethereal_home_t:file { getattr relabelfrom relabelto };
allow $2 ethereal_home_t:dir { getattr search };
allow $2 ethereal_home_t:lnk_file { getattr relabelfrom relabelto };
apps,ethereal.if,ethereal_domtrans'
allow $1 ethereal_exec_t:file { getattr read execute };
allow $1 ethereal_t:process transition;
allow ethereal_t $1:fd use;
allow ethereal_t $1:fifo_file { getattr read write append ioctl lock };
allow ethereal_t $1:process sigchld;
apps,ethereal.if,ethereal_domtrans_tethereal'
allow $1 tethereal_exec_t:file { getattr read execute };
allow $1 tethereal_t:process transition;
allow tethereal_t $1:fd use;
allow tethereal_t $1:fifo_file { getattr read write append ioctl lock };
allow tethereal_t $1:process sigchld;
apps,ethereal.if,ethereal_run_tethereal'
apps,evolution.if,evolution_role'
allow $2 evolution_exec_t:file { getattr read execute };
allow $2 evolution_t:process transition;
allow evolution_t $2:fd use;
allow evolution_t $2:fifo_file { getattr read write append ioctl lock };
allow evolution_t $2:process sigchld;
allow $2 evolution_alarm_exec_t:file { getattr read execute };
allow $2 evolution_alarm_t:process transition;
allow evolution_alarm_t $2:fd use;
allow evolution_alarm_t $2:fifo_file { getattr read write append ioctl lock };
allow evolution_alarm_t $2:process sigchld;
allow $2 evolution_exchange_exec_t:file { getattr read execute };
allow $2 evolution_exchange_t:process transition;
allow evolution_exchange_t $2:fd use;
allow evolution_exchange_t $2:fifo_file { getattr read write append ioctl lock };
allow evolution_exchange_t $2:process sigchld;
allow $2 evolution_server_exec_t:file { getattr read execute };
allow $2 evolution_server_t:process transition;
allow evolution_server_t $2:fd use;
allow evolution_server_t $2:fifo_file { getattr read write append ioctl lock };
allow evolution_server_t $2:process sigchld;
allow $2 evolution_webcal_exec_t:file { getattr read execute };
allow $2 evolution_webcal_t:process transition;
allow evolution_webcal_t $2:fd use;
allow evolution_webcal_t $2:fifo_file { getattr read write append ioctl lock };
allow evolution_webcal_t $2:process sigchld;
allow $2 evolution_t:dir { search getattr read };
allow $2 evolution_t:{ file lnk_file } { read getattr };
allow $2 evolution_t:process getattr;
allow $2 evolution_alarm_t:dir { search getattr read };
allow $2 evolution_alarm_t:{ file lnk_file } { read getattr };
allow $2 evolution_alarm_t:process getattr;
allow $2 evolution_exchange_t:dir { search getattr read };
allow $2 evolution_exchange_t:{ file lnk_file } { read getattr };
allow $2 evolution_exchange_t:process getattr;
allow $2 evolution_server_t:dir { search getattr read };
allow $2 evolution_server_t:{ file lnk_file } { read getattr };
allow $2 evolution_server_t:process getattr;
allow $2 evolution_webcal_t:dir { search getattr read };
allow $2 evolution_webcal_t:{ file lnk_file } { read getattr };
allow $2 evolution_webcal_t:process getattr;
allow evolution_t $2:dir search;
allow evolution_t $2:file read;
allow evolution_t $2:lnk_file read;
allow evolution_t $2:unix_stream_socket connectto;
allow $2 evolution_t:unix_stream_socket connectto;
allow $2 evolution_t:process noatsecure;
allow $2 evolution_t:process { sigchld sigkill sigstop signull signal };
allow $2 evolution_home_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $2 evolution_home_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 evolution_home_t:lnk_file { create read getattr setattr unlink rename };
allow $2 evolution_home_t:{ dir file lnk_file } { relabelfrom relabelto };
allow evolution_exchange_t $2:unix_stream_socket connectto;
allow $2 evolution_exchange_t:unix_stream_socket connectto;
allow $2 evolution_exchange_orbit_tmp_t:sock_file write;
apps,evolution.if,evolution_home_filetrans'
allow $1 evolution_home_t:dir { read getattr lock search ioctl add_name remove_name write };
apps,evolution.if,evolution_stream_connect'
allow $1 evolution_t:unix_stream_socket connectto;
allow $1 evolution_home_t:dir search;
apps,evolution.if,evolution_dbus_chat'
allow $1 evolution_t:dbus send_msg;
allow evolution_t $1:dbus send_msg;
apps,evolution.if,evolution_alarm_dbus_chat'
allow $1 evolution_alarm_t:dbus send_msg;
allow evolution_alarm_t $1:dbus send_msg;
apps,games.if,games_role'
allow $2 games_exec_t:file { getattr read execute };
allow $2 games_t:process transition;
allow games_t $2:fd use;
allow games_t $2:fifo_file { getattr read write append ioctl lock };
allow games_t $2:process sigchld;
allow $2 games_t:unix_stream_socket connectto;
allow games_t $2:unix_stream_socket connectto;
allow $2 games_t:dir { search getattr read };
allow $2 games_t:{ file lnk_file } { read getattr };
allow $2 games_t:process getattr;
allow $2 games_t:process { sigchld sigkill sigstop signull signal };
apps,gift.if,gift_role'
allow $2 gift_exec_t:file { getattr read execute };
allow $2 gift_t:process transition;
allow gift_t $2:fd use;
allow gift_t $2:fifo_file { getattr read write append ioctl lock };
allow gift_t $2:process sigchld;
allow $2 giftd_exec_t:file { getattr read execute };
allow $2 giftd_t:process transition;
allow giftd_t $2:fd use;
allow giftd_t $2:fifo_file { getattr read write append ioctl lock };
allow giftd_t $2:process sigchld;
allow $2 gift_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 gift_home_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $2 gift_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 gift_home_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 gift_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 gift_home_t:lnk_file { create read getattr setattr unlink rename };
allow $2 gift_home_t:dir { getattr search };
allow $2 gift_home_t:dir { getattr relabelfrom relabelto };
allow $2 gift_home_t:dir { getattr search };
allow $2 gift_home_t:file { getattr relabelfrom relabelto };
allow $2 gift_home_t:dir { getattr search };
allow $2 gift_home_t:lnk_file { getattr relabelfrom relabelto };
allow $2 { gift_t giftd_t }:dir { search getattr read };
allow $2 { gift_t giftd_t }:{ file lnk_file } { read getattr };
allow $2 { gift_t giftd_t }:process getattr;
allow $2 { gift_t giftd_t }:process { sigchld sigkill sigstop signull signal };
apps,gnome.if,gnome_role'
allow $2 gconfd_exec_t:file { getattr read execute };
allow $2 gconfd_t:process transition;
allow gconfd_t $2:fd use;
allow gconfd_t $2:fifo_file write;
allow gconfd_t $2:unix_stream_socket connectto;
allow $2 gconfd_t:dir { search getattr read };
allow $2 gconfd_t:{ file lnk_file } { read getattr };
allow $2 gconfd_t:process getattr;
allow $2 gconf_tmp_t:dir { getattr search };
allow $2 gconf_tmp_t:file { getattr read lock ioctl };
allow $2 gconfd_t:unix_stream_socket connectto;
apps,gnome.if,gnome_stream_connect_gconf'
allow $1 gconf_tmp_t:dir { getattr search };
allow $1 gconf_tmp_t:file { getattr read lock ioctl };
allow $1 gconfd_t:unix_stream_socket connectto;
apps,gnome.if,gnome_domtrans_gconfd'
allow $1 gconfd_exec_t:file { getattr read execute };
allow $1 gconfd_t:process transition;
allow gconfd_t $1:fd use;
allow gconfd_t $1:fifo_file { getattr read write append ioctl lock };
allow gconfd_t $1:process sigchld;
apps,gnome.if,gnome_manage_config'
allow $1 gnome_home_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 gnome_home_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 user_home_dir_t:dir { getattr search };
allow $1 home_root_t:dir { getattr search };
apps,gpg.if,gpg_role'
allow $2 gpg_exec_t:file { getattr read execute };
allow $2 gpg_t:process transition;
allow gpg_t $2:fd use;
allow gpg_t $2:fifo_file { getattr read write append ioctl lock };
allow gpg_t $2:process sigchld;
allow $2 gpg_t:dir { search getattr read };
allow $2 gpg_t:{ file lnk_file } { read getattr };
allow $2 gpg_t:process getattr;
allow $2 gpg_t:process signal;
allow gpg_helper_t $2:fd use;
allow gpg_helper_t $2:fifo_file write;
allow $2 gpg_agent_t:dir { search getattr read };
allow $2 gpg_agent_t:{ file lnk_file } { read getattr };
allow $2 gpg_agent_t:process getattr;
allow $2 gpg_agent_t:process { signal sigkill };
allow $2 gpg_agent_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 gpg_agent_tmp_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $2 gpg_agent_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 gpg_agent_tmp_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 gpg_agent_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 gpg_agent_tmp_t:sock_file { create getattr setattr read write rename link unlink ioctl lock append };
allow gpg_agent_t tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 gpg_agent_exec_t:file { getattr read execute };
allow $2 gpg_agent_t:process transition;
allow gpg_agent_t $2:fd use;
allow gpg_agent_t $2:fifo_file { getattr read write append ioctl lock };
allow gpg_agent_t $2:process sigchld;
apps,gpg.if,gpg_domtrans'
allow $1 gpg_exec_t:file { getattr read execute };
allow $1 gpg_t:process transition;
allow gpg_t $1:fd use;
allow gpg_t $1:fifo_file { getattr read write append ioctl lock };
allow gpg_t $1:process sigchld;
apps,gpg.if,gpg_signal'
allow $1 gpg_t:process signal;
apps,irc.if,irc_role'
allow $2 irc_exec_t:file { getattr read execute };
allow $2 irc_t:process transition;
allow irc_t $2:fd use;
allow irc_t $2:fifo_file { getattr read write append ioctl lock };
allow irc_t $2:process sigchld;
allow $2 irc_t:dir { search getattr read };
allow $2 irc_t:{ file lnk_file } { read getattr };
allow $2 irc_t:process getattr;
allow $2 irc_t:process signal;
apps,java.if,java_role'
allow $2 java_exec_t:file { getattr read execute };
allow $2 java_t:process transition;
allow java_t $2:fd use;
allow java_t $2:fifo_file { getattr read write append ioctl lock };
allow java_t $2:process sigchld;
allow java_t $2:process signull;
allow $2 java_t:process { noatsecure siginh rlimitinh };
allow java_t $2:unix_stream_socket connectto;
allow java_t $2:unix_stream_socket { read write };
allow $1 java_exec_t:file { getattr read execute };
allow $1 java_t:process transition;
allow java_t $1:fd use;
allow java_t $1:fifo_file { getattr read write append ioctl lock };
allow java_t $1:process sigchld;
allow $1 java_exec_t:file { getattr read execute };
allow $1 java_t:process transition;
allow java_t $1:fd use;
allow java_t $1:fifo_file { getattr read write append ioctl lock };
allow java_t $1:process sigchld;
allow $1 java_exec_t:file { getattr read execute };
allow $1 java_t:process transition;
allow java_t $1:fd use;
allow java_t $1:fifo_file { getattr read write append ioctl lock };
allow java_t $1:process sigchld;
allow $1 java_exec_t:file { getattr read execute };
allow $1 java_t:process transition;
allow java_t $1:fd use;
allow java_t $1:fifo_file { getattr read write append ioctl lock };
allow java_t $1:process sigchld;
apps,java.if,java_domtrans_unconfined'
allow $1 java_exec_t:file { getattr read execute };
allow $1 unconfined_java_t:process transition;
allow unconfined_java_t $1:fd use;
allow unconfined_java_t $1:fifo_file { getattr read write append ioctl lock };
allow unconfined_java_t $1:process sigchld;
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
apps,loadkeys.if,loadkeys_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 loadkeys_exec_t:file { getattr read execute };
allow $1 loadkeys_t:process transition;
allow loadkeys_t $1:fd use;
allow loadkeys_t $1:fifo_file { getattr read write append ioctl lock };
allow loadkeys_t $1:process sigchld;
apps,loadkeys.if,loadkeys_run'
apps,loadkeys.if,loadkeys_exec'
allow $1 loadkeys_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
apps,lockdev.if,lockdev_role'
allow $2 lockdev_exec_t:file { getattr read execute };
allow $2 lockdev_t:process transition;
allow lockdev_t $2:fd use;
allow lockdev_t $2:fifo_file { getattr read write append ioctl lock };
allow lockdev_t $2:process sigchld;
allow lockdev_t $2:process signull;
allow $2 lockdev_t:dir { search getattr read };
allow $2 lockdev_t:{ file lnk_file } { read getattr };
allow $2 lockdev_t:process getattr;
allow $2 lockdev_t:process signal;
apps,mono.if,mono_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 mono_exec_t:file { getattr read execute };
allow $1 mono_t:process transition;
allow mono_t $1:fd use;
allow mono_t $1:fifo_file { getattr read write append ioctl lock };
allow mono_t $1:process sigchld;
apps,mono.if,mono_exec'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 mono_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
apps,mozilla.if,mozilla_role'
allow $2 mozilla_exec_t:file { getattr read execute };
allow $2 mozilla_t:process transition;
allow $2 mozilla_t:process { noatsecure siginh rlimitinh };
allow mozilla_t $2:fd use;
allow mozilla_t $2:process { sigchld signull };
allow mozilla_t $2:unix_stream_socket connectto;
allow $2 mozilla_t:dir { search getattr read };
allow $2 mozilla_t:{ file lnk_file } { read getattr };
allow $2 mozilla_t:process getattr;
allow $2 mozilla_t:process { sigchld sigkill sigstop signull signal };
allow $2 mozilla_t:fd use;
allow $2 mozilla_t:shm { associate getattr };
allow $2 mozilla_t:shm { unix_read unix_write };
allow $2 mozilla_t:unix_stream_socket connectto;
allow $2 mozilla_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 mozilla_home_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $2 mozilla_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 mozilla_home_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 mozilla_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 mozilla_home_t:lnk_file { create read getattr setattr unlink rename };
allow $2 mozilla_home_t:dir { getattr search };
allow $2 mozilla_home_t:dir { getattr relabelfrom relabelto };
allow $2 mozilla_home_t:dir { getattr search };
allow $2 mozilla_home_t:file { getattr relabelfrom relabelto };
allow $2 mozilla_home_t:dir { getattr search };
allow $2 mozilla_home_t:lnk_file { getattr relabelfrom relabelto };
apps,mozilla.if,mozilla_read_user_home_files'
allow $1 mozilla_home_t:dir { getattr search read lock ioctl };
allow $1 mozilla_home_t:file { getattr read lock ioctl };
allow $1 user_home_dir_t:dir { getattr search };
allow $1 home_root_t:dir { getattr search };
apps,mozilla.if,mozilla_write_user_home_files'
allow $1 mozilla_home_t:dir { getattr search read lock ioctl };
allow $1 mozilla_home_t:file write;
allow $1 user_home_dir_t:dir { getattr search };
allow $1 home_root_t:dir { getattr search };
apps,mozilla.if,mozilla_domtrans'
allow $1 mozilla_exec_t:file { getattr read execute };
allow $1 mozilla_t:process transition;
allow mozilla_t $1:fd use;
allow mozilla_t $1:fifo_file { getattr read write append ioctl lock };
allow mozilla_t $1:process sigchld;
apps,mozilla.if,mozilla_dbus_chat'
allow $1 mozilla_t:dbus send_msg;
allow mozilla_t $1:dbus send_msg;
apps,mozilla.if,mozilla_rw_tcp_sockets'
allow $1 mozilla_t:tcp_socket { ioctl read getattr write setattr append bind connect getopt setopt shutdown };
apps,mplayer.if,mplayer_role'
allow $2 mencoder_exec_t:file { getattr read execute };
allow $2 mencoder_t:process transition;
allow mencoder_t $2:fd use;
allow mencoder_t $2:fifo_file { getattr read write append ioctl lock };
allow mencoder_t $2:process sigchld;
allow $2 mencoder_t:dir { search getattr read };
allow $2 mencoder_t:{ file lnk_file } { read getattr };
allow $2 mencoder_t:process getattr;
allow $2 mencoder_t:process { sigchld sigkill sigstop signull signal };
allow $2 mplayer_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 mplayer_home_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $2 mplayer_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 mplayer_home_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 mplayer_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 mplayer_home_t:lnk_file { create read getattr setattr unlink rename };
allow $2 mplayer_home_t:dir { getattr search };
allow $2 mplayer_home_t:dir { getattr relabelfrom relabelto };
allow $2 mplayer_home_t:dir { getattr search };
allow $2 mplayer_home_t:file { getattr relabelfrom relabelto };
allow $2 mplayer_home_t:dir { getattr search };
allow $2 mplayer_home_t:lnk_file { getattr relabelfrom relabelto };
allow $2 mplayer_exec_t:file { getattr read execute };
allow $2 mplayer_t:process transition;
allow mplayer_t $2:fd use;
allow mplayer_t $2:fifo_file { getattr read write append ioctl lock };
allow mplayer_t $2:process sigchld;
allow $2 mplayer_t:dir { search getattr read };
allow $2 mplayer_t:{ file lnk_file } { read getattr };
allow $2 mplayer_t:process getattr;
allow $2 mplayer_t:process { sigchld sigkill sigstop signull signal };
apps,mplayer.if,mplayer_domtrans'
allow $1 mplayer_exec_t:file { getattr read execute };
allow $1 mplayer_t:process transition;
allow mplayer_t $1:fd use;
allow mplayer_t $1:fifo_file { getattr read write append ioctl lock };
allow mplayer_t $1:process sigchld;
apps,mplayer.if,mplayer_read_user_home_files'
allow $1 mplayer_home_t:dir { getattr search };
allow $1 mplayer_home_t:file { getattr read lock ioctl };
allow $1 user_home_dir_t:dir { getattr search };
allow $1 home_root_t:dir { getattr search };
apps,podsleuth.if,podsleuth_domtrans'
allow $1 podsleuth_exec_t:file { getattr read execute };
allow $1 podsleuth_t:process transition;
allow podsleuth_t $1:fd use;
allow podsleuth_t $1:fifo_file { getattr read write append ioctl lock };
allow podsleuth_t $1:process sigchld;
apps,qemu.if,qemu_domtrans'
allow $1 qemu_exec_t:file { getattr read execute };
allow $1 qemu_t:process transition;
allow qemu_t $1:fd use;
allow qemu_t $1:fifo_file { getattr read write append ioctl lock };
allow qemu_t $1:process sigchld;
apps,qemu.if,qemu_run'
apps,qemu.if,qemu_read_state'
allow $1 qemu_t:dir { getattr search };
allow $1 qemu_t:file { getattr read lock ioctl };
apps,qemu.if,qemu_signal'
allow $1 qemu_t:process signal;
apps,qemu.if,qemu_kill'
allow $1 qemu_t:process sigkill;
apps,qemu.if,qemu_domtrans_unconfined'
allow $1 qemu_exec_t:file { getattr read execute };
allow $1 qemu_unconfined_t:process transition;
allow qemu_unconfined_t $1:fd use;
allow qemu_unconfined_t $1:fifo_file { getattr read write append ioctl lock };
allow qemu_unconfined_t $1:process sigchld;
apps,rssh.if,rssh_role'
allow $2 rssh_t:dir { search getattr read };
allow $2 rssh_t:{ file lnk_file } { read getattr };
allow $2 rssh_t:process getattr;
allow $2 rssh_t:process signal;
apps,rssh.if,rssh_spec_domtrans'
allow $1 self:process setexec;
allow $1 rssh_exec_t:file { getattr read execute };
allow $1 rssh_t:process transition;
allow rssh_t $1:fd use;
allow rssh_t $1:fifo_file { getattr read write append ioctl lock };
allow rssh_t $1:process sigchld;
apps,rssh.if,rssh_read_ro_content'
allow $1 rssh_ro_t:dir { getattr search read lock ioctl };
allow $1 rssh_ro_t:dir { getattr search };
allow $1 rssh_ro_t:file { getattr read lock ioctl };
allow $1 rssh_ro_t:dir { getattr search };
allow $1 rssh_ro_t:lnk_file { getattr read };
allow $1_screen_t screen_exec_t:file entrypoint;
allow $1_screen_t screen_exec_t:file { { getattr read execute ioctl } ioctl lock };
allow $1_screen_t default_t:dir { getattr search read lock ioctl };
allow $1_screen_t default_t:file { getattr read lock ioctl };
allow $1_screen_t default_t:lnk_file { getattr read };
allow $1_screen_t default_t:sock_file { getattr read };
allow $1_screen_t default_t:fifo_file { getattr read lock ioctl };
allow $1_screen_t cifs_t:dir { getattr search };
allow $1_screen_t cifs_t:file { getattr read execute };
allow $1_screen_t $3:process transition;
allow $1_screen_t cifs_t:dir { getattr search read lock ioctl };
allow $1_screen_t cifs_t:dir { getattr search };
allow $1_screen_t cifs_t:lnk_file { getattr read };
allow $1_screen_t cifs_t:dir { getattr search read lock ioctl };
allow $1_screen_t nfs_t:dir { getattr search };
allow $1_screen_t nfs_t:file { getattr read execute };
allow $1_screen_t $3:process transition;
allow $1_screen_t nfs_t:dir { getattr search read lock ioctl };
allow $1_screen_t nfs_t:dir { getattr search read lock ioctl };
allow $1_screen_t nfs_t:dir { getattr search };
allow $1_screen_t nfs_t:lnk_file { getattr read };
apps,slocate.if,slocate_create_append_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 locate_log_t:dir { getattr search lock ioctl write add_name };
allow $1 locate_log_t:file { getattr create open };
allow $1 locate_log_t:dir { getattr search };
allow $1 locate_log_t:file { getattr append lock ioctl };
apps,slocate.if,locate_read_lib_files'
allow $1 locate_var_lib_t:dir { getattr search };
allow $1 locate_var_lib_t:file { getattr read lock ioctl };
allow $1 locate_var_lib_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
apps,thunderbird.if,thunderbird_role'
allow $2 thunderbird_exec_t:file { getattr read execute };
allow $2 thunderbird_t:process transition;
allow $2 thunderbird_t:fd use;
allow $2 thunderbird_t:shm { associate getattr };
allow $2 thunderbird_t:unix_stream_socket connectto;
allow thunderbird_t $2:fd use;
allow thunderbird_t $2:process sigchld;
allow thunderbird_t $2:unix_stream_socket connectto;
allow $2 thunderbird_t:dir { search getattr read };
allow $2 thunderbird_t:{ file lnk_file } { read getattr };
allow $2 thunderbird_t:process getattr;
allow $2 thunderbird_t:process signal;
allow $2 thunderbird_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 thunderbird_home_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $2 thunderbird_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 thunderbird_home_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 thunderbird_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 thunderbird_home_t:lnk_file { create read getattr setattr unlink rename };
allow $2 thunderbird_home_t:dir { getattr search };
allow $2 thunderbird_home_t:dir { getattr relabelfrom relabelto };
allow $2 thunderbird_home_t:dir { getattr search };
allow $2 thunderbird_home_t:file { getattr relabelfrom relabelto };
allow $2 thunderbird_home_t:dir { getattr search };
allow $2 thunderbird_home_t:lnk_file { getattr relabelfrom relabelto };
apps,thunderbird.if,thunderbird_domtrans'
allow $1 thunderbird_exec_t:file { getattr read execute };
allow $1 thunderbird_t:process transition;
allow thunderbird_t $1:fd use;
allow thunderbird_t $1:fifo_file { getattr read write append ioctl lock };
allow thunderbird_t $1:process sigchld;
apps,tvtime.if,tvtime_role'
allow $2 tvtime_exec_t:file { getattr read execute };
allow $2 tvtime_t:process transition;
allow tvtime_t $2:fd use;
allow tvtime_t $2:fifo_file { getattr read write append ioctl lock };
allow tvtime_t $2:process sigchld;
allow $2 tvtime_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 tvtime_home_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $2 tvtime_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 tvtime_home_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 tvtime_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 tvtime_home_t:lnk_file { create read getattr setattr unlink rename };
allow $2 tvtime_home_t:dir { getattr search };
allow $2 tvtime_home_t:dir { getattr relabelfrom relabelto };
allow $2 tvtime_home_t:dir { getattr search };
allow $2 tvtime_home_t:file { getattr relabelfrom relabelto };
allow $2 tvtime_home_t:dir { getattr search };
allow $2 tvtime_home_t:lnk_file { getattr relabelfrom relabelto };
allow $2 tvtime_t:dir { search getattr read };
allow $2 tvtime_t:{ file lnk_file } { read getattr };
allow $2 tvtime_t:process getattr;
allow $2 tvtime_t:process { sigchld sigkill sigstop signull signal };
apps,uml.if,uml_role'
allow $2 uml_exec_t:file { getattr read execute };
allow $2 uml_t:process transition;
allow uml_t $2:fd use;
allow uml_t $2:fifo_file { getattr read write append ioctl lock };
allow uml_t $2:process sigchld;
allow $2 uml_t:unix_dgram_socket sendto;
allow uml_t $2:unix_dgram_socket sendto;
allow $2 uml_t:dir { search getattr read };
allow $2 uml_t:{ file lnk_file } { read getattr };
allow $2 uml_t:process getattr;
allow $2 uml_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $2 uml_ro_t:dir { getattr search read lock ioctl };
allow $2 uml_ro_t:dir { getattr search };
allow $2 uml_ro_t:file { getattr read lock ioctl };
allow $2 uml_ro_t:dir { getattr search };
allow $2 uml_ro_t:lnk_file { getattr read };
allow $2 { uml_ro_t uml_rw_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 { uml_ro_t uml_rw_t }:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $2 { uml_ro_t uml_rw_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 { uml_ro_t uml_rw_t }:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 { uml_ro_t uml_rw_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 { uml_ro_t uml_rw_t }:lnk_file { create read getattr setattr unlink rename };
allow $2 { uml_ro_t uml_rw_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 { uml_ro_t uml_rw_t }:fifo_file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 { uml_ro_t uml_rw_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 { uml_ro_t uml_rw_t }:sock_file { create getattr setattr read write rename link unlink ioctl lock append };
allow $2 { uml_ro_t uml_rw_t }:dir { getattr search };
allow $2 { uml_ro_t uml_rw_t }:dir { getattr relabelfrom relabelto };
allow $2 { uml_ro_t uml_rw_t }:dir { getattr search };
allow $2 { uml_ro_t uml_rw_t }:file { getattr relabelfrom relabelto };
allow $2 { uml_ro_t uml_rw_t }:dir { getattr search };
allow $2 { uml_ro_t uml_rw_t }:lnk_file { getattr relabelfrom relabelto };
allow $2 { uml_ro_t uml_rw_t }:dir { getattr search };
allow $2 { uml_ro_t uml_rw_t }:fifo_file { getattr relabelfrom relabelto };
allow $2 { uml_ro_t uml_rw_t }:dir { getattr search };
allow $2 { uml_ro_t uml_rw_t }:sock_file { getattr relabelfrom relabelto };
allow $2 { uml_ro_t uml_rw_t uml_exec_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 { uml_ro_t uml_rw_t uml_exec_t }:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $2 { uml_ro_t uml_rw_t uml_exec_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 { uml_ro_t uml_rw_t uml_exec_t }:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 { uml_ro_t uml_rw_t uml_exec_t }:dir { getattr search };
allow $2 { uml_ro_t uml_rw_t uml_exec_t }:dir { getattr relabelfrom relabelto };
allow $2 { uml_ro_t uml_rw_t uml_exec_t }:dir { getattr search };
allow $2 { uml_ro_t uml_rw_t uml_exec_t }:file { getattr relabelfrom relabelto };
allow $2 uml_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 uml_tmp_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $2 uml_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 uml_tmp_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 uml_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 uml_tmp_t:lnk_file { create read getattr setattr unlink rename };
allow $2 uml_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 uml_tmp_t:sock_file { create getattr setattr read write rename link unlink ioctl lock append };
apps,uml.if,uml_setattr_util_sockets'
allow $1 uml_switch_var_run_t:sock_file setattr;
apps,uml.if,uml_manage_util_files'
allow $1 uml_switch_var_run_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 uml_switch_var_run_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 uml_switch_var_run_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 uml_switch_var_run_t:lnk_file { create read getattr setattr unlink rename };
apps,userhelper.if,userhelper_dontaudit_search_config'
apps,userhelper.if,userhelper_use_fd'
allow $1 userhelper_type:fd use;
apps,userhelper.if,userhelper_sigchld'
allow $1 userhelper_type:process sigchld;
apps,userhelper.if,userhelper_exec'
allow $1 userhelper_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
apps,usernetctl.if,usernetctl_domtrans'
allow $1 usernetctl_exec_t:file { getattr read execute };
allow $1 usernetctl_t:process transition;
allow usernetctl_t $1:fd use;
allow usernetctl_t $1:fifo_file { getattr read write append ioctl lock };
allow usernetctl_t $1:process sigchld;
apps,usernetctl.if,usernetctl_run'
allow usernetctl_t bin_t:dir { getattr search };
allow usernetctl_t bin_t:dir { getattr search };
allow usernetctl_t bin_t:dir { getattr search };
allow usernetctl_t bin_t:dir { getattr search };
allow usernetctl_t ifconfig_exec_t:file { getattr read execute };
allow usernetctl_t ifconfig_t:process transition;
allow ifconfig_t usernetctl_t:fd use;
allow ifconfig_t usernetctl_t:fifo_file { getattr read write append ioctl lock };
allow ifconfig_t usernetctl_t:process sigchld;
allow usernetctl_t bin_t:dir { getattr search };
allow usernetctl_t bin_t:dir { getattr search };
allow usernetctl_t dhcpc_exec_t:file { getattr read execute };
allow usernetctl_t dhcpc_t:process transition;
allow dhcpc_t usernetctl_t:fd use;
allow dhcpc_t usernetctl_t:fifo_file { getattr read write append ioctl lock };
allow dhcpc_t usernetctl_t:process sigchld;
apps,vmware.if,vmware_role'
allow $2 vmware_exec_t:file { getattr read execute };
allow $2 vmware_t:process transition;
allow vmware_t $2:fd use;
allow vmware_t $2:fifo_file { getattr read write append ioctl lock };
allow vmware_t $2:process sigchld;
allow $2 vmware_t:dir { search getattr read };
allow $2 vmware_t:{ file lnk_file } { read getattr };
allow $2 vmware_t:process getattr;
allow $2 vmware_t:process signal;
apps,vmware.if,vmware_read_system_config'
allow $1 vmware_sys_conf_t:file { getattr read };
apps,vmware.if,vmware_append_system_config'
allow $1 vmware_sys_conf_t:file append;
apps,vmware.if,vmware_append_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 vmware_log_t:dir { getattr search };
allow $1 vmware_log_t:file { getattr append lock ioctl };
apps,webalizer.if,webalizer_domtrans'
allow $1 webalizer_exec_t:file { getattr read execute };
allow $1 webalizer_t:process transition;
allow webalizer_t $1:fd use;
allow webalizer_t $1:fifo_file { getattr read write append ioctl lock };
allow webalizer_t $1:process sigchld;
apps,webalizer.if,webalizer_run'
apps,wine.if,wine_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 wine_exec_t:file { getattr read execute };
allow $1 wine_t:process transition;
allow wine_t $1:fd use;
allow wine_t $1:fifo_file { getattr read write append ioctl lock };
allow wine_t $1:process sigchld;
apps,wine.if,wine_run'
apps,wireshark.if,wireshark_role'
allow $2 wireshark_exec_t:file { getattr read execute };
allow $2 wireshark_t:process transition;
allow wireshark_t $2:fd use;
allow wireshark_t $2:process sigchld;
allow $2 wireshark_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 wireshark_home_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $2 wireshark_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 wireshark_home_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 wireshark_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 wireshark_home_t:lnk_file { create read getattr setattr unlink rename };
allow $2 wireshark_home_t:dir { getattr search };
allow $2 wireshark_home_t:dir { getattr relabelfrom relabelto };
allow $2 wireshark_home_t:dir { getattr search };
allow $2 wireshark_home_t:file { getattr relabelfrom relabelto };
allow $2 wireshark_home_t:dir { getattr search };
allow $2 wireshark_home_t:lnk_file { getattr relabelfrom relabelto };
apps,wireshark.if,wireshark_domtrans'
allow $1 wireshark_exec_t:file { getattr read execute };
allow $1 wireshark_t:process transition;
allow wireshark_t $1:fd use;
allow wireshark_t $1:fifo_file { getattr read write append ioctl lock };
allow wireshark_t $1:process sigchld;
apps,yam.if,yam_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 yam_exec_t:file { getattr read execute };
allow $1 yam_t:process transition;
allow yam_t $1:fd use;
allow yam_t $1:fifo_file { getattr read write append ioctl lock };
allow yam_t $1:process sigchld;
apps,yam.if,yam_run'
apps,yam.if,yam_read_content'
allow $1 yam_content_t:dir { getattr search read lock ioctl };
allow $1 yam_content_t:dir { getattr search };
allow $1 yam_content_t:file { getattr read lock ioctl };
allow $1 yam_content_t:dir { getattr search };
allow $1 yam_content_t:lnk_file { getattr read };
kernel,corecommands.if,corecmd_executable_file'
kernel,corecommands.if,corecmd_bin_alias'
kernel,corecommands.if,corecmd_bin_entry_type'
allow $1 bin_t:file entrypoint;
allow $1 bin_t:file { { getattr read execute ioctl } ioctl lock };
kernel,corecommands.if,corecmd_sbin_entry_type'
kernel,corecommands.if,corecmd_shell_entry_type'
allow $1 shell_exec_t:file entrypoint;
allow $1 shell_exec_t:file { { getattr read execute ioctl } ioctl lock };
kernel,corecommands.if,corecmd_search_bin'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
kernel,corecommands.if,corecmd_dontaudit_search_bin'
kernel,corecommands.if,corecmd_list_bin'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search read lock ioctl };
kernel,corecommands.if,corecmd_dontaudit_write_bin_dirs'
kernel,corecommands.if,corecmd_getattr_bin_files'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:file { getattr };
kernel,corecommands.if,corecmd_dontaudit_getattr_bin_files'
kernel,corecommands.if,corecmd_read_bin_files'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:file { getattr read lock ioctl };
kernel,corecommands.if,corecmd_read_bin_symlinks'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:lnk_file { getattr read };
kernel,corecommands.if,corecmd_read_bin_pipes'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:fifo_file { getattr read lock ioctl };
kernel,corecommands.if,corecmd_read_bin_sockets'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:sock_file { getattr read };
kernel,corecommands.if,corecmd_exec_bin'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:lnk_file { getattr read };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search read lock ioctl };
allow $1 bin_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
kernel,corecommands.if,corecmd_manage_bin_files'
allow $1 bin_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 bin_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,corecommands.if,corecmd_relabel_bin_files'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:file { getattr relabelfrom relabelto };
kernel,corecommands.if,corecmd_mmap_bin_files'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:file { getattr read execute ioctl };
kernel,corecommands.if,corecmd_bin_spec_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:lnk_file { getattr read };
allow $1 bin_t:file { getattr read execute };
allow $1 $2:process transition;
kernel,corecommands.if,corecmd_bin_domtrans'
kernel,corecommands.if,corecmd_search_sbin'
kernel,corecommands.if,corecmd_dontaudit_search_sbin'
kernel,corecommands.if,corecmd_list_sbin'
kernel,corecommands.if,corecmd_dontaudit_write_sbin_dirs'
kernel,corecommands.if,corecmd_getattr_sbin_files'
kernel,corecommands.if,corecmd_dontaudit_getattr_sbin_files'
kernel,corecommands.if,corecmd_read_sbin_files'
kernel,corecommands.if,corecmd_read_sbin_symlinks'
kernel,corecommands.if,corecmd_read_sbin_pipes'
kernel,corecommands.if,corecmd_read_sbin_sockets'
kernel,corecommands.if,corecmd_exec_sbin'
kernel,corecommands.if,corecmd_manage_sbin_files'
kernel,corecommands.if,corecmd_relabel_sbin_files'
kernel,corecommands.if,corecmd_mmap_sbin_files'
kernel,corecommands.if,corecmd_sbin_domtrans'
kernel,corecommands.if,corecmd_sbin_spec_domtrans'
kernel,corecommands.if,corecmd_check_exec_shell'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search read lock ioctl };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:lnk_file { getattr read };
allow $1 shell_exec_t:file execute;
kernel,corecommands.if,corecmd_exec_shell'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search read lock ioctl };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:lnk_file { getattr read };
allow $1 shell_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
kernel,corecommands.if,corecmd_exec_ls'
kernel,corecommands.if,corecmd_shell_spec_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search read lock ioctl };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:lnk_file { getattr read };
allow $1 shell_exec_t:file { getattr read execute };
allow $1 $2:process transition;
kernel,corecommands.if,corecmd_shell_domtrans'
kernel,corecommands.if,corecmd_exec_chroot'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:lnk_file { getattr read };
allow $1 chroot_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
kernel,corecommands.if,corecmd_getattr_all_executables'
allow $1 bin_t:dir { getattr search read lock ioctl };
allow $1 bin_t:dir { getattr search };
allow $1 exec_type:file { getattr };
kernel,corecommands.if,corecmd_exec_all_executables'
allow $1 exec_type:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search read lock ioctl };
allow $1 bin_t:dir { getattr search };
allow $1 exec_type:lnk_file { getattr read };
kernel,corecommands.if,corecmd_dontaudit_exec_all_executables'
kernel,corecommands.if,corecmd_manage_all_executables'
allow $1 bin_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 exec_type:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 bin_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 bin_t:lnk_file { create read getattr setattr unlink rename };
kernel,corecommands.if,corecmd_relabel_all_executables'
allow $1 bin_t:dir { getattr search };
allow $1 exec_type:file { getattr relabelfrom relabelto };
kernel,corecommands.if,corecmd_mmap_all_executables'
allow $1 bin_t:dir { getattr search };
allow $1 exec_type:file { getattr read execute ioctl };
kernel,corenetwork.if,corenet_port'
kernel,corenetwork.if,corenet_reserved_port'
kernel,corenetwork.if,corenet_rpc_port'
kernel,corenetwork.if,corenet_client_packet'
kernel,corenetwork.if,corenet_server_packet'
kernel,corenetwork.if,corenet_tcp_sendrecv_generic_if'
allow $1 netif_t:netif { tcp_send tcp_recv egress ingress };
kernel,corenetwork.if,corenet_udp_send_generic_if'
allow $1 netif_t:netif { udp_send egress };
kernel,corenetwork.if,corenet_dontaudit_udp_send_generic_if'
kernel,corenetwork.if,corenet_udp_receive_generic_if'
allow $1 netif_t:netif { udp_recv ingress };
kernel,corenetwork.if,corenet_dontaudit_udp_receive_generic_if'
kernel,corenetwork.if,corenet_udp_sendrecv_generic_if'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_generic_if'
kernel,corenetwork.if,corenet_send_generic_if'
allow $1 netif_t:netif { rawip_send egress };
kernel,corenetwork.if,corenet_receive_generic_if'
allow $1 netif_t:netif { rawip_recv ingress };
kernel,corenetwork.if,corenet_sendrecv_generic_if'
kernel,corenetwork.if,corenet_tcp_sendrecv_all_if'
allow $1 netif_type:netif { tcp_send tcp_recv egress ingress };
kernel,corenetwork.if,corenet_udp_send_all_if'
allow $1 netif_type:netif { udp_send egress };
kernel,corenetwork.if,corenet_udp_receive_all_if'
allow $1 netif_type:netif { udp_recv ingress };
kernel,corenetwork.if,corenet_udp_sendrecv_all_if'
kernel,corenetwork.if,corenet_send_all_if'
allow $1 netif_type:netif { rawip_send egress };
kernel,corenetwork.if,corenet_receive_all_if'
allow $1 netif_type:netif { rawip_recv ingress };
kernel,corenetwork.if,corenet_sendrecv_all_if'
kernel,corenetwork.if,corenet_tcp_sendrecv_generic_node'
allow $1 node_t:node { tcp_send tcp_recv sendto recvfrom };
kernel,corenetwork.if,corenet_udp_send_generic_node'
allow $1 node_t:node { udp_send sendto };
kernel,corenetwork.if,corenet_udp_receive_generic_node'
allow $1 node_t:node { udp_recv recvfrom };
kernel,corenetwork.if,corenet_udp_sendrecv_generic_node'
kernel,corenetwork.if,corenet_send_generic_node'
allow $1 node_t:node { rawip_send sendto };
kernel,corenetwork.if,corenet_receive_generic_node'
allow $1 node_t:node { rawip_recv recvfrom };
kernel,corenetwork.if,corenet_sendrecv_generic_node'
kernel,corenetwork.if,corenet_tcp_bind_generic_node'
allow $1 node_t:tcp_socket node_bind;
kernel,corenetwork.if,corenet_udp_bind_generic_node'
allow $1 node_t:udp_socket node_bind;
kernel,corenetwork.if,corenet_tcp_sendrecv_all_nodes'
allow $1 node_type:node { tcp_send tcp_recv sendto recvfrom };
kernel,corenetwork.if,corenet_udp_send_all_nodes'
allow $1 node_type:node { udp_send sendto };
kernel,corenetwork.if,corenet_dontaudit_udp_send_all_nodes'
kernel,corenetwork.if,corenet_udp_receive_all_nodes'
allow $1 node_type:node { udp_recv recvfrom };
kernel,corenetwork.if,corenet_dontaudit_udp_receive_all_nodes'
kernel,corenetwork.if,corenet_udp_sendrecv_all_nodes'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_all_nodes'
kernel,corenetwork.if,corenet_send_all_nodes'
allow $1 node_type:node { rawip_send sendto };
kernel,corenetwork.if,corenet_receive_all_nodes'
allow $1 node_type:node { rawip_recv recvfrom };
kernel,corenetwork.if,corenet_sendrecv_all_nodes'
kernel,corenetwork.if,corenet_tcp_bind_all_nodes'
allow $1 node_type:tcp_socket node_bind;
kernel,corenetwork.if,corenet_udp_bind_all_nodes'
allow $1 node_type:udp_socket node_bind;
kernel,corenetwork.if,corenet_bind_all_nodes'
allow $1 node_type:rawip_socket node_bind;
kernel,corenetwork.if,corenet_tcp_sendrecv_generic_port'
allow $1 port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_dontaudit_tcp_sendrecv_generic_port'
kernel,corenetwork.if,corenet_udp_send_generic_port'
allow $1 port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_udp_receive_generic_port'
allow $1 port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_udp_sendrecv_generic_port'
kernel,corenetwork.if,corenet_tcp_bind_generic_port'
allow $1 port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_dontaudit_tcp_bind_generic_port'
kernel,corenetwork.if,corenet_udp_bind_generic_port'
allow $1 port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_generic_port'
allow $1 port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_tcp_sendrecv_all_ports'
allow $1 port_type:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_all_ports'
allow $1 port_type:udp_socket send_msg;
kernel,corenetwork.if,corenet_udp_receive_all_ports'
allow $1 port_type:udp_socket recv_msg;
kernel,corenetwork.if,corenet_udp_sendrecv_all_ports'
kernel,corenetwork.if,corenet_tcp_bind_all_ports'
allow $1 port_type:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_dontaudit_tcp_bind_all_ports'
kernel,corenetwork.if,corenet_udp_bind_all_ports'
allow $1 port_type:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_dontaudit_udp_bind_all_ports'
kernel,corenetwork.if,corenet_tcp_connect_all_ports'
allow $1 port_type:tcp_socket name_connect;
kernel,corenetwork.if,corenet_dontaudit_tcp_connect_all_ports'
kernel,corenetwork.if,corenet_tcp_sendrecv_reserved_port'
allow $1 reserved_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_reserved_port'
allow $1 reserved_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_udp_receive_reserved_port'
allow $1 reserved_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_udp_sendrecv_reserved_port'
kernel,corenetwork.if,corenet_tcp_bind_reserved_port'
allow $1 reserved_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_reserved_port'
allow $1 reserved_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_reserved_port'
allow $1 reserved_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_tcp_sendrecv_all_reserved_ports'
allow $1 reserved_port_type:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_all_reserved_ports'
allow $1 reserved_port_type:udp_socket send_msg;
kernel,corenetwork.if,corenet_udp_receive_all_reserved_ports'
allow $1 reserved_port_type:udp_socket recv_msg;
kernel,corenetwork.if,corenet_udp_sendrecv_all_reserved_ports'
kernel,corenetwork.if,corenet_tcp_bind_all_reserved_ports'
allow $1 reserved_port_type:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_dontaudit_tcp_bind_all_reserved_ports'
kernel,corenetwork.if,corenet_udp_bind_all_reserved_ports'
allow $1 reserved_port_type:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_dontaudit_udp_bind_all_reserved_ports'
kernel,corenetwork.if,corenet_tcp_bind_all_unreserved_ports'
allow $1 { port_type -reserved_port_type }:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_all_unreserved_ports'
allow $1 { port_type -reserved_port_type }:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_all_reserved_ports'
allow $1 reserved_port_type:tcp_socket name_connect;
kernel,corenetwork.if,corenet_dontaudit_tcp_connect_all_reserved_ports'
kernel,corenetwork.if,corenet_tcp_connect_all_rpc_ports'
allow $1 rpc_port_type:tcp_socket name_connect;
kernel,corenetwork.if,corenet_dontaudit_tcp_connect_all_rpc_ports'
kernel,corenetwork.if,corenet_rw_tun_tap_dev'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 tun_tap_device_t:chr_file { getattr read write append ioctl lock };
kernel,corenetwork.if,corenet_rw_ppp_dev'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 ppp_device_t:chr_file { getattr read write append ioctl lock };
kernel,corenetwork.if,corenet_tcp_bind_all_rpc_ports'
allow $1 rpc_port_type:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_dontaudit_tcp_bind_all_rpc_ports'
kernel,corenetwork.if,corenet_udp_bind_all_rpc_ports'
allow $1 rpc_port_type:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_dontaudit_udp_bind_all_rpc_ports'
kernel,corenetwork.if,corenet_non_ipsec_sendrecv'
kernel,corenetwork.if,corenet_dontaudit_non_ipsec_sendrecv'
kernel,corenetwork.if,corenet_tcp_recv_netlabel'
kernel,corenetwork.if,corenet_tcp_recvfrom_netlabel'
allow $1 netlabel_peer_t:peer recv;
allow $1 netlabel_peer_t:tcp_socket recvfrom;
kernel,corenetwork.if,corenet_tcp_recvfrom_unlabeled'
allow $1 unlabeled_t:tcp_socket recvfrom;
allow $1 unlabeled_t:peer recv;
allow $1 unlabeled_t:association { sendto recvfrom };
allow $1 unlabeled_t:packet { send recv };
kernel,corenetwork.if,corenet_dontaudit_tcp_recv_netlabel'
kernel,corenetwork.if,corenet_dontaudit_tcp_recvfrom_netlabel'
kernel,corenetwork.if,corenet_dontaudit_tcp_recvfrom_unlabeled'
kernel,corenetwork.if,corenet_udp_recv_netlabel'
kernel,corenetwork.if,corenet_udp_recvfrom_netlabel'
allow $1 netlabel_peer_t:peer recv;
allow $1 netlabel_peer_t:udp_socket recvfrom;
kernel,corenetwork.if,corenet_udp_recvfrom_unlabeled'
allow $1 unlabeled_t:udp_socket recvfrom;
allow $1 unlabeled_t:peer recv;
allow $1 unlabeled_t:association { sendto recvfrom };
allow $1 unlabeled_t:packet { send recv };
kernel,corenetwork.if,corenet_dontaudit_udp_recv_netlabel'
kernel,corenetwork.if,corenet_dontaudit_udp_recvfrom_netlabel'
kernel,corenetwork.if,corenet_dontaudit_udp_recvfrom_unlabeled'
kernel,corenetwork.if,corenet_recv_netlabel'
kernel,corenetwork.if,corenet_recvfrom_netlabel'
allow $1 netlabel_peer_t:peer recv;
allow $1 netlabel_peer_t:rawip_socket recvfrom;
kernel,corenetwork.if,corenet_recvfrom_unlabeled'
allow $1 unlabeled_t:rawip_socket recvfrom;
allow $1 unlabeled_t:peer recv;
allow $1 unlabeled_t:association { sendto recvfrom };
allow $1 unlabeled_t:packet { send recv };
kernel,corenetwork.if,corenet_dontaudit_recv_netlabel'
kernel,corenetwork.if,corenet_dontaudit_recvfrom_netlabel'
kernel,corenetwork.if,corenet_dontaudit_recvfrom_unlabeled'
kernel,corenetwork.if,corenet_all_recvfrom_unlabeled'
allow $1 unlabeled_t:tcp_socket recvfrom;
allow $1 unlabeled_t:udp_socket recvfrom;
allow $1 unlabeled_t:rawip_socket recvfrom;
allow $1 unlabeled_t:peer recv;
allow $1 unlabeled_t:association { sendto recvfrom };
allow $1 unlabeled_t:packet { send recv };
kernel,corenetwork.if,corenet_all_recvfrom_netlabel'
allow $1 netlabel_peer_t:peer recv;
allow $1 netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
kernel,corenetwork.if,corenet_dontaudit_all_recvfrom_unlabeled'
kernel,corenetwork.if,corenet_dontaudit_all_recvfrom_netlabel'
kernel,corenetwork.if,corenet_tcp_recvfrom_labeled'
allow { $1 $2 } self:association sendto;
allow $1 $2:{ association tcp_socket } recvfrom;
allow $2 $1:{ association tcp_socket } recvfrom;
allow $1 $2:peer recv;
allow $2 $1:peer recv;
kernel,corenetwork.if,corenet_udp_recvfrom_labeled'
allow $2 self:association sendto;
allow $1 $2:{ association udp_socket } recvfrom;
allow $1 $2:peer recv;
kernel,corenetwork.if,corenet_recvfrom_labeled'
allow $2 self:association sendto;
allow $1 $2:{ association rawip_socket } recvfrom;
allow $1 $2:peer recv;
kernel,corenetwork.if,corenet_all_recvfrom_labeled'
kernel,corenetwork.if,corenet_send_generic_client_packets'
allow $1 client_packet_t:packet send;
kernel,corenetwork.if,corenet_receive_generic_client_packets'
allow $1 client_packet_t:packet recv;
kernel,corenetwork.if,corenet_sendrecv_generic_client_packets'
kernel,corenetwork.if,corenet_relabelto_generic_client_packets'
allow $1 client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_generic_server_packets'
allow $1 server_packet_t:packet send;
kernel,corenetwork.if,corenet_receive_generic_server_packets'
allow $1 server_packet_t:packet recv;
kernel,corenetwork.if,corenet_sendrecv_generic_server_packets'
kernel,corenetwork.if,corenet_relabelto_generic_server_packets'
allow $1 server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_sendrecv_unlabeled_packets'
allow $1 unlabeled_t:packet { send recv };
kernel,corenetwork.if,corenet_send_all_client_packets'
allow $1 client_packet_type:packet send;
kernel,corenetwork.if,corenet_receive_all_client_packets'
allow $1 client_packet_type:packet recv;
kernel,corenetwork.if,corenet_sendrecv_all_client_packets'
kernel,corenetwork.if,corenet_relabelto_all_client_packets'
allow $1 client_packet_type:packet relabelto;
kernel,corenetwork.if,corenet_send_all_server_packets'
allow $1 server_packet_type:packet send;
kernel,corenetwork.if,corenet_receive_all_server_packets'
allow $1 server_packet_type:packet recv;
kernel,corenetwork.if,corenet_sendrecv_all_server_packets'
kernel,corenetwork.if,corenet_relabelto_all_server_packets'
allow $1 server_packet_type:packet relabelto;
kernel,corenetwork.if,corenet_send_all_packets'
allow $1 packet_type:packet send;
kernel,corenetwork.if,corenet_receive_all_packets'
allow $1 packet_type:packet recv;
kernel,corenetwork.if,corenet_sendrecv_all_packets'
kernel,corenetwork.if,corenet_relabelto_all_packets'
allow $1 packet_type:packet relabelto;
kernel,corenetwork.if,corenet_unconfined'
kernel,corenetwork.if,corenet_tcp_sendrecv_afs_bos_port'
allow $1 afs_bos_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_afs_bos_port'
allow $1 afs_bos_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_afs_bos_port'
kernel,corenetwork.if,corenet_udp_receive_afs_bos_port'
allow $1 afs_bos_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_afs_bos_port'
kernel,corenetwork.if,corenet_udp_sendrecv_afs_bos_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_afs_bos_port'
kernel,corenetwork.if,corenet_tcp_bind_afs_bos_port'
allow $1 afs_bos_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_afs_bos_port'
allow $1 afs_bos_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_afs_bos_port'
allow $1 afs_bos_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_afs_bos_client_packets'
allow $1 afs_bos_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_afs_bos_client_packets'
kernel,corenetwork.if,corenet_receive_afs_bos_client_packets'
allow $1 afs_bos_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_afs_bos_client_packets'
kernel,corenetwork.if,corenet_sendrecv_afs_bos_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_afs_bos_client_packets'
kernel,corenetwork.if,corenet_relabelto_afs_bos_client_packets'
allow $1 afs_bos_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_afs_bos_server_packets'
allow $1 afs_bos_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_afs_bos_server_packets'
kernel,corenetwork.if,corenet_receive_afs_bos_server_packets'
allow $1 afs_bos_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_afs_bos_server_packets'
kernel,corenetwork.if,corenet_sendrecv_afs_bos_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_afs_bos_server_packets'
kernel,corenetwork.if,corenet_relabelto_afs_bos_server_packets'
allow $1 afs_bos_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_afs_fs_port'
allow $1 afs_fs_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_afs_fs_port'
allow $1 afs_fs_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_afs_fs_port'
kernel,corenetwork.if,corenet_udp_receive_afs_fs_port'
allow $1 afs_fs_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_afs_fs_port'
kernel,corenetwork.if,corenet_udp_sendrecv_afs_fs_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_afs_fs_port'
kernel,corenetwork.if,corenet_tcp_bind_afs_fs_port'
allow $1 afs_fs_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_afs_fs_port'
allow $1 afs_fs_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_afs_fs_port'
allow $1 afs_fs_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_afs_fs_client_packets'
allow $1 afs_fs_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_afs_fs_client_packets'
kernel,corenetwork.if,corenet_receive_afs_fs_client_packets'
allow $1 afs_fs_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_afs_fs_client_packets'
kernel,corenetwork.if,corenet_sendrecv_afs_fs_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_afs_fs_client_packets'
kernel,corenetwork.if,corenet_relabelto_afs_fs_client_packets'
allow $1 afs_fs_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_afs_fs_server_packets'
allow $1 afs_fs_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_afs_fs_server_packets'
kernel,corenetwork.if,corenet_receive_afs_fs_server_packets'
allow $1 afs_fs_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_afs_fs_server_packets'
kernel,corenetwork.if,corenet_sendrecv_afs_fs_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_afs_fs_server_packets'
kernel,corenetwork.if,corenet_relabelto_afs_fs_server_packets'
allow $1 afs_fs_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_afs_ka_port'
allow $1 afs_ka_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_afs_ka_port'
allow $1 afs_ka_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_afs_ka_port'
kernel,corenetwork.if,corenet_udp_receive_afs_ka_port'
allow $1 afs_ka_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_afs_ka_port'
kernel,corenetwork.if,corenet_udp_sendrecv_afs_ka_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_afs_ka_port'
kernel,corenetwork.if,corenet_tcp_bind_afs_ka_port'
allow $1 afs_ka_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_afs_ka_port'
allow $1 afs_ka_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_afs_ka_port'
allow $1 afs_ka_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_afs_ka_client_packets'
allow $1 afs_ka_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_afs_ka_client_packets'
kernel,corenetwork.if,corenet_receive_afs_ka_client_packets'
allow $1 afs_ka_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_afs_ka_client_packets'
kernel,corenetwork.if,corenet_sendrecv_afs_ka_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_afs_ka_client_packets'
kernel,corenetwork.if,corenet_relabelto_afs_ka_client_packets'
allow $1 afs_ka_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_afs_ka_server_packets'
allow $1 afs_ka_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_afs_ka_server_packets'
kernel,corenetwork.if,corenet_receive_afs_ka_server_packets'
allow $1 afs_ka_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_afs_ka_server_packets'
kernel,corenetwork.if,corenet_sendrecv_afs_ka_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_afs_ka_server_packets'
kernel,corenetwork.if,corenet_relabelto_afs_ka_server_packets'
allow $1 afs_ka_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_afs_pt_port'
allow $1 afs_pt_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_afs_pt_port'
allow $1 afs_pt_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_afs_pt_port'
kernel,corenetwork.if,corenet_udp_receive_afs_pt_port'
allow $1 afs_pt_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_afs_pt_port'
kernel,corenetwork.if,corenet_udp_sendrecv_afs_pt_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_afs_pt_port'
kernel,corenetwork.if,corenet_tcp_bind_afs_pt_port'
allow $1 afs_pt_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_afs_pt_port'
allow $1 afs_pt_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_afs_pt_port'
allow $1 afs_pt_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_afs_pt_client_packets'
allow $1 afs_pt_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_afs_pt_client_packets'
kernel,corenetwork.if,corenet_receive_afs_pt_client_packets'
allow $1 afs_pt_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_afs_pt_client_packets'
kernel,corenetwork.if,corenet_sendrecv_afs_pt_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_afs_pt_client_packets'
kernel,corenetwork.if,corenet_relabelto_afs_pt_client_packets'
allow $1 afs_pt_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_afs_pt_server_packets'
allow $1 afs_pt_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_afs_pt_server_packets'
kernel,corenetwork.if,corenet_receive_afs_pt_server_packets'
allow $1 afs_pt_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_afs_pt_server_packets'
kernel,corenetwork.if,corenet_sendrecv_afs_pt_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_afs_pt_server_packets'
kernel,corenetwork.if,corenet_relabelto_afs_pt_server_packets'
allow $1 afs_pt_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_afs_vl_port'
allow $1 afs_vl_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_afs_vl_port'
allow $1 afs_vl_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_afs_vl_port'
kernel,corenetwork.if,corenet_udp_receive_afs_vl_port'
allow $1 afs_vl_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_afs_vl_port'
kernel,corenetwork.if,corenet_udp_sendrecv_afs_vl_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_afs_vl_port'
kernel,corenetwork.if,corenet_tcp_bind_afs_vl_port'
allow $1 afs_vl_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_afs_vl_port'
allow $1 afs_vl_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_afs_vl_port'
allow $1 afs_vl_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_afs_vl_client_packets'
allow $1 afs_vl_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_afs_vl_client_packets'
kernel,corenetwork.if,corenet_receive_afs_vl_client_packets'
allow $1 afs_vl_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_afs_vl_client_packets'
kernel,corenetwork.if,corenet_sendrecv_afs_vl_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_afs_vl_client_packets'
kernel,corenetwork.if,corenet_relabelto_afs_vl_client_packets'
allow $1 afs_vl_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_afs_vl_server_packets'
allow $1 afs_vl_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_afs_vl_server_packets'
kernel,corenetwork.if,corenet_receive_afs_vl_server_packets'
allow $1 afs_vl_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_afs_vl_server_packets'
kernel,corenetwork.if,corenet_sendrecv_afs_vl_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_afs_vl_server_packets'
kernel,corenetwork.if,corenet_relabelto_afs_vl_server_packets'
allow $1 afs_vl_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_amanda_port'
allow $1 amanda_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_amanda_port'
allow $1 amanda_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_amanda_port'
kernel,corenetwork.if,corenet_udp_receive_amanda_port'
allow $1 amanda_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_amanda_port'
kernel,corenetwork.if,corenet_udp_sendrecv_amanda_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_amanda_port'
kernel,corenetwork.if,corenet_tcp_bind_amanda_port'
allow $1 amanda_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_amanda_port'
allow $1 amanda_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_amanda_port'
allow $1 amanda_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_amanda_client_packets'
allow $1 amanda_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_amanda_client_packets'
kernel,corenetwork.if,corenet_receive_amanda_client_packets'
allow $1 amanda_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_amanda_client_packets'
kernel,corenetwork.if,corenet_sendrecv_amanda_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_amanda_client_packets'
kernel,corenetwork.if,corenet_relabelto_amanda_client_packets'
allow $1 amanda_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_amanda_server_packets'
allow $1 amanda_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_amanda_server_packets'
kernel,corenetwork.if,corenet_receive_amanda_server_packets'
allow $1 amanda_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_amanda_server_packets'
kernel,corenetwork.if,corenet_sendrecv_amanda_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_amanda_server_packets'
kernel,corenetwork.if,corenet_relabelto_amanda_server_packets'
allow $1 amanda_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_amavisd_recv_port'
allow $1 amavisd_recv_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_amavisd_recv_port'
allow $1 amavisd_recv_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_amavisd_recv_port'
kernel,corenetwork.if,corenet_udp_receive_amavisd_recv_port'
allow $1 amavisd_recv_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_amavisd_recv_port'
kernel,corenetwork.if,corenet_udp_sendrecv_amavisd_recv_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_amavisd_recv_port'
kernel,corenetwork.if,corenet_tcp_bind_amavisd_recv_port'
allow $1 amavisd_recv_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_amavisd_recv_port'
allow $1 amavisd_recv_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_amavisd_recv_port'
allow $1 amavisd_recv_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_amavisd_recv_client_packets'
allow $1 amavisd_recv_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_amavisd_recv_client_packets'
kernel,corenetwork.if,corenet_receive_amavisd_recv_client_packets'
allow $1 amavisd_recv_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_amavisd_recv_client_packets'
kernel,corenetwork.if,corenet_sendrecv_amavisd_recv_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_amavisd_recv_client_packets'
kernel,corenetwork.if,corenet_relabelto_amavisd_recv_client_packets'
allow $1 amavisd_recv_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_amavisd_recv_server_packets'
allow $1 amavisd_recv_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_amavisd_recv_server_packets'
kernel,corenetwork.if,corenet_receive_amavisd_recv_server_packets'
allow $1 amavisd_recv_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_amavisd_recv_server_packets'
kernel,corenetwork.if,corenet_sendrecv_amavisd_recv_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_amavisd_recv_server_packets'
kernel,corenetwork.if,corenet_relabelto_amavisd_recv_server_packets'
allow $1 amavisd_recv_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_amavisd_send_port'
allow $1 amavisd_send_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_amavisd_send_port'
allow $1 amavisd_send_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_amavisd_send_port'
kernel,corenetwork.if,corenet_udp_receive_amavisd_send_port'
allow $1 amavisd_send_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_amavisd_send_port'
kernel,corenetwork.if,corenet_udp_sendrecv_amavisd_send_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_amavisd_send_port'
kernel,corenetwork.if,corenet_tcp_bind_amavisd_send_port'
allow $1 amavisd_send_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_amavisd_send_port'
allow $1 amavisd_send_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_amavisd_send_port'
allow $1 amavisd_send_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_amavisd_send_client_packets'
allow $1 amavisd_send_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_amavisd_send_client_packets'
kernel,corenetwork.if,corenet_receive_amavisd_send_client_packets'
allow $1 amavisd_send_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_amavisd_send_client_packets'
kernel,corenetwork.if,corenet_sendrecv_amavisd_send_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_amavisd_send_client_packets'
kernel,corenetwork.if,corenet_relabelto_amavisd_send_client_packets'
allow $1 amavisd_send_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_amavisd_send_server_packets'
allow $1 amavisd_send_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_amavisd_send_server_packets'
kernel,corenetwork.if,corenet_receive_amavisd_send_server_packets'
allow $1 amavisd_send_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_amavisd_send_server_packets'
kernel,corenetwork.if,corenet_sendrecv_amavisd_send_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_amavisd_send_server_packets'
kernel,corenetwork.if,corenet_relabelto_amavisd_send_server_packets'
allow $1 amavisd_send_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_aol_port'
allow $1 aol_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_aol_port'
allow $1 aol_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_aol_port'
kernel,corenetwork.if,corenet_udp_receive_aol_port'
allow $1 aol_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_aol_port'
kernel,corenetwork.if,corenet_udp_sendrecv_aol_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_aol_port'
kernel,corenetwork.if,corenet_tcp_bind_aol_port'
allow $1 aol_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_aol_port'
allow $1 aol_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_aol_port'
allow $1 aol_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_aol_client_packets'
allow $1 aol_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_aol_client_packets'
kernel,corenetwork.if,corenet_receive_aol_client_packets'
allow $1 aol_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_aol_client_packets'
kernel,corenetwork.if,corenet_sendrecv_aol_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_aol_client_packets'
kernel,corenetwork.if,corenet_relabelto_aol_client_packets'
allow $1 aol_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_aol_server_packets'
allow $1 aol_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_aol_server_packets'
kernel,corenetwork.if,corenet_receive_aol_server_packets'
allow $1 aol_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_aol_server_packets'
kernel,corenetwork.if,corenet_sendrecv_aol_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_aol_server_packets'
kernel,corenetwork.if,corenet_relabelto_aol_server_packets'
allow $1 aol_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_apcupsd_port'
allow $1 apcupsd_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_apcupsd_port'
allow $1 apcupsd_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_apcupsd_port'
kernel,corenetwork.if,corenet_udp_receive_apcupsd_port'
allow $1 apcupsd_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_apcupsd_port'
kernel,corenetwork.if,corenet_udp_sendrecv_apcupsd_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_apcupsd_port'
kernel,corenetwork.if,corenet_tcp_bind_apcupsd_port'
allow $1 apcupsd_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_apcupsd_port'
allow $1 apcupsd_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_apcupsd_port'
allow $1 apcupsd_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_apcupsd_client_packets'
allow $1 apcupsd_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_apcupsd_client_packets'
kernel,corenetwork.if,corenet_receive_apcupsd_client_packets'
allow $1 apcupsd_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_apcupsd_client_packets'
kernel,corenetwork.if,corenet_sendrecv_apcupsd_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_apcupsd_client_packets'
kernel,corenetwork.if,corenet_relabelto_apcupsd_client_packets'
allow $1 apcupsd_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_apcupsd_server_packets'
allow $1 apcupsd_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_apcupsd_server_packets'
kernel,corenetwork.if,corenet_receive_apcupsd_server_packets'
allow $1 apcupsd_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_apcupsd_server_packets'
kernel,corenetwork.if,corenet_sendrecv_apcupsd_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_apcupsd_server_packets'
kernel,corenetwork.if,corenet_relabelto_apcupsd_server_packets'
allow $1 apcupsd_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_asterisk_port'
allow $1 asterisk_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_asterisk_port'
allow $1 asterisk_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_asterisk_port'
kernel,corenetwork.if,corenet_udp_receive_asterisk_port'
allow $1 asterisk_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_asterisk_port'
kernel,corenetwork.if,corenet_udp_sendrecv_asterisk_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_asterisk_port'
kernel,corenetwork.if,corenet_tcp_bind_asterisk_port'
allow $1 asterisk_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_asterisk_port'
allow $1 asterisk_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_asterisk_port'
allow $1 asterisk_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_asterisk_client_packets'
allow $1 asterisk_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_asterisk_client_packets'
kernel,corenetwork.if,corenet_receive_asterisk_client_packets'
allow $1 asterisk_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_asterisk_client_packets'
kernel,corenetwork.if,corenet_sendrecv_asterisk_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_asterisk_client_packets'
kernel,corenetwork.if,corenet_relabelto_asterisk_client_packets'
allow $1 asterisk_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_asterisk_server_packets'
allow $1 asterisk_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_asterisk_server_packets'
kernel,corenetwork.if,corenet_receive_asterisk_server_packets'
allow $1 asterisk_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_asterisk_server_packets'
kernel,corenetwork.if,corenet_sendrecv_asterisk_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_asterisk_server_packets'
kernel,corenetwork.if,corenet_relabelto_asterisk_server_packets'
allow $1 asterisk_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_audit_port'
allow $1 audit_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_audit_port'
allow $1 audit_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_audit_port'
kernel,corenetwork.if,corenet_udp_receive_audit_port'
allow $1 audit_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_audit_port'
kernel,corenetwork.if,corenet_udp_sendrecv_audit_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_audit_port'
kernel,corenetwork.if,corenet_tcp_bind_audit_port'
allow $1 audit_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_audit_port'
allow $1 audit_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_audit_port'
allow $1 audit_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_audit_client_packets'
allow $1 audit_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_audit_client_packets'
kernel,corenetwork.if,corenet_receive_audit_client_packets'
allow $1 audit_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_audit_client_packets'
kernel,corenetwork.if,corenet_sendrecv_audit_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_audit_client_packets'
kernel,corenetwork.if,corenet_relabelto_audit_client_packets'
allow $1 audit_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_audit_server_packets'
allow $1 audit_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_audit_server_packets'
kernel,corenetwork.if,corenet_receive_audit_server_packets'
allow $1 audit_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_audit_server_packets'
kernel,corenetwork.if,corenet_sendrecv_audit_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_audit_server_packets'
kernel,corenetwork.if,corenet_relabelto_audit_server_packets'
allow $1 audit_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_auth_port'
allow $1 auth_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_auth_port'
allow $1 auth_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_auth_port'
kernel,corenetwork.if,corenet_udp_receive_auth_port'
allow $1 auth_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_auth_port'
kernel,corenetwork.if,corenet_udp_sendrecv_auth_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_auth_port'
kernel,corenetwork.if,corenet_tcp_bind_auth_port'
allow $1 auth_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_auth_port'
allow $1 auth_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_auth_port'
allow $1 auth_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_auth_client_packets'
allow $1 auth_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_auth_client_packets'
kernel,corenetwork.if,corenet_receive_auth_client_packets'
allow $1 auth_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_auth_client_packets'
kernel,corenetwork.if,corenet_sendrecv_auth_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_auth_client_packets'
kernel,corenetwork.if,corenet_relabelto_auth_client_packets'
allow $1 auth_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_auth_server_packets'
allow $1 auth_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_auth_server_packets'
kernel,corenetwork.if,corenet_receive_auth_server_packets'
allow $1 auth_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_auth_server_packets'
kernel,corenetwork.if,corenet_sendrecv_auth_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_auth_server_packets'
kernel,corenetwork.if,corenet_relabelto_auth_server_packets'
allow $1 auth_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_bgp_port'
allow $1 bgp_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_bgp_port'
allow $1 bgp_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_bgp_port'
kernel,corenetwork.if,corenet_udp_receive_bgp_port'
allow $1 bgp_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_bgp_port'
kernel,corenetwork.if,corenet_udp_sendrecv_bgp_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_bgp_port'
kernel,corenetwork.if,corenet_tcp_bind_bgp_port'
allow $1 bgp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_bgp_port'
allow $1 bgp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_bgp_port'
allow $1 bgp_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_bgp_client_packets'
allow $1 bgp_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_bgp_client_packets'
kernel,corenetwork.if,corenet_receive_bgp_client_packets'
allow $1 bgp_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_bgp_client_packets'
kernel,corenetwork.if,corenet_sendrecv_bgp_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_bgp_client_packets'
kernel,corenetwork.if,corenet_relabelto_bgp_client_packets'
allow $1 bgp_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_bgp_server_packets'
allow $1 bgp_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_bgp_server_packets'
kernel,corenetwork.if,corenet_receive_bgp_server_packets'
allow $1 bgp_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_bgp_server_packets'
kernel,corenetwork.if,corenet_sendrecv_bgp_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_bgp_server_packets'
kernel,corenetwork.if,corenet_relabelto_bgp_server_packets'
allow $1 bgp_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_clamd_port'
allow $1 clamd_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_clamd_port'
allow $1 clamd_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_clamd_port'
kernel,corenetwork.if,corenet_udp_receive_clamd_port'
allow $1 clamd_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_clamd_port'
kernel,corenetwork.if,corenet_udp_sendrecv_clamd_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_clamd_port'
kernel,corenetwork.if,corenet_tcp_bind_clamd_port'
allow $1 clamd_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_clamd_port'
allow $1 clamd_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_clamd_port'
allow $1 clamd_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_clamd_client_packets'
allow $1 clamd_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_clamd_client_packets'
kernel,corenetwork.if,corenet_receive_clamd_client_packets'
allow $1 clamd_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_clamd_client_packets'
kernel,corenetwork.if,corenet_sendrecv_clamd_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_clamd_client_packets'
kernel,corenetwork.if,corenet_relabelto_clamd_client_packets'
allow $1 clamd_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_clamd_server_packets'
allow $1 clamd_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_clamd_server_packets'
kernel,corenetwork.if,corenet_receive_clamd_server_packets'
allow $1 clamd_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_clamd_server_packets'
kernel,corenetwork.if,corenet_sendrecv_clamd_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_clamd_server_packets'
kernel,corenetwork.if,corenet_relabelto_clamd_server_packets'
allow $1 clamd_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_clockspeed_port'
allow $1 clockspeed_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_clockspeed_port'
allow $1 clockspeed_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_clockspeed_port'
kernel,corenetwork.if,corenet_udp_receive_clockspeed_port'
allow $1 clockspeed_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_clockspeed_port'
kernel,corenetwork.if,corenet_udp_sendrecv_clockspeed_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_clockspeed_port'
kernel,corenetwork.if,corenet_tcp_bind_clockspeed_port'
allow $1 clockspeed_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_clockspeed_port'
allow $1 clockspeed_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_clockspeed_port'
allow $1 clockspeed_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_clockspeed_client_packets'
allow $1 clockspeed_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_clockspeed_client_packets'
kernel,corenetwork.if,corenet_receive_clockspeed_client_packets'
allow $1 clockspeed_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_clockspeed_client_packets'
kernel,corenetwork.if,corenet_sendrecv_clockspeed_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_clockspeed_client_packets'
kernel,corenetwork.if,corenet_relabelto_clockspeed_client_packets'
allow $1 clockspeed_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_clockspeed_server_packets'
allow $1 clockspeed_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_clockspeed_server_packets'
kernel,corenetwork.if,corenet_receive_clockspeed_server_packets'
allow $1 clockspeed_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_clockspeed_server_packets'
kernel,corenetwork.if,corenet_sendrecv_clockspeed_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_clockspeed_server_packets'
kernel,corenetwork.if,corenet_relabelto_clockspeed_server_packets'
allow $1 clockspeed_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_cluster_port'
allow $1 cluster_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_cluster_port'
allow $1 cluster_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_cluster_port'
kernel,corenetwork.if,corenet_udp_receive_cluster_port'
allow $1 cluster_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_cluster_port'
kernel,corenetwork.if,corenet_udp_sendrecv_cluster_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_cluster_port'
kernel,corenetwork.if,corenet_tcp_bind_cluster_port'
allow $1 cluster_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_cluster_port'
allow $1 cluster_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_cluster_port'
allow $1 cluster_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_cluster_client_packets'
allow $1 cluster_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_cluster_client_packets'
kernel,corenetwork.if,corenet_receive_cluster_client_packets'
allow $1 cluster_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_cluster_client_packets'
kernel,corenetwork.if,corenet_sendrecv_cluster_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_cluster_client_packets'
kernel,corenetwork.if,corenet_relabelto_cluster_client_packets'
allow $1 cluster_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_cluster_server_packets'
allow $1 cluster_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_cluster_server_packets'
kernel,corenetwork.if,corenet_receive_cluster_server_packets'
allow $1 cluster_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_cluster_server_packets'
kernel,corenetwork.if,corenet_sendrecv_cluster_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_cluster_server_packets'
kernel,corenetwork.if,corenet_relabelto_cluster_server_packets'
allow $1 cluster_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_comsat_port'
allow $1 comsat_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_comsat_port'
allow $1 comsat_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_comsat_port'
kernel,corenetwork.if,corenet_udp_receive_comsat_port'
allow $1 comsat_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_comsat_port'
kernel,corenetwork.if,corenet_udp_sendrecv_comsat_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_comsat_port'
kernel,corenetwork.if,corenet_tcp_bind_comsat_port'
allow $1 comsat_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_comsat_port'
allow $1 comsat_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_comsat_port'
allow $1 comsat_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_comsat_client_packets'
allow $1 comsat_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_comsat_client_packets'
kernel,corenetwork.if,corenet_receive_comsat_client_packets'
allow $1 comsat_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_comsat_client_packets'
kernel,corenetwork.if,corenet_sendrecv_comsat_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_comsat_client_packets'
kernel,corenetwork.if,corenet_relabelto_comsat_client_packets'
allow $1 comsat_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_comsat_server_packets'
allow $1 comsat_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_comsat_server_packets'
kernel,corenetwork.if,corenet_receive_comsat_server_packets'
allow $1 comsat_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_comsat_server_packets'
kernel,corenetwork.if,corenet_sendrecv_comsat_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_comsat_server_packets'
kernel,corenetwork.if,corenet_relabelto_comsat_server_packets'
allow $1 comsat_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_cyphesis_port'
allow $1 cyphesis_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_cyphesis_port'
allow $1 cyphesis_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_cyphesis_port'
kernel,corenetwork.if,corenet_udp_receive_cyphesis_port'
allow $1 cyphesis_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_cyphesis_port'
kernel,corenetwork.if,corenet_udp_sendrecv_cyphesis_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_cyphesis_port'
kernel,corenetwork.if,corenet_tcp_bind_cyphesis_port'
allow $1 cyphesis_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_cyphesis_port'
allow $1 cyphesis_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_cyphesis_port'
allow $1 cyphesis_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_cyphesis_client_packets'
allow $1 cyphesis_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_cyphesis_client_packets'
kernel,corenetwork.if,corenet_receive_cyphesis_client_packets'
allow $1 cyphesis_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_cyphesis_client_packets'
kernel,corenetwork.if,corenet_sendrecv_cyphesis_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_cyphesis_client_packets'
kernel,corenetwork.if,corenet_relabelto_cyphesis_client_packets'
allow $1 cyphesis_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_cyphesis_server_packets'
allow $1 cyphesis_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_cyphesis_server_packets'
kernel,corenetwork.if,corenet_receive_cyphesis_server_packets'
allow $1 cyphesis_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_cyphesis_server_packets'
kernel,corenetwork.if,corenet_sendrecv_cyphesis_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_cyphesis_server_packets'
kernel,corenetwork.if,corenet_relabelto_cyphesis_server_packets'
allow $1 cyphesis_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_cvs_port'
allow $1 cvs_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_cvs_port'
allow $1 cvs_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_cvs_port'
kernel,corenetwork.if,corenet_udp_receive_cvs_port'
allow $1 cvs_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_cvs_port'
kernel,corenetwork.if,corenet_udp_sendrecv_cvs_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_cvs_port'
kernel,corenetwork.if,corenet_tcp_bind_cvs_port'
allow $1 cvs_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_cvs_port'
allow $1 cvs_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_cvs_port'
allow $1 cvs_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_cvs_client_packets'
allow $1 cvs_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_cvs_client_packets'
kernel,corenetwork.if,corenet_receive_cvs_client_packets'
allow $1 cvs_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_cvs_client_packets'
kernel,corenetwork.if,corenet_sendrecv_cvs_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_cvs_client_packets'
kernel,corenetwork.if,corenet_relabelto_cvs_client_packets'
allow $1 cvs_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_cvs_server_packets'
allow $1 cvs_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_cvs_server_packets'
kernel,corenetwork.if,corenet_receive_cvs_server_packets'
allow $1 cvs_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_cvs_server_packets'
kernel,corenetwork.if,corenet_sendrecv_cvs_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_cvs_server_packets'
kernel,corenetwork.if,corenet_relabelto_cvs_server_packets'
allow $1 cvs_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_dcc_port'
allow $1 dcc_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_dcc_port'
allow $1 dcc_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_dcc_port'
kernel,corenetwork.if,corenet_udp_receive_dcc_port'
allow $1 dcc_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_dcc_port'
kernel,corenetwork.if,corenet_udp_sendrecv_dcc_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_dcc_port'
kernel,corenetwork.if,corenet_tcp_bind_dcc_port'
allow $1 dcc_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_dcc_port'
allow $1 dcc_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_dcc_port'
allow $1 dcc_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_dcc_client_packets'
allow $1 dcc_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_dcc_client_packets'
kernel,corenetwork.if,corenet_receive_dcc_client_packets'
allow $1 dcc_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_dcc_client_packets'
kernel,corenetwork.if,corenet_sendrecv_dcc_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_dcc_client_packets'
kernel,corenetwork.if,corenet_relabelto_dcc_client_packets'
allow $1 dcc_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_dcc_server_packets'
allow $1 dcc_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_dcc_server_packets'
kernel,corenetwork.if,corenet_receive_dcc_server_packets'
allow $1 dcc_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_dcc_server_packets'
kernel,corenetwork.if,corenet_sendrecv_dcc_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_dcc_server_packets'
kernel,corenetwork.if,corenet_relabelto_dcc_server_packets'
allow $1 dcc_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_dbskkd_port'
allow $1 dbskkd_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_dbskkd_port'
allow $1 dbskkd_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_dbskkd_port'
kernel,corenetwork.if,corenet_udp_receive_dbskkd_port'
allow $1 dbskkd_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_dbskkd_port'
kernel,corenetwork.if,corenet_udp_sendrecv_dbskkd_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_dbskkd_port'
kernel,corenetwork.if,corenet_tcp_bind_dbskkd_port'
allow $1 dbskkd_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_dbskkd_port'
allow $1 dbskkd_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_dbskkd_port'
allow $1 dbskkd_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_dbskkd_client_packets'
allow $1 dbskkd_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_dbskkd_client_packets'
kernel,corenetwork.if,corenet_receive_dbskkd_client_packets'
allow $1 dbskkd_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_dbskkd_client_packets'
kernel,corenetwork.if,corenet_sendrecv_dbskkd_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_dbskkd_client_packets'
kernel,corenetwork.if,corenet_relabelto_dbskkd_client_packets'
allow $1 dbskkd_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_dbskkd_server_packets'
allow $1 dbskkd_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_dbskkd_server_packets'
kernel,corenetwork.if,corenet_receive_dbskkd_server_packets'
allow $1 dbskkd_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_dbskkd_server_packets'
kernel,corenetwork.if,corenet_sendrecv_dbskkd_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_dbskkd_server_packets'
kernel,corenetwork.if,corenet_relabelto_dbskkd_server_packets'
allow $1 dbskkd_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_dhcpc_port'
allow $1 dhcpc_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_dhcpc_port'
allow $1 dhcpc_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_dhcpc_port'
kernel,corenetwork.if,corenet_udp_receive_dhcpc_port'
allow $1 dhcpc_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_dhcpc_port'
kernel,corenetwork.if,corenet_udp_sendrecv_dhcpc_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_dhcpc_port'
kernel,corenetwork.if,corenet_tcp_bind_dhcpc_port'
allow $1 dhcpc_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_dhcpc_port'
allow $1 dhcpc_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_dhcpc_port'
allow $1 dhcpc_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_dhcpc_client_packets'
allow $1 dhcpc_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_dhcpc_client_packets'
kernel,corenetwork.if,corenet_receive_dhcpc_client_packets'
allow $1 dhcpc_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_dhcpc_client_packets'
kernel,corenetwork.if,corenet_sendrecv_dhcpc_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_dhcpc_client_packets'
kernel,corenetwork.if,corenet_relabelto_dhcpc_client_packets'
allow $1 dhcpc_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_dhcpc_server_packets'
allow $1 dhcpc_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_dhcpc_server_packets'
kernel,corenetwork.if,corenet_receive_dhcpc_server_packets'
allow $1 dhcpc_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_dhcpc_server_packets'
kernel,corenetwork.if,corenet_sendrecv_dhcpc_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_dhcpc_server_packets'
kernel,corenetwork.if,corenet_relabelto_dhcpc_server_packets'
allow $1 dhcpc_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_dhcpd_port'
allow $1 dhcpd_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_dhcpd_port'
allow $1 dhcpd_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_dhcpd_port'
kernel,corenetwork.if,corenet_udp_receive_dhcpd_port'
allow $1 dhcpd_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_dhcpd_port'
kernel,corenetwork.if,corenet_udp_sendrecv_dhcpd_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_dhcpd_port'
kernel,corenetwork.if,corenet_tcp_bind_dhcpd_port'
allow $1 dhcpd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_dhcpd_port'
allow $1 dhcpd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_dhcpd_port'
allow $1 dhcpd_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_dhcpd_client_packets'
allow $1 dhcpd_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_dhcpd_client_packets'
kernel,corenetwork.if,corenet_receive_dhcpd_client_packets'
allow $1 dhcpd_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_dhcpd_client_packets'
kernel,corenetwork.if,corenet_sendrecv_dhcpd_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_dhcpd_client_packets'
kernel,corenetwork.if,corenet_relabelto_dhcpd_client_packets'
allow $1 dhcpd_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_dhcpd_server_packets'
allow $1 dhcpd_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_dhcpd_server_packets'
kernel,corenetwork.if,corenet_receive_dhcpd_server_packets'
allow $1 dhcpd_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_dhcpd_server_packets'
kernel,corenetwork.if,corenet_sendrecv_dhcpd_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_dhcpd_server_packets'
kernel,corenetwork.if,corenet_relabelto_dhcpd_server_packets'
allow $1 dhcpd_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_dict_port'
allow $1 dict_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_dict_port'
allow $1 dict_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_dict_port'
kernel,corenetwork.if,corenet_udp_receive_dict_port'
allow $1 dict_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_dict_port'
kernel,corenetwork.if,corenet_udp_sendrecv_dict_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_dict_port'
kernel,corenetwork.if,corenet_tcp_bind_dict_port'
allow $1 dict_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_dict_port'
allow $1 dict_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_dict_port'
allow $1 dict_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_dict_client_packets'
allow $1 dict_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_dict_client_packets'
kernel,corenetwork.if,corenet_receive_dict_client_packets'
allow $1 dict_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_dict_client_packets'
kernel,corenetwork.if,corenet_sendrecv_dict_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_dict_client_packets'
kernel,corenetwork.if,corenet_relabelto_dict_client_packets'
allow $1 dict_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_dict_server_packets'
allow $1 dict_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_dict_server_packets'
kernel,corenetwork.if,corenet_receive_dict_server_packets'
allow $1 dict_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_dict_server_packets'
kernel,corenetwork.if,corenet_sendrecv_dict_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_dict_server_packets'
kernel,corenetwork.if,corenet_relabelto_dict_server_packets'
allow $1 dict_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_distccd_port'
allow $1 distccd_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_distccd_port'
allow $1 distccd_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_distccd_port'
kernel,corenetwork.if,corenet_udp_receive_distccd_port'
allow $1 distccd_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_distccd_port'
kernel,corenetwork.if,corenet_udp_sendrecv_distccd_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_distccd_port'
kernel,corenetwork.if,corenet_tcp_bind_distccd_port'
allow $1 distccd_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_distccd_port'
allow $1 distccd_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_distccd_port'
allow $1 distccd_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_distccd_client_packets'
allow $1 distccd_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_distccd_client_packets'
kernel,corenetwork.if,corenet_receive_distccd_client_packets'
allow $1 distccd_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_distccd_client_packets'
kernel,corenetwork.if,corenet_sendrecv_distccd_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_distccd_client_packets'
kernel,corenetwork.if,corenet_relabelto_distccd_client_packets'
allow $1 distccd_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_distccd_server_packets'
allow $1 distccd_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_distccd_server_packets'
kernel,corenetwork.if,corenet_receive_distccd_server_packets'
allow $1 distccd_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_distccd_server_packets'
kernel,corenetwork.if,corenet_sendrecv_distccd_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_distccd_server_packets'
kernel,corenetwork.if,corenet_relabelto_distccd_server_packets'
allow $1 distccd_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_dns_port'
allow $1 dns_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_dns_port'
allow $1 dns_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_dns_port'
kernel,corenetwork.if,corenet_udp_receive_dns_port'
allow $1 dns_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_dns_port'
kernel,corenetwork.if,corenet_udp_sendrecv_dns_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_dns_port'
kernel,corenetwork.if,corenet_tcp_bind_dns_port'
allow $1 dns_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_dns_port'
allow $1 dns_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_dns_port'
allow $1 dns_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_dns_client_packets'
allow $1 dns_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_dns_client_packets'
kernel,corenetwork.if,corenet_receive_dns_client_packets'
allow $1 dns_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_dns_client_packets'
kernel,corenetwork.if,corenet_sendrecv_dns_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_dns_client_packets'
kernel,corenetwork.if,corenet_relabelto_dns_client_packets'
allow $1 dns_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_dns_server_packets'
allow $1 dns_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_dns_server_packets'
kernel,corenetwork.if,corenet_receive_dns_server_packets'
allow $1 dns_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_dns_server_packets'
kernel,corenetwork.if,corenet_sendrecv_dns_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_dns_server_packets'
kernel,corenetwork.if,corenet_relabelto_dns_server_packets'
allow $1 dns_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_fingerd_port'
allow $1 fingerd_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_fingerd_port'
allow $1 fingerd_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_fingerd_port'
kernel,corenetwork.if,corenet_udp_receive_fingerd_port'
allow $1 fingerd_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_fingerd_port'
kernel,corenetwork.if,corenet_udp_sendrecv_fingerd_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_fingerd_port'
kernel,corenetwork.if,corenet_tcp_bind_fingerd_port'
allow $1 fingerd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_fingerd_port'
allow $1 fingerd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_fingerd_port'
allow $1 fingerd_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_fingerd_client_packets'
allow $1 fingerd_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_fingerd_client_packets'
kernel,corenetwork.if,corenet_receive_fingerd_client_packets'
allow $1 fingerd_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_fingerd_client_packets'
kernel,corenetwork.if,corenet_sendrecv_fingerd_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_fingerd_client_packets'
kernel,corenetwork.if,corenet_relabelto_fingerd_client_packets'
allow $1 fingerd_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_fingerd_server_packets'
allow $1 fingerd_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_fingerd_server_packets'
kernel,corenetwork.if,corenet_receive_fingerd_server_packets'
allow $1 fingerd_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_fingerd_server_packets'
kernel,corenetwork.if,corenet_sendrecv_fingerd_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_fingerd_server_packets'
kernel,corenetwork.if,corenet_relabelto_fingerd_server_packets'
allow $1 fingerd_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_ftp_data_port'
allow $1 ftp_data_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_ftp_data_port'
allow $1 ftp_data_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_ftp_data_port'
kernel,corenetwork.if,corenet_udp_receive_ftp_data_port'
allow $1 ftp_data_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_ftp_data_port'
kernel,corenetwork.if,corenet_udp_sendrecv_ftp_data_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_ftp_data_port'
kernel,corenetwork.if,corenet_tcp_bind_ftp_data_port'
allow $1 ftp_data_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_ftp_data_port'
allow $1 ftp_data_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_ftp_data_port'
allow $1 ftp_data_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_ftp_data_client_packets'
allow $1 ftp_data_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_ftp_data_client_packets'
kernel,corenetwork.if,corenet_receive_ftp_data_client_packets'
allow $1 ftp_data_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_ftp_data_client_packets'
kernel,corenetwork.if,corenet_sendrecv_ftp_data_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_ftp_data_client_packets'
kernel,corenetwork.if,corenet_relabelto_ftp_data_client_packets'
allow $1 ftp_data_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_ftp_data_server_packets'
allow $1 ftp_data_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_ftp_data_server_packets'
kernel,corenetwork.if,corenet_receive_ftp_data_server_packets'
allow $1 ftp_data_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_ftp_data_server_packets'
kernel,corenetwork.if,corenet_sendrecv_ftp_data_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_ftp_data_server_packets'
kernel,corenetwork.if,corenet_relabelto_ftp_data_server_packets'
allow $1 ftp_data_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_ftp_port'
allow $1 ftp_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_ftp_port'
allow $1 ftp_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_ftp_port'
kernel,corenetwork.if,corenet_udp_receive_ftp_port'
allow $1 ftp_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_ftp_port'
kernel,corenetwork.if,corenet_udp_sendrecv_ftp_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_ftp_port'
kernel,corenetwork.if,corenet_tcp_bind_ftp_port'
allow $1 ftp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_ftp_port'
allow $1 ftp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_ftp_port'
allow $1 ftp_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_ftp_client_packets'
allow $1 ftp_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_ftp_client_packets'
kernel,corenetwork.if,corenet_receive_ftp_client_packets'
allow $1 ftp_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_ftp_client_packets'
kernel,corenetwork.if,corenet_sendrecv_ftp_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_ftp_client_packets'
kernel,corenetwork.if,corenet_relabelto_ftp_client_packets'
allow $1 ftp_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_ftp_server_packets'
allow $1 ftp_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_ftp_server_packets'
kernel,corenetwork.if,corenet_receive_ftp_server_packets'
allow $1 ftp_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_ftp_server_packets'
kernel,corenetwork.if,corenet_sendrecv_ftp_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_ftp_server_packets'
kernel,corenetwork.if,corenet_relabelto_ftp_server_packets'
allow $1 ftp_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_gatekeeper_port'
allow $1 gatekeeper_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_gatekeeper_port'
allow $1 gatekeeper_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_gatekeeper_port'
kernel,corenetwork.if,corenet_udp_receive_gatekeeper_port'
allow $1 gatekeeper_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_gatekeeper_port'
kernel,corenetwork.if,corenet_udp_sendrecv_gatekeeper_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_gatekeeper_port'
kernel,corenetwork.if,corenet_tcp_bind_gatekeeper_port'
allow $1 gatekeeper_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_gatekeeper_port'
allow $1 gatekeeper_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_gatekeeper_port'
allow $1 gatekeeper_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_gatekeeper_client_packets'
allow $1 gatekeeper_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_gatekeeper_client_packets'
kernel,corenetwork.if,corenet_receive_gatekeeper_client_packets'
allow $1 gatekeeper_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_gatekeeper_client_packets'
kernel,corenetwork.if,corenet_sendrecv_gatekeeper_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_gatekeeper_client_packets'
kernel,corenetwork.if,corenet_relabelto_gatekeeper_client_packets'
allow $1 gatekeeper_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_gatekeeper_server_packets'
allow $1 gatekeeper_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_gatekeeper_server_packets'
kernel,corenetwork.if,corenet_receive_gatekeeper_server_packets'
allow $1 gatekeeper_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_gatekeeper_server_packets'
kernel,corenetwork.if,corenet_sendrecv_gatekeeper_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_gatekeeper_server_packets'
kernel,corenetwork.if,corenet_relabelto_gatekeeper_server_packets'
allow $1 gatekeeper_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_giftd_port'
allow $1 giftd_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_giftd_port'
allow $1 giftd_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_giftd_port'
kernel,corenetwork.if,corenet_udp_receive_giftd_port'
allow $1 giftd_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_giftd_port'
kernel,corenetwork.if,corenet_udp_sendrecv_giftd_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_giftd_port'
kernel,corenetwork.if,corenet_tcp_bind_giftd_port'
allow $1 giftd_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_giftd_port'
allow $1 giftd_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_giftd_port'
allow $1 giftd_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_giftd_client_packets'
allow $1 giftd_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_giftd_client_packets'
kernel,corenetwork.if,corenet_receive_giftd_client_packets'
allow $1 giftd_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_giftd_client_packets'
kernel,corenetwork.if,corenet_sendrecv_giftd_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_giftd_client_packets'
kernel,corenetwork.if,corenet_relabelto_giftd_client_packets'
allow $1 giftd_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_giftd_server_packets'
allow $1 giftd_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_giftd_server_packets'
kernel,corenetwork.if,corenet_receive_giftd_server_packets'
allow $1 giftd_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_giftd_server_packets'
kernel,corenetwork.if,corenet_sendrecv_giftd_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_giftd_server_packets'
kernel,corenetwork.if,corenet_relabelto_giftd_server_packets'
allow $1 giftd_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_gopher_port'
allow $1 gopher_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_gopher_port'
allow $1 gopher_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_gopher_port'
kernel,corenetwork.if,corenet_udp_receive_gopher_port'
allow $1 gopher_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_gopher_port'
kernel,corenetwork.if,corenet_udp_sendrecv_gopher_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_gopher_port'
kernel,corenetwork.if,corenet_tcp_bind_gopher_port'
allow $1 gopher_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_gopher_port'
allow $1 gopher_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_gopher_port'
allow $1 gopher_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_gopher_client_packets'
allow $1 gopher_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_gopher_client_packets'
kernel,corenetwork.if,corenet_receive_gopher_client_packets'
allow $1 gopher_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_gopher_client_packets'
kernel,corenetwork.if,corenet_sendrecv_gopher_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_gopher_client_packets'
kernel,corenetwork.if,corenet_relabelto_gopher_client_packets'
allow $1 gopher_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_gopher_server_packets'
allow $1 gopher_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_gopher_server_packets'
kernel,corenetwork.if,corenet_receive_gopher_server_packets'
allow $1 gopher_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_gopher_server_packets'
kernel,corenetwork.if,corenet_sendrecv_gopher_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_gopher_server_packets'
kernel,corenetwork.if,corenet_relabelto_gopher_server_packets'
allow $1 gopher_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_http_cache_port'
allow $1 http_cache_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_http_cache_port'
allow $1 http_cache_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_http_cache_port'
kernel,corenetwork.if,corenet_udp_receive_http_cache_port'
allow $1 http_cache_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_http_cache_port'
kernel,corenetwork.if,corenet_udp_sendrecv_http_cache_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_http_cache_port'
kernel,corenetwork.if,corenet_tcp_bind_http_cache_port'
allow $1 http_cache_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_http_cache_port'
allow $1 http_cache_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_http_cache_port'
allow $1 http_cache_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_http_cache_client_packets'
allow $1 http_cache_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_http_cache_client_packets'
kernel,corenetwork.if,corenet_receive_http_cache_client_packets'
allow $1 http_cache_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_http_cache_client_packets'
kernel,corenetwork.if,corenet_sendrecv_http_cache_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_http_cache_client_packets'
kernel,corenetwork.if,corenet_relabelto_http_cache_client_packets'
allow $1 http_cache_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_http_cache_server_packets'
allow $1 http_cache_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_http_cache_server_packets'
kernel,corenetwork.if,corenet_receive_http_cache_server_packets'
allow $1 http_cache_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_http_cache_server_packets'
kernel,corenetwork.if,corenet_sendrecv_http_cache_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_http_cache_server_packets'
kernel,corenetwork.if,corenet_relabelto_http_cache_server_packets'
allow $1 http_cache_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_http_port'
allow $1 http_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_http_port'
allow $1 http_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_http_port'
kernel,corenetwork.if,corenet_udp_receive_http_port'
allow $1 http_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_http_port'
kernel,corenetwork.if,corenet_udp_sendrecv_http_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_http_port'
kernel,corenetwork.if,corenet_tcp_bind_http_port'
allow $1 http_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_http_port'
allow $1 http_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_http_port'
allow $1 http_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_http_client_packets'
allow $1 http_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_http_client_packets'
kernel,corenetwork.if,corenet_receive_http_client_packets'
allow $1 http_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_http_client_packets'
kernel,corenetwork.if,corenet_sendrecv_http_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_http_client_packets'
kernel,corenetwork.if,corenet_relabelto_http_client_packets'
allow $1 http_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_http_server_packets'
allow $1 http_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_http_server_packets'
kernel,corenetwork.if,corenet_receive_http_server_packets'
allow $1 http_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_http_server_packets'
kernel,corenetwork.if,corenet_sendrecv_http_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_http_server_packets'
kernel,corenetwork.if,corenet_relabelto_http_server_packets'
allow $1 http_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_howl_port'
allow $1 howl_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_howl_port'
allow $1 howl_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_howl_port'
kernel,corenetwork.if,corenet_udp_receive_howl_port'
allow $1 howl_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_howl_port'
kernel,corenetwork.if,corenet_udp_sendrecv_howl_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_howl_port'
kernel,corenetwork.if,corenet_tcp_bind_howl_port'
allow $1 howl_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_howl_port'
allow $1 howl_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_howl_port'
allow $1 howl_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_howl_client_packets'
allow $1 howl_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_howl_client_packets'
kernel,corenetwork.if,corenet_receive_howl_client_packets'
allow $1 howl_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_howl_client_packets'
kernel,corenetwork.if,corenet_sendrecv_howl_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_howl_client_packets'
kernel,corenetwork.if,corenet_relabelto_howl_client_packets'
allow $1 howl_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_howl_server_packets'
allow $1 howl_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_howl_server_packets'
kernel,corenetwork.if,corenet_receive_howl_server_packets'
allow $1 howl_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_howl_server_packets'
kernel,corenetwork.if,corenet_sendrecv_howl_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_howl_server_packets'
kernel,corenetwork.if,corenet_relabelto_howl_server_packets'
allow $1 howl_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_hplip_port'
allow $1 hplip_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_hplip_port'
allow $1 hplip_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_hplip_port'
kernel,corenetwork.if,corenet_udp_receive_hplip_port'
allow $1 hplip_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_hplip_port'
kernel,corenetwork.if,corenet_udp_sendrecv_hplip_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_hplip_port'
kernel,corenetwork.if,corenet_tcp_bind_hplip_port'
allow $1 hplip_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_hplip_port'
allow $1 hplip_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_hplip_port'
allow $1 hplip_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_hplip_client_packets'
allow $1 hplip_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_hplip_client_packets'
kernel,corenetwork.if,corenet_receive_hplip_client_packets'
allow $1 hplip_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_hplip_client_packets'
kernel,corenetwork.if,corenet_sendrecv_hplip_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_hplip_client_packets'
kernel,corenetwork.if,corenet_relabelto_hplip_client_packets'
allow $1 hplip_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_hplip_server_packets'
allow $1 hplip_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_hplip_server_packets'
kernel,corenetwork.if,corenet_receive_hplip_server_packets'
allow $1 hplip_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_hplip_server_packets'
kernel,corenetwork.if,corenet_sendrecv_hplip_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_hplip_server_packets'
kernel,corenetwork.if,corenet_relabelto_hplip_server_packets'
allow $1 hplip_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_i18n_input_port'
allow $1 i18n_input_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_i18n_input_port'
allow $1 i18n_input_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_i18n_input_port'
kernel,corenetwork.if,corenet_udp_receive_i18n_input_port'
allow $1 i18n_input_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_i18n_input_port'
kernel,corenetwork.if,corenet_udp_sendrecv_i18n_input_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_i18n_input_port'
kernel,corenetwork.if,corenet_tcp_bind_i18n_input_port'
allow $1 i18n_input_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_i18n_input_port'
allow $1 i18n_input_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_i18n_input_port'
allow $1 i18n_input_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_i18n_input_client_packets'
allow $1 i18n_input_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_i18n_input_client_packets'
kernel,corenetwork.if,corenet_receive_i18n_input_client_packets'
allow $1 i18n_input_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_i18n_input_client_packets'
kernel,corenetwork.if,corenet_sendrecv_i18n_input_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_i18n_input_client_packets'
kernel,corenetwork.if,corenet_relabelto_i18n_input_client_packets'
allow $1 i18n_input_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_i18n_input_server_packets'
allow $1 i18n_input_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_i18n_input_server_packets'
kernel,corenetwork.if,corenet_receive_i18n_input_server_packets'
allow $1 i18n_input_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_i18n_input_server_packets'
kernel,corenetwork.if,corenet_sendrecv_i18n_input_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_i18n_input_server_packets'
kernel,corenetwork.if,corenet_relabelto_i18n_input_server_packets'
allow $1 i18n_input_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_imaze_port'
allow $1 imaze_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_imaze_port'
allow $1 imaze_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_imaze_port'
kernel,corenetwork.if,corenet_udp_receive_imaze_port'
allow $1 imaze_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_imaze_port'
kernel,corenetwork.if,corenet_udp_sendrecv_imaze_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_imaze_port'
kernel,corenetwork.if,corenet_tcp_bind_imaze_port'
allow $1 imaze_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_imaze_port'
allow $1 imaze_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_imaze_port'
allow $1 imaze_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_imaze_client_packets'
allow $1 imaze_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_imaze_client_packets'
kernel,corenetwork.if,corenet_receive_imaze_client_packets'
allow $1 imaze_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_imaze_client_packets'
kernel,corenetwork.if,corenet_sendrecv_imaze_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_imaze_client_packets'
kernel,corenetwork.if,corenet_relabelto_imaze_client_packets'
allow $1 imaze_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_imaze_server_packets'
allow $1 imaze_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_imaze_server_packets'
kernel,corenetwork.if,corenet_receive_imaze_server_packets'
allow $1 imaze_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_imaze_server_packets'
kernel,corenetwork.if,corenet_sendrecv_imaze_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_imaze_server_packets'
kernel,corenetwork.if,corenet_relabelto_imaze_server_packets'
allow $1 imaze_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_inetd_child_port'
allow $1 inetd_child_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_inetd_child_port'
allow $1 inetd_child_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_inetd_child_port'
kernel,corenetwork.if,corenet_udp_receive_inetd_child_port'
allow $1 inetd_child_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_inetd_child_port'
kernel,corenetwork.if,corenet_udp_sendrecv_inetd_child_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_inetd_child_port'
kernel,corenetwork.if,corenet_tcp_bind_inetd_child_port'
allow $1 inetd_child_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_inetd_child_port'
allow $1 inetd_child_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_inetd_child_port'
allow $1 inetd_child_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_inetd_child_client_packets'
allow $1 inetd_child_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_inetd_child_client_packets'
kernel,corenetwork.if,corenet_receive_inetd_child_client_packets'
allow $1 inetd_child_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_inetd_child_client_packets'
kernel,corenetwork.if,corenet_sendrecv_inetd_child_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_inetd_child_client_packets'
kernel,corenetwork.if,corenet_relabelto_inetd_child_client_packets'
allow $1 inetd_child_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_inetd_child_server_packets'
allow $1 inetd_child_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_inetd_child_server_packets'
kernel,corenetwork.if,corenet_receive_inetd_child_server_packets'
allow $1 inetd_child_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_inetd_child_server_packets'
kernel,corenetwork.if,corenet_sendrecv_inetd_child_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_inetd_child_server_packets'
kernel,corenetwork.if,corenet_relabelto_inetd_child_server_packets'
allow $1 inetd_child_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_innd_port'
allow $1 innd_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_innd_port'
allow $1 innd_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_innd_port'
kernel,corenetwork.if,corenet_udp_receive_innd_port'
allow $1 innd_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_innd_port'
kernel,corenetwork.if,corenet_udp_sendrecv_innd_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_innd_port'
kernel,corenetwork.if,corenet_tcp_bind_innd_port'
allow $1 innd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_innd_port'
allow $1 innd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_innd_port'
allow $1 innd_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_innd_client_packets'
allow $1 innd_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_innd_client_packets'
kernel,corenetwork.if,corenet_receive_innd_client_packets'
allow $1 innd_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_innd_client_packets'
kernel,corenetwork.if,corenet_sendrecv_innd_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_innd_client_packets'
kernel,corenetwork.if,corenet_relabelto_innd_client_packets'
allow $1 innd_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_innd_server_packets'
allow $1 innd_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_innd_server_packets'
kernel,corenetwork.if,corenet_receive_innd_server_packets'
allow $1 innd_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_innd_server_packets'
kernel,corenetwork.if,corenet_sendrecv_innd_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_innd_server_packets'
kernel,corenetwork.if,corenet_relabelto_innd_server_packets'
allow $1 innd_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_ipp_port'
allow $1 ipp_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_ipp_port'
allow $1 ipp_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_ipp_port'
kernel,corenetwork.if,corenet_udp_receive_ipp_port'
allow $1 ipp_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_ipp_port'
kernel,corenetwork.if,corenet_udp_sendrecv_ipp_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_ipp_port'
kernel,corenetwork.if,corenet_tcp_bind_ipp_port'
allow $1 ipp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_ipp_port'
allow $1 ipp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_ipp_port'
allow $1 ipp_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_ipp_client_packets'
allow $1 ipp_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_ipp_client_packets'
kernel,corenetwork.if,corenet_receive_ipp_client_packets'
allow $1 ipp_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_ipp_client_packets'
kernel,corenetwork.if,corenet_sendrecv_ipp_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_ipp_client_packets'
kernel,corenetwork.if,corenet_relabelto_ipp_client_packets'
allow $1 ipp_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_ipp_server_packets'
allow $1 ipp_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_ipp_server_packets'
kernel,corenetwork.if,corenet_receive_ipp_server_packets'
allow $1 ipp_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_ipp_server_packets'
kernel,corenetwork.if,corenet_sendrecv_ipp_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_ipp_server_packets'
kernel,corenetwork.if,corenet_relabelto_ipp_server_packets'
allow $1 ipp_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_ipsecnat_port'
allow $1 ipsecnat_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_ipsecnat_port'
allow $1 ipsecnat_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_ipsecnat_port'
kernel,corenetwork.if,corenet_udp_receive_ipsecnat_port'
allow $1 ipsecnat_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_ipsecnat_port'
kernel,corenetwork.if,corenet_udp_sendrecv_ipsecnat_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_ipsecnat_port'
kernel,corenetwork.if,corenet_tcp_bind_ipsecnat_port'
allow $1 ipsecnat_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_ipsecnat_port'
allow $1 ipsecnat_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_ipsecnat_port'
allow $1 ipsecnat_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_ipsecnat_client_packets'
allow $1 ipsecnat_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_ipsecnat_client_packets'
kernel,corenetwork.if,corenet_receive_ipsecnat_client_packets'
allow $1 ipsecnat_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_ipsecnat_client_packets'
kernel,corenetwork.if,corenet_sendrecv_ipsecnat_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_ipsecnat_client_packets'
kernel,corenetwork.if,corenet_relabelto_ipsecnat_client_packets'
allow $1 ipsecnat_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_ipsecnat_server_packets'
allow $1 ipsecnat_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_ipsecnat_server_packets'
kernel,corenetwork.if,corenet_receive_ipsecnat_server_packets'
allow $1 ipsecnat_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_ipsecnat_server_packets'
kernel,corenetwork.if,corenet_sendrecv_ipsecnat_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_ipsecnat_server_packets'
kernel,corenetwork.if,corenet_relabelto_ipsecnat_server_packets'
allow $1 ipsecnat_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_ircd_port'
allow $1 ircd_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_ircd_port'
allow $1 ircd_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_ircd_port'
kernel,corenetwork.if,corenet_udp_receive_ircd_port'
allow $1 ircd_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_ircd_port'
kernel,corenetwork.if,corenet_udp_sendrecv_ircd_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_ircd_port'
kernel,corenetwork.if,corenet_tcp_bind_ircd_port'
allow $1 ircd_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_ircd_port'
allow $1 ircd_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_ircd_port'
allow $1 ircd_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_ircd_client_packets'
allow $1 ircd_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_ircd_client_packets'
kernel,corenetwork.if,corenet_receive_ircd_client_packets'
allow $1 ircd_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_ircd_client_packets'
kernel,corenetwork.if,corenet_sendrecv_ircd_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_ircd_client_packets'
kernel,corenetwork.if,corenet_relabelto_ircd_client_packets'
allow $1 ircd_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_ircd_server_packets'
allow $1 ircd_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_ircd_server_packets'
kernel,corenetwork.if,corenet_receive_ircd_server_packets'
allow $1 ircd_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_ircd_server_packets'
kernel,corenetwork.if,corenet_sendrecv_ircd_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_ircd_server_packets'
kernel,corenetwork.if,corenet_relabelto_ircd_server_packets'
allow $1 ircd_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_ipmi_port'
allow $1 ipmi_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_ipmi_port'
allow $1 ipmi_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_ipmi_port'
kernel,corenetwork.if,corenet_udp_receive_ipmi_port'
allow $1 ipmi_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_ipmi_port'
kernel,corenetwork.if,corenet_udp_sendrecv_ipmi_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_ipmi_port'
kernel,corenetwork.if,corenet_tcp_bind_ipmi_port'
allow $1 ipmi_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_ipmi_port'
allow $1 ipmi_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_ipmi_port'
allow $1 ipmi_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_ipmi_client_packets'
allow $1 ipmi_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_ipmi_client_packets'
kernel,corenetwork.if,corenet_receive_ipmi_client_packets'
allow $1 ipmi_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_ipmi_client_packets'
kernel,corenetwork.if,corenet_sendrecv_ipmi_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_ipmi_client_packets'
kernel,corenetwork.if,corenet_relabelto_ipmi_client_packets'
allow $1 ipmi_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_ipmi_server_packets'
allow $1 ipmi_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_ipmi_server_packets'
kernel,corenetwork.if,corenet_receive_ipmi_server_packets'
allow $1 ipmi_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_ipmi_server_packets'
kernel,corenetwork.if,corenet_sendrecv_ipmi_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_ipmi_server_packets'
kernel,corenetwork.if,corenet_relabelto_ipmi_server_packets'
allow $1 ipmi_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_isakmp_port'
allow $1 isakmp_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_isakmp_port'
allow $1 isakmp_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_isakmp_port'
kernel,corenetwork.if,corenet_udp_receive_isakmp_port'
allow $1 isakmp_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_isakmp_port'
kernel,corenetwork.if,corenet_udp_sendrecv_isakmp_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_isakmp_port'
kernel,corenetwork.if,corenet_tcp_bind_isakmp_port'
allow $1 isakmp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_isakmp_port'
allow $1 isakmp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_isakmp_port'
allow $1 isakmp_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_isakmp_client_packets'
allow $1 isakmp_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_isakmp_client_packets'
kernel,corenetwork.if,corenet_receive_isakmp_client_packets'
allow $1 isakmp_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_isakmp_client_packets'
kernel,corenetwork.if,corenet_sendrecv_isakmp_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_isakmp_client_packets'
kernel,corenetwork.if,corenet_relabelto_isakmp_client_packets'
allow $1 isakmp_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_isakmp_server_packets'
allow $1 isakmp_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_isakmp_server_packets'
kernel,corenetwork.if,corenet_receive_isakmp_server_packets'
allow $1 isakmp_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_isakmp_server_packets'
kernel,corenetwork.if,corenet_sendrecv_isakmp_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_isakmp_server_packets'
kernel,corenetwork.if,corenet_relabelto_isakmp_server_packets'
allow $1 isakmp_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_iscsi_port'
allow $1 iscsi_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_iscsi_port'
allow $1 iscsi_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_iscsi_port'
kernel,corenetwork.if,corenet_udp_receive_iscsi_port'
allow $1 iscsi_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_iscsi_port'
kernel,corenetwork.if,corenet_udp_sendrecv_iscsi_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_iscsi_port'
kernel,corenetwork.if,corenet_tcp_bind_iscsi_port'
allow $1 iscsi_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_iscsi_port'
allow $1 iscsi_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_iscsi_port'
allow $1 iscsi_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_iscsi_client_packets'
allow $1 iscsi_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_iscsi_client_packets'
kernel,corenetwork.if,corenet_receive_iscsi_client_packets'
allow $1 iscsi_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_iscsi_client_packets'
kernel,corenetwork.if,corenet_sendrecv_iscsi_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_iscsi_client_packets'
kernel,corenetwork.if,corenet_relabelto_iscsi_client_packets'
allow $1 iscsi_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_iscsi_server_packets'
allow $1 iscsi_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_iscsi_server_packets'
kernel,corenetwork.if,corenet_receive_iscsi_server_packets'
allow $1 iscsi_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_iscsi_server_packets'
kernel,corenetwork.if,corenet_sendrecv_iscsi_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_iscsi_server_packets'
kernel,corenetwork.if,corenet_relabelto_iscsi_server_packets'
allow $1 iscsi_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_isns_port'
allow $1 isns_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_isns_port'
allow $1 isns_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_isns_port'
kernel,corenetwork.if,corenet_udp_receive_isns_port'
allow $1 isns_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_isns_port'
kernel,corenetwork.if,corenet_udp_sendrecv_isns_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_isns_port'
kernel,corenetwork.if,corenet_tcp_bind_isns_port'
allow $1 isns_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_isns_port'
allow $1 isns_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_isns_port'
allow $1 isns_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_isns_client_packets'
allow $1 isns_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_isns_client_packets'
kernel,corenetwork.if,corenet_receive_isns_client_packets'
allow $1 isns_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_isns_client_packets'
kernel,corenetwork.if,corenet_sendrecv_isns_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_isns_client_packets'
kernel,corenetwork.if,corenet_relabelto_isns_client_packets'
allow $1 isns_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_isns_server_packets'
allow $1 isns_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_isns_server_packets'
kernel,corenetwork.if,corenet_receive_isns_server_packets'
allow $1 isns_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_isns_server_packets'
kernel,corenetwork.if,corenet_sendrecv_isns_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_isns_server_packets'
kernel,corenetwork.if,corenet_relabelto_isns_server_packets'
allow $1 isns_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_jabber_client_port'
allow $1 jabber_client_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_jabber_client_port'
allow $1 jabber_client_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_jabber_client_port'
kernel,corenetwork.if,corenet_udp_receive_jabber_client_port'
allow $1 jabber_client_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_jabber_client_port'
kernel,corenetwork.if,corenet_udp_sendrecv_jabber_client_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_jabber_client_port'
kernel,corenetwork.if,corenet_tcp_bind_jabber_client_port'
allow $1 jabber_client_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_jabber_client_port'
allow $1 jabber_client_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_jabber_client_port'
allow $1 jabber_client_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_jabber_client_client_packets'
allow $1 jabber_client_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_jabber_client_client_packets'
kernel,corenetwork.if,corenet_receive_jabber_client_client_packets'
allow $1 jabber_client_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_jabber_client_client_packets'
kernel,corenetwork.if,corenet_sendrecv_jabber_client_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_jabber_client_client_packets'
kernel,corenetwork.if,corenet_relabelto_jabber_client_client_packets'
allow $1 jabber_client_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_jabber_client_server_packets'
allow $1 jabber_client_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_jabber_client_server_packets'
kernel,corenetwork.if,corenet_receive_jabber_client_server_packets'
allow $1 jabber_client_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_jabber_client_server_packets'
kernel,corenetwork.if,corenet_sendrecv_jabber_client_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_jabber_client_server_packets'
kernel,corenetwork.if,corenet_relabelto_jabber_client_server_packets'
allow $1 jabber_client_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_jabber_interserver_port'
allow $1 jabber_interserver_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_jabber_interserver_port'
allow $1 jabber_interserver_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_jabber_interserver_port'
kernel,corenetwork.if,corenet_udp_receive_jabber_interserver_port'
allow $1 jabber_interserver_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_jabber_interserver_port'
kernel,corenetwork.if,corenet_udp_sendrecv_jabber_interserver_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_jabber_interserver_port'
kernel,corenetwork.if,corenet_tcp_bind_jabber_interserver_port'
allow $1 jabber_interserver_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_jabber_interserver_port'
allow $1 jabber_interserver_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_jabber_interserver_port'
allow $1 jabber_interserver_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_jabber_interserver_client_packets'
allow $1 jabber_interserver_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_jabber_interserver_client_packets'
kernel,corenetwork.if,corenet_receive_jabber_interserver_client_packets'
allow $1 jabber_interserver_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_jabber_interserver_client_packets'
kernel,corenetwork.if,corenet_sendrecv_jabber_interserver_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_jabber_interserver_client_packets'
kernel,corenetwork.if,corenet_relabelto_jabber_interserver_client_packets'
allow $1 jabber_interserver_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_jabber_interserver_server_packets'
allow $1 jabber_interserver_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_jabber_interserver_server_packets'
kernel,corenetwork.if,corenet_receive_jabber_interserver_server_packets'
allow $1 jabber_interserver_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_jabber_interserver_server_packets'
kernel,corenetwork.if,corenet_sendrecv_jabber_interserver_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_jabber_interserver_server_packets'
kernel,corenetwork.if,corenet_relabelto_jabber_interserver_server_packets'
allow $1 jabber_interserver_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_kerberos_admin_port'
allow $1 kerberos_admin_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_kerberos_admin_port'
allow $1 kerberos_admin_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_kerberos_admin_port'
kernel,corenetwork.if,corenet_udp_receive_kerberos_admin_port'
allow $1 kerberos_admin_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_kerberos_admin_port'
kernel,corenetwork.if,corenet_udp_sendrecv_kerberos_admin_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_kerberos_admin_port'
kernel,corenetwork.if,corenet_tcp_bind_kerberos_admin_port'
allow $1 kerberos_admin_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_kerberos_admin_port'
allow $1 kerberos_admin_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_kerberos_admin_port'
allow $1 kerberos_admin_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_kerberos_admin_client_packets'
allow $1 kerberos_admin_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_kerberos_admin_client_packets'
kernel,corenetwork.if,corenet_receive_kerberos_admin_client_packets'
allow $1 kerberos_admin_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_kerberos_admin_client_packets'
kernel,corenetwork.if,corenet_sendrecv_kerberos_admin_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_kerberos_admin_client_packets'
kernel,corenetwork.if,corenet_relabelto_kerberos_admin_client_packets'
allow $1 kerberos_admin_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_kerberos_admin_server_packets'
allow $1 kerberos_admin_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_kerberos_admin_server_packets'
kernel,corenetwork.if,corenet_receive_kerberos_admin_server_packets'
allow $1 kerberos_admin_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_kerberos_admin_server_packets'
kernel,corenetwork.if,corenet_sendrecv_kerberos_admin_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_kerberos_admin_server_packets'
kernel,corenetwork.if,corenet_relabelto_kerberos_admin_server_packets'
allow $1 kerberos_admin_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_kerberos_master_port'
allow $1 kerberos_master_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_kerberos_master_port'
allow $1 kerberos_master_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_kerberos_master_port'
kernel,corenetwork.if,corenet_udp_receive_kerberos_master_port'
allow $1 kerberos_master_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_kerberos_master_port'
kernel,corenetwork.if,corenet_udp_sendrecv_kerberos_master_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_kerberos_master_port'
kernel,corenetwork.if,corenet_tcp_bind_kerberos_master_port'
allow $1 kerberos_master_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_kerberos_master_port'
allow $1 kerberos_master_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_kerberos_master_port'
allow $1 kerberos_master_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_kerberos_master_client_packets'
allow $1 kerberos_master_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_kerberos_master_client_packets'
kernel,corenetwork.if,corenet_receive_kerberos_master_client_packets'
allow $1 kerberos_master_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_kerberos_master_client_packets'
kernel,corenetwork.if,corenet_sendrecv_kerberos_master_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_kerberos_master_client_packets'
kernel,corenetwork.if,corenet_relabelto_kerberos_master_client_packets'
allow $1 kerberos_master_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_kerberos_master_server_packets'
allow $1 kerberos_master_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_kerberos_master_server_packets'
kernel,corenetwork.if,corenet_receive_kerberos_master_server_packets'
allow $1 kerberos_master_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_kerberos_master_server_packets'
kernel,corenetwork.if,corenet_sendrecv_kerberos_master_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_kerberos_master_server_packets'
kernel,corenetwork.if,corenet_relabelto_kerberos_master_server_packets'
allow $1 kerberos_master_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_kerberos_port'
allow $1 kerberos_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_kerberos_port'
allow $1 kerberos_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_kerberos_port'
kernel,corenetwork.if,corenet_udp_receive_kerberos_port'
allow $1 kerberos_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_kerberos_port'
kernel,corenetwork.if,corenet_udp_sendrecv_kerberos_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_kerberos_port'
kernel,corenetwork.if,corenet_tcp_bind_kerberos_port'
allow $1 kerberos_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_kerberos_port'
allow $1 kerberos_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_kerberos_port'
allow $1 kerberos_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_kerberos_client_packets'
allow $1 kerberos_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_kerberos_client_packets'
kernel,corenetwork.if,corenet_receive_kerberos_client_packets'
allow $1 kerberos_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_kerberos_client_packets'
kernel,corenetwork.if,corenet_sendrecv_kerberos_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_kerberos_client_packets'
kernel,corenetwork.if,corenet_relabelto_kerberos_client_packets'
allow $1 kerberos_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_kerberos_server_packets'
allow $1 kerberos_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_kerberos_server_packets'
kernel,corenetwork.if,corenet_receive_kerberos_server_packets'
allow $1 kerberos_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_kerberos_server_packets'
kernel,corenetwork.if,corenet_sendrecv_kerberos_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_kerberos_server_packets'
kernel,corenetwork.if,corenet_relabelto_kerberos_server_packets'
allow $1 kerberos_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_ktalkd_port'
allow $1 ktalkd_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_ktalkd_port'
allow $1 ktalkd_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_ktalkd_port'
kernel,corenetwork.if,corenet_udp_receive_ktalkd_port'
allow $1 ktalkd_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_ktalkd_port'
kernel,corenetwork.if,corenet_udp_sendrecv_ktalkd_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_ktalkd_port'
kernel,corenetwork.if,corenet_tcp_bind_ktalkd_port'
allow $1 ktalkd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_ktalkd_port'
allow $1 ktalkd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_ktalkd_port'
allow $1 ktalkd_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_ktalkd_client_packets'
allow $1 ktalkd_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_ktalkd_client_packets'
kernel,corenetwork.if,corenet_receive_ktalkd_client_packets'
allow $1 ktalkd_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_ktalkd_client_packets'
kernel,corenetwork.if,corenet_sendrecv_ktalkd_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_ktalkd_client_packets'
kernel,corenetwork.if,corenet_relabelto_ktalkd_client_packets'
allow $1 ktalkd_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_ktalkd_server_packets'
allow $1 ktalkd_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_ktalkd_server_packets'
kernel,corenetwork.if,corenet_receive_ktalkd_server_packets'
allow $1 ktalkd_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_ktalkd_server_packets'
kernel,corenetwork.if,corenet_sendrecv_ktalkd_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_ktalkd_server_packets'
kernel,corenetwork.if,corenet_relabelto_ktalkd_server_packets'
allow $1 ktalkd_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_ldap_port'
allow $1 ldap_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_ldap_port'
allow $1 ldap_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_ldap_port'
kernel,corenetwork.if,corenet_udp_receive_ldap_port'
allow $1 ldap_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_ldap_port'
kernel,corenetwork.if,corenet_udp_sendrecv_ldap_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_ldap_port'
kernel,corenetwork.if,corenet_tcp_bind_ldap_port'
allow $1 ldap_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_ldap_port'
allow $1 ldap_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_ldap_port'
allow $1 ldap_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_ldap_client_packets'
allow $1 ldap_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_ldap_client_packets'
kernel,corenetwork.if,corenet_receive_ldap_client_packets'
allow $1 ldap_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_ldap_client_packets'
kernel,corenetwork.if,corenet_sendrecv_ldap_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_ldap_client_packets'
kernel,corenetwork.if,corenet_relabelto_ldap_client_packets'
allow $1 ldap_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_ldap_server_packets'
allow $1 ldap_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_ldap_server_packets'
kernel,corenetwork.if,corenet_receive_ldap_server_packets'
allow $1 ldap_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_ldap_server_packets'
kernel,corenetwork.if,corenet_sendrecv_ldap_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_ldap_server_packets'
kernel,corenetwork.if,corenet_relabelto_ldap_server_packets'
allow $1 ldap_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_lmtp_port'
allow $1 lmtp_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_lmtp_port'
allow $1 lmtp_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_lmtp_port'
kernel,corenetwork.if,corenet_udp_receive_lmtp_port'
allow $1 lmtp_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_lmtp_port'
kernel,corenetwork.if,corenet_udp_sendrecv_lmtp_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_lmtp_port'
kernel,corenetwork.if,corenet_tcp_bind_lmtp_port'
allow $1 lmtp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_lmtp_port'
allow $1 lmtp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_lmtp_port'
allow $1 lmtp_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_lmtp_client_packets'
allow $1 lmtp_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_lmtp_client_packets'
kernel,corenetwork.if,corenet_receive_lmtp_client_packets'
allow $1 lmtp_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_lmtp_client_packets'
kernel,corenetwork.if,corenet_sendrecv_lmtp_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_lmtp_client_packets'
kernel,corenetwork.if,corenet_relabelto_lmtp_client_packets'
allow $1 lmtp_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_lmtp_server_packets'
allow $1 lmtp_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_lmtp_server_packets'
kernel,corenetwork.if,corenet_receive_lmtp_server_packets'
allow $1 lmtp_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_lmtp_server_packets'
kernel,corenetwork.if,corenet_sendrecv_lmtp_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_lmtp_server_packets'
kernel,corenetwork.if,corenet_relabelto_lmtp_server_packets'
allow $1 lmtp_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_mail_port'
allow $1 mail_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_mail_port'
allow $1 mail_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_mail_port'
kernel,corenetwork.if,corenet_udp_receive_mail_port'
allow $1 mail_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_mail_port'
kernel,corenetwork.if,corenet_udp_sendrecv_mail_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_mail_port'
kernel,corenetwork.if,corenet_tcp_bind_mail_port'
allow $1 mail_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_mail_port'
allow $1 mail_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_mail_port'
allow $1 mail_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_mail_client_packets'
allow $1 mail_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_mail_client_packets'
kernel,corenetwork.if,corenet_receive_mail_client_packets'
allow $1 mail_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_mail_client_packets'
kernel,corenetwork.if,corenet_sendrecv_mail_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_mail_client_packets'
kernel,corenetwork.if,corenet_relabelto_mail_client_packets'
allow $1 mail_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_mail_server_packets'
allow $1 mail_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_mail_server_packets'
kernel,corenetwork.if,corenet_receive_mail_server_packets'
allow $1 mail_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_mail_server_packets'
kernel,corenetwork.if,corenet_sendrecv_mail_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_mail_server_packets'
kernel,corenetwork.if,corenet_relabelto_mail_server_packets'
allow $1 mail_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_memcache_port'
allow $1 memcache_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_memcache_port'
allow $1 memcache_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_memcache_port'
kernel,corenetwork.if,corenet_udp_receive_memcache_port'
allow $1 memcache_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_memcache_port'
kernel,corenetwork.if,corenet_udp_sendrecv_memcache_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_memcache_port'
kernel,corenetwork.if,corenet_tcp_bind_memcache_port'
allow $1 memcache_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_memcache_port'
allow $1 memcache_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_memcache_port'
allow $1 memcache_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_memcache_client_packets'
allow $1 memcache_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_memcache_client_packets'
kernel,corenetwork.if,corenet_receive_memcache_client_packets'
allow $1 memcache_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_memcache_client_packets'
kernel,corenetwork.if,corenet_sendrecv_memcache_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_memcache_client_packets'
kernel,corenetwork.if,corenet_relabelto_memcache_client_packets'
allow $1 memcache_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_memcache_server_packets'
allow $1 memcache_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_memcache_server_packets'
kernel,corenetwork.if,corenet_receive_memcache_server_packets'
allow $1 memcache_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_memcache_server_packets'
kernel,corenetwork.if,corenet_sendrecv_memcache_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_memcache_server_packets'
kernel,corenetwork.if,corenet_relabelto_memcache_server_packets'
allow $1 memcache_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_mmcc_port'
allow $1 mmcc_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_mmcc_port'
allow $1 mmcc_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_mmcc_port'
kernel,corenetwork.if,corenet_udp_receive_mmcc_port'
allow $1 mmcc_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_mmcc_port'
kernel,corenetwork.if,corenet_udp_sendrecv_mmcc_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_mmcc_port'
kernel,corenetwork.if,corenet_tcp_bind_mmcc_port'
allow $1 mmcc_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_mmcc_port'
allow $1 mmcc_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_mmcc_port'
allow $1 mmcc_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_mmcc_client_packets'
allow $1 mmcc_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_mmcc_client_packets'
kernel,corenetwork.if,corenet_receive_mmcc_client_packets'
allow $1 mmcc_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_mmcc_client_packets'
kernel,corenetwork.if,corenet_sendrecv_mmcc_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_mmcc_client_packets'
kernel,corenetwork.if,corenet_relabelto_mmcc_client_packets'
allow $1 mmcc_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_mmcc_server_packets'
allow $1 mmcc_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_mmcc_server_packets'
kernel,corenetwork.if,corenet_receive_mmcc_server_packets'
allow $1 mmcc_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_mmcc_server_packets'
kernel,corenetwork.if,corenet_sendrecv_mmcc_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_mmcc_server_packets'
kernel,corenetwork.if,corenet_relabelto_mmcc_server_packets'
allow $1 mmcc_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_monopd_port'
allow $1 monopd_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_monopd_port'
allow $1 monopd_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_monopd_port'
kernel,corenetwork.if,corenet_udp_receive_monopd_port'
allow $1 monopd_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_monopd_port'
kernel,corenetwork.if,corenet_udp_sendrecv_monopd_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_monopd_port'
kernel,corenetwork.if,corenet_tcp_bind_monopd_port'
allow $1 monopd_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_monopd_port'
allow $1 monopd_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_monopd_port'
allow $1 monopd_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_monopd_client_packets'
allow $1 monopd_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_monopd_client_packets'
kernel,corenetwork.if,corenet_receive_monopd_client_packets'
allow $1 monopd_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_monopd_client_packets'
kernel,corenetwork.if,corenet_sendrecv_monopd_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_monopd_client_packets'
kernel,corenetwork.if,corenet_relabelto_monopd_client_packets'
allow $1 monopd_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_monopd_server_packets'
allow $1 monopd_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_monopd_server_packets'
kernel,corenetwork.if,corenet_receive_monopd_server_packets'
allow $1 monopd_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_monopd_server_packets'
kernel,corenetwork.if,corenet_sendrecv_monopd_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_monopd_server_packets'
kernel,corenetwork.if,corenet_relabelto_monopd_server_packets'
allow $1 monopd_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_msnp_port'
allow $1 msnp_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_msnp_port'
allow $1 msnp_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_msnp_port'
kernel,corenetwork.if,corenet_udp_receive_msnp_port'
allow $1 msnp_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_msnp_port'
kernel,corenetwork.if,corenet_udp_sendrecv_msnp_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_msnp_port'
kernel,corenetwork.if,corenet_tcp_bind_msnp_port'
allow $1 msnp_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_msnp_port'
allow $1 msnp_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_msnp_port'
allow $1 msnp_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_msnp_client_packets'
allow $1 msnp_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_msnp_client_packets'
kernel,corenetwork.if,corenet_receive_msnp_client_packets'
allow $1 msnp_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_msnp_client_packets'
kernel,corenetwork.if,corenet_sendrecv_msnp_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_msnp_client_packets'
kernel,corenetwork.if,corenet_relabelto_msnp_client_packets'
allow $1 msnp_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_msnp_server_packets'
allow $1 msnp_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_msnp_server_packets'
kernel,corenetwork.if,corenet_receive_msnp_server_packets'
allow $1 msnp_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_msnp_server_packets'
kernel,corenetwork.if,corenet_sendrecv_msnp_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_msnp_server_packets'
kernel,corenetwork.if,corenet_relabelto_msnp_server_packets'
allow $1 msnp_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_mysqld_port'
allow $1 mysqld_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_mysqld_port'
allow $1 mysqld_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_mysqld_port'
kernel,corenetwork.if,corenet_udp_receive_mysqld_port'
allow $1 mysqld_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_mysqld_port'
kernel,corenetwork.if,corenet_udp_sendrecv_mysqld_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_mysqld_port'
kernel,corenetwork.if,corenet_tcp_bind_mysqld_port'
allow $1 mysqld_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_mysqld_port'
allow $1 mysqld_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_mysqld_port'
allow $1 mysqld_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_mysqld_client_packets'
allow $1 mysqld_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_mysqld_client_packets'
kernel,corenetwork.if,corenet_receive_mysqld_client_packets'
allow $1 mysqld_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_mysqld_client_packets'
kernel,corenetwork.if,corenet_sendrecv_mysqld_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_mysqld_client_packets'
kernel,corenetwork.if,corenet_relabelto_mysqld_client_packets'
allow $1 mysqld_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_mysqld_server_packets'
allow $1 mysqld_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_mysqld_server_packets'
kernel,corenetwork.if,corenet_receive_mysqld_server_packets'
allow $1 mysqld_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_mysqld_server_packets'
kernel,corenetwork.if,corenet_sendrecv_mysqld_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_mysqld_server_packets'
kernel,corenetwork.if,corenet_relabelto_mysqld_server_packets'
allow $1 mysqld_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_nessus_port'
allow $1 nessus_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_nessus_port'
allow $1 nessus_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_nessus_port'
kernel,corenetwork.if,corenet_udp_receive_nessus_port'
allow $1 nessus_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_nessus_port'
kernel,corenetwork.if,corenet_udp_sendrecv_nessus_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_nessus_port'
kernel,corenetwork.if,corenet_tcp_bind_nessus_port'
allow $1 nessus_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_nessus_port'
allow $1 nessus_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_nessus_port'
allow $1 nessus_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_nessus_client_packets'
allow $1 nessus_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_nessus_client_packets'
kernel,corenetwork.if,corenet_receive_nessus_client_packets'
allow $1 nessus_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_nessus_client_packets'
kernel,corenetwork.if,corenet_sendrecv_nessus_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_nessus_client_packets'
kernel,corenetwork.if,corenet_relabelto_nessus_client_packets'
allow $1 nessus_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_nessus_server_packets'
allow $1 nessus_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_nessus_server_packets'
kernel,corenetwork.if,corenet_receive_nessus_server_packets'
allow $1 nessus_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_nessus_server_packets'
kernel,corenetwork.if,corenet_sendrecv_nessus_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_nessus_server_packets'
kernel,corenetwork.if,corenet_relabelto_nessus_server_packets'
allow $1 nessus_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_netsupport_port'
allow $1 netsupport_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_netsupport_port'
allow $1 netsupport_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_netsupport_port'
kernel,corenetwork.if,corenet_udp_receive_netsupport_port'
allow $1 netsupport_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_netsupport_port'
kernel,corenetwork.if,corenet_udp_sendrecv_netsupport_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_netsupport_port'
kernel,corenetwork.if,corenet_tcp_bind_netsupport_port'
allow $1 netsupport_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_netsupport_port'
allow $1 netsupport_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_netsupport_port'
allow $1 netsupport_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_netsupport_client_packets'
allow $1 netsupport_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_netsupport_client_packets'
kernel,corenetwork.if,corenet_receive_netsupport_client_packets'
allow $1 netsupport_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_netsupport_client_packets'
kernel,corenetwork.if,corenet_sendrecv_netsupport_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_netsupport_client_packets'
kernel,corenetwork.if,corenet_relabelto_netsupport_client_packets'
allow $1 netsupport_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_netsupport_server_packets'
allow $1 netsupport_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_netsupport_server_packets'
kernel,corenetwork.if,corenet_receive_netsupport_server_packets'
allow $1 netsupport_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_netsupport_server_packets'
kernel,corenetwork.if,corenet_sendrecv_netsupport_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_netsupport_server_packets'
kernel,corenetwork.if,corenet_relabelto_netsupport_server_packets'
allow $1 netsupport_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_nmbd_port'
allow $1 nmbd_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_nmbd_port'
allow $1 nmbd_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_nmbd_port'
kernel,corenetwork.if,corenet_udp_receive_nmbd_port'
allow $1 nmbd_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_nmbd_port'
kernel,corenetwork.if,corenet_udp_sendrecv_nmbd_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_nmbd_port'
kernel,corenetwork.if,corenet_tcp_bind_nmbd_port'
allow $1 nmbd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_nmbd_port'
allow $1 nmbd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_nmbd_port'
allow $1 nmbd_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_nmbd_client_packets'
allow $1 nmbd_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_nmbd_client_packets'
kernel,corenetwork.if,corenet_receive_nmbd_client_packets'
allow $1 nmbd_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_nmbd_client_packets'
kernel,corenetwork.if,corenet_sendrecv_nmbd_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_nmbd_client_packets'
kernel,corenetwork.if,corenet_relabelto_nmbd_client_packets'
allow $1 nmbd_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_nmbd_server_packets'
allow $1 nmbd_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_nmbd_server_packets'
kernel,corenetwork.if,corenet_receive_nmbd_server_packets'
allow $1 nmbd_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_nmbd_server_packets'
kernel,corenetwork.if,corenet_sendrecv_nmbd_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_nmbd_server_packets'
kernel,corenetwork.if,corenet_relabelto_nmbd_server_packets'
allow $1 nmbd_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_ntp_port'
allow $1 ntp_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_ntp_port'
allow $1 ntp_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_ntp_port'
kernel,corenetwork.if,corenet_udp_receive_ntp_port'
allow $1 ntp_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_ntp_port'
kernel,corenetwork.if,corenet_udp_sendrecv_ntp_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_ntp_port'
kernel,corenetwork.if,corenet_tcp_bind_ntp_port'
allow $1 ntp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_ntp_port'
allow $1 ntp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_ntp_port'
allow $1 ntp_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_ntp_client_packets'
allow $1 ntp_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_ntp_client_packets'
kernel,corenetwork.if,corenet_receive_ntp_client_packets'
allow $1 ntp_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_ntp_client_packets'
kernel,corenetwork.if,corenet_sendrecv_ntp_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_ntp_client_packets'
kernel,corenetwork.if,corenet_relabelto_ntp_client_packets'
allow $1 ntp_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_ntp_server_packets'
allow $1 ntp_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_ntp_server_packets'
kernel,corenetwork.if,corenet_receive_ntp_server_packets'
allow $1 ntp_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_ntp_server_packets'
kernel,corenetwork.if,corenet_sendrecv_ntp_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_ntp_server_packets'
kernel,corenetwork.if,corenet_relabelto_ntp_server_packets'
allow $1 ntp_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_ocsp_port'
allow $1 ocsp_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_ocsp_port'
allow $1 ocsp_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_ocsp_port'
kernel,corenetwork.if,corenet_udp_receive_ocsp_port'
allow $1 ocsp_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_ocsp_port'
kernel,corenetwork.if,corenet_udp_sendrecv_ocsp_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_ocsp_port'
kernel,corenetwork.if,corenet_tcp_bind_ocsp_port'
allow $1 ocsp_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_ocsp_port'
allow $1 ocsp_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_ocsp_port'
allow $1 ocsp_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_ocsp_client_packets'
allow $1 ocsp_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_ocsp_client_packets'
kernel,corenetwork.if,corenet_receive_ocsp_client_packets'
allow $1 ocsp_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_ocsp_client_packets'
kernel,corenetwork.if,corenet_sendrecv_ocsp_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_ocsp_client_packets'
kernel,corenetwork.if,corenet_relabelto_ocsp_client_packets'
allow $1 ocsp_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_ocsp_server_packets'
allow $1 ocsp_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_ocsp_server_packets'
kernel,corenetwork.if,corenet_receive_ocsp_server_packets'
allow $1 ocsp_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_ocsp_server_packets'
kernel,corenetwork.if,corenet_sendrecv_ocsp_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_ocsp_server_packets'
kernel,corenetwork.if,corenet_relabelto_ocsp_server_packets'
allow $1 ocsp_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_openvpn_port'
allow $1 openvpn_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_openvpn_port'
allow $1 openvpn_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_openvpn_port'
kernel,corenetwork.if,corenet_udp_receive_openvpn_port'
allow $1 openvpn_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_openvpn_port'
kernel,corenetwork.if,corenet_udp_sendrecv_openvpn_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_openvpn_port'
kernel,corenetwork.if,corenet_tcp_bind_openvpn_port'
allow $1 openvpn_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_openvpn_port'
allow $1 openvpn_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_openvpn_port'
allow $1 openvpn_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_openvpn_client_packets'
allow $1 openvpn_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_openvpn_client_packets'
kernel,corenetwork.if,corenet_receive_openvpn_client_packets'
allow $1 openvpn_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_openvpn_client_packets'
kernel,corenetwork.if,corenet_sendrecv_openvpn_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_openvpn_client_packets'
kernel,corenetwork.if,corenet_relabelto_openvpn_client_packets'
allow $1 openvpn_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_openvpn_server_packets'
allow $1 openvpn_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_openvpn_server_packets'
kernel,corenetwork.if,corenet_receive_openvpn_server_packets'
allow $1 openvpn_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_openvpn_server_packets'
kernel,corenetwork.if,corenet_sendrecv_openvpn_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_openvpn_server_packets'
kernel,corenetwork.if,corenet_relabelto_openvpn_server_packets'
allow $1 openvpn_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_pegasus_http_port'
allow $1 pegasus_http_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_pegasus_http_port'
allow $1 pegasus_http_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_pegasus_http_port'
kernel,corenetwork.if,corenet_udp_receive_pegasus_http_port'
allow $1 pegasus_http_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_pegasus_http_port'
kernel,corenetwork.if,corenet_udp_sendrecv_pegasus_http_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_pegasus_http_port'
kernel,corenetwork.if,corenet_tcp_bind_pegasus_http_port'
allow $1 pegasus_http_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_pegasus_http_port'
allow $1 pegasus_http_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_pegasus_http_port'
allow $1 pegasus_http_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_pegasus_http_client_packets'
allow $1 pegasus_http_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_pegasus_http_client_packets'
kernel,corenetwork.if,corenet_receive_pegasus_http_client_packets'
allow $1 pegasus_http_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_pegasus_http_client_packets'
kernel,corenetwork.if,corenet_sendrecv_pegasus_http_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_pegasus_http_client_packets'
kernel,corenetwork.if,corenet_relabelto_pegasus_http_client_packets'
allow $1 pegasus_http_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_pegasus_http_server_packets'
allow $1 pegasus_http_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_pegasus_http_server_packets'
kernel,corenetwork.if,corenet_receive_pegasus_http_server_packets'
allow $1 pegasus_http_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_pegasus_http_server_packets'
kernel,corenetwork.if,corenet_sendrecv_pegasus_http_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_pegasus_http_server_packets'
kernel,corenetwork.if,corenet_relabelto_pegasus_http_server_packets'
allow $1 pegasus_http_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_pegasus_https_port'
allow $1 pegasus_https_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_pegasus_https_port'
allow $1 pegasus_https_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_pegasus_https_port'
kernel,corenetwork.if,corenet_udp_receive_pegasus_https_port'
allow $1 pegasus_https_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_pegasus_https_port'
kernel,corenetwork.if,corenet_udp_sendrecv_pegasus_https_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_pegasus_https_port'
kernel,corenetwork.if,corenet_tcp_bind_pegasus_https_port'
allow $1 pegasus_https_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_pegasus_https_port'
allow $1 pegasus_https_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_pegasus_https_port'
allow $1 pegasus_https_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_pegasus_https_client_packets'
allow $1 pegasus_https_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_pegasus_https_client_packets'
kernel,corenetwork.if,corenet_receive_pegasus_https_client_packets'
allow $1 pegasus_https_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_pegasus_https_client_packets'
kernel,corenetwork.if,corenet_sendrecv_pegasus_https_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_pegasus_https_client_packets'
kernel,corenetwork.if,corenet_relabelto_pegasus_https_client_packets'
allow $1 pegasus_https_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_pegasus_https_server_packets'
allow $1 pegasus_https_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_pegasus_https_server_packets'
kernel,corenetwork.if,corenet_receive_pegasus_https_server_packets'
allow $1 pegasus_https_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_pegasus_https_server_packets'
kernel,corenetwork.if,corenet_sendrecv_pegasus_https_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_pegasus_https_server_packets'
kernel,corenetwork.if,corenet_relabelto_pegasus_https_server_packets'
allow $1 pegasus_https_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_postfix_policyd_port'
allow $1 postfix_policyd_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_postfix_policyd_port'
allow $1 postfix_policyd_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_postfix_policyd_port'
kernel,corenetwork.if,corenet_udp_receive_postfix_policyd_port'
allow $1 postfix_policyd_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_postfix_policyd_port'
kernel,corenetwork.if,corenet_udp_sendrecv_postfix_policyd_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_postfix_policyd_port'
kernel,corenetwork.if,corenet_tcp_bind_postfix_policyd_port'
allow $1 postfix_policyd_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_postfix_policyd_port'
allow $1 postfix_policyd_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_postfix_policyd_port'
allow $1 postfix_policyd_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_postfix_policyd_client_packets'
allow $1 postfix_policyd_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_postfix_policyd_client_packets'
kernel,corenetwork.if,corenet_receive_postfix_policyd_client_packets'
allow $1 postfix_policyd_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_postfix_policyd_client_packets'
kernel,corenetwork.if,corenet_sendrecv_postfix_policyd_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_postfix_policyd_client_packets'
kernel,corenetwork.if,corenet_relabelto_postfix_policyd_client_packets'
allow $1 postfix_policyd_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_postfix_policyd_server_packets'
allow $1 postfix_policyd_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_postfix_policyd_server_packets'
kernel,corenetwork.if,corenet_receive_postfix_policyd_server_packets'
allow $1 postfix_policyd_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_postfix_policyd_server_packets'
kernel,corenetwork.if,corenet_sendrecv_postfix_policyd_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_postfix_policyd_server_packets'
kernel,corenetwork.if,corenet_relabelto_postfix_policyd_server_packets'
allow $1 postfix_policyd_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_pgpkeyserver_port'
allow $1 pgpkeyserver_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_pgpkeyserver_port'
allow $1 pgpkeyserver_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_pgpkeyserver_port'
kernel,corenetwork.if,corenet_udp_receive_pgpkeyserver_port'
allow $1 pgpkeyserver_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_pgpkeyserver_port'
kernel,corenetwork.if,corenet_udp_sendrecv_pgpkeyserver_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_pgpkeyserver_port'
kernel,corenetwork.if,corenet_tcp_bind_pgpkeyserver_port'
allow $1 pgpkeyserver_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_pgpkeyserver_port'
allow $1 pgpkeyserver_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_pgpkeyserver_port'
allow $1 pgpkeyserver_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_pgpkeyserver_client_packets'
allow $1 pgpkeyserver_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_pgpkeyserver_client_packets'
kernel,corenetwork.if,corenet_receive_pgpkeyserver_client_packets'
allow $1 pgpkeyserver_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_pgpkeyserver_client_packets'
kernel,corenetwork.if,corenet_sendrecv_pgpkeyserver_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_pgpkeyserver_client_packets'
kernel,corenetwork.if,corenet_relabelto_pgpkeyserver_client_packets'
allow $1 pgpkeyserver_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_pgpkeyserver_server_packets'
allow $1 pgpkeyserver_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_pgpkeyserver_server_packets'
kernel,corenetwork.if,corenet_receive_pgpkeyserver_server_packets'
allow $1 pgpkeyserver_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_pgpkeyserver_server_packets'
kernel,corenetwork.if,corenet_sendrecv_pgpkeyserver_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_pgpkeyserver_server_packets'
kernel,corenetwork.if,corenet_relabelto_pgpkeyserver_server_packets'
allow $1 pgpkeyserver_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_pop_port'
allow $1 pop_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_pop_port'
allow $1 pop_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_pop_port'
kernel,corenetwork.if,corenet_udp_receive_pop_port'
allow $1 pop_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_pop_port'
kernel,corenetwork.if,corenet_udp_sendrecv_pop_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_pop_port'
kernel,corenetwork.if,corenet_tcp_bind_pop_port'
allow $1 pop_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_pop_port'
allow $1 pop_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_pop_port'
allow $1 pop_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_pop_client_packets'
allow $1 pop_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_pop_client_packets'
kernel,corenetwork.if,corenet_receive_pop_client_packets'
allow $1 pop_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_pop_client_packets'
kernel,corenetwork.if,corenet_sendrecv_pop_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_pop_client_packets'
kernel,corenetwork.if,corenet_relabelto_pop_client_packets'
allow $1 pop_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_pop_server_packets'
allow $1 pop_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_pop_server_packets'
kernel,corenetwork.if,corenet_receive_pop_server_packets'
allow $1 pop_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_pop_server_packets'
kernel,corenetwork.if,corenet_sendrecv_pop_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_pop_server_packets'
kernel,corenetwork.if,corenet_relabelto_pop_server_packets'
allow $1 pop_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_portmap_port'
allow $1 portmap_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_portmap_port'
allow $1 portmap_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_portmap_port'
kernel,corenetwork.if,corenet_udp_receive_portmap_port'
allow $1 portmap_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_portmap_port'
kernel,corenetwork.if,corenet_udp_sendrecv_portmap_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_portmap_port'
kernel,corenetwork.if,corenet_tcp_bind_portmap_port'
allow $1 portmap_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_portmap_port'
allow $1 portmap_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_portmap_port'
allow $1 portmap_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_portmap_client_packets'
allow $1 portmap_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_portmap_client_packets'
kernel,corenetwork.if,corenet_receive_portmap_client_packets'
allow $1 portmap_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_portmap_client_packets'
kernel,corenetwork.if,corenet_sendrecv_portmap_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_portmap_client_packets'
kernel,corenetwork.if,corenet_relabelto_portmap_client_packets'
allow $1 portmap_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_portmap_server_packets'
allow $1 portmap_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_portmap_server_packets'
kernel,corenetwork.if,corenet_receive_portmap_server_packets'
allow $1 portmap_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_portmap_server_packets'
kernel,corenetwork.if,corenet_sendrecv_portmap_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_portmap_server_packets'
kernel,corenetwork.if,corenet_relabelto_portmap_server_packets'
allow $1 portmap_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_postgresql_port'
allow $1 postgresql_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_postgresql_port'
allow $1 postgresql_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_postgresql_port'
kernel,corenetwork.if,corenet_udp_receive_postgresql_port'
allow $1 postgresql_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_postgresql_port'
kernel,corenetwork.if,corenet_udp_sendrecv_postgresql_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_postgresql_port'
kernel,corenetwork.if,corenet_tcp_bind_postgresql_port'
allow $1 postgresql_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_postgresql_port'
allow $1 postgresql_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_postgresql_port'
allow $1 postgresql_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_postgresql_client_packets'
allow $1 postgresql_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_postgresql_client_packets'
kernel,corenetwork.if,corenet_receive_postgresql_client_packets'
allow $1 postgresql_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_postgresql_client_packets'
kernel,corenetwork.if,corenet_sendrecv_postgresql_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_postgresql_client_packets'
kernel,corenetwork.if,corenet_relabelto_postgresql_client_packets'
allow $1 postgresql_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_postgresql_server_packets'
allow $1 postgresql_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_postgresql_server_packets'
kernel,corenetwork.if,corenet_receive_postgresql_server_packets'
allow $1 postgresql_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_postgresql_server_packets'
kernel,corenetwork.if,corenet_sendrecv_postgresql_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_postgresql_server_packets'
kernel,corenetwork.if,corenet_relabelto_postgresql_server_packets'
allow $1 postgresql_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_postgrey_port'
allow $1 postgrey_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_postgrey_port'
allow $1 postgrey_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_postgrey_port'
kernel,corenetwork.if,corenet_udp_receive_postgrey_port'
allow $1 postgrey_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_postgrey_port'
kernel,corenetwork.if,corenet_udp_sendrecv_postgrey_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_postgrey_port'
kernel,corenetwork.if,corenet_tcp_bind_postgrey_port'
allow $1 postgrey_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_postgrey_port'
allow $1 postgrey_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_postgrey_port'
allow $1 postgrey_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_postgrey_client_packets'
allow $1 postgrey_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_postgrey_client_packets'
kernel,corenetwork.if,corenet_receive_postgrey_client_packets'
allow $1 postgrey_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_postgrey_client_packets'
kernel,corenetwork.if,corenet_sendrecv_postgrey_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_postgrey_client_packets'
kernel,corenetwork.if,corenet_relabelto_postgrey_client_packets'
allow $1 postgrey_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_postgrey_server_packets'
allow $1 postgrey_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_postgrey_server_packets'
kernel,corenetwork.if,corenet_receive_postgrey_server_packets'
allow $1 postgrey_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_postgrey_server_packets'
kernel,corenetwork.if,corenet_sendrecv_postgrey_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_postgrey_server_packets'
kernel,corenetwork.if,corenet_relabelto_postgrey_server_packets'
allow $1 postgrey_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_printer_port'
allow $1 printer_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_printer_port'
allow $1 printer_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_printer_port'
kernel,corenetwork.if,corenet_udp_receive_printer_port'
allow $1 printer_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_printer_port'
kernel,corenetwork.if,corenet_udp_sendrecv_printer_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_printer_port'
kernel,corenetwork.if,corenet_tcp_bind_printer_port'
allow $1 printer_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_printer_port'
allow $1 printer_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_printer_port'
allow $1 printer_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_printer_client_packets'
allow $1 printer_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_printer_client_packets'
kernel,corenetwork.if,corenet_receive_printer_client_packets'
allow $1 printer_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_printer_client_packets'
kernel,corenetwork.if,corenet_sendrecv_printer_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_printer_client_packets'
kernel,corenetwork.if,corenet_relabelto_printer_client_packets'
allow $1 printer_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_printer_server_packets'
allow $1 printer_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_printer_server_packets'
kernel,corenetwork.if,corenet_receive_printer_server_packets'
allow $1 printer_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_printer_server_packets'
kernel,corenetwork.if,corenet_sendrecv_printer_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_printer_server_packets'
kernel,corenetwork.if,corenet_relabelto_printer_server_packets'
allow $1 printer_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_ptal_port'
allow $1 ptal_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_ptal_port'
allow $1 ptal_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_ptal_port'
kernel,corenetwork.if,corenet_udp_receive_ptal_port'
allow $1 ptal_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_ptal_port'
kernel,corenetwork.if,corenet_udp_sendrecv_ptal_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_ptal_port'
kernel,corenetwork.if,corenet_tcp_bind_ptal_port'
allow $1 ptal_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_ptal_port'
allow $1 ptal_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_ptal_port'
allow $1 ptal_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_ptal_client_packets'
allow $1 ptal_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_ptal_client_packets'
kernel,corenetwork.if,corenet_receive_ptal_client_packets'
allow $1 ptal_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_ptal_client_packets'
kernel,corenetwork.if,corenet_sendrecv_ptal_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_ptal_client_packets'
kernel,corenetwork.if,corenet_relabelto_ptal_client_packets'
allow $1 ptal_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_ptal_server_packets'
allow $1 ptal_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_ptal_server_packets'
kernel,corenetwork.if,corenet_receive_ptal_server_packets'
allow $1 ptal_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_ptal_server_packets'
kernel,corenetwork.if,corenet_sendrecv_ptal_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_ptal_server_packets'
kernel,corenetwork.if,corenet_relabelto_ptal_server_packets'
allow $1 ptal_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_pxe_port'
allow $1 pxe_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_pxe_port'
allow $1 pxe_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_pxe_port'
kernel,corenetwork.if,corenet_udp_receive_pxe_port'
allow $1 pxe_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_pxe_port'
kernel,corenetwork.if,corenet_udp_sendrecv_pxe_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_pxe_port'
kernel,corenetwork.if,corenet_tcp_bind_pxe_port'
allow $1 pxe_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_pxe_port'
allow $1 pxe_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_pxe_port'
allow $1 pxe_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_pxe_client_packets'
allow $1 pxe_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_pxe_client_packets'
kernel,corenetwork.if,corenet_receive_pxe_client_packets'
allow $1 pxe_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_pxe_client_packets'
kernel,corenetwork.if,corenet_sendrecv_pxe_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_pxe_client_packets'
kernel,corenetwork.if,corenet_relabelto_pxe_client_packets'
allow $1 pxe_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_pxe_server_packets'
allow $1 pxe_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_pxe_server_packets'
kernel,corenetwork.if,corenet_receive_pxe_server_packets'
allow $1 pxe_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_pxe_server_packets'
kernel,corenetwork.if,corenet_sendrecv_pxe_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_pxe_server_packets'
kernel,corenetwork.if,corenet_relabelto_pxe_server_packets'
allow $1 pxe_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_pyzor_port'
allow $1 pyzor_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_pyzor_port'
allow $1 pyzor_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_pyzor_port'
kernel,corenetwork.if,corenet_udp_receive_pyzor_port'
allow $1 pyzor_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_pyzor_port'
kernel,corenetwork.if,corenet_udp_sendrecv_pyzor_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_pyzor_port'
kernel,corenetwork.if,corenet_tcp_bind_pyzor_port'
allow $1 pyzor_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_pyzor_port'
allow $1 pyzor_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_pyzor_port'
allow $1 pyzor_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_pyzor_client_packets'
allow $1 pyzor_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_pyzor_client_packets'
kernel,corenetwork.if,corenet_receive_pyzor_client_packets'
allow $1 pyzor_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_pyzor_client_packets'
kernel,corenetwork.if,corenet_sendrecv_pyzor_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_pyzor_client_packets'
kernel,corenetwork.if,corenet_relabelto_pyzor_client_packets'
allow $1 pyzor_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_pyzor_server_packets'
allow $1 pyzor_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_pyzor_server_packets'
kernel,corenetwork.if,corenet_receive_pyzor_server_packets'
allow $1 pyzor_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_pyzor_server_packets'
kernel,corenetwork.if,corenet_sendrecv_pyzor_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_pyzor_server_packets'
kernel,corenetwork.if,corenet_relabelto_pyzor_server_packets'
allow $1 pyzor_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_radacct_port'
allow $1 radacct_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_radacct_port'
allow $1 radacct_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_radacct_port'
kernel,corenetwork.if,corenet_udp_receive_radacct_port'
allow $1 radacct_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_radacct_port'
kernel,corenetwork.if,corenet_udp_sendrecv_radacct_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_radacct_port'
kernel,corenetwork.if,corenet_tcp_bind_radacct_port'
allow $1 radacct_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_radacct_port'
allow $1 radacct_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_radacct_port'
allow $1 radacct_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_radacct_client_packets'
allow $1 radacct_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_radacct_client_packets'
kernel,corenetwork.if,corenet_receive_radacct_client_packets'
allow $1 radacct_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_radacct_client_packets'
kernel,corenetwork.if,corenet_sendrecv_radacct_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_radacct_client_packets'
kernel,corenetwork.if,corenet_relabelto_radacct_client_packets'
allow $1 radacct_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_radacct_server_packets'
allow $1 radacct_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_radacct_server_packets'
kernel,corenetwork.if,corenet_receive_radacct_server_packets'
allow $1 radacct_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_radacct_server_packets'
kernel,corenetwork.if,corenet_sendrecv_radacct_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_radacct_server_packets'
kernel,corenetwork.if,corenet_relabelto_radacct_server_packets'
allow $1 radacct_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_radius_port'
allow $1 radius_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_radius_port'
allow $1 radius_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_radius_port'
kernel,corenetwork.if,corenet_udp_receive_radius_port'
allow $1 radius_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_radius_port'
kernel,corenetwork.if,corenet_udp_sendrecv_radius_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_radius_port'
kernel,corenetwork.if,corenet_tcp_bind_radius_port'
allow $1 radius_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_radius_port'
allow $1 radius_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_radius_port'
allow $1 radius_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_radius_client_packets'
allow $1 radius_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_radius_client_packets'
kernel,corenetwork.if,corenet_receive_radius_client_packets'
allow $1 radius_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_radius_client_packets'
kernel,corenetwork.if,corenet_sendrecv_radius_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_radius_client_packets'
kernel,corenetwork.if,corenet_relabelto_radius_client_packets'
allow $1 radius_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_radius_server_packets'
allow $1 radius_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_radius_server_packets'
kernel,corenetwork.if,corenet_receive_radius_server_packets'
allow $1 radius_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_radius_server_packets'
kernel,corenetwork.if,corenet_sendrecv_radius_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_radius_server_packets'
kernel,corenetwork.if,corenet_relabelto_radius_server_packets'
allow $1 radius_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_razor_port'
allow $1 razor_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_razor_port'
allow $1 razor_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_razor_port'
kernel,corenetwork.if,corenet_udp_receive_razor_port'
allow $1 razor_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_razor_port'
kernel,corenetwork.if,corenet_udp_sendrecv_razor_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_razor_port'
kernel,corenetwork.if,corenet_tcp_bind_razor_port'
allow $1 razor_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_razor_port'
allow $1 razor_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_razor_port'
allow $1 razor_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_razor_client_packets'
allow $1 razor_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_razor_client_packets'
kernel,corenetwork.if,corenet_receive_razor_client_packets'
allow $1 razor_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_razor_client_packets'
kernel,corenetwork.if,corenet_sendrecv_razor_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_razor_client_packets'
kernel,corenetwork.if,corenet_relabelto_razor_client_packets'
allow $1 razor_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_razor_server_packets'
allow $1 razor_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_razor_server_packets'
kernel,corenetwork.if,corenet_receive_razor_server_packets'
allow $1 razor_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_razor_server_packets'
kernel,corenetwork.if,corenet_sendrecv_razor_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_razor_server_packets'
kernel,corenetwork.if,corenet_relabelto_razor_server_packets'
allow $1 razor_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_ricci_port'
allow $1 ricci_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_ricci_port'
allow $1 ricci_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_ricci_port'
kernel,corenetwork.if,corenet_udp_receive_ricci_port'
allow $1 ricci_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_ricci_port'
kernel,corenetwork.if,corenet_udp_sendrecv_ricci_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_ricci_port'
kernel,corenetwork.if,corenet_tcp_bind_ricci_port'
allow $1 ricci_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_ricci_port'
allow $1 ricci_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_ricci_port'
allow $1 ricci_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_ricci_client_packets'
allow $1 ricci_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_ricci_client_packets'
kernel,corenetwork.if,corenet_receive_ricci_client_packets'
allow $1 ricci_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_ricci_client_packets'
kernel,corenetwork.if,corenet_sendrecv_ricci_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_ricci_client_packets'
kernel,corenetwork.if,corenet_relabelto_ricci_client_packets'
allow $1 ricci_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_ricci_server_packets'
allow $1 ricci_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_ricci_server_packets'
kernel,corenetwork.if,corenet_receive_ricci_server_packets'
allow $1 ricci_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_ricci_server_packets'
kernel,corenetwork.if,corenet_sendrecv_ricci_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_ricci_server_packets'
kernel,corenetwork.if,corenet_relabelto_ricci_server_packets'
allow $1 ricci_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_ricci_modcluster_port'
allow $1 ricci_modcluster_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_ricci_modcluster_port'
allow $1 ricci_modcluster_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_ricci_modcluster_port'
kernel,corenetwork.if,corenet_udp_receive_ricci_modcluster_port'
allow $1 ricci_modcluster_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_ricci_modcluster_port'
kernel,corenetwork.if,corenet_udp_sendrecv_ricci_modcluster_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_ricci_modcluster_port'
kernel,corenetwork.if,corenet_tcp_bind_ricci_modcluster_port'
allow $1 ricci_modcluster_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_ricci_modcluster_port'
allow $1 ricci_modcluster_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_ricci_modcluster_port'
allow $1 ricci_modcluster_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_ricci_modcluster_client_packets'
allow $1 ricci_modcluster_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_ricci_modcluster_client_packets'
kernel,corenetwork.if,corenet_receive_ricci_modcluster_client_packets'
allow $1 ricci_modcluster_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_ricci_modcluster_client_packets'
kernel,corenetwork.if,corenet_sendrecv_ricci_modcluster_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_ricci_modcluster_client_packets'
kernel,corenetwork.if,corenet_relabelto_ricci_modcluster_client_packets'
allow $1 ricci_modcluster_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_ricci_modcluster_server_packets'
allow $1 ricci_modcluster_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_ricci_modcluster_server_packets'
kernel,corenetwork.if,corenet_receive_ricci_modcluster_server_packets'
allow $1 ricci_modcluster_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_ricci_modcluster_server_packets'
kernel,corenetwork.if,corenet_sendrecv_ricci_modcluster_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_ricci_modcluster_server_packets'
kernel,corenetwork.if,corenet_relabelto_ricci_modcluster_server_packets'
allow $1 ricci_modcluster_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_rlogind_port'
allow $1 rlogind_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_rlogind_port'
allow $1 rlogind_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_rlogind_port'
kernel,corenetwork.if,corenet_udp_receive_rlogind_port'
allow $1 rlogind_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_rlogind_port'
kernel,corenetwork.if,corenet_udp_sendrecv_rlogind_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_rlogind_port'
kernel,corenetwork.if,corenet_tcp_bind_rlogind_port'
allow $1 rlogind_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_rlogind_port'
allow $1 rlogind_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_rlogind_port'
allow $1 rlogind_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_rlogind_client_packets'
allow $1 rlogind_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_rlogind_client_packets'
kernel,corenetwork.if,corenet_receive_rlogind_client_packets'
allow $1 rlogind_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_rlogind_client_packets'
kernel,corenetwork.if,corenet_sendrecv_rlogind_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_rlogind_client_packets'
kernel,corenetwork.if,corenet_relabelto_rlogind_client_packets'
allow $1 rlogind_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_rlogind_server_packets'
allow $1 rlogind_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_rlogind_server_packets'
kernel,corenetwork.if,corenet_receive_rlogind_server_packets'
allow $1 rlogind_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_rlogind_server_packets'
kernel,corenetwork.if,corenet_sendrecv_rlogind_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_rlogind_server_packets'
kernel,corenetwork.if,corenet_relabelto_rlogind_server_packets'
allow $1 rlogind_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_rndc_port'
allow $1 rndc_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_rndc_port'
allow $1 rndc_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_rndc_port'
kernel,corenetwork.if,corenet_udp_receive_rndc_port'
allow $1 rndc_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_rndc_port'
kernel,corenetwork.if,corenet_udp_sendrecv_rndc_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_rndc_port'
kernel,corenetwork.if,corenet_tcp_bind_rndc_port'
allow $1 rndc_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_rndc_port'
allow $1 rndc_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_rndc_port'
allow $1 rndc_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_rndc_client_packets'
allow $1 rndc_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_rndc_client_packets'
kernel,corenetwork.if,corenet_receive_rndc_client_packets'
allow $1 rndc_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_rndc_client_packets'
kernel,corenetwork.if,corenet_sendrecv_rndc_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_rndc_client_packets'
kernel,corenetwork.if,corenet_relabelto_rndc_client_packets'
allow $1 rndc_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_rndc_server_packets'
allow $1 rndc_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_rndc_server_packets'
kernel,corenetwork.if,corenet_receive_rndc_server_packets'
allow $1 rndc_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_rndc_server_packets'
kernel,corenetwork.if,corenet_sendrecv_rndc_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_rndc_server_packets'
kernel,corenetwork.if,corenet_relabelto_rndc_server_packets'
allow $1 rndc_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_router_port'
allow $1 router_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_router_port'
allow $1 router_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_router_port'
kernel,corenetwork.if,corenet_udp_receive_router_port'
allow $1 router_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_router_port'
kernel,corenetwork.if,corenet_udp_sendrecv_router_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_router_port'
kernel,corenetwork.if,corenet_tcp_bind_router_port'
allow $1 router_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_router_port'
allow $1 router_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_router_port'
allow $1 router_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_router_client_packets'
allow $1 router_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_router_client_packets'
kernel,corenetwork.if,corenet_receive_router_client_packets'
allow $1 router_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_router_client_packets'
kernel,corenetwork.if,corenet_sendrecv_router_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_router_client_packets'
kernel,corenetwork.if,corenet_relabelto_router_client_packets'
allow $1 router_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_router_server_packets'
allow $1 router_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_router_server_packets'
kernel,corenetwork.if,corenet_receive_router_server_packets'
allow $1 router_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_router_server_packets'
kernel,corenetwork.if,corenet_sendrecv_router_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_router_server_packets'
kernel,corenetwork.if,corenet_relabelto_router_server_packets'
allow $1 router_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_rsh_port'
allow $1 rsh_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_rsh_port'
allow $1 rsh_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_rsh_port'
kernel,corenetwork.if,corenet_udp_receive_rsh_port'
allow $1 rsh_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_rsh_port'
kernel,corenetwork.if,corenet_udp_sendrecv_rsh_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_rsh_port'
kernel,corenetwork.if,corenet_tcp_bind_rsh_port'
allow $1 rsh_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_rsh_port'
allow $1 rsh_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_rsh_port'
allow $1 rsh_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_rsh_client_packets'
allow $1 rsh_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_rsh_client_packets'
kernel,corenetwork.if,corenet_receive_rsh_client_packets'
allow $1 rsh_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_rsh_client_packets'
kernel,corenetwork.if,corenet_sendrecv_rsh_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_rsh_client_packets'
kernel,corenetwork.if,corenet_relabelto_rsh_client_packets'
allow $1 rsh_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_rsh_server_packets'
allow $1 rsh_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_rsh_server_packets'
kernel,corenetwork.if,corenet_receive_rsh_server_packets'
allow $1 rsh_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_rsh_server_packets'
kernel,corenetwork.if,corenet_sendrecv_rsh_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_rsh_server_packets'
kernel,corenetwork.if,corenet_relabelto_rsh_server_packets'
allow $1 rsh_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_rsync_port'
allow $1 rsync_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_rsync_port'
allow $1 rsync_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_rsync_port'
kernel,corenetwork.if,corenet_udp_receive_rsync_port'
allow $1 rsync_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_rsync_port'
kernel,corenetwork.if,corenet_udp_sendrecv_rsync_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_rsync_port'
kernel,corenetwork.if,corenet_tcp_bind_rsync_port'
allow $1 rsync_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_rsync_port'
allow $1 rsync_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_rsync_port'
allow $1 rsync_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_rsync_client_packets'
allow $1 rsync_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_rsync_client_packets'
kernel,corenetwork.if,corenet_receive_rsync_client_packets'
allow $1 rsync_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_rsync_client_packets'
kernel,corenetwork.if,corenet_sendrecv_rsync_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_rsync_client_packets'
kernel,corenetwork.if,corenet_relabelto_rsync_client_packets'
allow $1 rsync_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_rsync_server_packets'
allow $1 rsync_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_rsync_server_packets'
kernel,corenetwork.if,corenet_receive_rsync_server_packets'
allow $1 rsync_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_rsync_server_packets'
kernel,corenetwork.if,corenet_sendrecv_rsync_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_rsync_server_packets'
kernel,corenetwork.if,corenet_relabelto_rsync_server_packets'
allow $1 rsync_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_rwho_port'
allow $1 rwho_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_rwho_port'
allow $1 rwho_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_rwho_port'
kernel,corenetwork.if,corenet_udp_receive_rwho_port'
allow $1 rwho_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_rwho_port'
kernel,corenetwork.if,corenet_udp_sendrecv_rwho_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_rwho_port'
kernel,corenetwork.if,corenet_tcp_bind_rwho_port'
allow $1 rwho_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_rwho_port'
allow $1 rwho_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_rwho_port'
allow $1 rwho_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_rwho_client_packets'
allow $1 rwho_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_rwho_client_packets'
kernel,corenetwork.if,corenet_receive_rwho_client_packets'
allow $1 rwho_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_rwho_client_packets'
kernel,corenetwork.if,corenet_sendrecv_rwho_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_rwho_client_packets'
kernel,corenetwork.if,corenet_relabelto_rwho_client_packets'
allow $1 rwho_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_rwho_server_packets'
allow $1 rwho_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_rwho_server_packets'
kernel,corenetwork.if,corenet_receive_rwho_server_packets'
allow $1 rwho_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_rwho_server_packets'
kernel,corenetwork.if,corenet_sendrecv_rwho_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_rwho_server_packets'
kernel,corenetwork.if,corenet_relabelto_rwho_server_packets'
allow $1 rwho_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_smbd_port'
allow $1 smbd_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_smbd_port'
allow $1 smbd_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_smbd_port'
kernel,corenetwork.if,corenet_udp_receive_smbd_port'
allow $1 smbd_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_smbd_port'
kernel,corenetwork.if,corenet_udp_sendrecv_smbd_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_smbd_port'
kernel,corenetwork.if,corenet_tcp_bind_smbd_port'
allow $1 smbd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_smbd_port'
allow $1 smbd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_smbd_port'
allow $1 smbd_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_smbd_client_packets'
allow $1 smbd_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_smbd_client_packets'
kernel,corenetwork.if,corenet_receive_smbd_client_packets'
allow $1 smbd_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_smbd_client_packets'
kernel,corenetwork.if,corenet_sendrecv_smbd_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_smbd_client_packets'
kernel,corenetwork.if,corenet_relabelto_smbd_client_packets'
allow $1 smbd_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_smbd_server_packets'
allow $1 smbd_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_smbd_server_packets'
kernel,corenetwork.if,corenet_receive_smbd_server_packets'
allow $1 smbd_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_smbd_server_packets'
kernel,corenetwork.if,corenet_sendrecv_smbd_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_smbd_server_packets'
kernel,corenetwork.if,corenet_relabelto_smbd_server_packets'
allow $1 smbd_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_smtp_port'
allow $1 smtp_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_smtp_port'
allow $1 smtp_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_smtp_port'
kernel,corenetwork.if,corenet_udp_receive_smtp_port'
allow $1 smtp_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_smtp_port'
kernel,corenetwork.if,corenet_udp_sendrecv_smtp_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_smtp_port'
kernel,corenetwork.if,corenet_tcp_bind_smtp_port'
allow $1 smtp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_smtp_port'
allow $1 smtp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_smtp_port'
allow $1 smtp_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_smtp_client_packets'
allow $1 smtp_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_smtp_client_packets'
kernel,corenetwork.if,corenet_receive_smtp_client_packets'
allow $1 smtp_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_smtp_client_packets'
kernel,corenetwork.if,corenet_sendrecv_smtp_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_smtp_client_packets'
kernel,corenetwork.if,corenet_relabelto_smtp_client_packets'
allow $1 smtp_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_smtp_server_packets'
allow $1 smtp_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_smtp_server_packets'
kernel,corenetwork.if,corenet_receive_smtp_server_packets'
allow $1 smtp_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_smtp_server_packets'
kernel,corenetwork.if,corenet_sendrecv_smtp_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_smtp_server_packets'
kernel,corenetwork.if,corenet_relabelto_smtp_server_packets'
allow $1 smtp_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_snmp_port'
allow $1 snmp_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_snmp_port'
allow $1 snmp_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_snmp_port'
kernel,corenetwork.if,corenet_udp_receive_snmp_port'
allow $1 snmp_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_snmp_port'
kernel,corenetwork.if,corenet_udp_sendrecv_snmp_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_snmp_port'
kernel,corenetwork.if,corenet_tcp_bind_snmp_port'
allow $1 snmp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_snmp_port'
allow $1 snmp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_snmp_port'
allow $1 snmp_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_snmp_client_packets'
allow $1 snmp_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_snmp_client_packets'
kernel,corenetwork.if,corenet_receive_snmp_client_packets'
allow $1 snmp_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_snmp_client_packets'
kernel,corenetwork.if,corenet_sendrecv_snmp_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_snmp_client_packets'
kernel,corenetwork.if,corenet_relabelto_snmp_client_packets'
allow $1 snmp_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_snmp_server_packets'
allow $1 snmp_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_snmp_server_packets'
kernel,corenetwork.if,corenet_receive_snmp_server_packets'
allow $1 snmp_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_snmp_server_packets'
kernel,corenetwork.if,corenet_sendrecv_snmp_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_snmp_server_packets'
kernel,corenetwork.if,corenet_relabelto_snmp_server_packets'
allow $1 snmp_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_spamd_port'
allow $1 spamd_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_spamd_port'
allow $1 spamd_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_spamd_port'
kernel,corenetwork.if,corenet_udp_receive_spamd_port'
allow $1 spamd_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_spamd_port'
kernel,corenetwork.if,corenet_udp_sendrecv_spamd_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_spamd_port'
kernel,corenetwork.if,corenet_tcp_bind_spamd_port'
allow $1 spamd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_spamd_port'
allow $1 spamd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_spamd_port'
allow $1 spamd_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_spamd_client_packets'
allow $1 spamd_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_spamd_client_packets'
kernel,corenetwork.if,corenet_receive_spamd_client_packets'
allow $1 spamd_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_spamd_client_packets'
kernel,corenetwork.if,corenet_sendrecv_spamd_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_spamd_client_packets'
kernel,corenetwork.if,corenet_relabelto_spamd_client_packets'
allow $1 spamd_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_spamd_server_packets'
allow $1 spamd_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_spamd_server_packets'
kernel,corenetwork.if,corenet_receive_spamd_server_packets'
allow $1 spamd_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_spamd_server_packets'
kernel,corenetwork.if,corenet_sendrecv_spamd_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_spamd_server_packets'
kernel,corenetwork.if,corenet_relabelto_spamd_server_packets'
allow $1 spamd_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_ssh_port'
allow $1 ssh_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_ssh_port'
allow $1 ssh_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_ssh_port'
kernel,corenetwork.if,corenet_udp_receive_ssh_port'
allow $1 ssh_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_ssh_port'
kernel,corenetwork.if,corenet_udp_sendrecv_ssh_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_ssh_port'
kernel,corenetwork.if,corenet_tcp_bind_ssh_port'
allow $1 ssh_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_ssh_port'
allow $1 ssh_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_ssh_port'
allow $1 ssh_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_ssh_client_packets'
allow $1 ssh_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_ssh_client_packets'
kernel,corenetwork.if,corenet_receive_ssh_client_packets'
allow $1 ssh_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_ssh_client_packets'
kernel,corenetwork.if,corenet_sendrecv_ssh_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_ssh_client_packets'
kernel,corenetwork.if,corenet_relabelto_ssh_client_packets'
allow $1 ssh_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_ssh_server_packets'
allow $1 ssh_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_ssh_server_packets'
kernel,corenetwork.if,corenet_receive_ssh_server_packets'
allow $1 ssh_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_ssh_server_packets'
kernel,corenetwork.if,corenet_sendrecv_ssh_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_ssh_server_packets'
kernel,corenetwork.if,corenet_relabelto_ssh_server_packets'
allow $1 ssh_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_soundd_port'
allow $1 soundd_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_soundd_port'
allow $1 soundd_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_soundd_port'
kernel,corenetwork.if,corenet_udp_receive_soundd_port'
allow $1 soundd_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_soundd_port'
kernel,corenetwork.if,corenet_udp_sendrecv_soundd_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_soundd_port'
kernel,corenetwork.if,corenet_tcp_bind_soundd_port'
allow $1 soundd_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_soundd_port'
allow $1 soundd_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_soundd_port'
allow $1 soundd_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_soundd_client_packets'
allow $1 soundd_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_soundd_client_packets'
kernel,corenetwork.if,corenet_receive_soundd_client_packets'
allow $1 soundd_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_soundd_client_packets'
kernel,corenetwork.if,corenet_sendrecv_soundd_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_soundd_client_packets'
kernel,corenetwork.if,corenet_relabelto_soundd_client_packets'
allow $1 soundd_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_soundd_server_packets'
allow $1 soundd_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_soundd_server_packets'
kernel,corenetwork.if,corenet_receive_soundd_server_packets'
allow $1 soundd_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_soundd_server_packets'
kernel,corenetwork.if,corenet_sendrecv_soundd_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_soundd_server_packets'
kernel,corenetwork.if,corenet_relabelto_soundd_server_packets'
allow $1 soundd_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_squid_port'
allow $1 squid_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_squid_port'
allow $1 squid_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_squid_port'
kernel,corenetwork.if,corenet_udp_receive_squid_port'
allow $1 squid_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_squid_port'
kernel,corenetwork.if,corenet_udp_sendrecv_squid_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_squid_port'
kernel,corenetwork.if,corenet_tcp_bind_squid_port'
allow $1 squid_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_squid_port'
allow $1 squid_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_squid_port'
allow $1 squid_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_squid_client_packets'
allow $1 squid_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_squid_client_packets'
kernel,corenetwork.if,corenet_receive_squid_client_packets'
allow $1 squid_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_squid_client_packets'
kernel,corenetwork.if,corenet_sendrecv_squid_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_squid_client_packets'
kernel,corenetwork.if,corenet_relabelto_squid_client_packets'
allow $1 squid_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_squid_server_packets'
allow $1 squid_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_squid_server_packets'
kernel,corenetwork.if,corenet_receive_squid_server_packets'
allow $1 squid_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_squid_server_packets'
kernel,corenetwork.if,corenet_sendrecv_squid_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_squid_server_packets'
kernel,corenetwork.if,corenet_relabelto_squid_server_packets'
allow $1 squid_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_swat_port'
allow $1 swat_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_swat_port'
allow $1 swat_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_swat_port'
kernel,corenetwork.if,corenet_udp_receive_swat_port'
allow $1 swat_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_swat_port'
kernel,corenetwork.if,corenet_udp_sendrecv_swat_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_swat_port'
kernel,corenetwork.if,corenet_tcp_bind_swat_port'
allow $1 swat_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_swat_port'
allow $1 swat_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_swat_port'
allow $1 swat_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_swat_client_packets'
allow $1 swat_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_swat_client_packets'
kernel,corenetwork.if,corenet_receive_swat_client_packets'
allow $1 swat_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_swat_client_packets'
kernel,corenetwork.if,corenet_sendrecv_swat_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_swat_client_packets'
kernel,corenetwork.if,corenet_relabelto_swat_client_packets'
allow $1 swat_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_swat_server_packets'
allow $1 swat_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_swat_server_packets'
kernel,corenetwork.if,corenet_receive_swat_server_packets'
allow $1 swat_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_swat_server_packets'
kernel,corenetwork.if,corenet_sendrecv_swat_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_swat_server_packets'
kernel,corenetwork.if,corenet_relabelto_swat_server_packets'
allow $1 swat_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_syslogd_port'
allow $1 syslogd_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_syslogd_port'
allow $1 syslogd_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_syslogd_port'
kernel,corenetwork.if,corenet_udp_receive_syslogd_port'
allow $1 syslogd_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_syslogd_port'
kernel,corenetwork.if,corenet_udp_sendrecv_syslogd_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_syslogd_port'
kernel,corenetwork.if,corenet_tcp_bind_syslogd_port'
allow $1 syslogd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_syslogd_port'
allow $1 syslogd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_syslogd_port'
allow $1 syslogd_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_syslogd_client_packets'
allow $1 syslogd_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_syslogd_client_packets'
kernel,corenetwork.if,corenet_receive_syslogd_client_packets'
allow $1 syslogd_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_syslogd_client_packets'
kernel,corenetwork.if,corenet_sendrecv_syslogd_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_syslogd_client_packets'
kernel,corenetwork.if,corenet_relabelto_syslogd_client_packets'
allow $1 syslogd_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_syslogd_server_packets'
allow $1 syslogd_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_syslogd_server_packets'
kernel,corenetwork.if,corenet_receive_syslogd_server_packets'
allow $1 syslogd_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_syslogd_server_packets'
kernel,corenetwork.if,corenet_sendrecv_syslogd_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_syslogd_server_packets'
kernel,corenetwork.if,corenet_relabelto_syslogd_server_packets'
allow $1 syslogd_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_telnetd_port'
allow $1 telnetd_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_telnetd_port'
allow $1 telnetd_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_telnetd_port'
kernel,corenetwork.if,corenet_udp_receive_telnetd_port'
allow $1 telnetd_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_telnetd_port'
kernel,corenetwork.if,corenet_udp_sendrecv_telnetd_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_telnetd_port'
kernel,corenetwork.if,corenet_tcp_bind_telnetd_port'
allow $1 telnetd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_telnetd_port'
allow $1 telnetd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_telnetd_port'
allow $1 telnetd_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_telnetd_client_packets'
allow $1 telnetd_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_telnetd_client_packets'
kernel,corenetwork.if,corenet_receive_telnetd_client_packets'
allow $1 telnetd_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_telnetd_client_packets'
kernel,corenetwork.if,corenet_sendrecv_telnetd_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_telnetd_client_packets'
kernel,corenetwork.if,corenet_relabelto_telnetd_client_packets'
allow $1 telnetd_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_telnetd_server_packets'
allow $1 telnetd_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_telnetd_server_packets'
kernel,corenetwork.if,corenet_receive_telnetd_server_packets'
allow $1 telnetd_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_telnetd_server_packets'
kernel,corenetwork.if,corenet_sendrecv_telnetd_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_telnetd_server_packets'
kernel,corenetwork.if,corenet_relabelto_telnetd_server_packets'
allow $1 telnetd_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_tftp_port'
allow $1 tftp_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_tftp_port'
allow $1 tftp_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_tftp_port'
kernel,corenetwork.if,corenet_udp_receive_tftp_port'
allow $1 tftp_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_tftp_port'
kernel,corenetwork.if,corenet_udp_sendrecv_tftp_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_tftp_port'
kernel,corenetwork.if,corenet_tcp_bind_tftp_port'
allow $1 tftp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_tftp_port'
allow $1 tftp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_tftp_port'
allow $1 tftp_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_tftp_client_packets'
allow $1 tftp_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_tftp_client_packets'
kernel,corenetwork.if,corenet_receive_tftp_client_packets'
allow $1 tftp_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_tftp_client_packets'
kernel,corenetwork.if,corenet_sendrecv_tftp_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_tftp_client_packets'
kernel,corenetwork.if,corenet_relabelto_tftp_client_packets'
allow $1 tftp_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_tftp_server_packets'
allow $1 tftp_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_tftp_server_packets'
kernel,corenetwork.if,corenet_receive_tftp_server_packets'
allow $1 tftp_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_tftp_server_packets'
kernel,corenetwork.if,corenet_sendrecv_tftp_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_tftp_server_packets'
kernel,corenetwork.if,corenet_relabelto_tftp_server_packets'
allow $1 tftp_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_tor_port'
allow $1 tor_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_tor_port'
allow $1 tor_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_tor_port'
kernel,corenetwork.if,corenet_udp_receive_tor_port'
allow $1 tor_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_tor_port'
kernel,corenetwork.if,corenet_udp_sendrecv_tor_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_tor_port'
kernel,corenetwork.if,corenet_tcp_bind_tor_port'
allow $1 tor_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_tor_port'
allow $1 tor_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_tor_port'
allow $1 tor_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_tor_client_packets'
allow $1 tor_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_tor_client_packets'
kernel,corenetwork.if,corenet_receive_tor_client_packets'
allow $1 tor_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_tor_client_packets'
kernel,corenetwork.if,corenet_sendrecv_tor_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_tor_client_packets'
kernel,corenetwork.if,corenet_relabelto_tor_client_packets'
allow $1 tor_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_tor_server_packets'
allow $1 tor_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_tor_server_packets'
kernel,corenetwork.if,corenet_receive_tor_server_packets'
allow $1 tor_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_tor_server_packets'
kernel,corenetwork.if,corenet_sendrecv_tor_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_tor_server_packets'
kernel,corenetwork.if,corenet_relabelto_tor_server_packets'
allow $1 tor_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_traceroute_port'
allow $1 traceroute_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_traceroute_port'
allow $1 traceroute_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_traceroute_port'
kernel,corenetwork.if,corenet_udp_receive_traceroute_port'
allow $1 traceroute_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_traceroute_port'
kernel,corenetwork.if,corenet_udp_sendrecv_traceroute_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_traceroute_port'
kernel,corenetwork.if,corenet_tcp_bind_traceroute_port'
allow $1 traceroute_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_traceroute_port'
allow $1 traceroute_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_traceroute_port'
allow $1 traceroute_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_traceroute_client_packets'
allow $1 traceroute_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_traceroute_client_packets'
kernel,corenetwork.if,corenet_receive_traceroute_client_packets'
allow $1 traceroute_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_traceroute_client_packets'
kernel,corenetwork.if,corenet_sendrecv_traceroute_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_traceroute_client_packets'
kernel,corenetwork.if,corenet_relabelto_traceroute_client_packets'
allow $1 traceroute_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_traceroute_server_packets'
allow $1 traceroute_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_traceroute_server_packets'
kernel,corenetwork.if,corenet_receive_traceroute_server_packets'
allow $1 traceroute_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_traceroute_server_packets'
kernel,corenetwork.if,corenet_sendrecv_traceroute_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_traceroute_server_packets'
kernel,corenetwork.if,corenet_relabelto_traceroute_server_packets'
allow $1 traceroute_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_transproxy_port'
allow $1 transproxy_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_transproxy_port'
allow $1 transproxy_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_transproxy_port'
kernel,corenetwork.if,corenet_udp_receive_transproxy_port'
allow $1 transproxy_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_transproxy_port'
kernel,corenetwork.if,corenet_udp_sendrecv_transproxy_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_transproxy_port'
kernel,corenetwork.if,corenet_tcp_bind_transproxy_port'
allow $1 transproxy_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_transproxy_port'
allow $1 transproxy_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_transproxy_port'
allow $1 transproxy_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_transproxy_client_packets'
allow $1 transproxy_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_transproxy_client_packets'
kernel,corenetwork.if,corenet_receive_transproxy_client_packets'
allow $1 transproxy_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_transproxy_client_packets'
kernel,corenetwork.if,corenet_sendrecv_transproxy_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_transproxy_client_packets'
kernel,corenetwork.if,corenet_relabelto_transproxy_client_packets'
allow $1 transproxy_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_transproxy_server_packets'
allow $1 transproxy_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_transproxy_server_packets'
kernel,corenetwork.if,corenet_receive_transproxy_server_packets'
allow $1 transproxy_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_transproxy_server_packets'
kernel,corenetwork.if,corenet_sendrecv_transproxy_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_transproxy_server_packets'
kernel,corenetwork.if,corenet_relabelto_transproxy_server_packets'
allow $1 transproxy_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_uucpd_port'
allow $1 uucpd_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_uucpd_port'
allow $1 uucpd_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_uucpd_port'
kernel,corenetwork.if,corenet_udp_receive_uucpd_port'
allow $1 uucpd_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_uucpd_port'
kernel,corenetwork.if,corenet_udp_sendrecv_uucpd_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_uucpd_port'
kernel,corenetwork.if,corenet_tcp_bind_uucpd_port'
allow $1 uucpd_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_uucpd_port'
allow $1 uucpd_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_uucpd_port'
allow $1 uucpd_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_uucpd_client_packets'
allow $1 uucpd_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_uucpd_client_packets'
kernel,corenetwork.if,corenet_receive_uucpd_client_packets'
allow $1 uucpd_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_uucpd_client_packets'
kernel,corenetwork.if,corenet_sendrecv_uucpd_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_uucpd_client_packets'
kernel,corenetwork.if,corenet_relabelto_uucpd_client_packets'
allow $1 uucpd_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_uucpd_server_packets'
allow $1 uucpd_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_uucpd_server_packets'
kernel,corenetwork.if,corenet_receive_uucpd_server_packets'
allow $1 uucpd_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_uucpd_server_packets'
kernel,corenetwork.if,corenet_sendrecv_uucpd_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_uucpd_server_packets'
kernel,corenetwork.if,corenet_relabelto_uucpd_server_packets'
allow $1 uucpd_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_vnc_port'
allow $1 vnc_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_vnc_port'
allow $1 vnc_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_vnc_port'
kernel,corenetwork.if,corenet_udp_receive_vnc_port'
allow $1 vnc_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_vnc_port'
kernel,corenetwork.if,corenet_udp_sendrecv_vnc_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_vnc_port'
kernel,corenetwork.if,corenet_tcp_bind_vnc_port'
allow $1 vnc_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_vnc_port'
allow $1 vnc_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_vnc_port'
allow $1 vnc_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_vnc_client_packets'
allow $1 vnc_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_vnc_client_packets'
kernel,corenetwork.if,corenet_receive_vnc_client_packets'
allow $1 vnc_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_vnc_client_packets'
kernel,corenetwork.if,corenet_sendrecv_vnc_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_vnc_client_packets'
kernel,corenetwork.if,corenet_relabelto_vnc_client_packets'
allow $1 vnc_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_vnc_server_packets'
allow $1 vnc_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_vnc_server_packets'
kernel,corenetwork.if,corenet_receive_vnc_server_packets'
allow $1 vnc_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_vnc_server_packets'
kernel,corenetwork.if,corenet_sendrecv_vnc_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_vnc_server_packets'
kernel,corenetwork.if,corenet_relabelto_vnc_server_packets'
allow $1 vnc_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_wccp_port'
allow $1 wccp_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_wccp_port'
allow $1 wccp_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_wccp_port'
kernel,corenetwork.if,corenet_udp_receive_wccp_port'
allow $1 wccp_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_wccp_port'
kernel,corenetwork.if,corenet_udp_sendrecv_wccp_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_wccp_port'
kernel,corenetwork.if,corenet_tcp_bind_wccp_port'
allow $1 wccp_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_wccp_port'
allow $1 wccp_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_wccp_port'
allow $1 wccp_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_wccp_client_packets'
allow $1 wccp_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_wccp_client_packets'
kernel,corenetwork.if,corenet_receive_wccp_client_packets'
allow $1 wccp_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_wccp_client_packets'
kernel,corenetwork.if,corenet_sendrecv_wccp_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_wccp_client_packets'
kernel,corenetwork.if,corenet_relabelto_wccp_client_packets'
allow $1 wccp_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_wccp_server_packets'
allow $1 wccp_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_wccp_server_packets'
kernel,corenetwork.if,corenet_receive_wccp_server_packets'
allow $1 wccp_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_wccp_server_packets'
kernel,corenetwork.if,corenet_sendrecv_wccp_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_wccp_server_packets'
kernel,corenetwork.if,corenet_relabelto_wccp_server_packets'
allow $1 wccp_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_whois_port'
allow $1 whois_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_whois_port'
allow $1 whois_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_whois_port'
kernel,corenetwork.if,corenet_udp_receive_whois_port'
allow $1 whois_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_whois_port'
kernel,corenetwork.if,corenet_udp_sendrecv_whois_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_whois_port'
kernel,corenetwork.if,corenet_tcp_bind_whois_port'
allow $1 whois_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_whois_port'
allow $1 whois_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_whois_port'
allow $1 whois_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_whois_client_packets'
allow $1 whois_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_whois_client_packets'
kernel,corenetwork.if,corenet_receive_whois_client_packets'
allow $1 whois_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_whois_client_packets'
kernel,corenetwork.if,corenet_sendrecv_whois_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_whois_client_packets'
kernel,corenetwork.if,corenet_relabelto_whois_client_packets'
allow $1 whois_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_whois_server_packets'
allow $1 whois_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_whois_server_packets'
kernel,corenetwork.if,corenet_receive_whois_server_packets'
allow $1 whois_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_whois_server_packets'
kernel,corenetwork.if,corenet_sendrecv_whois_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_whois_server_packets'
kernel,corenetwork.if,corenet_relabelto_whois_server_packets'
allow $1 whois_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_xdmcp_port'
allow $1 xdmcp_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_xdmcp_port'
allow $1 xdmcp_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_xdmcp_port'
kernel,corenetwork.if,corenet_udp_receive_xdmcp_port'
allow $1 xdmcp_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_xdmcp_port'
kernel,corenetwork.if,corenet_udp_sendrecv_xdmcp_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_xdmcp_port'
kernel,corenetwork.if,corenet_tcp_bind_xdmcp_port'
allow $1 xdmcp_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_udp_bind_xdmcp_port'
allow $1 xdmcp_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
kernel,corenetwork.if,corenet_tcp_connect_xdmcp_port'
allow $1 xdmcp_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_xdmcp_client_packets'
allow $1 xdmcp_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_xdmcp_client_packets'
kernel,corenetwork.if,corenet_receive_xdmcp_client_packets'
allow $1 xdmcp_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_xdmcp_client_packets'
kernel,corenetwork.if,corenet_sendrecv_xdmcp_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_xdmcp_client_packets'
kernel,corenetwork.if,corenet_relabelto_xdmcp_client_packets'
allow $1 xdmcp_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_xdmcp_server_packets'
allow $1 xdmcp_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_xdmcp_server_packets'
kernel,corenetwork.if,corenet_receive_xdmcp_server_packets'
allow $1 xdmcp_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_xdmcp_server_packets'
kernel,corenetwork.if,corenet_sendrecv_xdmcp_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_xdmcp_server_packets'
kernel,corenetwork.if,corenet_relabelto_xdmcp_server_packets'
allow $1 xdmcp_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_xen_port'
allow $1 xen_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_xen_port'
allow $1 xen_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_xen_port'
kernel,corenetwork.if,corenet_udp_receive_xen_port'
allow $1 xen_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_xen_port'
kernel,corenetwork.if,corenet_udp_sendrecv_xen_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_xen_port'
kernel,corenetwork.if,corenet_tcp_bind_xen_port'
allow $1 xen_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_xen_port'
allow $1 xen_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_xen_port'
allow $1 xen_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_xen_client_packets'
allow $1 xen_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_xen_client_packets'
kernel,corenetwork.if,corenet_receive_xen_client_packets'
allow $1 xen_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_xen_client_packets'
kernel,corenetwork.if,corenet_sendrecv_xen_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_xen_client_packets'
kernel,corenetwork.if,corenet_relabelto_xen_client_packets'
allow $1 xen_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_xen_server_packets'
allow $1 xen_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_xen_server_packets'
kernel,corenetwork.if,corenet_receive_xen_server_packets'
allow $1 xen_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_xen_server_packets'
kernel,corenetwork.if,corenet_sendrecv_xen_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_xen_server_packets'
kernel,corenetwork.if,corenet_relabelto_xen_server_packets'
allow $1 xen_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_xfs_port'
allow $1 xfs_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_xfs_port'
allow $1 xfs_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_xfs_port'
kernel,corenetwork.if,corenet_udp_receive_xfs_port'
allow $1 xfs_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_xfs_port'
kernel,corenetwork.if,corenet_udp_sendrecv_xfs_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_xfs_port'
kernel,corenetwork.if,corenet_tcp_bind_xfs_port'
allow $1 xfs_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_xfs_port'
allow $1 xfs_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_xfs_port'
allow $1 xfs_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_xfs_client_packets'
allow $1 xfs_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_xfs_client_packets'
kernel,corenetwork.if,corenet_receive_xfs_client_packets'
allow $1 xfs_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_xfs_client_packets'
kernel,corenetwork.if,corenet_sendrecv_xfs_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_xfs_client_packets'
kernel,corenetwork.if,corenet_relabelto_xfs_client_packets'
allow $1 xfs_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_xfs_server_packets'
allow $1 xfs_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_xfs_server_packets'
kernel,corenetwork.if,corenet_receive_xfs_server_packets'
allow $1 xfs_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_xfs_server_packets'
kernel,corenetwork.if,corenet_sendrecv_xfs_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_xfs_server_packets'
kernel,corenetwork.if,corenet_relabelto_xfs_server_packets'
allow $1 xfs_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_xserver_port'
allow $1 xserver_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_xserver_port'
allow $1 xserver_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_xserver_port'
kernel,corenetwork.if,corenet_udp_receive_xserver_port'
allow $1 xserver_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_xserver_port'
kernel,corenetwork.if,corenet_udp_sendrecv_xserver_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_xserver_port'
kernel,corenetwork.if,corenet_tcp_bind_xserver_port'
allow $1 xserver_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_xserver_port'
allow $1 xserver_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_xserver_port'
allow $1 xserver_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_xserver_client_packets'
allow $1 xserver_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_xserver_client_packets'
kernel,corenetwork.if,corenet_receive_xserver_client_packets'
allow $1 xserver_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_xserver_client_packets'
kernel,corenetwork.if,corenet_sendrecv_xserver_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_xserver_client_packets'
kernel,corenetwork.if,corenet_relabelto_xserver_client_packets'
allow $1 xserver_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_xserver_server_packets'
allow $1 xserver_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_xserver_server_packets'
kernel,corenetwork.if,corenet_receive_xserver_server_packets'
allow $1 xserver_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_xserver_server_packets'
kernel,corenetwork.if,corenet_sendrecv_xserver_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_xserver_server_packets'
kernel,corenetwork.if,corenet_relabelto_xserver_server_packets'
allow $1 xserver_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_zebra_port'
allow $1 zebra_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_zebra_port'
allow $1 zebra_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_zebra_port'
kernel,corenetwork.if,corenet_udp_receive_zebra_port'
allow $1 zebra_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_zebra_port'
kernel,corenetwork.if,corenet_udp_sendrecv_zebra_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_zebra_port'
kernel,corenetwork.if,corenet_tcp_bind_zebra_port'
allow $1 zebra_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_zebra_port'
allow $1 zebra_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_zebra_port'
allow $1 zebra_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_zebra_client_packets'
allow $1 zebra_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_zebra_client_packets'
kernel,corenetwork.if,corenet_receive_zebra_client_packets'
allow $1 zebra_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_zebra_client_packets'
kernel,corenetwork.if,corenet_sendrecv_zebra_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_zebra_client_packets'
kernel,corenetwork.if,corenet_relabelto_zebra_client_packets'
allow $1 zebra_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_zebra_server_packets'
allow $1 zebra_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_zebra_server_packets'
kernel,corenetwork.if,corenet_receive_zebra_server_packets'
allow $1 zebra_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_zebra_server_packets'
kernel,corenetwork.if,corenet_sendrecv_zebra_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_zebra_server_packets'
kernel,corenetwork.if,corenet_relabelto_zebra_server_packets'
allow $1 zebra_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_zope_port'
allow $1 zope_port_t:tcp_socket { send_msg recv_msg };
kernel,corenetwork.if,corenet_udp_send_zope_port'
allow $1 zope_port_t:udp_socket send_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_send_zope_port'
kernel,corenetwork.if,corenet_udp_receive_zope_port'
allow $1 zope_port_t:udp_socket recv_msg;
kernel,corenetwork.if,corenet_dontaudit_udp_receive_zope_port'
kernel,corenetwork.if,corenet_udp_sendrecv_zope_port'
kernel,corenetwork.if,corenet_dontaudit_udp_sendrecv_zope_port'
kernel,corenetwork.if,corenet_tcp_bind_zope_port'
allow $1 zope_port_t:tcp_socket name_bind;
kernel,corenetwork.if,corenet_udp_bind_zope_port'
allow $1 zope_port_t:udp_socket name_bind;
kernel,corenetwork.if,corenet_tcp_connect_zope_port'
allow $1 zope_port_t:tcp_socket name_connect;
kernel,corenetwork.if,corenet_send_zope_client_packets'
allow $1 zope_client_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_zope_client_packets'
kernel,corenetwork.if,corenet_receive_zope_client_packets'
allow $1 zope_client_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_zope_client_packets'
kernel,corenetwork.if,corenet_sendrecv_zope_client_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_zope_client_packets'
kernel,corenetwork.if,corenet_relabelto_zope_client_packets'
allow $1 zope_client_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_send_zope_server_packets'
allow $1 zope_server_packet_t:packet send;
kernel,corenetwork.if,corenet_dontaudit_send_zope_server_packets'
kernel,corenetwork.if,corenet_receive_zope_server_packets'
allow $1 zope_server_packet_t:packet recv;
kernel,corenetwork.if,corenet_dontaudit_receive_zope_server_packets'
kernel,corenetwork.if,corenet_sendrecv_zope_server_packets'
kernel,corenetwork.if,corenet_dontaudit_sendrecv_zope_server_packets'
kernel,corenetwork.if,corenet_relabelto_zope_server_packets'
allow $1 zope_server_packet_t:packet relabelto;
kernel,corenetwork.if,corenet_tcp_sendrecv_compat_ipv4_node'
allow $1 compat_ipv4_node_t:node { tcp_send tcp_recv sendto recvfrom };
kernel,corenetwork.if,corenet_udp_send_compat_ipv4_node'
allow $1 compat_ipv4_node_t:node { udp_send sendto };
kernel,corenetwork.if,corenet_udp_receive_compat_ipv4_node'
allow $1 compat_ipv4_node_t:node { udp_recv recvfrom };
kernel,corenetwork.if,corenet_udp_sendrecv_compat_ipv4_node'
kernel,corenetwork.if,corenet_send_compat_ipv4_node'
allow $1 compat_ipv4_node_t:node { rawip_send sendto };
kernel,corenetwork.if,corenet_receive_compat_ipv4_node'
allow $1 compat_ipv4_node_t:node { rawip_recv recvfrom };
kernel,corenetwork.if,corenet_sendrecv_compat_ipv4_node'
kernel,corenetwork.if,corenet_tcp_bind_compat_ipv4_node'
allow $1 compat_ipv4_node_t:tcp_socket node_bind;
kernel,corenetwork.if,corenet_udp_bind_compat_ipv4_node'
allow $1 compat_ipv4_node_t:udp_socket node_bind;
kernel,corenetwork.if,corenet_tcp_sendrecv_inaddr_any_node'
allow $1 inaddr_any_node_t:node { tcp_send tcp_recv sendto recvfrom };
kernel,corenetwork.if,corenet_udp_send_inaddr_any_node'
allow $1 inaddr_any_node_t:node { udp_send sendto };
kernel,corenetwork.if,corenet_udp_receive_inaddr_any_node'
allow $1 inaddr_any_node_t:node { udp_recv recvfrom };
kernel,corenetwork.if,corenet_udp_sendrecv_inaddr_any_node'
kernel,corenetwork.if,corenet_send_inaddr_any_node'
allow $1 inaddr_any_node_t:node { rawip_send sendto };
kernel,corenetwork.if,corenet_receive_inaddr_any_node'
allow $1 inaddr_any_node_t:node { rawip_recv recvfrom };
kernel,corenetwork.if,corenet_sendrecv_inaddr_any_node'
kernel,corenetwork.if,corenet_tcp_bind_inaddr_any_node'
allow $1 inaddr_any_node_t:tcp_socket node_bind;
kernel,corenetwork.if,corenet_udp_bind_inaddr_any_node'
allow $1 inaddr_any_node_t:udp_socket node_bind;
kernel,corenetwork.if,corenet_tcp_sendrecv_link_local_node'
allow $1 link_local_node_t:node { tcp_send tcp_recv sendto recvfrom };
kernel,corenetwork.if,corenet_udp_send_link_local_node'
allow $1 link_local_node_t:node { udp_send sendto };
kernel,corenetwork.if,corenet_udp_receive_link_local_node'
allow $1 link_local_node_t:node { udp_recv recvfrom };
kernel,corenetwork.if,corenet_udp_sendrecv_link_local_node'
kernel,corenetwork.if,corenet_send_link_local_node'
allow $1 link_local_node_t:node { rawip_send sendto };
kernel,corenetwork.if,corenet_receive_link_local_node'
allow $1 link_local_node_t:node { rawip_recv recvfrom };
kernel,corenetwork.if,corenet_sendrecv_link_local_node'
kernel,corenetwork.if,corenet_tcp_bind_link_local_node'
allow $1 link_local_node_t:tcp_socket node_bind;
kernel,corenetwork.if,corenet_udp_bind_link_local_node'
allow $1 link_local_node_t:udp_socket node_bind;
kernel,corenetwork.if,corenet_tcp_sendrecv_lo_node'
allow $1 lo_node_t:node { tcp_send tcp_recv sendto recvfrom };
kernel,corenetwork.if,corenet_udp_send_lo_node'
allow $1 lo_node_t:node { udp_send sendto };
kernel,corenetwork.if,corenet_udp_receive_lo_node'
allow $1 lo_node_t:node { udp_recv recvfrom };
kernel,corenetwork.if,corenet_udp_sendrecv_lo_node'
kernel,corenetwork.if,corenet_send_lo_node'
allow $1 lo_node_t:node { rawip_send sendto };
kernel,corenetwork.if,corenet_receive_lo_node'
allow $1 lo_node_t:node { rawip_recv recvfrom };
kernel,corenetwork.if,corenet_sendrecv_lo_node'
kernel,corenetwork.if,corenet_tcp_bind_lo_node'
allow $1 lo_node_t:tcp_socket node_bind;
kernel,corenetwork.if,corenet_udp_bind_lo_node'
allow $1 lo_node_t:udp_socket node_bind;
kernel,corenetwork.if,corenet_tcp_sendrecv_mapped_ipv4_node'
allow $1 mapped_ipv4_node_t:node { tcp_send tcp_recv sendto recvfrom };
kernel,corenetwork.if,corenet_udp_send_mapped_ipv4_node'
allow $1 mapped_ipv4_node_t:node { udp_send sendto };
kernel,corenetwork.if,corenet_udp_receive_mapped_ipv4_node'
allow $1 mapped_ipv4_node_t:node { udp_recv recvfrom };
kernel,corenetwork.if,corenet_udp_sendrecv_mapped_ipv4_node'
kernel,corenetwork.if,corenet_send_mapped_ipv4_node'
allow $1 mapped_ipv4_node_t:node { rawip_send sendto };
kernel,corenetwork.if,corenet_receive_mapped_ipv4_node'
allow $1 mapped_ipv4_node_t:node { rawip_recv recvfrom };
kernel,corenetwork.if,corenet_sendrecv_mapped_ipv4_node'
kernel,corenetwork.if,corenet_tcp_bind_mapped_ipv4_node'
allow $1 mapped_ipv4_node_t:tcp_socket node_bind;
kernel,corenetwork.if,corenet_udp_bind_mapped_ipv4_node'
allow $1 mapped_ipv4_node_t:udp_socket node_bind;
kernel,corenetwork.if,corenet_tcp_sendrecv_multicast_node'
allow $1 multicast_node_t:node { tcp_send tcp_recv sendto recvfrom };
kernel,corenetwork.if,corenet_udp_send_multicast_node'
allow $1 multicast_node_t:node { udp_send sendto };
kernel,corenetwork.if,corenet_udp_receive_multicast_node'
allow $1 multicast_node_t:node { udp_recv recvfrom };
kernel,corenetwork.if,corenet_udp_sendrecv_multicast_node'
kernel,corenetwork.if,corenet_send_multicast_node'
allow $1 multicast_node_t:node { rawip_send sendto };
kernel,corenetwork.if,corenet_receive_multicast_node'
allow $1 multicast_node_t:node { rawip_recv recvfrom };
kernel,corenetwork.if,corenet_sendrecv_multicast_node'
kernel,corenetwork.if,corenet_tcp_bind_multicast_node'
allow $1 multicast_node_t:tcp_socket node_bind;
kernel,corenetwork.if,corenet_udp_bind_multicast_node'
allow $1 multicast_node_t:udp_socket node_bind;
kernel,corenetwork.if,corenet_tcp_sendrecv_site_local_node'
allow $1 site_local_node_t:node { tcp_send tcp_recv sendto recvfrom };
kernel,corenetwork.if,corenet_udp_send_site_local_node'
allow $1 site_local_node_t:node { udp_send sendto };
kernel,corenetwork.if,corenet_udp_receive_site_local_node'
allow $1 site_local_node_t:node { udp_recv recvfrom };
kernel,corenetwork.if,corenet_udp_sendrecv_site_local_node'
kernel,corenetwork.if,corenet_send_site_local_node'
allow $1 site_local_node_t:node { rawip_send sendto };
kernel,corenetwork.if,corenet_receive_site_local_node'
allow $1 site_local_node_t:node { rawip_recv recvfrom };
kernel,corenetwork.if,corenet_sendrecv_site_local_node'
kernel,corenetwork.if,corenet_tcp_bind_site_local_node'
allow $1 site_local_node_t:tcp_socket node_bind;
kernel,corenetwork.if,corenet_udp_bind_site_local_node'
allow $1 site_local_node_t:udp_socket node_bind;
kernel,corenetwork.if,corenet_tcp_sendrecv_unspec_node'
allow $1 unspec_node_t:node { tcp_send tcp_recv sendto recvfrom };
kernel,corenetwork.if,corenet_udp_send_unspec_node'
allow $1 unspec_node_t:node { udp_send sendto };
kernel,corenetwork.if,corenet_udp_receive_unspec_node'
allow $1 unspec_node_t:node { udp_recv recvfrom };
kernel,corenetwork.if,corenet_udp_sendrecv_unspec_node'
kernel,corenetwork.if,corenet_send_unspec_node'
allow $1 unspec_node_t:node { rawip_send sendto };
kernel,corenetwork.if,corenet_receive_unspec_node'
allow $1 unspec_node_t:node { rawip_recv recvfrom };
kernel,corenetwork.if,corenet_sendrecv_unspec_node'
kernel,corenetwork.if,corenet_tcp_bind_unspec_node'
allow $1 unspec_node_t:tcp_socket node_bind;
kernel,corenetwork.if,corenet_udp_bind_unspec_node'
allow $1 unspec_node_t:udp_socket node_bind;
kernel,corenetwork.if,corenet_tcp_sendrecv_lo_if'
allow $1 lo_netif_t:netif { tcp_send tcp_recv egress ingress };
kernel,corenetwork.if,corenet_udp_send_lo_if'
allow $1 lo_netif_t:netif { udp_send egress };
kernel,corenetwork.if,corenet_udp_receive_lo_if'
allow $1 lo_netif_t:netif { udp_recv ingress };
kernel,corenetwork.if,corenet_udp_sendrecv_lo_if'
kernel,corenetwork.if,corenet_send_lo_if'
allow $1 lo_netif_t:netif { rawip_send egress };
kernel,corenetwork.if,corenet_receive_lo_if'
allow $1 lo_netif_t:netif { rawip_recv ingress };
kernel,corenetwork.if,corenet_sendrecv_lo_if'
kernel,devices.if,dev_node'
kernel,devices.if,dev_relabel_all_dev_nodes'
allow $1 device_t:dir { getattr search };
allow $1 device_node:dir { getattr relabelfrom };
allow $1 device_t:dir { getattr search };
allow $1 device_node:file { getattr relabelfrom };
allow $1 device_t:dir { getattr search };
allow $1 device_node:lnk_file { getattr relabelfrom };
allow $1 device_t:dir { getattr search };
allow $1 device_node:fifo_file { getattr relabelfrom };
allow $1 device_t:dir { getattr search };
allow $1 device_node:sock_file { getattr relabelfrom };
allow $1 device_t:dir { getattr search };
allow $1 { device_t device_node }:blk_file { getattr relabelfrom relabelto };
allow $1 device_t:dir { getattr search };
allow $1 { device_t device_node }:chr_file { getattr relabelfrom relabelto };
kernel,devices.if,dev_list_all_dev_nodes'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
kernel,devices.if,dev_setattr_generic_dirs'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { setattr };
kernel,devices.if,dev_dontaudit_list_all_dev_nodes'
kernel,devices.if,dev_add_entry_generic_dirs'
allow $1 device_t:dir { getattr search lock ioctl write add_name };
kernel,devices.if,dev_create_generic_dirs'
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search lock ioctl write add_name };
allow $1 device_t:dir { getattr create };
kernel,devices.if,dev_delete_generic_dirs'
allow $1 device_t:dir { getattr search lock ioctl write remove_name };
allow $1 device_t:dir { getattr rmdir };
kernel,devices.if,dev_relabel_generic_dev_dirs'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr relabelfrom relabelto };
kernel,devices.if,dev_dontaudit_getattr_generic_files'
kernel,devices.if,dev_rw_generic_files'
allow $1 device_t:dir { getattr search };
allow $1 device_t:file { getattr read write append ioctl lock };
kernel,devices.if,dev_delete_generic_files'
allow $1 device_t:dir { getattr search lock ioctl write remove_name };
allow $1 device_t:file { getattr unlink };
kernel,devices.if,dev_manage_generic_files'
allow $1 device_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 device_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,devices.if,dev_dontaudit_getattr_generic_pipes'
kernel,devices.if,dev_getattr_generic_blk_files'
allow $1 device_t:dir { getattr search };
allow $1 device_t:blk_file { getattr };
kernel,devices.if,dev_dontaudit_getattr_generic_blk_files'
kernel,devices.if,dev_dontaudit_setattr_generic_blk_files'
kernel,devices.if,dev_create_generic_chr_files'
allow $1 self:capability mknod;
allow $1 device_t:dir { getattr search lock ioctl write add_name };
allow $1 device_t:chr_file { getattr create };
kernel,devices.if,dev_getattr_generic_chr_files'
allow $1 device_t:dir { getattr search };
allow $1 device_t:chr_file { getattr };
kernel,devices.if,dev_dontaudit_getattr_generic_chr_files'
kernel,devices.if,dev_dontaudit_setattr_generic_chr_files'
kernel,devices.if,dev_dontaudit_setattr_generic_symlinks'
kernel,devices.if,dev_create_generic_symlinks'
allow $1 device_t:dir { getattr search lock ioctl write add_name };
allow $1 device_t:lnk_file { create getattr };
kernel,devices.if,dev_delete_generic_symlinks'
allow $1 device_t:dir { getattr search lock ioctl write remove_name };
allow $1 device_t:lnk_file { getattr unlink };
kernel,devices.if,dev_manage_generic_symlinks'
allow $1 device_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 device_t:lnk_file { create read getattr setattr unlink rename };
kernel,devices.if,dev_relabel_generic_symlinks'
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr relabelfrom relabelto };
kernel,devices.if,dev_manage_all_dev_nodes'
allow $1 device_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 device_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 device_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 device_t:sock_file { create getattr setattr read write rename link unlink ioctl lock append };
allow $1 device_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 device_t:lnk_file { create read getattr setattr unlink rename };
allow $1 self:capability mknod;
allow $1 device_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 { device_t device_node }:chr_file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 self:capability mknod;
allow $1 device_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 { device_t device_node }:blk_file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr relabelfrom relabelto };
allow $1 device_t:dir { getattr search };
allow $1 { device_t device_node }:chr_file { getattr relabelfrom relabelto };
allow $1 device_t:dir { getattr search };
allow $1 { device_t device_node }:blk_file { getattr relabelfrom relabelto };
allow $1 fixed_disk_device_t:blk_file { getattr read lock ioctl };
allow $1 fixed_disk_device_t:chr_file { getattr read lock ioctl };
allow $1 fixed_disk_device_t:blk_file { getattr write append lock ioctl };
allow $1 fixed_disk_device_t:chr_file { getattr write append lock ioctl };
allow $1 scsi_generic_device_t:chr_file { getattr read lock ioctl };
allow $1 scsi_generic_device_t:chr_file { getattr write append lock ioctl };
kernel,devices.if,dev_dontaudit_rw_generic_dev_nodes'
kernel,devices.if,dev_manage_generic_blk_files'
allow $1 self:capability mknod;
allow $1 device_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 device_t:blk_file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,devices.if,dev_manage_generic_chr_files'
allow $1 self:capability mknod;
allow $1 device_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 device_t:chr_file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,devices.if,dev_filetrans'
allow $1 device_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 tmpfs_t:filesystem associate;
allow $2 tmp_t:filesystem associate;
kernel,devices.if,dev_getattr_all_blk_files'
allow $1 device_t:dir { getattr search };
allow $1 device_node:blk_file { getattr };
kernel,devices.if,dev_dontaudit_getattr_all_blk_files'
kernel,devices.if,dev_getattr_all_chr_files'
allow $1 device_t:dir { getattr search };
allow $1 device_node:chr_file { getattr };
kernel,devices.if,dev_dontaudit_getattr_all_chr_files'
kernel,devices.if,dev_setattr_all_blk_files'
allow $1 device_t:dir { getattr search };
allow $1 device_node:blk_file { setattr };
kernel,devices.if,dev_setattr_all_chr_files'
allow $1 device_t:dir { getattr search };
allow $1 device_node:chr_file { setattr };
kernel,devices.if,dev_dontaudit_read_all_blk_files'
kernel,devices.if,dev_dontaudit_read_all_chr_files'
kernel,devices.if,dev_create_all_blk_files'
allow $1 self:capability mknod;
allow $1 device_t:dir { getattr search lock ioctl write add_name };
allow $1 device_node:blk_file { getattr create };
kernel,devices.if,dev_create_all_chr_files'
allow $1 self:capability mknod;
allow $1 device_t:dir { getattr search lock ioctl write add_name };
allow $1 device_node:chr_file { getattr create };
kernel,devices.if,dev_delete_all_blk_files'
allow $1 device_t:dir { getattr search lock ioctl write remove_name };
allow $1 device_node:blk_file { getattr unlink };
kernel,devices.if,dev_delete_all_chr_files'
allow $1 device_t:dir { getattr search lock ioctl write remove_name };
allow $1 device_node:chr_file { getattr unlink };
kernel,devices.if,dev_rename_all_blk_files'
allow $1 device_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 device_node:blk_file { getattr rename };
kernel,devices.if,dev_rename_all_chr_files'
allow $1 device_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 device_node:chr_file { getattr rename };
kernel,devices.if,dev_manage_all_blk_files'
allow $1 self:capability mknod;
allow $1 device_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 device_node:blk_file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 fixed_disk_device_t:blk_file { getattr read lock ioctl };
allow $1 fixed_disk_device_t:chr_file { getattr read lock ioctl };
allow $1 fixed_disk_device_t:blk_file { getattr write append lock ioctl };
allow $1 fixed_disk_device_t:chr_file { getattr write append lock ioctl };
allow $1 scsi_generic_device_t:chr_file { getattr read lock ioctl };
allow $1 scsi_generic_device_t:chr_file { getattr write append lock ioctl };
kernel,devices.if,dev_manage_all_chr_files'
allow $1 self:capability mknod;
allow $1 device_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 device_node:chr_file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,devices.if,dev_getattr_agp_dev'
allow $1 device_t:dir { getattr search };
allow $1 agp_device_t:chr_file { getattr };
kernel,devices.if,dev_rw_agp'
allow $1 device_t:dir { getattr search };
allow $1 agp_device_t:chr_file { getattr read write append ioctl lock };
kernel,devices.if,dev_getattr_apm_bios_dev'
allow $1 device_t:dir { getattr search };
allow $1 apm_bios_t:chr_file { getattr };
kernel,devices.if,dev_dontaudit_getattr_apm_bios_dev'
kernel,devices.if,dev_setattr_apm_bios_dev'
allow $1 device_t:dir { getattr search };
allow $1 apm_bios_t:chr_file { setattr };
kernel,devices.if,dev_dontaudit_setattr_apm_bios_dev'
kernel,devices.if,dev_rw_apm_bios'
allow $1 device_t:dir { getattr search };
allow $1 apm_bios_t:chr_file { getattr read write append ioctl lock };
kernel,devices.if,dev_rw_cardmgr'
allow $1 device_t:dir { getattr search };
allow $1 cardmgr_dev_t:chr_file { getattr read write append ioctl lock };
kernel,devices.if,dev_dontaudit_rw_cardmgr'
kernel,devices.if,dev_manage_cardmgr_dev'
allow $1 self:capability mknod;
allow $1 device_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 cardmgr_dev_t:chr_file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 self:capability mknod;
allow $1 device_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 cardmgr_dev_t:blk_file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,devices.if,dev_create_cardmgr_dev'
allow $1 self:capability mknod;
allow $1 device_t:dir { getattr search lock ioctl write add_name };
allow $1 cardmgr_dev_t:chr_file { getattr create };
allow $1 self:capability mknod;
allow $1 device_t:dir { getattr search lock ioctl write add_name };
allow $1 cardmgr_dev_t:blk_file { getattr create };
allow $1 device_t:dir { read getattr lock search ioctl add_name remove_name write };
kernel,devices.if,dev_getattr_cpu_dev'
allow $1 device_t:dir { getattr search };
allow $1 cpu_device_t:chr_file { getattr };
kernel,devices.if,dev_read_cpuid'
allow $1 device_t:dir { getattr search };
allow $1 cpu_device_t:chr_file { getattr read lock ioctl };
kernel,devices.if,dev_rw_cpu_microcode'
allow $1 device_t:dir { getattr search };
allow $1 cpu_device_t:chr_file { getattr read write append ioctl lock };
kernel,devices.if,dev_rw_crypto'
allow $1 device_t:dir { getattr search };
allow $1 crypt_device_t:chr_file { getattr read write append ioctl lock };
kernel,devices.if,dev_getattr_dri_dev'
allow $1 device_t:dir { getattr search };
allow $1 dri_device_t:chr_file { getattr };
kernel,devices.if,dev_setattr_dri_dev'
allow $1 device_t:dir { getattr search };
allow $1 dri_device_t:chr_file { setattr };
kernel,devices.if,dev_rw_dri'
allow $1 device_t:dir { getattr search };
allow $1 dri_device_t:chr_file { getattr read write append ioctl lock };
kernel,devices.if,dev_dontaudit_rw_dri'
kernel,devices.if,dev_manage_dri_dev'
allow $1 self:capability mknod;
allow $1 device_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 dri_device_t:chr_file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 device_t:dir { read getattr lock search ioctl add_name remove_name write };
kernel,devices.if,dev_getattr_input_dev'
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 event_device_t:chr_file getattr;
kernel,devices.if,dev_setattr_input_dev'
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 event_device_t:chr_file setattr;
kernel,devices.if,dev_read_input'
allow $1 device_t:dir { getattr search };
allow $1 event_device_t:chr_file { getattr read lock ioctl };
kernel,devices.if,dev_rw_input_dev'
allow $1 device_t:dir { getattr search };
allow $1 event_device_t:chr_file { getattr read write append ioctl lock };
kernel,devices.if,dev_getattr_framebuffer_dev'
allow $1 device_t:dir { getattr search };
allow $1 framebuf_device_t:chr_file { getattr };
kernel,devices.if,dev_setattr_framebuffer_dev'
allow $1 device_t:dir { getattr search };
allow $1 framebuf_device_t:chr_file { setattr };
kernel,devices.if,dev_dontaudit_setattr_framebuffer_dev'
kernel,devices.if,dev_read_framebuffer'
allow $1 device_t:dir { getattr search };
allow $1 framebuf_device_t:chr_file { getattr read lock ioctl };
kernel,devices.if,dev_dontaudit_read_framebuffer'
kernel,devices.if,dev_write_framebuffer'
allow $1 device_t:dir { getattr search };
allow $1 framebuf_device_t:chr_file { getattr write append lock ioctl };
kernel,devices.if,dev_rw_framebuffer'
allow $1 device_t:dir { getattr search };
allow $1 framebuf_device_t:chr_file { getattr read write append ioctl lock };
kernel,devices.if,dev_read_lvm_control'
allow $1 device_t:dir { getattr search };
allow $1 lvm_control_t:chr_file { getattr read lock ioctl };
kernel,devices.if,dev_rw_lvm_control'
allow $1 device_t:dir { getattr search };
allow $1 lvm_control_t:chr_file { getattr read write append ioctl lock };
kernel,devices.if,dev_delete_lvm_control_dev'
allow $1 device_t:dir { getattr search lock ioctl write remove_name };
allow $1 lvm_control_t:chr_file { getattr unlink };
kernel,devices.if,dev_dontaudit_getattr_memory_dev'
kernel,devices.if,dev_read_memory'
allow $1 device_t:dir { getattr search };
allow $1 memory_device_t:chr_file { getattr read lock ioctl };
allow $1 self:capability sysio;
kernel,devices.if,dev_write_memory'
allow $1 device_t:dir { getattr search };
allow $1 memory_device_t:chr_file { getattr write append lock ioctl };
allow $1 self:capability sysio;
kernel,devices.if,dev_rx_memory'
allow $1 memory_device_t:chr_file execute;
kernel,devices.if,dev_wx_memory'
allow $1 memory_device_t:chr_file execute;
kernel,devices.if,dev_getattr_misc_dev'
allow $1 device_t:dir { getattr search };
allow $1 misc_device_t:chr_file { getattr };
kernel,devices.if,dev_dontaudit_getattr_misc_dev'
kernel,devices.if,dev_setattr_misc_dev'
allow $1 device_t:dir { getattr search };
allow $1 misc_device_t:chr_file { setattr };
kernel,devices.if,dev_dontaudit_setattr_misc_dev'
kernel,devices.if,dev_read_misc'
allow $1 device_t:dir { getattr search };
allow $1 misc_device_t:chr_file { getattr read lock ioctl };
kernel,devices.if,dev_write_misc'
allow $1 device_t:dir { getattr search };
allow $1 misc_device_t:chr_file { getattr write append lock ioctl };
kernel,devices.if,dev_dontaudit_rw_misc'
kernel,devices.if,dev_getattr_mouse_dev'
allow $1 device_t:dir { getattr search };
allow $1 mouse_device_t:chr_file { getattr };
kernel,devices.if,dev_setattr_mouse_dev'
allow $1 device_t:dir { getattr search };
allow $1 mouse_device_t:chr_file { setattr };
kernel,devices.if,dev_read_mouse'
allow $1 device_t:dir { getattr search };
allow $1 mouse_device_t:chr_file { getattr read lock ioctl };
kernel,devices.if,dev_rw_mouse'
allow $1 device_t:dir { getattr search };
allow $1 mouse_device_t:chr_file { getattr read write append ioctl lock };
kernel,devices.if,dev_getattr_mtrr_dev'
allow $1 device_t:dir { getattr search };
allow $1 mtrr_device_t:file { getattr };
allow $1 device_t:dir { getattr search };
allow $1 mtrr_device_t:chr_file { getattr };
kernel,devices.if,dev_read_mtrr'
kernel,devices.if,dev_write_mtrr'
kernel,devices.if,dev_rw_mtrr'
allow $1 device_t:dir { getattr search };
allow $1 mtrr_device_t:file { getattr read write append ioctl lock };
allow $1 device_t:dir { getattr search };
allow $1 mtrr_device_t:chr_file { getattr read write append ioctl lock };
kernel,devices.if,dev_rw_null'
allow $1 device_t:dir { getattr search };
allow $1 null_device_t:chr_file { getattr read write append ioctl lock };
kernel,devices.if,dev_create_null_dev'
allow $1 self:capability mknod;
allow $1 device_t:dir { getattr search lock ioctl write add_name };
allow $1 null_device_t:chr_file { getattr create };
kernel,devices.if,dev_dontaudit_getattr_nvram_dev'
kernel,devices.if,dev_rw_nvram'
allow $1 device_t:dir { getattr search };
allow $1 nvram_device_t:chr_file { getattr read write append ioctl lock };
kernel,devices.if,dev_getattr_printer_dev'
allow $1 device_t:dir { getattr search };
allow $1 printer_device_t:chr_file { getattr };
kernel,devices.if,dev_setattr_printer_dev'
allow $1 device_t:dir { getattr search };
allow $1 printer_device_t:chr_file { setattr };
kernel,devices.if,dev_append_printer'
allow $1 device_t:dir { getattr search };
allow $1 printer_device_t:chr_file { getattr append lock ioctl };
kernel,devices.if,dev_rw_printer'
allow $1 device_t:dir { getattr search };
allow $1 printer_device_t:chr_file { getattr read write append ioctl lock };
kernel,devices.if,dev_read_rand'
allow $1 device_t:dir { getattr search };
allow $1 random_device_t:chr_file { getattr read lock ioctl };
kernel,devices.if,dev_dontaudit_read_rand'
kernel,devices.if,dev_write_rand'
allow $1 device_t:dir { getattr search };
allow $1 random_device_t:chr_file { getattr write append lock ioctl };
kernel,devices.if,dev_read_realtime_clock'
allow $1 device_t:dir { getattr search };
allow $1 clock_device_t:chr_file { getattr read lock ioctl };
kernel,devices.if,dev_write_realtime_clock'
allow $1 device_t:dir { getattr search };
allow $1 clock_device_t:chr_file { getattr write append lock ioctl };
allow $1 clock_device_t:chr_file setattr;
kernel,devices.if,dev_rw_realtime_clock'
kernel,devices.if,dev_getattr_scanner_dev'
allow $1 device_t:dir { getattr search };
allow $1 scanner_device_t:chr_file { getattr };
kernel,devices.if,dev_dontaudit_getattr_scanner_dev'
kernel,devices.if,dev_setattr_scanner_dev'
allow $1 device_t:dir { getattr search };
allow $1 scanner_device_t:chr_file { setattr };
kernel,devices.if,dev_dontaudit_setattr_scanner_dev'
kernel,devices.if,dev_rw_scanner'
allow $1 device_t:dir { getattr search };
allow $1 scanner_device_t:chr_file { getattr read write append ioctl lock };
kernel,devices.if,dev_getattr_sound_dev'
allow $1 device_t:dir { getattr search };
allow $1 sound_device_t:chr_file { getattr };
kernel,devices.if,dev_setattr_sound_dev'
allow $1 device_t:dir { getattr search };
allow $1 sound_device_t:chr_file { setattr };
kernel,devices.if,dev_read_sound'
allow $1 device_t:dir { getattr search };
allow $1 sound_device_t:chr_file { getattr read lock ioctl };
kernel,devices.if,dev_write_sound'
allow $1 device_t:dir { getattr search };
allow $1 sound_device_t:chr_file { getattr write append lock ioctl };
kernel,devices.if,dev_read_sound_mixer'
allow $1 device_t:dir { getattr search };
allow $1 sound_device_t:chr_file { getattr read lock ioctl };
kernel,devices.if,dev_write_sound_mixer'
allow $1 device_t:dir { getattr search };
allow $1 sound_device_t:chr_file { getattr write append lock ioctl };
kernel,devices.if,dev_getattr_power_mgmt_dev'
allow $1 device_t:dir { getattr search };
allow $1 power_device_t:chr_file { getattr };
kernel,devices.if,dev_setattr_power_mgmt_dev'
allow $1 device_t:dir { getattr search };
allow $1 power_device_t:chr_file { setattr };
kernel,devices.if,dev_rw_power_management'
allow $1 device_t:dir { getattr search };
allow $1 power_device_t:chr_file { getattr read write append ioctl lock };
kernel,devices.if,dev_getattr_smartcard_dev'
allow $1 smartcard_device_t:chr_file getattr;
kernel,devices.if,dev_dontaudit_getattr_smartcard_dev'
kernel,devices.if,dev_rw_smartcard'
allow $1 device_t:dir { getattr search };
allow $1 smartcard_device_t:chr_file { getattr read write append ioctl lock };
kernel,devices.if,dev_manage_smartcard'
allow $1 self:capability mknod;
allow $1 device_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 smartcard_device_t:chr_file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,devices.if,dev_getattr_sysfs_dirs'
allow $1 sysfs_t:dir { getattr };
kernel,devices.if,dev_search_sysfs'
allow $1 sysfs_t:dir { getattr search };
allow $1 sysfs_t:dir { getattr search };
kernel,devices.if,dev_dontaudit_search_sysfs'
kernel,devices.if,dev_list_sysfs'
allow $1 sysfs_t:dir { getattr search };
allow $1 sysfs_t:dir { getattr search read lock ioctl };
kernel,devices.if,dev_write_sysfs_dirs'
allow $1 sysfs_t:dir write;
kernel,devices.if,dev_read_sysfs'
allow $1 sysfs_t:dir { getattr search };
allow $1 sysfs_t:file { getattr read lock ioctl };
allow $1 sysfs_t:dir { getattr search };
allow $1 sysfs_t:lnk_file { getattr read };
allow $1 sysfs_t:dir { getattr search };
allow $1 sysfs_t:dir { getattr search read lock ioctl };
kernel,devices.if,dev_rw_sysfs'
allow $1 sysfs_t:dir { getattr search };
allow $1 sysfs_t:file { getattr read write append ioctl lock };
allow $1 sysfs_t:dir { getattr search };
allow $1 sysfs_t:lnk_file { getattr read };
allow $1 sysfs_t:dir { getattr search };
allow $1 sysfs_t:dir { getattr search read lock ioctl };
kernel,devices.if,dev_read_urand'
allow $1 device_t:dir { getattr search };
allow $1 urandom_device_t:chr_file { getattr read lock ioctl };
kernel,devices.if,dev_dontaudit_read_urand'
kernel,devices.if,dev_write_urand'
allow $1 device_t:dir { getattr search };
allow $1 urandom_device_t:chr_file { getattr write append lock ioctl };
kernel,devices.if,dev_getattr_generic_usb_dev'
allow $1 device_t:dir { getattr search };
allow $1 usb_device_t:chr_file { getattr };
kernel,devices.if,dev_setattr_generic_usb_dev'
allow $1 device_t:dir { getattr search };
allow $1 usb_device_t:chr_file { setattr };
kernel,devices.if,dev_rw_generic_usb_dev'
allow $1 device_t:dir { getattr search };
allow $1 usb_device_t:chr_file { getattr read write append ioctl lock };
kernel,devices.if,dev_mount_usbfs'
allow $1 usbfs_t:filesystem mount;
kernel,devices.if,dev_associate_usbfs'
allow $1 usbfs_t:filesystem associate;
kernel,devices.if,dev_getattr_usbfs_dirs'
allow $1 usbfs_t:dir { getattr };
kernel,devices.if,dev_dontaudit_getattr_usbfs_dirs'
kernel,devices.if,dev_search_usbfs'
allow $1 usbfs_t:dir { getattr search };
allow $1 usbfs_t:dir { getattr search };
kernel,devices.if,dev_list_usbfs'
allow $1 usbfs_t:dir { getattr search };
allow $1 usbfs_t:lnk_file { getattr read };
allow $1 usbfs_t:dir { getattr search };
allow $1 usbfs_t:file { getattr };
allow $1 usbfs_t:dir { getattr search };
allow $1 usbfs_t:dir { getattr search read lock ioctl };
kernel,devices.if,dev_setattr_usbfs_files'
allow $1 usbfs_t:dir { getattr search };
allow $1 usbfs_t:file { setattr };
allow $1 usbfs_t:dir { getattr search };
allow $1 usbfs_t:dir { getattr search read lock ioctl };
kernel,devices.if,dev_read_usbfs'
allow $1 usbfs_t:dir { getattr search };
allow $1 usbfs_t:file { getattr read lock ioctl };
allow $1 usbfs_t:dir { getattr search };
allow $1 usbfs_t:lnk_file { getattr read };
allow $1 usbfs_t:dir { getattr search };
allow $1 usbfs_t:dir { getattr search read lock ioctl };
kernel,devices.if,dev_rw_usbfs'
allow $1 usbfs_t:dir { getattr search };
allow $1 usbfs_t:dir { getattr search read lock ioctl };
allow $1 usbfs_t:dir { getattr search };
allow $1 usbfs_t:file { getattr read write append ioctl lock };
allow $1 usbfs_t:dir { getattr search };
allow $1 usbfs_t:lnk_file { getattr read };
kernel,devices.if,dev_getattr_video_dev'
allow $1 device_t:dir { getattr search };
allow $1 v4l_device_t:chr_file { getattr };
kernel,devices.if,dev_dontaudit_getattr_video_dev'
kernel,devices.if,dev_setattr_video_dev'
allow $1 device_t:dir { getattr search };
allow $1 v4l_device_t:chr_file { setattr };
kernel,devices.if,dev_dontaudit_setattr_video_dev'
kernel,devices.if,dev_read_video_dev'
allow $1 device_t:dir { getattr search };
allow $1 v4l_device_t:chr_file { getattr read lock ioctl };
kernel,devices.if,dev_write_video_dev'
allow $1 device_t:dir { getattr search };
allow $1 v4l_device_t:chr_file { getattr write append lock ioctl };
kernel,devices.if,dev_rw_vmware'
allow $1 device_t:dir { getattr search };
allow $1 vmware_device_t:chr_file { getattr read write append ioctl lock };
kernel,devices.if,dev_rwx_vmware'
allow $1 vmware_device_t:chr_file execute;
kernel,devices.if,dev_write_watchdog'
allow $1 device_t:dir { getattr search };
allow $1 watchdog_device_t:chr_file { getattr write append lock ioctl };
kernel,devices.if,dev_rw_xen'
allow $1 device_t:dir { getattr search };
allow $1 xen_device_t:chr_file { getattr read write append ioctl lock };
kernel,devices.if,dev_manage_xen'
allow $1 self:capability mknod;
allow $1 device_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 xen_device_t:chr_file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,devices.if,dev_filetrans_xen'
allow $1 device_t:dir { read getattr lock search ioctl add_name remove_name write };
kernel,devices.if,dev_getattr_xserver_misc_dev'
allow $1 device_t:dir { getattr search };
allow $1 xserver_misc_device_t:chr_file { getattr };
kernel,devices.if,dev_setattr_xserver_misc_dev'
allow $1 device_t:dir { getattr search };
allow $1 xserver_misc_device_t:chr_file { setattr };
kernel,devices.if,dev_rw_xserver_misc'
allow $1 device_t:dir { getattr search };
allow $1 xserver_misc_device_t:chr_file { getattr read write append ioctl lock };
kernel,devices.if,dev_rw_zero'
allow $1 device_t:dir { getattr search };
allow $1 zero_device_t:chr_file { getattr read write append ioctl lock };
kernel,devices.if,dev_rwx_zero'
allow $1 zero_device_t:chr_file execute;
kernel,devices.if,dev_execmod_zero'
allow $1 zero_device_t:chr_file execmod;
kernel,devices.if,dev_create_zero_dev'
allow $1 self:capability mknod;
allow $1 device_t:dir { getattr search lock ioctl write add_name };
allow $1 zero_device_t:chr_file { getattr create };
kernel,devices.if,dev_unconfined'
kernel,domain.if,domain_base_type'
kernel,domain.if,domain_type'
kernel,domain.if,domain_entry_file'
allow $1 $2:file entrypoint;
allow $1 $2:file { { getattr read execute ioctl } ioctl lock };
kernel,domain.if,domain_interactive_fd'
kernel,domain.if,domain_dyntrans_type'
kernel,domain.if,domain_system_change_exemption'
kernel,domain.if,domain_subj_id_change_exemption'
kernel,domain.if,domain_role_change_exemption'
kernel,domain.if,domain_obj_id_change_exemption'
kernel,domain.if,domain_user_exemption_target'
kernel,domain.if,domain_cron_exemption_source'
kernel,domain.if,domain_cron_exemption_target'
kernel,domain.if,domain_use_interactive_fds'
allow $1 privfd:fd use;
kernel,domain.if,domain_dontaudit_use_interactive_fds'
kernel,domain.if,domain_sigchld_interactive_fds'
allow $1 privfd:process sigchld;
kernel,domain.if,domain_setpriority_all_domains'
allow $1 domain:process setsched;
kernel,domain.if,domain_signal_all_domains'
allow $1 domain:process signal;
kernel,domain.if,domain_signull_all_domains'
allow $1 domain:process signull;
kernel,domain.if,domain_sigstop_all_domains'
allow $1 domain:process sigstop;
kernel,domain.if,domain_sigchld_all_domains'
allow $1 domain:process sigchld;
kernel,domain.if,domain_kill_all_domains'
allow $1 domain:process sigkill;
allow $1 self:capability kill;
kernel,domain.if,domain_search_all_domains_state'
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:dir { getattr search };
allow $1 domain:dir search;
kernel,domain.if,domain_dontaudit_search_all_domains_state'
kernel,domain.if,domain_read_all_domains_state'
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:dir { getattr search };
allow $1 domain:dir { getattr search read lock ioctl };
allow $1 domain:dir { getattr search };
allow $1 domain:file { getattr read lock ioctl };
allow $1 domain:dir { getattr search };
allow $1 domain:lnk_file { getattr read };
kernel,domain.if,domain_getattr_all_domains'
allow $1 domain:process getattr;
kernel,domain.if,domain_dontaudit_getattr_all_domains'
kernel,domain.if,domain_read_confined_domains_state'
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:dir { getattr search };
allow $1 { domain -unconfined_domain_type }:dir { getattr search read lock ioctl };
allow $1 { domain -unconfined_domain_type }:dir { getattr search };
allow $1 { domain -unconfined_domain_type }:file { getattr read lock ioctl };
allow $1 { domain -unconfined_domain_type }:dir { getattr search };
allow $1 { domain -unconfined_domain_type }:lnk_file { getattr read };
kernel,domain.if,domain_getattr_confined_domains'
allow $1 { domain -unconfined_domain_type }:process getattr;
kernel,domain.if,domain_ptrace_all_domains'
allow $1 domain:process ptrace;
allow domain $1:process sigchld;
kernel,domain.if,domain_dontaudit_ptrace_all_domains'
kernel,domain.if,domain_dontaudit_ptrace_confined_domains'
kernel,domain.if,domain_dontaudit_read_all_domains_state'
kernel,domain.if,domain_dontaudit_list_all_domains_state'
kernel,domain.if,domain_getsession_all_domains'
allow $1 domain:process getsession;
kernel,domain.if,domain_dontaudit_getsession_all_domains'
kernel,domain.if,domain_getattr_all_sockets'
allow $1 domain:{ tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket appletalk_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket netlink_kobject_uevent_socket } getattr;
kernel,domain.if,domain_dontaudit_getattr_all_sockets'
kernel,domain.if,domain_dontaudit_getattr_all_tcp_sockets'
kernel,domain.if,domain_dontaudit_getattr_all_udp_sockets'
kernel,domain.if,domain_dontaudit_rw_all_udp_sockets'
kernel,domain.if,domain_dontaudit_getattr_all_key_sockets'
kernel,domain.if,domain_dontaudit_getattr_all_packet_sockets'
kernel,domain.if,domain_dontaudit_getattr_all_sockets'
kernel,domain.if,domain_dontaudit_rw_all_key_sockets'
kernel,domain.if,domain_dontaudit_getattr_all_dgram_sockets'
kernel,domain.if,domain_dontaudit_getattr_all_stream_sockets'
kernel,domain.if,domain_dontaudit_getattr_all_pipes'
kernel,domain.if,domain_ipsec_setcontext_all_domains'
allow $1 domain:association setcontext;
kernel,domain.if,domain_getattr_all_entry_files'
allow $1 entry_type:lnk_file { getattr read };
allow $1 entry_type:file getattr;
kernel,domain.if,domain_read_all_entry_files'
allow $1 entry_type:lnk_file { getattr read };
allow $1 entry_type:file { getattr read lock ioctl };
kernel,domain.if,domain_exec_all_entry_files'
allow $1 entry_type:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
kernel,domain.if,domain_dontaudit_exec_all_entry_files'
kernel,domain.if,domain_manage_all_entry_files'
allow $1 entry_type:file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,domain.if,domain_relabel_all_entry_files'
allow $1 entry_type:file { getattr relabelfrom relabelto };
kernel,domain.if,domain_mmap_all_entry_files'
allow $1 entry_type:file { getattr read execute ioctl };
kernel,domain.if,domain_entry_file_spec_domtrans'
allow $1 entry_type:file { getattr read execute };
allow $1 $2:process transition;
kernel,domain.if,domain_mmap_low'
allow $1 self:memprotect mmap_zero;
kernel,domain.if,domain_all_recvfrom_all_domains'
allow { $1 domain } self:association sendto;
allow $1 domain:{ association tcp_socket } recvfrom;
allow domain $1:{ association tcp_socket } recvfrom;
allow $1 domain:peer recv;
allow domain $1:peer recv;
allow $1 netlabel_peer_t:peer recv;
allow $1 netlabel_peer_t:tcp_socket recvfrom;
allow domain netlabel_peer_t:peer recv;
allow domain netlabel_peer_t:tcp_socket recvfrom;
allow domain self:association sendto;
allow $1 domain:{ association udp_socket } recvfrom;
allow $1 domain:peer recv;
allow $1 netlabel_peer_t:peer recv;
allow $1 netlabel_peer_t:udp_socket recvfrom;
allow domain self:association sendto;
allow $1 domain:{ association rawip_socket } recvfrom;
allow $1 domain:peer recv;
allow $1 netlabel_peer_t:peer recv;
allow $1 netlabel_peer_t:rawip_socket recvfrom;
kernel,domain.if,domain_unconfined'
kernel,files.if,files_type'
kernel,files.if,files_lock_file'
kernel,files.if,files_mountpoint'
kernel,files.if,files_pid_file'
kernel,files.if,files_config_file'
kernel,files.if,files_poly'
kernel,files.if,files_poly_parent'
kernel,files.if,files_poly_member'
kernel,files.if,files_poly_member_tmp'
kernel,files.if,files_security_file'
kernel,files.if,files_security_mountpoint'
kernel,files.if,files_tmp_file'
kernel,files.if,files_tmpfs_file'
kernel,files.if,files_getattr_all_dirs'
allow $1 file_type:dir { getattr search };
allow $1 file_type:dir { getattr };
kernel,files.if,files_dontaudit_getattr_all_dirs'
kernel,files.if,files_list_non_security'
allow $1 non_security_file_type:dir { getattr search };
allow $1 non_security_file_type:dir { getattr search read lock ioctl };
kernel,files.if,files_dontaudit_list_non_security'
kernel,files.if,files_mounton_non_security'
allow $1 non_security_file_type:dir mounton;
allow $1 non_security_file_type:file mounton;
kernel,files.if,files_write_non_security_dirs'
allow $1 non_security_file_type:dir write;
kernel,files.if,files_manage_non_security_dirs'
allow $1 non_security_file_type:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
kernel,files.if,files_getattr_all_files'
allow $1 file_type:dir { getattr search };
allow $1 file_type:file { getattr };
allow $1 file_type:dir { getattr search };
allow $1 file_type:lnk_file { getattr };
kernel,files.if,files_dontaudit_getattr_all_files'
kernel,files.if,files_dontaudit_getattr_non_security_files'
kernel,files.if,files_read_all_files'
allow $1 file_type:dir { getattr search read lock ioctl };
allow $1 file_type:dir { getattr search };
allow $1 file_type:file { getattr read lock ioctl };
kernel,files.if,files_execmod_all_files'
allow $1 file_type:file execmod;
kernel,files.if,files_read_non_security_files'
allow $1 non_security_file_type:dir { getattr search };
allow $1 non_security_file_type:file { getattr read lock ioctl };
allow $1 non_security_file_type:dir { getattr search };
allow $1 non_security_file_type:lnk_file { getattr read };
kernel,files.if,files_read_all_dirs_except'
allow $1 { file_type $2 }:dir { getattr search read lock ioctl };
kernel,files.if,files_read_all_files_except'
allow $1 { file_type $2 }:dir { getattr search };
allow $1 { file_type $2 }:file { getattr read lock ioctl };
kernel,files.if,files_read_all_symlinks_except'
allow $1 { file_type $2 }:dir { getattr search };
allow $1 { file_type $2 }:lnk_file { getattr read };
kernel,files.if,files_getattr_all_symlinks'
allow $1 file_type:dir { getattr search };
allow $1 file_type:lnk_file { getattr };
kernel,files.if,files_dontaudit_getattr_all_symlinks'
kernel,files.if,files_dontaudit_read_all_symlinks'
kernel,files.if,files_dontaudit_getattr_non_security_symlinks'
kernel,files.if,files_dontaudit_getattr_non_security_blk_files'
kernel,files.if,files_dontaudit_getattr_non_security_chr_files'
kernel,files.if,files_read_all_symlinks'
allow $1 file_type:dir { getattr search read lock ioctl };
allow $1 file_type:dir { getattr search };
allow $1 file_type:lnk_file { getattr read };
kernel,files.if,files_getattr_all_pipes'
allow $1 file_type:dir { getattr search read lock ioctl };
allow $1 file_type:dir { getattr search };
allow $1 file_type:fifo_file { getattr };
kernel,files.if,files_dontaudit_getattr_all_pipes'
kernel,files.if,files_dontaudit_getattr_non_security_pipes'
kernel,files.if,files_getattr_all_sockets'
allow $1 file_type:dir { getattr search read lock ioctl };
allow $1 file_type:dir { getattr search };
allow $1 file_type:sock_file { getattr };
kernel,files.if,files_dontaudit_getattr_all_sockets'
kernel,files.if,files_dontaudit_getattr_non_security_sockets'
kernel,files.if,files_read_all_blk_files'
allow $1 file_type:dir { getattr search };
allow $1 file_type:blk_file { getattr read lock ioctl };
kernel,files.if,files_read_all_chr_files'
allow $1 file_type:dir { getattr search };
allow $1 file_type:chr_file { getattr read lock ioctl };
kernel,files.if,files_relabel_all_files'
allow $1 { file_type $2 }:dir { getattr search read lock ioctl };
allow $1 { file_type $2 }:dir { getattr search };
allow $1 { file_type $2 }:dir { getattr relabelfrom relabelto };
allow $1 { file_type $2 }:dir { getattr search };
allow $1 { file_type $2 }:file { getattr relabelfrom relabelto };
allow $1 { file_type $2 }:dir { getattr search };
allow $1 { file_type $2 }:lnk_file { getattr relabelfrom relabelto };
allow $1 { file_type $2 }:dir { getattr search };
allow $1 { file_type $2 }:fifo_file { getattr relabelfrom relabelto };
allow $1 { file_type $2 }:dir { getattr search };
allow $1 { file_type $2 }:sock_file { getattr relabelfrom relabelto };
allow $1 { file_type $2 }:dir { getattr search };
allow $1 { file_type $2 }:blk_file { getattr relabelfrom };
allow $1 { file_type $2 }:dir { getattr search };
allow $1 { file_type $2 }:chr_file { getattr relabelfrom };
allow $1 policy_config_t:file relabelto;
kernel,files.if,files_rw_all_files'
allow $1 { file_type $2 }:dir { getattr search };
allow $1 { file_type $2 }:file { getattr read write append ioctl lock };
kernel,files.if,files_manage_all_files'
allow $1 { file_type $2 }:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 { file_type $2 }:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 { file_type $2 }:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 { file_type $2 }:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 { file_type $2 }:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 { file_type $2 }:lnk_file { create read getattr setattr unlink rename };
allow $1 { file_type $2 }:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 { file_type $2 }:fifo_file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 { file_type $2 }:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 { file_type $2 }:sock_file { create getattr setattr read write rename link unlink ioctl lock append };
allow $1 selinux_config_t:dir { getattr search };
allow $1 policy_config_t:dir { getattr search lock ioctl write add_name };
allow $1 policy_config_t:file { getattr create open };
allow $1 policy_config_t:dir { getattr search };
allow $1 policy_config_t:file { getattr write append lock ioctl };
kernel,files.if,files_search_all'
allow $1 file_type:dir { getattr search };
kernel,files.if,files_list_all'
allow $1 file_type:dir { getattr search read lock ioctl };
kernel,files.if,files_dontaudit_search_all_dirs'
kernel,files.if,files_getattr_all_file_type_fs'
allow $1 file_type:filesystem getattr;
kernel,files.if,files_relabelto_all_file_type_fs'
allow $1 file_type:filesystem relabelto;
kernel,files.if,files_mount_all_file_type_fs'
allow $1 file_type:filesystem mount;
kernel,files.if,files_unmount_all_file_type_fs'
allow $1 file_type:filesystem unmount;
kernel,files.if,files_mounton_all_mountpoints'
allow $1 mountpoint:dir { { getattr search } mounton };
allow $1 mountpoint:file { getattr mounton };
kernel,files.if,files_getattr_all_mountpoints'
allow $1 mountpoint:dir getattr;
kernel,files.if,files_search_all_mountpoints'
allow $1 mountpoint:dir { getattr search };
kernel,files.if,files_list_root'
allow $1 root_t:dir { getattr search read lock ioctl };
allow $1 root_t:lnk_file { { getattr read } ioctl lock };
kernel,files.if,files_dontaudit_rw_root_dir'
kernel,files.if,files_root_filetrans'
allow $1 root_t:dir { read getattr lock search ioctl add_name remove_name write };
kernel,files.if,files_dontaudit_read_root_files'
kernel,files.if,files_dontaudit_rw_root_files'
kernel,files.if,files_dontaudit_rw_root_chr_files'
kernel,files.if,files_delete_root_dir_entry'
allow $1 root_t:dir { read getattr lock search ioctl add_name remove_name write };
kernel,files.if,files_unmount_rootfs'
allow $1 root_t:filesystem unmount;
kernel,files.if,files_getattr_boot_dirs'
allow $1 boot_t:dir getattr;
kernel,files.if,files_dontaudit_getattr_boot_dirs'
kernel,files.if,files_search_boot'
allow $1 boot_t:dir { getattr search };
kernel,files.if,files_dontaudit_search_boot'
kernel,files.if,files_create_boot_dirs'
allow $1 boot_t:dir { create { read getattr lock search ioctl add_name remove_name write } };
kernel,files.if,files_boot_filetrans'
allow $1 boot_t:dir { read getattr lock search ioctl add_name remove_name write };
kernel,files.if,files_manage_boot_files'
allow $1 boot_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 boot_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,files.if,files_relabelfrom_boot_files'
allow $1 boot_t:dir { getattr search };
allow $1 boot_t:file { getattr relabelfrom };
kernel,files.if,files_rw_boot_symlinks'
allow $1 boot_t:dir { getattr search read lock ioctl };
allow $1 boot_t:dir { getattr search };
allow $1 boot_t:lnk_file { getattr read write lock ioctl };
kernel,files.if,files_manage_boot_symlinks'
allow $1 boot_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 boot_t:lnk_file { create read getattr setattr unlink rename };
kernel,files.if,files_read_kernel_img'
allow $1 boot_t:dir { getattr search read lock ioctl };
allow $1 boot_t:dir { getattr search };
allow $1 boot_t:file { getattr read lock ioctl };
allow $1 boot_t:dir { getattr search };
allow $1 boot_t:lnk_file { getattr read };
kernel,files.if,files_create_kernel_img'
allow $1 boot_t:file { { getattr create open } { getattr read write append ioctl lock } };
allow $1 boot_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 boot_t:lnk_file { create read getattr setattr unlink rename };
kernel,files.if,files_delete_kernel'
allow $1 boot_t:dir { getattr search lock ioctl write remove_name };
allow $1 boot_t:file { getattr unlink };
kernel,files.if,files_getattr_default_dirs'
allow $1 default_t:dir getattr;
kernel,files.if,files_dontaudit_getattr_default_dirs'
kernel,files.if,files_search_default'
allow $1 default_t:dir { getattr search };
kernel,files.if,files_list_default'
allow $1 default_t:dir { getattr search read lock ioctl };
kernel,files.if,files_dontaudit_list_default'
kernel,files.if,files_mounton_default'
allow $1 default_t:dir { { getattr search } mounton };
kernel,files.if,files_dontaudit_getattr_default_files'
kernel,files.if,files_read_default_files'
allow $1 default_t:file { getattr read lock ioctl };
kernel,files.if,files_dontaudit_read_default_files'
kernel,files.if,files_read_default_symlinks'
allow $1 default_t:lnk_file { getattr read };
kernel,files.if,files_read_default_sockets'
allow $1 default_t:sock_file { getattr read };
kernel,files.if,files_read_default_pipes'
allow $1 default_t:fifo_file { getattr read lock ioctl };
kernel,files.if,files_search_etc'
allow $1 etc_t:dir { getattr search };
kernel,files.if,files_setattr_etc_dirs'
allow $1 etc_t:dir setattr;
kernel,files.if,files_list_etc'
allow $1 etc_t:dir { getattr search read lock ioctl };
kernel,files.if,files_rw_etc_dirs'
allow $1 etc_t:dir { read getattr lock search ioctl add_name remove_name write };
kernel,files.if,files_read_etc_files'
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 etc_t:dir { getattr search };
allow $1 etc_t:file { getattr read lock ioctl };
allow $1 etc_t:dir { getattr search };
allow $1 etc_t:lnk_file { getattr read };
kernel,files.if,files_dontaudit_write_etc_files'
kernel,files.if,files_rw_etc_files'
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 etc_t:dir { getattr search };
allow $1 etc_t:file { getattr read write append ioctl lock };
allow $1 etc_t:dir { getattr search };
allow $1 etc_t:lnk_file { getattr read };
kernel,files.if,files_manage_etc_files'
allow $1 etc_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 etc_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 etc_t:dir { getattr search };
allow $1 etc_t:lnk_file { getattr read };
kernel,files.if,files_delete_etc_files'
allow $1 etc_t:dir { getattr search lock ioctl write remove_name };
allow $1 etc_t:file { getattr unlink };
kernel,files.if,files_exec_etc_files'
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 etc_t:dir { getattr search };
allow $1 etc_t:lnk_file { getattr read };
allow $1 etc_t:dir { getattr search };
allow $1 etc_t:file { getattr read execute execute_no_trans };
kernel,files.if,files_relabel_etc_files'
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 etc_t:dir { getattr search };
allow $1 etc_t:file { getattr relabelfrom relabelto };
kernel,files.if,files_read_etc_symlinks'
allow $1 etc_t:dir { getattr search };
allow $1 etc_t:lnk_file { getattr read };
kernel,files.if,files_manage_etc_symlinks'
allow $1 etc_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 etc_t:lnk_file { create read getattr setattr unlink rename };
kernel,files.if,files_etc_filetrans'
allow $1 etc_t:dir { read getattr lock search ioctl add_name remove_name write };
kernel,files.if,files_create_boot_flag'
allow $1 etc_runtime_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 root_t:dir { read getattr lock search ioctl add_name remove_name write };
kernel,files.if,files_read_etc_runtime_files'
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 etc_t:dir { getattr search };
allow $1 etc_runtime_t:file { getattr read lock ioctl };
allow $1 etc_t:dir { getattr search };
allow $1 etc_runtime_t:lnk_file { getattr read };
kernel,files.if,files_dontaudit_read_etc_runtime_files'
kernel,files.if,files_rw_etc_runtime_files'
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 etc_t:dir { getattr search };
allow $1 etc_runtime_t:file { getattr read write append ioctl lock };
kernel,files.if,files_manage_etc_runtime_files'
allow $1 { etc_t etc_runtime_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 etc_runtime_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,files.if,files_etc_filetrans_etc_runtime'
allow $1 etc_t:dir { read getattr lock search ioctl add_name remove_name write };
kernel,files.if,files_getattr_isid_type_dirs'
allow $1 file_t:dir getattr;
kernel,files.if,files_dontaudit_search_isid_type_dirs'
kernel,files.if,files_list_isid_type_dirs'
allow $1 file_t:dir { getattr search read lock ioctl };
kernel,files.if,files_rw_isid_type_dirs'
allow $1 file_t:dir { read getattr lock search ioctl add_name remove_name write };
kernel,files.if,files_manage_isid_type_dirs'
allow $1 file_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
kernel,files.if,files_mounton_isid_type_dirs'
allow $1 file_t:dir { { getattr search } mounton };
kernel,files.if,files_read_isid_type_files'
allow $1 file_t:file { getattr read lock ioctl };
kernel,files.if,files_manage_isid_type_files'
allow $1 file_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,files.if,files_manage_isid_type_symlinks'
allow $1 file_t:lnk_file { create read getattr setattr unlink rename };
kernel,files.if,files_rw_isid_type_blk_files'
allow $1 file_t:blk_file { getattr read write append ioctl lock };
kernel,files.if,files_manage_isid_type_blk_files'
allow $1 file_t:blk_file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,files.if,files_manage_isid_type_chr_files'
allow $1 file_t:chr_file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,files.if,files_getattr_home_dir'
allow $1 home_root_t:dir getattr;
kernel,files.if,files_dontaudit_getattr_home_dir'
kernel,files.if,files_search_home'
allow $1 home_root_t:dir { getattr search };
kernel,files.if,files_dontaudit_search_home'
kernel,files.if,files_dontaudit_list_home'
kernel,files.if,files_list_home'
allow $1 home_root_t:dir { getattr search read lock ioctl };
kernel,files.if,files_home_filetrans'
allow $1 home_root_t:dir { read getattr lock search ioctl add_name remove_name write };
kernel,files.if,files_getattr_lost_found_dirs'
allow $1 lost_found_t:dir getattr;
kernel,files.if,files_dontaudit_getattr_lost_found_dirs'
kernel,files.if,files_manage_lost_found'
allow $1 lost_found_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 lost_found_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 lost_found_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 lost_found_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 lost_found_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 lost_found_t:lnk_file { create read getattr setattr unlink rename };
allow $1 lost_found_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 lost_found_t:fifo_file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 lost_found_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 lost_found_t:sock_file { create getattr setattr read write rename link unlink ioctl lock append };
kernel,files.if,files_search_mnt'
allow $1 mnt_t:dir { getattr search };
kernel,files.if,files_dontaudit_search_mnt'
kernel,files.if,files_list_mnt'
allow $1 mnt_t:dir { getattr search read lock ioctl };
kernel,files.if,files_mounton_mnt'
allow $1 mnt_t:dir { { getattr search } mounton };
kernel,files.if,files_manage_mnt_dirs'
allow $1 mnt_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
kernel,files.if,files_manage_mnt_files'
allow $1 mnt_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 mnt_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,files.if,files_read_mnt_files'
allow $1 mnt_t:dir { getattr search };
allow $1 mnt_t:file { getattr read lock ioctl };
kernel,files.if,files_manage_mnt_symlinks'
allow $1 mnt_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 mnt_t:lnk_file { create read getattr setattr unlink rename };
kernel,files.if,files_search_kernel_modules'
allow $1 modules_object_t:dir { getattr search };
kernel,files.if,files_list_kernel_modules'
allow $1 modules_object_t:dir { getattr search read lock ioctl };
kernel,files.if,files_getattr_kernel_modules'
allow $1 modules_object_t:dir { getattr search };
allow $1 modules_object_t:file { getattr };
kernel,files.if,files_read_kernel_modules'
allow $1 modules_object_t:dir { getattr search read lock ioctl };
allow $1 modules_object_t:dir { getattr search };
allow $1 modules_object_t:file { getattr read lock ioctl };
allow $1 modules_object_t:dir { getattr search };
allow $1 modules_object_t:lnk_file { getattr read };
kernel,files.if,files_write_kernel_modules'
allow $1 modules_object_t:dir { getattr search read lock ioctl };
allow $1 modules_object_t:dir { getattr search };
allow $1 modules_object_t:file { getattr write append lock ioctl };
kernel,files.if,files_delete_kernel_modules'
allow $1 modules_object_t:dir { getattr search lock ioctl write remove_name };
allow $1 modules_object_t:file { getattr unlink };
kernel,files.if,files_manage_kernel_modules'
allow $1 modules_object_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 modules_object_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,files.if,files_relabel_kernel_modules'
allow $1 modules_object_t:dir { getattr search };
allow $1 modules_object_t:file { getattr relabelfrom relabelto };
allow $1 modules_object_t:dir { getattr search read lock ioctl };
kernel,files.if,files_kernel_modules_filetrans'
allow $1 modules_object_t:dir { read getattr lock search ioctl add_name remove_name write };
kernel,files.if,files_list_world_readable'
allow $1 readable_t:dir { getattr search read lock ioctl };
kernel,files.if,files_read_world_readable_files'
allow $1 readable_t:file { getattr read lock ioctl };
kernel,files.if,files_read_world_readable_symlinks'
allow $1 readable_t:lnk_file { getattr read };
kernel,files.if,files_read_world_readable_pipes'
allow $1 readable_t:fifo_file { getattr read lock ioctl };
kernel,files.if,files_read_world_readable_sockets'
allow $1 readable_t:sock_file { getattr read };
kernel,files.if,files_associate_tmp'
allow $1 tmp_t:filesystem associate;
kernel,files.if,files_getattr_tmp_dirs'
allow $1 tmp_t:dir getattr;
kernel,files.if,files_dontaudit_getattr_tmp_dirs'
kernel,files.if,files_search_tmp'
allow $1 tmp_t:dir { getattr search };
kernel,files.if,files_dontaudit_search_tmp'
kernel,files.if,files_list_tmp'
allow $1 tmp_t:dir { getattr search read lock ioctl };
kernel,files.if,files_dontaudit_list_tmp'
kernel,files.if,files_delete_tmp_dir_entry'
allow $1 tmp_t:dir { getattr search lock ioctl write remove_name };
kernel,files.if,files_read_generic_tmp_files'
allow $1 tmp_t:dir { getattr search };
allow $1 tmp_t:file { getattr read lock ioctl };
kernel,files.if,files_manage_generic_tmp_dirs'
allow $1 tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 tmp_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
kernel,files.if,files_manage_generic_tmp_files'
allow $1 tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 tmp_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,files.if,files_read_generic_tmp_symlinks'
allow $1 tmp_t:dir { getattr search };
allow $1 tmp_t:lnk_file { getattr read };
kernel,files.if,files_rw_generic_tmp_sockets'
allow $1 tmp_t:dir { getattr search };
allow $1 tmp_t:sock_file { getattr read write append };
kernel,files.if,files_setattr_all_tmp_dirs'
allow $1 tmpfile:dir { { getattr search } setattr };
kernel,files.if,files_dontaudit_getattr_all_tmp_files'
kernel,files.if,files_getattr_all_tmp_files'
allow $1 tmpfile:file getattr;
kernel,files.if,files_dontaudit_getattr_all_tmp_sockets'
kernel,files.if,files_read_all_tmp_files'
allow $1 tmpfile:dir { getattr search };
allow $1 tmpfile:file { getattr read lock ioctl };
kernel,files.if,files_tmp_filetrans'
allow $1 tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
kernel,files.if,files_purge_tmp'
allow $1 tmpfile:dir { getattr search read lock ioctl };
allow $1 tmpfile:dir { getattr search lock ioctl write remove_name };
allow $1 tmpfile:dir { getattr rmdir };
allow $1 tmpfile:dir { getattr search lock ioctl write remove_name };
allow $1 tmpfile:file { getattr unlink };
allow $1 tmpfile:dir { getattr search lock ioctl write remove_name };
allow $1 tmpfile:lnk_file { getattr unlink };
allow $1 tmpfile:dir { getattr search lock ioctl write remove_name };
allow $1 tmpfile:fifo_file { getattr unlink };
allow $1 tmpfile:dir { getattr search lock ioctl write remove_name };
allow $1 tmpfile:sock_file { getattr unlink };
kernel,files.if,files_search_usr'
allow $1 usr_t:dir { getattr search };
kernel,files.if,files_list_usr'
allow $1 usr_t:dir { getattr search read lock ioctl };
kernel,files.if,files_rw_usr_dirs'
allow $1 usr_t:dir { read getattr lock search ioctl add_name remove_name write };
kernel,files.if,files_dontaudit_rw_usr_dirs'
kernel,files.if,files_delete_usr_dirs'
allow $1 usr_t:file { getattr rmdir };
kernel,files.if,files_delete_usr_files'
allow $1 usr_t:file { getattr unlink };
kernel,files.if,files_getattr_usr_files'
allow $1 usr_t:dir { getattr search };
allow $1 usr_t:file { getattr };
kernel,files.if,files_read_usr_files'
allow $1 usr_t:dir { getattr search read lock ioctl };
allow $1 usr_t:dir { getattr search };
allow $1 usr_t:file { getattr read lock ioctl };
allow $1 usr_t:dir { getattr search };
allow $1 usr_t:lnk_file { getattr read };
kernel,files.if,files_exec_usr_files'
allow $1 usr_t:dir { getattr search read lock ioctl };
allow $1 usr_t:dir { getattr search };
allow $1 usr_t:file { getattr read execute execute_no_trans };
allow $1 usr_t:dir { getattr search };
allow $1 usr_t:lnk_file { getattr read };
kernel,files.if,files_dontaudit_write_usr_files'
kernel,files.if,files_manage_usr_files'
allow $1 usr_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 usr_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,files.if,files_relabelto_usr_files'
allow $1 usr_t:dir { getattr search };
allow $1 usr_t:file { getattr relabelto };
kernel,files.if,files_relabelfrom_usr_files'
allow $1 usr_t:dir { getattr search };
allow $1 usr_t:file { getattr relabelfrom };
kernel,files.if,files_read_usr_symlinks'
allow $1 usr_t:dir { getattr search };
allow $1 usr_t:lnk_file { getattr read };
kernel,files.if,files_usr_filetrans'
allow $1 usr_t:dir { read getattr lock search ioctl add_name remove_name write };
kernel,files.if,files_dontaudit_search_src'
kernel,files.if,files_getattr_usr_src_files'
allow $1 src_t:dir { getattr search };
allow $1 src_t:file { getattr };
allow $1 usr_t:dir { getattr search };
allow $1 src_t:lnk_file { getattr read };
kernel,files.if,files_read_usr_src_files'
allow $1 usr_t:dir { getattr search };
allow $1 { usr_t src_t }:dir { getattr search };
allow $1 src_t:file { getattr read lock ioctl };
allow $1 { usr_t src_t }:dir { getattr search };
allow $1 src_t:lnk_file { getattr read };
allow $1 src_t:dir { getattr search read lock ioctl };
kernel,files.if,files_exec_usr_src_files'
allow $1 usr_t:dir { getattr search };
allow $1 src_t:dir { getattr search read lock ioctl };
allow $1 src_t:dir { getattr search };
allow $1 src_t:file { getattr read execute execute_no_trans };
allow $1 src_t:dir { getattr search };
allow $1 src_t:lnk_file { getattr read };
kernel,files.if,files_create_kernel_symbol_table'
allow $1 boot_t:dir { { getattr search read lock ioctl } { getattr search lock ioctl write add_name } };
allow $1 system_map_t:file { { getattr create open } { getattr read write append ioctl lock } };
kernel,files.if,files_read_kernel_symbol_table'
allow $1 boot_t:dir { getattr search read lock ioctl };
allow $1 boot_t:dir { getattr search };
allow $1 system_map_t:file { getattr read lock ioctl };
kernel,files.if,files_delete_kernel_symbol_table'
allow $1 boot_t:dir { getattr search read lock ioctl };
allow $1 boot_t:dir { getattr search lock ioctl write remove_name };
allow $1 system_map_t:file { getattr unlink };
kernel,files.if,files_search_var'
allow $1 var_t:dir { getattr search };
kernel,files.if,files_dontaudit_write_var_dirs'
kernel,files.if,files_write_var_dirs'
allow $1 var_t:dir write;
kernel,files.if,files_dontaudit_search_var'
kernel,files.if,files_list_var'
allow $1 var_t:dir { getattr search read lock ioctl };
kernel,files.if,files_manage_var_dirs'
allow $1 var_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
kernel,files.if,files_read_var_files'
allow $1 var_t:dir { getattr search };
allow $1 var_t:file { getattr read lock ioctl };
kernel,files.if,files_rw_var_files'
allow $1 var_t:dir { getattr search };
allow $1 var_t:file { getattr read write append ioctl lock };
kernel,files.if,files_manage_var_files'
allow $1 var_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 var_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,files.if,files_read_var_symlinks'
allow $1 var_t:dir { getattr search };
allow $1 var_t:lnk_file { getattr read };
kernel,files.if,files_manage_var_symlinks'
allow $1 var_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 var_t:lnk_file { create read getattr setattr unlink rename };
kernel,files.if,files_var_filetrans'
allow $1 var_t:dir { read getattr lock search ioctl add_name remove_name write };
kernel,files.if,files_getattr_var_lib_dirs'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr };
kernel,files.if,files_search_var_lib'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
kernel,files.if,files_list_var_lib'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search read lock ioctl };
kernel,files.if,files_var_lib_filetrans'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { read getattr lock search ioctl add_name remove_name write };
kernel,files.if,files_read_var_lib_files'
allow $1 var_lib_t:dir { getattr search read lock ioctl };
allow $1 { var_t var_lib_t }:dir { getattr search };
allow $1 var_lib_t:file { getattr read lock ioctl };
kernel,files.if,files_read_var_lib_symlinks'
allow $1 { var_t var_lib_t }:dir { getattr search };
allow $1 var_lib_t:lnk_file { getattr read };
kernel,files.if,files_manage_urandom_seed'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 var_lib_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,files.if,files_manage_mounttab'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 var_lib_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,files.if,files_search_locks'
allow $1 var_t:dir { getattr search };
allow $1 var_lock_t:dir { getattr search };
kernel,files.if,files_dontaudit_search_locks'
kernel,files.if,files_rw_lock_dirs'
allow $1 var_t:dir { getattr search };
allow $1 var_lock_t:dir { { getattr search lock ioctl write add_name } { getattr search lock ioctl write remove_name } };
kernel,files.if,files_getattr_generic_locks'
allow $1 var_t:dir { getattr search };
allow $1 var_lock_t:dir { getattr search read lock ioctl };
allow $1 var_lock_t:dir { getattr search };
allow $1 var_lock_t:file { getattr };
kernel,files.if,files_manage_generic_locks'
allow $1 var_t:dir { getattr search };
allow $1 var_lock_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 var_lock_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,files.if,files_delete_all_locks'
allow $1 var_t:dir { getattr search };
allow $1 lockfile:dir { getattr search lock ioctl write remove_name };
allow $1 lockfile:file { getattr unlink };
kernel,files.if,files_read_all_locks'
allow $1 { var_t var_lock_t }:dir { getattr search };
allow $1 lockfile:dir { getattr search read lock ioctl };
allow $1 lockfile:dir { getattr search };
allow $1 lockfile:file { getattr read lock ioctl };
allow $1 lockfile:dir { getattr search };
allow $1 lockfile:lnk_file { getattr read };
kernel,files.if,files_lock_filetrans'
allow $1 var_t:dir { getattr search };
allow $1 var_lock_t:dir { read getattr lock search ioctl add_name remove_name write };
kernel,files.if,files_dontaudit_getattr_pid_dirs'
kernel,files.if,files_search_pids'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
kernel,files.if,files_dontaudit_search_pids'
kernel,files.if,files_list_pids'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
kernel,files.if,files_read_generic_pids'
allow $1 { var_t var_run_t }:dir { getattr search };
allow $1 var_run_t:file { getattr read lock ioctl };
kernel,files.if,files_pid_filetrans'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { read getattr lock search ioctl add_name remove_name write };
kernel,files.if,files_rw_generic_pids'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
allow $1 var_run_t:dir { getattr search };
allow $1 var_run_t:file { getattr read write append ioctl lock };
kernel,files.if,files_dontaudit_write_all_pids'
kernel,files.if,files_dontaudit_ioctl_all_pids'
kernel,files.if,files_read_all_pids'
allow $1 var_t:dir { getattr search };
allow $1 pidfile:dir { getattr search read lock ioctl };
allow $1 pidfile:dir { getattr search };
allow $1 pidfile:file { getattr read lock ioctl };
kernel,files.if,files_mounton_all_poly_members'
allow $1 polymember:dir mounton;
kernel,files.if,files_delete_all_pids'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir rmdir;
allow $1 var_run_t:lnk_file { getattr unlink };
allow $1 pidfile:dir { getattr search lock ioctl write remove_name };
allow $1 pidfile:file { getattr unlink };
allow $1 pidfile:dir { getattr search lock ioctl write remove_name };
allow $1 pidfile:fifo_file { getattr unlink };
allow $1 pidfile:dir { getattr search lock ioctl write remove_name };
allow $1 { pidfile var_run_t }:sock_file { getattr unlink };
kernel,files.if,files_delete_all_pid_dirs'
allow $1 var_t:dir { getattr search };
allow $1 pidfile:dir { getattr search lock ioctl write remove_name };
allow $1 pidfile:dir { getattr rmdir };
kernel,files.if,files_search_spool'
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search };
kernel,files.if,files_dontaudit_search_spool'
kernel,files.if,files_list_spool'
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search read lock ioctl };
kernel,files.if,files_manage_generic_spool_dirs'
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 var_spool_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
kernel,files.if,files_read_generic_spool'
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search read lock ioctl };
allow $1 var_spool_t:dir { getattr search };
allow $1 var_spool_t:file { getattr read lock ioctl };
kernel,files.if,files_manage_generic_spool'
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 var_spool_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,files.if,files_spool_filetrans'
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { read getattr lock search ioctl add_name remove_name write };
kernel,files.if,files_polyinstantiate_all'
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read write append ioctl lock };
allow $1 security_t:security compute_member;
allow $1 self:capability { chown fsetid sys_admin };
allow $1 polydir:dir { create open getattr search write add_name setattr mounton rmdir };
allow $1 polymember:dir { getattr search };
allow $1 polyparent:dir { getattr mounton };
allow $1 self:process setfscreate;
allow $1 polymember: dir { create setattr relabelto };
allow $1 polydir: dir { write add_name open };
allow $1 polyparent:dir { open read write remove_name add_name relabelfrom relabelto };
allow $1 poly_t:dir { create mounton };
allow $1 fs_t:filesystem unmount;
kernel,files.if,files_unconfined'
kernel,filesystem.if,fs_type'
kernel,filesystem.if,fs_noxattr_type'
kernel,filesystem.if,fs_associate'
allow $1 fs_t:filesystem associate;
kernel,filesystem.if,fs_associate_noxattr'
allow $1 noxattrfs:filesystem associate;
kernel,filesystem.if,fs_exec_noxattr'
allow $1 noxattrfs:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
kernel,filesystem.if,fs_mount_xattr_fs'
allow $1 fs_t:filesystem mount;
kernel,filesystem.if,fs_remount_xattr_fs'
allow $1 fs_t:filesystem remount;
kernel,filesystem.if,fs_unmount_xattr_fs'
allow $1 fs_t:filesystem unmount;
kernel,filesystem.if,fs_getattr_xattr_fs'
allow $1 fs_t:filesystem getattr;
kernel,filesystem.if,fs_dontaudit_getattr_xattr_fs'
kernel,filesystem.if,fs_relabelfrom_xattr_fs'
allow $1 fs_t:filesystem relabelfrom;
kernel,filesystem.if,fs_get_xattr_fs_quotas'
allow $1 fs_t:filesystem quotaget;
kernel,filesystem.if,fs_set_xattr_fs_quotas'
allow $1 fs_t:filesystem quotamod;
kernel,filesystem.if,fs_read_anon_inodefs_files'
allow $1 anon_inodefs_t:dir { getattr search };
allow $1 anon_inodefs_t:file { getattr read lock ioctl };
kernel,filesystem.if,fs_rw_anon_inodefs_files'
allow $1 anon_inodefs_t:dir { getattr search };
allow $1 anon_inodefs_t:file { getattr read write append ioctl lock };
kernel,filesystem.if,fs_mount_autofs'
allow $1 autofs_t:filesystem mount;
kernel,filesystem.if,fs_remount_autofs'
allow $1 autofs_t:filesystem remount;
kernel,filesystem.if,fs_unmount_autofs'
allow $1 autofs_t:filesystem unmount;
kernel,filesystem.if,fs_getattr_autofs'
allow $1 autofs_t:filesystem getattr;
kernel,filesystem.if,fs_search_auto_mountpoints'
allow $1 autofs_t:dir { getattr search };
kernel,filesystem.if,fs_list_auto_mountpoints'
allow $1 autofs_t:dir { getattr search read lock ioctl };
kernel,filesystem.if,fs_dontaudit_list_auto_mountpoints'
kernel,filesystem.if,fs_manage_autofs_symlinks'
allow $1 autofs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 autofs_t:lnk_file { create read getattr setattr unlink rename };
kernel,filesystem.if,fs_getattr_binfmt_misc_dirs'
allow $1 binfmt_misc_fs_t:dir getattr;
kernel,filesystem.if,fs_register_binary_executable_type'
allow $1 binfmt_misc_fs_t:dir { getattr search };
allow $1 binfmt_misc_fs_t:file { getattr read write append ioctl lock };
kernel,filesystem.if,fs_mount_cifs'
allow $1 cifs_t:filesystem mount;
kernel,filesystem.if,fs_remount_cifs'
allow $1 cifs_t:filesystem remount;
kernel,filesystem.if,fs_unmount_cifs'
allow $1 cifs_t:filesystem unmount;
kernel,filesystem.if,fs_getattr_cifs'
allow $1 cifs_t:filesystem getattr;
kernel,filesystem.if,fs_search_cifs'
allow $1 cifs_t:dir { getattr search };
kernel,filesystem.if,fs_list_cifs'
allow $1 cifs_t:dir { getattr search read lock ioctl };
kernel,filesystem.if,fs_dontaudit_list_cifs'
kernel,filesystem.if,fs_read_cifs_files'
allow $1 cifs_t:dir { getattr search read lock ioctl };
allow $1 cifs_t:dir { getattr search };
allow $1 cifs_t:file { getattr read lock ioctl };
kernel,filesystem.if,fs_getattr_noxattr_fs'
allow $1 noxattrfs:filesystem getattr;
kernel,filesystem.if,fs_list_noxattr_fs'
allow $1 noxattrfs:dir { getattr search read lock ioctl };
kernel,filesystem.if,fs_manage_noxattr_fs_dirs'
allow $1 noxattrfs:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
kernel,filesystem.if,fs_read_noxattr_fs_files'
allow $1 noxattrfs:dir { getattr search };
allow $1 noxattrfs:file { getattr read lock ioctl };
kernel,filesystem.if,fs_manage_noxattr_fs_files'
allow $1 noxattrfs:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 noxattrfs:file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,filesystem.if,fs_read_noxattr_fs_symlinks'
allow $1 noxattrfs:dir { getattr search };
allow $1 noxattrfs:lnk_file { getattr read };
kernel,filesystem.if,fs_dontaudit_read_cifs_files'
kernel,filesystem.if,fs_dontaudit_rw_cifs_files'
kernel,filesystem.if,fs_read_cifs_symlinks'
allow $1 cifs_t:dir { getattr search read lock ioctl };
allow $1 cifs_t:dir { getattr search };
allow $1 cifs_t:lnk_file { getattr read };
kernel,filesystem.if,fs_read_cifs_named_pipes'
allow $1 cifs_t:dir { getattr search };
allow $1 cifs_t:fifo_file { getattr read lock ioctl };
kernel,filesystem.if,fs_read_cifs_named_sockets'
allow $1 cifs_t:dir { getattr search };
allow $1 cifs_t:sock_file { getattr read };
kernel,filesystem.if,fs_exec_cifs_files'
allow $1 cifs_t:dir { getattr search read lock ioctl };
allow $1 cifs_t:dir { getattr search };
allow $1 cifs_t:file { getattr read execute execute_no_trans };
kernel,filesystem.if,fs_manage_cifs_dirs'
allow $1 cifs_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
kernel,filesystem.if,fs_dontaudit_manage_cifs_dirs'
kernel,filesystem.if,fs_manage_cifs_files'
allow $1 cifs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 cifs_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,filesystem.if,fs_dontaudit_manage_cifs_files'
kernel,filesystem.if,fs_manage_cifs_symlinks'
allow $1 cifs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 cifs_t:lnk_file { create read getattr setattr unlink rename };
kernel,filesystem.if,fs_manage_cifs_named_pipes'
allow $1 cifs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 cifs_t:fifo_file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,filesystem.if,fs_manage_cifs_named_sockets'
allow $1 cifs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 cifs_t:sock_file { create getattr setattr read write rename link unlink ioctl lock append };
kernel,filesystem.if,fs_cifs_domtrans'
allow $1 cifs_t:dir { getattr search };
allow $1 cifs_t:file { getattr read execute };
allow $1 $2:process transition;
kernel,filesystem.if,fs_mount_dos_fs'
allow $1 dosfs_t:filesystem mount;
kernel,filesystem.if,fs_remount_dos_fs'
allow $1 dosfs_t:filesystem remount;
kernel,filesystem.if,fs_unmount_dos_fs'
allow $1 dosfs_t:filesystem unmount;
kernel,filesystem.if,fs_getattr_dos_fs'
allow $1 dosfs_t:filesystem getattr;
kernel,filesystem.if,fs_relabelfrom_dos_fs'
allow $1 dosfs_t:filesystem relabelfrom;
kernel,filesystem.if,fs_search_dos'
allow $1 dosfs_t:dir { getattr search };
kernel,filesystem.if,fs_read_dos_files'
allow $1 dosfs_t:dir { getattr search };
allow $1 dosfs_t:file { getattr read lock ioctl };
kernel,filesystem.if,fs_manage_dos_files'
allow $1 dosfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 dosfs_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,filesystem.if,fs_read_eventpollfs'
kernel,filesystem.if,fs_mount_fusefs'
allow $1 fusefs_t:filesystem mount;
kernel,filesystem.if,fs_unmount_fusefs'
allow $1 fusefs_t:filesystem unmount;
kernel,filesystem.if,fs_rw_hugetlbfs_files'
allow $1 hugetlbfs_t:dir { getattr search };
allow $1 hugetlbfs_t:file { getattr read write append ioctl lock };
kernel,filesystem.if,fs_search_inotifyfs'
allow $1 inotifyfs_t:dir { getattr search };
kernel,filesystem.if,fs_list_inotifyfs'
allow $1 inotifyfs_t:dir { getattr search read lock ioctl };
kernel,filesystem.if,fs_mount_iso9660_fs'
allow $1 iso9660_t:filesystem mount;
kernel,filesystem.if,fs_remount_iso9660_fs'
allow $1 iso9660_t:filesystem remount;
kernel,filesystem.if,fs_unmount_iso9660_fs'
allow $1 iso9660_t:filesystem unmount;
kernel,filesystem.if,fs_getattr_iso9660_fs'
allow $1 iso9660_t:filesystem getattr;
kernel,filesystem.if,fs_getattr_iso9660_files'
allow $1 iso9660_t:dir { getattr search read lock ioctl };
allow $1 iso9660_t:file getattr;
kernel,filesystem.if,fs_read_iso9660_files'
allow $1 iso9660_t:dir { getattr search read lock ioctl };
allow $1 iso9660_t:dir { getattr search };
allow $1 iso9660_t:file { getattr read lock ioctl };
allow $1 iso9660_t:dir { getattr search };
allow $1 iso9660_t:lnk_file { getattr read };
kernel,filesystem.if,fs_mount_nfs'
allow $1 nfs_t:filesystem mount;
kernel,filesystem.if,fs_remount_nfs'
allow $1 nfs_t:filesystem remount;
kernel,filesystem.if,fs_unmount_nfs'
allow $1 nfs_t:filesystem unmount;
kernel,filesystem.if,fs_getattr_nfs'
allow $1 nfs_t:filesystem getattr;
kernel,filesystem.if,fs_search_nfs'
allow $1 nfs_t:dir { getattr search };
kernel,filesystem.if,fs_list_nfs'
allow $1 nfs_t:dir { getattr search read lock ioctl };
kernel,filesystem.if,fs_dontaudit_list_nfs'
kernel,filesystem.if,fs_read_nfs_files'
allow $1 nfs_t:dir { getattr search read lock ioctl };
allow $1 nfs_t:dir { getattr search };
allow $1 nfs_t:file { getattr read lock ioctl };
kernel,filesystem.if,fs_dontaudit_read_nfs_files'
kernel,filesystem.if,fs_write_nfs_files'
allow $1 nfs_t:dir { getattr search read lock ioctl };
allow $1 nfs_t:dir { getattr search };
allow $1 nfs_t:file { getattr write append lock ioctl };
kernel,filesystem.if,fs_exec_nfs_files'
allow $1 nfs_t:dir { getattr search read lock ioctl };
allow $1 nfs_t:dir { getattr search };
allow $1 nfs_t:file { getattr read execute execute_no_trans };
kernel,filesystem.if,fs_dontaudit_rw_nfs_files'
kernel,filesystem.if,fs_read_nfs_symlinks'
allow $1 nfs_t:dir { getattr search read lock ioctl };
allow $1 nfs_t:dir { getattr search };
allow $1 nfs_t:lnk_file { getattr read };
kernel,filesystem.if,fs_read_nfs_named_sockets'
allow $1 nfs_t:dir { getattr search };
allow $1 nfs_t:sock_file { getattr read };
kernel,filesystem.if,fs_read_nfs_named_pipes'
allow $1 nfs_t:dir { getattr search };
allow $1 nfs_t:fifo_file { getattr read lock ioctl };
kernel,filesystem.if,fs_getattr_rpc_dirs'
allow $1 rpc_pipefs_t:dir getattr;
kernel,filesystem.if,fs_search_rpc'
allow $1 rpc_pipefs_t:dir { getattr search };
kernel,filesystem.if,fs_search_removable'
allow $1 removable_t:dir { getattr search };
kernel,filesystem.if,fs_dontaudit_list_removable'
kernel,filesystem.if,fs_read_removable_files'
allow $1 removable_t:dir { getattr search };
allow $1 removable_t:file { getattr read lock ioctl };
kernel,filesystem.if,fs_dontaudit_read_removable_files'
kernel,filesystem.if,fs_read_removable_symlinks'
allow $1 removable_t:dir { getattr search };
allow $1 removable_t:lnk_file { getattr read };
kernel,filesystem.if,fs_list_rpc'
allow $1 rpc_pipefs_t:dir { getattr search read lock ioctl };
kernel,filesystem.if,fs_read_rpc_files'
allow $1 rpc_pipefs_t:dir { getattr search };
allow $1 rpc_pipefs_t:file { getattr read lock ioctl };
kernel,filesystem.if,fs_read_rpc_symlinks'
allow $1 rpc_pipefs_t:dir { getattr search };
allow $1 rpc_pipefs_t:lnk_file { getattr read };
kernel,filesystem.if,fs_read_rpc_sockets'
allow $1 rpc_pipefs_t:sock_file { read write };
kernel,filesystem.if,fs_manage_nfs_dirs'
allow $1 nfs_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
kernel,filesystem.if,fs_dontaudit_manage_nfs_dirs'
kernel,filesystem.if,fs_manage_nfs_files'
allow $1 nfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 nfs_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,filesystem.if,fs_dontaudit_manage_nfs_files'
kernel,filesystem.if,fs_manage_nfs_symlinks'
allow $1 nfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 nfs_t:lnk_file { create read getattr setattr unlink rename };
kernel,filesystem.if,fs_manage_nfs_named_pipes'
allow $1 nfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 nfs_t:fifo_file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,filesystem.if,fs_manage_nfs_named_sockets'
allow $1 nfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 nfs_t:sock_file { create getattr setattr read write rename link unlink ioctl lock append };
kernel,filesystem.if,fs_nfs_domtrans'
allow $1 nfs_t:dir { getattr search };
allow $1 nfs_t:file { getattr read execute };
allow $1 $2:process transition;
kernel,filesystem.if,fs_mount_nfsd_fs'
allow $1 nfsd_fs_t:filesystem mount;
kernel,filesystem.if,fs_remount_nfsd_fs'
allow $1 nfsd_fs_t:filesystem remount;
kernel,filesystem.if,fs_unmount_nfsd_fs'
allow $1 nfsd_fs_t:filesystem unmount;
kernel,filesystem.if,fs_getattr_nfsd_fs'
allow $1 nfsd_fs_t:filesystem getattr;
kernel,filesystem.if,fs_search_nfsd_fs'
allow $1 nfsd_fs_t:dir { getattr search };
kernel,filesystem.if,fs_rw_nfsd_fs'
allow $1 nfsd_fs_t:dir { getattr search };
allow $1 nfsd_fs_t:file { getattr read write append ioctl lock };
kernel,filesystem.if,fs_associate_ramfs'
allow $1 ramfs_t:filesystem associate;
kernel,filesystem.if,fs_mount_ramfs'
allow $1 ramfs_t:filesystem mount;
kernel,filesystem.if,fs_remount_ramfs'
allow $1 ramfs_t:filesystem remount;
kernel,filesystem.if,fs_unmount_ramfs'
allow $1 ramfs_t:filesystem unmount;
kernel,filesystem.if,fs_getattr_ramfs'
allow $1 ramfs_t:filesystem getattr;
kernel,filesystem.if,fs_search_ramfs'
allow $1 ramfs_t:dir { getattr search };
kernel,filesystem.if,fs_dontaudit_search_ramfs'
kernel,filesystem.if,fs_manage_ramfs_dirs'
allow $1 ramfs_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
kernel,filesystem.if,fs_dontaudit_read_ramfs_files'
kernel,filesystem.if,fs_dontaudit_read_ramfs_pipes'
kernel,filesystem.if,fs_manage_ramfs_files'
allow $1 ramfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 ramfs_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,filesystem.if,fs_write_ramfs_pipes'
allow $1 ramfs_t:dir { getattr search };
allow $1 ramfs_t:fifo_file { getattr write append lock ioctl };
kernel,filesystem.if,fs_dontaudit_write_ramfs_pipes'
kernel,filesystem.if,fs_rw_ramfs_pipes'
allow $1 ramfs_t:dir { getattr search };
allow $1 ramfs_t:fifo_file { getattr read write append ioctl lock };
kernel,filesystem.if,fs_manage_ramfs_pipes'
allow $1 ramfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 ramfs_t:fifo_file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,filesystem.if,fs_write_ramfs_sockets'
allow $1 ramfs_t:dir { getattr search };
allow $1 ramfs_t:sock_file { getattr write append };
kernel,filesystem.if,fs_manage_ramfs_sockets'
allow $1 ramfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 ramfs_t:sock_file { create getattr setattr read write rename link unlink ioctl lock append };
kernel,filesystem.if,fs_mount_romfs'
allow $1 romfs_t:filesystem mount;
kernel,filesystem.if,fs_remount_romfs'
allow $1 romfs_t:filesystem remount;
kernel,filesystem.if,fs_unmount_romfs'
allow $1 romfs_t:filesystem unmount;
kernel,filesystem.if,fs_getattr_romfs'
allow $1 romfs_t:filesystem getattr;
kernel,filesystem.if,fs_mount_rpc_pipefs'
allow $1 rpc_pipefs_t:filesystem mount;
kernel,filesystem.if,fs_remount_rpc_pipefs'
allow $1 rpc_pipefs_t:filesystem remount;
kernel,filesystem.if,fs_unmount_rpc_pipefs'
allow $1 rpc_pipefs_t:filesystem unmount;
kernel,filesystem.if,fs_getattr_rpc_pipefs'
allow $1 rpc_pipefs_t:filesystem getattr;
kernel,filesystem.if,fs_rw_rpc_named_pipes'
allow $1 rpc_pipefs_t:fifo_file { getattr read write append ioctl lock };
kernel,filesystem.if,fs_mount_tmpfs'
allow $1 tmpfs_t:filesystem mount;
kernel,filesystem.if,fs_remount_tmpfs'
allow $1 tmpfs_t:filesystem remount;
kernel,filesystem.if,fs_unmount_tmpfs'
allow $1 tmpfs_t:filesystem unmount;
kernel,filesystem.if,fs_getattr_tmpfs'
allow $1 tmpfs_t:filesystem getattr;
kernel,filesystem.if,fs_associate_tmpfs'
allow $1 tmpfs_t:filesystem associate;
kernel,filesystem.if,fs_getattr_tmpfs_dirs'
allow $1 tmpfs_t:dir getattr;
kernel,filesystem.if,fs_dontaudit_getattr_tmpfs_dirs'
kernel,filesystem.if,fs_setattr_tmpfs_dirs'
allow $1 tmpfs_t:dir setattr;
kernel,filesystem.if,fs_search_tmpfs'
allow $1 tmpfs_t:dir { getattr search };
kernel,filesystem.if,fs_list_tmpfs'
allow $1 tmpfs_t:dir { getattr search read lock ioctl };
kernel,filesystem.if,fs_dontaudit_list_tmpfs'
kernel,filesystem.if,fs_manage_tmpfs_dirs'
allow $1 tmpfs_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
kernel,filesystem.if,fs_tmpfs_filetrans'
allow $2 tmpfs_t:filesystem associate;
allow $1 tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
kernel,filesystem.if,fs_dontaudit_getattr_tmpfs_files'
kernel,filesystem.if,fs_dontaudit_rw_tmpfs_files'
kernel,filesystem.if,fs_manage_auto_mountpoints'
allow $1 autofs_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
kernel,filesystem.if,fs_rw_tmpfs_files'
allow $1 tmpfs_t:dir { getattr search };
allow $1 tmpfs_t:file { getattr read write append ioctl lock };
kernel,filesystem.if,fs_read_tmpfs_symlinks'
allow $1 tmpfs_t:dir { getattr search };
allow $1 tmpfs_t:lnk_file { getattr read };
kernel,filesystem.if,fs_rw_tmpfs_chr_files'
allow $1 tmpfs_t:dir { getattr search read lock ioctl };
allow $1 tmpfs_t:dir { getattr search };
allow $1 tmpfs_t:chr_file { getattr read write append ioctl lock };
kernel,filesystem.if,fs_dontaudit_use_tmpfs_chr_dev'
kernel,filesystem.if,fs_relabel_tmpfs_chr_file'
allow $1 tmpfs_t:dir { getattr search read lock ioctl };
allow $1 tmpfs_t:dir { getattr search };
allow $1 tmpfs_t:chr_file { getattr relabelfrom relabelto };
kernel,filesystem.if,fs_rw_tmpfs_blk_files'
allow $1 tmpfs_t:dir { getattr search read lock ioctl };
allow $1 tmpfs_t:dir { getattr search };
allow $1 tmpfs_t:blk_file { getattr read write append ioctl lock };
kernel,filesystem.if,fs_relabel_tmpfs_blk_file'
allow $1 tmpfs_t:dir { getattr search read lock ioctl };
allow $1 tmpfs_t:dir { getattr search };
allow $1 tmpfs_t:blk_file { getattr relabelfrom relabelto };
kernel,filesystem.if,fs_manage_tmpfs_files'
allow $1 tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 tmpfs_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,filesystem.if,fs_manage_tmpfs_symlinks'
allow $1 tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 tmpfs_t:lnk_file { create read getattr setattr unlink rename };
kernel,filesystem.if,fs_manage_tmpfs_sockets'
allow $1 tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 tmpfs_t:sock_file { create getattr setattr read write rename link unlink ioctl lock append };
kernel,filesystem.if,fs_manage_tmpfs_chr_files'
allow $1 self:capability mknod;
allow $1 tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 tmpfs_t:chr_file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,filesystem.if,fs_manage_tmpfs_blk_files'
allow $1 self:capability mknod;
allow $1 tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 tmpfs_t:blk_file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,filesystem.if,fs_mount_all_fs'
allow $1 filesystem_type:filesystem mount;
kernel,filesystem.if,fs_remount_all_fs'
allow $1 filesystem_type:filesystem remount;
kernel,filesystem.if,fs_unmount_all_fs'
allow $1 filesystem_type:filesystem unmount;
kernel,filesystem.if,fs_getattr_all_fs'
allow $1 filesystem_type:filesystem getattr;
kernel,filesystem.if,fs_dontaudit_getattr_all_fs'
kernel,filesystem.if,fs_get_all_fs_quotas'
allow $1 filesystem_type:filesystem quotaget;
kernel,filesystem.if,fs_set_all_quotas'
allow $1 filesystem_type:filesystem quotamod;
kernel,filesystem.if,fs_relabelfrom_all_fs'
allow $1 filesystem_type:filesystem relabelfrom;
kernel,filesystem.if,fs_getattr_all_dirs'
allow $1 filesystem_type:dir getattr;
kernel,filesystem.if,fs_search_all'
allow $1 filesystem_type:dir { getattr search };
kernel,filesystem.if,fs_list_all'
allow $1 filesystem_type:dir { getattr search read lock ioctl };
kernel,filesystem.if,fs_getattr_all_files'
allow $1 filesystem_type:dir { getattr search };
allow $1 filesystem_type:file { getattr };
kernel,filesystem.if,fs_getattr_all_symlinks'
allow $1 filesystem_type:dir { getattr search };
allow $1 filesystem_type:lnk_file { getattr };
kernel,filesystem.if,fs_getattr_all_pipes'
allow $1 filesystem_type:dir { getattr search };
allow $1 filesystem_type:fifo_file { getattr };
kernel,filesystem.if,fs_getattr_all_sockets'
allow $1 filesystem_type:dir { getattr search };
allow $1 filesystem_type:sock_file { getattr };
kernel,filesystem.if,fs_dontaudit_getattr_all_files'
kernel,filesystem.if,fs_dontaudit_getattr_all_symlinks'
kernel,filesystem.if,fs_dontaudit_getattr_all_pipes'
kernel,filesystem.if,fs_dontaudit_getattr_all_sockets'
kernel,filesystem.if,fs_unconfined'
kernel,filesystem.if,fs_relabelfrom_noxattr_fs'
allow $1 noxattrfs:dir { getattr search read lock ioctl };
allow $1 noxattrfs:dir { getattr search };
allow $1 noxattrfs:dir { getattr relabelfrom };
allow $1 noxattrfs:dir { getattr search };
allow $1 noxattrfs:file { getattr relabelfrom };
allow $1 noxattrfs:dir { getattr search };
allow $1 noxattrfs:lnk_file { getattr relabelfrom };
allow $1 noxattrfs:dir { getattr search };
allow $1 noxattrfs:fifo_file { getattr relabelfrom };
allow $1 noxattrfs:dir { getattr search };
allow $1 noxattrfs:sock_file { getattr relabelfrom };
allow $1 noxattrfs:dir { getattr search };
allow $1 noxattrfs:blk_file { getattr relabelfrom };
allow $1 noxattrfs:dir { getattr search };
allow $1 noxattrfs:chr_file { getattr relabelfrom };
kernel,kernel.if,kernel_domtrans_to'
allow kernel_t $2:file { getattr read execute };
allow kernel_t $1:process transition;
allow $1 kernel_t:fd use;
allow $1 kernel_t:fifo_file { getattr read write append ioctl lock };
allow $1 kernel_t:process sigchld;
kernel,kernel.if,kernel_ranged_domtrans_to'
kernel,kernel.if,kernel_rootfs_mountpoint'
allow kernel_t $1:dir mounton;
kernel,kernel.if,kernel_setpgid'
allow $1 kernel_t:process setpgid;
kernel,kernel.if,kernel_setsched'
allow $1 kernel_t:process setsched;
kernel,kernel.if,kernel_sigchld'
allow $1 kernel_t:process sigchld;
kernel,kernel.if,kernel_signal'
allow kernel_t $1:process signal;
kernel,kernel.if,kernel_share_state'
allow kernel_t $1:process share;
kernel,kernel.if,kernel_use_fds'
allow $1 kernel_t:fd use;
kernel,kernel.if,kernel_dontaudit_use_fds'
kernel,kernel.if,kernel_rw_pipes'
allow $1 kernel_t:fifo_file { read write };
kernel,kernel.if,kernel_rw_unix_dgram_sockets'
allow $1 kernel_t:unix_dgram_socket { read write ioctl };
kernel,kernel.if,kernel_dgram_send'
allow $1 kernel_t:unix_dgram_socket sendto;
kernel,kernel.if,kernel_tcp_recvfrom'
kernel,kernel.if,kernel_udp_send'
kernel,kernel.if,kernel_udp_recvfrom'
kernel,kernel.if,kernel_load_module'
allow $1 self:capability sys_module;
allow $1 self:capability sys_nice;
kernel,kernel.if,kernel_search_key'
allow $1 kernel_t:key search;
kernel,kernel.if,kernel_dontaudit_search_key'
kernel,kernel.if,kernel_link_key'
allow $1 kernel_t:key link;
kernel,kernel.if,kernel_dontaudit_link_key'
kernel,kernel.if,kernel_read_ring_buffer'
allow $1 kernel_t:system syslog_read;
kernel,kernel.if,kernel_dontaudit_read_ring_buffer'
kernel,kernel.if,kernel_change_ring_buffer_level'
allow $1 kernel_t:system syslog_console;
kernel,kernel.if,kernel_clear_ring_buffer'
allow $1 kernel_t:system syslog_mod;
kernel,kernel.if,kernel_get_sysvipc_info'
allow $1 kernel_t:system ipc_info;
kernel,kernel.if,kernel_getattr_debugfs'
allow $1 debugfs_t:filesystem getattr;
kernel,kernel.if,kernel_mount_debugfs'
allow $1 debugfs_t:filesystem mount;
kernel,kernel.if,kernel_unmount_debugfs'
allow $1 debugfs_t:filesystem unmount;
kernel,kernel.if,kernel_remount_debugfs'
allow $1 debugfs_t:filesystem remount;
kernel,kernel.if,kernel_search_debugfs'
allow $1 debugfs_t:dir { getattr search };
allow $1 debugfs_t:dir { getattr search };
kernel,kernel.if,kernel_read_debugfs'
allow $1 debugfs_t:dir { getattr search };
allow $1 debugfs_t:file { getattr read lock ioctl };
allow $1 debugfs_t:dir { getattr search };
allow $1 debugfs_t:lnk_file { getattr read };
allow $1 debugfs_t:dir { getattr search };
allow $1 debugfs_t:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_mount_kvmfs'
allow $1 kvmfs_t:filesystem mount;
kernel,kernel.if,kernel_unmount_proc'
allow $1 proc_t:filesystem unmount;
kernel,kernel.if,kernel_getattr_proc'
allow $1 proc_t:filesystem getattr;
kernel,kernel.if,kernel_search_proc'
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:dir { getattr search };
kernel,kernel.if,kernel_list_proc'
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_dontaudit_list_proc'
kernel,kernel.if,kernel_getattr_proc_files'
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:file { getattr };
kernel,kernel.if,kernel_read_proc_symlinks'
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:lnk_file { getattr read };
kernel,kernel.if,kernel_read_system_state'
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:file { getattr read lock ioctl };
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:lnk_file { getattr read };
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_write_proc_files'
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:file { getattr write append lock ioctl };
kernel,kernel.if,kernel_dontaudit_read_system_state'
kernel,kernel.if,kernel_dontaudit_read_proc_symlinks'
kernel,kernel.if,kernel_rw_afs_state'
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:dir { getattr search read lock ioctl };
allow $1 proc_afs_t:dir { getattr search };
allow $1 proc_afs_t:file { getattr read write append ioctl lock };
kernel,kernel.if,kernel_read_software_raid_state'
allow $1 proc_t:dir { getattr search };
allow $1 proc_mdstat_t:file { getattr read lock ioctl };
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_rw_software_raid_state'
allow $1 proc_t:dir { getattr search };
allow $1 proc_mdstat_t:file { getattr read write append ioctl lock };
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_getattr_core_if'
allow $1 proc_t:dir { getattr search };
allow $1 proc_kcore_t:file { getattr };
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_dontaudit_getattr_core_if'
kernel,kernel.if,kernel_read_messages'
allow $1 proc_t:dir { getattr search };
allow $1 proc_kmsg_t:file { getattr read lock ioctl };
kernel,kernel.if,kernel_getattr_message_if'
allow $1 proc_t:dir { getattr search };
allow $1 proc_kmsg_t:file { getattr };
kernel,kernel.if,kernel_dontaudit_getattr_message_if'
kernel,kernel.if,kernel_dontaudit_search_network_state'
kernel,kernel.if,kernel_search_network_state'
allow $1 proc_t:dir { getattr search };
allow $1 proc_net_t:dir { getattr search };
kernel,kernel.if,kernel_read_network_state'
allow $1 { proc_t proc_net_t }:dir { getattr search };
allow $1 proc_net_t:file { getattr read lock ioctl };
allow $1 { proc_t proc_net_t }:dir { getattr search };
allow $1 proc_net_t:lnk_file { getattr read };
allow $1 proc_t:dir { getattr search };
allow $1 proc_net_t:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_read_network_state_symlinks'
allow $1 { proc_t proc_net_t }:dir { getattr search };
allow $1 proc_net_t:lnk_file { getattr read };
allow $1 proc_t:dir { getattr search };
allow $1 proc_net_t:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_search_xen_state'
allow $1 proc_t:dir { getattr search };
allow $1 proc_xen_t:dir { getattr search };
kernel,kernel.if,kernel_dontaudit_search_xen_state'
kernel,kernel.if,kernel_read_xen_state'
allow $1 { proc_t proc_xen_t }:dir { getattr search };
allow $1 proc_xen_t:file { getattr read lock ioctl };
allow $1 { proc_t proc_xen_t }:dir { getattr search };
allow $1 proc_xen_t:lnk_file { getattr read };
allow $1 proc_t:dir { getattr search };
allow $1 proc_xen_t:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_read_xen_state_symlinks'
allow $1 { proc_t proc_xen_t }:dir { getattr search };
allow $1 proc_xen_t:lnk_file { getattr read };
allow $1 proc_t:dir { getattr search };
allow $1 proc_xen_t:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_write_xen_state'
allow $1 { proc_t proc_xen_t }:dir { getattr search };
allow $1 proc_xen_t:file { getattr write append lock ioctl };
kernel,kernel.if,kernel_dontaudit_list_all_proc'
kernel,kernel.if,kernel_dontaudit_search_sysctl'
kernel,kernel.if,kernel_read_sysctl'
allow $1 proc_t:dir { getattr search };
allow $1 sysctl_t:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_read_device_sysctls'
allow $1 { proc_t sysctl_t sysctl_dev_t }:dir { getattr search };
allow $1 sysctl_dev_t:file { getattr read lock ioctl };
allow $1 { proc_t sysctl_t }:dir { getattr search };
allow $1 sysctl_dev_t:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_rw_device_sysctls'
allow $1 { proc_t sysctl_t sysctl_dev_t }:dir { getattr search };
allow $1 sysctl_dev_t:file { getattr read write append ioctl lock };
allow $1 { proc_t sysctl_t }:dir { getattr search };
allow $1 sysctl_dev_t:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_search_vm_sysctl'
allow $1 { proc_t sysctl_t }:dir { getattr search };
allow $1 sysctl_vm_t:dir { getattr search };
kernel,kernel.if,kernel_read_vm_sysctls'
allow $1 { proc_t sysctl_t sysctl_vm_t }:dir { getattr search };
allow $1 sysctl_vm_t:file { getattr read lock ioctl };
allow $1 { proc_t sysctl_t }:dir { getattr search };
allow $1 sysctl_vm_t:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_rw_vm_sysctls'
allow $1 { proc_t sysctl_t sysctl_vm_t }:dir { getattr search };
allow $1 sysctl_vm_t:file { getattr read write append ioctl lock };
allow $1 { proc_t sysctl_t }:dir { getattr search };
allow $1 sysctl_vm_t:dir { getattr search read lock ioctl };
allow $1 sysctl_vm_t:dir write;
kernel,kernel.if,kernel_search_network_sysctl'
allow $1 { proc_t sysctl_t }:dir { getattr search };
allow $1 sysctl_net_t:dir { getattr search };
kernel,kernel.if,kernel_dontaudit_search_network_sysctl'
kernel,kernel.if,kernel_read_net_sysctls'
allow $1 { proc_t sysctl_t sysctl_net_t }:dir { getattr search };
allow $1 sysctl_net_t:file { getattr read lock ioctl };
allow $1 { proc_t sysctl_t }:dir { getattr search };
allow $1 sysctl_net_t:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_rw_net_sysctls'
allow $1 { proc_t sysctl_t sysctl_net_t }:dir { getattr search };
allow $1 sysctl_net_t:file { getattr read write append ioctl lock };
allow $1 { proc_t sysctl_t }:dir { getattr search };
allow $1 sysctl_net_t:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_read_unix_sysctls'
allow $1 { proc_t sysctl_t sysctl_net_t }:dir { getattr search };
allow $1 sysctl_net_unix_t:file { getattr read lock ioctl };
allow $1 { proc_t sysctl_t }:dir { getattr search };
allow $1 sysctl_net_t:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_rw_unix_sysctls'
allow $1 { proc_t sysctl_t sysctl_net_t }:dir { getattr search };
allow $1 sysctl_net_unix_t:file { getattr read write append ioctl lock };
allow $1 { proc_t sysctl_t }:dir { getattr search };
allow $1 sysctl_net_t:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_read_hotplug_sysctls'
allow $1 { proc_t sysctl_t sysctl_kernel_t }:dir { getattr search };
allow $1 sysctl_hotplug_t:file { getattr read lock ioctl };
allow $1 { proc_t sysctl_t }:dir { getattr search };
allow $1 sysctl_kernel_t:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_rw_hotplug_sysctls'
allow $1 { proc_t sysctl_t sysctl_kernel_t }:dir { getattr search };
allow $1 sysctl_hotplug_t:file { getattr read write append ioctl lock };
allow $1 { proc_t sysctl_t }:dir { getattr search };
allow $1 sysctl_kernel_t:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_read_modprobe_sysctls'
allow $1 { proc_t sysctl_t sysctl_kernel_t }:dir { getattr search };
allow $1 sysctl_modprobe_t:file { getattr read lock ioctl };
allow $1 { proc_t sysctl_t }:dir { getattr search };
allow $1 sysctl_kernel_t:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_rw_modprobe_sysctls'
allow $1 { proc_t sysctl_t sysctl_kernel_t }:dir { getattr search };
allow $1 sysctl_modprobe_t:file { getattr read write append ioctl lock };
allow $1 { proc_t sysctl_t }:dir { getattr search };
allow $1 sysctl_kernel_t:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_dontaudit_search_kernel_sysctl'
kernel,kernel.if,kernel_read_kernel_sysctls'
allow $1 { proc_t sysctl_t sysctl_kernel_t }:dir { getattr search };
allow $1 sysctl_kernel_t:file { getattr read lock ioctl };
allow $1 { proc_t sysctl_t }:dir { getattr search };
allow $1 sysctl_kernel_t:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_dontaudit_write_kernel_sysctl'
kernel,kernel.if,kernel_rw_kernel_sysctl'
allow $1 { proc_t sysctl_t sysctl_kernel_t }:dir { getattr search };
allow $1 sysctl_kernel_t:file { getattr read write append ioctl lock };
allow $1 { proc_t sysctl_t }:dir { getattr search };
allow $1 sysctl_kernel_t:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_read_fs_sysctls'
allow $1 { proc_t sysctl_t sysctl_fs_t }:dir { getattr search };
allow $1 sysctl_fs_t:file { getattr read lock ioctl };
allow $1 { proc_t sysctl_t }:dir { getattr search };
allow $1 sysctl_fs_t:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_rw_fs_sysctls'
allow $1 { proc_t sysctl_t sysctl_fs_t }:dir { getattr search };
allow $1 sysctl_fs_t:file { getattr read write append ioctl lock };
allow $1 { proc_t sysctl_t }:dir { getattr search };
allow $1 sysctl_fs_t:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_read_irq_sysctls'
allow $1 { proc_t sysctl_irq_t }:dir { getattr search };
allow $1 sysctl_irq_t:file { getattr read lock ioctl };
allow $1 proc_t:dir { getattr search };
allow $1 sysctl_irq_t:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_rw_irq_sysctls'
allow $1 { proc_t sysctl_irq_t }:dir { getattr search };
allow $1 sysctl_irq_t:file { getattr read write append ioctl lock };
allow $1 proc_t:dir { getattr search };
allow $1 sysctl_irq_t:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_read_rpc_sysctls'
allow $1 { proc_t proc_net_t sysctl_rpc_t }:dir { getattr search };
allow $1 sysctl_rpc_t:file { getattr read lock ioctl };
allow $1 { proc_t proc_net_t }:dir { getattr search };
allow $1 sysctl_rpc_t:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_rw_rpc_sysctls'
allow $1 { proc_t proc_net_t sysctl_rpc_t }:dir { getattr search };
allow $1 sysctl_rpc_t:file { getattr read write append ioctl lock };
allow $1 { proc_t proc_net_t }:dir { getattr search };
allow $1 sysctl_rpc_t:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_dontaudit_list_all_sysctls'
kernel,kernel.if,kernel_read_all_sysctls'
allow $1 { proc_t proc_net_t sysctl_type }:dir { getattr search };
allow $1 sysctl_type:file { getattr read lock ioctl };
allow $1 { proc_t proc_net_t }:dir { getattr search };
allow $1 sysctl_type:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_rw_all_sysctls'
allow $1 { proc_t proc_net_t sysctl_type }:dir { getattr search };
allow $1 sysctl_type:file { getattr read write append ioctl lock };
allow $1 sysctl_type:dir { getattr search read lock ioctl };
allow $1 sysctl_type:file setattr;
kernel,kernel.if,kernel_kill_unlabeled'
allow $1 unlabeled_t:process sigkill;
kernel,kernel.if,kernel_signal_unlabeled'
allow $1 unlabeled_t:process signal;
kernel,kernel.if,kernel_signull_unlabeled'
allow $1 unlabeled_t:process signull;
kernel,kernel.if,kernel_sigstop_unlabeled'
allow $1 unlabeled_t:process sigstop;
kernel,kernel.if,kernel_sigchld_unlabeled'
allow $1 unlabeled_t:process sigchld;
kernel,kernel.if,kernel_list_unlabeled'
allow $1 unlabeled_t:dir { getattr search read lock ioctl };
kernel,kernel.if,kernel_read_unlabeled_state'
allow $1 unlabeled_t:dir { getattr search read lock ioctl };
allow $1 unlabeled_t:dir { getattr search };
allow $1 unlabeled_t:file { getattr read lock ioctl };
allow $1 unlabeled_t:dir { getattr search };
allow $1 unlabeled_t:lnk_file { getattr read };
kernel,kernel.if,kernel_dontaudit_list_unlabeled'
kernel,kernel.if,kernel_rw_unlabeled_dirs'
allow $1 unlabeled_t:dir { read getattr lock search ioctl add_name remove_name write };
kernel,kernel.if,kernel_dontaudit_getattr_unlabeled_files'
kernel,kernel.if,kernel_dontaudit_read_unlabeled_files'
kernel,kernel.if,kernel_dontaudit_getattr_unlabeled_symlinks'
kernel,kernel.if,kernel_dontaudit_getattr_unlabeled_pipes'
kernel,kernel.if,kernel_dontaudit_getattr_unlabeled_sockets'
kernel,kernel.if,kernel_dontaudit_getattr_unlabeled_blk_files'
kernel,kernel.if,kernel_rw_unlabeled_blk_files'
allow $1 unlabeled_t:blk_file getattr;
kernel,kernel.if,kernel_dontaudit_getattr_unlabeled_chr_files'
kernel,kernel.if,kernel_relabelfrom_unlabeled_dirs'
allow $1 unlabeled_t:dir { { getattr search read lock ioctl } relabelfrom };
kernel,kernel.if,kernel_relabelfrom_unlabeled_files'
allow $1 unlabeled_t:file { getattr relabelfrom };
kernel,kernel.if,kernel_relabelfrom_unlabeled_symlinks'
allow $1 unlabeled_t:lnk_file { getattr relabelfrom };
kernel,kernel.if,kernel_relabelfrom_unlabeled_pipes'
allow $1 unlabeled_t:fifo_file { getattr relabelfrom };
kernel,kernel.if,kernel_relabelfrom_unlabeled_sockets'
allow $1 unlabeled_t:sock_file { getattr relabelfrom };
kernel,kernel.if,kernel_sendrecv_unlabeled_association'
allow $1 unlabeled_t:association { sendto recvfrom };
allow $1 unlabeled_t:packet { send recv };
kernel,kernel.if,kernel_dontaudit_sendrecv_unlabeled_association'
kernel,kernel.if,kernel_tcp_recvfrom_unlabeled'
allow $1 unlabeled_t:tcp_socket recvfrom;
kernel,kernel.if,kernel_dontaudit_tcp_recvfrom_unlabeled'
kernel,kernel.if,kernel_udp_recvfrom_unlabeled'
allow $1 unlabeled_t:udp_socket recvfrom;
kernel,kernel.if,kernel_dontaudit_udp_recvfrom_unlabeled'
kernel,kernel.if,kernel_recvfrom_unlabeled'
allow $1 unlabeled_t:rawip_socket recvfrom;
kernel,kernel.if,kernel_dontaudit_recvfrom_unlabeled'
kernel,kernel.if,kernel_sendrecv_unlabeled_packets'
allow $1 unlabeled_t:packet { send recv };
kernel,kernel.if,kernel_recvfrom_unlabeled_peer'
allow $1 unlabeled_t:peer recv;
kernel,kernel.if,kernel_dontaudit_recvfrom_unlabeled_peer'
kernel,kernel.if,kernel_relabelfrom_unlabeled_database'
allow $1 unlabeled_t:db_database { setattr relabelfrom };
allow $1 unlabeled_t:db_table { setattr relabelfrom };
allow $1 unlabeled_t:db_procedure { setattr relabelfrom };
allow $1 unlabeled_t:db_column { setattr relabelfrom };
allow $1 unlabeled_t:db_tuple { update relabelfrom };
allow $1 unlabeled_t:db_blob { setattr relabelfrom };
kernel,kernel.if,kernel_unconfined'
kernel,mcs.if,mcs_killall'
kernel,mcs.if,mcs_ptrace_all'
kernel,mcs.if,mcs_process_set_categories'
kernel,mls.if,mls_file_read_to_clearance'
kernel,mls.if,mls_file_read_up'
kernel,mls.if,mls_file_read_all_levels'
kernel,mls.if,mls_file_write_to_clearance'
kernel,mls.if,mls_file_write_down'
kernel,mls.if,mls_file_write_all_levels'
kernel,mls.if,mls_file_upgrade'
kernel,mls.if,mls_file_downgrade'
kernel,mls.if,mls_file_write_within_range'
kernel,mls.if,mls_socket_read_all_levels'
kernel,mls.if,mls_socket_read_to_clearance'
kernel,mls.if,mls_socket_write_to_clearance'
kernel,mls.if,mls_socket_write_all_levels'
kernel,mls.if,mls_net_receive_all_levels'
kernel,mls.if,mls_net_write_within_range'
kernel,mls.if,mls_sysvipc_read_to_clearance'
kernel,mls.if,mls_sysvipc_read_all_levels'
kernel,mls.if,mls_sysvipc_write_to_clearance'
kernel,mls.if,mls_sysvipc_write_all_levels'
kernel,mls.if,mls_rangetrans_source'
kernel,mls.if,mls_rangetrans_target'
kernel,mls.if,mls_process_read_to_clearance'
kernel,mls.if,mls_process_read_up'
kernel,mls.if,mls_process_read_all_levels'
kernel,mls.if,mls_process_write_to_clearance'
kernel,mls.if,mls_process_write_down'
kernel,mls.if,mls_process_write_all_levels'
kernel,mls.if,mls_process_set_level'
kernel,mls.if,mls_xwin_read_to_clearance'
kernel,mls.if,mls_xwin_read_all_levels'
kernel,mls.if,mls_xwin_write_to_clearance'
kernel,mls.if,mls_xwin_write_all_levels'
kernel,mls.if,mls_colormap_read_all_levels'
kernel,mls.if,mls_colormap_write_all_levels'
kernel,mls.if,mls_trusted_object'
kernel,mls.if,mls_fd_use_all_levels'
kernel,mls.if,mls_fd_share_all_levels'
kernel,mls.if,mls_context_translate_all_levels'
kernel,mls.if,mls_db_read_all_levels'
kernel,mls.if,mls_db_write_all_levels'
kernel,mls.if,mls_db_upgrade'
kernel,mls.if,mls_db_downgrade'
kernel,mls.if,mls_dbus_send_all_levels'
kernel,mls.if,mls_dbus_recv_all_levels'
kernel,selinux.if,selinux_get_fs_mount'
allow $1 security_t:filesystem getattr;
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:file { getattr read lock ioctl };
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:lnk_file { getattr read };
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:dir { getattr search read lock ioctl };
kernel,selinux.if,selinux_dontaudit_get_fs_mount'
kernel,selinux.if,selinux_getattr_fs'
allow $1 security_t:filesystem getattr;
kernel,selinux.if,selinux_dontaudit_getattr_fs'
kernel,selinux.if,selinux_dontaudit_getattr_dir'
kernel,selinux.if,selinux_search_fs'
allow $1 security_t:dir { getattr search };
kernel,selinux.if,selinux_dontaudit_search_fs'
kernel,selinux.if,selinux_dontaudit_read_fs'
kernel,selinux.if,selinux_get_enforce_mode'
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read lock ioctl };
kernel,selinux.if,selinux_set_enforce_mode'
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read write append ioctl lock };
allow $1 security_t:security setenforce;
kernel,selinux.if,selinux_load_policy'
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read write append ioctl lock };
allow $1 security_t:security load_policy;
kernel,selinux.if,selinux_set_boolean'
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read write append ioctl lock };
allow $1 security_t:security setbool;
kernel,selinux.if,selinux_set_parameters'
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read write append ioctl lock };
allow $1 security_t:security setsecparam;
kernel,selinux.if,selinux_validate_context'
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read write append ioctl lock };
allow $1 security_t:security check_context;
kernel,selinux.if,selinux_dontaudit_validate_context'
kernel,selinux.if,selinux_compute_access_vector'
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read write append ioctl lock };
allow $1 security_t:security compute_av;
kernel,selinux.if,selinux_compute_create_context'
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read write append ioctl lock };
allow $1 security_t:security compute_create;
kernel,selinux.if,selinux_compute_member'
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read write append ioctl lock };
allow $1 security_t:security compute_member;
kernel,selinux.if,selinux_compute_relabel_context'
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read write append ioctl lock };
allow $1 security_t:security compute_relabel;
kernel,selinux.if,selinux_compute_user_contexts'
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read write append ioctl lock };
allow $1 security_t:security compute_user;
kernel,selinux.if,selinux_unconfined'
kernel,storage.if,storage_getattr_fixed_disk_dev'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 fixed_disk_device_t:blk_file getattr;
kernel,storage.if,storage_dontaudit_getattr_fixed_disk_dev'
kernel,storage.if,storage_setattr_fixed_disk_dev'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 fixed_disk_device_t:blk_file setattr;
kernel,storage.if,storage_dontaudit_setattr_fixed_disk_dev'
kernel,storage.if,storage_read_fixed_disk'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 fixed_disk_device_t:blk_file { getattr read lock ioctl };
allow $1 fixed_disk_device_t:chr_file { getattr read lock ioctl };
kernel,storage.if,storage_dontaudit_read_fixed_disk'
kernel,storage.if,storage_write_fixed_disk'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 fixed_disk_device_t:blk_file { getattr write append lock ioctl };
allow $1 fixed_disk_device_t:chr_file { getattr write append lock ioctl };
kernel,storage.if,storage_dontaudit_write_fixed_disk'
kernel,storage.if,storage_rw_fixed_disk'
kernel,storage.if,storage_manage_fixed_disk'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 self:capability mknod;
allow $1 fixed_disk_device_t:blk_file { create open getattr setattr read write append rename link unlink ioctl lock };
kernel,storage.if,storage_dev_filetrans_fixed_disk'
allow $1 device_t:dir { read getattr lock search ioctl add_name remove_name write };
allow fixed_disk_device_t tmpfs_t:filesystem associate;
allow fixed_disk_device_t tmp_t:filesystem associate;
kernel,storage.if,storage_tmpfs_filetrans_fixed_disk'
allow fixed_disk_device_t tmpfs_t:filesystem associate;
allow $1 tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
kernel,storage.if,storage_relabel_fixed_disk'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 fixed_disk_device_t:blk_file { getattr relabelfrom relabelto };
kernel,storage.if,storage_swapon_fixed_disk'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 fixed_disk_device_t:blk_file { getattr swapon };
kernel,storage.if,storage_getattr_fuse_dev'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 fuse_device_t:chr_file getattr;
kernel,storage.if,storage_rw_fuse'
allow $1 fuse_device_t:chr_file { getattr read write append ioctl lock };
kernel,storage.if,storage_dontaudit_rw_fuse'
kernel,storage.if,storage_getattr_scsi_generic_dev'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 scsi_generic_device_t:chr_file getattr;
kernel,storage.if,storage_setattr_scsi_generic_dev'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 scsi_generic_device_t:chr_file setattr;
kernel,storage.if,storage_read_scsi_generic'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 scsi_generic_device_t:chr_file { getattr read lock ioctl };
kernel,storage.if,storage_write_scsi_generic'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 scsi_generic_device_t:chr_file { getattr write append lock ioctl };
kernel,storage.if,storage_setattr_scsi_generic_dev_dev'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 scsi_generic_device_t:chr_file setattr;
kernel,storage.if,storage_dontaudit_rw_scsi_generic'
kernel,storage.if,storage_getattr_removable_dev'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 removable_device_t:blk_file getattr;
kernel,storage.if,storage_dontaudit_getattr_removable_dev'
kernel,storage.if,storage_dontaudit_read_removable_device'
kernel,storage.if,storage_setattr_removable_dev'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 removable_device_t:blk_file setattr;
kernel,storage.if,storage_dontaudit_setattr_removable_dev'
kernel,storage.if,storage_read_removable_device'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 removable_device_t:blk_file { getattr read lock ioctl };
kernel,storage.if,storage_dontaudit_read_removable_device'
kernel,storage.if,storage_write_removable_device'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 removable_device_t:blk_file { getattr write append lock ioctl };
kernel,storage.if,storage_dontaudit_write_removable_device'
kernel,storage.if,storage_read_tape'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 tape_device_t:chr_file { getattr read lock ioctl };
kernel,storage.if,storage_write_tape'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 tape_device_t:chr_file { getattr write append lock ioctl };
kernel,storage.if,storage_getattr_tape_dev'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 tape_device_t:chr_file getattr;
kernel,storage.if,storage_setattr_tape_dev'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 tape_device_t:chr_file setattr;
kernel,storage.if,storage_unconfined'
kernel,terminal.if,term_pty'
allow $1 devpts_t:filesystem associate;
kernel,terminal.if,term_user_pty'
kernel,terminal.if,term_login_pty'
kernel,terminal.if,term_tty'
kernel,terminal.if,term_user_tty'
kernel,terminal.if,term_create_pty'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 ptmx_t:chr_file { getattr read write append ioctl lock };
allow $1 devpts_t:dir { getattr search read lock ioctl };
allow $1 devpts_t:filesystem getattr;
kernel,terminal.if,term_use_all_terms'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 devpts_t:dir { getattr search read lock ioctl };
allow $1 { console_device_t tty_device_t ttynode ptynode }:chr_file { getattr read write append ioctl lock };
kernel,terminal.if,term_write_console'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 console_device_t:chr_file { getattr write append lock ioctl };
kernel,terminal.if,term_read_console'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 console_device_t:chr_file { getattr read lock ioctl };
kernel,terminal.if,term_use_console'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 console_device_t:chr_file { getattr read write append ioctl lock };
kernel,terminal.if,term_dontaudit_use_console'
kernel,terminal.if,term_setattr_console'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 console_device_t:chr_file setattr;
kernel,terminal.if,term_relabel_console'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 console_device_t:chr_file { relabelfrom relabelto };
kernel,terminal.if,term_create_console_dev'
allow $1 device_t:dir { getattr search lock ioctl write add_name };
allow $1 console_device_t:chr_file create;
allow $1 self:capability mknod;
kernel,terminal.if,term_getattr_pty_fs'
allow $1 devpts_t:filesystem getattr;
kernel,terminal.if,term_dontaudit_getattr_pty_dirs'
kernel,terminal.if,term_search_ptys'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 devpts_t:dir { getattr search };
kernel,terminal.if,term_dontaudit_search_ptys'
kernel,terminal.if,term_list_ptys'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 devpts_t:dir { getattr search read lock ioctl };
kernel,terminal.if,term_dontaudit_list_ptys'
kernel,terminal.if,term_dontaudit_manage_pty_dirs'
kernel,terminal.if,term_ioctl_generic_ptys'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 devpts_t:dir search;
allow $1 devpts_t:chr_file ioctl;
kernel,terminal.if,term_setattr_generic_ptys'
allow $1 devpts_t:chr_file setattr;
kernel,terminal.if,term_dontaudit_setattr_generic_ptys'
kernel,terminal.if,term_use_generic_ptys'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 devpts_t:dir { getattr search read lock ioctl };
allow $1 devpts_t:chr_file { { getattr read write ioctl } lock append };
kernel,terminal.if,term_dontaudit_use_generic_ptys'
kernel,terminal.if,term_use_controlling_term'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 devtty_t:chr_file { { getattr read write ioctl } lock append };
kernel,terminal.if,term_use_ptmx'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 ptmx_t:chr_file { getattr read write append ioctl lock };
kernel,terminal.if,term_dontaudit_use_ptmx'
kernel,terminal.if,term_getattr_all_user_ptys'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 devpts_t:dir { getattr search read lock ioctl };
allow $1 ptynode:chr_file getattr;
kernel,terminal.if,term_dontaudit_getattr_all_user_ptys'
kernel,terminal.if,term_setattr_all_user_ptys'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 devpts_t:dir { getattr search read lock ioctl };
allow $1 ptynode:chr_file setattr;
kernel,terminal.if,term_relabelto_all_user_ptys'
allow $1 ptynode:chr_file relabelto;
kernel,terminal.if,term_write_all_user_ptys'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 ptynode:chr_file { getattr write append lock ioctl };
kernel,terminal.if,term_use_all_user_ptys'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 devpts_t:dir { getattr search read lock ioctl };
allow $1 ptynode:chr_file { { getattr read write ioctl } lock append };
kernel,terminal.if,term_dontaudit_use_all_user_ptys'
kernel,terminal.if,term_relabel_all_user_ptys'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 devpts_t:dir { getattr search };
allow $1 ptynode:chr_file { getattr relabelfrom relabelto };
kernel,terminal.if,term_getattr_unallocated_ttys'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 tty_device_t:chr_file getattr;
kernel,terminal.if,term_dontaudit_getattr_unallocated_ttys'
kernel,terminal.if,term_setattr_unallocated_ttys'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 tty_device_t:chr_file setattr;
kernel,terminal.if,term_dontaudit_setattr_unallocated_ttys'
kernel,terminal.if,term_dontaudit_ioctl_unallocated_ttys'
kernel,terminal.if,term_relabel_unallocated_ttys'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 tty_device_t:chr_file { relabelfrom relabelto };
kernel,terminal.if,term_reset_tty_labels'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 ttynode:chr_file relabelfrom;
allow $1 tty_device_t:chr_file relabelto;
kernel,terminal.if,term_append_unallocated_ttys'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 tty_device_t:chr_file { getattr append lock ioctl };
kernel,terminal.if,term_write_unallocated_ttys'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 tty_device_t:chr_file { getattr write append lock ioctl };
kernel,terminal.if,term_use_unallocated_ttys'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 tty_device_t:chr_file { getattr read write append ioctl lock };
kernel,terminal.if,term_dontaudit_use_unallocated_ttys'
kernel,terminal.if,term_getattr_all_user_ttys'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 ttynode:chr_file getattr;
kernel,terminal.if,term_dontaudit_getattr_all_user_ttys'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
kernel,terminal.if,term_setattr_all_user_ttys'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 ttynode:chr_file setattr;
kernel,terminal.if,term_relabel_all_user_ttys'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 ttynode:chr_file { relabelfrom relabelto };
kernel,terminal.if,term_write_all_user_ttys'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 ttynode:chr_file { getattr write append lock ioctl };
kernel,terminal.if,term_use_all_user_ttys'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 ttynode:chr_file { getattr read write append ioctl lock };
kernel,terminal.if,term_dontaudit_use_all_user_ttys'
kernel,ubac.if,ubac_constrained'
kernel,ubac.if,ubac_file_exempt'
kernel,ubac.if,ubac_process_exempt'
kernel,ubac.if,ubac_fd_exempt'
kernel,ubac.if,ubac_socket_exempt'
kernel,ubac.if,ubac_sysvipc_exempt'
kernel,ubac.if,ubac_xwin_exempt'
kernel,ubac.if,ubac_dbus_exempt'
kernel,ubac.if,ubac_key_exempt'
kernel,ubac.if,ubac_db_exempt'
roles,auditadm.if,auditadm_role_change'
allow $1 auditadm_r;
roles,auditadm.if,auditadm_role_change_to'
allow auditadm_r $1;
roles,secadm.if,secadm_role_change'
allow $1 secadm_r;
roles,secadm.if,secadm_role_change_to_template'
allow secadm_r $1;
roles,staff.if,staff_role_change'
allow $1 staff_r;
roles,staff.if,staff_role_change_to'
allow staff_r $1;
roles,sysadm.if,sysadm_role_change'
allow $1 sysadm_r;
roles,sysadm.if,sysadm_role_change_to'
allow sysadm_r $1;
roles,sysadm.if,sysadm_shell_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search read lock ioctl };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:lnk_file { getattr read };
allow $1 shell_exec_t:file { getattr read execute };
allow $1 sysadm_t:process transition;
allow sysadm_t $1:fd use;
allow sysadm_t $1:fifo_file { getattr read write append ioctl lock };
allow sysadm_t $1:process sigchld;
roles,sysadm.if,sysadm_bin_spec_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:lnk_file { getattr read };
allow $1 bin_t:file { getattr read execute };
allow $1 sysadm_t:process transition;
allow sysadm_t $1:fd use;
allow sysadm_t $1:fifo_file { getattr read write append ioctl lock };
allow sysadm_t $1:process sigchld;
roles,sysadm.if,sysadm_entry_spec_domtrans'
allow $1 entry_type:file { getattr read execute };
allow $1 sysadm_t:process transition;
allow sysadm_t $1:fd use;
allow sysadm_t $1:fifo_file { getattr read write append ioctl lock };
allow sysadm_t $1:process sigchld;
roles,sysadm.if,sysadm_bin_spec_domtrans_to'
allow sysadm_t bin_t:dir { getattr search };
allow sysadm_t bin_t:lnk_file { getattr read };
allow sysadm_t bin_t:file { getattr read execute };
allow sysadm_t $1:process transition;
allow $1 sysadm_t:fd use;
allow $1 sysadm_t:fifo_file { getattr read write append ioctl lock };
allow $1 sysadm_t:process sigchld;
roles,sysadm.if,sysadm_sigchld'
allow $1 sysadm_t:process sigchld;
roles,sysadm.if,sysadm_use_fds'
allow $1 sysadm_t:fd use;
roles,sysadm.if,sysadm_rw_pipes'
allow $1 sysadm_t:fifo_file { getattr read write append ioctl lock };
roles,unprivuser.if,unprivuser_role_change'
allow $1 user_r;
roles,unprivuser.if,unprivuser_role_change_to'
allow user_r $1;
services,aide.if,aide_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 aide_exec_t:file { getattr read execute };
allow $1 aide_t:process transition;
allow aide_t $1:fd use;
allow aide_t $1:fifo_file { getattr read write append ioctl lock };
allow aide_t $1:process sigchld;
services,aide.if,aide_run'
services,aide.if,aide_admin'
allow $1 aide_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 aide_t:dir { search getattr read };
allow $1 aide_t:{ file lnk_file } { read getattr };
allow $1 aide_t:process getattr;
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
services,amavis.if,amavis_domtrans'
allow $1 amavis_exec_t:file { getattr read execute };
allow $1 amavis_t:process transition;
allow amavis_t $1:fd use;
allow amavis_t $1:fifo_file { getattr read write append ioctl lock };
allow amavis_t $1:process sigchld;
services,amavis.if,amavis_read_spool_files'
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search };
allow $1 amavis_spool_t:file { getattr read lock ioctl };
services,amavis.if,amavis_manage_spool_files'
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search };
allow $1 amavis_spool_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 amavis_spool_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 amavis_spool_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 amavis_spool_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
services,amavis.if,amavis_spool_filetrans'
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search };
allow $1 amavis_spool_t:dir { read getattr lock search ioctl add_name remove_name write };
services,amavis.if,amavis_search_lib'
allow $1 amavis_var_lib_t:dir { getattr search };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
services,amavis.if,amavis_read_lib_files'
allow $1 amavis_var_lib_t:dir { getattr search };
allow $1 amavis_var_lib_t:file { getattr read lock ioctl };
allow $1 amavis_var_lib_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
services,amavis.if,amavis_manage_lib_files'
allow $1 amavis_var_lib_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 amavis_var_lib_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
services,amavis.if,amavis_setattr_pid_files'
allow $1 amavis_var_run_t:file setattr;
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
services,amavis.if,amavis_create_pid_files'
allow $1 amavis_var_run_t:file { getattr create open };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
services,amavis.if,amavis_admin'
allow $1 amavis_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 amavis_t:dir { search getattr read };
allow $1 amavis_t:{ file lnk_file } { read getattr };
allow $1 amavis_t:process getattr;
allow $1 amavis_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search read lock ioctl };
allow $1 tmp_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
allow httpd_$1_script_t httpdcontent:file entrypoint;
allow httpd_$1_script_t httpdcontent:dir { read getattr lock search ioctl add_name remove_name write };
allow httpd_$1_script_t httpdcontent:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow httpd_$1_script_t httpdcontent:dir { read getattr lock search ioctl add_name remove_name write };
allow httpd_$1_script_t httpdcontent:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow httpd_$1_script_t httpdcontent:dir { read getattr lock search ioctl add_name remove_name write };
allow httpd_$1_script_t httpdcontent:lnk_file { create read getattr setattr unlink rename };
allow httpd_$1_script_t httpdcontent:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow httpd_$1_script_t public_content_rw_t:dir { read getattr lock search ioctl add_name remove_name write };
allow httpd_$1_script_t public_content_rw_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow httpd_$1_script_t public_content_rw_t:dir { read getattr lock search ioctl add_name remove_name write };
allow httpd_$1_script_t public_content_rw_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow httpd_$1_script_t public_content_rw_t:dir { read getattr lock search ioctl add_name remove_name write };
allow httpd_$1_script_t public_content_rw_t:lnk_file { create read getattr setattr unlink rename };
allow httpd_t httpd_$1_script_rw_t:dir { read getattr lock search ioctl add_name remove_name write };
allow httpd_t httpd_$1_script_rw_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow httpd_t httpd_$1_script_rw_t:dir { read getattr lock search ioctl add_name remove_name write };
allow httpd_t httpd_$1_script_rw_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow httpd_t httpd_$1_script_rw_t:dir { read getattr lock search ioctl add_name remove_name write };
allow httpd_t httpd_$1_script_rw_t:lnk_file { create read getattr setattr unlink rename };
allow httpd_t httpd_$1_script_rw_t:dir { getattr search };
allow httpd_t httpd_$1_script_rw_t:sock_file { getattr read write append };
allow httpd_t httpd_$1_script_ra_t:dir { { getattr search read lock ioctl } { getattr search lock ioctl write add_name } };
allow httpd_t httpd_$1_script_ra_t:dir { getattr search };
allow httpd_t httpd_$1_script_ra_t:file { getattr read lock ioctl };
allow httpd_t httpd_$1_script_ra_t:dir { getattr search };
allow httpd_t httpd_$1_script_ra_t:file { getattr append lock ioctl };
allow httpd_t httpd_$1_script_ra_t:dir { getattr search };
allow httpd_t httpd_$1_script_ra_t:lnk_file { getattr read };
allow httpd_t httpd_$1_script_ro_t:dir { getattr search read lock ioctl };
allow httpd_t httpd_$1_script_ro_t:dir { getattr search };
allow httpd_t httpd_$1_script_ro_t:file { getattr read lock ioctl };
allow httpd_t httpd_$1_script_ro_t:dir { getattr search };
allow httpd_t httpd_$1_script_ro_t:lnk_file { getattr read };
allow httpd_t httpd_$1_content_t:dir { getattr search read lock ioctl };
allow httpd_t httpd_$1_content_t:dir { getattr search };
allow httpd_t httpd_$1_content_t:file { getattr read lock ioctl };
allow httpd_t httpd_$1_content_t:dir { getattr search };
allow httpd_t httpd_$1_content_t:lnk_file { getattr read };
allow httpd_$1_script_t httpd_$1_script_exec_t:file entrypoint;
allow httpd_exec_scripts httpd_$1_script_exec_t:file { getattr read execute };
allow httpd_exec_scripts httpd_$1_script_t:process transition;
allow httpd_$1_script_t httpd_exec_scripts:fd use;
allow httpd_$1_script_t httpd_exec_scripts:fifo_file { getattr read write append ioctl lock };
allow httpd_$1_script_t httpd_exec_scripts:process sigchld;
allow httpd_t httpd_$1_script_exec_t:file { getattr read execute };
allow httpd_t httpd_$1_script_t:process transition;
allow httpd_$1_script_t httpd_t:fd use;
allow httpd_$1_script_t httpd_t:fifo_file { getattr read write append ioctl lock };
allow httpd_$1_script_t httpd_t:process sigchld;
allow httpd_t httpd_$1_script_t:process { signal sigkill sigstop };
allow httpd_t httpd_$1_script_exec_t:dir { getattr search read lock ioctl };
allow httpd_$1_script_t self:process { setsched { sigchld sigkill sigstop signull signal } };
allow httpd_$1_script_t self:unix_stream_socket { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } listen accept };
allow httpd_$1_script_t httpd_t:fd use;
allow httpd_$1_script_t httpd_t:process sigchld;
allow httpd_$1_script_t proc_t:dir { getattr search };
allow httpd_$1_script_t proc_t:file { getattr read lock ioctl };
allow httpd_$1_script_t proc_t:dir { getattr search };
allow httpd_$1_script_t proc_t:lnk_file { getattr read };
allow httpd_$1_script_t proc_t:dir { getattr search };
allow httpd_$1_script_t proc_t:dir { getattr search read lock ioctl };
allow httpd_$1_script_t device_t:dir { getattr search };
allow httpd_$1_script_t urandom_device_t:chr_file { getattr read lock ioctl };
allow httpd_$1_script_t fs_t:filesystem getattr;
allow httpd_$1_script_t etc_t:dir { getattr search read lock ioctl };
allow httpd_$1_script_t etc_t:dir { getattr search };
allow httpd_$1_script_t etc_runtime_t:file { getattr read lock ioctl };
allow httpd_$1_script_t etc_t:dir { getattr search };
allow httpd_$1_script_t etc_runtime_t:lnk_file { getattr read };
allow httpd_$1_script_t usr_t:dir { getattr search read lock ioctl };
allow httpd_$1_script_t usr_t:dir { getattr search };
allow httpd_$1_script_t usr_t:file { getattr read lock ioctl };
allow httpd_$1_script_t usr_t:dir { getattr search };
allow httpd_$1_script_t usr_t:lnk_file { getattr read };
allow httpd_$1_script_t usr_t:dir { getattr search };
allow httpd_$1_script_t lib_t:dir { getattr search };
allow httpd_$1_script_t lib_t:dir { getattr search read lock ioctl };
allow httpd_$1_script_t lib_t:dir { getattr search };
allow httpd_$1_script_t lib_t:file { getattr read lock ioctl };
allow httpd_$1_script_t lib_t:dir { getattr search };
allow httpd_$1_script_t lib_t:lnk_file { getattr read };
allow httpd_$1_script_t etc_t:dir { getattr search };
allow httpd_$1_script_t etc_t:lnk_file { getattr read };
allow httpd_$1_script_t usr_t:dir { getattr search };
allow httpd_$1_script_t locale_t:dir { getattr search read lock ioctl };
allow httpd_$1_script_t locale_t:dir { getattr search };
allow httpd_$1_script_t locale_t:file { getattr read lock ioctl };
allow httpd_$1_script_t locale_t:dir { getattr search };
allow httpd_$1_script_t locale_t:lnk_file { getattr read };
allow httpd_$1_script_t usr_t:dir { getattr search };
allow httpd_$1_script_t lib_t:dir { getattr search };
allow httpd_$1_script_t lib_t:dir { getattr search read lock ioctl };
allow httpd_$1_script_t lib_t:dir { getattr search };
allow httpd_$1_script_t lib_t:file { getattr read lock ioctl };
allow httpd_$1_script_t lib_t:dir { getattr search };
allow httpd_$1_script_t lib_t:lnk_file { getattr read };
allow httpd_$1_script_t self:tcp_socket { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } listen accept };
allow httpd_$1_script_t self:udp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow httpd_$1_script_t unlabeled_t:tcp_socket recvfrom;
allow httpd_$1_script_t unlabeled_t:udp_socket recvfrom;
allow httpd_$1_script_t unlabeled_t:rawip_socket recvfrom;
allow httpd_$1_script_t unlabeled_t:peer recv;
allow httpd_$1_script_t unlabeled_t:association { sendto recvfrom };
allow httpd_$1_script_t unlabeled_t:packet { send recv };
allow httpd_$1_script_t netlabel_peer_t:peer recv;
allow httpd_$1_script_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow httpd_$1_script_t netif_type:netif { tcp_send tcp_recv egress ingress };
allow httpd_$1_script_t netif_type:netif { udp_send egress };
allow httpd_$1_script_t netif_type:netif { udp_recv ingress };
allow httpd_$1_script_t node_type:node { tcp_send tcp_recv sendto recvfrom };
allow httpd_$1_script_t node_type:node { udp_send sendto };
allow httpd_$1_script_t node_type:node { udp_recv recvfrom };
allow httpd_$1_script_t port_type:tcp_socket { send_msg recv_msg };
allow httpd_$1_script_t port_type:udp_socket send_msg;
allow httpd_$1_script_t port_type:udp_socket recv_msg;
allow httpd_$1_script_t etc_t:dir { getattr search };
allow httpd_$1_script_t net_conf_t:file { getattr read lock ioctl };
allow httpd_$1_script_t self:tcp_socket { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } listen accept };
allow httpd_$1_script_t self:udp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow httpd_$1_script_t unlabeled_t:tcp_socket recvfrom;
allow httpd_$1_script_t unlabeled_t:udp_socket recvfrom;
allow httpd_$1_script_t unlabeled_t:rawip_socket recvfrom;
allow httpd_$1_script_t unlabeled_t:peer recv;
allow httpd_$1_script_t unlabeled_t:association { sendto recvfrom };
allow httpd_$1_script_t unlabeled_t:packet { send recv };
allow httpd_$1_script_t netlabel_peer_t:peer recv;
allow httpd_$1_script_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow httpd_$1_script_t netif_type:netif { tcp_send tcp_recv egress ingress };
allow httpd_$1_script_t netif_type:netif { udp_send egress };
allow httpd_$1_script_t netif_type:netif { udp_recv ingress };
allow httpd_$1_script_t node_type:node { tcp_send tcp_recv sendto recvfrom };
allow httpd_$1_script_t node_type:node { udp_send sendto };
allow httpd_$1_script_t node_type:node { udp_recv recvfrom };
allow httpd_$1_script_t port_type:tcp_socket { send_msg recv_msg };
allow httpd_$1_script_t port_type:udp_socket send_msg;
allow httpd_$1_script_t port_type:udp_socket recv_msg;
allow httpd_$1_script_t port_type:tcp_socket name_connect;
allow httpd_$1_script_t client_packet_type:packet send;
allow httpd_$1_script_t client_packet_type:packet recv;
allow httpd_$1_script_t etc_t:dir { getattr search };
allow httpd_$1_script_t net_conf_t:file { getattr read lock ioctl };
services,apache.if,# tunable_policy(`httpd_enable_cgi && httpd_can_network_connect_db'
services,apache.if,# tunable_policy(`httpd_enable_cgi && allow_ypbind'
services,apache.if,# tunable_policy(`httpd_enable_cgi && httpd_can_network_connect_db'
services,apache.if,apache_role'
allow $2 httpd_user_content_t:{ dir file lnk_file } { relabelto relabelfrom };
allow $2 httpd_user_htaccess_t:file { { create open getattr setattr read write append rename link unlink ioctl lock } relabelto relabelfrom };
allow $2 httpd_user_script_ra_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 httpd_user_script_ra_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $2 httpd_user_script_ra_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 httpd_user_script_ra_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 httpd_user_script_ra_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 httpd_user_script_ra_t:lnk_file { create read getattr setattr unlink rename };
allow $2 httpd_user_script_ra_t:dir { getattr search };
allow $2 httpd_user_script_ra_t:dir { getattr relabelfrom relabelto };
allow $2 httpd_user_script_ra_t:dir { getattr search };
allow $2 httpd_user_script_ra_t:file { getattr relabelfrom relabelto };
allow $2 httpd_user_script_ra_t:dir { getattr search };
allow $2 httpd_user_script_ra_t:lnk_file { getattr relabelfrom relabelto };
allow $2 httpd_user_script_ro_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 httpd_user_script_ro_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $2 httpd_user_script_ro_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 httpd_user_script_ro_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 httpd_user_script_ro_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 httpd_user_script_ro_t:lnk_file { create read getattr setattr unlink rename };
allow $2 httpd_user_script_ro_t:dir { getattr search };
allow $2 httpd_user_script_ro_t:dir { getattr relabelfrom relabelto };
allow $2 httpd_user_script_ro_t:dir { getattr search };
allow $2 httpd_user_script_ro_t:file { getattr relabelfrom relabelto };
allow $2 httpd_user_script_ro_t:dir { getattr search };
allow $2 httpd_user_script_ro_t:lnk_file { getattr relabelfrom relabelto };
allow $2 httpd_user_script_rw_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 httpd_user_script_rw_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $2 httpd_user_script_rw_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 httpd_user_script_rw_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 httpd_user_script_rw_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 httpd_user_script_rw_t:lnk_file { create read getattr setattr unlink rename };
allow $2 httpd_user_script_rw_t:dir { getattr search };
allow $2 httpd_user_script_rw_t:dir { getattr relabelfrom relabelto };
allow $2 httpd_user_script_rw_t:dir { getattr search };
allow $2 httpd_user_script_rw_t:file { getattr relabelfrom relabelto };
allow $2 httpd_user_script_rw_t:dir { getattr search };
allow $2 httpd_user_script_rw_t:lnk_file { getattr relabelfrom relabelto };
allow $2 httpd_user_script_exec_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 httpd_user_script_exec_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $2 httpd_user_script_exec_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 httpd_user_script_exec_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 httpd_user_script_exec_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 httpd_user_script_exec_t:lnk_file { create read getattr setattr unlink rename };
allow $2 httpd_user_script_exec_t:dir { getattr search };
allow $2 httpd_user_script_exec_t:dir { getattr relabelfrom relabelto };
allow $2 httpd_user_script_exec_t:dir { getattr search };
allow $2 httpd_user_script_exec_t:file { getattr relabelfrom relabelto };
allow $2 httpd_user_script_exec_t:dir { getattr search };
allow $2 httpd_user_script_exec_t:lnk_file { getattr relabelfrom relabelto };
allow $2 httpd_user_script_exec_t:file { getattr read execute };
allow $2 httpd_user_script_t:process transition;
allow httpd_user_script_t $2:fd use;
allow httpd_user_script_t $2:fifo_file { getattr read write append ioctl lock };
allow httpd_user_script_t $2:process sigchld;
allow $2 httpdcontent:file { getattr read execute };
allow $2 httpd_user_script_t:process transition;
allow httpd_user_script_t $2:fd use;
allow httpd_user_script_t $2:fifo_file { getattr read write append ioctl lock };
allow httpd_user_script_t $2:process sigchld;
services,apache.if,apache_read_user_scripts'
allow $1 httpd_user_script_exec_t:dir { getattr search read lock ioctl };
allow $1 httpd_user_script_exec_t:dir { getattr search };
allow $1 httpd_user_script_exec_t:file { getattr read lock ioctl };
allow $1 httpd_user_script_exec_t:dir { getattr search };
allow $1 httpd_user_script_exec_t:lnk_file { getattr read };
services,apache.if,apache_read_user_content'
allow $1 httpd_user_content_t:dir { getattr search read lock ioctl };
allow $1 httpd_user_content_t:dir { getattr search };
allow $1 httpd_user_content_t:file { getattr read lock ioctl };
allow $1 httpd_user_content_t:dir { getattr search };
allow $1 httpd_user_content_t:lnk_file { getattr read };
services,apache.if,apache_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 httpd_exec_t:file { getattr read execute };
allow $1 httpd_t:process transition;
allow httpd_t $1:fd use;
allow httpd_t $1:fifo_file { getattr read write append ioctl lock };
allow httpd_t $1:process sigchld;
services,apache.if,apache_signull'
allow $1 httpd_t:process signull;
services,apache.if,apache_sigchld'
allow $1 httpd_t:process sigchld;
services,apache.if,apache_use_fds'
allow $1 httpd_t:fd use;
services,apache.if,apache_dontaudit_rw_stream_sockets'
services,apache.if,apache_dontaudit_rw_tcp_sockets'
services,apache.if,apache_manage_all_content'
allow $1 httpdcontent:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 httpdcontent:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 httpdcontent:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 httpdcontent:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 httpdcontent:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 httpdcontent:lnk_file { create read getattr setattr unlink rename };
allow $1 httpd_script_exec_type:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 httpd_script_exec_type:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 httpd_script_exec_type:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 httpd_script_exec_type:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 httpd_script_exec_type:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 httpd_script_exec_type:lnk_file { create read getattr setattr unlink rename };
services,apache.if,apache_rw_cache_files'
allow $1 httpd_cache_t:file { getattr read write append ioctl lock };
services,apache.if,apache_read_config'
allow $1 etc_t:dir { getattr search };
allow $1 httpd_config_t:dir { getattr search read lock ioctl };
allow $1 httpd_config_t:dir { getattr search };
allow $1 httpd_config_t:file { getattr read lock ioctl };
allow $1 httpd_config_t:dir { getattr search };
allow $1 httpd_config_t:lnk_file { getattr read };
services,apache.if,apache_manage_config'
allow $1 etc_t:dir { getattr search };
allow $1 httpd_config_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 httpd_config_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 httpd_config_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 httpd_config_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 httpd_config_t:dir { getattr search };
allow $1 httpd_config_t:lnk_file { getattr read };
services,apache.if,apache_domtrans_helper'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 httpd_helper_exec_t:file { getattr read execute };
allow $1 httpd_helper_t:process transition;
allow httpd_helper_t $1:fd use;
allow httpd_helper_t $1:fifo_file { getattr read write append ioctl lock };
allow httpd_helper_t $1:process sigchld;
services,apache.if,apache_run_helper'
services,apache.if,apache_read_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 httpd_log_t:dir { getattr search read lock ioctl };
allow $1 httpd_log_t:dir { getattr search };
allow $1 httpd_log_t:file { getattr read lock ioctl };
allow $1 httpd_log_t:dir { getattr search };
allow $1 httpd_log_t:lnk_file { getattr read };
services,apache.if,apache_append_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 httpd_log_t:dir { getattr search read lock ioctl };
allow $1 httpd_log_t:dir { getattr search };
allow $1 httpd_log_t:file { getattr append lock ioctl };
services,apache.if,apache_dontaudit_append_log'
services,apache.if,apache_manage_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 httpd_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 httpd_log_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 httpd_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 httpd_log_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 httpd_log_t:dir { getattr search };
allow $1 httpd_log_t:lnk_file { getattr read };
services,apache.if,apache_dontaudit_search_modules'
services,apache.if,apache_list_modules'
allow $1 httpd_modules_t:dir { getattr search read lock ioctl };
services,apache.if,apache_exec_modules'
allow $1 httpd_modules_t:dir { getattr search read lock ioctl };
allow $1 httpd_modules_t:lnk_file { getattr read };
allow $1 httpd_modules_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
services,apache.if,apache_domtrans_rotatelogs'
allow $1 httpd_rotatelogs_exec_t:file { getattr read execute };
allow $1 httpd_rotatelogs_t:process transition;
allow httpd_rotatelogs_t $1:fd use;
allow httpd_rotatelogs_t $1:fifo_file { getattr read write append ioctl lock };
allow httpd_rotatelogs_t $1:process sigchld;
services,apache.if,apache_manage_sys_content'
allow $1 var_t:dir { getattr search };
allow $1 httpd_sys_content_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 httpd_sys_content_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 httpd_sys_content_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 httpd_sys_content_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 httpd_sys_content_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 httpd_sys_content_t:lnk_file { create read getattr setattr unlink rename };
services,apache.if,apache_domtrans_sys_script'
allow $1 httpdcontent:file { getattr read execute };
allow $1 httpd_sys_script_t:process transition;
allow httpd_sys_script_t $1:fd use;
allow httpd_sys_script_t $1:fifo_file { getattr read write append ioctl lock };
allow httpd_sys_script_t $1:process sigchld;
services,apache.if,apache_dontaudit_rw_sys_script_stream_sockets'
services,apache.if,apache_domtrans_all_scripts'
services,apache.if,apache_run_all_scripts'
services,apache.if,apache_read_squirrelmail_data'
allow $1 httpd_squirrelmail_t:file { getattr read lock ioctl };
services,apache.if,apache_append_squirrelmail_data'
allow $1 httpd_squirrelmail_t:file { getattr append lock ioctl };
services,apache.if,apache_search_sys_content'
allow $1 httpd_sys_content_t:dir { getattr search };
services,apache.if,apache_read_sys_content'
allow $1 httpd_sys_content_t:dir { getattr search read lock ioctl };
allow $1 httpd_sys_content_t:dir { getattr search };
allow $1 httpd_sys_content_t:file { getattr read lock ioctl };
allow $1 httpd_sys_content_t:dir { getattr search };
allow $1 httpd_sys_content_t:lnk_file { getattr read };
services,apache.if,apache_search_sys_scripts'
allow $1 httpd_sys_content_t:dir { getattr search };
allow $1 httpd_sys_script_exec_t:dir { getattr search };
services,apache.if,apache_manage_all_user_content'
allow $1 httpd_user_content_type:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 httpd_user_content_type:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 httpd_user_content_type:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 httpd_user_content_type:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 httpd_user_content_type:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 httpd_user_content_type:lnk_file { create read getattr setattr unlink rename };
allow $1 httpd_user_script_exec_type:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 httpd_user_script_exec_type:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 httpd_user_script_exec_type:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 httpd_user_script_exec_type:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 httpd_user_script_exec_type:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 httpd_user_script_exec_type:lnk_file { create read getattr setattr unlink rename };
services,apache.if,apache_search_sys_script_state'
allow $1 httpd_sys_script_t:dir { getattr search };
services,apache.if,apache_cgi_domain'
allow httpd_t $2:file { getattr read execute };
allow httpd_t $1:process transition;
allow $1 httpd_t:fd use;
allow $1 httpd_t:fifo_file { getattr read write append ioctl lock };
allow $1 httpd_t:process sigchld;
allow httpd_t $1:process signal;
services,apcupsd.if,apcupsd_domtrans'
allow $1 apcupsd_exec_t:file { getattr read execute };
allow $1 apcupsd_t:process transition;
allow apcupsd_t $1:fd use;
allow apcupsd_t $1:fifo_file { getattr read write append ioctl lock };
allow apcupsd_t $1:process sigchld;
services,apcupsd.if,apcupsd_read_pid_files'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 apcupsd_var_run_t:file { getattr read lock ioctl };
services,apcupsd.if,apcupsd_read_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 apcupsd_log_t:dir { getattr search read lock ioctl };
allow $1 apcupsd_log_t:file { getattr read lock ioctl };
services,apcupsd.if,apcupsd_append_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 apcupsd_log_t:dir { getattr search read lock ioctl };
allow $1 apcupsd_log_t:file { getattr append lock ioctl };
services,apcupsd.if,apcupsd_cgi_script_domtrans'
allow $1 httpd_apcupsd_cgi_script_exec_t:file { getattr read execute };
allow $1 httpd_apcupsd_cgi_script_t:process transition;
allow httpd_apcupsd_cgi_script_t $1:fd use;
allow httpd_apcupsd_cgi_script_t $1:fifo_file { getattr read write append ioctl lock };
allow httpd_apcupsd_cgi_script_t $1:process sigchld;
services,apcupsd.if,apcupsd_admin'
allow $1 apcupsd_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 apcupsd_t:dir { search getattr read };
allow $1 apcupsd_t:{ file lnk_file } { read getattr };
allow $1 apcupsd_t:process getattr;
allow $1 apcupsd_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 var_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
allow $1 tmp_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,apm.if,apm_domtrans_client'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 apm_exec_t:file { getattr read execute };
allow $1 apm_t:process transition;
allow apm_t $1:fd use;
allow apm_t $1:fifo_file { getattr read write append ioctl lock };
allow apm_t $1:process sigchld;
services,apm.if,apm_use_fds'
allow $1 apmd_t:fd use;
services,apm.if,apm_write_pipes'
allow $1 apmd_t:fifo_file write;
services,apm.if,apm_rw_stream_sockets'
allow $1 apmd_t:unix_stream_socket { read write };
services,apm.if,apm_append_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 apmd_log_t:file append;
services,apm.if,apm_stream_connect'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 apmd_var_run_t:sock_file write;
allow $1 apmd_t:unix_stream_socket connectto;
services,arpwatch.if,arpwatch_search_data'
allow $1 arpwatch_data_t:dir { getattr search };
services,arpwatch.if,arpwatch_manage_data_files'
allow $1 arpwatch_data_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 arpwatch_data_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
services,arpwatch.if,arpwatch_rw_tmp_files'
allow $1 arpwatch_tmp_t:file { getattr read write append ioctl lock };
services,arpwatch.if,arpwatch_manage_tmp_files'
allow $1 arpwatch_tmp_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
services,arpwatch.if,arpwatch_dontaudit_rw_packet_sockets'
services,arpwatch.if,arpwatch_admin'
allow $1 arpwatch_t:process { ptrace { sigchld sigkill sigstop signull signal } getattr };
allow $1 arpwatch_t:dir { search getattr read };
allow $1 arpwatch_t:{ file lnk_file } { read getattr };
allow $1 arpwatch_t:process getattr;
allow $1 arpwatch_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 tmp_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,asterisk.if,asterisk_admin'
allow $1 asterisk_t:process { ptrace { sigchld sigkill sigstop signull signal } getattr };
allow $1 asterisk_t:dir { search getattr read };
allow $1 asterisk_t:{ file lnk_file } { read getattr };
allow $1 asterisk_t:process getattr;
allow $1 asterisk_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 tmp_t:dir { getattr search read lock ioctl };
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,automount.if,automount_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 automount_exec_t:file { getattr read execute };
allow $1 automount_t:process transition;
allow automount_t $1:fd use;
allow automount_t $1:fifo_file { getattr read write append ioctl lock };
allow automount_t $1:process sigchld;
services,automount.if,automount_exec_config'
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 etc_t:dir { getattr search };
allow $1 etc_t:lnk_file { getattr read };
allow $1 etc_t:dir { getattr search };
allow $1 etc_t:file { getattr read execute execute_no_trans };
services,automount.if,automount_read_state'
allow $1 automount_t:dir { getattr search };
allow $1 automount_t:file { getattr read lock ioctl };
services,automount.if,automount_dontaudit_use_fds'
services,automount.if,automount_dontaudit_write_pipes'
services,automount.if,automount_dontaudit_getattr_tmp_dirs'
services,automount.if,automount_admin'
allow $1 automount_t:process { ptrace { sigchld sigkill sigstop signull signal } getattr };
allow $1 automount_t:dir { search getattr read };
allow $1 automount_t:{ file lnk_file } { read getattr };
allow $1 automount_t:process getattr;
allow $1 automount_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 var_t:dir { getattr search read lock ioctl };
allow $1 tmp_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,avahi.if,avahi_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 avahi_exec_t:file { getattr read execute };
allow $1 avahi_t:process transition;
allow avahi_t $1:fd use;
allow avahi_t $1:fifo_file { getattr read write append ioctl lock };
allow avahi_t $1:process sigchld;
services,avahi.if,avahi_signal'
allow $1 avahi_t:process signal;
services,avahi.if,avahi_kill'
allow $1 avahi_t:process sigkill;
services,avahi.if,avahi_dbus_chat'
allow $1 avahi_t:dbus send_msg;
allow avahi_t $1:dbus send_msg;
services,avahi.if,avahi_stream_connect'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 avahi_var_run_t:dir { getattr search };
allow $1 avahi_var_run_t:sock_file { getattr write };
allow $1 avahi_t:unix_stream_socket connectto;
services,avahi.if,avahi_dontaudit_search_pid'
services,avahi.if,avahi_admin'
allow $1 avahi_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 avahi_t:dir { search getattr read };
allow $1 avahi_t:{ file lnk_file } { read getattr };
allow $1 avahi_t:process getattr;
allow $1 avahi_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,bind.if,bind_domtrans_ndc'
allow $1 ndc_exec_t:file { getattr read execute };
allow $1 ndc_t:process transition;
allow ndc_t $1:fd use;
allow ndc_t $1:fifo_file { getattr read write append ioctl lock };
allow ndc_t $1:process sigchld;
services,bind.if,bind_signal'
allow $1 named_t:process signal;
services,bind.if,bind_run_ndc'
services,bind.if,bind_domtrans'
allow $1 named_exec_t:file { getattr read execute };
allow $1 named_t:process transition;
allow named_t $1:fd use;
allow named_t $1:fifo_file { getattr read write append ioctl lock };
allow named_t $1:process sigchld;
services,bind.if,bind_read_dnssec_keys'
allow $1 { named_conf_t named_zone_t }:dir { getattr search };
allow $1 dnssec_t:file { getattr read lock ioctl };
services,bind.if,bind_read_config'
allow $1 named_conf_t:dir { getattr search };
allow $1 named_conf_t:file { getattr read lock ioctl };
services,bind.if,bind_write_config'
allow $1 named_conf_t:dir { getattr search };
allow $1 named_conf_t:file { getattr write append lock ioctl };
allow $1 named_conf_t:file setattr;
services,bind.if,bind_manage_config_dirs'
allow $1 named_conf_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 named_conf_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
services,bind.if,bind_search_cache'
allow $1 var_t:dir { getattr search };
allow $1 named_conf_t:dir { getattr search };
allow $1 named_zone_t:dir { getattr search };
allow $1 named_cache_t:dir { getattr search };
services,bind.if,bind_manage_cache'
allow $1 var_t:dir { getattr search };
allow $1 named_zone_t:dir { getattr search };
allow $1 named_cache_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 named_cache_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 named_cache_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 named_cache_t:lnk_file { create read getattr setattr unlink rename };
services,bind.if,bind_setattr_pid_dirs'
allow $1 named_var_run_t:dir setattr;
services,bind.if,bind_read_zone'
allow $1 var_t:dir { getattr search };
allow $1 named_zone_t:dir { getattr search };
allow $1 named_zone_t:file { getattr read lock ioctl };
services,bind.if,bind_udp_chat_named'
services,bind.if,bind_admin'
allow $1 named_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 named_t:dir { search getattr read };
allow $1 named_t:{ file lnk_file } { read getattr };
allow $1 named_t:process getattr;
allow $1 ndc_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 ndc_t:dir { search getattr read };
allow $1 ndc_t:{ file lnk_file } { read getattr };
allow $1 ndc_t:process getattr;
allow $2 system_r;
allow $1 tmp_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,bitlbee.if,bitlbee_read_config'
allow $1 etc_t:dir { getattr search };
allow $1 bitlbee_conf_t:dir { getattr search read lock ioctl };
allow $1 bitlbee_conf_t:file { getattr read lock ioctl };
services,bitlbee.if,bitlbee_admin'
allow $1 bitlbee_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 bitlbee_t:dir { search getattr read };
allow $1 bitlbee_t:{ file lnk_file } { read getattr };
allow $1 bitlbee_t:process getattr;
allow $1 bitlbee_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search read lock ioctl };
services,bluetooth.if,bluetooth_role'
allow $2 bluetooth_helper_exec_t:file { getattr read execute };
allow $2 bluetooth_helper_t:process transition;
allow bluetooth_helper_t $2:fd use;
allow bluetooth_helper_t $2:fifo_file { getattr read write append ioctl lock };
allow bluetooth_helper_t $2:process sigchld;
allow $2 bluetooth_helper_t:dir { search getattr read };
allow $2 bluetooth_helper_t:{ file lnk_file } { read getattr };
allow $2 bluetooth_helper_t:process getattr;
allow $2 bluetooth_helper_t:process signal;
allow $2 bluetooth_helper_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 bluetooth_helper_tmp_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $2 bluetooth_helper_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 bluetooth_helper_tmp_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 bluetooth_helper_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 bluetooth_helper_tmp_t:sock_file { create getattr setattr read write rename link unlink ioctl lock append };
allow $2 bluetooth_helper_tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 bluetooth_helper_tmpfs_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $2 bluetooth_helper_tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 bluetooth_helper_tmpfs_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
services,bluetooth.if,bluetooth_domtrans'
allow $1 bluetooth_exec_t:file { getattr read execute };
allow $1 bluetooth_t:process transition;
allow bluetooth_t $1:fd use;
allow bluetooth_t $1:fifo_file { getattr read write append ioctl lock };
allow bluetooth_t $1:process sigchld;
services,bluetooth.if,bluetooth_read_config'
allow $1 bluetooth_conf_t:file { getattr read ioctl };
services,bluetooth.if,bluetooth_dbus_chat'
allow $1 bluetooth_t:dbus send_msg;
allow bluetooth_t $1:dbus send_msg;
services,bluetooth.if,bluetooth_domtrans_helper'
services,bluetooth.if,bluetooth_run_helper'
services,bluetooth.if,bluetooth_dontaudit_read_helper_state'
services,bluetooth.if,bluetooth_admin'
allow $1 bluetooth_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 bluetooth_t:dir { search getattr read };
allow $1 bluetooth_t:{ file lnk_file } { read getattr };
allow $1 bluetooth_t:process getattr;
allow $1 bluetooth_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 tmp_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search read lock ioctl };
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,canna.if,canna_stream_connect'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 canna_var_run_t:dir { getattr search };
allow $1 canna_var_run_t:sock_file { getattr write };
allow $1 canna_t:unix_stream_socket connectto;
services,canna.if,canna_admin'
allow $1 canna_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 canna_t:dir { search getattr read };
allow $1 canna_t:{ file lnk_file } { read getattr };
allow $1 canna_t:process getattr;
allow $1 canna_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,ccs.if,ccs_domtrans'
allow $1 ccs_exec_t:file { getattr read execute };
allow $1 ccs_t:process transition;
allow ccs_t $1:fd use;
allow ccs_t $1:fifo_file { getattr read write append ioctl lock };
allow ccs_t $1:process sigchld;
services,ccs.if,ccs_stream_connect'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 ccs_var_run_t:dir { getattr search };
allow $1 ccs_var_run_t:sock_file { getattr write };
allow $1 ccs_t:unix_stream_socket connectto;
services,ccs.if,ccs_read_config'
allow $1 cluster_conf_t:dir { getattr search };
allow $1 cluster_conf_t:file { getattr read lock ioctl };
services,ccs.if,ccs_manage_config'
allow $1 cluster_conf_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 cluster_conf_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 cluster_conf_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 cluster_conf_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
services,clamav.if,clamav_domtrans'
allow $1 clamd_exec_t:file { getattr read execute };
allow $1 clamd_t:process transition;
allow clamd_t $1:fd use;
allow clamd_t $1:fifo_file { getattr read write append ioctl lock };
allow clamd_t $1:process sigchld;
services,clamav.if,clamav_stream_connect'
allow $1 clamd_var_run_t:dir { getattr search };
allow $1 clamd_var_run_t:sock_file { getattr write };
allow $1 clamd_t:unix_stream_socket connectto;
services,clamav.if,clamav_read_config'
allow $1 etc_t:dir { getattr search };
allow $1 clamd_etc_t:file { getattr read lock ioctl };
services,clamav.if,clamav_search_lib'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 clamd_var_lib_t:dir { getattr search };
services,clamav.if,clamav_domtrans_clamscan'
allow $1 clamscan_exec_t:file { getattr read execute };
allow $1 clamscan_t:process transition;
allow clamscan_t $1:fd use;
allow clamscan_t $1:fifo_file { getattr read write append ioctl lock };
allow clamscan_t $1:process sigchld;
services,clockspeed.if,clockspeed_domtrans_cli'
allow $1 clockspeed_cli_exec_t:file { getattr read execute };
allow $1 clockspeed_cli_t:process transition;
allow clockspeed_cli_t $1:fd use;
allow clockspeed_cli_t $1:fifo_file { getattr read write append ioctl lock };
allow clockspeed_cli_t $1:process sigchld;
services,clockspeed.if,clockspeed_run_cli'
services,consolekit.if,consolekit_domtrans'
allow $1 consolekit_exec_t:file { getattr read execute };
allow $1 consolekit_t:process transition;
allow consolekit_t $1:fd use;
allow consolekit_t $1:fifo_file { getattr read write append ioctl lock };
allow consolekit_t $1:process sigchld;
services,consolekit.if,consolekit_dbus_chat'
allow $1 consolekit_t:dbus send_msg;
allow consolekit_t $1:dbus send_msg;
allow courier_$1_t courier_$1_exec_t:file entrypoint;
allow courier_$1_t courier_$1_exec_t:file { { getattr read execute ioctl } ioctl lock };
allow courier_$1_t courier_$1_exec_t:file entrypoint;
allow courier_$1_t courier_$1_exec_t:file { { getattr read execute ioctl } ioctl lock };
allow initrc_t courier_$1_exec_t:file { getattr read execute };
allow initrc_t courier_$1_t:process transition;
allow courier_$1_t initrc_t:fd use;
allow courier_$1_t initrc_t:fifo_file { getattr read write append ioctl lock };
allow courier_$1_t initrc_t:process sigchld;
allow courier_$1_t device_t:dir { getattr search };
allow courier_$1_t device_t:dir { getattr search read lock ioctl };
allow courier_$1_t device_t:dir { getattr search };
allow courier_$1_t device_t:lnk_file { getattr read };
allow courier_$1_t devpts_t:dir { getattr search read lock ioctl };
allow courier_$1_t initrc_devpts_t:chr_file { { getattr read write ioctl } lock append };
allow courier_$1_t self:capability dac_override;
allow courier_$1_t self:process { setpgid { sigchld sigkill sigstop signull signal } };
allow courier_$1_t self:fifo_file { read write getattr };
allow courier_$1_t self:tcp_socket { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } listen accept };
allow courier_$1_t self:udp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow courier_$1_t courier_$1_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow courier_$1_t courier_etc_t:dir { getattr search };
allow courier_$1_t courier_etc_t:file { getattr read lock ioctl };
allow courier_$1_t courier_etc_t:dir { getattr search read lock ioctl };
allow courier_$1_t courier_var_run_t:dir { read getattr lock search ioctl add_name remove_name write };
allow courier_$1_t courier_var_run_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow courier_$1_t courier_var_run_t:dir { read getattr lock search ioctl add_name remove_name write };
allow courier_$1_t courier_var_run_t:lnk_file { create read getattr setattr unlink rename };
allow courier_$1_t courier_var_run_t:dir { read getattr lock search ioctl add_name remove_name write };
allow courier_$1_t courier_var_run_t:sock_file { create getattr setattr read write rename link unlink ioctl lock append };
allow courier_$1_t var_t:dir { getattr search };
allow courier_$1_t var_run_t:dir { getattr search };
allow courier_$1_t proc_t:dir { getattr search };
allow courier_$1_t proc_t:file { getattr read lock ioctl };
allow courier_$1_t proc_t:dir { getattr search };
allow courier_$1_t proc_t:lnk_file { getattr read };
allow courier_$1_t proc_t:dir { getattr search };
allow courier_$1_t proc_t:dir { getattr search read lock ioctl };
allow courier_$1_t { proc_t sysctl_t sysctl_kernel_t }:dir { getattr search };
allow courier_$1_t sysctl_kernel_t:file { getattr read lock ioctl };
allow courier_$1_t { proc_t sysctl_t }:dir { getattr search };
allow courier_$1_t sysctl_kernel_t:dir { getattr search read lock ioctl };
allow courier_$1_t bin_t:dir { getattr search };
allow courier_$1_t bin_t:lnk_file { getattr read };
allow courier_$1_t bin_t:dir { getattr search };
allow courier_$1_t bin_t:dir { getattr search read lock ioctl };
allow courier_$1_t bin_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow courier_$1_t unlabeled_t:tcp_socket recvfrom;
allow courier_$1_t unlabeled_t:udp_socket recvfrom;
allow courier_$1_t unlabeled_t:rawip_socket recvfrom;
allow courier_$1_t unlabeled_t:peer recv;
allow courier_$1_t unlabeled_t:association { sendto recvfrom };
allow courier_$1_t unlabeled_t:packet { send recv };
allow courier_$1_t netlabel_peer_t:peer recv;
allow courier_$1_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow courier_$1_t netif_t:netif { tcp_send tcp_recv egress ingress };
allow courier_$1_t netif_t:netif { udp_send egress };
allow courier_$1_t netif_t:netif { udp_recv ingress };
allow courier_$1_t node_type:node { tcp_send tcp_recv sendto recvfrom };
allow courier_$1_t node_type:node { udp_send sendto };
allow courier_$1_t node_type:node { udp_recv recvfrom };
allow courier_$1_t port_type:tcp_socket { send_msg recv_msg };
allow courier_$1_t port_type:udp_socket send_msg;
allow courier_$1_t port_type:udp_socket recv_msg;
allow courier_$1_t sysfs_t:dir { getattr search };
allow courier_$1_t sysfs_t:file { getattr read lock ioctl };
allow courier_$1_t sysfs_t:dir { getattr search };
allow courier_$1_t sysfs_t:lnk_file { getattr read };
allow courier_$1_t sysfs_t:dir { getattr search };
allow courier_$1_t sysfs_t:dir { getattr search read lock ioctl };
allow courier_$1_t privfd:fd use;
allow courier_$1_t etc_t:dir { getattr search read lock ioctl };
allow courier_$1_t etc_t:dir { getattr search };
allow courier_$1_t etc_t:file { getattr read lock ioctl };
allow courier_$1_t etc_t:dir { getattr search };
allow courier_$1_t etc_t:lnk_file { getattr read };
allow courier_$1_t etc_t:dir { getattr search read lock ioctl };
allow courier_$1_t etc_t:dir { getattr search };
allow courier_$1_t etc_runtime_t:file { getattr read lock ioctl };
allow courier_$1_t etc_t:dir { getattr search };
allow courier_$1_t etc_runtime_t:lnk_file { getattr read };
allow courier_$1_t usr_t:dir { getattr search read lock ioctl };
allow courier_$1_t usr_t:dir { getattr search };
allow courier_$1_t usr_t:file { getattr read lock ioctl };
allow courier_$1_t usr_t:dir { getattr search };
allow courier_$1_t usr_t:lnk_file { getattr read };
allow courier_$1_t fs_t:filesystem getattr;
allow courier_$1_t autofs_t:dir { getattr search };
allow courier_$1_t devlog_t:lnk_file read;
allow courier_$1_t devlog_t:sock_file { getattr read write append };
allow courier_$1_t syslogd_t:unix_dgram_socket sendto;
allow courier_$1_t syslogd_t:unix_stream_socket connectto;
allow courier_$1_t self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow courier_$1_t self:unix_stream_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow courier_$1_t device_t:dir { getattr search };
allow courier_$1_t device_t:dir { getattr search read lock ioctl };
allow courier_$1_t device_t:dir { getattr search };
allow courier_$1_t device_t:lnk_file { getattr read };
allow courier_$1_t console_device_t:chr_file { getattr read write append ioctl lock };
allow courier_$1_t etc_t:dir { getattr search };
allow courier_$1_t net_conf_t:file { getattr read lock ioctl };
allow courier_$1_t courier_$1_exec_t:file entrypoint;
allow courier_$1_t courier_$1_exec_t:file { { getattr read execute ioctl } ioctl lock };
services,courier.if,courier_domtrans_authdaemon'
allow $1 courier_authdaemon_exec_t:file { getattr read execute };
allow $1 courier_authdaemon_t:process transition;
allow courier_authdaemon_t $1:fd use;
allow courier_authdaemon_t $1:fifo_file { getattr read write append ioctl lock };
allow courier_authdaemon_t $1:process sigchld;
services,courier.if,courier_domtrans_pop'
allow $1 courier_pop_exec_t:file { getattr read execute };
allow $1 courier_pop_t:process transition;
allow courier_pop_t $1:fd use;
allow courier_pop_t $1:fifo_file { getattr read write append ioctl lock };
allow courier_pop_t $1:process sigchld;
services,courier.if,courier_read_config'
allow $1 courier_etc_t:dir { getattr search };
allow $1 courier_etc_t:file { getattr read lock ioctl };
services,courier.if,courier_manage_spool_dirs'
allow $1 courier_spool_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 courier_spool_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
services,courier.if,courier_manage_spool_files'
allow $1 courier_spool_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 courier_spool_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
services,courier.if,courier_rw_spool_pipes'
allow $1 courier_spool_t:fifo_file { getattr read write append ioctl lock };
services,cpucontrol.if,cpucontrol_stub'
allow $1_t crontab_exec_t:file entrypoint;
allow $1_t crontab_exec_t:file { { getattr read execute ioctl } ioctl lock };
services,cron.if,cron_role'
allow $2 cronjob_t:dir { search getattr read };
allow $2 cronjob_t:{ file lnk_file } { read getattr };
allow $2 cronjob_t:process getattr;
allow $2 crontab_exec_t:file { getattr read execute };
allow $2 crontab_t:process transition;
allow crontab_t $2:fd use;
allow crontab_t $2:fifo_file { getattr read write append ioctl lock };
allow crontab_t $2:process sigchld;
allow $2 crontab_t:dir { search getattr read };
allow $2 crontab_t:{ file lnk_file } { read getattr };
allow $2 crontab_t:process getattr;
allow $2 crontab_t:process signal;
allow crontab_t bin_t:dir { getattr search };
allow crontab_t bin_t:lnk_file { getattr read };
allow crontab_t bin_t:dir { getattr search };
allow crontab_t bin_t:dir { getattr search read lock ioctl };
allow crontab_t bin_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow crontab_t bin_t:dir { getattr search };
allow crontab_t bin_t:dir { getattr search read lock ioctl };
allow crontab_t bin_t:dir { getattr search };
allow crontab_t bin_t:lnk_file { getattr read };
allow crontab_t shell_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow cronjob_t $2:dbus send_msg;
services,cron.if,cron_unconfined_role'
allow $2 unconfined_cronjob_t:dir { search getattr read };
allow $2 unconfined_cronjob_t:{ file lnk_file } { read getattr };
allow $2 unconfined_cronjob_t:process getattr;
allow $2 crontab_exec_t:file { getattr read execute };
allow $2 crontab_t:process transition;
allow crontab_t $2:fd use;
allow crontab_t $2:fifo_file { getattr read write append ioctl lock };
allow crontab_t $2:process sigchld;
allow $2 crontab_t:dir { search getattr read };
allow $2 crontab_t:{ file lnk_file } { read getattr };
allow $2 crontab_t:process getattr;
allow $2 crontab_t:process signal;
allow crontab_t bin_t:dir { getattr search };
allow crontab_t bin_t:lnk_file { getattr read };
allow crontab_t bin_t:dir { getattr search };
allow crontab_t bin_t:dir { getattr search read lock ioctl };
allow crontab_t bin_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow crontab_t bin_t:dir { getattr search };
allow crontab_t bin_t:dir { getattr search read lock ioctl };
allow crontab_t bin_t:dir { getattr search };
allow crontab_t bin_t:lnk_file { getattr read };
allow crontab_t shell_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow unconfined_cronjob_t $2:dbus send_msg;
services,cron.if,cron_admin_role'
allow $2 cronjob_t:dir { search getattr read };
allow $2 cronjob_t:{ file lnk_file } { read getattr };
allow $2 cronjob_t:process getattr;
allow $2 self:passwd crontab;
allow $2 crontab_exec_t:file { getattr read execute };
allow $2 admin_crontab_t:process transition;
allow admin_crontab_t $2:fd use;
allow admin_crontab_t $2:fifo_file { getattr read write append ioctl lock };
allow admin_crontab_t $2:process sigchld;
allow $2 admin_crontab_t:dir { search getattr read };
allow $2 admin_crontab_t:{ file lnk_file } { read getattr };
allow $2 admin_crontab_t:process getattr;
allow $2 admin_crontab_t:process signal;
allow admin_crontab_t bin_t:dir { getattr search };
allow admin_crontab_t bin_t:lnk_file { getattr read };
allow admin_crontab_t bin_t:dir { getattr search };
allow admin_crontab_t bin_t:dir { getattr search read lock ioctl };
allow admin_crontab_t bin_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow admin_crontab_t bin_t:dir { getattr search };
allow admin_crontab_t bin_t:dir { getattr search read lock ioctl };
allow admin_crontab_t bin_t:dir { getattr search };
allow admin_crontab_t bin_t:lnk_file { getattr read };
allow admin_crontab_t shell_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow cronjob_t $2:dbus send_msg;
services,cron.if,cron_system_entry'
allow system_cronjob_t $2:file { getattr read execute };
allow system_cronjob_t $1:process transition;
allow $1 system_cronjob_t:fd use;
allow $1 system_cronjob_t:fifo_file { getattr read write append ioctl lock };
allow $1 system_cronjob_t:process sigchld;
allow $1 crond_t:fifo_file { getattr read write append ioctl lock };
allow $1 crond_t:fd use;
allow $1 crond_t:process sigchld;
services,cron.if,cron_use_fds'
allow $1 crond_t:fd use;
services,cron.if,cron_sigchld'
allow $1 crond_t:process sigchld;
services,cron.if,cron_read_pipes'
allow $1 crond_t:fifo_file { getattr read lock ioctl };
services,cron.if,cron_dontaudit_write_pipes'
services,cron.if,cron_rw_pipes'
allow $1 crond_t:fifo_file { getattr read write };
services,cron.if,cron_rw_tcp_sockets'
allow $1 crond_t:tcp_socket { read write };
services,cron.if,cron_search_spool'
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search };
allow $1 cron_spool_t:dir { getattr search };
services,cron.if,cron_anacron_domtrans_system_job'
allow $1 anacron_exec_t:file { getattr read execute };
allow $1 system_cronjob_t:process transition;
allow system_cronjob_t $1:fd use;
allow system_cronjob_t $1:fifo_file { getattr read write append ioctl lock };
allow system_cronjob_t $1:process sigchld;
services,cron.if,cron_use_system_job_fds'
allow $1 system_cronjob_t:fd use;
services,cron.if,cron_write_system_job_pipes'
allow $1 system_cronjob_t:file write;
services,cron.if,cron_rw_system_job_pipes'
allow $1 system_cronjob_t:fifo_file { getattr read write append ioctl lock };
services,cron.if,cron_read_system_job_tmp_files'
allow $1 tmp_t:dir { getattr search };
allow $1 system_cronjob_tmp_t:file { getattr read lock ioctl };
services,cron.if,cron_dontaudit_append_system_job_tmp_files'
services,cups.if,cups_domtrans'
allow $1 cupsd_exec_t:file { getattr read execute };
allow $1 cupsd_t:process transition;
allow cupsd_t $1:fd use;
allow cupsd_t $1:fifo_file { getattr read write append ioctl lock };
allow cupsd_t $1:process sigchld;
services,cups.if,cups_stream_connect'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 cupsd_var_run_t:dir { getattr search };
allow $1 cupsd_var_run_t:sock_file { getattr write };
allow $1 cupsd_t:unix_stream_socket connectto;
services,cups.if,cups_tcp_connect'
services,cups.if,cups_dbus_chat'
allow $1 cupsd_t:dbus send_msg;
allow cupsd_t $1:dbus send_msg;
services,cups.if,cups_read_pid_files'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 cupsd_var_run_t:file { getattr read lock ioctl };
services,cups.if,cups_domtrans_config'
allow $1 cupsd_config_exec_t:file { getattr read execute };
allow $1 cupsd_config_t:process transition;
allow cupsd_config_t $1:fd use;
allow cupsd_config_t $1:fifo_file { getattr read write append ioctl lock };
allow cupsd_config_t $1:process sigchld;
services,cups.if,cups_signal_config'
allow $1 cupsd_config_t:process signal;
services,cups.if,cups_dbus_chat_config'
allow $1 cupsd_config_t:dbus send_msg;
allow cupsd_config_t $1:dbus send_msg;
services,cups.if,cups_read_config'
allow $1 etc_t:dir { getattr search };
allow $1 cupsd_etc_t:dir { getattr search };
allow $1 cupsd_etc_t:file { getattr read lock ioctl };
allow $1 cupsd_etc_t:dir { getattr search };
allow $1 cupsd_rw_etc_t:file { getattr read lock ioctl };
services,cups.if,cups_read_rw_config'
allow $1 etc_t:dir { getattr search };
allow $1 cupsd_etc_t:dir { getattr search };
allow $1 cupsd_rw_etc_t:file { getattr read lock ioctl };
services,cups.if,cups_read_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 cupsd_log_t:file { getattr read lock ioctl };
services,cups.if,cups_write_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 cupsd_log_t:file { getattr write append lock ioctl };
services,cups.if,cups_stream_connect_ptal'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 ptal_var_run_t:dir { getattr search };
allow $1 ptal_var_run_t:sock_file { getattr write };
allow $1 ptal_t:unix_stream_socket connectto;
services,cvs.if,cvs_read_data'
allow $1 cvs_data_t:file { getattr read };
services,cvs.if,cvs_exec'
allow $1 cvs_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
services,cvs.if,cvs_admin'
allow $1 cvs_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 cvs_t:dir { search getattr read };
allow $1 cvs_t:{ file lnk_file } { read getattr };
allow $1 cvs_t:process getattr;
allow $1 cvs_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 tmp_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,cyphesis.if,cyphesis_domtrans'
allow $1 cyphesis_exec_t:file { getattr read execute };
allow $1 cyphesis_t:process transition;
allow cyphesis_t $1:fd use;
allow cyphesis_t $1:fifo_file { getattr read write append ioctl lock };
allow cyphesis_t $1:process sigchld;
services,cyrus.if,cyrus_manage_data'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 cyrus_var_lib_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 cyrus_var_lib_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
services,cyrus.if,cyrus_stream_connect'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 cyrus_var_lib_t:dir { getattr search };
allow $1 cyrus_var_lib_t:sock_file { getattr write };
allow $1 cyrus_t:unix_stream_socket connectto;
services,cyrus.if,cyrus_admin'
allow $1 cyrus_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 cyrus_t:dir { search getattr read };
allow $1 cyrus_t:{ file lnk_file } { read getattr };
allow $1 cyrus_t:process getattr;
allow $1 cyrus_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 tmp_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,dbus.if,dbus_stub'
allow $1_dbusd_t dbusd_exec_t:file entrypoint;
allow $1_dbusd_t dbusd_exec_t:file { { getattr read execute ioctl } ioctl lock };
allow $1_dbusd_t default_t:dir { getattr search read lock ioctl };
allow $1_dbusd_t default_t:file { getattr read lock ioctl };
allow $1_dbusd_t default_t:lnk_file { getattr read };
allow $1_dbusd_t default_t:sock_file { getattr read };
allow $1_dbusd_t default_t:fifo_file { getattr read lock ioctl };
services,dbus.if,dbus_system_bus_client'
allow $1 { system_dbusd_t self }:dbus send_msg;
allow $1 system_dbusd_var_lib_t:dir { getattr search };
allow $1 system_dbusd_var_lib_t:file { getattr read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 system_dbusd_var_run_t:dir { getattr search };
allow $1 system_dbusd_var_run_t:sock_file { getattr write };
allow $1 system_dbusd_t:unix_stream_socket connectto;
services,dbus.if,dbus_session_bus_client'
allow $1 { session_bus_type self }:dbus send_msg;
allow $1 session_bus_type:unix_stream_socket connectto;
services,dbus.if,dbus_send_session_bus'
allow $1 session_bus_type:dbus send_msg;
services,dbus.if,dbus_read_config'
allow $1 dbusd_etc_t:dir { getattr search read lock ioctl };
allow $1 dbusd_etc_t:file { getattr read lock ioctl };
services,dbus.if,dbus_connect_system_bus'
allow $1 system_dbusd_t:dbus acquire_svc;
services,dbus.if,dbus_send_system_bus'
allow $1 system_dbusd_t:dbus send_msg;
services,dbus.if,dbus_system_bus_unconfined'
allow $1 system_dbusd_t:dbus *;
services,dcc.if,dcc_domtrans_cdcc'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 cdcc_exec_t:file { getattr read execute };
allow $1 cdcc_t:process transition;
allow cdcc_t $1:fd use;
allow cdcc_t $1:fifo_file { getattr read write append ioctl lock };
allow cdcc_t $1:process sigchld;
services,dcc.if,dcc_run_cdcc'
services,dcc.if,dcc_domtrans_client'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 dcc_client_exec_t:file { getattr read execute };
allow $1 dcc_client_t:process transition;
allow dcc_client_t $1:fd use;
allow dcc_client_t $1:fifo_file { getattr read write append ioctl lock };
allow dcc_client_t $1:process sigchld;
services,dcc.if,dcc_signal_client'
allow $1 dcc_client_t:process signal;
services,dcc.if,dcc_run_client'
services,dcc.if,dcc_domtrans_dbclean'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 dcc_dbclean_exec_t:file { getattr read execute };
allow $1 dcc_dbclean_t:process transition;
allow dcc_dbclean_t $1:fd use;
allow dcc_dbclean_t $1:fifo_file { getattr read write append ioctl lock };
allow dcc_dbclean_t $1:process sigchld;
services,dcc.if,dcc_run_dbclean'
services,dcc.if,dcc_stream_connect_dccifd'
allow $1 var_t:dir { getattr search };
allow $1 dcc_var_t:dir { getattr search };
allow $1 dccifd_var_run_t:sock_file { getattr write };
allow $1 dccifd_t:unix_stream_socket connectto;
services,ddclient.if,ddclient_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 ddclient_exec_t:file { getattr read execute };
allow $1 ddclient_t:process transition;
allow ddclient_t $1:fd use;
allow ddclient_t $1:fifo_file { getattr read write append ioctl lock };
allow ddclient_t $1:process sigchld;
services,ddclient.if,ddclient_admin'
allow $1 ddclient_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 ddclient_t:dir { search getattr read };
allow $1 ddclient_t:{ file lnk_file } { read getattr };
allow $1 ddclient_t:process getattr;
allow $1 ddclient_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,dhcp.if,dhcpd_setattr_state_files'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 dhcp_state_t:dir { getattr search };
allow $1 dhcpd_state_t:file setattr;
services,dhcp.if,dhcpd_admin'
allow $1 dhcpd_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 dhcpd_t:dir { search getattr read };
allow $1 dhcpd_t:{ file lnk_file } { read getattr };
allow $1 dhcpd_t:process getattr;
allow $1 dhcpd_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 tmp_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,dictd.if,dictd_tcp_connect'
services,dictd.if,dictd_admin'
allow $1 dictd_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 dictd_t:dir { search getattr read };
allow $1 dictd_t:{ file lnk_file } { read getattr };
allow $1 dictd_t:process getattr;
allow $1 dictd_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
allow djbdns_$1_t djbdns_$1_exec_t:file entrypoint;
allow djbdns_$1_t djbdns_$1_exec_t:file { { getattr read execute ioctl } ioctl lock };
services,dnsmasq.if,dnsmasq_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 dnsmasq_exec_t:file { getattr read execute };
allow $1 dnsmasq_t:process transition;
allow dnsmasq_t $1:fd use;
allow dnsmasq_t $1:fifo_file { getattr read write append ioctl lock };
allow dnsmasq_t $1:process sigchld;
services,dnsmasq.if,dnsmasq_signal'
allow $1 dnsmasq_t:process signal;
services,dnsmasq.if,dnsmasq_kill'
allow $1 dnsmasq_t:process sigkill;
services,dnsmasq.if,dnsmasq_admin'
allow $1 dnsmasq_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 dnsmasq_t:dir { search getattr read };
allow $1 dnsmasq_t:{ file lnk_file } { read getattr };
allow $1 dnsmasq_t:process getattr;
allow $1 dnsmasq_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,dovecot.if,dovecot_manage_spool'
allow $1 dovecot_spool_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 dovecot_spool_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 dovecot_spool_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 dovecot_spool_t:lnk_file { create read getattr setattr unlink rename };
services,dovecot.if,dovecot_dontaudit_unlink_lib_files'
services,exim.if,exim_domtrans'
allow $1 exim_exec_t:file { getattr read execute };
allow $1 exim_t:process transition;
allow exim_t $1:fd use;
allow exim_t $1:fifo_file { getattr read write append ioctl lock };
allow exim_t $1:process sigchld;
services,exim.if,exim_dontaudit_read_tmp_files'
services,exim.if,exim_read_tmp_files'
allow $1 exim_tmp_t:file { getattr read lock ioctl };
allow $1 tmp_t:dir { getattr search };
services,exim.if,exim_read_pid_files'
allow $1 exim_var_run_t:file { getattr read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
services,exim.if,exim_read_log'
allow $1 exim_log_t:dir { getattr search };
allow $1 exim_log_t:file { getattr read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
services,exim.if,exim_append_log'
allow $1 exim_log_t:dir { getattr search };
allow $1 exim_log_t:file { getattr append lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
services,exim.if,exim_read_spool_files'
allow $1 exim_spool_t:file { getattr read lock ioctl };
allow $1 exim_spool_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search };
services,exim.if,exim_manage_spool_files'
allow $1 exim_spool_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 exim_spool_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search };
services,fail2ban.if,fail2ban_domtrans'
allow $1 fail2ban_exec_t:file { getattr read execute };
allow $1 fail2ban_t:process transition;
allow fail2ban_t $1:fd use;
allow fail2ban_t $1:fifo_file { getattr read write append ioctl lock };
allow fail2ban_t $1:process sigchld;
services,fail2ban.if,fail2ban_read_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 fail2ban_log_t:dir { getattr search read lock ioctl };
allow $1 fail2ban_log_t:file { getattr read lock ioctl };
services,fail2ban.if,fail2ban_append_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 fail2ban_log_t:dir { getattr search read lock ioctl };
allow $1 fail2ban_log_t:file { getattr append lock ioctl };
services,fail2ban.if,fail2ban_read_pid_files'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 fail2ban_var_run_t:file { getattr read lock ioctl };
services,fail2ban.if,fail2ban_admin'
allow $1 fail2ban_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 fail2ban_t:dir { search getattr read };
allow $1 fail2ban_t:{ file lnk_file } { read getattr };
allow $1 fail2ban_t:process getattr;
allow $1 rbcbind_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,fetchmail.if,fetchmail_admin'
allow $1 fetchmail_t:dir { search getattr read };
allow $1 fetchmail_t:{ file lnk_file } { read getattr };
allow $1 fetchmail_t:process getattr;
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,finger.if,finger_domtrans'
allow $1 fingerd_exec_t:file { getattr read execute };
allow $1 fingerd_t:process transition;
allow fingerd_t $1:fd use;
allow fingerd_t $1:fifo_file { getattr read write append ioctl lock };
allow fingerd_t $1:process sigchld;
services,finger.if,finger_tcp_connect'
services,ftp.if,ftp_tcp_connect'
services,ftp.if,ftp_read_config'
allow $1 etc_t:dir { getattr search };
allow $1 ftpd_etc_t:file { getattr read lock ioctl };
services,ftp.if,ftp_check_exec'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 ftpd_exec_t:file { getattr execute };
services,ftp.if,ftp_read_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 xferlog_t:file { getattr read lock ioctl };
services,ftp.if,ftp_domtrans_ftpdctl'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 ftpdctl_exec_t:file { getattr read execute };
allow $1 ftpdctl_t:process transition;
allow ftpdctl_t $1:fd use;
allow ftpdctl_t $1:fifo_file { getattr read write append ioctl lock };
allow ftpdctl_t $1:process sigchld;
services,ftp.if,ftp_run_ftpdctl'
services,ftp.if,ftp_admin'
allow $1 ftpd_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 ftpd_t:dir { search getattr read };
allow $1 ftpd_t:{ file lnk_file } { read getattr };
allow $1 ftpd_t:process getattr;
allow $1 ftpd_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 ftpdctl_t:dir { search getattr read };
allow $1 ftpdctl_t:{ file lnk_file } { read getattr };
allow $1 ftpdctl_t:process getattr;
allow $1 public_content_rw_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 public_content_rw_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 public_content_rw_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 public_content_rw_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 public_content_rw_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 public_content_rw_t:lnk_file { create read getattr setattr unlink rename };
allow $1 tmp_t:dir { getattr search read lock ioctl };
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
services,gpm.if,gpm_stream_connect'
allow $1 gpmctl_t:sock_file { getattr write };
allow $1 gpm_t:unix_stream_socket connectto;
services,gpm.if,gpm_getattr_gpmctl'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 gpmctl_t:sock_file getattr;
services,gpm.if,gpm_dontaudit_getattr_gpmctl'
services,gpm.if,gpm_setattr_gpmctl'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 gpmctl_t:sock_file setattr;
services,hal.if,hal_domtrans'
allow $1 hald_exec_t:file { getattr read execute };
allow $1 hald_t:process transition;
allow hald_t $1:fd use;
allow hald_t $1:fifo_file { getattr read write append ioctl lock };
allow hald_t $1:process sigchld;
services,hal.if,hal_getattr'
allow $1 hald_t:process getattr;
services,hal.if,hal_read_state'
allow $1 hald_t:dir { getattr search read lock ioctl };
allow $1 hald_t:dir { getattr search };
allow $1 hald_t:file { getattr read lock ioctl };
allow $1 hald_t:dir { getattr search };
allow $1 hald_t:lnk_file { getattr read };
services,hal.if,hal_ptrace'
allow $1 hald_t:process ptrace;
services,hal.if,hal_use_fds'
allow $1 hald_t:fd use;
services,hal.if,hal_dontaudit_use_fds'
services,hal.if,hal_rw_pipes'
allow $1 hald_t:fifo_file { getattr read write append ioctl lock };
services,hal.if,hal_dontaudit_rw_pipes'
services,hal.if,hal_dgram_send'
allow $1 hald_t:unix_dgram_socket sendto;
services,hal.if,hal_stream_connect'
allow $1 hald_t:unix_stream_socket connectto;
services,hal.if,hal_dbus_send'
allow $1 hald_t:dbus send_msg;
services,hal.if,hal_dbus_chat'
allow $1 hald_t:dbus send_msg;
allow hald_t $1:dbus send_msg;
services,hal.if,hal_write_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 hald_log_t:file { getattr write append lock ioctl };
services,hal.if,hal_dontaudit_write_log'
services,hal.if,hal_read_tmp_files'
allow $1 hald_tmp_t:file { getattr read lock ioctl };
services,hal.if,hal_dontaudit_append_lib_files'
services,hal.if,hal_read_pid_files'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 hald_var_run_t:file { getattr read lock ioctl };
services,hal.if,hal_rw_pid_files'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 hald_var_run_t:file { getattr read write append ioctl lock };
services,howl.if,howl_signal'
allow $1 howl_t:process signal;
services,i18n_input.if,i18n_use'
services,inetd.if,inetd_core_service_domain'
allow $1 $2:file entrypoint;
allow $1 $2:file { { getattr read execute ioctl } ioctl lock };
allow inetd_t $2:file { getattr read execute };
allow inetd_t $1:process transition;
allow $1 inetd_t:fd use;
allow $1 inetd_t:fifo_file { getattr read write append ioctl lock };
allow $1 inetd_t:process sigchld;
allow inetd_t $1:process sigkill;
services,inetd.if,inetd_tcp_service_domain'
allow $1 inetd_t:tcp_socket { { ioctl read getattr write setattr append bind connect getopt setopt shutdown } listen accept };
services,inetd.if,inetd_udp_service_domain'
allow $1 inetd_t:udp_socket { ioctl read getattr write setattr append bind connect getopt setopt shutdown };
services,inetd.if,inetd_service_domain'
allow $1 inetd_t:tcp_socket { { ioctl read getattr write setattr append bind connect getopt setopt shutdown } listen accept };
allow $1 inetd_t:udp_socket { ioctl read getattr write setattr append bind connect getopt setopt shutdown };
services,inetd.if,inetd_use_fds'
allow $1 inetd_t:fd use;
services,inetd.if,inetd_tcp_connect'
services,inetd.if,inetd_domtrans_child'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 inetd_child_exec_t:file { getattr read execute };
allow $1 inetd_child_t:process transition;
allow inetd_child_t $1:fd use;
allow inetd_child_t $1:fifo_file { getattr read write append ioctl lock };
allow inetd_child_t $1:process sigchld;
services,inetd.if,inetd_udp_send'
services,inetd.if,inetd_rw_tcp_sockets'
allow $1 inetd_t:tcp_socket { { ioctl read getattr write setattr append bind connect getopt setopt shutdown } listen accept };
services,inn.if,inn_exec'
allow $1 innd_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
services,inn.if,inn_exec_config'
allow $1 innd_etc_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
services,inn.if,inn_manage_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 innd_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 innd_log_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
services,inn.if,inn_manage_pid'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 innd_var_run_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 innd_var_run_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 innd_var_run_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 innd_var_run_t:lnk_file { create read getattr setattr unlink rename };
services,inn.if,inn_read_config'
allow $1 innd_etc_t:dir { getattr search read lock ioctl };
allow $1 innd_etc_t:file { getattr read lock ioctl };
allow $1 innd_etc_t:lnk_file { getattr read };
services,inn.if,inn_read_news_lib'
allow $1 innd_var_lib_t:dir { getattr search read lock ioctl };
allow $1 innd_var_lib_t:file { getattr read lock ioctl };
allow $1 innd_var_lib_t:lnk_file { getattr read };
services,inn.if,inn_read_news_spool'
allow $1 news_spool_t:dir { getattr search read lock ioctl };
allow $1 news_spool_t:file { getattr read lock ioctl };
allow $1 news_spool_t:lnk_file { getattr read };
services,inn.if,inn_dgram_send'
allow $1 innd_t:unix_dgram_socket sendto;
services,inn.if,inn_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 innd_exec_t:file { getattr read execute };
allow $1 innd_t:process transition;
allow innd_t $1:fd use;
allow innd_t $1:fifo_file { getattr read write append ioctl lock };
allow innd_t $1:process sigchld;
services,inn.if,inn_admin'
allow $1 innd_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 innd_t:dir { search getattr read };
allow $1 innd_t:{ file lnk_file } { read getattr };
allow $1 innd_t:process getattr;
allow $1 innd_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search read lock ioctl };
services,jabber.if,jabber_tcp_connect'
services,jabber.if,jabber_admin'
allow $1 jabberd_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 jabberd_t:dir { search getattr read };
allow $1 jabberd_t:{ file lnk_file } { read getattr };
allow $1 jabberd_t:process getattr;
allow $1 jabberd_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,kerberos.if,kerberos_exec_kadmind'
allow $1 kadmind_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
services,kerberos.if,kerberos_domtrans_kpropd'
allow $1 kpropd_exec_t:file { getattr read execute };
allow $1 kpropd_t:process transition;
allow kpropd_t $1:fd use;
allow kpropd_t $1:fifo_file { getattr read write append ioctl lock };
allow kpropd_t $1:process sigchld;
services,kerberos.if,kerberos_use'
allow $1 etc_t:dir { getattr search };
allow $1 krb5_conf_t:file { getattr read lock ioctl };
allow $1 self:tcp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 self:udp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 unlabeled_t:tcp_socket recvfrom;
allow $1 unlabeled_t:udp_socket recvfrom;
allow $1 unlabeled_t:rawip_socket recvfrom;
allow $1 unlabeled_t:peer recv;
allow $1 unlabeled_t:association { sendto recvfrom };
allow $1 unlabeled_t:packet { send recv };
allow $1 netlabel_peer_t:peer recv;
allow $1 netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow $1 netif_type:netif { tcp_send tcp_recv egress ingress };
allow $1 netif_type:netif { udp_send egress };
allow $1 netif_type:netif { udp_recv ingress };
allow $1 node_type:node { tcp_send tcp_recv sendto recvfrom };
allow $1 node_type:node { udp_send sendto };
allow $1 node_type:node { udp_recv recvfrom };
allow $1 kerberos_port_t:tcp_socket { send_msg recv_msg };
allow $1 kerberos_port_t:udp_socket send_msg;
allow $1 kerberos_port_t:udp_socket recv_msg;
allow $1 node_type:tcp_socket node_bind;
allow $1 node_type:udp_socket node_bind;
allow $1 kerberos_port_t:tcp_socket name_connect;
allow $1 ocsp_port_t:tcp_socket name_connect;
allow $1 kerberos_client_packet_t:packet send;
allow $1 kerberos_client_packet_t:packet recv;
allow $1 ocsp_client_packet_t:packet send;
allow $1 ocsp_client_packet_t:packet recv;
services,kerberos.if,# tunable_policy(`allow_kerberos'
services,kerberos.if,kerberos_read_config'
allow $1 etc_t:dir { getattr search };
allow $1 krb5_conf_t:file { getattr read lock ioctl };
services,kerberos.if,kerberos_dontaudit_write_config'
services,kerberos.if,kerberos_rw_config'
allow $1 etc_t:dir { getattr search };
allow $1 krb5_conf_t:file { getattr read write append ioctl lock };
services,kerberos.if,kerberos_read_keytab'
allow $1 etc_t:dir { getattr search };
allow $1 krb5_keytab_t:file { getattr read lock ioctl };
allow $2 $1_keytab_t:file { getattr read lock ioctl };
services,kerberos.if,kerberos_read_kdc_config'
allow $1 etc_t:dir { getattr search };
allow $1 krb5kdc_conf_t:dir { getattr search };
allow $1 krb5kdc_conf_t:file { getattr read lock ioctl };
services,kerberos.if,kerberos_manage_host_rcache'
allow $1 self:process setfscreate;
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read write append ioctl lock };
allow $1 security_t:security check_context;
allow $1 etc_t:dir { getattr search };
allow $1 { selinux_config_t default_context_t }:dir { getattr search };
allow $1 file_context_t:dir { getattr search };
allow $1 file_context_t:file { getattr read lock ioctl };
allow $1 krb5_host_rcache_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 tmp_t:dir { getattr search };
services,kerberos.if,kerberos_connect_524'
allow $1 self:udp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 unlabeled_t:tcp_socket recvfrom;
allow $1 unlabeled_t:udp_socket recvfrom;
allow $1 unlabeled_t:rawip_socket recvfrom;
allow $1 unlabeled_t:peer recv;
allow $1 unlabeled_t:association { sendto recvfrom };
allow $1 unlabeled_t:packet { send recv };
allow $1 netif_t:netif { udp_send egress };
allow $1 netif_t:netif { udp_recv ingress };
allow $1 node_type:node { udp_send sendto };
allow $1 node_type:node { udp_recv recvfrom };
allow $1 kerberos_master_port_t:udp_socket send_msg;
allow $1 kerberos_master_port_t:udp_socket recv_msg;
allow $1 kerberos_master_client_packet_t:packet send;
allow $1 kerberos_master_client_packet_t:packet recv;
services,kerberos.if,kerberos_admin'
allow $1 kadmind_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 kadmind_t:dir { search getattr read };
allow $1 kadmind_t:{ file lnk_file } { read getattr };
allow $1 kadmind_t:process getattr;
allow $1 krb5kdc_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 krb5kdc_t:dir { search getattr read };
allow $1 krb5kdc_t:{ file lnk_file } { read getattr };
allow $1 krb5kdc_t:process getattr;
allow $1 kpropd_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 kpropd_t:dir { search getattr read };
allow $1 kpropd_t:{ file lnk_file } { read getattr };
allow $1 kpropd_t:process getattr;
allow $1 kerberos_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
allow $1 tmp_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,kerneloops.if,kerneloops_domtrans'
allow $1 kerneloops_exec_t:file { getattr read execute };
allow $1 kerneloops_t:process transition;
allow kerneloops_t $1:fd use;
allow kerneloops_t $1:fifo_file { getattr read write append ioctl lock };
allow kerneloops_t $1:process sigchld;
services,kerneloops.if,kerneloops_dbus_chat'
allow $1 kerneloops_t:dbus send_msg;
allow kerneloops_t $1:dbus send_msg;
services,kerneloops.if,kerneloops_dontaudit_dbus_chat'
services,kerneloops.if,kerneloops_admin'
allow $1 kerneloops_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 kerneloops_t:dir { search getattr read };
allow $1 kerneloops_t:{ file lnk_file } { read getattr };
allow $1 kerneloops_t:process getattr;
allow $1 kerneloops_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
services,ldap.if,ldap_list_db'
allow $1 slapd_db_t:dir { getattr search read lock ioctl };
services,ldap.if,ldap_read_config'
allow $1 etc_t:dir { getattr search };
allow $1 slapd_etc_t:file { getattr read lock ioctl };
services,ldap.if,ldap_use'
services,ldap.if,ldap_stream_connect'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 slapd_var_run_t:sock_file write;
allow $1 slapd_t:unix_stream_socket connectto;
services,ldap.if,ldap_admin'
allow $1 slapd_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 slapd_t:dir { search getattr read };
allow $1 slapd_t:{ file lnk_file } { read getattr };
allow $1 slapd_t:process getattr;
allow $1 slapd_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 tmp_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,lpd.if,lpd_role'
allow $2 lpr_exec_t:file { getattr read execute };
allow $2 lpr_t:process transition;
allow lpr_t $2:fd use;
allow lpr_t $2:fifo_file { getattr read write append ioctl lock };
allow lpr_t $2:process sigchld;
allow $2 lpr_t:dir { search getattr read };
allow $2 lpr_t:{ file lnk_file } { read getattr };
allow $2 lpr_t:process getattr;
allow $2 lpr_t:process signull;
services,lpd.if,lpd_domtrans_checkpc'
allow $1 checkpc_exec_t:file { getattr read execute };
allow $1 checkpc_t:process transition;
allow checkpc_t $1:fd use;
allow checkpc_t $1:fifo_file { getattr read write append ioctl lock };
allow checkpc_t $1:process sigchld;
services,lpd.if,lpd_run_checkpc'
services,lpd.if,lpd_list_spool'
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search };
allow $1 print_spool_t:dir { getattr search read lock ioctl };
services,lpd.if,lpd_read_spool'
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search };
allow $1 print_spool_t:dir { getattr search };
allow $1 print_spool_t:file { getattr read lock ioctl };
services,lpd.if,lpd_manage_spool'
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search };
allow $1 print_spool_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 print_spool_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 print_spool_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 print_spool_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
services,lpd.if,lpd_relabel_spool'
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search };
allow $1 print_spool_t:file { relabelto relabelfrom };
services,lpd.if,lpd_read_config'
allow $1 printconf_t:dir { getattr search read lock ioctl };
allow $1 printconf_t:dir { getattr search };
allow $1 printconf_t:file { getattr read lock ioctl };
allow $1 lpr_exec_t:file { getattr read execute };
allow $1 lpr_t:process transition;
allow lpr_t $1:fd use;
allow lpr_t $1:fifo_file { getattr read write append ioctl lock };
allow lpr_t $1:process sigchld;
allow $1 lpr_exec_t:file { getattr read execute };
allow $1 lpr_t:process transition;
allow lpr_t $1:fd use;
allow lpr_t $1:fifo_file { getattr read write append ioctl lock };
allow lpr_t $1:process sigchld;
allow $1 lpr_exec_t:file { getattr read execute };
allow $1 lpr_t:process transition;
allow lpr_t $1:fd use;
allow lpr_t $1:fifo_file { getattr read write append ioctl lock };
allow lpr_t $1:process sigchld;
allow $1 lpr_exec_t:file { getattr read execute };
allow $1 lpr_t:process transition;
allow lpr_t $1:fd use;
allow lpr_t $1:fifo_file { getattr read write append ioctl lock };
allow lpr_t $1:process sigchld;
services,lpd.if,lpd_exec_lpr'
allow $1 lpr_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow mailman_$1_t self:{ unix_stream_socket unix_dgram_socket } { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow mailman_$1_t self:tcp_socket { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } listen accept };
allow mailman_$1_t self:udp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow mailman_$1_t mailman_data_t:dir { read getattr lock search ioctl add_name remove_name write };
allow mailman_$1_t mailman_data_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow mailman_$1_t mailman_data_t:dir { read getattr lock search ioctl add_name remove_name write };
allow mailman_$1_t mailman_data_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow mailman_$1_t mailman_data_t:dir { read getattr lock search ioctl add_name remove_name write };
allow mailman_$1_t mailman_data_t:lnk_file { create read getattr setattr unlink rename };
allow mailman_$1_t mailman_lock_t:dir { read getattr lock search ioctl add_name remove_name write };
allow mailman_$1_t mailman_lock_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow mailman_$1_t mailman_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow mailman_$1_t mailman_log_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow mailman_$1_t mailman_$1_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow mailman_$1_t mailman_$1_tmp_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow mailman_$1_t mailman_$1_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow mailman_$1_t mailman_$1_tmp_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
services,mailman.if,mailman_domtrans'
allow $1 mailman_mail_exec_t:file { getattr read execute };
allow $1 mailman_mail_t:process transition;
allow mailman_mail_t $1:fd use;
allow mailman_mail_t $1:fifo_file { getattr read write append ioctl lock };
allow mailman_mail_t $1:process sigchld;
services,mailman.if,mailman_domtrans_cgi'
allow $1 mailman_cgi_exec_t:file { getattr read execute };
allow $1 mailman_cgi_t:process transition;
allow mailman_cgi_t $1:fd use;
allow mailman_cgi_t $1:fifo_file { getattr read write append ioctl lock };
allow mailman_cgi_t $1:process sigchld;
services,mailman.if,mailman_exec'
allow $1 mailman_mail_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
services,mailman.if,mailman_signal_cgi'
allow $1 mailman_cgi_t:process signal;
services,mailman.if,mailman_search_data'
allow $1 mailman_data_t:dir { getattr search };
services,mailman.if,mailman_read_data_files'
allow $1 mailman_data_t:dir { getattr search };
allow $1 mailman_data_t:file { getattr read lock ioctl };
services,mailman.if,mailman_manage_data_files'
allow $1 mailman_data_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 mailman_data_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
services,mailman.if,mailman_list_data'
allow $1 mailman_data_t:dir { getattr search read lock ioctl };
services,mailman.if,mailman_read_data_symlinks'
allow $1 mailman_data_t:dir { getattr search };
allow $1 mailman_data_t:lnk_file { getattr read };
services,mailman.if,mailman_append_log'
allow $1 mailman_log_t:dir { getattr search };
allow $1 mailman_log_t:file { getattr append lock ioctl };
services,mailman.if,mailman_manage_log'
allow $1 mailman_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 mailman_log_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 mailman_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 mailman_log_t:lnk_file { create read getattr setattr unlink rename };
services,mailman.if,mailman_read_archive'
allow $1 mailman_archive_t:dir { getattr search read lock ioctl };
allow $1 mailman_archive_t:dir { getattr search };
allow $1 mailman_archive_t:file { getattr read lock ioctl };
allow $1 mailman_archive_t:dir { getattr search };
allow $1 mailman_archive_t:lnk_file { getattr read };
services,mailman.if,mailman_domtrans_queue'
allow $1 mailman_queue_exec_t:file { getattr read execute };
allow $1 mailman_queue_t:process transition;
allow mailman_queue_t $1:fd use;
allow mailman_queue_t $1:fifo_file { getattr read write append ioctl lock };
allow mailman_queue_t $1:process sigchld;
services,memcached.if,memcached_domtrans'
allow $1 memcached_exec_t:file { getattr read execute };
allow $1 memcached_t:process transition;
allow memcached_t $1:fd use;
allow memcached_t $1:fifo_file { getattr read write append ioctl lock };
allow memcached_t $1:process sigchld;
services,memcached.if,memcached_read_pid_files'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 memcached_var_run_t:file { getattr read lock ioctl };
services,memcached.if,memcached_admin'
allow $1 memcached_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 memcached_t:dir { search getattr read };
allow $1 memcached_t:{ file lnk_file } { read getattr };
allow $1 memcached_t:process getattr;
allow $1 memcached_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1_milter_t $1_milter_exec_t:file entrypoint;
allow $1_milter_t $1_milter_exec_t:file { { getattr read execute ioctl } ioctl lock };
services,milter.if,milter_stream_connect_all'
allow $1 milter_data_type:dir { getattr search };
allow $1 milter_data_type:dir { getattr };
allow $1 milter_data_type:dir { getattr search };
allow $1 milter_data_type:sock_file { getattr write };
allow $1 milter_domains:unix_stream_socket connectto;
services,milter.if,milter_getattr_all_sockets'
allow $1 milter_data_type:dir { getattr search };
allow $1 milter_data_type:dir { getattr };
allow $1 milter_data_type:dir { getattr search };
allow $1 milter_data_type:sock_file { getattr };
services,mta.if,mta_stub'
services,mta.if,mta_role'
allow $2 sendmail_exec_t:file { getattr read execute };
allow $2 user_mail_t:process transition;
allow user_mail_t $2:fd use;
allow user_mail_t $2:fifo_file { getattr read write append ioctl lock };
allow user_mail_t $2:process sigchld;
allow $2 sendmail_exec_t:lnk_file { getattr read };
allow mta_user_agent $2:fd use;
allow mta_user_agent $2:process sigchld;
allow mta_user_agent $2:fifo_file { read write };
services,mta.if,mta_mailserver'
allow $1 $2:file entrypoint;
allow $1 $2:file { { getattr read execute ioctl } ioctl lock };
allow initrc_t $2:file { getattr read execute };
allow initrc_t $1:process transition;
allow $1 initrc_t:fd use;
allow $1 initrc_t:fifo_file { getattr read write append ioctl lock };
allow $1 initrc_t:process sigchld;
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 devpts_t:dir { getattr search read lock ioctl };
allow $1 initrc_devpts_t:chr_file { { getattr read write ioctl } lock append };
services,mta.if,mta_agent_executable'
services,mta.if,mta_system_content'
services,mta.if,mta_sendmail_mailserver'
allow $1 sendmail_exec_t:file entrypoint;
allow $1 sendmail_exec_t:file { { getattr read execute ioctl } ioctl lock };
allow initrc_t sendmail_exec_t:file { getattr read execute };
allow initrc_t $1:process transition;
allow $1 initrc_t:fd use;
allow $1 initrc_t:fifo_file { getattr read write append ioctl lock };
allow $1 initrc_t:process sigchld;
services,mta.if,mta_mailserver_sender'
services,mta.if,mta_mailserver_delivery'
allow $1 mail_spool_t:dir { getattr search read lock ioctl };
allow $1 mail_spool_t:dir { getattr search lock ioctl write add_name };
allow $1 mail_spool_t:file { getattr create open };
allow $1 mail_spool_t:dir { getattr search };
allow $1 mail_spool_t:file { getattr read lock ioctl };
allow $1 mail_spool_t:dir { getattr search lock ioctl write add_name };
allow $1 mail_spool_t:lnk_file { create getattr };
allow $1 mail_spool_t:dir { getattr search };
allow $1 mail_spool_t:lnk_file { getattr read };
services,mta.if,mta_mailserver_user_agent'
services,mta.if,mta_send_mail'
allow $1 mta_exec_type:lnk_file { getattr read };
allow $1 mta_exec_type:file { getattr read execute };
allow $1 system_mail_t:process transition;
allow system_mail_t $1:fd use;
allow system_mail_t $1:fifo_file { getattr read write append ioctl lock };
allow system_mail_t $1:process sigchld;
allow mta_user_agent $1:fd use;
allow mta_user_agent $1:process sigchld;
allow mta_user_agent $1:fifo_file { read write };
services,mta.if,mta_sendmail_domtrans'
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:lnk_file { getattr read };
allow $1 sendmail_exec_t:file { getattr read execute };
allow $1 $2:process transition;
services,mta.if,mta_sendmail_exec'
allow $1 sendmail_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
services,mta.if,mta_read_config'
allow $1 etc_t:dir { getattr search };
allow $1 etc_mail_t:dir { getattr search read lock ioctl };
allow $1 etc_mail_t:dir { getattr search };
allow $1 etc_mail_t:file { getattr read lock ioctl };
allow $1 etc_mail_t:dir { getattr search };
allow $1 etc_mail_t:lnk_file { getattr read };
services,mta.if,mta_read_aliases'
allow $1 etc_t:dir { getattr search };
allow $1 etc_aliases_t:file { getattr read lock ioctl };
services,mta.if,mta_manage_aliases'
allow $1 etc_t:dir { getattr search };
allow $1 etc_aliases_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 etc_aliases_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 etc_aliases_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 etc_aliases_t:lnk_file { create read getattr setattr unlink rename };
services,mta.if,mta_etc_filetrans_aliases'
allow $1 etc_t:dir { read getattr lock search ioctl add_name remove_name write };
services,mta.if,mta_rw_aliases'
allow $1 etc_t:dir { getattr search };
allow $1 etc_aliases_t:file { { getattr read write append ioctl lock } setattr };
services,mta.if,mta_dontaudit_rw_delivery_tcp_sockets'
services,mta.if,mta_tcp_connect_all_mailservers'
services,mta.if,mta_dontaudit_read_spool_symlinks'
services,mta.if,mta_getattr_spool'
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search };
allow $1 mail_spool_t:dir { getattr search read lock ioctl };
allow $1 mail_spool_t:lnk_file read;
allow $1 mail_spool_t:file getattr;
services,mta.if,mta_dontaudit_getattr_spool_files'
services,mta.if,mta_spool_filetrans'
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search };
allow $1 mail_spool_t:dir { read getattr lock search ioctl add_name remove_name write };
services,mta.if,mta_rw_spool'
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search };
allow $1 mail_spool_t:dir { getattr search read lock ioctl };
allow $1 mail_spool_t:file setattr;
allow $1 mail_spool_t:dir { getattr search };
allow $1 mail_spool_t:file { getattr read write append ioctl lock };
allow $1 mail_spool_t:dir { getattr search };
allow $1 mail_spool_t:lnk_file { getattr read };
services,mta.if,mta_append_spool'
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search };
allow $1 mail_spool_t:dir { getattr search read lock ioctl };
allow $1 mail_spool_t:dir { getattr search lock ioctl write add_name };
allow $1 mail_spool_t:file { getattr create open };
allow $1 mail_spool_t:dir { getattr search };
allow $1 mail_spool_t:file { getattr write append lock ioctl };
allow $1 mail_spool_t:dir { getattr search };
allow $1 mail_spool_t:lnk_file { getattr read };
services,mta.if,mta_delete_spool'
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search };
allow $1 mail_spool_t:dir { getattr search lock ioctl write remove_name };
allow $1 mail_spool_t:file { getattr unlink };
services,mta.if,mta_manage_spool'
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search };
allow $1 mail_spool_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 mail_spool_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 mail_spool_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 mail_spool_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 mail_spool_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 mail_spool_t:lnk_file { create read getattr setattr unlink rename };
services,mta.if,mta_search_queue'
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search };
allow $1 mqueue_spool_t:dir { getattr search };
services,mta.if,mta_read_queue'
allow $1 mqueue_spool_t:dir { getattr search };
allow $1 mqueue_spool_t:file { getattr read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search };
services,mta.if,mta_dontaudit_rw_queue'
services,mta.if,mta_manage_queue'
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search };
allow $1 mqueue_spool_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 mqueue_spool_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
services,mta.if,mta_read_sendmail_bin'
allow $1 sendmail_exec_t:file { getattr read lock ioctl };
services,mta.if,mta_rw_user_mail_stream_sockets'
allow $1 user_mail_domain:unix_stream_socket { ioctl read getattr write setattr append bind connect getopt setopt shutdown };
services,munin.if,munin_stream_connect'
allow $1 munin_t:unix_stream_socket connectto;
allow $1 munin_var_run_t:sock_file { getattr write };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
services,munin.if,munin_read_config'
allow $1 munin_etc_t:dir { getattr search read lock ioctl };
allow $1 munin_etc_t:file { getattr read lock ioctl };
allow $1 munin_etc_t:lnk_file { getattr read };
allow $1 etc_t:dir { getattr search };
services,munin.if,munin_search_lib'
allow $1 munin_var_lib_t:dir { getattr search };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
services,munin.if,munin_dontaudit_search_lib'
services,mysql.if,mysql_signal'
allow $1 mysqld_t:process signal;
services,mysql.if,mysql_tcp_connect'
allow { $1 mysqld_t } self:association sendto;
allow $1 mysqld_t:{ association tcp_socket } recvfrom;
allow mysqld_t $1:{ association tcp_socket } recvfrom;
allow $1 mysqld_t:peer recv;
allow mysqld_t $1:peer recv;
allow $1 netlabel_peer_t:peer recv;
allow $1 netlabel_peer_t:tcp_socket recvfrom;
allow mysqld_t netlabel_peer_t:peer recv;
allow mysqld_t netlabel_peer_t:tcp_socket recvfrom;
allow $1 mysqld_port_t:tcp_socket { send_msg recv_msg };
allow $1 mysqld_port_t:tcp_socket name_connect;
allow $1 mysqld_client_packet_t:packet send;
allow $1 mysqld_client_packet_t:packet recv;
services,mysql.if,mysql_stream_connect'
allow $1 mysqld_var_run_t:dir { getattr search };
allow $1 mysqld_var_run_t:sock_file { getattr write };
allow $1 mysqld_t:unix_stream_socket connectto;
allow $1 mysqld_db_t:dir { getattr search };
allow $1 mysqld_var_run_t:sock_file { getattr write };
allow $1 mysqld_t:unix_stream_socket connectto;
services,mysql.if,mysql_read_config'
allow $1 mysqld_etc_t:dir { getattr search read lock ioctl };
allow $1 mysqld_etc_t:file { getattr read lock ioctl };
allow $1 mysqld_etc_t:lnk_file { getattr read };
services,mysql.if,mysql_search_db'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 mysqld_db_t:dir { getattr search };
services,mysql.if,mysql_rw_db_dirs'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 mysqld_db_t:dir { read getattr lock search ioctl add_name remove_name write };
services,mysql.if,mysql_manage_db_dirs'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 mysqld_db_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
services,mysql.if,mysql_rw_db_sockets'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 mysqld_db_t:dir { getattr search };
allow $1 mysqld_db_t:sock_file { getattr read write append };
services,mysql.if,mysql_write_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 mysqld_log_t:file { { getattr write append lock ioctl } setattr };
services,mysql.if,mysql_admin'
allow $1 mysqld_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 mysqld_t:dir { search getattr read };
allow $1 mysqld_t:{ file lnk_file } { read getattr };
allow $1 mysqld_t:process getattr;
allow $1 mysqld_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
services,nagios.if,nagios_read_config'
allow $1 nagios_etc_t:dir { getattr search read lock ioctl };
allow $1 nagios_etc_t:file { getattr read lock ioctl };
allow $1 etc_t:dir { getattr search };
services,nagios.if,nagios_read_tmp_files'
allow $1 nagios_tmp_t:file { getattr read lock ioctl };
allow $1 tmp_t:dir { getattr search };
services,nagios.if,nagios_domtrans_cgi'
allow $1 nagios_cgi_exec_t:file { getattr read execute };
allow $1 nagios_cgi_t:process transition;
allow nagios_cgi_t $1:fd use;
allow nagios_cgi_t $1:fifo_file { getattr read write append ioctl lock };
allow nagios_cgi_t $1:process sigchld;
services,nagios.if,nagios_domtrans_nrpe'
allow $1 nrpe_exec_t:file { getattr read execute };
allow $1 nrpe_t:process transition;
allow nrpe_t $1:fd use;
allow nrpe_t $1:fifo_file { getattr read write append ioctl lock };
allow nrpe_t $1:process sigchld;
services,nessus.if,nessus_tcp_connect'
services,networkmanager.if,networkmanager_rw_udp_sockets'
allow $1 NetworkManager_t:udp_socket { read write };
services,networkmanager.if,networkmanager_rw_packet_sockets'
allow $1 NetworkManager_t:packet_socket { read write };
services,networkmanager.if,networkmanager_rw_routing_sockets'
allow $1 NetworkManager_t:netlink_route_socket { read write };
services,networkmanager.if,networkmanager_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 NetworkManager_exec_t:file { getattr read execute };
allow $1 NetworkManager_t:process transition;
allow NetworkManager_t $1:fd use;
allow NetworkManager_t $1:fifo_file { getattr read write append ioctl lock };
allow NetworkManager_t $1:process sigchld;
services,networkmanager.if,networkmanager_dbus_chat'
allow $1 NetworkManager_t:dbus send_msg;
allow NetworkManager_t $1:dbus send_msg;
services,networkmanager.if,networkmanager_signal'
allow $1 NetworkManager_t:process signal;
services,networkmanager.if,networkmanager_read_pid_files'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 NetworkManager_var_run_t:file { getattr read lock ioctl };
services,nis.if,nis_use_ypbind_uncond'
allow $1 self:tcp_socket { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } listen accept };
allow $1 self:udp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 var_yp_t:dir { getattr search read lock ioctl };
allow $1 var_yp_t:lnk_file { getattr read };
allow $1 var_yp_t:file { getattr read lock ioctl };
allow $1 unlabeled_t:tcp_socket recvfrom;
allow $1 unlabeled_t:udp_socket recvfrom;
allow $1 unlabeled_t:rawip_socket recvfrom;
allow $1 unlabeled_t:peer recv;
allow $1 unlabeled_t:association { sendto recvfrom };
allow $1 unlabeled_t:packet { send recv };
allow $1 netlabel_peer_t:peer recv;
allow $1 netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow $1 netif_type:netif { tcp_send tcp_recv egress ingress };
allow $1 netif_type:netif { udp_send egress };
allow $1 netif_type:netif { udp_recv ingress };
allow $1 node_type:node { tcp_send tcp_recv sendto recvfrom };
allow $1 node_type:node { udp_send sendto };
allow $1 node_type:node { udp_recv recvfrom };
allow $1 port_type:tcp_socket { send_msg recv_msg };
allow $1 port_type:udp_socket send_msg;
allow $1 port_type:udp_socket recv_msg;
allow $1 node_type:tcp_socket node_bind;
allow $1 node_type:udp_socket node_bind;
allow $1 port_t:tcp_socket name_bind;
allow $1 port_t:udp_socket name_bind;
allow $1 reserved_port_t:tcp_socket name_bind;
allow $1 self:capability net_bind_service;
allow $1 reserved_port_t:udp_socket name_bind;
allow $1 self:capability net_bind_service;
allow $1 portmap_port_t:tcp_socket name_connect;
allow $1 reserved_port_t:tcp_socket name_connect;
allow $1 port_t:tcp_socket name_connect;
allow $1 portmap_client_packet_t:packet send;
allow $1 portmap_client_packet_t:packet recv;
allow $1 client_packet_t:packet send;
allow $1 client_packet_t:packet recv;
allow $1 server_packet_t:packet send;
allow $1 server_packet_t:packet recv;
allow $1 etc_t:dir { getattr search };
allow $1 net_conf_t:file { getattr read lock ioctl };
services,nis.if,nis_use_ypbind'
services,nis.if,nis_domtrans_ypbind'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 ypbind_exec_t:file { getattr read execute };
allow $1 ypbind_t:process transition;
allow ypbind_t $1:fd use;
allow ypbind_t $1:fifo_file { getattr read write append ioctl lock };
allow ypbind_t $1:process sigchld;
services,nis.if,nis_signal_ypbind'
allow $1 ypbind_t:process signal;
services,nis.if,nis_list_var_yp'
allow $1 var_t:dir { getattr search };
allow $1 var_yp_t:dir { getattr search read lock ioctl };
services,nis.if,nis_udp_send_ypbind'
services,nis.if,nis_tcp_connect_ypbind'
services,nis.if,nis_read_ypbind_pid'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 ypbind_var_run_t:file { getattr read lock ioctl };
services,nis.if,nis_delete_ypbind_pid'
allow $1 ypbind_t:file unlink;
services,nis.if,nis_read_ypserv_config'
allow $1 etc_t:dir { getattr search };
allow $1 ypserv_conf_t:file { getattr read lock ioctl };
services,nis.if,nis_domtrans_ypxfr'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 ypxfr_exec_t:file { getattr read execute };
allow $1 ypxfr_t:process transition;
allow ypxfr_t $1:fd use;
allow ypxfr_t $1:fifo_file { getattr read write append ioctl lock };
allow ypxfr_t $1:process sigchld;
services,nscd.if,nscd_signal'
allow $1 nscd_t:process signal;
services,nscd.if,nscd_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 nscd_exec_t:file { getattr read execute };
allow $1 nscd_t:process transition;
allow nscd_t $1:fd use;
allow nscd_t $1:fifo_file { getattr read write append ioctl lock };
allow nscd_t $1:process sigchld;
services,nscd.if,nscd_exec'
allow $1 nscd_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
services,nscd.if,nscd_socket_use'
allow $1 self:unix_stream_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 nscd_t:nscd { getpwd getgrp gethost };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 nscd_var_run_t:dir { getattr search };
allow $1 nscd_var_run_t:sock_file { getattr write };
allow $1 nscd_t:unix_stream_socket connectto;
services,nscd.if,nscd_shm_use'
allow $1 nscd_var_run_t:dir { getattr search read lock ioctl };
allow $1 nscd_t:nscd { shmempwd shmemgrp shmemhost };
allow $1 nscd_t:fd use;
allow $1 self:unix_stream_socket { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } listen accept };
allow $1 nscd_t:unix_stream_socket connectto;
allow $1 nscd_var_run_t:sock_file { getattr read write append ioctl lock };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 nscd_t:nscd { getpwd getgrp gethost };
services,nscd.if,nscd_dontaudit_search_pid'
services,nscd.if,nscd_read_pid'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 nscd_var_run_t:dir { getattr search };
allow $1 nscd_var_run_t:file { getattr read lock ioctl };
services,nscd.if,nscd_unconfined'
allow $1 nscd_t:nscd *;
services,nscd.if,nscd_run'
services,nsd.if,nsd_udp_chat'
services,nsd.if,nsd_tcp_connect'
services,ntp.if,ntp_stub'
services,ntp.if,ntp_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 ntpd_exec_t:file { getattr read execute };
allow $1 ntpd_t:process transition;
allow ntpd_t $1:fd use;
allow ntpd_t $1:fifo_file { getattr read write append ioctl lock };
allow ntpd_t $1:process sigchld;
services,ntp.if,ntp_domtrans_ntpdate'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 ntpdate_exec_t:file { getattr read execute };
allow $1 ntpd_t:process transition;
allow ntpd_t $1:fd use;
allow ntpd_t $1:fifo_file { getattr read write append ioctl lock };
allow ntpd_t $1:process sigchld;
services,ntp.if,ntp_admin'
allow $1 ntpd_t:process { ptrace { sigchld sigkill sigstop signull signal } getattr };
allow $1 ntpd_t:dir { search getattr read };
allow $1 ntpd_t:{ file lnk_file } { read getattr };
allow $1 ntpd_t:process getattr;
allow $1 ntpd_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
allow $1 tmp_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,nx.if,nx_spec_domtrans_server'
allow $1 self:process setexec;
allow $1 nx_server_exec_t:file { getattr read execute };
allow $1 nx_server_t:process transition;
allow nx_server_t $1:fd use;
allow nx_server_t $1:fifo_file { getattr read write append ioctl lock };
allow nx_server_t $1:process sigchld;
services,oav.if,oav_domtrans_update'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 oav_update_exec_t:file { getattr read execute };
allow $1 oav_update_t:process transition;
allow oav_update_t $1:fd use;
allow oav_update_t $1:fifo_file { getattr read write append ioctl lock };
allow oav_update_t $1:process sigchld;
services,oav.if,oav_run_update'
services,oddjob.if,oddjob_domtrans'
allow $1 oddjob_exec_t:file { getattr read execute };
allow $1 oddjob_t:process transition;
allow oddjob_t $1:fd use;
allow oddjob_t $1:fifo_file { getattr read write append ioctl lock };
allow oddjob_t $1:process sigchld;
services,oddjob.if,oddjob_system_entry'
allow oddjob_t $2:file { getattr read execute };
allow oddjob_t $1:process transition;
allow $1 oddjob_t:fd use;
allow $1 oddjob_t:fifo_file { getattr read write append ioctl lock };
allow $1 oddjob_t:process sigchld;
services,oddjob.if,oddjob_dbus_chat'
allow $1 oddjob_t:dbus send_msg;
allow oddjob_t $1:dbus send_msg;
services,oddjob.if,oddjob_domtrans_mkhomedir'
allow $1 oddjob_mkhomedir_exec_t:file { getattr read execute };
allow $1 oddjob_mkhomedir_t:process transition;
allow oddjob_mkhomedir_t $1:fd use;
allow oddjob_mkhomedir_t $1:fifo_file { getattr read write append ioctl lock };
allow oddjob_mkhomedir_t $1:process sigchld;
allow $1 oidentd_home_t:file { getattr read lock ioctl };
allow $1 oidentd_home_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 oidentd_home_t:file { getattr relabelfrom relabelto };
services,openca.if,openca_domtrans'
allow $1 openca_ca_exec_t:file { getattr read execute };
allow $1 openca_ca_t:process transition;
allow openca_ca_t $1:fd use;
allow openca_ca_t $1:fifo_file { getattr read write append ioctl lock };
allow openca_ca_t $1:process sigchld;
allow $1 openca_usr_share_t:dir { getattr search };
allow $1 usr_t:dir { getattr search };
services,openca.if,openca_signal'
allow $1 openca_ca_t:process signal;
services,openca.if,openca_sigstop'
allow $1 openca_ca_t:process sigstop;
services,openca.if,openca_kill'
allow $1 openca_ca_t:process sigkill;
services,openct.if,openct_signull'
allow $1 openct_t:process signull;
services,openct.if,openct_exec'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 openct_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
services,openct.if,openct_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 openct_exec_t:file { getattr read execute };
allow $1 openct_t:process transition;
allow openct_t $1:fd use;
allow openct_t $1:fifo_file { getattr read write append ioctl lock };
allow openct_t $1:process sigchld;
services,openct.if,openct_read_pid_files'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 openct_var_run_t:dir { getattr search };
allow $1 openct_var_run_t:file { getattr read lock ioctl };
services,openct.if,openct_stream_connect'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 openct_var_run_t:dir { getattr search };
allow $1 openct_var_run_t:sock_file { getattr write };
allow $1 openct_t:unix_stream_socket connectto;
services,openvpn.if,openvpn_domtrans'
allow $1 openvpn_exec_t:file { getattr read execute };
allow $1 openvpn_t:process transition;
allow openvpn_t $1:fd use;
allow openvpn_t $1:fifo_file { getattr read write append ioctl lock };
allow openvpn_t $1:process sigchld;
services,openvpn.if,openvpn_run'
services,openvpn.if,openvpn_signal'
allow $1 openvpn_t:process signal;
services,openvpn.if,openvpn_read_config'
allow $1 etc_t:dir { getattr search };
allow $1 openvpn_etc_t:dir { getattr search read lock ioctl };
allow $1 openvpn_etc_t:dir { getattr search };
allow $1 openvpn_etc_t:file { getattr read lock ioctl };
allow $1 openvpn_etc_t:dir { getattr search };
allow $1 openvpn_etc_t:lnk_file { getattr read };
services,openvpn.if,openvpn_admin'
allow $1 openvpn_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 openvpn_t:dir { search getattr read };
allow $1 openvpn_t:{ file lnk_file } { read getattr };
allow $1 openvpn_t:process getattr;
allow $1 openvpn_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,pcscd.if,pcscd_domtrans'
allow $1 pcscd_exec_t:file { getattr read execute };
allow $1 pcscd_t:process transition;
allow pcscd_t $1:fd use;
allow pcscd_t $1:fifo_file { getattr read write append ioctl lock };
allow pcscd_t $1:process sigchld;
services,pcscd.if,pcscd_read_pub_files'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 pcscd_var_run_t:file { getattr read lock ioctl };
services,pcscd.if,pcscd_stream_connect'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 pcscd_var_run_t:sock_file write;
allow $1 pcscd_t:unix_stream_socket connectto;
services,perdition.if,perdition_tcp_connect'
services,portmap.if,portmap_domtrans_helper'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 portmap_helper_exec_t:file { getattr read execute };
allow $1 portmap_helper_t:process transition;
allow portmap_helper_t $1:fd use;
allow portmap_helper_t $1:fifo_file { getattr read write append ioctl lock };
allow portmap_helper_t $1:process sigchld;
services,portmap.if,portmap_run_helper'
services,portmap.if,portmap_udp_send'
services,portmap.if,portmap_udp_chat'
services,portmap.if,portmap_tcp_connect'
services,portslave.if,portslave_domtrans'
allow $1 portslave_exec_t:file { getattr read execute };
allow $1 portslave_t:process transition;
allow portslave_t $1:fd use;
allow portslave_t $1:fifo_file { getattr read write append ioctl lock };
allow portslave_t $1:process sigchld;
services,postfix.if,postfix_stub'
allow postfix_$1_t postfix_$1_exec_t:file entrypoint;
allow postfix_$1_t postfix_$1_exec_t:file { { getattr read execute ioctl } ioctl lock };
allow postfix_$1_t postfix_$1_exec_t:file entrypoint;
allow postfix_$1_t postfix_$1_exec_t:file { { getattr read execute ioctl } ioctl lock };
allow postfix_$1_t self:process { { sigchld sigkill sigstop signull signal } setpgid };
allow postfix_$1_t self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow postfix_$1_t self:unix_stream_socket { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } listen accept };
allow postfix_$1_t self:unix_stream_socket connectto;
allow postfix_master_t postfix_$1_t:process signal;
allow postfix_$1_t postfix_master_t:file read;
allow postfix_$1_t postfix_etc_t:dir { getattr search read lock ioctl };
allow postfix_$1_t postfix_etc_t:dir { getattr search };
allow postfix_$1_t postfix_etc_t:file { getattr read lock ioctl };
allow postfix_$1_t postfix_$1_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow postfix_$1_t postfix_exec_t:file { { getattr read execute ioctl } lock ioctl };
allow postfix_$1_t postfix_master_t:process sigchld;
allow postfix_$1_t postfix_spool_t:dir { getattr search read lock ioctl };
allow postfix_$1_t postfix_var_run_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow postfix_$1_t var_t:dir { getattr search };
allow postfix_$1_t var_run_t:dir { read getattr lock search ioctl add_name remove_name write };
allow postfix_$1_t proc_t:dir { getattr search };
allow postfix_$1_t proc_t:file { getattr read lock ioctl };
allow postfix_$1_t proc_t:dir { getattr search };
allow postfix_$1_t proc_t:lnk_file { getattr read };
allow postfix_$1_t proc_t:dir { getattr search };
allow postfix_$1_t proc_t:dir { getattr search read lock ioctl };
allow postfix_$1_t { proc_t proc_net_t }:dir { getattr search };
allow postfix_$1_t proc_net_t:file { getattr read lock ioctl };
allow postfix_$1_t { proc_t proc_net_t }:dir { getattr search };
allow postfix_$1_t proc_net_t:lnk_file { getattr read };
allow postfix_$1_t proc_t:dir { getattr search };
allow postfix_$1_t proc_net_t:dir { getattr search read lock ioctl };
allow postfix_$1_t { proc_t proc_net_t sysctl_type }:dir { getattr search };
allow postfix_$1_t sysctl_type:file { getattr read lock ioctl };
allow postfix_$1_t { proc_t proc_net_t }:dir { getattr search };
allow postfix_$1_t sysctl_type:dir { getattr search read lock ioctl };
allow postfix_$1_t sysfs_t:dir { getattr search };
allow postfix_$1_t sysfs_t:file { getattr read lock ioctl };
allow postfix_$1_t sysfs_t:dir { getattr search };
allow postfix_$1_t sysfs_t:lnk_file { getattr read };
allow postfix_$1_t sysfs_t:dir { getattr search };
allow postfix_$1_t sysfs_t:dir { getattr search read lock ioctl };
allow postfix_$1_t device_t:dir { getattr search };
allow postfix_$1_t random_device_t:chr_file { getattr read lock ioctl };
allow postfix_$1_t device_t:dir { getattr search };
allow postfix_$1_t urandom_device_t:chr_file { getattr read lock ioctl };
allow postfix_$1_t autofs_t:dir { getattr search };
allow postfix_$1_t fs_t:filesystem getattr;
allow postfix_$1_t anon_inodefs_t:dir { getattr search };
allow postfix_$1_t anon_inodefs_t:file { getattr read write append ioctl lock };
allow postfix_$1_t bin_t:dir { getattr search };
allow postfix_$1_t bin_t:dir { getattr search read lock ioctl };
allow postfix_$1_t bin_t:dir { getattr search };
allow postfix_$1_t bin_t:lnk_file { getattr read };
allow postfix_$1_t shell_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow postfix_$1_t etc_t:dir { getattr search read lock ioctl };
allow postfix_$1_t etc_t:dir { getattr search };
allow postfix_$1_t etc_t:file { getattr read lock ioctl };
allow postfix_$1_t etc_t:dir { getattr search };
allow postfix_$1_t etc_t:lnk_file { getattr read };
allow postfix_$1_t etc_t:dir { getattr search read lock ioctl };
allow postfix_$1_t etc_t:dir { getattr search };
allow postfix_$1_t etc_runtime_t:file { getattr read lock ioctl };
allow postfix_$1_t etc_t:dir { getattr search };
allow postfix_$1_t etc_runtime_t:lnk_file { getattr read };
allow postfix_$1_t usr_t:dir { getattr search };
allow postfix_$1_t usr_t:lnk_file { getattr read };
allow postfix_$1_t var_t:dir { getattr search };
allow postfix_$1_t var_spool_t:dir { getattr search };
allow postfix_$1_t tmp_t:dir getattr;
allow postfix_$1_t init_t:process sigchld;
allow postfix_$1_t self:netlink_route_socket { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } nlmsg_read };
allow postfix_$1_t var_t:dir { getattr search };
allow postfix_$1_t var_lib_t:dir { getattr search read lock ioctl };
allow postfix_$1_t etc_t:dir { getattr search read lock ioctl };
allow postfix_$1_t etc_t:dir { getattr search };
allow postfix_$1_t etc_t:file { getattr read lock ioctl };
allow postfix_$1_t etc_t:dir { getattr search };
allow postfix_$1_t etc_t:lnk_file { getattr read };
allow postfix_$1_t cert_t:dir { getattr search read lock ioctl };
allow postfix_$1_t cert_t:dir { getattr search };
allow postfix_$1_t cert_t:file { getattr read lock ioctl };
allow postfix_$1_t cert_t:dir { getattr search };
allow postfix_$1_t cert_t:lnk_file { getattr read };
allow postfix_$1_t self:tcp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow postfix_$1_t self:udp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow postfix_$1_t unlabeled_t:tcp_socket recvfrom;
allow postfix_$1_t unlabeled_t:udp_socket recvfrom;
allow postfix_$1_t unlabeled_t:rawip_socket recvfrom;
allow postfix_$1_t unlabeled_t:peer recv;
allow postfix_$1_t unlabeled_t:association { sendto recvfrom };
allow postfix_$1_t unlabeled_t:packet { send recv };
allow postfix_$1_t netlabel_peer_t:peer recv;
allow postfix_$1_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow postfix_$1_t netif_type:netif { tcp_send tcp_recv egress ingress };
allow postfix_$1_t netif_type:netif { udp_send egress };
allow postfix_$1_t netif_type:netif { udp_recv ingress };
allow postfix_$1_t node_type:node { tcp_send tcp_recv sendto recvfrom };
allow postfix_$1_t node_type:node { udp_send sendto };
allow postfix_$1_t node_type:node { udp_recv recvfrom };
allow postfix_$1_t dns_port_t:tcp_socket { send_msg recv_msg };
allow postfix_$1_t dns_port_t:udp_socket send_msg;
allow postfix_$1_t dns_port_t:udp_socket recv_msg;
allow postfix_$1_t dns_port_t:tcp_socket name_connect;
allow postfix_$1_t dns_client_packet_t:packet send;
allow postfix_$1_t dns_client_packet_t:packet recv;
allow postfix_$1_t etc_t:dir { getattr search };
allow postfix_$1_t net_conf_t:file { getattr read lock ioctl };
allow postfix_$1_t self:tcp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow postfix_$1_t unlabeled_t:tcp_socket recvfrom;
allow postfix_$1_t unlabeled_t:udp_socket recvfrom;
allow postfix_$1_t unlabeled_t:rawip_socket recvfrom;
allow postfix_$1_t unlabeled_t:peer recv;
allow postfix_$1_t unlabeled_t:association { sendto recvfrom };
allow postfix_$1_t unlabeled_t:packet { send recv };
allow postfix_$1_t netlabel_peer_t:peer recv;
allow postfix_$1_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow postfix_$1_t netif_type:netif { tcp_send tcp_recv egress ingress };
allow postfix_$1_t node_type:node { tcp_send tcp_recv sendto recvfrom };
allow postfix_$1_t ldap_port_t:tcp_socket { send_msg recv_msg };
allow postfix_$1_t ldap_port_t:tcp_socket name_connect;
allow postfix_$1_t ldap_client_packet_t:packet send;
allow postfix_$1_t ldap_client_packet_t:packet recv;
allow postfix_$1_t etc_t:dir { getattr search };
allow postfix_$1_t net_conf_t:file { getattr read lock ioctl };
allow postfix_$1_t devlog_t:lnk_file read;
allow postfix_$1_t devlog_t:sock_file { getattr read write append };
allow postfix_$1_t syslogd_t:unix_dgram_socket sendto;
allow postfix_$1_t syslogd_t:unix_stream_socket connectto;
allow postfix_$1_t self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow postfix_$1_t self:unix_stream_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow postfix_$1_t device_t:dir { getattr search };
allow postfix_$1_t device_t:dir { getattr search read lock ioctl };
allow postfix_$1_t device_t:dir { getattr search };
allow postfix_$1_t device_t:lnk_file { getattr read };
allow postfix_$1_t console_device_t:chr_file { getattr read write append ioctl lock };
allow postfix_$1_t etc_t:dir { getattr search };
allow postfix_$1_t etc_t:lnk_file { getattr read };
allow postfix_$1_t usr_t:dir { getattr search };
allow postfix_$1_t locale_t:dir { getattr search read lock ioctl };
allow postfix_$1_t locale_t:dir { getattr search };
allow postfix_$1_t locale_t:file { getattr read lock ioctl };
allow postfix_$1_t locale_t:dir { getattr search };
allow postfix_$1_t locale_t:lnk_file { getattr read };
allow postfix_$1_t usr_t:dir { getattr search };
allow postfix_$1_t lib_t:dir { getattr search };
allow postfix_$1_t lib_t:dir { getattr search read lock ioctl };
allow postfix_$1_t lib_t:dir { getattr search };
allow postfix_$1_t lib_t:file { getattr read lock ioctl };
allow postfix_$1_t lib_t:dir { getattr search };
allow postfix_$1_t lib_t:lnk_file { getattr read };
allow postfix_$1_t cert_t:dir { getattr search read lock ioctl };
allow postfix_$1_t cert_t:dir { getattr search };
allow postfix_$1_t cert_t:file { getattr read lock ioctl };
allow postfix_$1_t cert_t:dir { getattr search };
allow postfix_$1_t cert_t:lnk_file { getattr read };
allow postfix_$1_t postfix_$1_exec_t:file entrypoint;
allow postfix_$1_t postfix_$1_exec_t:file { { getattr read execute ioctl } ioctl lock };
allow postfix_$1_t self:capability { setuid setgid dac_override };
allow postfix_$1_t postfix_master_t:unix_stream_socket { connectto { { ioctl read getattr write setattr append bind connect getopt setopt shutdown } listen accept } };
allow postfix_$1_t self:tcp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow postfix_$1_t self:udp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow postfix_master_t postfix_$1_exec_t:file { getattr read execute };
allow postfix_master_t postfix_$1_t:process transition;
allow postfix_$1_t postfix_master_t:fd use;
allow postfix_$1_t postfix_master_t:fifo_file { getattr read write append ioctl lock };
allow postfix_$1_t postfix_master_t:process sigchld;
allow postfix_$1_t unlabeled_t:tcp_socket recvfrom;
allow postfix_$1_t unlabeled_t:udp_socket recvfrom;
allow postfix_$1_t unlabeled_t:rawip_socket recvfrom;
allow postfix_$1_t unlabeled_t:peer recv;
allow postfix_$1_t unlabeled_t:association { sendto recvfrom };
allow postfix_$1_t unlabeled_t:packet { send recv };
allow postfix_$1_t netlabel_peer_t:peer recv;
allow postfix_$1_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow postfix_$1_t netif_type:netif { tcp_send tcp_recv egress ingress };
allow postfix_$1_t netif_type:netif { udp_send egress };
allow postfix_$1_t netif_type:netif { udp_recv ingress };
allow postfix_$1_t node_type:node { tcp_send tcp_recv sendto recvfrom };
allow postfix_$1_t node_type:node { udp_send sendto };
allow postfix_$1_t node_type:node { udp_recv recvfrom };
allow postfix_$1_t port_type:tcp_socket { send_msg recv_msg };
allow postfix_$1_t port_type:udp_socket send_msg;
allow postfix_$1_t port_type:udp_socket recv_msg;
allow postfix_$1_t node_type:tcp_socket node_bind;
allow postfix_$1_t node_type:udp_socket node_bind;
allow postfix_$1_t port_type:tcp_socket name_connect;
allow postfix_$1_t client_packet_type:packet send;
allow postfix_$1_t client_packet_type:packet recv;
allow postfix_$1_t self:capability { setuid setgid dac_override };
allow postfix_$1_t postfix_master_t:unix_stream_socket { connectto { { ioctl read getattr write setattr append bind connect getopt setopt shutdown } listen accept } };
allow postfix_$1_t self:tcp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow postfix_$1_t self:udp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow postfix_master_t postfix_$1_exec_t:file { getattr read execute };
allow postfix_master_t postfix_$1_t:process transition;
allow postfix_$1_t postfix_master_t:fd use;
allow postfix_$1_t postfix_master_t:fifo_file { getattr read write append ioctl lock };
allow postfix_$1_t postfix_master_t:process sigchld;
allow postfix_$1_t unlabeled_t:tcp_socket recvfrom;
allow postfix_$1_t unlabeled_t:udp_socket recvfrom;
allow postfix_$1_t unlabeled_t:rawip_socket recvfrom;
allow postfix_$1_t unlabeled_t:peer recv;
allow postfix_$1_t unlabeled_t:association { sendto recvfrom };
allow postfix_$1_t unlabeled_t:packet { send recv };
allow postfix_$1_t netlabel_peer_t:peer recv;
allow postfix_$1_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow postfix_$1_t netif_type:netif { tcp_send tcp_recv egress ingress };
allow postfix_$1_t netif_type:netif { udp_send egress };
allow postfix_$1_t netif_type:netif { udp_recv ingress };
allow postfix_$1_t node_type:node { tcp_send tcp_recv sendto recvfrom };
allow postfix_$1_t node_type:node { udp_send sendto };
allow postfix_$1_t node_type:node { udp_recv recvfrom };
allow postfix_$1_t port_type:tcp_socket { send_msg recv_msg };
allow postfix_$1_t port_type:udp_socket send_msg;
allow postfix_$1_t port_type:udp_socket recv_msg;
allow postfix_$1_t node_type:tcp_socket node_bind;
allow postfix_$1_t node_type:udp_socket node_bind;
allow postfix_$1_t port_type:tcp_socket name_connect;
allow postfix_$1_t client_packet_type:packet send;
allow postfix_$1_t client_packet_type:packet recv;
allow postfix_$1_t self:capability { setuid setgid dac_override };
allow postfix_$1_t postfix_master_t:unix_stream_socket { connectto { { ioctl read getattr write setattr append bind connect getopt setopt shutdown } listen accept } };
allow postfix_$1_t self:tcp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow postfix_$1_t self:udp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow postfix_master_t postfix_$1_exec_t:file { getattr read execute };
allow postfix_master_t postfix_$1_t:process transition;
allow postfix_$1_t postfix_master_t:fd use;
allow postfix_$1_t postfix_master_t:fifo_file { getattr read write append ioctl lock };
allow postfix_$1_t postfix_master_t:process sigchld;
allow postfix_$1_t unlabeled_t:tcp_socket recvfrom;
allow postfix_$1_t unlabeled_t:udp_socket recvfrom;
allow postfix_$1_t unlabeled_t:rawip_socket recvfrom;
allow postfix_$1_t unlabeled_t:peer recv;
allow postfix_$1_t unlabeled_t:association { sendto recvfrom };
allow postfix_$1_t unlabeled_t:packet { send recv };
allow postfix_$1_t netlabel_peer_t:peer recv;
allow postfix_$1_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow postfix_$1_t netif_type:netif { tcp_send tcp_recv egress ingress };
allow postfix_$1_t netif_type:netif { udp_send egress };
allow postfix_$1_t netif_type:netif { udp_recv ingress };
allow postfix_$1_t node_type:node { tcp_send tcp_recv sendto recvfrom };
allow postfix_$1_t node_type:node { udp_send sendto };
allow postfix_$1_t node_type:node { udp_recv recvfrom };
allow postfix_$1_t port_type:tcp_socket { send_msg recv_msg };
allow postfix_$1_t port_type:udp_socket send_msg;
allow postfix_$1_t port_type:udp_socket recv_msg;
allow postfix_$1_t node_type:tcp_socket node_bind;
allow postfix_$1_t node_type:udp_socket node_bind;
allow postfix_$1_t port_type:tcp_socket name_connect;
allow postfix_$1_t client_packet_type:packet send;
allow postfix_$1_t client_packet_type:packet recv;
allow postfix_$1_t self:capability { setuid setgid dac_override };
allow postfix_$1_t postfix_master_t:unix_stream_socket { connectto { { ioctl read getattr write setattr append bind connect getopt setopt shutdown } listen accept } };
allow postfix_$1_t self:tcp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow postfix_$1_t self:udp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow postfix_master_t postfix_$1_exec_t:file { getattr read execute };
allow postfix_master_t postfix_$1_t:process transition;
allow postfix_$1_t postfix_master_t:fd use;
allow postfix_$1_t postfix_master_t:fifo_file { getattr read write append ioctl lock };
allow postfix_$1_t postfix_master_t:process sigchld;
allow postfix_$1_t unlabeled_t:tcp_socket recvfrom;
allow postfix_$1_t unlabeled_t:udp_socket recvfrom;
allow postfix_$1_t unlabeled_t:rawip_socket recvfrom;
allow postfix_$1_t unlabeled_t:peer recv;
allow postfix_$1_t unlabeled_t:association { sendto recvfrom };
allow postfix_$1_t unlabeled_t:packet { send recv };
allow postfix_$1_t netlabel_peer_t:peer recv;
allow postfix_$1_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow postfix_$1_t netif_type:netif { tcp_send tcp_recv egress ingress };
allow postfix_$1_t netif_type:netif { udp_send egress };
allow postfix_$1_t netif_type:netif { udp_recv ingress };
allow postfix_$1_t node_type:node { tcp_send tcp_recv sendto recvfrom };
allow postfix_$1_t node_type:node { udp_send sendto };
allow postfix_$1_t node_type:node { udp_recv recvfrom };
allow postfix_$1_t port_type:tcp_socket { send_msg recv_msg };
allow postfix_$1_t port_type:udp_socket send_msg;
allow postfix_$1_t port_type:udp_socket recv_msg;
allow postfix_$1_t node_type:tcp_socket node_bind;
allow postfix_$1_t node_type:udp_socket node_bind;
allow postfix_$1_t port_type:tcp_socket name_connect;
allow postfix_$1_t client_packet_type:packet send;
allow postfix_$1_t client_packet_type:packet recv;
allow postfix_$1_t self:capability dac_override;
allow postfix_user_domtrans postfix_$1_exec_t:file { getattr read execute };
allow postfix_user_domtrans postfix_$1_t:process transition;
allow postfix_$1_t postfix_user_domtrans:fd use;
allow postfix_$1_t postfix_user_domtrans:fifo_file { getattr read write append ioctl lock };
allow postfix_$1_t postfix_user_domtrans:process sigchld;
allow postfix_$1_t privfd:fd use;
allow postfix_$1_t self:capability dac_override;
allow postfix_user_domtrans postfix_$1_exec_t:file { getattr read execute };
allow postfix_user_domtrans postfix_$1_t:process transition;
allow postfix_$1_t postfix_user_domtrans:fd use;
allow postfix_$1_t postfix_user_domtrans:fifo_file { getattr read write append ioctl lock };
allow postfix_$1_t postfix_user_domtrans:process sigchld;
allow postfix_$1_t privfd:fd use;
allow postfix_$1_t self:capability dac_override;
allow postfix_user_domtrans postfix_$1_exec_t:file { getattr read execute };
allow postfix_user_domtrans postfix_$1_t:process transition;
allow postfix_$1_t postfix_user_domtrans:fd use;
allow postfix_$1_t postfix_user_domtrans:fifo_file { getattr read write append ioctl lock };
allow postfix_$1_t postfix_user_domtrans:process sigchld;
allow postfix_$1_t privfd:fd use;
allow postfix_$1_t self:capability dac_override;
allow postfix_user_domtrans postfix_$1_exec_t:file { getattr read execute };
allow postfix_user_domtrans postfix_$1_t:process transition;
allow postfix_$1_t postfix_user_domtrans:fd use;
allow postfix_$1_t postfix_user_domtrans:fifo_file { getattr read write append ioctl lock };
allow postfix_$1_t postfix_user_domtrans:process sigchld;
allow postfix_$1_t privfd:fd use;
services,postfix.if,postfix_read_config'
allow $1 postfix_etc_t:dir { getattr search read lock ioctl };
allow $1 postfix_etc_t:file { getattr read lock ioctl };
allow $1 postfix_etc_t:lnk_file { getattr read };
allow $1 etc_t:dir { getattr search };
services,postfix.if,postfix_config_filetrans'
allow $1 etc_t:dir { getattr search };
allow $1 postfix_etc_t:dir { read getattr lock search ioctl add_name remove_name write };
services,postfix.if,postfix_dontaudit_rw_local_tcp_sockets'
services,postfix.if,postfix_read_local_state'
allow $1 postfix_local_t:dir { getattr search };
allow $1 postfix_local_t:file { getattr read lock ioctl };
services,postfix.if,postfix_read_master_state'
allow $1 postfix_master_t:dir { getattr search };
allow $1 postfix_master_t:file { getattr read lock ioctl };
services,postfix.if,postfix_dontaudit_use_fds'
services,postfix.if,postfix_domtrans_map'
allow $1 postfix_map_exec_t:file { getattr read execute };
allow $1 postfix_map_t:process transition;
allow postfix_map_t $1:fd use;
allow postfix_map_t $1:fifo_file { getattr read write append ioctl lock };
allow postfix_map_t $1:process sigchld;
services,postfix.if,postfix_run_map'
services,postfix.if,postfix_domtrans_master'
allow $1 postfix_master_exec_t:file { getattr read execute };
allow $1 postfix_master_t:process transition;
allow postfix_master_t $1:fd use;
allow postfix_master_t $1:fifo_file { getattr read write append ioctl lock };
allow postfix_master_t $1:process sigchld;
services,postfix.if,postfix_exec_master'
allow $1 postfix_master_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
services,postfix.if,postfix_create_pivate_sockets'
allow $1 postfix_private_t:dir { getattr search read lock ioctl };
allow $1 postfix_private_t:dir { getattr search lock ioctl write add_name };
allow $1 postfix_private_t:sock_file { getattr create };
services,postfix.if,postfix_domtrans_smtp'
allow $1 postfix_smtp_exec_t:file { getattr read execute };
allow $1 postfix_smtp_t:process transition;
allow postfix_smtp_t $1:fd use;
allow postfix_smtp_t $1:fifo_file { getattr read write append ioctl lock };
allow postfix_smtp_t $1:process sigchld;
services,postfix.if,postfix_search_spool'
allow $1 postfix_spool_t:dir { getattr search };
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search };
services,postfix.if,postfix_list_spool'
allow $1 postfix_spool_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search };
services,postfix.if,postfix_read_spool_files'
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search };
allow $1 postfix_spool_t:dir { getattr search };
allow $1 postfix_spool_t:file { getattr read lock ioctl };
services,postfix.if,postfix_manage_spool_files'
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search };
allow $1 postfix_spool_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 postfix_spool_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
services,postfix.if,postfix_domtrans_user_mail_handler'
services,postfixpolicyd.if,postfixpolicyd_admin'
allow $1 postfix_policyd_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 postfix_policyd_t:dir { search getattr read };
allow $1 postfix_policyd_t:{ file lnk_file } { read getattr };
allow $1 postfix_policyd_t:process getattr;
allow $1 postfix_policyd_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,postgresql.if,postgresql_role'
allow $2 user_sepgsql_table_t:db_table { create drop };
allow $2 user_sepgsql_table_t:db_column { create drop };
allow $2 user_sepgsql_sysobj_t:db_tuple { update insert delete };
allow $2 user_sepgsql_table_t:db_table { getattr setattr use select update insert delete };
allow $2 user_sepgsql_table_t:db_column { getattr setattr use select update insert };
allow $2 user_sepgsql_table_t:db_tuple { use select update insert delete };
allow $2 user_sepgsql_sysobj_t:db_tuple { use select };
allow $2 user_sepgsql_proc_exec_t:db_procedure { create drop getattr setattr execute };
allow $2 user_sepgsql_blob_t:db_blob { create drop getattr setattr read write };
allow $2 sepgsql_trusted_proc_t:process transition;
services,postgresql.if,postgresql_loadable_module'
services,postgresql.if,postgresql_database_object'
services,postgresql.if,postgresql_table_object'
services,postgresql.if,postgresql_system_table_object'
services,postgresql.if,postgresql_procedure_object'
services,postgresql.if,postgresql_blob_object'
services,postgresql.if,postgresql_search_db'
allow $1 postgresql_db_t:dir search;
services,postgresql.if,postgresql_manage_db'
allow $1 postgresql_db_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 postgresql_db_t:file { getattr read write append ioctl lock };
allow $1 postgresql_db_t:lnk_file { getattr read };
services,postgresql.if,postgresql_domtrans'
allow $1 postgresql_exec_t:file { getattr read execute };
allow $1 postgresql_t:process transition;
allow postgresql_t $1:fd use;
allow postgresql_t $1:fifo_file { getattr read write append ioctl lock };
allow postgresql_t $1:process sigchld;
services,postgresql.if,postgresql_read_config'
allow $1 etc_t:dir { getattr search };
allow $1 postgresql_etc_t:dir { getattr search read lock ioctl };
allow $1 postgresql_etc_t:file { getattr read lock ioctl };
allow $1 postgresql_etc_t:lnk_file { getattr read };
services,postgresql.if,postgresql_tcp_connect'
allow { $1 postgresql_t } self:association sendto;
allow $1 postgresql_t:{ association tcp_socket } recvfrom;
allow postgresql_t $1:{ association tcp_socket } recvfrom;
allow $1 postgresql_t:peer recv;
allow postgresql_t $1:peer recv;
allow $1 netlabel_peer_t:peer recv;
allow $1 netlabel_peer_t:tcp_socket recvfrom;
allow postgresql_t netlabel_peer_t:peer recv;
allow postgresql_t netlabel_peer_t:tcp_socket recvfrom;
allow $1 postgresql_port_t:tcp_socket { send_msg recv_msg };
allow $1 postgresql_port_t:tcp_socket name_connect;
allow $1 postgresql_client_packet_t:packet send;
allow $1 postgresql_client_packet_t:packet recv;
services,postgresql.if,postgresql_stream_connect'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 postgresql_t:unix_stream_socket connectto;
allow $1 postgresql_var_run_t:sock_file write;
allow $1 postgresql_tmp_t:sock_file write;
services,postgresql.if,postgresql_unpriv_client'
allow $1 sepgsql_trusted_proc_t:process transition;
services,postgresql.if,postgresql_unconfined'
services,postgrey.if,postgrey_stream_connect'
allow $1 postgrey_var_run_t:dir { getattr search };
allow $1 postgrey_var_run_t:sock_file { getattr write };
allow $1 postgrey_t:unix_stream_socket connectto;
allow $1 postgrey_spool_t:dir { getattr search };
allow $1 postgrey_spool_t:sock_file { getattr write };
allow $1 postgrey_t:unix_stream_socket connectto;
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
services,postgrey.if,postgrey_search_spool'
allow $1 postgrey_spool_t:dir { getattr search };
services,postgrey.if,postgrey_admin'
allow $1 postgrey_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 postgrey_t:dir { search getattr read };
allow $1 postgrey_t:{ file lnk_file } { read getattr };
allow $1 postgrey_t:process getattr;
allow $1 postgrey_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,ppp.if,ppp_use_fds'
allow $1 pppd_t:fd use;
services,ppp.if,ppp_dontaudit_use_fds'
services,ppp.if,ppp_sigchld'
allow $1 pppd_t:process sigchld;
services,ppp.if,ppp_signal'
allow $1 pppd_t:process signal;
services,ppp.if,ppp_signull'
allow $1 pppd_t:process signull;
services,ppp.if,ppp_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 pppd_exec_t:file { getattr read execute };
allow $1 pppd_t:process transition;
allow pppd_t $1:fd use;
allow pppd_t $1:fifo_file { getattr read write append ioctl lock };
allow pppd_t $1:process sigchld;
services,ppp.if,ppp_run_cond'
services,ppp.if,ppp_run'
services,ppp.if,ppp_exec'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 pppd_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
services,ppp.if,ppp_read_config'
allow $1 pppd_etc_t:dir { getattr search };
allow $1 pppd_etc_t:file { getattr read lock ioctl };
allow $1 etc_t:dir { getattr search };
services,ppp.if,ppp_read_rw_config'
allow $1 pppd_etc_t:dir { getattr search read lock ioctl };
allow $1 pppd_etc_rw_t:file { getattr read lock ioctl };
allow $1 etc_t:dir { getattr search };
services,ppp.if,ppp_read_secrets'
allow $1 pppd_etc_t:dir { getattr search read lock ioctl };
allow $1 pppd_secret_t:file { getattr read lock ioctl };
allow $1 etc_t:dir { getattr search };
services,ppp.if,ppp_read_pid_files'
allow $1 pppd_var_run_t:file { getattr read lock ioctl };
services,ppp.if,ppp_manage_pid_files'
allow $1 pppd_var_run_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
services,ppp.if,ppp_pid_filetrans'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { read getattr lock search ioctl add_name remove_name write };
services,ppp.if,ppp_admin'
allow $1 pppd_t:process { ptrace { sigchld sigkill sigstop signull signal } getattr };
allow $1 pppd_t:dir { search getattr read };
allow $1 pppd_t:{ file lnk_file } { read getattr };
allow $1 pppd_t:process getattr;
allow $1 tmp_t:dir { getattr search read lock ioctl };
allow $1 pppd_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 pppd_tmp_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
allow $1 pppd_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 pppd_log_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 pppd_lock_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 pppd_lock_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 pppd_etc_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 pppd_etc_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 pppd_etc_rw_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 pppd_etc_rw_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 pppd_secret_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 pppd_secret_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
allow $1 pppd_var_run_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 pppd_var_run_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 pptp_t:process { ptrace { sigchld sigkill sigstop signull signal } getattr };
allow $1 pptp_t:dir { search getattr read };
allow $1 pptp_t:{ file lnk_file } { read getattr };
allow $1 pptp_t:process getattr;
allow $1 pptp_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 pptp_log_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 pptp_var_run_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 pptp_var_run_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
services,prelude.if,prelude_domtrans'
allow $1 prelude_exec_t:file { getattr read execute };
allow $1 prelude_t:process transition;
allow prelude_t $1:fd use;
allow prelude_t $1:fifo_file { getattr read write append ioctl lock };
allow prelude_t $1:process sigchld;
services,prelude.if,prelude_domtrans_audisp'
allow $1 prelude_audisp_exec_t:file { getattr read execute };
allow $1 prelude_audisp_t:process transition;
allow prelude_audisp_t $1:fd use;
allow prelude_audisp_t $1:fifo_file { getattr read write append ioctl lock };
allow prelude_audisp_t $1:process sigchld;
services,prelude.if,prelude_signal_audisp'
allow $1 prelude_audisp_t:process signal;
services,prelude.if,prelude_admin'
allow $1 prelude_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 prelude_t:dir { search getattr read };
allow $1 prelude_t:{ file lnk_file } { read getattr };
allow $1 prelude_t:process getattr;
allow $1 prelude_audisp_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 prelude_audisp_t:dir { search getattr read };
allow $1 prelude_audisp_t:{ file lnk_file } { read getattr };
allow $1 prelude_audisp_t:process getattr;
allow $1 prelude_spool_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 prelude_spool_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 prelude_var_lib_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 prelude_var_lib_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 prelude_var_run_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 prelude_var_run_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 prelude_audisp_var_run_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 prelude_audisp_var_run_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
services,privoxy.if,privoxy_admin'
allow $1 privoxy_t:process { ptrace { sigchld sigkill sigstop signull signal } getattr };
allow $1 privoxy_t:dir { search getattr read };
allow $1 privoxy_t:{ file lnk_file } { read getattr };
allow $1 privoxy_t:process getattr;
allow $1 privoxy_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,procmail.if,procmail_domtrans'
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 procmail_exec_t:file { getattr read execute };
allow $1 procmail_t:process transition;
allow procmail_t $1:fd use;
allow procmail_t $1:fifo_file { getattr read write append ioctl lock };
allow procmail_t $1:process sigchld;
services,procmail.if,procmail_exec'
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 procmail_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
services,procmail.if,procmail_read_tmp_files'
allow $1 tmp_t:dir { getattr search };
allow $1 procmail_tmp_t:file { getattr read lock ioctl };
services,procmail.if,procmail_rw_tmp_files'
allow $1 tmp_t:dir { getattr search };
allow $1 procmail_tmp_t:dir { getattr search };
allow $1 procmail_tmp_t:file { getattr read write append ioctl lock };
services,pyzor.if,pyzor_role'
allow $2 pyzor_exec_t:file { getattr read execute };
allow $2 pyzor_t:process transition;
allow pyzor_t $2:fd use;
allow pyzor_t $2:fifo_file { getattr read write append ioctl lock };
allow pyzor_t $2:process sigchld;
allow $2 pyzor_t:dir { search getattr read };
allow $2 pyzor_t:{ file lnk_file } { read getattr };
allow $2 pyzor_t:process getattr;
allow $2 pyzor_t:process signal;
services,pyzor.if,pyzor_signal'
allow $1 pyzor_t:process signal;
services,pyzor.if,pyzor_domtrans'
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 pyzor_exec_t:file { getattr read execute };
allow $1 pyzor_t:process transition;
allow pyzor_t $1:fd use;
allow pyzor_t $1:fifo_file { getattr read write append ioctl lock };
allow pyzor_t $1:process sigchld;
services,pyzor.if,pyzor_exec'
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 pyzor_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1_t $1_exec_t:file entrypoint;
allow $1_t $1_exec_t:file { { getattr read execute ioctl } ioctl lock };
allow $1_t $1_exec_t:file entrypoint;
allow $1_t $1_exec_t:file { { getattr read execute ioctl } ioctl lock };
allow $2 $1_exec_t:file { getattr read execute };
allow $2 $1_t:process transition;
allow $1_t self:process { sigchld sigkill sigstop signull signal };
allow $1_t $2:fd use;
allow $1_t $2:fifo_file { getattr read write append ioctl lock };
allow $1_t $2:process sigchld;
allow $1_t qmail_etc_t:dir { getattr search read lock ioctl };
allow $1_t qmail_etc_t:file { getattr read lock ioctl };
allow $1_t qmail_etc_t:lnk_file { getattr read };
allow $1_t qmail_start_t:fd use;
allow $2 proc_t:dir { getattr search };
allow $2 proc_t:dir { getattr search read lock ioctl };
allow $2 proc_t:dir { getattr search };
allow $2 proc_t:lnk_file { getattr read };
allow $1_t bin_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search };
allow $1_t var_t:dir { getattr search };
allow $1_t fs_t:filesystem getattr;
allow $1_t etc_t:dir { getattr search };
allow $1_t etc_t:lnk_file { getattr read };
allow $1_t usr_t:dir { getattr search };
allow $1_t locale_t:dir { getattr search read lock ioctl };
allow $1_t locale_t:dir { getattr search };
allow $1_t locale_t:file { getattr read lock ioctl };
allow $1_t locale_t:dir { getattr search };
allow $1_t locale_t:lnk_file { getattr read };
allow $1_t usr_t:dir { getattr search };
allow $1_t lib_t:dir { getattr search };
allow $1_t lib_t:dir { getattr search read lock ioctl };
allow $1_t lib_t:dir { getattr search };
allow $1_t lib_t:file { getattr read lock ioctl };
allow $1_t lib_t:dir { getattr search };
allow $1_t lib_t:lnk_file { getattr read };
allow $1_t $1_exec_t:file entrypoint;
allow $1_t $1_exec_t:file { { getattr read execute ioctl } ioctl lock };
services,qmail.if,qmail_domtrans_inject'
allow $1 qmail_inject_exec_t:file { getattr read execute };
allow $1 qmail_inject_t:process transition;
allow qmail_inject_t $1:fd use;
allow qmail_inject_t $1:fifo_file { getattr read write append ioctl lock };
allow qmail_inject_t $1:process sigchld;
services,qmail.if,qmail_domtrans_queue'
allow $1 qmail_queue_exec_t:file { getattr read execute };
allow $1 qmail_queue_t:process transition;
allow qmail_queue_t $1:fd use;
allow qmail_queue_t $1:fifo_file { getattr read write append ioctl lock };
allow qmail_queue_t $1:process sigchld;
services,qmail.if,qmail_read_config'
allow $1 qmail_etc_t:dir { getattr search read lock ioctl };
allow $1 qmail_etc_t:file { getattr read lock ioctl };
allow $1 qmail_etc_t:lnk_file { getattr read };
allow $1 var_t:dir { getattr search };
services,qmail.if,qmail_smtpd_service_domain'
allow qmail_smtpd_t $2:file { getattr read execute };
allow qmail_smtpd_t $1:process transition;
allow $1 qmail_smtpd_t:fd use;
allow $1 qmail_smtpd_t:fifo_file { getattr read write append ioctl lock };
allow $1 qmail_smtpd_t:process sigchld;
services,radius.if,radius_use'
services,radius.if,radius_admin'
allow $1 radiusd_t:process { ptrace { sigchld sigkill sigstop signull signal } getattr };
allow $1 radiusd_t:dir { search getattr read };
allow $1 radiusd_t:{ file lnk_file } { read getattr };
allow $1 radiusd_t:process getattr;
allow $1 radiusd_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,radvd.if,radvd_admin'
allow $1 radvd_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 radvd_t:dir { search getattr read };
allow $1 radvd_t:{ file lnk_file } { read getattr };
allow $1 radvd_t:process getattr;
allow $1 radvd_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
allow $1_t razor_exec_t:file entrypoint;
allow $1_t razor_exec_t:file { { getattr read execute ioctl } ioctl lock };
allow $1_t razor_exec_t:file entrypoint;
allow $1_t razor_exec_t:file { { getattr read execute ioctl } ioctl lock };
allow $1_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow $1_t self:fd use;
allow $1_t self:fifo_file { getattr read write append ioctl lock };
allow $1_t self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t self:unix_stream_socket { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } listen accept };
allow $1_t self:unix_dgram_socket sendto;
allow $1_t self:unix_stream_socket connectto;
allow $1_t self:shm { associate getattr setattr create destroy read write lock unix_read unix_write };
allow $1_t self:sem { associate getattr setattr create destroy read write unix_read unix_write };
allow $1_t self:msgq { associate getattr setattr create destroy read write enqueue unix_read unix_write };
allow $1_t self:msg { send receive };
allow $1_t self:tcp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t razor_etc_t:dir { getattr search read lock ioctl };
allow $1_t razor_etc_t:file { getattr read lock ioctl };
allow $1_t razor_etc_t:lnk_file { getattr read };
allow $1_t razor_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t razor_log_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1_t razor_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t razor_log_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1_t razor_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t razor_log_t:lnk_file { create read getattr setattr unlink rename };
allow $1_t var_t:dir { getattr search };
allow $1_t var_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t razor_var_lib_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t razor_var_lib_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1_t razor_var_lib_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t razor_var_lib_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1_t razor_var_lib_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t razor_var_lib_t:lnk_file { create read getattr setattr unlink rename };
allow $1_t var_t:dir { getattr search };
allow $1_t var_lib_t:dir { getattr search };
allow $1_t razor_exec_t:file { getattr read lock ioctl };
allow $1_t razor_exec_t:lnk_file { getattr read };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:file { getattr read lock ioctl };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:lnk_file { getattr read };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:dir { getattr search read lock ioctl };
allow $1_t { proc_t proc_net_t }:dir { getattr search };
allow $1_t proc_net_t:file { getattr read lock ioctl };
allow $1_t { proc_t proc_net_t }:dir { getattr search };
allow $1_t proc_net_t:lnk_file { getattr read };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_net_t:dir { getattr search read lock ioctl };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_mdstat_t:file { getattr read lock ioctl };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:dir { getattr search read lock ioctl };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_kcore_t:file { getattr };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:dir { getattr search read lock ioctl };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_kmsg_t:file { getattr };
allow $1_t { proc_t sysctl_t sysctl_kernel_t }:dir { getattr search };
allow $1_t sysctl_kernel_t:file { getattr read lock ioctl };
allow $1_t { proc_t sysctl_t }:dir { getattr search };
allow $1_t sysctl_kernel_t:dir { getattr search read lock ioctl };
allow $1_t bin_t:dir { getattr search };
allow $1_t bin_t:lnk_file { getattr read };
allow $1_t bin_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search read lock ioctl };
allow $1_t bin_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1_t unlabeled_t:tcp_socket recvfrom;
allow $1_t unlabeled_t:udp_socket recvfrom;
allow $1_t unlabeled_t:rawip_socket recvfrom;
allow $1_t unlabeled_t:peer recv;
allow $1_t unlabeled_t:association { sendto recvfrom };
allow $1_t unlabeled_t:packet { send recv };
allow $1_t netlabel_peer_t:peer recv;
allow $1_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow $1_t netif_t:netif { tcp_send tcp_recv egress ingress };
allow $1_t netif_t:netif { rawip_send egress };
allow $1_t netif_t:netif { rawip_recv ingress };
allow $1_t node_type:node { tcp_send tcp_recv sendto recvfrom };
allow $1_t node_type:node { rawip_send sendto };
allow $1_t node_type:node { rawip_recv recvfrom };
allow $1_t razor_port_t:tcp_socket { send_msg recv_msg };
allow $1_t device_t:dir { getattr search };
allow $1_t random_device_t:chr_file { getattr read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t urandom_device_t:chr_file { getattr read lock ioctl };
allow $1_t var_t:dir { getattr search };
allow $1_t var_run_t:dir { getattr search };
allow $1_t etc_t:dir { getattr search read lock ioctl };
allow $1_t etc_t:dir { getattr search };
allow $1_t etc_t:file { getattr read lock ioctl };
allow $1_t etc_t:dir { getattr search };
allow $1_t etc_t:lnk_file { getattr read };
allow $1_t etc_t:dir { getattr search read lock ioctl };
allow $1_t etc_t:dir { getattr search };
allow $1_t etc_runtime_t:file { getattr read lock ioctl };
allow $1_t etc_t:dir { getattr search };
allow $1_t etc_runtime_t:lnk_file { getattr read };
allow $1_t autofs_t:dir { getattr search };
allow $1_t usr_t:dir { getattr search };
allow $1_t lib_t:dir { getattr search };
allow $1_t lib_t:dir { getattr search read lock ioctl };
allow $1_t lib_t:dir { getattr search };
allow $1_t lib_t:file { getattr read lock ioctl };
allow $1_t lib_t:dir { getattr search };
allow $1_t lib_t:lnk_file { getattr read };
allow $1_t etc_t:dir { getattr search };
allow $1_t etc_t:lnk_file { getattr read };
allow $1_t usr_t:dir { getattr search };
allow $1_t locale_t:dir { getattr search read lock ioctl };
allow $1_t locale_t:dir { getattr search };
allow $1_t locale_t:file { getattr read lock ioctl };
allow $1_t locale_t:dir { getattr search };
allow $1_t locale_t:lnk_file { getattr read };
allow $1_t usr_t:dir { getattr search };
allow $1_t lib_t:dir { getattr search };
allow $1_t lib_t:dir { getattr search read lock ioctl };
allow $1_t lib_t:dir { getattr search };
allow $1_t lib_t:file { getattr read lock ioctl };
allow $1_t lib_t:dir { getattr search };
allow $1_t lib_t:lnk_file { getattr read };
allow $1_t etc_t:dir { getattr search };
allow $1_t net_conf_t:file { getattr read lock ioctl };
allow $1_t self:tcp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t self:udp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t unlabeled_t:tcp_socket recvfrom;
allow $1_t unlabeled_t:udp_socket recvfrom;
allow $1_t unlabeled_t:rawip_socket recvfrom;
allow $1_t unlabeled_t:peer recv;
allow $1_t unlabeled_t:association { sendto recvfrom };
allow $1_t unlabeled_t:packet { send recv };
allow $1_t netlabel_peer_t:peer recv;
allow $1_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow $1_t netif_type:netif { tcp_send tcp_recv egress ingress };
allow $1_t netif_type:netif { udp_send egress };
allow $1_t netif_type:netif { udp_recv ingress };
allow $1_t node_type:node { tcp_send tcp_recv sendto recvfrom };
allow $1_t node_type:node { udp_send sendto };
allow $1_t node_type:node { udp_recv recvfrom };
allow $1_t dns_port_t:tcp_socket { send_msg recv_msg };
allow $1_t dns_port_t:udp_socket send_msg;
allow $1_t dns_port_t:udp_socket recv_msg;
allow $1_t dns_port_t:tcp_socket name_connect;
allow $1_t dns_client_packet_t:packet send;
allow $1_t dns_client_packet_t:packet recv;
allow $1_t etc_t:dir { getattr search };
allow $1_t net_conf_t:file { getattr read lock ioctl };
allow $1_t razor_exec_t:file entrypoint;
allow $1_t razor_exec_t:file { { getattr read execute ioctl } ioctl lock };
services,razor.if,razor_role'
allow $2 razor_exec_t:file { getattr read execute };
allow $2 razor_t:process transition;
allow razor_t $2:fd use;
allow razor_t $2:fifo_file { getattr read write append ioctl lock };
allow razor_t $2:process sigchld;
allow $2 razor_t:dir { search getattr read };
allow $2 razor_t:{ file lnk_file } { read getattr };
allow $2 razor_t:process getattr;
allow $2 razor_t:process signal;
allow $2 razor_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 razor_home_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $2 razor_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 razor_home_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 razor_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 razor_home_t:lnk_file { create read getattr setattr unlink rename };
allow $2 razor_home_t:dir { getattr search };
allow $2 razor_home_t:dir { getattr relabelfrom relabelto };
allow $2 razor_home_t:dir { getattr search };
allow $2 razor_home_t:file { getattr relabelfrom relabelto };
allow $2 razor_home_t:dir { getattr search };
allow $2 razor_home_t:lnk_file { getattr relabelfrom relabelto };
services,razor.if,razor_domtrans'
allow $1 razor_exec_t:file { getattr read execute };
allow $1 razor_t:process transition;
allow razor_t $1:fd use;
allow razor_t $1:fifo_file { getattr read write append ioctl lock };
allow razor_t $1:process sigchld;
services,remotelogin.if,remotelogin_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 login_exec_t:file { getattr read execute };
allow $1 remote_login_t:process transition;
allow remote_login_t $1:fd use;
allow remote_login_t $1:fifo_file { getattr read write append ioctl lock };
allow remote_login_t $1:process sigchld;
services,remotelogin.if,remotelogin_signal'
allow $1 remote_login_t:process signal;
services,resmgr.if,resmgr_stream_connect'
allow $1 resmgrd_t:unix_stream_socket connectto;
allow $1 resmgrd_var_run_t:sock_file { getattr write };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
services,rhgb.if,rhgb_stub'
services,rhgb.if,rhgb_use_fds'
allow $1 rhgb_t:fd use;
services,rhgb.if,rhgb_getpgid'
allow $1 rhgb_t:process getpgid;
services,rhgb.if,rhgb_signal'
allow $1 rhgb_t:process signal;
services,rhgb.if,rhgb_rw_stream_sockets'
allow $1 rhgb_t:unix_stream_socket { read write };
services,rhgb.if,rhgb_dontaudit_rw_stream_sockets'
services,rhgb.if,rhgb_stream_connect'
allow $1 rhgb_t:unix_stream_socket connectto;
services,rhgb.if,rhgb_rw_shm'
allow $1 rhgb_t:shm { associate getattr read write lock unix_read unix_write };
services,rhgb.if,rhgb_use_ptys'
allow $1 rhgb_devpts_t:chr_file { getattr read write ioctl };
services,rhgb.if,rhgb_dontaudit_use_ptys'
services,rhgb.if,rhgb_rw_tmpfs_files'
allow $1 rhgb_tmpfs_t:file { getattr read write append ioctl lock };
services,ricci.if,ricci_domtrans'
allow $1 ricci_exec_t:file { getattr read execute };
allow $1 ricci_t:process transition;
allow ricci_t $1:fd use;
allow ricci_t $1:fifo_file { getattr read write append ioctl lock };
allow ricci_t $1:process sigchld;
services,ricci.if,ricci_domtrans_modcluster'
allow $1 ricci_modcluster_exec_t:file { getattr read execute };
allow $1 ricci_modcluster_t:process transition;
allow ricci_modcluster_t $1:fd use;
allow ricci_modcluster_t $1:fifo_file { getattr read write append ioctl lock };
allow ricci_modcluster_t $1:process sigchld;
services,ricci.if,ricci_dontaudit_use_modcluster_fds'
services,ricci.if,ricci_dontaudit_rw_modcluster_pipes'
services,ricci.if,ricci_stream_connect_modclusterd'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 ricci_modcluster_var_run_t:sock_file write;
allow $1 ricci_modclusterd_t:unix_stream_socket connectto;
services,ricci.if,ricci_domtrans_modlog'
allow $1 ricci_modlog_exec_t:file { getattr read execute };
allow $1 ricci_modlog_t:process transition;
allow ricci_modlog_t $1:fd use;
allow ricci_modlog_t $1:fifo_file { getattr read write append ioctl lock };
allow ricci_modlog_t $1:process sigchld;
services,ricci.if,ricci_domtrans_modrpm'
allow $1 ricci_modrpm_exec_t:file { getattr read execute };
allow $1 ricci_modrpm_t:process transition;
allow ricci_modrpm_t $1:fd use;
allow ricci_modrpm_t $1:fifo_file { getattr read write append ioctl lock };
allow ricci_modrpm_t $1:process sigchld;
services,ricci.if,ricci_domtrans_modservice'
allow $1 ricci_modservice_exec_t:file { getattr read execute };
allow $1 ricci_modservice_t:process transition;
allow ricci_modservice_t $1:fd use;
allow ricci_modservice_t $1:fifo_file { getattr read write append ioctl lock };
allow ricci_modservice_t $1:process sigchld;
services,ricci.if,ricci_domtrans_modstorage'
allow $1 ricci_modstorage_exec_t:file { getattr read execute };
allow $1 ricci_modstorage_t:process transition;
allow ricci_modstorage_t $1:fd use;
allow ricci_modstorage_t $1:fifo_file { getattr read write append ioctl lock };
allow ricci_modstorage_t $1:process sigchld;
services,rlogin.if,rlogin_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 rlogind_exec_t:file { getattr read execute };
allow $1 rlogind_t:process transition;
allow rlogind_t $1:fd use;
allow rlogind_t $1:fifo_file { getattr read write append ioctl lock };
allow rlogind_t $1:process sigchld;
services,roundup.if,roundup_admin'
allow $1 roundup_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 roundup_t:dir { search getattr read };
allow $1 roundup_t:{ file lnk_file } { read getattr };
allow $1 roundup_t:process getattr;
allow $1 roundup_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,rpc.if,rpc_stub'
allow $1_t self:capability net_bind_service;
allow $1_t self:process { sigchld sigkill sigstop signull signal };
allow $1_t self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t self:unix_stream_socket { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } listen accept };
allow $1_t self:tcp_socket { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } listen accept };
allow $1_t self:udp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t var_lib_nfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t var_lib_nfs_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1_t var_lib_nfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t var_lib_nfs_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
services,rpc.if,rpc_udp_send'
services,rpc.if,rpc_dontaudit_getattr_exports'
services,rpc.if,rpc_read_exports'
allow $1 exports_t:file { getattr read lock ioctl };
services,rpc.if,rpc_write_exports'
allow $1 exports_t:file write;
services,rpc.if,rpc_domtrans_nfsd'
allow $1 nfsd_exec_t:file { getattr read execute };
allow $1 nfsd_t:process transition;
allow nfsd_t $1:fd use;
allow nfsd_t $1:fifo_file { getattr read write append ioctl lock };
allow nfsd_t $1:process sigchld;
services,rpc.if,rpc_read_nfs_content'
allow $1 { nfsd_ro_t nfsd_rw_t }:dir { getattr search read lock ioctl };
allow $1 { nfsd_ro_t nfsd_rw_t }:file { getattr read lock ioctl };
allow $1 { nfsd_ro_t nfsd_rw_t }:lnk_file { getattr read };
services,rpc.if,rpc_manage_nfs_rw_content'
allow $1 nfsd_rw_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 nfsd_rw_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 nfsd_rw_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 nfsd_rw_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 nfsd_rw_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 nfsd_rw_t:lnk_file { create read getattr setattr unlink rename };
services,rpc.if,rpc_manage_nfs_ro_content'
allow $1 nfsd_ro_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 nfsd_ro_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 nfsd_ro_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 nfsd_ro_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 nfsd_ro_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 nfsd_ro_t:lnk_file { create read getattr setattr unlink rename };
services,rpc.if,rpc_udp_rw_nfs_sockets'
allow $1 nfsd_t:udp_socket { ioctl read getattr write setattr append bind connect getopt setopt shutdown };
services,rpc.if,rpc_udp_send_nfs'
services,rpc.if,rpc_search_nfs_state_data'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 var_lib_nfs_t:dir search;
services,rpc.if,rpc_read_nfs_state_data'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 var_lib_nfs_t:dir { getattr search };
allow $1 var_lib_nfs_t:file { getattr read lock ioctl };
services,rpcbind.if,rpcbind_domtrans'
allow $1 rpcbind_exec_t:file { getattr read execute };
allow $1 rpcbind_t:process transition;
allow rpcbind_t $1:fd use;
allow rpcbind_t $1:fifo_file { getattr read write append ioctl lock };
allow rpcbind_t $1:process sigchld;
services,rpcbind.if,rpcbind_read_pid_files'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 rpcbind_var_run_t:file { getattr read lock ioctl };
services,rpcbind.if,rpcbind_search_lib'
allow $1 rpcbind_var_lib_t:dir { getattr search };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
services,rpcbind.if,rpcbind_read_lib_files'
allow $1 rpcbind_var_lib_t:dir { getattr search };
allow $1 rpcbind_var_lib_t:file { getattr read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
services,rpcbind.if,rpcbind_manage_lib_files'
allow $1 rpcbind_var_lib_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 rpcbind_var_lib_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
services,rpcbind.if,rpcbind_admin'
allow $1 rpcbind_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 rpcbind_t:dir { search getattr read };
allow $1 rpcbind_t:{ file lnk_file } { read getattr };
allow $1 rpcbind_t:process getattr;
allow $1 rbcbind_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
services,rshd.if,rshd_domtrans'
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 rshd_exec_t:file { getattr read execute };
allow $1 rshd_t:process transition;
allow rshd_t $1:fd use;
allow rshd_t $1:fifo_file { getattr read write append ioctl lock };
allow rshd_t $1:process sigchld;
services,rsync.if,rsync_entry_type'
allow $1 rsync_exec_t:file entrypoint;
allow $1 rsync_exec_t:file { { getattr read execute ioctl } ioctl lock };
services,rsync.if,rsync_entry_spec_domtrans'
allow $1 rsync_exec_t:file { getattr read execute };
allow $1 $2:process transition;
services,rsync.if,rsync_entry_domtrans'
allow $1 rsync_exec_t:file { getattr read execute };
allow $1 $2:process transition;
services,rsync.if,rsync_exec'
allow $1 rsync_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
services,rwho.if,rwho_domtrans'
allow $1 rwho_exec_t:file { getattr read execute };
allow $1 rwho_t:process transition;
allow rwho_t $1:fd use;
allow rwho_t $1:fifo_file { getattr read write append ioctl lock };
allow rwho_t $1:process sigchld;
services,rwho.if,rwho_search_log'
allow $1 rwho_log_t:dir { getattr search };
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
services,rwho.if,rwho_read_log_files'
allow $1 rwho_log_t:file { getattr read lock ioctl };
allow $1 rwho_log_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
services,rwho.if,rwho_search_spool'
allow $1 rwho_spool_t:dir { getattr search };
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search };
services,rwho.if,rwho_read_spool_files'
allow $1 rwho_spool_t:dir { getattr search };
allow $1 rwho_spool_t:file { getattr read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search };
services,rwho.if,rwho_manage_spool_files'
allow $1 rwho_spool_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 rwho_spool_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search };
services,rwho.if,rwho_admin'
allow $1 rwho_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 rwho_t:dir { search getattr read };
allow $1 rwho_t:{ file lnk_file } { read getattr };
allow $1 rwho_t:process getattr;
allow $1 rwho_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search read lock ioctl };
services,samba.if,samba_domtrans_net'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 samba_net_exec_t:file { getattr read execute };
allow $1 samba_net_t:process transition;
allow samba_net_t $1:fd use;
allow samba_net_t $1:fifo_file { getattr read write append ioctl lock };
allow samba_net_t $1:process sigchld;
services,samba.if,samba_run_net'
services,samba.if,samba_domtrans_smbmount'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 smbmount_exec_t:file { getattr read execute };
allow $1 smbmount_t:process transition;
allow smbmount_t $1:fd use;
allow smbmount_t $1:fifo_file { getattr read write append ioctl lock };
allow smbmount_t $1:process sigchld;
services,samba.if,samba_run_smbmount'
services,samba.if,samba_read_config'
allow $1 etc_t:dir { getattr search };
allow $1 samba_etc_t:dir { getattr search };
allow $1 samba_etc_t:file { getattr read lock ioctl };
services,samba.if,samba_rw_config'
allow $1 etc_t:dir { getattr search };
allow $1 samba_etc_t:dir { getattr search };
allow $1 samba_etc_t:file { getattr read write append ioctl lock };
services,samba.if,samba_read_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 samba_log_t:dir { getattr search read lock ioctl };
allow $1 samba_log_t:dir { getattr search };
allow $1 samba_log_t:file { getattr read lock ioctl };
services,samba.if,samba_append_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 samba_log_t:dir { getattr search read lock ioctl };
allow $1 samba_log_t:file { getattr append lock ioctl };
services,samba.if,samba_exec_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 samba_log_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
services,samba.if,samba_read_secrets'
allow $1 etc_t:dir { getattr search };
allow $1 samba_secrets_t:file { getattr read lock ioctl };
services,samba.if,samba_search_var'
allow $1 var_t:dir { getattr search };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 samba_var_t:dir { getattr search };
services,samba.if,samba_read_var_files'
allow $1 var_t:dir { getattr search };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 samba_var_t:dir { getattr search };
allow $1 samba_var_t:file { getattr read lock ioctl };
services,samba.if,samba_rw_var_files'
allow $1 var_t:dir { getattr search };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 samba_var_t:dir { getattr search };
allow $1 samba_var_t:file { getattr read write append ioctl lock };
services,samba.if,samba_manage_var_files'
allow $1 var_t:dir { getattr search };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 samba_var_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 samba_var_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
services,samba.if,samba_dontaudit_use_fds'
services,samba.if,samba_write_smbmount_tcp_sockets'
allow $1 smbmount_t:tcp_socket write;
services,samba.if,samba_rw_smbmount_tcp_sockets'
allow $1 smbmount_t:tcp_socket { read write };
services,samba.if,samba_domtrans_winbind_helper'
allow $1 winbind_helper_exec_t:file { getattr read execute };
allow $1 winbind_helper_t:process transition;
allow winbind_helper_t $1:fd use;
allow winbind_helper_t $1:fifo_file { getattr read write append ioctl lock };
allow winbind_helper_t $1:process sigchld;
services,samba.if,samba_run_winbind_helper'
services,samba.if,samba_read_winbind_pid'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 winbind_var_run_t:file { getattr read lock ioctl };
services,samba.if,samba_stream_connect_winbind'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 samba_var_t:dir { getattr search };
allow $1 winbind_var_run_t:dir { getattr search };
allow $1 winbind_var_run_t:sock_file { getattr write };
allow $1 winbind_t:unix_stream_socket connectto;
services,sasl.if,sasl_connect'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 saslauthd_var_run_t:dir { getattr search };
allow $1 saslauthd_var_run_t:sock_file { getattr write };
allow $1 saslauthd_t:unix_stream_socket connectto;
services,sasl.if,sasl_admin'
allow $1 saslauthd_t:process { ptrace { sigchld sigkill sigstop signull signal } getattr };
allow $1 saslauthd_t:dir { search getattr read };
allow $1 saslauthd_t:{ file lnk_file } { read getattr };
allow $1 saslauthd_t:process getattr;
allow $1 saslauthd_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 tmp_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,sendmail.if,sendmail_stub'
services,sendmail.if,sendmail_domtrans'
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:lnk_file { getattr read };
allow $1 sendmail_exec_t:file { getattr read execute };
allow $1 sendmail_t:process transition;
allow $1 sendmail_t:fd use;
allow sendmail_t $1:fd use;
allow sendmail_t $1:fifo_file { getattr read write append ioctl lock };
allow sendmail_t $1:process sigchld;
services,sendmail.if,sendmail_signal'
allow $1 sendmail_t:process signal;
services,sendmail.if,sendmail_rw_tcp_sockets'
allow $1 sendmail_t:tcp_socket { read write };
services,sendmail.if,sendmail_rw_unix_stream_sockets'
allow $1 sendmail_t:unix_stream_socket { read write };
services,sendmail.if,sendmail_read_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 sendmail_log_t:dir { getattr search };
allow $1 sendmail_log_t:file { getattr read lock ioctl };
services,sendmail.if,sendmail_manage_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 sendmail_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 sendmail_log_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
services,sendmail.if,sendmail_create_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { read getattr lock search ioctl add_name remove_name write };
services,setroubleshoot.if,setroubleshoot_stream_connect'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 setroubleshoot_var_run_t:sock_file write;
allow $1 setroubleshootd_t:unix_stream_socket connectto;
services,setroubleshoot.if,setroubleshoot_dontaudit_stream_connect'
services,slrnpull.if,slrnpull_search_spool'
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search };
allow $1 slrnpull_spool_t:dir { getattr search };
services,slrnpull.if,slrnpull_manage_spool'
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search };
allow $1 slrnpull_spool_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 slrnpull_spool_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 slrnpull_spool_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 slrnpull_spool_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 slrnpull_spool_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 slrnpull_spool_t:lnk_file { create read getattr setattr unlink rename };
services,smartmon.if,smartmon_read_tmp_files'
allow $1 fsdaemon_tmp_t:file { getattr read lock ioctl };
services,smartmon.if,smartmon_admin'
allow $1 fsdaemon_t:process { ptrace { sigchld sigkill sigstop signull signal } getattr };
allow $1 fsdaemon_t:dir { search getattr read };
allow $1 fsdaemon_t:{ file lnk_file } { read getattr };
allow $1 fsdaemon_t:process getattr;
allow $1 fsdaemon_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 tmp_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,snmp.if,snmp_tcp_connect'
services,snmp.if,snmp_udp_chat'
services,snmp.if,snmp_read_snmp_var_lib_files'
allow $1 snmpd_var_lib_t:dir { getattr search read lock ioctl };
allow $1 snmpd_var_lib_t:dir { getattr search };
allow $1 snmpd_var_lib_t:file { getattr read lock ioctl };
allow $1 snmpd_var_lib_t:dir { getattr search };
allow $1 snmpd_var_lib_t:lnk_file { getattr read };
services,snmp.if,snmp_dontaudit_read_snmp_var_lib_files'
services,snmp.if,snmp_dontaudit_write_snmp_var_lib_files'
services,snmp.if,snmp_admin'
allow $1 snmpd_t:process { ptrace { sigchld sigkill sigstop signull signal } getattr };
allow $1 snmpd_t:dir { search getattr read };
allow $1 snmpd_t:{ file lnk_file } { read getattr };
allow $1 snmpd_t:process getattr;
allow $1 snmpd_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,snort.if,snort_domtrans'
allow $1 snort_exec_t:file { getattr read execute };
allow $1 snort_t:process transition;
allow snort_t $1:fd use;
allow snort_t $1:fifo_file { getattr read write append ioctl lock };
allow snort_t $1:process sigchld;
services,snort.if,snort_admin'
allow $1 snort_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 snort_t:dir { search getattr read };
allow $1 snort_t:{ file lnk_file } { read getattr };
allow $1 snort_t:process getattr;
allow $1 snort_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 etc_t:dir { getattr search };
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
services,soundserver.if,soundserver_tcp_connect'
services,soundserver.if,soundserver_admin'
allow $1 soundd_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 soundd_t:dir { search getattr read };
allow $1 soundd_t:{ file lnk_file } { read getattr };
allow $1 soundd_t:process getattr;
allow $1 soundd_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 tmp_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,spamassassin.if,spamassassin_role'
allow $2 spamassassin_exec_t:file { getattr read execute };
allow $2 spamassassin_t:process transition;
allow spamassassin_t $2:fd use;
allow spamassassin_t $2:fifo_file { getattr read write append ioctl lock };
allow spamassassin_t $2:process sigchld;
allow $2 spamassassin_t:dir { search getattr read };
allow $2 spamassassin_t:{ file lnk_file } { read getattr };
allow $2 spamassassin_t:process getattr;
allow $2 spamc_exec_t:file { getattr read execute };
allow $2 spamc_t:process transition;
allow spamc_t $2:fd use;
allow spamc_t $2:fifo_file { getattr read write append ioctl lock };
allow spamc_t $2:process sigchld;
allow $2 spamc_t:dir { search getattr read };
allow $2 spamc_t:{ file lnk_file } { read getattr };
allow $2 spamc_t:process getattr;
allow $2 spamassassin_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 spamassassin_home_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $2 spamassassin_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 spamassassin_home_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 spamassassin_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 spamassassin_home_t:lnk_file { create read getattr setattr unlink rename };
allow $2 spamassassin_home_t:dir { getattr search };
allow $2 spamassassin_home_t:dir { getattr relabelfrom relabelto };
allow $2 spamassassin_home_t:dir { getattr search };
allow $2 spamassassin_home_t:file { getattr relabelfrom relabelto };
allow $2 spamassassin_home_t:dir { getattr search };
allow $2 spamassassin_home_t:lnk_file { getattr relabelfrom relabelto };
services,spamassassin.if,spamassassin_exec'
allow $1 spamassassin_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
services,spamassassin.if,spamassassin_signal_spamd'
allow $1 spamd_t:process signal;
services,spamassassin.if,spamassassin_exec_spamd'
allow $1 spamd_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
services,spamassassin.if,spamassassin_domtrans_client'
allow $1 spamc_exec_t:file { getattr read execute };
allow $1 spamc_t:process transition;
allow spamc_t $1:fd use;
allow spamc_t $1:fifo_file { getattr read write append ioctl lock };
allow spamc_t $1:process sigchld;
services,spamassassin.if,spamassassin_exec_client'
allow $1 spamc_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
services,spamassassin.if,spamassassin_domtrans_local_client'
allow $1 spamassassin_exec_t:file { getattr read execute };
allow $1 spamassassin_t:process transition;
allow spamassassin_t $1:fd use;
allow spamassassin_t $1:fifo_file { getattr read write append ioctl lock };
allow spamassassin_t $1:process sigchld;
services,spamassassin.if,spamassassin_read_lib_files'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 spamd_var_lib_t:dir { getattr search };
allow $1 spamd_var_lib_t:file { getattr read lock ioctl };
services,spamassassin.if,spamassassin_manage_lib_files'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 spamd_var_lib_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 spamd_var_lib_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
services,spamassassin.if,spamassassin_read_spamd_tmp_files'
allow $1 spamd_tmp_t:file { getattr read lock ioctl };
services,spamassassin.if,spamassassin_dontaudit_getattr_spamd_tmp_sockets'
services,squid.if,squid_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 squid_exec_t:file { getattr read execute };
allow $1 squid_t:process transition;
allow squid_t $1:fd use;
allow squid_t $1:fifo_file { getattr read write append ioctl lock };
allow squid_t $1:process sigchld;
services,squid.if,squid_signal'
allow $1 squid_t:process signal;
services,squid.if,squid_rw_stream_sockets'
allow $1 squid_t:unix_stream_socket { getattr read write };
services,squid.if,squid_dontaudit_search_cache'
services,squid.if,squid_read_config'
allow $1 etc_t:dir { getattr search };
allow $1 squid_conf_t:dir { getattr search };
allow $1 squid_conf_t:file { getattr read lock ioctl };
services,squid.if,squid_read_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 squid_log_t:dir { getattr search };
allow $1 squid_log_t:file { getattr read lock ioctl };
services,squid.if,squid_append_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 squid_log_t:dir { getattr search };
allow $1 squid_log_t:file { getattr append lock ioctl };
services,squid.if,squid_manage_logs'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 squid_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 squid_log_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
services,squid.if,squid_use'
services,squid.if,squid_admin'
allow $1 squid_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 squid_t:dir { search getattr read };
allow $1 squid_t:{ file lnk_file } { read getattr };
allow $1 squid_t:process getattr;
allow $1 squid_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 var_t:dir { getattr search read lock ioctl };
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
allow $1_ssh_t ssh_exec_t:file entrypoint;
allow $1_ssh_t ssh_exec_t:file { { getattr read execute ioctl } ioctl lock };
allow $1_ssh_t default_t:dir { getattr search read lock ioctl };
allow $1_ssh_t default_t:file { getattr read lock ioctl };
allow $1_ssh_t default_t:lnk_file { getattr read };
allow $1_ssh_t default_t:sock_file { getattr read };
allow $1_ssh_t default_t:fifo_file { getattr read lock ioctl };
allow $1_t cifs_t:dir { getattr search read lock ioctl };
allow $1_t cifs_t:dir { getattr search };
allow $1_t cifs_t:file { getattr read lock ioctl };
allow $1_ssh_agent_t nfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_ssh_agent_t nfs_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1_ssh_agent_t nfs_t:dir { getattr search };
allow $1_ssh_agent_t nfs_t:file { getattr read execute };
allow $1_ssh_agent_t $3:process transition;
allow $1_ssh_agent_t cifs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_ssh_agent_t cifs_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1_ssh_agent_t cifs_t:dir { getattr search };
allow $1_ssh_agent_t cifs_t:file { getattr read execute };
allow $1_ssh_agent_t $3:process transition;
services,ssh.if,ssh_sigchld'
allow $1 sshd_t:process sigchld;
services,ssh.if,ssh_read_pipes'
allow $1 sshd_t:fifo_file { getattr read };
services,ssh.if,ssh_rw_stream_sockets'
allow $1 sshd_t:unix_stream_socket { { ioctl read getattr write setattr append bind connect getopt setopt shutdown } listen accept };
services,ssh.if,ssh_rw_tcp_sockets'
allow $1 sshd_t:tcp_socket { { ioctl read getattr write setattr append bind connect getopt setopt shutdown } listen accept };
services,ssh.if,ssh_dontaudit_rw_tcp_sockets'
services,ssh.if,ssh_tcp_connect'
services,ssh.if,ssh_domtrans'
allow $1 sshd_exec_t:file { getattr read execute };
allow $1 sshd_t:process transition;
allow sshd_t $1:fd use;
allow sshd_t $1:fifo_file { getattr read write append ioctl lock };
allow sshd_t $1:process sigchld;
services,ssh.if,ssh_exec'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 ssh_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
services,ssh.if,ssh_domtrans_keygen'
allow $1 ssh_keygen_exec_t:file { getattr read execute };
allow $1 ssh_keygen_t:process transition;
allow ssh_keygen_t $1:fd use;
allow ssh_keygen_t $1:fifo_file { getattr read write append ioctl lock };
allow ssh_keygen_t $1:process sigchld;
services,ssh.if,ssh_dontaudit_read_server_keys'
services,stunnel.if,stunnel_service_domain'
allow stunnel_t $2:file { getattr read execute };
allow stunnel_t $1:process transition;
allow $1 stunnel_t:fd use;
allow $1 stunnel_t:fifo_file { getattr read write append ioctl lock };
allow $1 stunnel_t:process sigchld;
allow $1 stunnel_t:tcp_socket { ioctl read getattr write setattr append bind connect getopt setopt shutdown };
services,sysstat.if,sysstat_manage_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 sysstat_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 sysstat_log_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
services,tcpd.if,tcpd_domtrans'
allow $1 tcpd_exec_t:file { getattr read execute };
allow $1 tcpd_t:process transition;
allow tcpd_t $1:fd use;
allow tcpd_t $1:fifo_file { getattr read write append ioctl lock };
allow tcpd_t $1:process sigchld;
services,tcpd.if,tcpd_wrapped_domain'
allow tcpd_t $2:file { getattr read execute };
allow tcpd_t $1:process transition;
allow $1 tcpd_t:fd use;
allow $1 tcpd_t:fifo_file { getattr read write append ioctl lock };
allow $1 tcpd_t:process sigchld;
services,tftp.if,tftp_admin'
allow $1 tftpd_t:process { ptrace { sigchld sigkill sigstop signull signal } getattr };
allow $1 tftpd_t:dir { search getattr read };
allow $1 tftpd_t:{ file lnk_file } { read getattr };
allow $1 tftpd_t:process getattr;
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,tor.if,tor_domtrans'
allow $1 tor_exec_t:file { getattr read execute };
allow $1 tor_t:process transition;
allow tor_t $1:fd use;
allow tor_t $1:fifo_file { getattr read write append ioctl lock };
allow tor_t $1:process sigchld;
services,tor.if,tor_admin'
allow $1 tor_t:process { ptrace { sigchld sigkill sigstop signull signal } getattr };
allow $1 tor_t:dir { search getattr read };
allow $1 tor_t:{ file lnk_file } { read getattr };
allow $1 tor_t:process getattr;
allow $1 tor_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
allow ucspitcp_t $2:file { getattr read execute };
allow ucspitcp_t $1:process transition;
allow $1 ucspitcp_t:fd use;
allow $1 ucspitcp_t:process sigchld;
allow $1 ucspitcp_t:tcp_socket { { ioctl read getattr write setattr append bind connect getopt setopt shutdown } listen accept };
services,uucp.if,uucp_append_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 uucpd_log_t:dir { getattr search read lock ioctl };
allow $1 uucpd_log_t:dir { getattr search };
allow $1 uucpd_log_t:file { getattr append lock ioctl };
services,uucp.if,uucp_manage_spool'
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search };
allow $1 uucpd_spool_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 uucpd_spool_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 uucpd_spool_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 uucpd_spool_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 uucpd_spool_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 uucpd_spool_t:lnk_file { create read getattr setattr unlink rename };
services,uucp.if,uucp_domtrans_uux'
allow $1 uux_exec_t:file { getattr read execute };
allow $1 uux_t:process transition;
allow uux_t $1:fd use;
allow uux_t $1:fifo_file { getattr read write append ioctl lock };
allow uux_t $1:process sigchld;
services,uucp.if,uucp_admin'
allow $1 uucpd_t:process { ptrace { sigchld sigkill sigstop signull signal } getattr };
allow $1 uucpd_t:dir { search getattr read };
allow $1 uucpd_t:{ file lnk_file } { read getattr };
allow $1 uucpd_t:process getattr;
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_spool_t:dir { getattr search read lock ioctl };
allow $1 tmp_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,uwimap.if,uwimap_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 imapd_exec_t:file { getattr read execute };
allow $1 imapd_t:process transition;
allow imapd_t $1:fd use;
allow imapd_t $1:fifo_file { getattr read write append ioctl lock };
allow imapd_t $1:process sigchld;
services,virt.if,virt_image'
services,virt.if,virt_domtrans'
allow $1 virtd_exec_t:file { getattr read execute };
allow $1 virtd_t:process transition;
allow virtd_t $1:fd use;
allow virtd_t $1:fifo_file { getattr read write append ioctl lock };
allow virtd_t $1:process sigchld;
services,virt.if,virt_stream_connect'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 virt_var_run_t:dir { getattr search };
allow $1 virt_var_run_t:sock_file { getattr write };
allow $1 virtd_t:unix_stream_socket connectto;
services,virt.if,virt_read_config'
allow $1 etc_t:dir { getattr search };
allow $1 virt_etc_t:dir { getattr search };
allow $1 virt_etc_t:file { getattr read lock ioctl };
allow $1 virt_etc_rw_t:dir { getattr search };
allow $1 virt_etc_rw_t:file { getattr read lock ioctl };
services,virt.if,virt_manage_config'
allow $1 etc_t:dir { getattr search };
allow $1 virt_etc_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 virt_etc_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 virt_etc_rw_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 virt_etc_rw_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
services,virt.if,virt_read_pid_files'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 virt_var_run_t:file { getattr read lock ioctl };
services,virt.if,virt_manage_pid_files'
allow $1 virt_var_run_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 virt_var_run_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
services,virt.if,virt_search_lib'
allow $1 virt_var_lib_t:dir { getattr search };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
services,virt.if,virt_read_lib_files'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 virt_var_lib_t:dir { getattr search };
allow $1 virt_var_lib_t:file { getattr read lock ioctl };
services,virt.if,virt_manage_lib_files'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 virt_var_lib_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 virt_var_lib_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
services,virt.if,virt_read_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 virt_log_t:dir { getattr search };
allow $1 virt_log_t:file { getattr read lock ioctl };
services,virt.if,virt_append_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 virt_log_t:dir { getattr search };
allow $1 virt_log_t:file { getattr append lock ioctl };
services,virt.if,virt_manage_log'
allow $1 virt_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 virt_log_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 virt_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 virt_log_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 virt_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 virt_log_t:lnk_file { create read getattr setattr unlink rename };
services,virt.if,virt_manage_images'
allow $1 virt_image_t:dir { getattr search read lock ioctl };
allow $1 virt_image_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 virt_image_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 virt_image_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 virt_image_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 virt_image_t:dir { getattr search };
allow $1 virt_image_t:lnk_file { getattr read };
allow $1 virt_image_t:dir { getattr search };
allow $1 virt_image_t:blk_file { getattr read write append ioctl lock };
allow $1 nfs_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 nfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 nfs_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 nfs_t:dir { getattr search read lock ioctl };
allow $1 nfs_t:dir { getattr search };
allow $1 nfs_t:lnk_file { getattr read };
allow $1 nfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 nfs_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 cifs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 cifs_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 cifs_t:dir { getattr search read lock ioctl };
allow $1 cifs_t:dir { getattr search };
allow $1 cifs_t:lnk_file { getattr read };
services,virt.if,virt_admin'
allow $1 virtd_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 virtd_t:dir { search getattr read };
allow $1 virtd_t:{ file lnk_file } { read getattr };
allow $1 virtd_t:process getattr;
allow $1 virtd_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
services,xfs.if,xfs_read_sockets'
allow $1 tmp_t:dir { getattr search };
allow $1 xfs_tmp_t:dir { getattr search };
allow $1 xfs_tmp_t:sock_file { getattr read };
services,xfs.if,xfs_stream_connect'
allow $1 tmp_t:dir { getattr search };
allow $1 xfs_tmp_t:dir { getattr search };
allow $1 xfs_tmp_t:sock_file { getattr write };
allow $1 xfs_t:unix_stream_socket connectto;
services,xfs.if,xfs_exec'
allow $1 xfs_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
services,xserver.if,xserver_role'
allow $2 xserver_exec_t:file { getattr read execute };
allow $2 xserver_t:process transition;
allow xserver_t $2:fd use;
allow xserver_t $2:fifo_file { getattr read write append ioctl lock };
allow xserver_t $2:process sigchld;
allow xserver_t $2:process signal;
allow xserver_t $2:shm { associate getattr read write lock unix_read unix_write };
allow $2 user_fonts_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 user_fonts_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $2 user_fonts_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 user_fonts_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 user_fonts_t:dir { getattr search };
allow $2 user_fonts_t:dir { getattr relabelfrom relabelto };
allow $2 user_fonts_t:dir { getattr search };
allow $2 user_fonts_t:file { getattr relabelfrom relabelto };
allow $2 user_fonts_cache_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 user_fonts_cache_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $2 user_fonts_cache_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 user_fonts_cache_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 user_fonts_cache_t:dir { getattr search };
allow $2 user_fonts_cache_t:dir { getattr relabelfrom relabelto };
allow $2 user_fonts_cache_t:dir { getattr search };
allow $2 user_fonts_cache_t:file { getattr relabelfrom relabelto };
allow $2 user_fonts_config_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 user_fonts_config_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $2 user_fonts_config_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 user_fonts_config_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 user_fonts_config_t:dir { getattr search };
allow $2 user_fonts_config_t:dir { getattr relabelfrom relabelto };
allow $2 user_fonts_config_t:dir { getattr search };
allow $2 user_fonts_config_t:file { getattr relabelfrom relabelto };
allow $2 xserver_tmp_t:dir { getattr search };
allow $2 xserver_tmp_t:sock_file { getattr write };
allow $2 xserver_t:unix_stream_socket connectto;
allow $2 xserver_tmpfs_t:file { getattr read write append ioctl lock };
allow xserver_t $2:shm { associate getattr read write lock unix_read unix_write };
allow $2 xserver_t:shm { associate getattr read write lock unix_read unix_write };
allow $2 iceauth_t:dir { search getattr read };
allow $2 iceauth_t:{ file lnk_file } { read getattr };
allow $2 iceauth_t:process getattr;
allow $2 iceauth_exec_t:file { getattr read execute };
allow $2 iceauth_t:process transition;
allow iceauth_t $2:fd use;
allow iceauth_t $2:fifo_file { getattr read write append ioctl lock };
allow iceauth_t $2:process sigchld;
allow $2 iceauth_home_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 iceauth_home_t:file { relabelfrom relabelto };
allow $2 xauth_exec_t:file { getattr read execute };
allow $2 xauth_t:process transition;
allow xauth_t $2:fd use;
allow xauth_t $2:fifo_file { getattr read write append ioctl lock };
allow xauth_t $2:process sigchld;
allow $2 xauth_t:process signal;
allow $2 xauth_t:dir { search getattr read };
allow $2 xauth_t:{ file lnk_file } { read getattr };
allow $2 xauth_t:process getattr;
allow $2 xauth_home_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 xauth_home_t:file { relabelfrom relabelto };
allow $2 xserver_t:x_device { manage freeze force_cursor };
allow $2 xserver_t:x_server manage;
allow $2 xserver_t:x_resource write;
allow $2 rootwindow_t:x_colormap { install uninstall };
allow $2 rootwindow_t:x_drawable { read write manage setattr };
allow $2 xserver_t:x_screen { saver_getattr saver_setattr setattr };
allow $2 info_xproperty_t:x_property { create append write };
services,xserver.if,xserver_ro_session'
allow xserver_t $1:fd use;
allow xserver_t $1:shm { associate getattr read write lock unix_read unix_write };
allow xserver_t $2:file { getattr read write append ioctl lock };
allow $1 xserver_t:unix_stream_socket connectto;
allow $1 xserver_t:process signal;
allow $1 xserver_tmp_t:file { getattr read };
allow $1 xserver_t:fd use;
allow $1 xserver_t:shm { associate getattr read unix_read };
allow $1 xserver_tmpfs_t:file { getattr read lock ioctl };
services,xserver.if,xserver_rw_session'
allow $1 xserver_t:shm { associate getattr read write lock unix_read unix_write };
allow $1 xserver_tmpfs_t:file { getattr read write append ioctl lock };
services,xserver.if,xserver_user_client'
allow $1 self:shm { associate getattr setattr create destroy read write lock unix_read unix_write };
allow $1 self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 self:unix_stream_socket { connectto { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } listen accept } };
allow $1 xauth_home_t:file { getattr read };
allow $1 iceauth_home_t:file { getattr read };
allow $1 xdm_t:fd use;
allow $1 xdm_t:fifo_file { getattr read write ioctl };
allow $1 xdm_tmp_t:dir search;
allow $1 xdm_tmp_t:sock_file { read write };
allow $1 tmp_t:dir { getattr search };
allow $1 usr_t:dir { getattr search };
allow $1 lib_t:dir { getattr search };
allow $1 fonts_t:dir { getattr search read lock ioctl };
allow $1 fonts_t:dir { getattr search };
allow $1 fonts_t:file { getattr read lock ioctl };
allow $1 fonts_t:dir { getattr search };
allow $1 fonts_t:lnk_file { getattr read };
allow $1 user_home_dir_t:dir { getattr search };
allow $1 home_root_t:dir { getattr search };
allow $1 xserver_t:shm { associate getattr read write lock unix_read unix_write };
allow $1 xserver_tmpfs_t:file { getattr read write append ioctl lock };
allow $2 $1_xproperty_t:x_property { create destroy read write append };
allow $2 $1_input_xevent_t:{ x_event x_synthetic_event } receive;
allow $2 $1_property_xevent_t:{ x_event x_synthetic_event } receive;
allow $2 $1_focus_xevent_t:{ x_event x_synthetic_event } receive;
allow $2 $1_manage_xevent_t:{ x_event x_synthetic_event } receive;
allow $2 $1_default_xevent_t:{ x_event x_synthetic_event } receive;
allow $2 $1_client_xevent_t:{ x_event x_synthetic_event } receive;
allow $2 $1_manage_xevent_t:x_synthetic_event send;
allow $2 $1_xproperty_t:x_property { create destroy read write append };
allow $2 $1_input_xevent_t:{ x_event x_synthetic_event } receive;
allow $2 $1_property_xevent_t:{ x_event x_synthetic_event } receive;
allow $2 $1_focus_xevent_t:{ x_event x_synthetic_event } receive;
allow $2 $1_manage_xevent_t:{ x_event x_synthetic_event } receive;
allow $2 $1_default_xevent_t:{ x_event x_synthetic_event } receive;
allow $2 $1_client_xevent_t:{ x_event x_synthetic_event } receive;
allow $2 $1_manage_xevent_t:x_synthetic_event send;
allow $2 $1_xproperty_t:x_property { create destroy read write append };
allow $2 $1_input_xevent_t:{ x_event x_synthetic_event } receive;
allow $2 $1_property_xevent_t:{ x_event x_synthetic_event } receive;
allow $2 $1_focus_xevent_t:{ x_event x_synthetic_event } receive;
allow $2 $1_manage_xevent_t:{ x_event x_synthetic_event } receive;
allow $2 $1_default_xevent_t:{ x_event x_synthetic_event } receive;
allow $2 $1_client_xevent_t:{ x_event x_synthetic_event } receive;
allow $2 $1_manage_xevent_t:x_synthetic_event send;
allow $2 $1_xproperty_t:x_property { create destroy read write append };
allow $2 $1_input_xevent_t:{ x_event x_synthetic_event } receive;
allow $2 $1_property_xevent_t:{ x_event x_synthetic_event } receive;
allow $2 $1_focus_xevent_t:{ x_event x_synthetic_event } receive;
allow $2 $1_manage_xevent_t:{ x_event x_synthetic_event } receive;
allow $2 $1_default_xevent_t:{ x_event x_synthetic_event } receive;
allow $2 $1_client_xevent_t:{ x_event x_synthetic_event } receive;
allow $2 $1_manage_xevent_t:x_synthetic_event send;
allow $2 self:shm { associate getattr setattr create destroy read write lock unix_read unix_write };
allow $2 self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $2 self:unix_stream_socket { connectto { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } listen accept } };
allow $2 xauth_home_t:file { getattr read lock ioctl };
allow $2 iceauth_home_t:file { getattr read lock ioctl };
allow $2 xdm_t:fd use;
allow $2 xdm_t:fifo_file { getattr read write ioctl };
allow $2 xdm_tmp_t:dir { getattr search };
allow $2 xdm_tmp_t:sock_file { read write };
allow $2 tmp_t:dir { getattr search };
allow $2 usr_t:dir { getattr search };
allow $2 lib_t:dir { getattr search };
allow $2 fonts_t:dir { getattr search read lock ioctl };
allow $2 fonts_t:dir { getattr search };
allow $2 fonts_t:file { getattr read lock ioctl };
allow $2 fonts_t:dir { getattr search };
allow $2 fonts_t:lnk_file { getattr read };
allow $2 user_home_dir_t:dir { getattr search };
allow $2 home_root_t:dir { getattr search };
allow $2 self:shm { associate getattr setattr create destroy read write lock unix_read unix_write };
allow $2 self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $2 self:unix_stream_socket { connectto { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } listen accept } };
allow $2 xauth_home_t:file { getattr read lock ioctl };
allow $2 iceauth_home_t:file { getattr read lock ioctl };
allow $2 xdm_t:fd use;
allow $2 xdm_t:fifo_file { getattr read write ioctl };
allow $2 xdm_tmp_t:dir { getattr search };
allow $2 xdm_tmp_t:sock_file { read write };
allow $2 tmp_t:dir { getattr search };
allow $2 usr_t:dir { getattr search };
allow $2 lib_t:dir { getattr search };
allow $2 fonts_t:dir { getattr search read lock ioctl };
allow $2 fonts_t:dir { getattr search };
allow $2 fonts_t:file { getattr read lock ioctl };
allow $2 fonts_t:dir { getattr search };
allow $2 fonts_t:lnk_file { getattr read };
allow $2 user_home_dir_t:dir { getattr search };
allow $2 home_root_t:dir { getattr search };
allow $2 self:shm { associate getattr setattr create destroy read write lock unix_read unix_write };
allow $2 self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $2 self:unix_stream_socket { connectto { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } listen accept } };
allow $2 xauth_home_t:file { getattr read lock ioctl };
allow $2 iceauth_home_t:file { getattr read lock ioctl };
allow $2 xdm_t:fd use;
allow $2 xdm_t:fifo_file { getattr read write ioctl };
allow $2 xdm_tmp_t:dir { getattr search };
allow $2 xdm_tmp_t:sock_file { read write };
allow $2 tmp_t:dir { getattr search };
allow $2 usr_t:dir { getattr search };
allow $2 lib_t:dir { getattr search };
allow $2 fonts_t:dir { getattr search read lock ioctl };
allow $2 fonts_t:dir { getattr search };
allow $2 fonts_t:file { getattr read lock ioctl };
allow $2 fonts_t:dir { getattr search };
allow $2 fonts_t:lnk_file { getattr read };
allow $2 user_home_dir_t:dir { getattr search };
allow $2 home_root_t:dir { getattr search };
allow $2 self:shm { associate getattr setattr create destroy read write lock unix_read unix_write };
allow $2 self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $2 self:unix_stream_socket { connectto { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } listen accept } };
allow $2 xauth_home_t:file { getattr read lock ioctl };
allow $2 iceauth_home_t:file { getattr read lock ioctl };
allow $2 xdm_t:fd use;
allow $2 xdm_t:fifo_file { getattr read write ioctl };
allow $2 xdm_tmp_t:dir { getattr search };
allow $2 xdm_tmp_t:sock_file { read write };
allow $2 tmp_t:dir { getattr search };
allow $2 usr_t:dir { getattr search };
allow $2 lib_t:dir { getattr search };
allow $2 fonts_t:dir { getattr search read lock ioctl };
allow $2 fonts_t:dir { getattr search };
allow $2 fonts_t:file { getattr read lock ioctl };
allow $2 fonts_t:dir { getattr search };
allow $2 fonts_t:lnk_file { getattr read };
allow $2 user_home_dir_t:dir { getattr search };
allow $2 home_root_t:dir { getattr search };
allow $2 xserver_t:shm { associate getattr read write lock unix_read unix_write };
allow $2 xserver_tmpfs_t:file { getattr read write append ioctl lock };
services,xserver.if,xserver_use_user_fonts'
allow $1 user_fonts_t:dir { getattr search read lock ioctl };
allow $1 user_fonts_t:file { getattr read lock ioctl };
allow $1 user_fonts_cache_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 user_fonts_cache_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 user_fonts_cache_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 user_fonts_cache_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 user_fonts_config_t:dir { getattr search read lock ioctl };
allow $1 user_fonts_config_t:file { getattr read lock ioctl };
allow $1 user_home_dir_t:dir { getattr search };
allow $1 home_root_t:dir { getattr search };
services,xserver.if,xserver_domtrans_xauth'
allow $1 xauth_exec_t:file { getattr read execute };
allow $1 xauth_t:process transition;
allow xauth_t $1:fd use;
allow xauth_t $1:fifo_file { getattr read write append ioctl lock };
allow xauth_t $1:process sigchld;
services,xserver.if,xserver_user_home_dir_filetrans_user_xauth'
allow $1 user_home_dir_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 home_root_t:dir { getattr search };
services,xserver.if,xserver_use_all_users_fonts'
services,xserver.if,xserver_read_user_xauth'
allow $1 xauth_home_t:file { getattr read lock ioctl };
allow $1 user_home_dir_t:dir { getattr search };
allow $1 home_root_t:dir { getattr search };
services,xserver.if,xserver_setattr_console_pipes'
allow $1 xconsole_device_t:fifo_file setattr;
services,xserver.if,xserver_rw_console'
allow $1 xconsole_device_t:fifo_file { getattr read write append ioctl lock };
services,xserver.if,xserver_use_xdm_fds'
allow $1 xdm_t:fd use;
services,xserver.if,xserver_dontaudit_use_xdm_fds'
services,xserver.if,xserver_rw_xdm_pipes'
allow $1 xdm_t:fifo_file { getattr read write };
services,xserver.if,xserver_dontaudit_rw_xdm_pipes'
services,xserver.if,xserver_stream_connect_xdm'
allow $1 tmp_t:dir { getattr search };
allow $1 xdm_tmp_t:dir { getattr search };
allow $1 xdm_tmp_t:sock_file { getattr write };
allow $1 xdm_t:unix_stream_socket connectto;
services,xserver.if,xserver_read_xdm_rw_config'
allow $1 etc_t:dir { getattr search };
allow $1 xdm_rw_etc_t:file { getattr read lock ioctl };
services,xserver.if,xserver_setattr_xdm_tmp_dirs'
allow $1 xdm_tmp_t:dir setattr;
services,xserver.if,xserver_create_xdm_tmp_sockets'
allow $1 tmp_t:dir { getattr search };
allow $1 xdm_tmp_t:dir { getattr search read lock ioctl };
allow $1 xdm_tmp_t:dir { getattr search lock ioctl write add_name };
allow $1 xdm_tmp_t:sock_file { getattr create };
services,xserver.if,xserver_read_xdm_pid'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 xdm_var_run_t:file { getattr read lock ioctl };
services,xserver.if,xserver_read_xdm_lib_files'
allow $1 xdm_var_lib_t:file { getattr read lock ioctl };
services,xserver.if,xserver_xsession_entry_type'
allow $1 xsession_exec_t:file entrypoint;
allow $1 xsession_exec_t:file { { getattr read execute ioctl } ioctl lock };
services,xserver.if,xserver_xsession_spec_domtrans'
allow $1 xsession_exec_t:file { getattr read execute };
allow $1 $2:process transition;
services,xserver.if,xserver_getattr_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 xserver_log_t:file getattr;
services,xserver.if,xserver_dontaudit_write_log'
services,xserver.if,xserver_delete_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 xserver_log_t:dir { getattr search read lock ioctl };
allow $1 xserver_log_t:dir { getattr search lock ioctl write remove_name };
allow $1 xserver_log_t:file { getattr unlink };
allow $1 xserver_log_t:dir { getattr search lock ioctl write remove_name };
allow $1 xserver_log_t:fifo_file { getattr unlink };
services,xserver.if,xserver_read_xkb_libs'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 xkb_var_lib_t:dir { getattr search read lock ioctl };
allow $1 xkb_var_lib_t:dir { getattr search };
allow $1 xkb_var_lib_t:file { getattr read lock ioctl };
allow $1 xkb_var_lib_t:dir { getattr search };
allow $1 xkb_var_lib_t:lnk_file { getattr read };
services,xserver.if,xserver_read_xdm_tmp_files'
allow $1 tmp_t:dir { getattr search };
allow $1 xdm_tmp_t:dir { getattr search };
allow $1 xdm_tmp_t:file { getattr read lock ioctl };
services,xserver.if,xserver_dontaudit_read_xdm_tmp_files'
services,xserver.if,xserver_rw_xdm_tmp_files'
allow $1 xdm_tmp_t:dir { getattr search };
allow $1 xdm_tmp_t:file { getattr read write append ioctl lock };
services,xserver.if,xserver_manage_xdm_tmp_files'
allow $1 xdm_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 xdm_tmp_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
services,xserver.if,xserver_dontaudit_getattr_xdm_tmp_sockets'
services,xserver.if,xserver_domtrans'
allow $1 xserver_t:process siginh;
allow $1 xserver_exec_t:file { getattr read execute };
allow $1 xserver_t:process transition;
allow xserver_t $1:fd use;
allow xserver_t $1:fifo_file { getattr read write append ioctl lock };
allow xserver_t $1:process sigchld;
services,xserver.if,xserver_signal'
allow $1 xserver_t:process signal;
services,xserver.if,xserver_kill'
allow $1 xserver_t:process sigkill;
services,xserver.if,xserver_rw_shm'
allow $1 xserver_t:shm { associate getattr read write lock unix_read unix_write };
services,xserver.if,xserver_dontaudit_rw_tcp_sockets'
services,xserver.if,xserver_dontaudit_rw_stream_sockets'
services,xserver.if,xserver_stream_connect'
allow $1 tmp_t:dir { getattr search };
allow $1 xserver_tmp_t:dir { getattr search };
allow $1 xserver_tmp_t:sock_file { getattr write };
allow $1 xserver_t:unix_stream_socket connectto;
services,xserver.if,xserver_read_tmp_files'
allow $1 xserver_tmp_t:file { getattr read lock ioctl };
allow $1 tmp_t:dir { getattr search };
services,xserver.if,xserver_unconfined'
services,zabbix.if,zabbix_domtrans'
allow $1 zabbix_exec_t:file { getattr read execute };
allow $1 zabbix_t:process transition;
allow zabbix_t $1:fd use;
allow zabbix_t $1:fifo_file { getattr read write append ioctl lock };
allow zabbix_t $1:process sigchld;
services,zabbix.if,zabbix_read_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 zabbix_log_t:dir { getattr search };
allow $1 zabbix_log_t:file { getattr read lock ioctl };
services,zabbix.if,zabbix_append_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 zabbix_log_t:dir { getattr search };
allow $1 zabbix_log_t:file { getattr append lock ioctl };
services,zabbix.if,zabbix_read_pid_files'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 zabbix_var_run_t:file { getattr read lock ioctl };
services,zabbix.if,zabbix_admin'
allow $1 zabbix_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 zabbix_t:dir { search getattr read };
allow $1 zabbix_t:{ file lnk_file } { read getattr };
allow $1 zabbix_t:process getattr;
allow $1 zabbix_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
services,zebra.if,zebra_read_config'
allow $1 etc_t:dir { getattr search };
allow $1 zebra_conf_t:dir { getattr search read lock ioctl };
allow $1 zebra_conf_t:dir { getattr search };
allow $1 zebra_conf_t:file { getattr read lock ioctl };
allow $1 zebra_conf_t:dir { getattr search };
allow $1 zebra_conf_t:lnk_file { getattr read };
services,zebra.if,zebra_admin'
allow $1 zebra_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 zebra_t:dir { search getattr read };
allow $1 zebra_t:{ file lnk_file } { read getattr };
allow $1 zebra_t:process getattr;
allow $1 zebra_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
allow $1 tmp_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
system,application.if,application_type'
system,application.if,application_executable_file'
system,application.if,application_exec'
allow $1 application_exec_type:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
system,application.if,application_exec_all'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:lnk_file { getattr read };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search read lock ioctl };
allow $1 bin_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search read lock ioctl };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:lnk_file { getattr read };
allow $1 shell_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:lnk_file { getattr read };
allow $1 chroot_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
system,application.if,application_domain'
allow $1 $2:file entrypoint;
allow $1 $2:file { { getattr read execute ioctl } ioctl lock };
system,authlogin.if,auth_role'
allow $2 chkpwd_exec_t:file { getattr read execute };
allow $2 chkpwd_t:process transition;
allow chkpwd_t $2:fd use;
allow chkpwd_t $2:fifo_file { getattr read write append ioctl lock };
allow chkpwd_t $2:process sigchld;
allow $2 chkpwd_t:dir { search getattr read };
allow $2 chkpwd_t:{ file lnk_file } { read getattr };
allow $2 chkpwd_t:process getattr;
system,authlogin.if,auth_login_pgm_domain'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search read lock ioctl };
allow $1 var_auth_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 var_auth_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:dir { getattr search read lock ioctl };
allow $1 proc_afs_t:dir { getattr search };
allow $1 proc_afs_t:file { getattr read write append ioctl lock };
allow $1 device_t:dir { getattr search };
allow $1 urandom_device_t:chr_file { getattr read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 event_device_t:chr_file { getattr read write append ioctl lock };
allow $1 device_t:dir { getattr search };
allow $1 usb_device_t:chr_file { getattr read write append ioctl lock };
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 etc_t:dir { getattr search };
allow $1 etc_t:file { getattr read lock ioctl };
allow $1 etc_t:dir { getattr search };
allow $1 etc_t:lnk_file { getattr read };
allow $1 autofs_t:dir { getattr search read lock ioctl };
allow $1 security_t:filesystem getattr;
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:file { getattr read lock ioctl };
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:lnk_file { getattr read };
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:dir { getattr search read lock ioctl };
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read write append ioctl lock };
allow $1 security_t:security check_context;
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read write append ioctl lock };
allow $1 security_t:security compute_av;
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read write append ioctl lock };
allow $1 security_t:security compute_create;
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read write append ioctl lock };
allow $1 security_t:security compute_relabel;
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read write append ioctl lock };
allow $1 security_t:security compute_user;
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
allow $1 initrc_var_run_t:file { getattr read write append ioctl lock };
allow $1 self:capability audit_write;
allow $1 self:netlink_audit_socket { { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } nlmsg_read } nlmsg_relay };
allow $1 devlog_t:lnk_file read;
allow $1 devlog_t:sock_file { getattr read write append };
allow $1 syslogd_t:unix_dgram_socket sendto;
allow $1 syslogd_t:unix_stream_socket connectto;
allow $1 self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 self:unix_stream_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 console_device_t:chr_file { getattr read write append ioctl lock };
allow $1 self:capability audit_control;
allow $1 self:netlink_audit_socket { { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } nlmsg_read } nlmsg_relay };
allow $1 etc_t:dir { getattr search };
allow $1 selinux_config_t:dir { getattr search read lock ioctl };
allow $1 selinux_config_t:dir { getattr search };
allow $1 selinux_config_t:file { getattr read lock ioctl };
allow $1 selinux_config_t:dir { getattr search };
allow $1 selinux_config_t:lnk_file { getattr read };
allow $1 etc_t:dir { getattr search };
allow $1 selinux_config_t:dir { getattr search };
allow $1 default_context_t:dir { getattr search read lock ioctl };
allow $1 default_context_t:dir { getattr search };
allow $1 default_context_t:file { getattr read lock ioctl };
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read write append ioctl lock };
allow $1 security_t:security compute_member;
allow $1 self:capability { chown fsetid sys_admin };
allow $1 polydir:dir { create open getattr search write add_name setattr mounton rmdir };
allow $1 polymember:dir { getattr search };
allow $1 polyparent:dir { getattr mounton };
allow $1 self:process setfscreate;
allow $1 polymember: dir { create setattr relabelto };
allow $1 polydir: dir { write add_name open };
allow $1 polyparent:dir { open read write remove_name add_name relabelfrom relabelto };
allow $1 poly_t:dir { create mounton };
allow $1 fs_t:filesystem unmount;
system,authlogin.if,auth_login_entry_type'
allow $1 login_exec_t:file entrypoint;
allow $1 login_exec_t:file { { getattr read execute ioctl } ioctl lock };
system,authlogin.if,auth_domtrans_login_program'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 login_exec_t:file { getattr read execute };
allow $1 $2:process transition;
allow $2 $1:fd use;
allow $2 $1:fifo_file { getattr read write append ioctl lock };
allow $2 $1:process sigchld;
system,authlogin.if,auth_ranged_domtrans_login_program'
system,authlogin.if,auth_domtrans_chk_passwd'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 chkpwd_exec_t:file { getattr read execute };
allow $1 chkpwd_t:process transition;
allow chkpwd_t $1:fd use;
allow chkpwd_t $1:fifo_file { getattr read write append ioctl lock };
allow chkpwd_t $1:process sigchld;
allow $1 device_t:dir { getattr search };
allow $1 random_device_t:chr_file { getattr read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 urandom_device_t:chr_file { getattr read lock ioctl };
allow $1 self:capability audit_write;
allow $1 self:netlink_audit_socket { { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } nlmsg_read } nlmsg_relay };
allow $1 cert_t:dir { getattr search read lock ioctl };
allow $1 cert_t:dir { getattr search };
allow $1 cert_t:file { getattr read lock ioctl };
allow $1 cert_t:dir { getattr search };
allow $1 cert_t:lnk_file { getattr read };
allow $1 self:tcp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 self:udp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 unlabeled_t:tcp_socket recvfrom;
allow $1 unlabeled_t:udp_socket recvfrom;
allow $1 unlabeled_t:rawip_socket recvfrom;
allow $1 unlabeled_t:peer recv;
allow $1 unlabeled_t:association { sendto recvfrom };
allow $1 unlabeled_t:packet { send recv };
allow $1 netlabel_peer_t:peer recv;
allow $1 netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow $1 netif_type:netif { tcp_send tcp_recv egress ingress };
allow $1 netif_type:netif { udp_send egress };
allow $1 netif_type:netif { udp_recv ingress };
allow $1 node_type:node { tcp_send tcp_recv sendto recvfrom };
allow $1 node_type:node { udp_send sendto };
allow $1 node_type:node { udp_recv recvfrom };
allow $1 dns_port_t:tcp_socket { send_msg recv_msg };
allow $1 dns_port_t:udp_socket send_msg;
allow $1 dns_port_t:udp_socket recv_msg;
allow $1 dns_port_t:tcp_socket name_connect;
allow $1 dns_client_packet_t:packet send;
allow $1 dns_client_packet_t:packet recv;
allow $1 etc_t:dir { getattr search };
allow $1 net_conf_t:file { getattr read lock ioctl };
allow $1 self:tcp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 unlabeled_t:tcp_socket recvfrom;
allow $1 unlabeled_t:udp_socket recvfrom;
allow $1 unlabeled_t:rawip_socket recvfrom;
allow $1 unlabeled_t:peer recv;
allow $1 unlabeled_t:association { sendto recvfrom };
allow $1 unlabeled_t:packet { send recv };
allow $1 netlabel_peer_t:peer recv;
allow $1 netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow $1 netif_type:netif { tcp_send tcp_recv egress ingress };
allow $1 node_type:node { tcp_send tcp_recv sendto recvfrom };
allow $1 ldap_port_t:tcp_socket { send_msg recv_msg };
allow $1 ldap_port_t:tcp_socket name_connect;
allow $1 ldap_client_packet_t:packet send;
allow $1 ldap_client_packet_t:packet recv;
allow $1 etc_t:dir { getattr search };
allow $1 net_conf_t:file { getattr read lock ioctl };
system,authlogin.if,auth_run_chk_passwd'
system,authlogin.if,auth_domtrans_upd_passwd'
allow $1 updpwd_exec_t:file { getattr read execute };
allow $1 updpwd_t:process transition;
allow updpwd_t $1:fd use;
allow updpwd_t $1:fifo_file { getattr read write append ioctl lock };
allow updpwd_t $1:process sigchld;
system,authlogin.if,auth_run_upd_passwd'
system,authlogin.if,auth_getattr_shadow'
allow $1 etc_t:dir { getattr search };
allow $1 shadow_t:file getattr;
system,authlogin.if,auth_dontaudit_getattr_shadow'
system,authlogin.if,auth_read_shadow'
system,authlogin.if,auth_can_read_shadow_passwords'
system,authlogin.if,auth_tunable_read_shadow'
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 shadow_t:file { getattr read lock ioctl };
system,authlogin.if,auth_dontaudit_read_shadow'
system,authlogin.if,auth_rw_shadow'
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 shadow_t:file { getattr read write append ioctl lock };
system,authlogin.if,auth_manage_shadow'
allow $1 shadow_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
system,authlogin.if,auth_etc_filetrans_shadow'
allow $1 etc_t:dir { read getattr lock search ioctl add_name remove_name write };
system,authlogin.if,auth_relabelto_shadow'
allow $1 etc_t:dir { getattr search };
allow $1 shadow_t:file relabelto;
system,authlogin.if,auth_relabel_shadow'
allow $1 etc_t:dir { getattr search };
allow $1 shadow_t:file { relabelfrom relabelto };
system,authlogin.if,auth_append_faillog'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 faillog_t:file { getattr append lock ioctl };
system,authlogin.if,auth_rw_faillog'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 faillog_t:file { getattr read write append ioctl lock };
system,authlogin.if,auth_read_lastlog'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 lastlog_t:file { getattr read lock ioctl };
system,authlogin.if,auth_append_lastlog'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 lastlog_t:file { { getattr append lock ioctl } lock };
system,authlogin.if,auth_rw_lastlog'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 lastlog_t:file { { getattr read write append ioctl lock } lock setattr };
system,authlogin.if,auth_domtrans_pam'
allow $1 pam_exec_t:file { getattr read execute };
allow $1 pam_t:process transition;
allow pam_t $1:fd use;
allow pam_t $1:fifo_file { getattr read write append ioctl lock };
allow pam_t $1:process sigchld;
system,authlogin.if,auth_signal_pam'
allow $1 pam_t:process signal;
system,authlogin.if,auth_run_pam'
system,authlogin.if,auth_exec_pam'
allow $1 pam_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
system,authlogin.if,auth_manage_var_auth'
allow $1 var_t:dir { getattr search };
allow $1 var_auth_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 var_auth_t:file { getattr read write append ioctl lock };
allow $1 var_auth_t:lnk_file { getattr read write lock ioctl };
system,authlogin.if,auth_read_pam_pid'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 pam_var_run_t:dir { getattr search read lock ioctl };
allow $1 pam_var_run_t:file { getattr read lock ioctl };
system,authlogin.if,auth_dontaudit_read_pam_pid'
system,authlogin.if,auth_delete_pam_pid'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 pam_var_run_t:dir { getattr search lock ioctl write remove_name };
allow $1 pam_var_run_t:file { getattr unlink };
system,authlogin.if,auth_manage_pam_pid'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 pam_var_run_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 pam_var_run_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
system,authlogin.if,auth_domtrans_pam_console'
allow $1 pam_console_exec_t:file { getattr read execute };
allow $1 pam_console_t:process transition;
allow pam_console_t $1:fd use;
allow pam_console_t $1:fifo_file { getattr read write append ioctl lock };
allow pam_console_t $1:process sigchld;
system,authlogin.if,auth_search_pam_console_data'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 pam_var_console_t:dir { getattr search };
system,authlogin.if,auth_list_pam_console_data'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 pam_var_console_t:dir { getattr search read lock ioctl };
system,authlogin.if,auth_read_pam_console_data'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 pam_var_console_t:dir { getattr search read lock ioctl };
allow $1 pam_var_console_t:file { getattr read lock ioctl };
system,authlogin.if,auth_manage_pam_console_data'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 pam_var_console_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 pam_var_console_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 pam_var_console_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 pam_var_console_t:lnk_file { create read getattr setattr unlink rename };
system,authlogin.if,auth_delete_pam_console_data'
allow $1 var_t:dir { getattr search };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 pam_var_console_t:dir { getattr search lock ioctl write remove_name };
allow $1 pam_var_console_t:file { getattr unlink };
system,authlogin.if,auth_read_all_dirs_except_shadow'
allow $1 { file_type $2 -shadow_t }:dir { getattr search read lock ioctl };
system,authlogin.if,auth_read_all_files_except_shadow'
allow $1 { file_type $2 -shadow_t }:dir { getattr search };
allow $1 { file_type $2 -shadow_t }:file { getattr read lock ioctl };
system,authlogin.if,auth_read_all_symlinks_except_shadow'
allow $1 { file_type $2 -shadow_t }:dir { getattr search };
allow $1 { file_type $2 -shadow_t }:lnk_file { getattr read };
system,authlogin.if,auth_relabel_all_files_except_shadow'
allow $1 { file_type $2 -shadow_t }:dir { getattr search read lock ioctl };
allow $1 { file_type $2 -shadow_t }:dir { getattr search };
allow $1 { file_type $2 -shadow_t }:dir { getattr relabelfrom relabelto };
allow $1 { file_type $2 -shadow_t }:dir { getattr search };
allow $1 { file_type $2 -shadow_t }:file { getattr relabelfrom relabelto };
allow $1 { file_type $2 -shadow_t }:dir { getattr search };
allow $1 { file_type $2 -shadow_t }:lnk_file { getattr relabelfrom relabelto };
allow $1 { file_type $2 -shadow_t }:dir { getattr search };
allow $1 { file_type $2 -shadow_t }:fifo_file { getattr relabelfrom relabelto };
allow $1 { file_type $2 -shadow_t }:dir { getattr search };
allow $1 { file_type $2 -shadow_t }:sock_file { getattr relabelfrom relabelto };
allow $1 { file_type $2 -shadow_t }:dir { getattr search };
allow $1 { file_type $2 -shadow_t }:blk_file { getattr relabelfrom };
allow $1 { file_type $2 -shadow_t }:dir { getattr search };
allow $1 { file_type $2 -shadow_t }:chr_file { getattr relabelfrom };
allow $1 policy_config_t:file relabelto;
system,authlogin.if,auth_manage_all_files_except_shadow'
allow $1 { file_type $2 -shadow_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 { file_type $2 -shadow_t }:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 { file_type $2 -shadow_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 { file_type $2 -shadow_t }:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 { file_type $2 -shadow_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 { file_type $2 -shadow_t }:lnk_file { create read getattr setattr unlink rename };
allow $1 { file_type $2 -shadow_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 { file_type $2 -shadow_t }:fifo_file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 { file_type $2 -shadow_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 { file_type $2 -shadow_t }:sock_file { create getattr setattr read write rename link unlink ioctl lock append };
allow $1 etc_t:dir { getattr search };
allow $1 selinux_config_t:dir { getattr search };
allow $1 policy_config_t:dir { getattr search lock ioctl write add_name };
allow $1 policy_config_t:file { getattr create open };
allow $1 policy_config_t:dir { getattr search };
allow $1 policy_config_t:file { getattr write append lock ioctl };
allow $1 modules_object_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 modules_object_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
system,authlogin.if,auth_domtrans_utempter'
allow $1 utempter_exec_t:file { getattr read execute };
allow $1 utempter_t:process transition;
allow utempter_t $1:fd use;
allow utempter_t $1:fifo_file { getattr read write append ioctl lock };
allow utempter_t $1:process sigchld;
system,authlogin.if,auth_run_utempter'
system,authlogin.if,auth_dontaudit_exec_utempter'
system,authlogin.if,auth_setattr_login_records'
allow $1 wtmp_t:file setattr;
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
system,authlogin.if,auth_read_login_records'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 wtmp_t:file { getattr read lock ioctl };
system,authlogin.if,auth_dontaudit_write_login_records'
system,authlogin.if,auth_append_login_records'
allow $1 wtmp_t:file { getattr append lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
system,authlogin.if,auth_write_login_records'
allow $1 wtmp_t:file { { getattr write append lock ioctl } lock };
system,authlogin.if,auth_rw_login_records'
allow $1 wtmp_t:file { getattr read write append ioctl lock };
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
system,authlogin.if,auth_log_filetrans_login_records'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { read getattr lock search ioctl add_name remove_name write };
system,authlogin.if,auth_manage_login_records'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 wtmp_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
system,authlogin.if,auth_use_nsswitch'
allow $1 self:netlink_route_socket { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } nlmsg_read };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search read lock ioctl };
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 etc_t:dir { getattr search };
allow $1 etc_t:file { getattr read lock ioctl };
allow $1 etc_t:dir { getattr search };
allow $1 etc_t:lnk_file { getattr read };
allow $1 cert_t:dir { getattr search read lock ioctl };
allow $1 cert_t:dir { getattr search };
allow $1 cert_t:file { getattr read lock ioctl };
allow $1 cert_t:dir { getattr search };
allow $1 cert_t:lnk_file { getattr read };
allow $1 self:tcp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 self:udp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 unlabeled_t:tcp_socket recvfrom;
allow $1 unlabeled_t:udp_socket recvfrom;
allow $1 unlabeled_t:rawip_socket recvfrom;
allow $1 unlabeled_t:peer recv;
allow $1 unlabeled_t:association { sendto recvfrom };
allow $1 unlabeled_t:packet { send recv };
allow $1 netlabel_peer_t:peer recv;
allow $1 netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow $1 netif_type:netif { tcp_send tcp_recv egress ingress };
allow $1 netif_type:netif { udp_send egress };
allow $1 netif_type:netif { udp_recv ingress };
allow $1 node_type:node { tcp_send tcp_recv sendto recvfrom };
allow $1 node_type:node { udp_send sendto };
allow $1 node_type:node { udp_recv recvfrom };
allow $1 dns_port_t:tcp_socket { send_msg recv_msg };
allow $1 dns_port_t:udp_socket send_msg;
allow $1 dns_port_t:udp_socket recv_msg;
allow $1 dns_port_t:tcp_socket name_connect;
allow $1 dns_client_packet_t:packet send;
allow $1 dns_client_packet_t:packet recv;
allow $1 etc_t:dir { getattr search };
allow $1 net_conf_t:file { getattr read lock ioctl };
allow $1 self:tcp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 unlabeled_t:tcp_socket recvfrom;
allow $1 unlabeled_t:udp_socket recvfrom;
allow $1 unlabeled_t:rawip_socket recvfrom;
allow $1 unlabeled_t:peer recv;
allow $1 unlabeled_t:association { sendto recvfrom };
allow $1 unlabeled_t:packet { send recv };
allow $1 netlabel_peer_t:peer recv;
allow $1 netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow $1 netif_type:netif { tcp_send tcp_recv egress ingress };
allow $1 node_type:node { tcp_send tcp_recv sendto recvfrom };
allow $1 ldap_port_t:tcp_socket { send_msg recv_msg };
allow $1 ldap_port_t:tcp_socket name_connect;
allow $1 ldap_client_packet_t:packet send;
allow $1 ldap_client_packet_t:packet recv;
allow $1 etc_t:dir { getattr search };
allow $1 net_conf_t:file { getattr read lock ioctl };
system,authlogin.if,auth_unconfined'
system,clock.if,clock_domtrans'
allow $1 hwclock_exec_t:file { getattr read execute };
allow $1 hwclock_t:process transition;
allow hwclock_t $1:fd use;
allow hwclock_t $1:fifo_file { getattr read write append ioctl lock };
allow hwclock_t $1:process sigchld;
system,clock.if,clock_run'
system,clock.if,clock_exec'
allow $1 hwclock_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
system,clock.if,clock_dontaudit_write_adjtime'
system,clock.if,clock_rw_adjtime'
allow $1 adjtime_t:file { getattr read write append ioctl lock };
allow $1 etc_t:dir { getattr search read lock ioctl };
system,daemontools.if,daemontools_ipc_domain'
allow $1 svc_start_t:process sigchld;
allow $1 svc_start_t:fd use;
allow $1 svc_start_t:fifo_file { read write getattr };
allow svc_start_t $1:process signal;
system,daemontools.if,daemontools_service_domain'
allow svc_run_t $2:file { getattr read execute };
allow svc_run_t $1:process transition;
allow svc_run_t $1:process signal;
allow $1 svc_run_t:fd use;
system,daemontools.if,daemontools_domtrans_start'
allow $1 svc_start_exec_t:file { getattr read execute };
allow $1 svc_start_t:process transition;
allow svc_start_t $1:fd use;
allow svc_start_t $1:fifo_file { getattr read write append ioctl lock };
allow svc_start_t $1:process sigchld;
system,daemontools.if,daemontools_domtrans_run'
allow $1 svc_run_exec_t:file { getattr read execute };
allow $1 svc_run_t:process transition;
allow svc_run_t $1:fd use;
allow svc_run_t $1:fifo_file { getattr read write append ioctl lock };
allow svc_run_t $1:process sigchld;
system,daemontools.if,daemontools_domtrans_multilog'
allow $1 svc_multilog_exec_t:file { getattr read execute };
allow $1 svc_multilog_t:process transition;
allow svc_multilog_t $1:fd use;
allow svc_multilog_t $1:fifo_file { getattr read write append ioctl lock };
allow svc_multilog_t $1:process sigchld;
system,daemontools.if,daemontools_read_svc'
allow $1 svc_svc_t:dir { getattr search read lock ioctl };
allow $1 svc_svc_t:file { getattr read lock ioctl };
system,daemontools.if,daemontools_manage_svc'
allow $1 svc_svc_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 svc_svc_t:fifo_file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 svc_svc_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 svc_svc_t:lnk_file { read create };
system,fstools.if,fstools_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 fsadm_exec_t:file { getattr read execute };
allow $1 fsadm_t:process transition;
allow fsadm_t $1:fd use;
allow fsadm_t $1:fifo_file { getattr read write append ioctl lock };
allow fsadm_t $1:process sigchld;
system,fstools.if,fstools_run'
system,fstools.if,fstools_exec'
allow $1 fsadm_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
system,fstools.if,fstools_signal'
allow $1 fsadm_t:process signal;
system,fstools.if,fstools_read_pipes'
allow $1 fsadm_t:fifo_file { getattr read lock ioctl };
system,fstools.if,fstools_relabelto_entry_files'
allow $1 fsadm_exec_t:file relabelto;
system,fstools.if,fstools_manage_entry_files'
allow $1 fsadm_exec_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
system,fstools.if,fstools_getattr_swap_files'
allow $1 swapfile_t:file getattr;
system,getty.if,getty_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 getty_exec_t:file { getattr read execute };
allow $1 getty_t:process transition;
allow getty_t $1:fd use;
allow getty_t $1:fifo_file { getattr read write append ioctl lock };
allow getty_t $1:process sigchld;
system,getty.if,getty_use_fds'
allow $1 getty_t:fd use;
system,getty.if,getty_read_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 getty_log_t:file { getattr read lock ioctl };
system,getty.if,getty_read_config'
allow $1 etc_t:dir { getattr search };
allow $1 getty_etc_t:file { getattr read lock ioctl };
system,getty.if,getty_rw_config'
allow $1 etc_t:dir { getattr search };
allow $1 getty_etc_t:file { getattr read write append ioctl lock };
system,hostname.if,hostname_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 hostname_exec_t:file { getattr read execute };
allow $1 hostname_t:process transition;
allow hostname_t $1:fd use;
allow hostname_t $1:fifo_file { getattr read write append ioctl lock };
allow hostname_t $1:process sigchld;
system,hostname.if,hostname_run'
system,hostname.if,hostname_exec'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 hostname_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
system,hotplug.if,hotplug_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 hotplug_exec_t:file { getattr read execute };
allow $1 hotplug_t:process transition;
allow hotplug_t $1:fd use;
allow hotplug_t $1:fifo_file { getattr read write append ioctl lock };
allow hotplug_t $1:process sigchld;
system,hotplug.if,hotplug_exec'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 hotplug_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
system,hotplug.if,hotplug_use_fds'
allow $1 hotplug_t:fd use;
system,hotplug.if,hotplug_dontaudit_use_fds'
system,hotplug.if,hotplug_dontaudit_search_config'
system,hotplug.if,hotplug_getattr_config_dirs'
allow $1 hotplug_etc_t:dir getattr;
system,hotplug.if,hotplug_search_config'
allow $1 hotplug_etc_t:dir { getattr search };
system,hotplug.if,hotplug_read_config'
allow $1 etc_t:dir { getattr search };
allow $1 hotplug_etc_t:dir { getattr search read lock ioctl };
allow $1 hotplug_etc_t:dir { getattr search };
allow $1 hotplug_etc_t:file { getattr read lock ioctl };
allow $1 hotplug_etc_t:dir { getattr search };
allow $1 hotplug_etc_t:lnk_file { getattr read };
system,hotplug.if,hotplug_search_pids'
allow $1 hotplug_var_run_t:dir { getattr search };
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
system,init.if,init_script_file'
allow initrc_t $1:file entrypoint;
allow initrc_t $1:file { { getattr read execute ioctl } ioctl lock };
allow init_run_all_scripts_domain $1:file { getattr read execute };
allow init_run_all_scripts_domain initrc_t:process transition;
allow initrc_t init_run_all_scripts_domain:fd use;
allow initrc_t init_run_all_scripts_domain:fifo_file { getattr read write append ioctl lock };
allow initrc_t init_run_all_scripts_domain:process sigchld;
system,init.if,init_script_domain'
allow $1 $2:file entrypoint;
allow $1 $2:file { { getattr read execute ioctl } ioctl lock };
allow init_run_all_scripts_domain $2:file { getattr read execute };
allow init_run_all_scripts_domain $1:process transition;
allow $1 init_run_all_scripts_domain:fd use;
allow $1 init_run_all_scripts_domain:fifo_file { getattr read write append ioctl lock };
allow $1 init_run_all_scripts_domain:process sigchld;
system,init.if,init_domain'
allow $1 $2:file entrypoint;
allow $1 $2:file { { getattr read execute ioctl } ioctl lock };
allow init_t $2:file { getattr read execute };
allow init_t $1:process transition;
allow $1 init_t:fd use;
allow $1 init_t:fifo_file { getattr read write append ioctl lock };
allow $1 init_t:process sigchld;
system,init.if,init_ranged_domain'
system,init.if,init_daemon_domain'
allow $1 $2:file entrypoint;
allow $1 $2:file { { getattr read execute ioctl } ioctl lock };
allow initrc_t $2:file { getattr read execute };
allow initrc_t $1:process transition;
allow $1 initrc_t:fd use;
allow $1 initrc_t:fifo_file { getattr read write append ioctl lock };
allow $1 initrc_t:process sigchld;
system,init.if,init_ranged_daemon_domain'
system,init.if,init_system_domain'
allow $1 $2:file entrypoint;
allow $1 $2:file { { getattr read execute ioctl } ioctl lock };
allow initrc_t $2:file { getattr read execute };
allow initrc_t $1:process transition;
allow $1 initrc_t:fd use;
allow $1 initrc_t:fifo_file { getattr read write append ioctl lock };
allow $1 initrc_t:process sigchld;
system,init.if,init_ranged_system_domain'
system,init.if,init_domtrans'
allow $1 init_exec_t:file { getattr read execute };
allow $1 init_t:process transition;
allow init_t $1:fd use;
allow init_t $1:fifo_file { getattr read write append ioctl lock };
allow init_t $1:process sigchld;
system,init.if,init_exec'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 init_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
system,init.if,init_getpgid'
allow $1 init_t:process getpgid;
system,init.if,init_signull'
allow $1 init_t:process signull;
system,init.if,init_sigchld'
allow $1 init_t:process sigchld;
system,init.if,init_use_fds'
allow $1 init_t:fd use;
system,init.if,init_dontaudit_use_fds'
system,init.if,init_udp_send'
system,init.if,init_getattr_initctl'
allow $1 initctl_t:fifo_file getattr;
system,init.if,init_dontaudit_getattr_initctl'
system,init.if,init_write_initctl'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 initctl_t:fifo_file write;
system,init.if,init_telinit'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 initctl_t:fifo_file { getattr read write append ioctl lock };
allow $1 self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 init_t:unix_dgram_socket sendto;
system,init.if,init_rw_initctl'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 initctl_t:fifo_file { getattr read write append ioctl lock };
system,init.if,init_dontaudit_rw_initctl'
system,init.if,init_script_file_entry_type'
allow $1 initrc_exec_t:file entrypoint;
allow $1 initrc_exec_t:file { { getattr read execute ioctl } ioctl lock };
system,init.if,init_spec_domtrans_script'
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 self:process setexec;
allow $1 initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
system,init.if,init_domtrans_script'
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
system,init.if,init_script_file_domtrans'
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 initrc_exec_t:file { getattr read execute };
allow $1 $2:process transition;
system,init.if,init_labeled_script_domtrans'
allow $1 $2:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
system,init.if,init_run_daemon'
system,init.if,init_read_state'
allow $1 init_t:dir { getattr search };
allow $1 init_t:file { getattr read lock ioctl };
allow $1 init_t:lnk_file { getattr read };
system,init.if,init_ptrace'
allow $1 init_t:process ptrace;
system,init.if,init_write_script_pipes'
allow $1 initrc_t:fifo_file write;
system,init.if,init_getattr_script_files'
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 initrc_exec_t:file getattr;
system,init.if,init_read_script_files'
allow $1 etc_t:dir { getattr search };
allow $1 initrc_exec_t:file { getattr read lock ioctl };
system,init.if,init_exec_script_files'
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 initrc_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
system,init.if,init_getattr_all_script_files'
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 init_script_file_type:file getattr;
system,init.if,init_read_all_script_files'
allow $1 etc_t:dir { getattr search };
allow $1 init_script_file_type:file { getattr read lock ioctl };
system,init.if,init_exec_all_script_files'
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 init_script_file_type:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
system,init.if,init_read_script_state'
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:dir { getattr search };
allow $1 initrc_t:dir { getattr search };
allow $1 initrc_t:file { getattr read lock ioctl };
allow $1 initrc_t:dir { getattr search };
allow $1 initrc_t:lnk_file { getattr read };
allow $1 initrc_t:dir { getattr search };
allow $1 initrc_t:dir { getattr search read lock ioctl };
allow $1 initrc_t:process getattr;
system,init.if,init_use_script_fds'
allow $1 initrc_t:fd use;
system,init.if,init_dontaudit_use_script_fds'
system,init.if,init_getpgid_script'
allow $1 initrc_t:process getpgid;
system,init.if,init_sigchld_script'
allow $1 initrc_t:process sigchld;
system,init.if,init_signal_script'
allow $1 initrc_t:process signal;
system,init.if,init_signull_script'
allow $1 initrc_t:process signull;
system,init.if,init_rw_script_pipes'
allow $1 initrc_t:fifo_file { read write };
system,init.if,init_udp_send_script'
system,init.if,init_stream_connect_script'
allow $1 initrc_t:unix_stream_socket connectto;
system,init.if,init_rw_script_stream_sockets'
allow $1 initrc_t:unix_stream_socket { read write };
system,init.if,init_dontaudit_stream_connect_script'
system,init.if,init_dbus_send_script'
allow $1 initrc_t:dbus send_msg;
system,init.if,init_dbus_chat_script'
allow $1 initrc_t:dbus send_msg;
allow initrc_t $1:dbus send_msg;
system,init.if,init_use_script_ptys'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 devpts_t:dir { getattr search read lock ioctl };
allow $1 initrc_devpts_t:chr_file { { getattr read write ioctl } lock append };
system,init.if,init_dontaudit_use_script_ptys'
system,init.if,init_getattr_script_status_files'
allow $1 initrc_state_t:dir { getattr search };
allow $1 initrc_state_t:file { getattr };
system,init.if,init_dontaudit_read_script_status_files'
system,init.if,init_rw_script_tmp_files'
allow $1 tmp_t:dir { getattr search };
allow $1 initrc_tmp_t:dir { getattr search };
allow $1 initrc_tmp_t:file { getattr read write append ioctl lock };
system,init.if,init_script_tmp_filetrans'
allow $1 tmp_t:dir { getattr search };
allow $1 initrc_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
system,init.if,init_getattr_utmp'
allow $1 initrc_var_run_t:file getattr;
system,init.if,init_read_utmp'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
allow $1 initrc_var_run_t:file { getattr read lock ioctl };
system,init.if,init_dontaudit_write_utmp'
system,init.if,init_write_utmp'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
allow $1 initrc_var_run_t:file { getattr open write };
system,init.if,init_dontaudit_lock_utmp'
system,init.if,init_rw_utmp'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
allow $1 initrc_var_run_t:file { getattr read write append ioctl lock };
system,init.if,init_dontaudit_rw_utmp'
system,init.if,init_manage_utmp'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 initrc_var_run_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
system,init.if,init_pid_filetrans_utmp'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { read getattr lock search ioctl add_name remove_name write };
system,init.if,init_tcp_recvfrom_all_daemons'
allow { $1 daemon } self:association sendto;
allow $1 daemon:{ association tcp_socket } recvfrom;
allow daemon $1:{ association tcp_socket } recvfrom;
allow $1 daemon:peer recv;
allow daemon $1:peer recv;
allow $1 netlabel_peer_t:peer recv;
allow $1 netlabel_peer_t:tcp_socket recvfrom;
allow daemon netlabel_peer_t:peer recv;
allow daemon netlabel_peer_t:tcp_socket recvfrom;
system,init.if,init_udp_recvfrom_all_daemons'
allow daemon self:association sendto;
allow $1 daemon:{ association udp_socket } recvfrom;
allow $1 daemon:peer recv;
allow $1 netlabel_peer_t:peer recv;
allow $1 netlabel_peer_t:udp_socket recvfrom;
system,ipsec.if,ipsec_domtrans'
allow $1 ipsec_exec_t:file { getattr read execute };
allow $1 ipsec_t:process transition;
allow ipsec_t $1:fd use;
allow ipsec_t $1:fifo_file { getattr read write append ioctl lock };
allow ipsec_t $1:process sigchld;
system,ipsec.if,ipsec_stream_connect'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 ipsec_var_run_t:dir { getattr search };
allow $1 ipsec_var_run_t:sock_file { getattr write };
allow $1 ipsec_t:unix_stream_socket connectto;
system,ipsec.if,ipsec_getattr_key_sockets'
allow $1 ipsec_t:key_socket getattr;
system,ipsec.if,ipsec_exec_mgmt'
allow $1 ipsec_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
system,ipsec.if,ipsec_read_config'
allow $1 etc_t:dir { getattr search };
allow $1 ipsec_conf_file_t:file { getattr read lock ioctl };
system,ipsec.if,ipsec_match_default_spd'
allow $1 ipsec_spd_t:association polmatch;
allow $1 self:association sendto;
system,ipsec.if,ipsec_setcontext_default_spd'
allow $1 ipsec_spd_t:association setcontext;
system,ipsec.if,ipsec_write_pid'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 ipsec_var_run_t:dir { getattr search };
allow $1 ipsec_var_run_t:file { getattr write append lock ioctl };
system,ipsec.if,ipsec_manage_pid'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 ipsec_var_run_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 ipsec_var_run_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
system,ipsec.if,ipsec_domtrans_racoon'
allow $1 racoon_exec_t:file { getattr read execute };
allow $1 racoon_t:process transition;
allow racoon_t $1:fd use;
allow racoon_t $1:fifo_file { getattr read write append ioctl lock };
allow racoon_t $1:process sigchld;
system,ipsec.if,ipsec_domtrans_setkey'
allow $1 setkey_exec_t:file { getattr read execute };
allow $1 setkey_t:process transition;
allow setkey_t $1:fd use;
allow setkey_t $1:fifo_file { getattr read write append ioctl lock };
allow setkey_t $1:process sigchld;
system,ipsec.if,ipsec_run_setkey'
system,iptables.if,iptables_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 iptables_exec_t:file { getattr read execute };
allow $1 iptables_t:process transition;
allow iptables_t $1:fd use;
allow iptables_t $1:fifo_file { getattr read write append ioctl lock };
allow iptables_t $1:process sigchld;
system,iptables.if,iptables_run'
allow iptables_t bin_t:dir { getattr search };
allow iptables_t bin_t:dir { getattr search };
allow iptables_t bin_t:dir { getattr search };
allow iptables_t bin_t:dir { getattr search };
allow iptables_t ifconfig_exec_t:file { getattr read execute };
allow iptables_t ifconfig_t:process transition;
allow ifconfig_t iptables_t:fd use;
allow ifconfig_t iptables_t:fifo_file { getattr read write append ioctl lock };
allow ifconfig_t iptables_t:process sigchld;
system,iptables.if,iptables_exec'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 iptables_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
system,iscsi.if,iscsid_domtrans'
allow $1 iscsid_exec_t:file { getattr read execute };
allow $1 iscsid_t:process transition;
allow iscsid_t $1:fd use;
allow iscsid_t $1:fifo_file { getattr read write append ioctl lock };
allow iscsid_t $1:process sigchld;
system,libraries.if,libs_domtrans_ldconfig'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 ldconfig_exec_t:file { getattr read execute };
allow $1 ldconfig_t:process transition;
allow ldconfig_t $1:fd use;
allow ldconfig_t $1:fifo_file { getattr read write append ioctl lock };
allow ldconfig_t $1:process sigchld;
system,libraries.if,libs_run_ldconfig'
system,libraries.if,libs_use_ld_so'
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 lib_t:dir { getattr search read lock ioctl };
allow $1 lib_t:dir { getattr search };
allow $1 { lib_t ld_so_t }:lnk_file { getattr read };
allow $1 lib_t:dir { getattr search };
allow $1 ld_so_t:file { getattr read execute ioctl };
allow $1 ld_so_cache_t:file { getattr read lock ioctl };
system,libraries.if,libs_legacy_use_ld_so'
allow $1 ld_so_t:file execmod;
allow $1 ld_so_cache_t:file execute;
system,libraries.if,libs_exec_ld_so'
allow $1 lib_t:dir { getattr search read lock ioctl };
allow $1 lib_t:dir { getattr search };
allow $1 { lib_t ld_so_t }:lnk_file { getattr read };
allow $1 lib_t:dir { getattr search };
allow $1 ld_so_t:file { getattr read execute execute_no_trans };
system,libraries.if,libs_manage_ld_so'
allow $1 lib_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 ld_so_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
system,libraries.if,libs_relabel_ld_so'
allow $1 lib_t:dir { getattr search };
allow $1 ld_so_t:file { getattr relabelfrom relabelto };
system,libraries.if,libs_rw_ld_so_cache'
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 ld_so_cache_t:file { getattr read write append ioctl lock };
system,libraries.if,libs_search_lib'
allow $1 lib_t:dir { getattr search };
system,libraries.if,libs_dontaudit_write_lib_dirs'
system,libraries.if,libs_manage_lib_dirs'
allow $1 lib_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
system,libraries.if,libs_read_lib_files'
allow $1 usr_t:dir { getattr search };
allow $1 lib_t:dir { getattr search };
allow $1 lib_t:dir { getattr search read lock ioctl };
allow $1 lib_t:dir { getattr search };
allow $1 lib_t:file { getattr read lock ioctl };
allow $1 lib_t:dir { getattr search };
allow $1 lib_t:lnk_file { getattr read };
system,libraries.if,libs_exec_lib_files'
allow $1 usr_t:dir { getattr search };
allow $1 lib_t:dir { getattr search read lock ioctl };
allow $1 lib_t:dir { getattr search };
allow $1 lib_t:lnk_file { getattr read };
allow $1 lib_t:dir { getattr search };
allow $1 lib_t:file { getattr read execute execute_no_trans };
system,libraries.if,libs_use_lib_files'
system,libraries.if,libs_manage_lib_files'
allow $1 lib_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 lib_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
system,libraries.if,libs_relabelto_lib_files'
allow $1 lib_t:dir { getattr search };
allow $1 lib_t:file { getattr relabelto };
system,libraries.if,libs_relabel_lib_files'
allow $1 lib_t:dir { getattr search };
allow $1 lib_t:file { getattr relabelfrom relabelto };
system,libraries.if,libs_delete_lib_symlinks'
allow $1 lib_t:dir { getattr search lock ioctl write remove_name };
allow $1 lib_t:lnk_file { getattr unlink };
system,libraries.if,libs_manage_shared_libs'
allow $1 lib_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 { lib_t textrel_shlib_t }:file { create open getattr setattr read write append rename link unlink ioctl lock };
system,libraries.if,libs_use_shared_libs'
allow $1 usr_t:dir { getattr search read lock ioctl };
allow $1 lib_t:dir { getattr search read lock ioctl };
allow $1 lib_t:dir { getattr search };
allow $1 { lib_t textrel_shlib_t }:lnk_file { getattr read };
allow $1 lib_t:dir { getattr search };
allow $1 { lib_t textrel_shlib_t }:file { getattr read execute ioctl };
allow $1 textrel_shlib_t:file execmod;
system,libraries.if,libs_legacy_use_shared_libs'
allow $1 lib_t:file execmod;
system,libraries.if,libs_relabel_shared_libs'
allow $1 lib_t:dir { getattr search };
allow $1 { lib_t textrel_shlib_t }:file { getattr relabelfrom relabelto };
system,libraries.if,lib_filetrans_shared_lib'
system,libraries.if,files_lib_filetrans_shared_lib'
system,locallogin.if,locallogin_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 login_exec_t:file { getattr read execute };
allow $1 local_login_t:process transition;
allow local_login_t $1:fd use;
allow local_login_t $1:fifo_file { getattr read write append ioctl lock };
allow local_login_t $1:process sigchld;
system,locallogin.if,locallogin_use_fds'
allow $1 local_login_t:fd use;
system,locallogin.if,locallogin_dontaudit_use_fds'
system,locallogin.if,locallogin_signull'
allow $1 local_login_t:process signull;
system,locallogin.if,locallogin_search_keys'
allow $1 local_login_t:key search;
system,locallogin.if,locallogin_link_keys'
allow $1 local_login_t:key link;
system,locallogin.if,locallogin_domtrans_sulogin'
allow $1 sulogin_exec_t:file { getattr read execute };
allow $1 sulogin_t:process transition;
allow sulogin_t $1:fd use;
allow sulogin_t $1:fifo_file { getattr read write append ioctl lock };
allow sulogin_t $1:process sigchld;
system,logging.if,logging_log_file'
allow $1 tmp_t:filesystem associate;
allow $1 tmpfs_t:filesystem associate;
system,logging.if,logging_send_audit_msgs'
allow $1 self:capability audit_write;
allow $1 self:netlink_audit_socket { { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } nlmsg_read } nlmsg_relay };
system,logging.if,logging_dontaudit_send_audit_msgs'
system,logging.if,logging_set_loginuid'
allow $1 self:capability audit_control;
allow $1 self:netlink_audit_socket { { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } nlmsg_read } nlmsg_relay };
system,logging.if,logging_set_audit_parameters'
allow $1 self:capability { audit_write audit_control };
allow $1 self:netlink_audit_socket { { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } nlmsg_read nlmsg_write } nlmsg_relay };
system,logging.if,logging_read_audit_log'
allow $1 var_t:dir { getattr search };
allow $1 auditd_log_t:dir { getattr search };
allow $1 auditd_log_t:file { getattr read lock ioctl };
allow $1 auditd_log_t:dir { getattr search read lock ioctl };
system,logging.if,logging_domtrans_auditctl'
allow $1 auditctl_exec_t:file { getattr read execute };
allow $1 auditctl_t:process transition;
allow auditctl_t $1:fd use;
allow auditctl_t $1:fifo_file { getattr read write append ioctl lock };
allow auditctl_t $1:process sigchld;
system,logging.if,logging_run_auditctl'
system,logging.if,logging_domtrans_auditd'
allow $1 auditd_exec_t:file { getattr read execute };
allow $1 auditd_t:process transition;
allow auditd_t $1:fd use;
allow auditd_t $1:fifo_file { getattr read write append ioctl lock };
allow auditd_t $1:process sigchld;
system,logging.if,logging_run_auditd'
system,logging.if,logging_stream_connect_auditd'
system,logging.if,logging_domtrans_dispatcher'
allow $1 audisp_exec_t:file { getattr read execute };
allow $1 audisp_t:process transition;
allow audisp_t $1:fd use;
allow audisp_t $1:fifo_file { getattr read write append ioctl lock };
allow audisp_t $1:process sigchld;
system,logging.if,logging_signal_dispatcher'
allow $1 audisp_t:process signal;
system,logging.if,logging_dispatcher_domain'
allow $1 $2:file entrypoint;
allow $1 $2:file { { getattr read execute ioctl } ioctl lock };
allow audisp_t $2:file { getattr read execute };
allow audisp_t $1:process transition;
allow $1 audisp_t:fd use;
allow $1 audisp_t:fifo_file { getattr read write append ioctl lock };
allow $1 audisp_t:process sigchld;
allow audisp_t $1:process { sigkill sigstop signull signal };
allow audisp_t $2:file getattr;
allow $1 audisp_t:unix_stream_socket { ioctl read getattr write setattr append bind connect getopt setopt shutdown };
system,logging.if,logging_stream_connect_dispatcher'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 audisp_var_run_t:dir { getattr search };
allow $1 audisp_var_run_t:sock_file { getattr write };
allow $1 audisp_t:unix_stream_socket connectto;
system,logging.if,logging_manage_audit_config'
allow $1 etc_t:dir { getattr search };
allow $1 auditd_etc_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 auditd_etc_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
system,logging.if,logging_manage_audit_log'
allow $1 var_t:dir { getattr search };
allow $1 auditd_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 auditd_log_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 auditd_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 auditd_log_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
system,logging.if,logging_domtrans_klog'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 klogd_exec_t:file { getattr read execute };
allow $1 klogd_t:process transition;
allow klogd_t $1:fd use;
allow klogd_t $1:fifo_file { getattr read write append ioctl lock };
allow klogd_t $1:process sigchld;
system,logging.if,logging_check_exec_syslog'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search read lock ioctl };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:lnk_file { getattr read };
allow $1 syslogd_exec_t:file execute;
system,logging.if,logging_domtrans_syslog'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 syslogd_exec_t:file { getattr read execute };
allow $1 syslogd_t:process transition;
allow syslogd_t $1:fd use;
allow syslogd_t $1:fifo_file { getattr read write append ioctl lock };
allow syslogd_t $1:process sigchld;
system,logging.if,logging_log_filetrans'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { read getattr lock search ioctl add_name remove_name write };
system,logging.if,logging_send_syslog_msg'
allow $1 devlog_t:lnk_file read;
allow $1 devlog_t:sock_file { getattr read write append };
allow $1 syslogd_t:unix_dgram_socket sendto;
allow $1 syslogd_t:unix_stream_socket connectto;
allow $1 self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 self:unix_stream_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 console_device_t:chr_file { getattr read write append ioctl lock };
system,logging.if,logging_read_audit_config'
allow $1 etc_t:dir { getattr search };
allow $1 auditd_etc_t:dir { getattr search };
allow $1 auditd_etc_t:file { getattr read lock ioctl };
allow $1 auditd_etc_t:dir { getattr search read lock ioctl };
system,logging.if,logging_dontaudit_search_audit_config'
system,logging.if,logging_read_syslog_config'
allow $1 syslog_conf_t:file { getattr read lock ioctl };
system,logging.if,logging_search_logs'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
system,logging.if,logging_dontaudit_search_logs'
system,logging.if,logging_list_logs'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
system,logging.if,logging_rw_generic_log_dirs'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { read getattr lock search ioctl add_name remove_name write };
system,logging.if,logging_dontaudit_getattr_all_logs'
system,logging.if,logging_append_all_logs'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 logfile:file { getattr append lock ioctl };
system,logging.if,logging_read_all_logs'
allow $1 var_t:dir { getattr search };
allow $1 logfile:dir { getattr search read lock ioctl };
allow $1 logfile:dir { getattr search };
allow $1 logfile:file { getattr read lock ioctl };
system,logging.if,logging_exec_all_logs'
allow $1 var_t:dir { getattr search };
allow $1 logfile:dir { getattr search read lock ioctl };
allow $1 logfile:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
system,logging.if,logging_rw_all_logs'
allow $1 var_t:dir { getattr search };
allow $1 logfile:dir { getattr search };
allow $1 logfile:file { getattr read write append ioctl lock };
system,logging.if,logging_manage_all_logs'
allow $1 var_t:dir { getattr search };
allow $1 logfile:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 logfile:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 logfile:dir { getattr search };
allow $1 logfile:lnk_file { getattr read };
system,logging.if,logging_read_generic_logs'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
allow $1 var_log_t:dir { getattr search };
allow $1 var_log_t:file { getattr read lock ioctl };
system,logging.if,logging_write_generic_logs'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
allow $1 var_log_t:dir { getattr search };
allow $1 var_log_t:file { getattr write append lock ioctl };
system,logging.if,logging_dontaudit_write_generic_logs'
system,logging.if,logging_rw_generic_logs'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
allow $1 var_log_t:dir { getattr search };
allow $1 var_log_t:file { getattr read write append ioctl lock };
system,logging.if,logging_manage_generic_logs'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 var_log_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
system,logging.if,logging_admin_audit'
allow $1 auditd_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 auditd_t:dir { search getattr read };
allow $1 auditd_t:{ file lnk_file } { read getattr };
allow $1 auditd_t:process getattr;
allow $1 auditd_etc_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 auditd_etc_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 auditd_etc_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 auditd_etc_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 auditd_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 auditd_log_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 auditd_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 auditd_log_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 auditd_var_run_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 auditd_var_run_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 auditd_var_run_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 auditd_var_run_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 auditd_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
system,logging.if,logging_admin_syslog'
allow $1 syslogd_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 klogd_t:process { ptrace { sigchld sigkill sigstop signull signal } };
allow $1 syslogd_t:dir { search getattr read };
allow $1 syslogd_t:{ file lnk_file } { read getattr };
allow $1 syslogd_t:process getattr;
allow $1 klogd_t:dir { search getattr read };
allow $1 klogd_t:{ file lnk_file } { read getattr };
allow $1 klogd_t:process getattr;
allow $1 klogd_var_run_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 klogd_var_run_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 klogd_var_run_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 klogd_var_run_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 klogd_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 klogd_tmp_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 klogd_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 klogd_tmp_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 syslogd_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 syslogd_tmp_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 syslogd_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 syslogd_tmp_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 syslog_conf_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 syslog_conf_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 syslog_conf_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 syslog_conf_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 etc_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 syslogd_var_lib_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 syslogd_var_lib_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 syslogd_var_lib_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 syslogd_var_lib_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 syslogd_var_run_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 syslogd_var_run_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 syslogd_var_run_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 syslogd_var_run_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 syslogd_initrc_exec_t:file { getattr read execute };
allow $1 initrc_t:process transition;
allow initrc_t $1:fd use;
allow initrc_t $1:fifo_file { getattr read write append ioctl lock };
allow initrc_t $1:process sigchld;
allow $1 etc_t:dir { getattr search };
allow $2 system_r;
system,logging.if,logging_admin'
system,lvm.if,lvm_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 lvm_exec_t:file { getattr read execute };
allow $1 lvm_t:process transition;
allow lvm_t $1:fd use;
allow lvm_t $1:fifo_file { getattr read write append ioctl lock };
allow lvm_t $1:process sigchld;
system,lvm.if,lvm_run'
system,lvm.if,lvm_read_config'
allow $1 etc_t:dir { getattr search };
allow $1 lvm_etc_t:dir { getattr search read lock ioctl };
allow $1 lvm_etc_t:dir { getattr search };
allow $1 lvm_etc_t:file { getattr read lock ioctl };
system,lvm.if,lvm_manage_config'
allow $1 etc_t:dir { getattr search };
allow $1 lvm_etc_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 lvm_etc_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 lvm_etc_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 lvm_etc_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
system,miscfiles.if,miscfiles_read_certs'
allow $1 cert_t:dir { getattr search read lock ioctl };
allow $1 cert_t:dir { getattr search };
allow $1 cert_t:file { getattr read lock ioctl };
allow $1 cert_t:dir { getattr search };
allow $1 cert_t:lnk_file { getattr read };
system,miscfiles.if,miscfiles_read_fonts'
allow $1 usr_t:dir { getattr search };
allow $1 lib_t:dir { getattr search };
allow $1 fonts_t:dir { getattr search read lock ioctl };
allow $1 fonts_t:dir { getattr search };
allow $1 fonts_t:file { getattr read lock ioctl };
allow $1 fonts_t:dir { getattr search };
allow $1 fonts_t:lnk_file { getattr read };
system,miscfiles.if,miscfiles_dontaudit_write_fonts'
system,miscfiles.if,miscfiles_manage_fonts'
allow $1 usr_t:dir { getattr search };
allow $1 lib_t:dir { getattr search };
allow $1 fonts_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 fonts_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 fonts_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 fonts_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 fonts_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 fonts_t:lnk_file { create read getattr setattr unlink rename };
system,miscfiles.if,miscfiles_read_hwdata'
allow $1 hwdata_t:dir { getattr search read lock ioctl };
allow $1 hwdata_t:dir { getattr search };
allow $1 hwdata_t:file { getattr read lock ioctl };
allow $1 hwdata_t:dir { getattr search };
allow $1 hwdata_t:lnk_file { getattr read };
system,miscfiles.if,miscfiles_setattr_localization'
allow $1 usr_t:dir { getattr search };
allow $1 locale_t:dir { getattr search read lock ioctl };
allow $1 locale_t:file setattr;
system,miscfiles.if,miscfiles_read_localization'
allow $1 etc_t:dir { getattr search };
allow $1 etc_t:lnk_file { getattr read };
allow $1 usr_t:dir { getattr search };
allow $1 locale_t:dir { getattr search read lock ioctl };
allow $1 locale_t:dir { getattr search };
allow $1 locale_t:file { getattr read lock ioctl };
allow $1 locale_t:dir { getattr search };
allow $1 locale_t:lnk_file { getattr read };
allow $1 usr_t:dir { getattr search };
allow $1 lib_t:dir { getattr search };
allow $1 lib_t:dir { getattr search read lock ioctl };
allow $1 lib_t:dir { getattr search };
allow $1 lib_t:file { getattr read lock ioctl };
allow $1 lib_t:dir { getattr search };
allow $1 lib_t:lnk_file { getattr read };
system,miscfiles.if,miscfiles_rw_localization'
allow $1 usr_t:dir { getattr search };
allow $1 locale_t:dir { getattr search read lock ioctl };
allow $1 locale_t:dir { getattr search };
allow $1 locale_t:file { getattr read write append ioctl lock };
system,miscfiles.if,miscfiles_relabel_localization'
allow $1 usr_t:dir { getattr search };
allow $1 locale_t:dir { getattr search };
allow $1 locale_t:file { getattr relabelfrom relabelto };
system,miscfiles.if,miscfiles_legacy_read_localization'
allow $1 locale_t:file execute;
system,miscfiles.if,miscfiles_dontaudit_search_man_pages'
system,miscfiles.if,miscfiles_read_man_pages'
allow $1 usr_t:dir { getattr search };
allow $1 man_t:dir { getattr search read lock ioctl };
allow $1 man_t:dir { getattr search };
allow $1 man_t:file { getattr read lock ioctl };
allow $1 man_t:dir { getattr search };
allow $1 man_t:lnk_file { getattr read };
system,miscfiles.if,miscfiles_delete_man_pages'
allow $1 usr_t:dir { getattr search };
allow $1 man_t:dir setattr;
allow $1 man_t:dir { getattr search read lock ioctl };
allow $1 man_t:dir { getattr search lock ioctl write remove_name };
allow $1 man_t:dir { getattr rmdir };
allow $1 man_t:dir { getattr search lock ioctl write remove_name };
allow $1 man_t:file { getattr unlink };
allow $1 man_t:dir { getattr search lock ioctl write remove_name };
allow $1 man_t:lnk_file { getattr unlink };
system,miscfiles.if,miscfiles_manage_man_pages'
allow $1 usr_t:dir { getattr search };
allow $1 man_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 man_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 man_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 man_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 man_t:dir { getattr search };
allow $1 man_t:lnk_file { getattr read };
system,miscfiles.if,miscfiles_read_public_files'
allow $1 { public_content_t public_content_rw_t }:dir { getattr search read lock ioctl };
allow $1 { public_content_t public_content_rw_t }:dir { getattr search };
allow $1 { public_content_t public_content_rw_t }:file { getattr read lock ioctl };
allow $1 { public_content_t public_content_rw_t }:dir { getattr search };
allow $1 { public_content_t public_content_rw_t }:lnk_file { getattr read };
system,miscfiles.if,miscfiles_manage_public_files'
allow $1 public_content_rw_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 public_content_rw_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 public_content_rw_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 public_content_rw_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 public_content_rw_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 public_content_rw_t:lnk_file { create read getattr setattr unlink rename };
system,miscfiles.if,miscfiles_read_tetex_data'
allow $1 var_t:dir { getattr search };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 tetex_data_t:dir { getattr search read lock ioctl };
allow $1 tetex_data_t:dir { getattr search };
allow $1 tetex_data_t:file { getattr read lock ioctl };
allow $1 tetex_data_t:dir { getattr search };
allow $1 tetex_data_t:lnk_file { getattr read };
system,miscfiles.if,miscfiles_exec_tetex_data'
allow $1 var_t:dir { getattr search };
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 tetex_data_t:dir { getattr search read lock ioctl };
allow $1 tetex_data_t:dir { getattr search };
allow $1 tetex_data_t:file { getattr read execute execute_no_trans };
system,miscfiles.if,miscfiles_domain_entry_test_files'
allow $1 test_file_t:file entrypoint;
allow $1 test_file_t:file { { getattr read execute ioctl } ioctl lock };
system,miscfiles.if,miscfiles_read_test_files'
allow $1 test_file_t:dir { getattr search };
allow $1 test_file_t:file { getattr read lock ioctl };
allow $1 test_file_t:dir { getattr search };
allow $1 test_file_t:lnk_file { getattr read };
system,miscfiles.if,miscfiles_exec_test_files'
allow $1 test_file_t:dir { getattr search };
allow $1 test_file_t:file { getattr read execute execute_no_trans };
allow $1 test_file_t:dir { getattr search };
allow $1 test_file_t:lnk_file { getattr read };
system,miscfiles.if,miscfiles_etc_filetrans_localization'
allow $1 etc_t:dir { read getattr lock search ioctl add_name remove_name write };
system,miscfiles.if,miscfiles_manage_localization'
allow $1 locale_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 locale_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 locale_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 locale_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 locale_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 locale_t:lnk_file { create read getattr setattr unlink rename };
system,modutils.if,modutils_read_module_deps'
allow $1 modules_object_t:dir { getattr search read lock ioctl };
allow $1 modules_dep_t:file { getattr read lock ioctl };
system,modutils.if,modutils_read_module_config'
allow $1 etc_t:dir { getattr search };
allow $1 boot_t:dir { getattr search };
allow $1 modules_conf_t:file { getattr read lock ioctl };
allow $1 modules_conf_t:lnk_file { getattr read };
system,modutils.if,modutils_rename_module_config'
allow $1 modules_conf_t:file { getattr rename };
system,modutils.if,modutils_delete_module_config'
allow $1 modules_conf_t:file unlink;
system,modutils.if,modutils_domtrans_insmod_uncond'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 insmod_exec_t:file { getattr read execute };
allow $1 insmod_t:process transition;
allow insmod_t $1:fd use;
allow insmod_t $1:fifo_file { getattr read write append ioctl lock };
allow insmod_t $1:process sigchld;
system,modutils.if,modutils_domtrans_insmod'
system,modutils.if,modutils_run_insmod'
system,modutils.if,modutils_exec_insmod'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 insmod_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
system,modutils.if,modutils_domtrans_depmod'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 depmod_exec_t:file { getattr read execute };
allow $1 depmod_t:process transition;
allow depmod_t $1:fd use;
allow depmod_t $1:fifo_file { getattr read write append ioctl lock };
allow depmod_t $1:process sigchld;
system,modutils.if,modutils_run_depmod'
system,modutils.if,modutils_exec_depmod'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 depmod_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
system,modutils.if,modutils_domtrans_update_mods'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 update_modules_exec_t:file { getattr read execute };
allow $1 update_modules_t:process transition;
allow update_modules_t $1:fd use;
allow update_modules_t $1:fifo_file { getattr read write append ioctl lock };
allow update_modules_t $1:process sigchld;
system,modutils.if,modutils_run_update_mods'
system,modutils.if,modutils_exec_update_mods'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 update_modules_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
system,mount.if,mount_domtrans'
allow $1 mount_exec_t:file { getattr read execute };
allow $1 mount_t:process transition;
allow mount_t $1:fd use;
allow mount_t $1:fifo_file { getattr read write append ioctl lock };
allow mount_t $1:process sigchld;
system,mount.if,mount_run'
system,mount.if,mount_exec'
allow $1 mount_exec_t:dir { getattr search read lock ioctl };
allow $1 mount_exec_t:lnk_file { getattr read };
allow $1 mount_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
system,mount.if,mount_use_fds'
allow $1 mount_t:fd use;
system,mount.if,mount_send_nfs_client_request'
system,mount.if,mount_domtrans_unconfined'
allow $1 mount_exec_t:file { getattr read execute };
allow $1 unconfined_mount_t:process transition;
allow unconfined_mount_t $1:fd use;
allow unconfined_mount_t $1:fifo_file { getattr read write append ioctl lock };
allow unconfined_mount_t $1:process sigchld;
system,mount.if,mount_run_unconfined'
system,netlabel.if,netlabel_domtrans_mgmt'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 netlabel_mgmt_exec_t:file { getattr read execute };
allow $1 netlabel_mgmt_t:process transition;
allow netlabel_mgmt_t $1:fd use;
allow netlabel_mgmt_t $1:fifo_file { getattr read write append ioctl lock };
allow netlabel_mgmt_t $1:process sigchld;
system,netlabel.if,netlabel_run_mgmt'
system,pcmcia.if,pcmcia_stub'
system,pcmcia.if,pcmcia_domtrans_cardmgr'
allow $1 cardmgr_exec_t:file { getattr read execute };
allow $1 cardmgr_t:process transition;
allow cardmgr_t $1:fd use;
allow cardmgr_t $1:fifo_file { getattr read write append ioctl lock };
allow cardmgr_t $1:process sigchld;
system,pcmcia.if,pcmcia_use_cardmgr_fds'
allow $1 cardmgr_t:fd use;
system,pcmcia.if,pcmcia_domtrans_cardctl'
allow $1 cardctl_exec_t:file { getattr read execute };
allow $1 cardmgr_t:process transition;
allow cardmgr_t $1:fd use;
allow cardmgr_t $1:fifo_file { getattr read write append ioctl lock };
allow cardmgr_t $1:process sigchld;
system,pcmcia.if,pcmcia_run_cardctl'
system,pcmcia.if,pcmcia_read_pid'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 cardmgr_var_run_t:dir { getattr search };
allow $1 cardmgr_var_run_t:file { getattr read lock ioctl };
system,pcmcia.if,pcmcia_manage_pid'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 cardmgr_var_run_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 cardmgr_var_run_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
system,pcmcia.if,pcmcia_manage_pid_chr_files'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 self:capability mknod;
allow $1 cardmgr_var_run_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 cardmgr_var_run_t:chr_file { create open getattr setattr read write append rename link unlink ioctl lock };
system,raid.if,raid_domtrans_mdadm'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 mdadm_exec_t:file { getattr read execute };
allow $1 mdadm_t:process transition;
allow mdadm_t $1:fd use;
allow mdadm_t $1:fifo_file { getattr read write append ioctl lock };
allow mdadm_t $1:process sigchld;
system,raid.if,raid_manage_mdadm_pid'
allow $1 mdadm_var_run_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
system,selinuxutil.if,seutil_domtrans_checkpolicy'
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 checkpolicy_exec_t:file { getattr read execute };
allow $1 checkpolicy_t:process transition;
allow checkpolicy_t $1:fd use;
allow checkpolicy_t $1:fifo_file { getattr read write append ioctl lock };
allow checkpolicy_t $1:process sigchld;
system,selinuxutil.if,seutil_run_checkpolicy'
system,selinuxutil.if,seutil_exec_checkpolicy'
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 checkpolicy_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
system,selinuxutil.if,seutil_domtrans_loadpolicy'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 load_policy_exec_t:file { getattr read execute };
allow $1 load_policy_t:process transition;
allow load_policy_t $1:fd use;
allow load_policy_t $1:fifo_file { getattr read write append ioctl lock };
allow load_policy_t $1:process sigchld;
system,selinuxutil.if,seutil_run_loadpolicy'
system,selinuxutil.if,seutil_exec_loadpolicy'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 load_policy_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
system,selinuxutil.if,seutil_read_loadpolicy'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 load_policy_exec_t:file { getattr read lock ioctl };
system,selinuxutil.if,seutil_domtrans_newrole'
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 newrole_exec_t:file { getattr read execute };
allow $1 newrole_t:process transition;
allow newrole_t $1:fd use;
allow newrole_t $1:fifo_file { getattr read write append ioctl lock };
allow newrole_t $1:process sigchld;
system,selinuxutil.if,seutil_run_newrole'
allow newrole_t updpwd_exec_t:file { getattr read execute };
allow newrole_t updpwd_t:process transition;
allow updpwd_t newrole_t:fd use;
allow updpwd_t newrole_t:fifo_file { getattr read write append ioctl lock };
allow updpwd_t newrole_t:process sigchld;
system,selinuxutil.if,seutil_exec_newrole'
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 newrole_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
system,selinuxutil.if,seutil_dontaudit_signal_newrole'
system,selinuxutil.if,seutil_sigchld_newrole'
allow $1 newrole_t:process sigchld;
system,selinuxutil.if,seutil_use_newrole_fds'
allow $1 newrole_t:fd use;
system,selinuxutil.if,seutil_dontaudit_use_newrole_fds'
system,selinuxutil.if,seutil_domtrans_restorecon'
system,selinuxutil.if,seutil_run_restorecon'
system,selinuxutil.if,seutil_exec_restorecon'
system,selinuxutil.if,seutil_domtrans_runinit'
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 run_init_exec_t:file { getattr read execute };
allow $1 run_init_t:process transition;
allow run_init_t $1:fd use;
allow run_init_t $1:fifo_file { getattr read write append ioctl lock };
allow run_init_t $1:process sigchld;
system,selinuxutil.if,seutil_init_script_domtrans_runinit'
allow $1 etc_t:dir { getattr search read lock ioctl };
allow $1 initrc_exec_t:file { getattr read execute };
allow $1 run_init_t:process transition;
allow run_init_t $1:fd use;
allow run_init_t $1:fifo_file { getattr read write append ioctl lock };
allow run_init_t $1:process sigchld;
system,selinuxutil.if,seutil_run_runinit'
allow run_init_t bin_t:dir { getattr search };
allow run_init_t bin_t:dir { getattr search };
allow run_init_t chkpwd_exec_t:file { getattr read execute };
allow run_init_t chkpwd_t:process transition;
allow chkpwd_t run_init_t:fd use;
allow chkpwd_t run_init_t:fifo_file { getattr read write append ioctl lock };
allow chkpwd_t run_init_t:process sigchld;
allow run_init_t device_t:dir { getattr search };
allow run_init_t random_device_t:chr_file { getattr read lock ioctl };
allow run_init_t device_t:dir { getattr search };
allow run_init_t urandom_device_t:chr_file { getattr read lock ioctl };
allow run_init_t self:capability audit_write;
allow run_init_t self:netlink_audit_socket { { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } nlmsg_read } nlmsg_relay };
allow run_init_t cert_t:dir { getattr search read lock ioctl };
allow run_init_t cert_t:dir { getattr search };
allow run_init_t cert_t:file { getattr read lock ioctl };
allow run_init_t cert_t:dir { getattr search };
allow run_init_t cert_t:lnk_file { getattr read };
allow run_init_t self:tcp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow run_init_t self:udp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow run_init_t unlabeled_t:tcp_socket recvfrom;
allow run_init_t unlabeled_t:udp_socket recvfrom;
allow run_init_t unlabeled_t:rawip_socket recvfrom;
allow run_init_t unlabeled_t:peer recv;
allow run_init_t unlabeled_t:association { sendto recvfrom };
allow run_init_t unlabeled_t:packet { send recv };
allow run_init_t netlabel_peer_t:peer recv;
allow run_init_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow run_init_t netif_type:netif { tcp_send tcp_recv egress ingress };
allow run_init_t netif_type:netif { udp_send egress };
allow run_init_t netif_type:netif { udp_recv ingress };
allow run_init_t node_type:node { tcp_send tcp_recv sendto recvfrom };
allow run_init_t node_type:node { udp_send sendto };
allow run_init_t node_type:node { udp_recv recvfrom };
allow run_init_t dns_port_t:tcp_socket { send_msg recv_msg };
allow run_init_t dns_port_t:udp_socket send_msg;
allow run_init_t dns_port_t:udp_socket recv_msg;
allow run_init_t dns_port_t:tcp_socket name_connect;
allow run_init_t dns_client_packet_t:packet send;
allow run_init_t dns_client_packet_t:packet recv;
allow run_init_t etc_t:dir { getattr search };
allow run_init_t net_conf_t:file { getattr read lock ioctl };
allow run_init_t self:tcp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow run_init_t unlabeled_t:tcp_socket recvfrom;
allow run_init_t unlabeled_t:udp_socket recvfrom;
allow run_init_t unlabeled_t:rawip_socket recvfrom;
allow run_init_t unlabeled_t:peer recv;
allow run_init_t unlabeled_t:association { sendto recvfrom };
allow run_init_t unlabeled_t:packet { send recv };
allow run_init_t netlabel_peer_t:peer recv;
allow run_init_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow run_init_t netif_type:netif { tcp_send tcp_recv egress ingress };
allow run_init_t node_type:node { tcp_send tcp_recv sendto recvfrom };
allow run_init_t ldap_port_t:tcp_socket { send_msg recv_msg };
allow run_init_t ldap_port_t:tcp_socket name_connect;
allow run_init_t ldap_client_packet_t:packet send;
allow run_init_t ldap_client_packet_t:packet recv;
allow run_init_t etc_t:dir { getattr search };
allow run_init_t net_conf_t:file { getattr read lock ioctl };
allow $2 system_r;
system,selinuxutil.if,seutil_init_script_run_runinit'
allow run_init_t bin_t:dir { getattr search };
allow run_init_t bin_t:dir { getattr search };
allow run_init_t chkpwd_exec_t:file { getattr read execute };
allow run_init_t chkpwd_t:process transition;
allow chkpwd_t run_init_t:fd use;
allow chkpwd_t run_init_t:fifo_file { getattr read write append ioctl lock };
allow chkpwd_t run_init_t:process sigchld;
allow run_init_t device_t:dir { getattr search };
allow run_init_t random_device_t:chr_file { getattr read lock ioctl };
allow run_init_t device_t:dir { getattr search };
allow run_init_t urandom_device_t:chr_file { getattr read lock ioctl };
allow run_init_t self:capability audit_write;
allow run_init_t self:netlink_audit_socket { { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } nlmsg_read } nlmsg_relay };
allow run_init_t cert_t:dir { getattr search read lock ioctl };
allow run_init_t cert_t:dir { getattr search };
allow run_init_t cert_t:file { getattr read lock ioctl };
allow run_init_t cert_t:dir { getattr search };
allow run_init_t cert_t:lnk_file { getattr read };
allow run_init_t self:tcp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow run_init_t self:udp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow run_init_t unlabeled_t:tcp_socket recvfrom;
allow run_init_t unlabeled_t:udp_socket recvfrom;
allow run_init_t unlabeled_t:rawip_socket recvfrom;
allow run_init_t unlabeled_t:peer recv;
allow run_init_t unlabeled_t:association { sendto recvfrom };
allow run_init_t unlabeled_t:packet { send recv };
allow run_init_t netlabel_peer_t:peer recv;
allow run_init_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow run_init_t netif_type:netif { tcp_send tcp_recv egress ingress };
allow run_init_t netif_type:netif { udp_send egress };
allow run_init_t netif_type:netif { udp_recv ingress };
allow run_init_t node_type:node { tcp_send tcp_recv sendto recvfrom };
allow run_init_t node_type:node { udp_send sendto };
allow run_init_t node_type:node { udp_recv recvfrom };
allow run_init_t dns_port_t:tcp_socket { send_msg recv_msg };
allow run_init_t dns_port_t:udp_socket send_msg;
allow run_init_t dns_port_t:udp_socket recv_msg;
allow run_init_t dns_port_t:tcp_socket name_connect;
allow run_init_t dns_client_packet_t:packet send;
allow run_init_t dns_client_packet_t:packet recv;
allow run_init_t etc_t:dir { getattr search };
allow run_init_t net_conf_t:file { getattr read lock ioctl };
allow run_init_t self:tcp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow run_init_t unlabeled_t:tcp_socket recvfrom;
allow run_init_t unlabeled_t:udp_socket recvfrom;
allow run_init_t unlabeled_t:rawip_socket recvfrom;
allow run_init_t unlabeled_t:peer recv;
allow run_init_t unlabeled_t:association { sendto recvfrom };
allow run_init_t unlabeled_t:packet { send recv };
allow run_init_t netlabel_peer_t:peer recv;
allow run_init_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow run_init_t netif_type:netif { tcp_send tcp_recv egress ingress };
allow run_init_t node_type:node { tcp_send tcp_recv sendto recvfrom };
allow run_init_t ldap_port_t:tcp_socket { send_msg recv_msg };
allow run_init_t ldap_port_t:tcp_socket name_connect;
allow run_init_t ldap_client_packet_t:packet send;
allow run_init_t ldap_client_packet_t:packet recv;
allow run_init_t etc_t:dir { getattr search };
allow run_init_t net_conf_t:file { getattr read lock ioctl };
allow $2 system_r;
system,selinuxutil.if,seutil_use_runinit_fds'
allow $1 run_init_t:fd use;
system,selinuxutil.if,seutil_domtrans_setfiles'
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 setfiles_exec_t:file { getattr read execute };
allow $1 setfiles_t:process transition;
allow setfiles_t $1:fd use;
allow setfiles_t $1:fifo_file { getattr read write append ioctl lock };
allow setfiles_t $1:process sigchld;
system,selinuxutil.if,seutil_run_setfiles'
system,selinuxutil.if,seutil_exec_setfiles'
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 setfiles_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
system,selinuxutil.if,seutil_dontaudit_search_config'
system,selinuxutil.if,seutil_dontaudit_read_config'
system,selinuxutil.if,seutil_read_config'
allow $1 etc_t:dir { getattr search };
allow $1 selinux_config_t:dir { getattr search read lock ioctl };
allow $1 selinux_config_t:dir { getattr search };
allow $1 selinux_config_t:file { getattr read lock ioctl };
allow $1 selinux_config_t:dir { getattr search };
allow $1 selinux_config_t:lnk_file { getattr read };
system,selinuxutil.if,seutil_rw_config'
allow $1 etc_t:dir { getattr search };
allow $1 selinux_config_t:dir { getattr search read lock ioctl };
allow $1 selinux_config_t:dir { getattr search };
allow $1 selinux_config_t:file { getattr read write append ioctl lock };
system,selinuxutil.if,seutil_manage_selinux_config'
system,selinuxutil.if,seutil_manage_config'
allow $1 etc_t:dir { getattr search };
allow $1 selinux_config_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 selinux_config_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 selinux_config_t:dir { getattr search };
allow $1 selinux_config_t:lnk_file { getattr read };
system,selinuxutil.if,seutil_manage_config_dirs'
allow $1 etc_t:dir { getattr search };
allow $1 selinux_config_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
system,selinuxutil.if,seutil_search_default_contexts'
allow $1 etc_t:dir { getattr search };
allow $1 selinux_config_t:dir { getattr search };
allow $1 default_context_t:dir { getattr search };
system,selinuxutil.if,seutil_read_default_contexts'
allow $1 etc_t:dir { getattr search };
allow $1 selinux_config_t:dir { getattr search };
allow $1 default_context_t:dir { getattr search read lock ioctl };
allow $1 default_context_t:dir { getattr search };
allow $1 default_context_t:file { getattr read lock ioctl };
system,selinuxutil.if,seutil_manage_default_contexts'
allow $1 etc_t:dir { getattr search };
allow $1 selinux_config_t:dir { getattr search };
allow $1 default_context_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 default_context_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
system,selinuxutil.if,seutil_read_file_contexts'
allow $1 etc_t:dir { getattr search };
allow $1 { selinux_config_t default_context_t }:dir { getattr search };
allow $1 file_context_t:dir { getattr search };
allow $1 file_context_t:file { getattr read lock ioctl };
system,selinuxutil.if,seutil_dontaudit_read_file_contexts'
system,selinuxutil.if,seutil_rw_file_contexts'
allow $1 etc_t:dir { getattr search };
allow $1 { selinux_config_t default_context_t }:dir { getattr search };
allow $1 file_context_t:dir { getattr search };
allow $1 file_context_t:file { getattr read write append ioctl lock };
system,selinuxutil.if,seutil_manage_file_contexts'
allow $1 etc_t:dir { getattr search };
allow $1 { selinux_config_t default_context_t }:dir { getattr search };
allow $1 file_context_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 file_context_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
system,selinuxutil.if,seutil_read_bin_policy'
allow $1 etc_t:dir { getattr search };
allow $1 selinux_config_t:dir { getattr search };
allow $1 policy_config_t:dir { getattr search };
allow $1 policy_config_t:file { getattr read lock ioctl };
system,selinuxutil.if,seutil_create_bin_policy'
allow $1 etc_t:dir { getattr search };
allow $1 selinux_config_t:dir { getattr search };
allow $1 policy_config_t:dir { getattr search lock ioctl write add_name };
allow $1 policy_config_t:file { getattr create open };
allow $1 policy_config_t:dir { getattr search };
allow $1 policy_config_t:file { getattr write append lock ioctl };
system,selinuxutil.if,seutil_relabelto_bin_policy'
allow $1 policy_config_t:file relabelto;
system,selinuxutil.if,seutil_manage_bin_policy'
allow $1 etc_t:dir { getattr search };
allow $1 selinux_config_t:dir { getattr search };
allow $1 policy_config_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 policy_config_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
system,selinuxutil.if,seutil_read_src_policy'
allow $1 etc_t:dir { getattr search };
allow $1 selinux_config_t:dir { getattr search };
allow $1 policy_src_t:dir { getattr search read lock ioctl };
allow $1 policy_src_t:dir { getattr search };
allow $1 policy_src_t:file { getattr read lock ioctl };
system,selinuxutil.if,seutil_manage_src_policy'
allow $1 etc_t:dir { getattr search };
allow $1 selinux_config_t:dir { getattr search };
allow $1 policy_src_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 policy_src_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 policy_src_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 policy_src_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
system,selinuxutil.if,seutil_domtrans_semanage'
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 semanage_exec_t:file { getattr read execute };
allow $1 semanage_t:process transition;
allow semanage_t $1:fd use;
allow semanage_t $1:fifo_file { getattr read write append ioctl lock };
allow semanage_t $1:process sigchld;
system,selinuxutil.if,seutil_run_semanage'
system,selinuxutil.if,seutil_manage_module_store'
allow $1 etc_t:dir { getattr search };
allow $1 selinux_config_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 semanage_store_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 semanage_store_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 semanage_store_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 selinux_config_t:dir { read getattr lock search ioctl add_name remove_name write };
system,selinuxutil.if,seutil_get_semanage_read_lock'
allow $1 etc_t:dir { getattr search };
allow $1 selinux_config_t:dir { getattr search };
allow $1 semanage_read_lock_t:file { getattr read write append ioctl lock };
system,selinuxutil.if,seutil_get_semanage_trans_lock'
allow $1 etc_t:dir { getattr search };
allow $1 selinux_config_t:dir { getattr search };
allow $1 semanage_trans_lock_t:file { getattr read write append ioctl lock };
system,selinuxutil.if,seutil_libselinux_linked'
allow $1 security_t:filesystem getattr;
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:file { getattr read lock ioctl };
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:lnk_file { getattr read };
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:dir { getattr search read lock ioctl };
system,selinuxutil.if,seutil_dontaudit_libselinux_linked'
system,setrans.if,setrans_translate_context'
allow $1 self:unix_stream_socket { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } listen accept };
allow $1 setrans_t:context translate;
allow $1 setrans_var_run_t:dir { getattr search };
allow $1 setrans_var_run_t:sock_file { getattr write };
allow $1 setrans_t:unix_stream_socket connectto;
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
system,sysnetwork.if,sysnet_domtrans_dhcpc'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 dhcpc_exec_t:file { getattr read execute };
allow $1 dhcpc_t:process transition;
allow dhcpc_t $1:fd use;
allow dhcpc_t $1:fifo_file { getattr read write append ioctl lock };
allow dhcpc_t $1:process sigchld;
system,sysnetwork.if,sysnet_run_dhcpc'
system,sysnetwork.if,sysnet_sigchld_dhcpc'
allow $1 dhcpc_t:process sigchld;
system,sysnetwork.if,sysnet_kill_dhcpc'
allow $1 dhcpc_t:process sigkill;
system,sysnetwork.if,sysnet_sigstop_dhcpc'
allow $1 dhcpc_t:process sigstop;
system,sysnetwork.if,sysnet_signull_dhcpc'
allow $1 dhcpc_t:process signull;
system,sysnetwork.if,sysnet_signal_dhcpc'
allow $1 dhcpc_t:process signal;
system,sysnetwork.if,sysnet_dbus_chat_dhcpc'
allow $1 dhcpc_t:dbus send_msg;
allow dhcpc_t $1:dbus send_msg;
system,sysnetwork.if,sysnet_rw_dhcp_config'
allow $1 etc_t:dir { getattr search };
allow $1 dhcp_etc_t:file { getattr read write append ioctl lock };
system,sysnetwork.if,sysnet_read_dhcpc_state'
allow $1 dhcpc_state_t:file { getattr read lock ioctl };
system,sysnetwork.if,sysnet_setattr_config'
allow $1 etc_t:dir { getattr search };
allow $1 net_conf_t:file setattr;
system,sysnetwork.if,sysnet_read_config'
allow $1 etc_t:dir { getattr search };
allow $1 net_conf_t:file { getattr read lock ioctl };
system,sysnetwork.if,sysnet_dontaudit_read_config'
system,sysnetwork.if,sysnet_write_config'
allow $1 etc_t:dir { getattr search };
allow $1 net_conf_t:file { getattr write append lock ioctl };
system,sysnetwork.if,sysnet_create_config'
allow $1 etc_t:dir { getattr search };
allow $1 net_conf_t:file { getattr create open };
system,sysnetwork.if,sysnet_etc_filetrans_config'
allow $1 etc_t:dir { read getattr lock search ioctl add_name remove_name write };
system,sysnetwork.if,sysnet_manage_config'
allow $1 net_conf_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
system,sysnetwork.if,sysnet_read_dhcpc_pid'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search read lock ioctl };
allow $1 dhcpc_var_run_t:file { getattr read lock ioctl };
system,sysnetwork.if,sysnet_delete_dhcpc_pid'
allow $1 dhcpc_var_run_t:file unlink;
system,sysnetwork.if,sysnet_domtrans_ifconfig'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 ifconfig_exec_t:file { getattr read execute };
allow $1 ifconfig_t:process transition;
allow ifconfig_t $1:fd use;
allow ifconfig_t $1:fifo_file { getattr read write append ioctl lock };
allow ifconfig_t $1:process sigchld;
system,sysnetwork.if,sysnet_run_ifconfig'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
system,sysnetwork.if,sysnet_exec_ifconfig'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 ifconfig_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
system,sysnetwork.if,sysnet_signal_ifconfig'
allow $1 ifconfig_t:process signal;
system,sysnetwork.if,sysnet_read_dhcp_config'
allow $1 etc_t:dir { getattr search };
allow $1 dhcp_etc_t:dir { getattr search };
allow $1 dhcp_etc_t:file { getattr read lock ioctl };
system,sysnetwork.if,sysnet_search_dhcp_state'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 dhcp_state_t:dir { getattr search };
system,sysnetwork.if,sysnet_dhcp_state_filetrans'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search };
allow $1 dhcp_state_t:dir { read getattr lock search ioctl add_name remove_name write };
system,sysnetwork.if,sysnet_dns_name_resolve'
allow $1 self:tcp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 self:udp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 unlabeled_t:tcp_socket recvfrom;
allow $1 unlabeled_t:udp_socket recvfrom;
allow $1 unlabeled_t:rawip_socket recvfrom;
allow $1 unlabeled_t:peer recv;
allow $1 unlabeled_t:association { sendto recvfrom };
allow $1 unlabeled_t:packet { send recv };
allow $1 netlabel_peer_t:peer recv;
allow $1 netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow $1 netif_type:netif { tcp_send tcp_recv egress ingress };
allow $1 netif_type:netif { udp_send egress };
allow $1 netif_type:netif { udp_recv ingress };
allow $1 node_type:node { tcp_send tcp_recv sendto recvfrom };
allow $1 node_type:node { udp_send sendto };
allow $1 node_type:node { udp_recv recvfrom };
allow $1 dns_port_t:tcp_socket { send_msg recv_msg };
allow $1 dns_port_t:udp_socket send_msg;
allow $1 dns_port_t:udp_socket recv_msg;
allow $1 dns_port_t:tcp_socket name_connect;
allow $1 dns_client_packet_t:packet send;
allow $1 dns_client_packet_t:packet recv;
allow $1 etc_t:dir { getattr search };
allow $1 net_conf_t:file { getattr read lock ioctl };
system,sysnetwork.if,sysnet_use_ldap'
allow $1 self:tcp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 unlabeled_t:tcp_socket recvfrom;
allow $1 unlabeled_t:udp_socket recvfrom;
allow $1 unlabeled_t:rawip_socket recvfrom;
allow $1 unlabeled_t:peer recv;
allow $1 unlabeled_t:association { sendto recvfrom };
allow $1 unlabeled_t:packet { send recv };
allow $1 netlabel_peer_t:peer recv;
allow $1 netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow $1 netif_type:netif { tcp_send tcp_recv egress ingress };
allow $1 node_type:node { tcp_send tcp_recv sendto recvfrom };
allow $1 ldap_port_t:tcp_socket { send_msg recv_msg };
allow $1 ldap_port_t:tcp_socket name_connect;
allow $1 ldap_client_packet_t:packet send;
allow $1 ldap_client_packet_t:packet recv;
allow $1 etc_t:dir { getattr search };
allow $1 net_conf_t:file { getattr read lock ioctl };
system,sysnetwork.if,sysnet_use_portmap'
allow $1 self:tcp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 self:udp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 unlabeled_t:tcp_socket recvfrom;
allow $1 unlabeled_t:udp_socket recvfrom;
allow $1 unlabeled_t:rawip_socket recvfrom;
allow $1 unlabeled_t:peer recv;
allow $1 unlabeled_t:association { sendto recvfrom };
allow $1 unlabeled_t:packet { send recv };
allow $1 netlabel_peer_t:peer recv;
allow $1 netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow $1 netif_type:netif { tcp_send tcp_recv egress ingress };
allow $1 netif_type:netif { udp_send egress };
allow $1 netif_type:netif { udp_recv ingress };
allow $1 node_type:node { tcp_send tcp_recv sendto recvfrom };
allow $1 node_type:node { udp_send sendto };
allow $1 node_type:node { udp_recv recvfrom };
allow $1 portmap_port_t:tcp_socket { send_msg recv_msg };
allow $1 portmap_port_t:udp_socket send_msg;
allow $1 portmap_port_t:udp_socket recv_msg;
allow $1 portmap_port_t:tcp_socket name_connect;
allow $1 portmap_client_packet_t:packet send;
allow $1 portmap_client_packet_t:packet recv;
allow $1 etc_t:dir { getattr search };
allow $1 net_conf_t:file { getattr read lock ioctl };
system,udev.if,udev_domtrans'
allow $1 udev_exec_t:file { getattr read execute };
allow $1 udev_t:process transition;
allow udev_t $1:fd use;
allow udev_t $1:fifo_file { getattr read write append ioctl lock };
allow udev_t $1:process sigchld;
system,udev.if,udev_helper_domtrans'
allow $1 udev_helper_exec_t:file { getattr read execute };
allow $1 udev_t:process transition;
allow udev_t $1:fd use;
allow udev_t $1:fifo_file { getattr read write append ioctl lock };
allow udev_t $1:process sigchld;
system,udev.if,udev_read_state'
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:dir { getattr search };
allow $1 udev_t:file { getattr read lock ioctl };
allow $1 udev_t:lnk_file { getattr read };
system,udev.if,udev_dontaudit_use_fds'
system,udev.if,udev_dontaudit_rw_dgram_sockets'
system,udev.if,udev_read_db'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 udev_tdb_t:file { getattr read lock ioctl };
system,udev.if,udev_rw_db'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 udev_tdb_t:file { getattr read write append ioctl lock };
system,unconfined.if,unconfined_domain_noaudit'
allow $1 self:capability *;
allow $1 self:fifo_file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 self:process transition;
allow $1 self:file { getattr read write append ioctl lock };
allow $1 self:nscd *;
allow $1 self:dbus *;
allow $1 self:passwd *;
allow $1 self:association *;
allow $1 self:process execheap;
allow $1 self:process execmem;
allow $1 self:process { execstack execmem };
system,unconfined.if,unconfined_domain'
system,unconfined.if,# tunable_policy(`allow_execmem'
system,unconfined.if,unconfined_alias_domain'
system,unconfined.if,unconfined_execmem_alias_program'
system,unconfined.if,unconfined_domtrans'
allow $1 unconfined_exec_t:file { getattr read execute };
allow $1 unconfined_t:process transition;
allow unconfined_t $1:fd use;
allow unconfined_t $1:fifo_file { getattr read write append ioctl lock };
allow unconfined_t $1:process sigchld;
system,unconfined.if,unconfined_run'
system,unconfined.if,unconfined_shell_domtrans'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search read lock ioctl };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:lnk_file { getattr read };
allow $1 shell_exec_t:file { getattr read execute };
allow $1 unconfined_t:process transition;
allow unconfined_t $1:fd use;
allow unconfined_t $1:fifo_file { getattr read write append ioctl lock };
allow unconfined_t $1:process sigchld;
system,unconfined.if,unconfined_domtrans_to'
allow unconfined_t $2:file { getattr read execute };
allow unconfined_t $1:process transition;
allow $1 unconfined_t:fd use;
allow $1 unconfined_t:fifo_file { getattr read write append ioctl lock };
allow $1 unconfined_t:process sigchld;
system,unconfined.if,unconfined_run_to'
allow unconfined_t $2:file { getattr read execute };
allow unconfined_t $1:process transition;
allow $1 unconfined_t:fd use;
allow $1 unconfined_t:fifo_file { getattr read write append ioctl lock };
allow $1 unconfined_t:process sigchld;
allow $1 user_tty_device_t:chr_file { getattr read write ioctl };
allow $1 user_devpts_t:chr_file { getattr read write ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 devpts_t:dir { getattr search read lock ioctl };
system,unconfined.if,unconfined_use_fds'
allow $1 unconfined_t:fd use;
system,unconfined.if,unconfined_sigchld'
allow $1 unconfined_t:process sigchld;
system,unconfined.if,unconfined_signull'
allow $1 unconfined_t:process signull;
system,unconfined.if,unconfined_signal'
allow $1 unconfined_t:process signal;
system,unconfined.if,unconfined_read_pipes'
allow $1 unconfined_t:fifo_file { getattr read lock ioctl };
system,unconfined.if,unconfined_dontaudit_read_pipes'
system,unconfined.if,unconfined_rw_pipes'
allow $1 unconfined_t:fifo_file { getattr read write append ioctl lock };
system,unconfined.if,unconfined_dontaudit_rw_pipes'
system,unconfined.if,unconfined_stream_connect'
allow $1 unconfined_t:unix_stream_socket connectto;
system,unconfined.if,unconfined_dontaudit_rw_tcp_sockets'
system,unconfined.if,unconfined_create_keys'
allow $1 unconfined_t:key create;
system,unconfined.if,unconfined_dbus_send'
allow $1 unconfined_t:dbus send_msg;
system,unconfined.if,unconfined_dbus_chat'
allow $1 unconfined_t:dbus send_msg;
allow unconfined_t $1:dbus send_msg;
system,unconfined.if,unconfined_dbus_connect'
allow $1 unconfined_t:dbus acquire_svc;
allow $1_t shell_exec_t:file entrypoint;
allow $1_t shell_exec_t:file { { getattr read execute ioctl } ioctl lock };
allow $1_t self:process execmem;
allow $1_t self:process execstack;
system,userdomain.if,userdom_ro_home_role'
allow $2 user_home_dir_t:dir { getattr search read lock ioctl };
allow $2 user_home_t:dir { getattr search read lock ioctl };
allow $2 user_home_t:file entrypoint;
allow $2 { user_home_t user_home_dir_t }:dir { getattr search };
allow $2 user_home_t:file { getattr read lock ioctl };
allow $2 { user_home_t user_home_dir_t }:dir { getattr search };
allow $2 user_home_t:lnk_file { getattr read };
allow $2 { user_home_t user_home_dir_t }:dir { getattr search };
allow $2 user_home_t:fifo_file { getattr read lock ioctl };
allow $2 { user_home_t user_home_dir_t }:dir { getattr search };
allow $2 user_home_t:sock_file { getattr read };
allow $2 home_root_t:dir { getattr search read lock ioctl };
allow $2 nfs_t:dir { getattr search read lock ioctl };
allow $2 nfs_t:dir { getattr search read lock ioctl };
allow $2 nfs_t:dir { getattr search };
allow $2 nfs_t:file { getattr read lock ioctl };
allow $2 nfs_t:dir { getattr search read lock ioctl };
allow $2 nfs_t:dir { getattr search };
allow $2 nfs_t:lnk_file { getattr read };
allow $2 nfs_t:dir { getattr search };
allow $2 nfs_t:sock_file { getattr read };
allow $2 nfs_t:dir { getattr search };
allow $2 nfs_t:fifo_file { getattr read lock ioctl };
allow $2 nfs_t:dir { getattr search read lock ioctl };
allow $2 nfs_t:dir { getattr search read lock ioctl };
allow $2 nfs_t:dir { getattr search };
allow $2 nfs_t:file { getattr read lock ioctl };
allow $2 nfs_t:dir { getattr search read lock ioctl };
allow $2 nfs_t:dir { getattr search };
allow $2 nfs_t:lnk_file { getattr read };
allow $2 nfs_t:dir { getattr search };
allow $2 nfs_t:sock_file { getattr read };
allow $2 nfs_t:dir { getattr search };
allow $2 nfs_t:fifo_file { getattr read lock ioctl };
allow $2 cifs_t:dir { getattr search read lock ioctl };
allow $2 cifs_t:dir { getattr search read lock ioctl };
allow $2 cifs_t:dir { getattr search };
allow $2 cifs_t:file { getattr read lock ioctl };
allow $2 cifs_t:dir { getattr search read lock ioctl };
allow $2 cifs_t:dir { getattr search };
allow $2 cifs_t:lnk_file { getattr read };
allow $2 cifs_t:dir { getattr search };
allow $2 cifs_t:sock_file { getattr read };
allow $2 cifs_t:dir { getattr search };
allow $2 cifs_t:fifo_file { getattr read lock ioctl };
allow $2 cifs_t:dir { getattr search read lock ioctl };
allow $2 cifs_t:dir { getattr search read lock ioctl };
allow $2 cifs_t:dir { getattr search };
allow $2 cifs_t:file { getattr read lock ioctl };
allow $2 cifs_t:dir { getattr search read lock ioctl };
allow $2 cifs_t:dir { getattr search };
allow $2 cifs_t:lnk_file { getattr read };
allow $2 cifs_t:dir { getattr search };
allow $2 cifs_t:sock_file { getattr read };
allow $2 cifs_t:dir { getattr search };
allow $2 cifs_t:fifo_file { getattr read lock ioctl };
system,userdomain.if,userdom_manage_home_role'
allow $2 user_home_t:file entrypoint;
allow $2 { user_home_dir_t user_home_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 user_home_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $2 { user_home_dir_t user_home_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 user_home_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 { user_home_dir_t user_home_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 user_home_t:lnk_file { create read getattr setattr unlink rename };
allow $2 { user_home_dir_t user_home_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 user_home_t:sock_file { create getattr setattr read write rename link unlink ioctl lock append };
allow $2 { user_home_dir_t user_home_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 user_home_t:fifo_file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 { user_home_dir_t user_home_t }:dir { getattr search };
allow $2 user_home_t:dir { getattr relabelfrom relabelto };
allow $2 { user_home_dir_t user_home_t }:dir { getattr search };
allow $2 user_home_t:file { getattr relabelfrom relabelto };
allow $2 { user_home_dir_t user_home_t }:dir { getattr search };
allow $2 user_home_t:lnk_file { getattr relabelfrom relabelto };
allow $2 { user_home_dir_t user_home_t }:dir { getattr search };
allow $2 user_home_t:sock_file { getattr relabelfrom relabelto };
allow $2 { user_home_dir_t user_home_t }:dir { getattr search };
allow $2 user_home_t:fifo_file { getattr relabelfrom relabelto };
allow $2 user_home_dir_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 home_root_t:dir { getattr search read lock ioctl };
allow $2 user_home_dir_t:dir { { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl } { getattr relabelfrom relabelto } };
allow $2 nfs_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $2 nfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 nfs_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 nfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 nfs_t:lnk_file { create read getattr setattr unlink rename };
allow $2 nfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 nfs_t:sock_file { create getattr setattr read write rename link unlink ioctl lock append };
allow $2 nfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 nfs_t:fifo_file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 nfs_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $2 nfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 nfs_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 nfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 nfs_t:lnk_file { create read getattr setattr unlink rename };
allow $2 nfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 nfs_t:sock_file { create getattr setattr read write rename link unlink ioctl lock append };
allow $2 nfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 nfs_t:fifo_file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 cifs_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $2 cifs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 cifs_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 cifs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 cifs_t:lnk_file { create read getattr setattr unlink rename };
allow $2 cifs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 cifs_t:sock_file { create getattr setattr read write rename link unlink ioctl lock append };
allow $2 cifs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 cifs_t:fifo_file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 cifs_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $2 cifs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 cifs_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 cifs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 cifs_t:lnk_file { create read getattr setattr unlink rename };
allow $2 cifs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 cifs_t:sock_file { create getattr setattr read write rename link unlink ioctl lock append };
allow $2 cifs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 cifs_t:fifo_file { create open getattr setattr read write append rename link unlink ioctl lock };
system,userdomain.if,userdom_manage_tmp_role'
allow $2 user_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 user_tmp_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $2 user_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 user_tmp_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 user_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 user_tmp_t:lnk_file { create read getattr setattr unlink rename };
allow $2 user_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 user_tmp_t:sock_file { create getattr setattr read write rename link unlink ioctl lock append };
allow $2 user_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 user_tmp_t:fifo_file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
system,userdomain.if,userdom_exec_user_tmp_files'
allow $1 user_tmp_t:dir { getattr search };
allow $1 user_tmp_t:file { getattr read execute execute_no_trans };
allow $1 tmp_t:dir { getattr search };
system,userdomain.if,userdom_manage_tmpfs_role'
allow $2 user_tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 user_tmpfs_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $2 user_tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 user_tmpfs_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $2 user_tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 user_tmpfs_t:lnk_file { create read getattr setattr unlink rename };
allow $2 user_tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 user_tmpfs_t:sock_file { create getattr setattr read write rename link unlink ioctl lock append };
allow $2 user_tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $2 user_tmpfs_t:fifo_file { create open getattr setattr read write append rename link unlink ioctl lock };
allow user_tmpfs_t tmpfs_t:filesystem associate;
allow $2 tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t self:tcp_socket { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } listen accept };
allow $1_t self:udp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t unlabeled_t:tcp_socket recvfrom;
allow $1_t unlabeled_t:udp_socket recvfrom;
allow $1_t unlabeled_t:rawip_socket recvfrom;
allow $1_t unlabeled_t:peer recv;
allow $1_t unlabeled_t:association { sendto recvfrom };
allow $1_t unlabeled_t:packet { send recv };
allow $1_t netlabel_peer_t:peer recv;
allow $1_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow $1_t netif_type:netif { tcp_send tcp_recv egress ingress };
allow $1_t netif_type:netif { udp_send egress };
allow $1_t netif_type:netif { udp_recv ingress };
allow $1_t node_type:node { tcp_send tcp_recv sendto recvfrom };
allow $1_t node_type:node { udp_send sendto };
allow $1_t node_type:node { udp_recv recvfrom };
allow $1_t port_type:tcp_socket { send_msg recv_msg };
allow $1_t port_type:udp_socket send_msg;
allow $1_t port_type:udp_socket recv_msg;
allow $1_t port_type:tcp_socket name_connect;
allow $1_t client_packet_type:packet send;
allow $1_t client_packet_type:packet recv;
allow { $1_t $1_t } self:association sendto;
allow $1_t $1_t:{ association tcp_socket } recvfrom;
allow $1_t $1_t:{ association tcp_socket } recvfrom;
allow $1_t $1_t:peer recv;
allow $1_t $1_t:peer recv;
allow $1_t netlabel_peer_t:peer recv;
allow $1_t netlabel_peer_t:tcp_socket recvfrom;
allow $1_t netlabel_peer_t:peer recv;
allow $1_t netlabel_peer_t:tcp_socket recvfrom;
allow $1_t self:association sendto;
allow $1_t $1_t:{ association udp_socket } recvfrom;
allow $1_t $1_t:peer recv;
allow $1_t netlabel_peer_t:peer recv;
allow $1_t netlabel_peer_t:udp_socket recvfrom;
allow $1_t self:association sendto;
allow $1_t $1_t:{ association rawip_socket } recvfrom;
allow $1_t $1_t:peer recv;
allow $1_t netlabel_peer_t:peer recv;
allow $1_t netlabel_peer_t:rawip_socket recvfrom;
allow $1_t self:tcp_socket { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } listen accept };
allow $1_t self:udp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t unlabeled_t:tcp_socket recvfrom;
allow $1_t unlabeled_t:udp_socket recvfrom;
allow $1_t unlabeled_t:rawip_socket recvfrom;
allow $1_t unlabeled_t:peer recv;
allow $1_t unlabeled_t:association { sendto recvfrom };
allow $1_t unlabeled_t:packet { send recv };
allow $1_t netlabel_peer_t:peer recv;
allow $1_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow $1_t netif_type:netif { tcp_send tcp_recv egress ingress };
allow $1_t netif_type:netif { udp_send egress };
allow $1_t netif_type:netif { udp_recv ingress };
allow $1_t node_type:node { tcp_send tcp_recv sendto recvfrom };
allow $1_t node_type:node { udp_send sendto };
allow $1_t node_type:node { udp_recv recvfrom };
allow $1_t port_type:tcp_socket { send_msg recv_msg };
allow $1_t port_type:udp_socket send_msg;
allow $1_t port_type:udp_socket recv_msg;
allow $1_t port_type:tcp_socket name_connect;
allow $1_t client_packet_type:packet send;
allow $1_t client_packet_type:packet recv;
allow { $1_t $1_t } self:association sendto;
allow $1_t $1_t:{ association tcp_socket } recvfrom;
allow $1_t $1_t:{ association tcp_socket } recvfrom;
allow $1_t $1_t:peer recv;
allow $1_t $1_t:peer recv;
allow $1_t netlabel_peer_t:peer recv;
allow $1_t netlabel_peer_t:tcp_socket recvfrom;
allow $1_t netlabel_peer_t:peer recv;
allow $1_t netlabel_peer_t:tcp_socket recvfrom;
allow $1_t self:association sendto;
allow $1_t $1_t:{ association udp_socket } recvfrom;
allow $1_t $1_t:peer recv;
allow $1_t netlabel_peer_t:peer recv;
allow $1_t netlabel_peer_t:udp_socket recvfrom;
allow $1_t self:association sendto;
allow $1_t $1_t:{ association rawip_socket } recvfrom;
allow $1_t $1_t:peer recv;
allow $1_t netlabel_peer_t:peer recv;
allow $1_t netlabel_peer_t:rawip_socket recvfrom;
allow $1_t self:tcp_socket { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } listen accept };
allow $1_t self:udp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t unlabeled_t:tcp_socket recvfrom;
allow $1_t unlabeled_t:udp_socket recvfrom;
allow $1_t unlabeled_t:rawip_socket recvfrom;
allow $1_t unlabeled_t:peer recv;
allow $1_t unlabeled_t:association { sendto recvfrom };
allow $1_t unlabeled_t:packet { send recv };
allow $1_t netlabel_peer_t:peer recv;
allow $1_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow $1_t netif_type:netif { tcp_send tcp_recv egress ingress };
allow $1_t netif_type:netif { udp_send egress };
allow $1_t netif_type:netif { udp_recv ingress };
allow $1_t node_type:node { tcp_send tcp_recv sendto recvfrom };
allow $1_t node_type:node { udp_send sendto };
allow $1_t node_type:node { udp_recv recvfrom };
allow $1_t port_type:tcp_socket { send_msg recv_msg };
allow $1_t port_type:udp_socket send_msg;
allow $1_t port_type:udp_socket recv_msg;
allow $1_t port_type:tcp_socket name_connect;
allow $1_t client_packet_type:packet send;
allow $1_t client_packet_type:packet recv;
allow { $1_t $1_t } self:association sendto;
allow $1_t $1_t:{ association tcp_socket } recvfrom;
allow $1_t $1_t:{ association tcp_socket } recvfrom;
allow $1_t $1_t:peer recv;
allow $1_t $1_t:peer recv;
allow $1_t netlabel_peer_t:peer recv;
allow $1_t netlabel_peer_t:tcp_socket recvfrom;
allow $1_t netlabel_peer_t:peer recv;
allow $1_t netlabel_peer_t:tcp_socket recvfrom;
allow $1_t self:association sendto;
allow $1_t $1_t:{ association udp_socket } recvfrom;
allow $1_t $1_t:peer recv;
allow $1_t netlabel_peer_t:peer recv;
allow $1_t netlabel_peer_t:udp_socket recvfrom;
allow $1_t self:association sendto;
allow $1_t $1_t:{ association rawip_socket } recvfrom;
allow $1_t $1_t:peer recv;
allow $1_t netlabel_peer_t:peer recv;
allow $1_t netlabel_peer_t:rawip_socket recvfrom;
allow $1_t self:tcp_socket { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } listen accept };
allow $1_t self:udp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t unlabeled_t:tcp_socket recvfrom;
allow $1_t unlabeled_t:udp_socket recvfrom;
allow $1_t unlabeled_t:rawip_socket recvfrom;
allow $1_t unlabeled_t:peer recv;
allow $1_t unlabeled_t:association { sendto recvfrom };
allow $1_t unlabeled_t:packet { send recv };
allow $1_t netlabel_peer_t:peer recv;
allow $1_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow $1_t netif_type:netif { tcp_send tcp_recv egress ingress };
allow $1_t netif_type:netif { udp_send egress };
allow $1_t netif_type:netif { udp_recv ingress };
allow $1_t node_type:node { tcp_send tcp_recv sendto recvfrom };
allow $1_t node_type:node { udp_send sendto };
allow $1_t node_type:node { udp_recv recvfrom };
allow $1_t port_type:tcp_socket { send_msg recv_msg };
allow $1_t port_type:udp_socket send_msg;
allow $1_t port_type:udp_socket recv_msg;
allow $1_t port_type:tcp_socket name_connect;
allow $1_t client_packet_type:packet send;
allow $1_t client_packet_type:packet recv;
allow { $1_t $1_t } self:association sendto;
allow $1_t $1_t:{ association tcp_socket } recvfrom;
allow $1_t $1_t:{ association tcp_socket } recvfrom;
allow $1_t $1_t:peer recv;
allow $1_t $1_t:peer recv;
allow $1_t netlabel_peer_t:peer recv;
allow $1_t netlabel_peer_t:tcp_socket recvfrom;
allow $1_t netlabel_peer_t:peer recv;
allow $1_t netlabel_peer_t:tcp_socket recvfrom;
allow $1_t self:association sendto;
allow $1_t $1_t:{ association udp_socket } recvfrom;
allow $1_t $1_t:peer recv;
allow $1_t netlabel_peer_t:peer recv;
allow $1_t netlabel_peer_t:udp_socket recvfrom;
allow $1_t self:association sendto;
allow $1_t $1_t:{ association rawip_socket } recvfrom;
allow $1_t $1_t:peer recv;
allow $1_t netlabel_peer_t:peer recv;
allow $1_t netlabel_peer_t:rawip_socket recvfrom;
allow $1_t device_t:dir { getattr search };
allow $1_t xserver_misc_device_t:chr_file { getattr read write append ioctl lock };
allow $1_t device_t:dir { getattr search };
allow $1_t power_device_t:chr_file { getattr read write append ioctl lock };
allow $1_t device_t:dir { getattr search };
allow $1_t event_device_t:chr_file { getattr read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t misc_device_t:chr_file { getattr read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t misc_device_t:chr_file { getattr write append lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t agp_device_t:chr_file { getattr };
allow $1_t usbfs_t:dir { getattr search };
allow $1_t usbfs_t:dir { getattr search read lock ioctl };
allow $1_t usbfs_t:dir { getattr search };
allow $1_t usbfs_t:file { getattr read write append ioctl lock };
allow $1_t usbfs_t:dir { getattr search };
allow $1_t usbfs_t:lnk_file { getattr read };
allow $1_t self:shm { associate getattr setattr create destroy read write lock unix_read unix_write };
allow $1_t self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t self:unix_stream_socket { connectto { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } listen accept } };
allow $1_t xauth_home_t:file { getattr read };
allow $1_t iceauth_home_t:file { getattr read };
allow $1_t xdm_t:fd use;
allow $1_t xdm_t:fifo_file { getattr read write ioctl };
allow $1_t xdm_tmp_t:dir search;
allow $1_t xdm_tmp_t:sock_file { read write };
allow $1_t tmp_t:dir { getattr search };
allow $1_t usr_t:dir { getattr search };
allow $1_t lib_t:dir { getattr search };
allow $1_t fonts_t:dir { getattr search read lock ioctl };
allow $1_t fonts_t:dir { getattr search };
allow $1_t fonts_t:file { getattr read lock ioctl };
allow $1_t fonts_t:dir { getattr search };
allow $1_t fonts_t:lnk_file { getattr read };
allow xserver_t $1_t:fd use;
allow xserver_t $1_t:shm { associate getattr read write lock unix_read unix_write };
allow xserver_t user_tmpfs_t:file { getattr read write append ioctl lock };
allow $1_t xserver_t:unix_stream_socket connectto;
allow $1_t xserver_t:process signal;
allow $1_t xserver_tmp_t:file { getattr read };
allow $1_t xserver_t:fd use;
allow $1_t xserver_t:shm { associate getattr read unix_read };
allow $1_t xserver_tmpfs_t:file { getattr read lock ioctl };
allow $1_t user_fonts_t:dir { getattr search read lock ioctl };
allow $1_t user_fonts_t:file { getattr read lock ioctl };
allow $1_t user_fonts_cache_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t user_fonts_cache_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1_t user_fonts_cache_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t user_fonts_cache_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1_t user_fonts_config_t:dir { getattr search read lock ioctl };
allow $1_t user_fonts_config_t:file { getattr read lock ioctl };
allow $1_t tmp_t:dir { getattr search };
allow $1_t xdm_tmp_t:dir { getattr search };
allow $1_t xdm_tmp_t:file { getattr read lock ioctl };
allow $1_t xserver_t:shm { associate getattr read write lock unix_read unix_write };
allow $1_t xserver_tmpfs_t:file { getattr read write append ioctl lock };
allow $1_t xsession_exec_t:file entrypoint;
allow $1_t xsession_exec_t:file { { getattr read execute ioctl } ioctl lock };
allow $1_t device_t:dir { getattr search };
allow $1_t xserver_misc_device_t:chr_file { getattr read write append ioctl lock };
allow $1_t device_t:dir { getattr search };
allow $1_t power_device_t:chr_file { getattr read write append ioctl lock };
allow $1_t device_t:dir { getattr search };
allow $1_t event_device_t:chr_file { getattr read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t misc_device_t:chr_file { getattr read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t misc_device_t:chr_file { getattr write append lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t agp_device_t:chr_file { getattr };
allow $1_t usbfs_t:dir { getattr search };
allow $1_t usbfs_t:dir { getattr search read lock ioctl };
allow $1_t usbfs_t:dir { getattr search };
allow $1_t usbfs_t:file { getattr read write append ioctl lock };
allow $1_t usbfs_t:dir { getattr search };
allow $1_t usbfs_t:lnk_file { getattr read };
allow $1_t self:shm { associate getattr setattr create destroy read write lock unix_read unix_write };
allow $1_t self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t self:unix_stream_socket { connectto { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } listen accept } };
allow $1_t xauth_home_t:file { getattr read };
allow $1_t iceauth_home_t:file { getattr read };
allow $1_t xdm_t:fd use;
allow $1_t xdm_t:fifo_file { getattr read write ioctl };
allow $1_t xdm_tmp_t:dir search;
allow $1_t xdm_tmp_t:sock_file { read write };
allow $1_t tmp_t:dir { getattr search };
allow $1_t usr_t:dir { getattr search };
allow $1_t lib_t:dir { getattr search };
allow $1_t fonts_t:dir { getattr search read lock ioctl };
allow $1_t fonts_t:dir { getattr search };
allow $1_t fonts_t:file { getattr read lock ioctl };
allow $1_t fonts_t:dir { getattr search };
allow $1_t fonts_t:lnk_file { getattr read };
allow xserver_t $1_t:fd use;
allow xserver_t $1_t:shm { associate getattr read write lock unix_read unix_write };
allow xserver_t user_tmpfs_t:file { getattr read write append ioctl lock };
allow $1_t xserver_t:unix_stream_socket connectto;
allow $1_t xserver_t:process signal;
allow $1_t xserver_tmp_t:file { getattr read };
allow $1_t xserver_t:fd use;
allow $1_t xserver_t:shm { associate getattr read unix_read };
allow $1_t xserver_tmpfs_t:file { getattr read lock ioctl };
allow $1_t user_fonts_t:dir { getattr search read lock ioctl };
allow $1_t user_fonts_t:file { getattr read lock ioctl };
allow $1_t user_fonts_cache_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t user_fonts_cache_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1_t user_fonts_cache_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t user_fonts_cache_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1_t user_fonts_config_t:dir { getattr search read lock ioctl };
allow $1_t user_fonts_config_t:file { getattr read lock ioctl };
allow $1_t tmp_t:dir { getattr search };
allow $1_t xdm_tmp_t:dir { getattr search };
allow $1_t xdm_tmp_t:file { getattr read lock ioctl };
allow $1_t xserver_t:shm { associate getattr read write lock unix_read unix_write };
allow $1_t xserver_tmpfs_t:file { getattr read write append ioctl lock };
allow $1_t xsession_exec_t:file entrypoint;
allow $1_t xsession_exec_t:file { { getattr read execute ioctl } ioctl lock };
allow $1_t tmp_t:dir { getattr search };
allow $1_t xdm_tmp_t:dir { getattr search };
allow $1_t xdm_tmp_t:sock_file { getattr write };
allow $1_t xdm_t:unix_stream_socket connectto;
allow $1_t var_t:dir { getattr search };
allow $1_t var_run_t:dir { getattr search };
allow $1_t xdm_var_run_t:file { getattr read lock ioctl };
allow $1_t tmp_t:dir { getattr search };
allow $1_t xdm_tmp_t:dir { getattr search read lock ioctl };
allow $1_t xdm_tmp_t:dir { getattr search lock ioctl write add_name };
allow $1_t xdm_tmp_t:sock_file { getattr create };
allow $1_t xdm_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t xdm_tmp_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1_t device_t:dir { getattr search };
allow $1_t xserver_misc_device_t:chr_file { getattr read write append ioctl lock };
allow $1_t device_t:dir { getattr search };
allow $1_t power_device_t:chr_file { getattr read write append ioctl lock };
allow $1_t device_t:dir { getattr search };
allow $1_t event_device_t:chr_file { getattr read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t misc_device_t:chr_file { getattr read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t misc_device_t:chr_file { getattr write append lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t agp_device_t:chr_file { getattr };
allow $1_t usbfs_t:dir { getattr search };
allow $1_t usbfs_t:dir { getattr search read lock ioctl };
allow $1_t usbfs_t:dir { getattr search };
allow $1_t usbfs_t:file { getattr read write append ioctl lock };
allow $1_t usbfs_t:dir { getattr search };
allow $1_t usbfs_t:lnk_file { getattr read };
allow $1_t self:shm { associate getattr setattr create destroy read write lock unix_read unix_write };
allow $1_t self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t self:unix_stream_socket { connectto { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } listen accept } };
allow $1_t xauth_home_t:file { getattr read };
allow $1_t iceauth_home_t:file { getattr read };
allow $1_t xdm_t:fd use;
allow $1_t xdm_t:fifo_file { getattr read write ioctl };
allow $1_t xdm_tmp_t:dir search;
allow $1_t xdm_tmp_t:sock_file { read write };
allow $1_t tmp_t:dir { getattr search };
allow $1_t usr_t:dir { getattr search };
allow $1_t lib_t:dir { getattr search };
allow $1_t fonts_t:dir { getattr search read lock ioctl };
allow $1_t fonts_t:dir { getattr search };
allow $1_t fonts_t:file { getattr read lock ioctl };
allow $1_t fonts_t:dir { getattr search };
allow $1_t fonts_t:lnk_file { getattr read };
allow xserver_t $1_t:fd use;
allow xserver_t $1_t:shm { associate getattr read write lock unix_read unix_write };
allow xserver_t user_tmpfs_t:file { getattr read write append ioctl lock };
allow $1_t xserver_t:unix_stream_socket connectto;
allow $1_t xserver_t:process signal;
allow $1_t xserver_tmp_t:file { getattr read };
allow $1_t xserver_t:fd use;
allow $1_t xserver_t:shm { associate getattr read unix_read };
allow $1_t xserver_tmpfs_t:file { getattr read lock ioctl };
allow $1_t user_fonts_t:dir { getattr search read lock ioctl };
allow $1_t user_fonts_t:file { getattr read lock ioctl };
allow $1_t user_fonts_cache_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t user_fonts_cache_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1_t user_fonts_cache_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t user_fonts_cache_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1_t user_fonts_config_t:dir { getattr search read lock ioctl };
allow $1_t user_fonts_config_t:file { getattr read lock ioctl };
allow $1_t tmp_t:dir { getattr search };
allow $1_t xdm_tmp_t:dir { getattr search };
allow $1_t xdm_tmp_t:file { getattr read lock ioctl };
allow $1_t xserver_t:shm { associate getattr read write lock unix_read unix_write };
allow $1_t xserver_tmpfs_t:file { getattr read write append ioctl lock };
allow $1_t xsession_exec_t:file entrypoint;
allow $1_t xsession_exec_t:file { { getattr read execute ioctl } ioctl lock };
allow $1_t unpriv_userdomain:fd use;
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:file { getattr read lock ioctl };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:lnk_file { getattr read };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:dir { getattr search read lock ioctl };
allow $1_t { proc_t proc_net_t }:dir { getattr search };
allow $1_t proc_net_t:file { getattr read lock ioctl };
allow $1_t { proc_t proc_net_t }:dir { getattr search };
allow $1_t proc_net_t:lnk_file { getattr read };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_net_t:dir { getattr search read lock ioctl };
allow $1_t { proc_t sysctl_t sysctl_net_t }:dir { getattr search };
allow $1_t sysctl_net_t:file { getattr read lock ioctl };
allow $1_t { proc_t sysctl_t }:dir { getattr search };
allow $1_t sysctl_net_t:dir { getattr search read lock ioctl };
allow $1_t kernel_t:system ipc_info;
allow $1_t { proc_t sysctl_t sysctl_dev_t }:dir { getattr search };
allow $1_t sysctl_dev_t:file { getattr read lock ioctl };
allow $1_t { proc_t sysctl_t }:dir { getattr search };
allow $1_t sysctl_dev_t:dir { getattr search read lock ioctl };
allow $1_t bin_t:dir { getattr search };
allow $1_t bin_t:lnk_file { getattr read };
allow $1_t bin_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search read lock ioctl };
allow $1_t bin_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1_t node_type:udp_socket node_bind;
allow $1_t port_t:udp_socket name_bind;
allow $1_t device_t:dir { getattr search };
allow $1_t random_device_t:chr_file { getattr read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t sound_device_t:chr_file { getattr write append lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t sound_device_t:chr_file { getattr read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t sound_device_t:chr_file { getattr read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t sound_device_t:chr_file { getattr write append lock ioctl };
allow $1_t etc_t:dir { getattr search read lock ioctl };
allow $1_t etc_t:dir { getattr search };
allow $1_t etc_t:lnk_file { getattr read };
allow $1_t etc_t:dir { getattr search };
allow $1_t etc_t:file { getattr read execute execute_no_trans };
allow $1_t var_t:dir { getattr search };
allow $1_t var_lock_t:dir { getattr search };
allow $1_t mnt_t:dir { getattr search };
allow $1_t var_t:dir { getattr search };
allow $1_t var_t:file { getattr read lock ioctl };
allow $1_t var_t:dir { getattr search };
allow $1_t var_t:lnk_file { getattr read };
allow $1_t var_t:dir { getattr search };
allow $1_t var_spool_t:dir { getattr search read lock ioctl };
allow $1_t var_spool_t:dir { getattr search };
allow $1_t var_spool_t:file { getattr read lock ioctl };
allow $1_t var_lib_t:dir { getattr search read lock ioctl };
allow $1_t { var_t var_lib_t }:dir { getattr search };
allow $1_t var_lib_t:file { getattr read lock ioctl };
allow $1_t lost_found_t:dir getattr;
allow $1_t security_t:filesystem getattr;
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:file { getattr read lock ioctl };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:lnk_file { getattr read };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:dir { getattr search read lock ioctl };
allow $1_t security_t:dir { getattr search read lock ioctl };
allow $1_t security_t:file { getattr read write append ioctl lock };
allow $1_t security_t:security check_context;
allow $1_t security_t:dir { getattr search read lock ioctl };
allow $1_t security_t:file { getattr read write append ioctl lock };
allow $1_t security_t:security compute_av;
allow $1_t security_t:dir { getattr search read lock ioctl };
allow $1_t security_t:file { getattr read write append ioctl lock };
allow $1_t security_t:security compute_create;
allow $1_t security_t:dir { getattr search read lock ioctl };
allow $1_t security_t:file { getattr read write append ioctl lock };
allow $1_t security_t:security compute_relabel;
allow $1_t security_t:dir { getattr search read lock ioctl };
allow $1_t security_t:file { getattr read write append ioctl lock };
allow $1_t security_t:security compute_user;
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:dir { getattr search read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:lnk_file { getattr read };
allow $1_t fixed_disk_device_t:blk_file getattr;
allow $1_t self:netlink_route_socket { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } nlmsg_read };
allow $1_t var_t:dir { getattr search };
allow $1_t var_lib_t:dir { getattr search read lock ioctl };
allow $1_t etc_t:dir { getattr search read lock ioctl };
allow $1_t etc_t:dir { getattr search };
allow $1_t etc_t:file { getattr read lock ioctl };
allow $1_t etc_t:dir { getattr search };
allow $1_t etc_t:lnk_file { getattr read };
allow $1_t cert_t:dir { getattr search read lock ioctl };
allow $1_t cert_t:dir { getattr search };
allow $1_t cert_t:file { getattr read lock ioctl };
allow $1_t cert_t:dir { getattr search };
allow $1_t cert_t:lnk_file { getattr read };
allow $1_t self:tcp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t self:udp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t unlabeled_t:tcp_socket recvfrom;
allow $1_t unlabeled_t:udp_socket recvfrom;
allow $1_t unlabeled_t:rawip_socket recvfrom;
allow $1_t unlabeled_t:peer recv;
allow $1_t unlabeled_t:association { sendto recvfrom };
allow $1_t unlabeled_t:packet { send recv };
allow $1_t netlabel_peer_t:peer recv;
allow $1_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow $1_t netif_type:netif { tcp_send tcp_recv egress ingress };
allow $1_t netif_type:netif { udp_send egress };
allow $1_t netif_type:netif { udp_recv ingress };
allow $1_t node_type:node { tcp_send tcp_recv sendto recvfrom };
allow $1_t node_type:node { udp_send sendto };
allow $1_t node_type:node { udp_recv recvfrom };
allow $1_t dns_port_t:tcp_socket { send_msg recv_msg };
allow $1_t dns_port_t:udp_socket send_msg;
allow $1_t dns_port_t:udp_socket recv_msg;
allow $1_t dns_port_t:tcp_socket name_connect;
allow $1_t dns_client_packet_t:packet send;
allow $1_t dns_client_packet_t:packet recv;
allow $1_t etc_t:dir { getattr search };
allow $1_t net_conf_t:file { getattr read lock ioctl };
allow $1_t self:tcp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t unlabeled_t:tcp_socket recvfrom;
allow $1_t unlabeled_t:udp_socket recvfrom;
allow $1_t unlabeled_t:rawip_socket recvfrom;
allow $1_t unlabeled_t:peer recv;
allow $1_t unlabeled_t:association { sendto recvfrom };
allow $1_t unlabeled_t:packet { send recv };
allow $1_t netlabel_peer_t:peer recv;
allow $1_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow $1_t netif_type:netif { tcp_send tcp_recv egress ingress };
allow $1_t node_type:node { tcp_send tcp_recv sendto recvfrom };
allow $1_t ldap_port_t:tcp_socket { send_msg recv_msg };
allow $1_t ldap_port_t:tcp_socket name_connect;
allow $1_t ldap_client_packet_t:packet send;
allow $1_t ldap_client_packet_t:packet recv;
allow $1_t etc_t:dir { getattr search };
allow $1_t net_conf_t:file { getattr read lock ioctl };
allow $1_t var_t:dir { getattr search };
allow $1_t var_log_t:dir { getattr search };
allow $1_t wtmp_t:file { getattr read lock ioctl };
allow $1_t var_t:dir { getattr search };
allow $1_t var_run_t:dir { getattr search };
allow $1_t pam_var_console_t:dir { getattr search };
allow $1_t pam_exec_t:file { getattr read execute };
allow $1_t pam_t:process transition;
allow pam_t $1_t:fd use;
allow pam_t $1_t:fifo_file { getattr read write append ioctl lock };
allow pam_t $1_t:process sigchld;
allow $1_t utempter_exec_t:file { getattr read execute };
allow $1_t utempter_t:process transition;
allow utempter_t $1_t:fd use;
allow utempter_t $1_t:fifo_file { getattr read write append ioctl lock };
allow utempter_t $1_t:process sigchld;
allow $1_t var_t:dir { getattr search };
allow $1_t var_run_t:dir { getattr search read lock ioctl };
allow $1_t initrc_var_run_t:file { getattr read lock ioctl };
allow $1_t etc_t:dir { getattr search };
allow $1_t { selinux_config_t default_context_t }:dir { getattr search };
allow $1_t file_context_t:dir { getattr search };
allow $1_t file_context_t:file { getattr read lock ioctl };
allow $1_t etc_t:dir { getattr search };
allow $1_t selinux_config_t:dir { getattr search };
allow $1_t default_context_t:dir { getattr search read lock ioctl };
allow $1_t default_context_t:dir { getattr search };
allow $1_t default_context_t:file { getattr read lock ioctl };
allow $1_t usr_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search };
allow $1_t newrole_exec_t:file { getattr read execute };
allow $1_t newrole_t:process transition;
allow newrole_t $1_t:fd use;
allow newrole_t $1_t:fifo_file { getattr read write append ioctl lock };
allow newrole_t $1_t:process sigchld;
allow newrole_t updpwd_exec_t:file { getattr read execute };
allow newrole_t updpwd_t:process transition;
allow updpwd_t newrole_t:fd use;
allow updpwd_t newrole_t:fifo_file { getattr read write append ioctl lock };
allow updpwd_t newrole_t:process sigchld;
allow $1_t usr_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search };
allow $1_t checkpolicy_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1_t usr_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search };
allow $1_t setfiles_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1_t unpriv_userdomain:fd use;
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:file { getattr read lock ioctl };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:lnk_file { getattr read };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:dir { getattr search read lock ioctl };
allow $1_t { proc_t proc_net_t }:dir { getattr search };
allow $1_t proc_net_t:file { getattr read lock ioctl };
allow $1_t { proc_t proc_net_t }:dir { getattr search };
allow $1_t proc_net_t:lnk_file { getattr read };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_net_t:dir { getattr search read lock ioctl };
allow $1_t { proc_t sysctl_t sysctl_net_t }:dir { getattr search };
allow $1_t sysctl_net_t:file { getattr read lock ioctl };
allow $1_t { proc_t sysctl_t }:dir { getattr search };
allow $1_t sysctl_net_t:dir { getattr search read lock ioctl };
allow $1_t kernel_t:system ipc_info;
allow $1_t { proc_t sysctl_t sysctl_dev_t }:dir { getattr search };
allow $1_t sysctl_dev_t:file { getattr read lock ioctl };
allow $1_t { proc_t sysctl_t }:dir { getattr search };
allow $1_t sysctl_dev_t:dir { getattr search read lock ioctl };
allow $1_t bin_t:dir { getattr search };
allow $1_t bin_t:lnk_file { getattr read };
allow $1_t bin_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search read lock ioctl };
allow $1_t bin_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1_t node_type:udp_socket node_bind;
allow $1_t port_t:udp_socket name_bind;
allow $1_t device_t:dir { getattr search };
allow $1_t random_device_t:chr_file { getattr read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t sound_device_t:chr_file { getattr write append lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t sound_device_t:chr_file { getattr read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t sound_device_t:chr_file { getattr read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t sound_device_t:chr_file { getattr write append lock ioctl };
allow $1_t etc_t:dir { getattr search read lock ioctl };
allow $1_t etc_t:dir { getattr search };
allow $1_t etc_t:lnk_file { getattr read };
allow $1_t etc_t:dir { getattr search };
allow $1_t etc_t:file { getattr read execute execute_no_trans };
allow $1_t var_t:dir { getattr search };
allow $1_t var_lock_t:dir { getattr search };
allow $1_t mnt_t:dir { getattr search };
allow $1_t var_t:dir { getattr search };
allow $1_t var_t:file { getattr read lock ioctl };
allow $1_t var_t:dir { getattr search };
allow $1_t var_t:lnk_file { getattr read };
allow $1_t var_t:dir { getattr search };
allow $1_t var_spool_t:dir { getattr search read lock ioctl };
allow $1_t var_spool_t:dir { getattr search };
allow $1_t var_spool_t:file { getattr read lock ioctl };
allow $1_t var_lib_t:dir { getattr search read lock ioctl };
allow $1_t { var_t var_lib_t }:dir { getattr search };
allow $1_t var_lib_t:file { getattr read lock ioctl };
allow $1_t lost_found_t:dir getattr;
allow $1_t security_t:filesystem getattr;
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:file { getattr read lock ioctl };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:lnk_file { getattr read };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:dir { getattr search read lock ioctl };
allow $1_t security_t:dir { getattr search read lock ioctl };
allow $1_t security_t:file { getattr read write append ioctl lock };
allow $1_t security_t:security check_context;
allow $1_t security_t:dir { getattr search read lock ioctl };
allow $1_t security_t:file { getattr read write append ioctl lock };
allow $1_t security_t:security compute_av;
allow $1_t security_t:dir { getattr search read lock ioctl };
allow $1_t security_t:file { getattr read write append ioctl lock };
allow $1_t security_t:security compute_create;
allow $1_t security_t:dir { getattr search read lock ioctl };
allow $1_t security_t:file { getattr read write append ioctl lock };
allow $1_t security_t:security compute_relabel;
allow $1_t security_t:dir { getattr search read lock ioctl };
allow $1_t security_t:file { getattr read write append ioctl lock };
allow $1_t security_t:security compute_user;
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:dir { getattr search read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:lnk_file { getattr read };
allow $1_t fixed_disk_device_t:blk_file getattr;
allow $1_t self:netlink_route_socket { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } nlmsg_read };
allow $1_t var_t:dir { getattr search };
allow $1_t var_lib_t:dir { getattr search read lock ioctl };
allow $1_t etc_t:dir { getattr search read lock ioctl };
allow $1_t etc_t:dir { getattr search };
allow $1_t etc_t:file { getattr read lock ioctl };
allow $1_t etc_t:dir { getattr search };
allow $1_t etc_t:lnk_file { getattr read };
allow $1_t cert_t:dir { getattr search read lock ioctl };
allow $1_t cert_t:dir { getattr search };
allow $1_t cert_t:file { getattr read lock ioctl };
allow $1_t cert_t:dir { getattr search };
allow $1_t cert_t:lnk_file { getattr read };
allow $1_t self:tcp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t self:udp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t unlabeled_t:tcp_socket recvfrom;
allow $1_t unlabeled_t:udp_socket recvfrom;
allow $1_t unlabeled_t:rawip_socket recvfrom;
allow $1_t unlabeled_t:peer recv;
allow $1_t unlabeled_t:association { sendto recvfrom };
allow $1_t unlabeled_t:packet { send recv };
allow $1_t netlabel_peer_t:peer recv;
allow $1_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow $1_t netif_type:netif { tcp_send tcp_recv egress ingress };
allow $1_t netif_type:netif { udp_send egress };
allow $1_t netif_type:netif { udp_recv ingress };
allow $1_t node_type:node { tcp_send tcp_recv sendto recvfrom };
allow $1_t node_type:node { udp_send sendto };
allow $1_t node_type:node { udp_recv recvfrom };
allow $1_t dns_port_t:tcp_socket { send_msg recv_msg };
allow $1_t dns_port_t:udp_socket send_msg;
allow $1_t dns_port_t:udp_socket recv_msg;
allow $1_t dns_port_t:tcp_socket name_connect;
allow $1_t dns_client_packet_t:packet send;
allow $1_t dns_client_packet_t:packet recv;
allow $1_t etc_t:dir { getattr search };
allow $1_t net_conf_t:file { getattr read lock ioctl };
allow $1_t self:tcp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t unlabeled_t:tcp_socket recvfrom;
allow $1_t unlabeled_t:udp_socket recvfrom;
allow $1_t unlabeled_t:rawip_socket recvfrom;
allow $1_t unlabeled_t:peer recv;
allow $1_t unlabeled_t:association { sendto recvfrom };
allow $1_t unlabeled_t:packet { send recv };
allow $1_t netlabel_peer_t:peer recv;
allow $1_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow $1_t netif_type:netif { tcp_send tcp_recv egress ingress };
allow $1_t node_type:node { tcp_send tcp_recv sendto recvfrom };
allow $1_t ldap_port_t:tcp_socket { send_msg recv_msg };
allow $1_t ldap_port_t:tcp_socket name_connect;
allow $1_t ldap_client_packet_t:packet send;
allow $1_t ldap_client_packet_t:packet recv;
allow $1_t etc_t:dir { getattr search };
allow $1_t net_conf_t:file { getattr read lock ioctl };
allow $1_t var_t:dir { getattr search };
allow $1_t var_log_t:dir { getattr search };
allow $1_t wtmp_t:file { getattr read lock ioctl };
allow $1_t var_t:dir { getattr search };
allow $1_t var_run_t:dir { getattr search };
allow $1_t pam_var_console_t:dir { getattr search };
allow $1_t pam_exec_t:file { getattr read execute };
allow $1_t pam_t:process transition;
allow pam_t $1_t:fd use;
allow pam_t $1_t:fifo_file { getattr read write append ioctl lock };
allow pam_t $1_t:process sigchld;
allow $1_t utempter_exec_t:file { getattr read execute };
allow $1_t utempter_t:process transition;
allow utempter_t $1_t:fd use;
allow utempter_t $1_t:fifo_file { getattr read write append ioctl lock };
allow utempter_t $1_t:process sigchld;
allow $1_t var_t:dir { getattr search };
allow $1_t var_run_t:dir { getattr search read lock ioctl };
allow $1_t initrc_var_run_t:file { getattr read lock ioctl };
allow $1_t etc_t:dir { getattr search };
allow $1_t { selinux_config_t default_context_t }:dir { getattr search };
allow $1_t file_context_t:dir { getattr search };
allow $1_t file_context_t:file { getattr read lock ioctl };
allow $1_t etc_t:dir { getattr search };
allow $1_t selinux_config_t:dir { getattr search };
allow $1_t default_context_t:dir { getattr search read lock ioctl };
allow $1_t default_context_t:dir { getattr search };
allow $1_t default_context_t:file { getattr read lock ioctl };
allow $1_t usr_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search };
allow $1_t newrole_exec_t:file { getattr read execute };
allow $1_t newrole_t:process transition;
allow newrole_t $1_t:fd use;
allow newrole_t $1_t:fifo_file { getattr read write append ioctl lock };
allow newrole_t $1_t:process sigchld;
allow newrole_t updpwd_exec_t:file { getattr read execute };
allow newrole_t updpwd_t:process transition;
allow updpwd_t newrole_t:fd use;
allow updpwd_t newrole_t:fifo_file { getattr read write append ioctl lock };
allow updpwd_t newrole_t:process sigchld;
allow $1_t usr_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search };
allow $1_t checkpolicy_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1_t usr_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search };
allow $1_t setfiles_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1_t unpriv_userdomain:fd use;
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:file { getattr read lock ioctl };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:lnk_file { getattr read };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:dir { getattr search read lock ioctl };
allow $1_t { proc_t proc_net_t }:dir { getattr search };
allow $1_t proc_net_t:file { getattr read lock ioctl };
allow $1_t { proc_t proc_net_t }:dir { getattr search };
allow $1_t proc_net_t:lnk_file { getattr read };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_net_t:dir { getattr search read lock ioctl };
allow $1_t { proc_t sysctl_t sysctl_net_t }:dir { getattr search };
allow $1_t sysctl_net_t:file { getattr read lock ioctl };
allow $1_t { proc_t sysctl_t }:dir { getattr search };
allow $1_t sysctl_net_t:dir { getattr search read lock ioctl };
allow $1_t kernel_t:system ipc_info;
allow $1_t { proc_t sysctl_t sysctl_dev_t }:dir { getattr search };
allow $1_t sysctl_dev_t:file { getattr read lock ioctl };
allow $1_t { proc_t sysctl_t }:dir { getattr search };
allow $1_t sysctl_dev_t:dir { getattr search read lock ioctl };
allow $1_t bin_t:dir { getattr search };
allow $1_t bin_t:lnk_file { getattr read };
allow $1_t bin_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search read lock ioctl };
allow $1_t bin_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1_t node_type:udp_socket node_bind;
allow $1_t port_t:udp_socket name_bind;
allow $1_t device_t:dir { getattr search };
allow $1_t random_device_t:chr_file { getattr read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t sound_device_t:chr_file { getattr write append lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t sound_device_t:chr_file { getattr read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t sound_device_t:chr_file { getattr read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t sound_device_t:chr_file { getattr write append lock ioctl };
allow $1_t etc_t:dir { getattr search read lock ioctl };
allow $1_t etc_t:dir { getattr search };
allow $1_t etc_t:lnk_file { getattr read };
allow $1_t etc_t:dir { getattr search };
allow $1_t etc_t:file { getattr read execute execute_no_trans };
allow $1_t var_t:dir { getattr search };
allow $1_t var_lock_t:dir { getattr search };
allow $1_t mnt_t:dir { getattr search };
allow $1_t var_t:dir { getattr search };
allow $1_t var_t:file { getattr read lock ioctl };
allow $1_t var_t:dir { getattr search };
allow $1_t var_t:lnk_file { getattr read };
allow $1_t var_t:dir { getattr search };
allow $1_t var_spool_t:dir { getattr search read lock ioctl };
allow $1_t var_spool_t:dir { getattr search };
allow $1_t var_spool_t:file { getattr read lock ioctl };
allow $1_t var_lib_t:dir { getattr search read lock ioctl };
allow $1_t { var_t var_lib_t }:dir { getattr search };
allow $1_t var_lib_t:file { getattr read lock ioctl };
allow $1_t lost_found_t:dir getattr;
allow $1_t security_t:filesystem getattr;
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:file { getattr read lock ioctl };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:lnk_file { getattr read };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:dir { getattr search read lock ioctl };
allow $1_t security_t:dir { getattr search read lock ioctl };
allow $1_t security_t:file { getattr read write append ioctl lock };
allow $1_t security_t:security check_context;
allow $1_t security_t:dir { getattr search read lock ioctl };
allow $1_t security_t:file { getattr read write append ioctl lock };
allow $1_t security_t:security compute_av;
allow $1_t security_t:dir { getattr search read lock ioctl };
allow $1_t security_t:file { getattr read write append ioctl lock };
allow $1_t security_t:security compute_create;
allow $1_t security_t:dir { getattr search read lock ioctl };
allow $1_t security_t:file { getattr read write append ioctl lock };
allow $1_t security_t:security compute_relabel;
allow $1_t security_t:dir { getattr search read lock ioctl };
allow $1_t security_t:file { getattr read write append ioctl lock };
allow $1_t security_t:security compute_user;
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:dir { getattr search read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:lnk_file { getattr read };
allow $1_t fixed_disk_device_t:blk_file getattr;
allow $1_t self:netlink_route_socket { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } nlmsg_read };
allow $1_t var_t:dir { getattr search };
allow $1_t var_lib_t:dir { getattr search read lock ioctl };
allow $1_t etc_t:dir { getattr search read lock ioctl };
allow $1_t etc_t:dir { getattr search };
allow $1_t etc_t:file { getattr read lock ioctl };
allow $1_t etc_t:dir { getattr search };
allow $1_t etc_t:lnk_file { getattr read };
allow $1_t cert_t:dir { getattr search read lock ioctl };
allow $1_t cert_t:dir { getattr search };
allow $1_t cert_t:file { getattr read lock ioctl };
allow $1_t cert_t:dir { getattr search };
allow $1_t cert_t:lnk_file { getattr read };
allow $1_t self:tcp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t self:udp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t unlabeled_t:tcp_socket recvfrom;
allow $1_t unlabeled_t:udp_socket recvfrom;
allow $1_t unlabeled_t:rawip_socket recvfrom;
allow $1_t unlabeled_t:peer recv;
allow $1_t unlabeled_t:association { sendto recvfrom };
allow $1_t unlabeled_t:packet { send recv };
allow $1_t netlabel_peer_t:peer recv;
allow $1_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow $1_t netif_type:netif { tcp_send tcp_recv egress ingress };
allow $1_t netif_type:netif { udp_send egress };
allow $1_t netif_type:netif { udp_recv ingress };
allow $1_t node_type:node { tcp_send tcp_recv sendto recvfrom };
allow $1_t node_type:node { udp_send sendto };
allow $1_t node_type:node { udp_recv recvfrom };
allow $1_t dns_port_t:tcp_socket { send_msg recv_msg };
allow $1_t dns_port_t:udp_socket send_msg;
allow $1_t dns_port_t:udp_socket recv_msg;
allow $1_t dns_port_t:tcp_socket name_connect;
allow $1_t dns_client_packet_t:packet send;
allow $1_t dns_client_packet_t:packet recv;
allow $1_t etc_t:dir { getattr search };
allow $1_t net_conf_t:file { getattr read lock ioctl };
allow $1_t self:tcp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t unlabeled_t:tcp_socket recvfrom;
allow $1_t unlabeled_t:udp_socket recvfrom;
allow $1_t unlabeled_t:rawip_socket recvfrom;
allow $1_t unlabeled_t:peer recv;
allow $1_t unlabeled_t:association { sendto recvfrom };
allow $1_t unlabeled_t:packet { send recv };
allow $1_t netlabel_peer_t:peer recv;
allow $1_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow $1_t netif_type:netif { tcp_send tcp_recv egress ingress };
allow $1_t node_type:node { tcp_send tcp_recv sendto recvfrom };
allow $1_t ldap_port_t:tcp_socket { send_msg recv_msg };
allow $1_t ldap_port_t:tcp_socket name_connect;
allow $1_t ldap_client_packet_t:packet send;
allow $1_t ldap_client_packet_t:packet recv;
allow $1_t etc_t:dir { getattr search };
allow $1_t net_conf_t:file { getattr read lock ioctl };
allow $1_t var_t:dir { getattr search };
allow $1_t var_log_t:dir { getattr search };
allow $1_t wtmp_t:file { getattr read lock ioctl };
allow $1_t var_t:dir { getattr search };
allow $1_t var_run_t:dir { getattr search };
allow $1_t pam_var_console_t:dir { getattr search };
allow $1_t pam_exec_t:file { getattr read execute };
allow $1_t pam_t:process transition;
allow pam_t $1_t:fd use;
allow pam_t $1_t:fifo_file { getattr read write append ioctl lock };
allow pam_t $1_t:process sigchld;
allow $1_t utempter_exec_t:file { getattr read execute };
allow $1_t utempter_t:process transition;
allow utempter_t $1_t:fd use;
allow utempter_t $1_t:fifo_file { getattr read write append ioctl lock };
allow utempter_t $1_t:process sigchld;
allow $1_t var_t:dir { getattr search };
allow $1_t var_run_t:dir { getattr search read lock ioctl };
allow $1_t initrc_var_run_t:file { getattr read lock ioctl };
allow $1_t etc_t:dir { getattr search };
allow $1_t { selinux_config_t default_context_t }:dir { getattr search };
allow $1_t file_context_t:dir { getattr search };
allow $1_t file_context_t:file { getattr read lock ioctl };
allow $1_t etc_t:dir { getattr search };
allow $1_t selinux_config_t:dir { getattr search };
allow $1_t default_context_t:dir { getattr search read lock ioctl };
allow $1_t default_context_t:dir { getattr search };
allow $1_t default_context_t:file { getattr read lock ioctl };
allow $1_t usr_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search };
allow $1_t newrole_exec_t:file { getattr read execute };
allow $1_t newrole_t:process transition;
allow newrole_t $1_t:fd use;
allow newrole_t $1_t:fifo_file { getattr read write append ioctl lock };
allow newrole_t $1_t:process sigchld;
allow newrole_t updpwd_exec_t:file { getattr read execute };
allow newrole_t updpwd_t:process transition;
allow updpwd_t newrole_t:fd use;
allow updpwd_t newrole_t:fifo_file { getattr read write append ioctl lock };
allow updpwd_t newrole_t:process sigchld;
allow $1_t usr_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search };
allow $1_t checkpolicy_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1_t usr_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search };
allow $1_t setfiles_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1_t unpriv_userdomain:fd use;
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:file { getattr read lock ioctl };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:lnk_file { getattr read };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:dir { getattr search read lock ioctl };
allow $1_t { proc_t proc_net_t }:dir { getattr search };
allow $1_t proc_net_t:file { getattr read lock ioctl };
allow $1_t { proc_t proc_net_t }:dir { getattr search };
allow $1_t proc_net_t:lnk_file { getattr read };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_net_t:dir { getattr search read lock ioctl };
allow $1_t { proc_t sysctl_t sysctl_net_t }:dir { getattr search };
allow $1_t sysctl_net_t:file { getattr read lock ioctl };
allow $1_t { proc_t sysctl_t }:dir { getattr search };
allow $1_t sysctl_net_t:dir { getattr search read lock ioctl };
allow $1_t kernel_t:system ipc_info;
allow $1_t { proc_t sysctl_t sysctl_dev_t }:dir { getattr search };
allow $1_t sysctl_dev_t:file { getattr read lock ioctl };
allow $1_t { proc_t sysctl_t }:dir { getattr search };
allow $1_t sysctl_dev_t:dir { getattr search read lock ioctl };
allow $1_t bin_t:dir { getattr search };
allow $1_t bin_t:lnk_file { getattr read };
allow $1_t bin_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search read lock ioctl };
allow $1_t bin_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1_t node_type:udp_socket node_bind;
allow $1_t port_t:udp_socket name_bind;
allow $1_t device_t:dir { getattr search };
allow $1_t random_device_t:chr_file { getattr read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t sound_device_t:chr_file { getattr write append lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t sound_device_t:chr_file { getattr read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t sound_device_t:chr_file { getattr read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t sound_device_t:chr_file { getattr write append lock ioctl };
allow $1_t etc_t:dir { getattr search read lock ioctl };
allow $1_t etc_t:dir { getattr search };
allow $1_t etc_t:lnk_file { getattr read };
allow $1_t etc_t:dir { getattr search };
allow $1_t etc_t:file { getattr read execute execute_no_trans };
allow $1_t var_t:dir { getattr search };
allow $1_t var_lock_t:dir { getattr search };
allow $1_t mnt_t:dir { getattr search };
allow $1_t var_t:dir { getattr search };
allow $1_t var_t:file { getattr read lock ioctl };
allow $1_t var_t:dir { getattr search };
allow $1_t var_t:lnk_file { getattr read };
allow $1_t var_t:dir { getattr search };
allow $1_t var_spool_t:dir { getattr search read lock ioctl };
allow $1_t var_spool_t:dir { getattr search };
allow $1_t var_spool_t:file { getattr read lock ioctl };
allow $1_t var_lib_t:dir { getattr search read lock ioctl };
allow $1_t { var_t var_lib_t }:dir { getattr search };
allow $1_t var_lib_t:file { getattr read lock ioctl };
allow $1_t lost_found_t:dir getattr;
allow $1_t security_t:filesystem getattr;
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:file { getattr read lock ioctl };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:lnk_file { getattr read };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:dir { getattr search read lock ioctl };
allow $1_t security_t:dir { getattr search read lock ioctl };
allow $1_t security_t:file { getattr read write append ioctl lock };
allow $1_t security_t:security check_context;
allow $1_t security_t:dir { getattr search read lock ioctl };
allow $1_t security_t:file { getattr read write append ioctl lock };
allow $1_t security_t:security compute_av;
allow $1_t security_t:dir { getattr search read lock ioctl };
allow $1_t security_t:file { getattr read write append ioctl lock };
allow $1_t security_t:security compute_create;
allow $1_t security_t:dir { getattr search read lock ioctl };
allow $1_t security_t:file { getattr read write append ioctl lock };
allow $1_t security_t:security compute_relabel;
allow $1_t security_t:dir { getattr search read lock ioctl };
allow $1_t security_t:file { getattr read write append ioctl lock };
allow $1_t security_t:security compute_user;
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:dir { getattr search read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:lnk_file { getattr read };
allow $1_t fixed_disk_device_t:blk_file getattr;
allow $1_t self:netlink_route_socket { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } nlmsg_read };
allow $1_t var_t:dir { getattr search };
allow $1_t var_lib_t:dir { getattr search read lock ioctl };
allow $1_t etc_t:dir { getattr search read lock ioctl };
allow $1_t etc_t:dir { getattr search };
allow $1_t etc_t:file { getattr read lock ioctl };
allow $1_t etc_t:dir { getattr search };
allow $1_t etc_t:lnk_file { getattr read };
allow $1_t cert_t:dir { getattr search read lock ioctl };
allow $1_t cert_t:dir { getattr search };
allow $1_t cert_t:file { getattr read lock ioctl };
allow $1_t cert_t:dir { getattr search };
allow $1_t cert_t:lnk_file { getattr read };
allow $1_t self:tcp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t self:udp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t unlabeled_t:tcp_socket recvfrom;
allow $1_t unlabeled_t:udp_socket recvfrom;
allow $1_t unlabeled_t:rawip_socket recvfrom;
allow $1_t unlabeled_t:peer recv;
allow $1_t unlabeled_t:association { sendto recvfrom };
allow $1_t unlabeled_t:packet { send recv };
allow $1_t netlabel_peer_t:peer recv;
allow $1_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow $1_t netif_type:netif { tcp_send tcp_recv egress ingress };
allow $1_t netif_type:netif { udp_send egress };
allow $1_t netif_type:netif { udp_recv ingress };
allow $1_t node_type:node { tcp_send tcp_recv sendto recvfrom };
allow $1_t node_type:node { udp_send sendto };
allow $1_t node_type:node { udp_recv recvfrom };
allow $1_t dns_port_t:tcp_socket { send_msg recv_msg };
allow $1_t dns_port_t:udp_socket send_msg;
allow $1_t dns_port_t:udp_socket recv_msg;
allow $1_t dns_port_t:tcp_socket name_connect;
allow $1_t dns_client_packet_t:packet send;
allow $1_t dns_client_packet_t:packet recv;
allow $1_t etc_t:dir { getattr search };
allow $1_t net_conf_t:file { getattr read lock ioctl };
allow $1_t self:tcp_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t unlabeled_t:tcp_socket recvfrom;
allow $1_t unlabeled_t:udp_socket recvfrom;
allow $1_t unlabeled_t:rawip_socket recvfrom;
allow $1_t unlabeled_t:peer recv;
allow $1_t unlabeled_t:association { sendto recvfrom };
allow $1_t unlabeled_t:packet { send recv };
allow $1_t netlabel_peer_t:peer recv;
allow $1_t netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
allow $1_t netif_type:netif { tcp_send tcp_recv egress ingress };
allow $1_t node_type:node { tcp_send tcp_recv sendto recvfrom };
allow $1_t ldap_port_t:tcp_socket { send_msg recv_msg };
allow $1_t ldap_port_t:tcp_socket name_connect;
allow $1_t ldap_client_packet_t:packet send;
allow $1_t ldap_client_packet_t:packet recv;
allow $1_t etc_t:dir { getattr search };
allow $1_t net_conf_t:file { getattr read lock ioctl };
allow $1_t var_t:dir { getattr search };
allow $1_t var_log_t:dir { getattr search };
allow $1_t wtmp_t:file { getattr read lock ioctl };
allow $1_t var_t:dir { getattr search };
allow $1_t var_run_t:dir { getattr search };
allow $1_t pam_var_console_t:dir { getattr search };
allow $1_t pam_exec_t:file { getattr read execute };
allow $1_t pam_t:process transition;
allow pam_t $1_t:fd use;
allow pam_t $1_t:fifo_file { getattr read write append ioctl lock };
allow pam_t $1_t:process sigchld;
allow $1_t utempter_exec_t:file { getattr read execute };
allow $1_t utempter_t:process transition;
allow utempter_t $1_t:fd use;
allow utempter_t $1_t:fifo_file { getattr read write append ioctl lock };
allow utempter_t $1_t:process sigchld;
allow $1_t var_t:dir { getattr search };
allow $1_t var_run_t:dir { getattr search read lock ioctl };
allow $1_t initrc_var_run_t:file { getattr read lock ioctl };
allow $1_t etc_t:dir { getattr search };
allow $1_t { selinux_config_t default_context_t }:dir { getattr search };
allow $1_t file_context_t:dir { getattr search };
allow $1_t file_context_t:file { getattr read lock ioctl };
allow $1_t etc_t:dir { getattr search };
allow $1_t selinux_config_t:dir { getattr search };
allow $1_t default_context_t:dir { getattr search read lock ioctl };
allow $1_t default_context_t:dir { getattr search };
allow $1_t default_context_t:file { getattr read lock ioctl };
allow $1_t usr_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search };
allow $1_t newrole_exec_t:file { getattr read execute };
allow $1_t newrole_t:process transition;
allow newrole_t $1_t:fd use;
allow newrole_t $1_t:fifo_file { getattr read write append ioctl lock };
allow newrole_t $1_t:process sigchld;
allow newrole_t updpwd_exec_t:file { getattr read execute };
allow newrole_t updpwd_t:process transition;
allow updpwd_t newrole_t:fd use;
allow updpwd_t newrole_t:fifo_file { getattr read write append ioctl lock };
allow updpwd_t newrole_t:process sigchld;
allow $1_t usr_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search };
allow $1_t checkpolicy_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1_t usr_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search };
allow $1_t setfiles_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1_t default_t:dir { getattr search read lock ioctl };
allow $1_t default_t:file { getattr read lock ioctl };
allow $1_t default_t:lnk_file { getattr read };
allow $1_t default_t:sock_file { getattr read };
allow $1_t default_t:fifo_file { getattr read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t mouse_device_t:chr_file { getattr read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:dir { getattr search read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:lnk_file { getattr read };
allow $1_t ttynode:chr_file getattr;
system,userdomain.if,# tunable_policy(`allow_user_mysql_connect'
system,userdomain.if,# tunable_policy(`allow_user_postgresql_connect'
allow $1_t self:capability { setgid chown fowner };
allow $1_t self:process ~{ setcurrent setexec setrlimit execmem execstack execheap };
allow $1_t self:context contains;
allow $1_t chkpwd_exec_t:file { getattr read execute };
allow $1_t chkpwd_t:process transition;
allow chkpwd_t $1_t:fd use;
allow chkpwd_t $1_t:fifo_file { getattr read write append ioctl lock };
allow chkpwd_t $1_t:process sigchld;
allow $1_t chkpwd_t:dir { search getattr read };
allow $1_t chkpwd_t:{ file lnk_file } { read getattr };
allow $1_t chkpwd_t:process getattr;
allow $1_t var_t:dir { getattr search };
allow $1_t var_run_t:dir { getattr search };
allow $1_t pam_var_console_t:dir { getattr search };
allow $1_t device_t:dir { getattr search };
allow $1_t sound_device_t:chr_file { getattr read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t sound_device_t:chr_file { getattr write append lock ioctl };
allow $1_t devlog_t:lnk_file read;
allow $1_t devlog_t:sock_file { getattr read write append };
allow $1_t syslogd_t:unix_dgram_socket sendto;
allow $1_t syslogd_t:unix_stream_socket connectto;
allow $1_t self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t self:unix_stream_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:dir { getattr search read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:lnk_file { getattr read };
allow $1_t console_device_t:chr_file { getattr read write append ioctl lock };
allow $1_t self:capability audit_write;
allow $1_t self:netlink_audit_socket { { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } nlmsg_read } nlmsg_relay };
allow $1_t security_t:dir { getattr search read lock ioctl };
allow $1_t security_t:file { getattr read lock ioctl };
allow $1_t chkpwd_exec_t:file { getattr read execute };
allow $1_t chkpwd_t:process transition;
allow chkpwd_t $1_t:fd use;
allow chkpwd_t $1_t:fifo_file { getattr read write append ioctl lock };
allow chkpwd_t $1_t:process sigchld;
allow $1_t chkpwd_t:dir { search getattr read };
allow $1_t chkpwd_t:{ file lnk_file } { read getattr };
allow $1_t chkpwd_t:process getattr;
allow $1_t var_t:dir { getattr search };
allow $1_t var_run_t:dir { getattr search };
allow $1_t pam_var_console_t:dir { getattr search };
allow $1_t device_t:dir { getattr search };
allow $1_t sound_device_t:chr_file { getattr read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t sound_device_t:chr_file { getattr write append lock ioctl };
allow $1_t devlog_t:lnk_file read;
allow $1_t devlog_t:sock_file { getattr read write append };
allow $1_t syslogd_t:unix_dgram_socket sendto;
allow $1_t syslogd_t:unix_stream_socket connectto;
allow $1_t self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t self:unix_stream_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:dir { getattr search read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:lnk_file { getattr read };
allow $1_t console_device_t:chr_file { getattr read write append ioctl lock };
allow $1_t self:capability audit_write;
allow $1_t self:netlink_audit_socket { { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } nlmsg_read } nlmsg_relay };
allow $1_t security_t:dir { getattr search read lock ioctl };
allow $1_t security_t:file { getattr read lock ioctl };
allow $1_t chkpwd_exec_t:file { getattr read execute };
allow $1_t chkpwd_t:process transition;
allow chkpwd_t $1_t:fd use;
allow chkpwd_t $1_t:fifo_file { getattr read write append ioctl lock };
allow chkpwd_t $1_t:process sigchld;
allow $1_t chkpwd_t:dir { search getattr read };
allow $1_t chkpwd_t:{ file lnk_file } { read getattr };
allow $1_t chkpwd_t:process getattr;
allow $1_t var_t:dir { getattr search };
allow $1_t var_run_t:dir { getattr search };
allow $1_t pam_var_console_t:dir { getattr search };
allow $1_t device_t:dir { getattr search };
allow $1_t sound_device_t:chr_file { getattr read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t sound_device_t:chr_file { getattr write append lock ioctl };
allow $1_t devlog_t:lnk_file read;
allow $1_t devlog_t:sock_file { getattr read write append };
allow $1_t syslogd_t:unix_dgram_socket sendto;
allow $1_t syslogd_t:unix_stream_socket connectto;
allow $1_t self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t self:unix_stream_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:dir { getattr search read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:lnk_file { getattr read };
allow $1_t console_device_t:chr_file { getattr read write append ioctl lock };
allow $1_t self:capability audit_write;
allow $1_t self:netlink_audit_socket { { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } nlmsg_read } nlmsg_relay };
allow $1_t security_t:dir { getattr search read lock ioctl };
allow $1_t security_t:file { getattr read lock ioctl };
allow $1_t chkpwd_exec_t:file { getattr read execute };
allow $1_t chkpwd_t:process transition;
allow chkpwd_t $1_t:fd use;
allow chkpwd_t $1_t:fifo_file { getattr read write append ioctl lock };
allow chkpwd_t $1_t:process sigchld;
allow $1_t chkpwd_t:dir { search getattr read };
allow $1_t chkpwd_t:{ file lnk_file } { read getattr };
allow $1_t chkpwd_t:process getattr;
allow $1_t var_t:dir { getattr search };
allow $1_t var_run_t:dir { getattr search };
allow $1_t pam_var_console_t:dir { getattr search };
allow $1_t device_t:dir { getattr search };
allow $1_t sound_device_t:chr_file { getattr read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t sound_device_t:chr_file { getattr write append lock ioctl };
allow $1_t devlog_t:lnk_file read;
allow $1_t devlog_t:sock_file { getattr read write append };
allow $1_t syslogd_t:unix_dgram_socket sendto;
allow $1_t syslogd_t:unix_stream_socket connectto;
allow $1_t self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t self:unix_stream_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:dir { getattr search read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:lnk_file { getattr read };
allow $1_t console_device_t:chr_file { getattr read write append ioctl lock };
allow $1_t self:capability audit_write;
allow $1_t self:netlink_audit_socket { { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } nlmsg_read } nlmsg_relay };
allow $1_t security_t:dir { getattr search read lock ioctl };
allow $1_t security_t:file { getattr read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:dir { getattr search read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:lnk_file { getattr read };
allow $1_t removable_device_t:blk_file { getattr read lock ioctl };
allow $1_t kernel_t:system syslog_read;
allow $1_t kernel_t:system syslog_read;
allow $1_t node_type:tcp_socket node_bind;
allow $1_t port_t:tcp_socket name_bind;
allow $1_t self:capability ~{ sys_module audit_control audit_write };
allow $1_t self:process { setexec setfscreate };
allow $1_t self:passwd { passwd chfn chsh };
allow $1_t self:passwd rootok;
allow $1_t self:netlink_audit_socket nlmsg_readpriv;
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_mdstat_t:file { getattr read lock ioctl };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:dir { getattr search read lock ioctl };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_kcore_t:file { getattr };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:dir { getattr search read lock ioctl };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_kmsg_t:file { getattr };
allow $1_t kernel_t:system syslog_console;
allow $1_t kernel_t:system syslog_mod;
allow $1_t kernel_t:system syslog_read;
allow $1_t kernel_t:system ipc_info;
allow $1_t { proc_t proc_net_t sysctl_type }:dir { getattr search };
allow $1_t sysctl_type:file { getattr read write append ioctl lock };
allow $1_t sysctl_type:dir { getattr search read lock ioctl };
allow $1_t sysctl_type:file setattr;
allow $1_t unlabeled_t:process sigkill;
allow $1_t unlabeled_t:process signal;
allow $1_t unlabeled_t:process sigstop;
allow $1_t unlabeled_t:process signull;
allow $1_t unlabeled_t:process sigchld;
allow $1_t port_t:tcp_socket name_bind;
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:dir { getattr search read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:lnk_file { getattr read };
allow $1_t tun_tap_device_t:chr_file { getattr read write append ioctl lock };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:blk_file { getattr };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:chr_file { getattr };
allow $1_t device_t:dir { getattr search };
allow $1_t mtrr_device_t:file { getattr };
allow $1_t device_t:dir { getattr search };
allow $1_t mtrr_device_t:chr_file { getattr };
allow $1_t self:capability mknod;
allow $1_t device_t:dir { getattr search lock ioctl write add_name };
allow $1_t device_node:blk_file { getattr create };
allow $1_t self:capability mknod;
allow $1_t device_t:dir { getattr search lock ioctl write add_name };
allow $1_t device_node:chr_file { getattr create };
allow $1_t device_t:dir { getattr search lock ioctl write remove_name };
allow $1_t device_node:blk_file { getattr unlink };
allow $1_t device_t:dir { getattr search lock ioctl write remove_name };
allow $1_t device_node:chr_file { getattr unlink };
allow $1_t device_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t device_node:blk_file { getattr rename };
allow $1_t device_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t device_node:chr_file { getattr rename };
allow $1_t device_t:dir { getattr search lock ioctl write add_name };
allow $1_t device_t:lnk_file { create getattr };
allow $1_t domain:process setsched;
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:dir { getattr search };
allow $1_t domain:dir { getattr search read lock ioctl };
allow $1_t domain:dir { getattr search };
allow $1_t domain:file { getattr read lock ioctl };
allow $1_t domain:dir { getattr search };
allow $1_t domain:lnk_file { getattr read };
allow $1_t domain:process getattr;
allow $1_t domain:process sigkill;
allow $1_t self:capability kill;
allow $1_t domain:process signal;
allow $1_t domain:process signull;
allow $1_t domain:process sigstop;
allow $1_t domain:process sigstop;
allow $1_t domain:process sigchld;
allow $1_t domain:{ tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket appletalk_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket netlink_kobject_uevent_socket } getattr;
allow $1_t usr_t:dir { getattr search };
allow $1_t src_t:dir { getattr search read lock ioctl };
allow $1_t src_t:dir { getattr search };
allow $1_t src_t:file { getattr read execute execute_no_trans };
allow $1_t src_t:dir { getattr search };
allow $1_t src_t:lnk_file { getattr read };
allow $1_t filesystem_type:filesystem getattr;
allow $1_t filesystem_type:filesystem quotamod;
allow $1_t noxattrfs:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:dir { getattr search read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:lnk_file { getattr read };
allow $1_t removable_device_t:blk_file { getattr read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:dir { getattr search read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:lnk_file { getattr read };
allow $1_t removable_device_t:blk_file { getattr write append lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:dir { getattr search read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:lnk_file { getattr read };
allow $1_t devpts_t:dir { getattr search read lock ioctl };
allow $1_t { console_device_t tty_device_t ttynode ptynode }:chr_file { getattr read write append ioctl lock };
allow $1_t etc_t:dir { getattr search };
allow $1_t shadow_t:file getattr;
allow $1_t { file_type -shadow_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t { file_type -shadow_t }:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1_t { file_type -shadow_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t { file_type -shadow_t }:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1_t { file_type -shadow_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t { file_type -shadow_t }:lnk_file { create read getattr setattr unlink rename };
allow $1_t { file_type -shadow_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t { file_type -shadow_t }:fifo_file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1_t { file_type -shadow_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t { file_type -shadow_t }:sock_file { create getattr setattr read write rename link unlink ioctl lock append };
allow $1_t etc_t:dir { getattr search };
allow $1_t selinux_config_t:dir { getattr search };
allow $1_t policy_config_t:dir { getattr search lock ioctl write add_name };
allow $1_t policy_config_t:file { getattr create open };
allow $1_t policy_config_t:dir { getattr search };
allow $1_t policy_config_t:file { getattr write append lock ioctl };
allow $1_t modules_object_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t modules_object_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1_t { file_type -shadow_t }:dir { getattr search read lock ioctl };
allow $1_t { file_type -shadow_t }:dir { getattr search };
allow $1_t { file_type -shadow_t }:dir { getattr relabelfrom relabelto };
allow $1_t { file_type -shadow_t }:dir { getattr search };
allow $1_t { file_type -shadow_t }:file { getattr relabelfrom relabelto };
allow $1_t { file_type -shadow_t }:dir { getattr search };
allow $1_t { file_type -shadow_t }:lnk_file { getattr relabelfrom relabelto };
allow $1_t { file_type -shadow_t }:dir { getattr search };
allow $1_t { file_type -shadow_t }:fifo_file { getattr relabelfrom relabelto };
allow $1_t { file_type -shadow_t }:dir { getattr search };
allow $1_t { file_type -shadow_t }:sock_file { getattr relabelfrom relabelto };
allow $1_t { file_type -shadow_t }:dir { getattr search };
allow $1_t { file_type -shadow_t }:blk_file { getattr relabelfrom };
allow $1_t { file_type -shadow_t }:dir { getattr search };
allow $1_t { file_type -shadow_t }:chr_file { getattr relabelfrom };
allow $1_t policy_config_t:file relabelto;
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:dir { getattr search read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:lnk_file { getattr read };
allow $1_t initctl_t:fifo_file { getattr read write append ioctl lock };
allow $1_t bin_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search };
allow $1_t init_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1_t self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t init_t:unix_dgram_socket sendto;
allow $1_t devlog_t:lnk_file read;
allow $1_t devlog_t:sock_file { getattr read write append };
allow $1_t syslogd_t:unix_dgram_socket sendto;
allow $1_t syslogd_t:unix_stream_socket connectto;
allow $1_t self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t self:unix_stream_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:dir { getattr search read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:lnk_file { getattr read };
allow $1_t console_device_t:chr_file { getattr read write append ioctl lock };
allow $1_t bin_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search };
allow $1_t insmod_exec_t:file { getattr read execute };
allow $1_t insmod_t:process transition;
allow insmod_t $1_t:fd use;
allow insmod_t $1_t:fifo_file { getattr read write append ioctl lock };
allow insmod_t $1_t:process sigchld;
allow $1_t etc_t:dir { getattr search };
allow $1_t selinux_config_t:dir { getattr search };
allow $1_t policy_src_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t policy_src_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1_t policy_src_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t policy_src_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1_t etc_t:dir { getattr search };
allow $1_t selinux_config_t:dir { getattr search };
allow $1_t policy_config_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t policy_config_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1_t self:capability ~{ sys_module audit_control audit_write };
allow $1_t self:process { setexec setfscreate };
allow $1_t self:passwd { passwd chfn chsh };
allow $1_t self:passwd rootok;
allow $1_t self:netlink_audit_socket nlmsg_readpriv;
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_mdstat_t:file { getattr read lock ioctl };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:dir { getattr search read lock ioctl };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_kcore_t:file { getattr };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:dir { getattr search read lock ioctl };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_kmsg_t:file { getattr };
allow $1_t kernel_t:system syslog_console;
allow $1_t kernel_t:system syslog_mod;
allow $1_t kernel_t:system syslog_read;
allow $1_t kernel_t:system ipc_info;
allow $1_t { proc_t proc_net_t sysctl_type }:dir { getattr search };
allow $1_t sysctl_type:file { getattr read write append ioctl lock };
allow $1_t sysctl_type:dir { getattr search read lock ioctl };
allow $1_t sysctl_type:file setattr;
allow $1_t unlabeled_t:process sigkill;
allow $1_t unlabeled_t:process signal;
allow $1_t unlabeled_t:process sigstop;
allow $1_t unlabeled_t:process signull;
allow $1_t unlabeled_t:process sigchld;
allow $1_t port_t:tcp_socket name_bind;
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:dir { getattr search read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:lnk_file { getattr read };
allow $1_t tun_tap_device_t:chr_file { getattr read write append ioctl lock };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:blk_file { getattr };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:chr_file { getattr };
allow $1_t device_t:dir { getattr search };
allow $1_t mtrr_device_t:file { getattr };
allow $1_t device_t:dir { getattr search };
allow $1_t mtrr_device_t:chr_file { getattr };
allow $1_t self:capability mknod;
allow $1_t device_t:dir { getattr search lock ioctl write add_name };
allow $1_t device_node:blk_file { getattr create };
allow $1_t self:capability mknod;
allow $1_t device_t:dir { getattr search lock ioctl write add_name };
allow $1_t device_node:chr_file { getattr create };
allow $1_t device_t:dir { getattr search lock ioctl write remove_name };
allow $1_t device_node:blk_file { getattr unlink };
allow $1_t device_t:dir { getattr search lock ioctl write remove_name };
allow $1_t device_node:chr_file { getattr unlink };
allow $1_t device_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t device_node:blk_file { getattr rename };
allow $1_t device_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t device_node:chr_file { getattr rename };
allow $1_t device_t:dir { getattr search lock ioctl write add_name };
allow $1_t device_t:lnk_file { create getattr };
allow $1_t domain:process setsched;
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:dir { getattr search };
allow $1_t domain:dir { getattr search read lock ioctl };
allow $1_t domain:dir { getattr search };
allow $1_t domain:file { getattr read lock ioctl };
allow $1_t domain:dir { getattr search };
allow $1_t domain:lnk_file { getattr read };
allow $1_t domain:process getattr;
allow $1_t domain:process sigkill;
allow $1_t self:capability kill;
allow $1_t domain:process signal;
allow $1_t domain:process signull;
allow $1_t domain:process sigstop;
allow $1_t domain:process sigstop;
allow $1_t domain:process sigchld;
allow $1_t domain:{ tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket appletalk_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket netlink_kobject_uevent_socket } getattr;
allow $1_t usr_t:dir { getattr search };
allow $1_t src_t:dir { getattr search read lock ioctl };
allow $1_t src_t:dir { getattr search };
allow $1_t src_t:file { getattr read execute execute_no_trans };
allow $1_t src_t:dir { getattr search };
allow $1_t src_t:lnk_file { getattr read };
allow $1_t filesystem_type:filesystem getattr;
allow $1_t filesystem_type:filesystem quotamod;
allow $1_t noxattrfs:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:dir { getattr search read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:lnk_file { getattr read };
allow $1_t removable_device_t:blk_file { getattr read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:dir { getattr search read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:lnk_file { getattr read };
allow $1_t removable_device_t:blk_file { getattr write append lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:dir { getattr search read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:lnk_file { getattr read };
allow $1_t devpts_t:dir { getattr search read lock ioctl };
allow $1_t { console_device_t tty_device_t ttynode ptynode }:chr_file { getattr read write append ioctl lock };
allow $1_t etc_t:dir { getattr search };
allow $1_t shadow_t:file getattr;
allow $1_t { file_type -shadow_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t { file_type -shadow_t }:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1_t { file_type -shadow_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t { file_type -shadow_t }:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1_t { file_type -shadow_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t { file_type -shadow_t }:lnk_file { create read getattr setattr unlink rename };
allow $1_t { file_type -shadow_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t { file_type -shadow_t }:fifo_file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1_t { file_type -shadow_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t { file_type -shadow_t }:sock_file { create getattr setattr read write rename link unlink ioctl lock append };
allow $1_t etc_t:dir { getattr search };
allow $1_t selinux_config_t:dir { getattr search };
allow $1_t policy_config_t:dir { getattr search lock ioctl write add_name };
allow $1_t policy_config_t:file { getattr create open };
allow $1_t policy_config_t:dir { getattr search };
allow $1_t policy_config_t:file { getattr write append lock ioctl };
allow $1_t modules_object_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t modules_object_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1_t { file_type -shadow_t }:dir { getattr search read lock ioctl };
allow $1_t { file_type -shadow_t }:dir { getattr search };
allow $1_t { file_type -shadow_t }:dir { getattr relabelfrom relabelto };
allow $1_t { file_type -shadow_t }:dir { getattr search };
allow $1_t { file_type -shadow_t }:file { getattr relabelfrom relabelto };
allow $1_t { file_type -shadow_t }:dir { getattr search };
allow $1_t { file_type -shadow_t }:lnk_file { getattr relabelfrom relabelto };
allow $1_t { file_type -shadow_t }:dir { getattr search };
allow $1_t { file_type -shadow_t }:fifo_file { getattr relabelfrom relabelto };
allow $1_t { file_type -shadow_t }:dir { getattr search };
allow $1_t { file_type -shadow_t }:sock_file { getattr relabelfrom relabelto };
allow $1_t { file_type -shadow_t }:dir { getattr search };
allow $1_t { file_type -shadow_t }:blk_file { getattr relabelfrom };
allow $1_t { file_type -shadow_t }:dir { getattr search };
allow $1_t { file_type -shadow_t }:chr_file { getattr relabelfrom };
allow $1_t policy_config_t:file relabelto;
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:dir { getattr search read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:lnk_file { getattr read };
allow $1_t initctl_t:fifo_file { getattr read write append ioctl lock };
allow $1_t bin_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search };
allow $1_t init_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1_t self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t init_t:unix_dgram_socket sendto;
allow $1_t devlog_t:lnk_file read;
allow $1_t devlog_t:sock_file { getattr read write append };
allow $1_t syslogd_t:unix_dgram_socket sendto;
allow $1_t syslogd_t:unix_stream_socket connectto;
allow $1_t self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t self:unix_stream_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:dir { getattr search read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:lnk_file { getattr read };
allow $1_t console_device_t:chr_file { getattr read write append ioctl lock };
allow $1_t bin_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search };
allow $1_t insmod_exec_t:file { getattr read execute };
allow $1_t insmod_t:process transition;
allow insmod_t $1_t:fd use;
allow insmod_t $1_t:fifo_file { getattr read write append ioctl lock };
allow insmod_t $1_t:process sigchld;
allow $1_t etc_t:dir { getattr search };
allow $1_t selinux_config_t:dir { getattr search };
allow $1_t policy_src_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t policy_src_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1_t policy_src_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t policy_src_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1_t etc_t:dir { getattr search };
allow $1_t selinux_config_t:dir { getattr search };
allow $1_t policy_config_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t policy_config_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1_t self:capability ~{ sys_module audit_control audit_write };
allow $1_t self:process { setexec setfscreate };
allow $1_t self:passwd { passwd chfn chsh };
allow $1_t self:passwd rootok;
allow $1_t self:netlink_audit_socket nlmsg_readpriv;
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_mdstat_t:file { getattr read lock ioctl };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:dir { getattr search read lock ioctl };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_kcore_t:file { getattr };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:dir { getattr search read lock ioctl };
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_kmsg_t:file { getattr };
allow $1_t kernel_t:system syslog_console;
allow $1_t kernel_t:system syslog_mod;
allow $1_t kernel_t:system syslog_read;
allow $1_t kernel_t:system ipc_info;
allow $1_t { proc_t proc_net_t sysctl_type }:dir { getattr search };
allow $1_t sysctl_type:file { getattr read write append ioctl lock };
allow $1_t sysctl_type:dir { getattr search read lock ioctl };
allow $1_t sysctl_type:file setattr;
allow $1_t unlabeled_t:process sigkill;
allow $1_t unlabeled_t:process signal;
allow $1_t unlabeled_t:process sigstop;
allow $1_t unlabeled_t:process signull;
allow $1_t unlabeled_t:process sigchld;
allow $1_t port_t:tcp_socket name_bind;
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:dir { getattr search read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:lnk_file { getattr read };
allow $1_t tun_tap_device_t:chr_file { getattr read write append ioctl lock };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:blk_file { getattr };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:chr_file { getattr };
allow $1_t device_t:dir { getattr search };
allow $1_t mtrr_device_t:file { getattr };
allow $1_t device_t:dir { getattr search };
allow $1_t mtrr_device_t:chr_file { getattr };
allow $1_t self:capability mknod;
allow $1_t device_t:dir { getattr search lock ioctl write add_name };
allow $1_t device_node:blk_file { getattr create };
allow $1_t self:capability mknod;
allow $1_t device_t:dir { getattr search lock ioctl write add_name };
allow $1_t device_node:chr_file { getattr create };
allow $1_t device_t:dir { getattr search lock ioctl write remove_name };
allow $1_t device_node:blk_file { getattr unlink };
allow $1_t device_t:dir { getattr search lock ioctl write remove_name };
allow $1_t device_node:chr_file { getattr unlink };
allow $1_t device_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t device_node:blk_file { getattr rename };
allow $1_t device_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t device_node:chr_file { getattr rename };
allow $1_t device_t:dir { getattr search lock ioctl write add_name };
allow $1_t device_t:lnk_file { create getattr };
allow $1_t domain:process setsched;
allow $1_t proc_t:dir { getattr search };
allow $1_t proc_t:dir { getattr search };
allow $1_t domain:dir { getattr search read lock ioctl };
allow $1_t domain:dir { getattr search };
allow $1_t domain:file { getattr read lock ioctl };
allow $1_t domain:dir { getattr search };
allow $1_t domain:lnk_file { getattr read };
allow $1_t domain:process getattr;
allow $1_t domain:process sigkill;
allow $1_t self:capability kill;
allow $1_t domain:process signal;
allow $1_t domain:process signull;
allow $1_t domain:process sigstop;
allow $1_t domain:process sigstop;
allow $1_t domain:process sigchld;
allow $1_t domain:{ tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket appletalk_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket netlink_kobject_uevent_socket } getattr;
allow $1_t usr_t:dir { getattr search };
allow $1_t src_t:dir { getattr search read lock ioctl };
allow $1_t src_t:dir { getattr search };
allow $1_t src_t:file { getattr read execute execute_no_trans };
allow $1_t src_t:dir { getattr search };
allow $1_t src_t:lnk_file { getattr read };
allow $1_t filesystem_type:filesystem getattr;
allow $1_t filesystem_type:filesystem quotamod;
allow $1_t noxattrfs:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:dir { getattr search read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:lnk_file { getattr read };
allow $1_t removable_device_t:blk_file { getattr read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:dir { getattr search read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:lnk_file { getattr read };
allow $1_t removable_device_t:blk_file { getattr write append lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:dir { getattr search read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:lnk_file { getattr read };
allow $1_t devpts_t:dir { getattr search read lock ioctl };
allow $1_t { console_device_t tty_device_t ttynode ptynode }:chr_file { getattr read write append ioctl lock };
allow $1_t etc_t:dir { getattr search };
allow $1_t shadow_t:file getattr;
allow $1_t { file_type -shadow_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t { file_type -shadow_t }:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1_t { file_type -shadow_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t { file_type -shadow_t }:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1_t { file_type -shadow_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t { file_type -shadow_t }:lnk_file { create read getattr setattr unlink rename };
allow $1_t { file_type -shadow_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t { file_type -shadow_t }:fifo_file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1_t { file_type -shadow_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t { file_type -shadow_t }:sock_file { create getattr setattr read write rename link unlink ioctl lock append };
allow $1_t etc_t:dir { getattr search };
allow $1_t selinux_config_t:dir { getattr search };
allow $1_t policy_config_t:dir { getattr search lock ioctl write add_name };
allow $1_t policy_config_t:file { getattr create open };
allow $1_t policy_config_t:dir { getattr search };
allow $1_t policy_config_t:file { getattr write append lock ioctl };
allow $1_t modules_object_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t modules_object_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1_t { file_type -shadow_t }:dir { getattr search read lock ioctl };
allow $1_t { file_type -shadow_t }:dir { getattr search };
allow $1_t { file_type -shadow_t }:dir { getattr relabelfrom relabelto };
allow $1_t { file_type -shadow_t }:dir { getattr search };
allow $1_t { file_type -shadow_t }:file { getattr relabelfrom relabelto };
allow $1_t { file_type -shadow_t }:dir { getattr search };
allow $1_t { file_type -shadow_t }:lnk_file { getattr relabelfrom relabelto };
allow $1_t { file_type -shadow_t }:dir { getattr search };
allow $1_t { file_type -shadow_t }:fifo_file { getattr relabelfrom relabelto };
allow $1_t { file_type -shadow_t }:dir { getattr search };
allow $1_t { file_type -shadow_t }:sock_file { getattr relabelfrom relabelto };
allow $1_t { file_type -shadow_t }:dir { getattr search };
allow $1_t { file_type -shadow_t }:blk_file { getattr relabelfrom };
allow $1_t { file_type -shadow_t }:dir { getattr search };
allow $1_t { file_type -shadow_t }:chr_file { getattr relabelfrom };
allow $1_t policy_config_t:file relabelto;
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:dir { getattr search read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:lnk_file { getattr read };
allow $1_t initctl_t:fifo_file { getattr read write append ioctl lock };
allow $1_t bin_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search };
allow $1_t init_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1_t self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t init_t:unix_dgram_socket sendto;
allow $1_t devlog_t:lnk_file read;
allow $1_t devlog_t:sock_file { getattr read write append };
allow $1_t syslogd_t:unix_dgram_socket sendto;
allow $1_t syslogd_t:unix_stream_socket connectto;
allow $1_t self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t self:unix_stream_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:dir { getattr search read lock ioctl };
allow $1_t device_t:dir { getattr search };
allow $1_t device_t:lnk_file { getattr read };
allow $1_t console_device_t:chr_file { getattr read write append ioctl lock };
allow $1_t bin_t:dir { getattr search };
allow $1_t bin_t:dir { getattr search };
allow $1_t insmod_exec_t:file { getattr read execute };
allow $1_t insmod_t:process transition;
allow insmod_t $1_t:fd use;
allow insmod_t $1_t:fifo_file { getattr read write append ioctl lock };
allow insmod_t $1_t:process sigchld;
allow $1_t etc_t:dir { getattr search };
allow $1_t selinux_config_t:dir { getattr search };
allow $1_t policy_src_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t policy_src_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1_t policy_src_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t policy_src_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1_t etc_t:dir { getattr search };
allow $1_t selinux_config_t:dir { getattr search };
allow $1_t policy_config_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t policy_config_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1_t noxattrfs:dir { read getattr lock search ioctl add_name remove_name write };
allow $1_t noxattrfs:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1_t noxattrfs:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1_t noxattrfs:dir { getattr search };
allow $1_t noxattrfs:file { getattr read lock ioctl };
allow $1 self:capability { dac_read_search dac_override };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search read lock ioctl };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:lnk_file { getattr read };
allow $1 shell_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1 device_t:dir { getattr search };
allow $1 device_node:dir { getattr relabelfrom };
allow $1 device_t:dir { getattr search };
allow $1 device_node:file { getattr relabelfrom };
allow $1 device_t:dir { getattr search };
allow $1 device_node:lnk_file { getattr relabelfrom };
allow $1 device_t:dir { getattr search };
allow $1 device_node:fifo_file { getattr relabelfrom };
allow $1 device_t:dir { getattr search };
allow $1 device_node:sock_file { getattr relabelfrom };
allow $1 device_t:dir { getattr search };
allow $1 { device_t device_node }:blk_file { getattr relabelfrom relabelto };
allow $1 device_t:dir { getattr search };
allow $1 { device_t device_node }:chr_file { getattr relabelfrom relabelto };
allow $1 etc_runtime_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 root_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 dosfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 dosfs_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read write append ioctl lock };
allow $1 security_t:security setenforce;
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read write append ioctl lock };
allow $1 security_t:security setbool;
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read write append ioctl lock };
allow $1 security_t:security setsecparam;
allow $1 { file_type -shadow_t }:dir { getattr search read lock ioctl };
allow $1 { file_type -shadow_t }:dir { getattr search };
allow $1 { file_type -shadow_t }:dir { getattr relabelfrom relabelto };
allow $1 { file_type -shadow_t }:dir { getattr search };
allow $1 { file_type -shadow_t }:file { getattr relabelfrom relabelto };
allow $1 { file_type -shadow_t }:dir { getattr search };
allow $1 { file_type -shadow_t }:lnk_file { getattr relabelfrom relabelto };
allow $1 { file_type -shadow_t }:dir { getattr search };
allow $1 { file_type -shadow_t }:fifo_file { getattr relabelfrom relabelto };
allow $1 { file_type -shadow_t }:dir { getattr search };
allow $1 { file_type -shadow_t }:sock_file { getattr relabelfrom relabelto };
allow $1 { file_type -shadow_t }:dir { getattr search };
allow $1 { file_type -shadow_t }:blk_file { getattr relabelfrom };
allow $1 { file_type -shadow_t }:dir { getattr search };
allow $1 { file_type -shadow_t }:chr_file { getattr relabelfrom };
allow $1 policy_config_t:file relabelto;
allow $1 etc_t:dir { getattr search };
allow $1 shadow_t:file { relabelfrom relabelto };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 init_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1 devlog_t:lnk_file read;
allow $1 devlog_t:sock_file { getattr read write append };
allow $1 syslogd_t:unix_dgram_socket sendto;
allow $1 syslogd_t:unix_stream_socket connectto;
allow $1 self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 self:unix_stream_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 console_device_t:chr_file { getattr read write append ioctl lock };
allow $1 var_t:dir { getattr search };
allow $1 auditd_log_t:dir { getattr search };
allow $1 auditd_log_t:file { getattr read lock ioctl };
allow $1 auditd_log_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
allow $1 var_log_t:dir { getattr search };
allow $1 var_log_t:file { getattr read lock ioctl };
allow $1 etc_t:dir { getattr search };
allow $1 auditd_etc_t:dir { getattr search };
allow $1 auditd_etc_t:file { getattr read lock ioctl };
allow $1 auditd_etc_t:dir { getattr search read lock ioctl };
allow $1 etc_t:dir { getattr search };
allow $1 selinux_config_t:dir { getattr search };
allow $1 policy_config_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 policy_config_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 checkpolicy_exec_t:file { getattr read execute };
allow $1 checkpolicy_t:process transition;
allow checkpolicy_t $1:fd use;
allow checkpolicy_t $1:fifo_file { getattr read write append ioctl lock };
allow checkpolicy_t $1:process sigchld;
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 load_policy_exec_t:file { getattr read execute };
allow $1 load_policy_t:process transition;
allow load_policy_t $1:fd use;
allow load_policy_t $1:fifo_file { getattr read write append ioctl lock };
allow load_policy_t $1:process sigchld;
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 semanage_exec_t:file { getattr read execute };
allow $1 semanage_t:process transition;
allow semanage_t $1:fd use;
allow semanage_t $1:fifo_file { getattr read write append ioctl lock };
allow semanage_t $1:process sigchld;
allow semanage_t usr_t:dir { getattr search };
allow semanage_t bin_t:dir { getattr search };
allow semanage_t bin_t:dir { getattr search };
allow semanage_t setfiles_exec_t:file { getattr read execute };
allow semanage_t setfiles_t:process transition;
allow setfiles_t semanage_t:fd use;
allow setfiles_t semanage_t:fifo_file { getattr read write append ioctl lock };
allow setfiles_t semanage_t:process sigchld;
allow semanage_t bin_t:dir { getattr search };
allow semanage_t bin_t:dir { getattr search };
allow semanage_t load_policy_exec_t:file { getattr read execute };
allow semanage_t load_policy_t:process transition;
allow load_policy_t semanage_t:fd use;
allow load_policy_t semanage_t:fifo_file { getattr read write append ioctl lock };
allow load_policy_t semanage_t:process sigchld;
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 setfiles_exec_t:file { getattr read execute };
allow $1 setfiles_t:process transition;
allow setfiles_t $1:fd use;
allow setfiles_t $1:fifo_file { getattr read write append ioctl lock };
allow setfiles_t $1:process sigchld;
allow $1 self:capability { dac_read_search dac_override };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search read lock ioctl };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:lnk_file { getattr read };
allow $1 shell_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1 device_t:dir { getattr search };
allow $1 device_node:dir { getattr relabelfrom };
allow $1 device_t:dir { getattr search };
allow $1 device_node:file { getattr relabelfrom };
allow $1 device_t:dir { getattr search };
allow $1 device_node:lnk_file { getattr relabelfrom };
allow $1 device_t:dir { getattr search };
allow $1 device_node:fifo_file { getattr relabelfrom };
allow $1 device_t:dir { getattr search };
allow $1 device_node:sock_file { getattr relabelfrom };
allow $1 device_t:dir { getattr search };
allow $1 { device_t device_node }:blk_file { getattr relabelfrom relabelto };
allow $1 device_t:dir { getattr search };
allow $1 { device_t device_node }:chr_file { getattr relabelfrom relabelto };
allow $1 etc_runtime_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 root_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 dosfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 dosfs_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read write append ioctl lock };
allow $1 security_t:security setenforce;
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read write append ioctl lock };
allow $1 security_t:security setbool;
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read write append ioctl lock };
allow $1 security_t:security setsecparam;
allow $1 { file_type -shadow_t }:dir { getattr search read lock ioctl };
allow $1 { file_type -shadow_t }:dir { getattr search };
allow $1 { file_type -shadow_t }:dir { getattr relabelfrom relabelto };
allow $1 { file_type -shadow_t }:dir { getattr search };
allow $1 { file_type -shadow_t }:file { getattr relabelfrom relabelto };
allow $1 { file_type -shadow_t }:dir { getattr search };
allow $1 { file_type -shadow_t }:lnk_file { getattr relabelfrom relabelto };
allow $1 { file_type -shadow_t }:dir { getattr search };
allow $1 { file_type -shadow_t }:fifo_file { getattr relabelfrom relabelto };
allow $1 { file_type -shadow_t }:dir { getattr search };
allow $1 { file_type -shadow_t }:sock_file { getattr relabelfrom relabelto };
allow $1 { file_type -shadow_t }:dir { getattr search };
allow $1 { file_type -shadow_t }:blk_file { getattr relabelfrom };
allow $1 { file_type -shadow_t }:dir { getattr search };
allow $1 { file_type -shadow_t }:chr_file { getattr relabelfrom };
allow $1 policy_config_t:file relabelto;
allow $1 etc_t:dir { getattr search };
allow $1 shadow_t:file { relabelfrom relabelto };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 init_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1 devlog_t:lnk_file read;
allow $1 devlog_t:sock_file { getattr read write append };
allow $1 syslogd_t:unix_dgram_socket sendto;
allow $1 syslogd_t:unix_stream_socket connectto;
allow $1 self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 self:unix_stream_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 console_device_t:chr_file { getattr read write append ioctl lock };
allow $1 var_t:dir { getattr search };
allow $1 auditd_log_t:dir { getattr search };
allow $1 auditd_log_t:file { getattr read lock ioctl };
allow $1 auditd_log_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
allow $1 var_log_t:dir { getattr search };
allow $1 var_log_t:file { getattr read lock ioctl };
allow $1 etc_t:dir { getattr search };
allow $1 auditd_etc_t:dir { getattr search };
allow $1 auditd_etc_t:file { getattr read lock ioctl };
allow $1 auditd_etc_t:dir { getattr search read lock ioctl };
allow $1 etc_t:dir { getattr search };
allow $1 selinux_config_t:dir { getattr search };
allow $1 policy_config_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 policy_config_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 checkpolicy_exec_t:file { getattr read execute };
allow $1 checkpolicy_t:process transition;
allow checkpolicy_t $1:fd use;
allow checkpolicy_t $1:fifo_file { getattr read write append ioctl lock };
allow checkpolicy_t $1:process sigchld;
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 load_policy_exec_t:file { getattr read execute };
allow $1 load_policy_t:process transition;
allow load_policy_t $1:fd use;
allow load_policy_t $1:fifo_file { getattr read write append ioctl lock };
allow load_policy_t $1:process sigchld;
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 semanage_exec_t:file { getattr read execute };
allow $1 semanage_t:process transition;
allow semanage_t $1:fd use;
allow semanage_t $1:fifo_file { getattr read write append ioctl lock };
allow semanage_t $1:process sigchld;
allow semanage_t usr_t:dir { getattr search };
allow semanage_t bin_t:dir { getattr search };
allow semanage_t bin_t:dir { getattr search };
allow semanage_t setfiles_exec_t:file { getattr read execute };
allow semanage_t setfiles_t:process transition;
allow setfiles_t semanage_t:fd use;
allow setfiles_t semanage_t:fifo_file { getattr read write append ioctl lock };
allow setfiles_t semanage_t:process sigchld;
allow semanage_t bin_t:dir { getattr search };
allow semanage_t bin_t:dir { getattr search };
allow semanage_t load_policy_exec_t:file { getattr read execute };
allow semanage_t load_policy_t:process transition;
allow load_policy_t semanage_t:fd use;
allow load_policy_t semanage_t:fifo_file { getattr read write append ioctl lock };
allow load_policy_t semanage_t:process sigchld;
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 setfiles_exec_t:file { getattr read execute };
allow $1 setfiles_t:process transition;
allow setfiles_t $1:fd use;
allow setfiles_t $1:fifo_file { getattr read write append ioctl lock };
allow setfiles_t $1:process sigchld;
allow $1 self:capability { dac_read_search dac_override };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search read lock ioctl };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:lnk_file { getattr read };
allow $1 shell_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1 device_t:dir { getattr search };
allow $1 device_node:dir { getattr relabelfrom };
allow $1 device_t:dir { getattr search };
allow $1 device_node:file { getattr relabelfrom };
allow $1 device_t:dir { getattr search };
allow $1 device_node:lnk_file { getattr relabelfrom };
allow $1 device_t:dir { getattr search };
allow $1 device_node:fifo_file { getattr relabelfrom };
allow $1 device_t:dir { getattr search };
allow $1 device_node:sock_file { getattr relabelfrom };
allow $1 device_t:dir { getattr search };
allow $1 { device_t device_node }:blk_file { getattr relabelfrom relabelto };
allow $1 device_t:dir { getattr search };
allow $1 { device_t device_node }:chr_file { getattr relabelfrom relabelto };
allow $1 etc_runtime_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 root_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 dosfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 dosfs_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read write append ioctl lock };
allow $1 security_t:security setenforce;
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read write append ioctl lock };
allow $1 security_t:security setbool;
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read write append ioctl lock };
allow $1 security_t:security setsecparam;
allow $1 { file_type -shadow_t }:dir { getattr search read lock ioctl };
allow $1 { file_type -shadow_t }:dir { getattr search };
allow $1 { file_type -shadow_t }:dir { getattr relabelfrom relabelto };
allow $1 { file_type -shadow_t }:dir { getattr search };
allow $1 { file_type -shadow_t }:file { getattr relabelfrom relabelto };
allow $1 { file_type -shadow_t }:dir { getattr search };
allow $1 { file_type -shadow_t }:lnk_file { getattr relabelfrom relabelto };
allow $1 { file_type -shadow_t }:dir { getattr search };
allow $1 { file_type -shadow_t }:fifo_file { getattr relabelfrom relabelto };
allow $1 { file_type -shadow_t }:dir { getattr search };
allow $1 { file_type -shadow_t }:sock_file { getattr relabelfrom relabelto };
allow $1 { file_type -shadow_t }:dir { getattr search };
allow $1 { file_type -shadow_t }:blk_file { getattr relabelfrom };
allow $1 { file_type -shadow_t }:dir { getattr search };
allow $1 { file_type -shadow_t }:chr_file { getattr relabelfrom };
allow $1 policy_config_t:file relabelto;
allow $1 etc_t:dir { getattr search };
allow $1 shadow_t:file { relabelfrom relabelto };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 init_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1 devlog_t:lnk_file read;
allow $1 devlog_t:sock_file { getattr read write append };
allow $1 syslogd_t:unix_dgram_socket sendto;
allow $1 syslogd_t:unix_stream_socket connectto;
allow $1 self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 self:unix_stream_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 console_device_t:chr_file { getattr read write append ioctl lock };
allow $1 var_t:dir { getattr search };
allow $1 auditd_log_t:dir { getattr search };
allow $1 auditd_log_t:file { getattr read lock ioctl };
allow $1 auditd_log_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
allow $1 var_log_t:dir { getattr search };
allow $1 var_log_t:file { getattr read lock ioctl };
allow $1 etc_t:dir { getattr search };
allow $1 auditd_etc_t:dir { getattr search };
allow $1 auditd_etc_t:file { getattr read lock ioctl };
allow $1 auditd_etc_t:dir { getattr search read lock ioctl };
allow $1 etc_t:dir { getattr search };
allow $1 selinux_config_t:dir { getattr search };
allow $1 policy_config_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 policy_config_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 checkpolicy_exec_t:file { getattr read execute };
allow $1 checkpolicy_t:process transition;
allow checkpolicy_t $1:fd use;
allow checkpolicy_t $1:fifo_file { getattr read write append ioctl lock };
allow checkpolicy_t $1:process sigchld;
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 load_policy_exec_t:file { getattr read execute };
allow $1 load_policy_t:process transition;
allow load_policy_t $1:fd use;
allow load_policy_t $1:fifo_file { getattr read write append ioctl lock };
allow load_policy_t $1:process sigchld;
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 semanage_exec_t:file { getattr read execute };
allow $1 semanage_t:process transition;
allow semanage_t $1:fd use;
allow semanage_t $1:fifo_file { getattr read write append ioctl lock };
allow semanage_t $1:process sigchld;
allow semanage_t usr_t:dir { getattr search };
allow semanage_t bin_t:dir { getattr search };
allow semanage_t bin_t:dir { getattr search };
allow semanage_t setfiles_exec_t:file { getattr read execute };
allow semanage_t setfiles_t:process transition;
allow setfiles_t semanage_t:fd use;
allow setfiles_t semanage_t:fifo_file { getattr read write append ioctl lock };
allow setfiles_t semanage_t:process sigchld;
allow semanage_t bin_t:dir { getattr search };
allow semanage_t bin_t:dir { getattr search };
allow semanage_t load_policy_exec_t:file { getattr read execute };
allow semanage_t load_policy_t:process transition;
allow load_policy_t semanage_t:fd use;
allow load_policy_t semanage_t:fifo_file { getattr read write append ioctl lock };
allow load_policy_t semanage_t:process sigchld;
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 setfiles_exec_t:file { getattr read execute };
allow $1 setfiles_t:process transition;
allow setfiles_t $1:fd use;
allow setfiles_t $1:fifo_file { getattr read write append ioctl lock };
allow setfiles_t $1:process sigchld;
allow $1 self:capability { dac_read_search dac_override };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search read lock ioctl };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:lnk_file { getattr read };
allow $1 shell_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1 device_t:dir { getattr search };
allow $1 device_node:dir { getattr relabelfrom };
allow $1 device_t:dir { getattr search };
allow $1 device_node:file { getattr relabelfrom };
allow $1 device_t:dir { getattr search };
allow $1 device_node:lnk_file { getattr relabelfrom };
allow $1 device_t:dir { getattr search };
allow $1 device_node:fifo_file { getattr relabelfrom };
allow $1 device_t:dir { getattr search };
allow $1 device_node:sock_file { getattr relabelfrom };
allow $1 device_t:dir { getattr search };
allow $1 { device_t device_node }:blk_file { getattr relabelfrom relabelto };
allow $1 device_t:dir { getattr search };
allow $1 { device_t device_node }:chr_file { getattr relabelfrom relabelto };
allow $1 etc_runtime_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 root_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 dosfs_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 dosfs_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read write append ioctl lock };
allow $1 security_t:security setenforce;
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read write append ioctl lock };
allow $1 security_t:security setbool;
allow $1 security_t:dir { getattr search read lock ioctl };
allow $1 security_t:file { getattr read write append ioctl lock };
allow $1 security_t:security setsecparam;
allow $1 { file_type -shadow_t }:dir { getattr search read lock ioctl };
allow $1 { file_type -shadow_t }:dir { getattr search };
allow $1 { file_type -shadow_t }:dir { getattr relabelfrom relabelto };
allow $1 { file_type -shadow_t }:dir { getattr search };
allow $1 { file_type -shadow_t }:file { getattr relabelfrom relabelto };
allow $1 { file_type -shadow_t }:dir { getattr search };
allow $1 { file_type -shadow_t }:lnk_file { getattr relabelfrom relabelto };
allow $1 { file_type -shadow_t }:dir { getattr search };
allow $1 { file_type -shadow_t }:fifo_file { getattr relabelfrom relabelto };
allow $1 { file_type -shadow_t }:dir { getattr search };
allow $1 { file_type -shadow_t }:sock_file { getattr relabelfrom relabelto };
allow $1 { file_type -shadow_t }:dir { getattr search };
allow $1 { file_type -shadow_t }:blk_file { getattr relabelfrom };
allow $1 { file_type -shadow_t }:dir { getattr search };
allow $1 { file_type -shadow_t }:chr_file { getattr relabelfrom };
allow $1 policy_config_t:file relabelto;
allow $1 etc_t:dir { getattr search };
allow $1 shadow_t:file { relabelfrom relabelto };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 init_exec_t:file { { getattr read execute ioctl } ioctl lock execute_no_trans };
allow $1 devlog_t:lnk_file read;
allow $1 devlog_t:sock_file { getattr read write append };
allow $1 syslogd_t:unix_dgram_socket sendto;
allow $1 syslogd_t:unix_stream_socket connectto;
allow $1 self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 self:unix_stream_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } };
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 console_device_t:chr_file { getattr read write append ioctl lock };
allow $1 var_t:dir { getattr search };
allow $1 auditd_log_t:dir { getattr search };
allow $1 auditd_log_t:file { getattr read lock ioctl };
allow $1 auditd_log_t:dir { getattr search read lock ioctl };
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search read lock ioctl };
allow $1 var_log_t:dir { getattr search };
allow $1 var_log_t:file { getattr read lock ioctl };
allow $1 etc_t:dir { getattr search };
allow $1 auditd_etc_t:dir { getattr search };
allow $1 auditd_etc_t:file { getattr read lock ioctl };
allow $1 auditd_etc_t:dir { getattr search read lock ioctl };
allow $1 etc_t:dir { getattr search };
allow $1 selinux_config_t:dir { getattr search };
allow $1 policy_config_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 policy_config_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 checkpolicy_exec_t:file { getattr read execute };
allow $1 checkpolicy_t:process transition;
allow checkpolicy_t $1:fd use;
allow checkpolicy_t $1:fifo_file { getattr read write append ioctl lock };
allow checkpolicy_t $1:process sigchld;
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 load_policy_exec_t:file { getattr read execute };
allow $1 load_policy_t:process transition;
allow load_policy_t $1:fd use;
allow load_policy_t $1:fifo_file { getattr read write append ioctl lock };
allow load_policy_t $1:process sigchld;
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 semanage_exec_t:file { getattr read execute };
allow $1 semanage_t:process transition;
allow semanage_t $1:fd use;
allow semanage_t $1:fifo_file { getattr read write append ioctl lock };
allow semanage_t $1:process sigchld;
allow semanage_t usr_t:dir { getattr search };
allow semanage_t bin_t:dir { getattr search };
allow semanage_t bin_t:dir { getattr search };
allow semanage_t setfiles_exec_t:file { getattr read execute };
allow semanage_t setfiles_t:process transition;
allow setfiles_t semanage_t:fd use;
allow setfiles_t semanage_t:fifo_file { getattr read write append ioctl lock };
allow setfiles_t semanage_t:process sigchld;
allow semanage_t bin_t:dir { getattr search };
allow semanage_t bin_t:dir { getattr search };
allow semanage_t load_policy_exec_t:file { getattr read execute };
allow semanage_t load_policy_t:process transition;
allow load_policy_t semanage_t:fd use;
allow load_policy_t semanage_t:fifo_file { getattr read write append ioctl lock };
allow load_policy_t semanage_t:process sigchld;
allow $1 usr_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search };
allow $1 setfiles_exec_t:file { getattr read execute };
allow $1 setfiles_t:process transition;
allow setfiles_t $1:fd use;
allow setfiles_t $1:fifo_file { getattr read write append ioctl lock };
allow setfiles_t $1:process sigchld;
system,userdomain.if,userdom_user_home_content'
allow $1 user_home_t:filesystem associate;
system,userdomain.if,userdom_setattr_user_ptys'
allow $1 user_devpts_t:chr_file setattr;
system,userdomain.if,userdom_create_user_pty'
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 ptmx_t:chr_file { getattr read write append ioctl lock };
allow $1 devpts_t:dir { getattr search read lock ioctl };
allow $1 devpts_t:filesystem getattr;
system,userdomain.if,userdom_getattr_user_home_dirs'
allow $1 user_home_dir_t:dir { getattr };
allow $1 home_root_t:dir { getattr search };
system,userdomain.if,userdom_dontaudit_getattr_user_home_dirs'
system,userdomain.if,userdom_search_user_home_dirs'
allow $1 user_home_dir_t:dir { getattr search };
allow $1 home_root_t:dir { getattr search };
system,userdomain.if,userdom_dontaudit_search_user_home_dirs'
system,userdomain.if,userdom_list_user_home_dirs'
allow $1 user_home_dir_t:dir { getattr search read lock ioctl };
allow $1 home_root_t:dir { getattr search };
system,userdomain.if,userdom_dontaudit_list_user_home_dirs'
system,userdomain.if,userdom_create_user_home_dirs'
allow $1 user_home_dir_t:dir { getattr create };
system,userdomain.if,userdom_manage_user_home_dirs'
allow $1 user_home_dir_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
system,userdomain.if,userdom_relabelto_user_home_dirs'
allow $1 user_home_dir_t:dir relabelto;
system,userdomain.if,userdom_home_filetrans_user_home_dir'
allow $1 home_root_t:dir { read getattr lock search ioctl add_name remove_name write };
system,userdomain.if,userdom_user_home_domtrans'
allow $1 user_home_t:file { getattr read execute };
allow $1 $2:process transition;
allow $1 user_home_dir_t:dir { getattr search };
allow $1 home_root_t:dir { getattr search };
system,userdomain.if,userdom_dontaudit_search_user_home_content'
system,userdomain.if,userdom_manage_user_home_content_dirs'
allow $1 { user_home_dir_t user_home_t }:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 user_home_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 home_root_t:dir { getattr search };
system,userdomain.if,userdom_dontaudit_setattr_user_home_content_files'
system,userdomain.if,userdom_mmap_user_home_content_files'
allow $1 { user_home_dir_t user_home_t }:dir { getattr search };
allow $1 user_home_t:file { getattr read execute ioctl };
allow $1 home_root_t:dir { getattr search };
system,userdomain.if,userdom_read_user_home_content_files'
allow $1 { user_home_dir_t user_home_t }:dir { getattr search };
allow $1 user_home_t:file { getattr read lock ioctl };
allow $1 home_root_t:dir { getattr search };
system,userdomain.if,userdom_dontaudit_read_user_home_content_files'
system,userdomain.if,userdom_dontaudit_append_user_home_content_files'
system,userdomain.if,userdom_dontaudit_write_user_home_content_files'
system,userdomain.if,userdom_dontaudit_relabel_user_home_content_files'
system,userdomain.if,userdom_read_user_home_content_symlinks'
allow $1 { user_home_dir_t user_home_t }:dir { getattr search };
allow $1 user_home_t:lnk_file { getattr read };
allow $1 home_root_t:dir { getattr search };
system,userdomain.if,userdom_exec_user_home_content_files'
allow $1 home_root_t:dir { getattr search };
allow $1 { user_home_dir_t user_home_t }:dir { getattr search };
allow $1 user_home_t:file { getattr read execute execute_no_trans };
allow $1 nfs_t:dir { getattr search read lock ioctl };
allow $1 nfs_t:dir { getattr search };
allow $1 nfs_t:file { getattr read execute execute_no_trans };
allow $1 cifs_t:dir { getattr search read lock ioctl };
allow $1 cifs_t:dir { getattr search };
allow $1 cifs_t:file { getattr read execute execute_no_trans };
system,userdomain.if,userdom_dontaudit_exec_user_home_content_files'
system,userdomain.if,userdom_manage_user_home_content_files'
allow $1 user_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 user_home_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 user_home_dir_t:dir { getattr search };
allow $1 home_root_t:dir { getattr search };
system,userdomain.if,userdom_dontaudit_manage_user_home_content_dirs'
system,userdomain.if,userdom_manage_user_home_content_symlinks'
allow $1 user_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 user_home_t:lnk_file { create read getattr setattr unlink rename };
allow $1 user_home_dir_t:dir { getattr search };
allow $1 home_root_t:dir { getattr search };
system,userdomain.if,userdom_manage_user_home_content_pipes'
allow $1 user_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 user_home_t:fifo_file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 user_home_dir_t:dir { getattr search };
allow $1 home_root_t:dir { getattr search };
system,userdomain.if,userdom_manage_user_home_content_sockets'
allow $1 user_home_dir_t:dir { getattr search };
allow $1 user_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 user_home_t:sock_file { create getattr setattr read write rename link unlink ioctl lock append };
allow $1 home_root_t:dir { getattr search };
system,userdomain.if,userdom_user_home_dir_filetrans'
allow $1 user_home_dir_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 home_root_t:dir { getattr search };
system,userdomain.if,userdom_user_home_content_filetrans'
allow $1 user_home_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 user_home_dir_t:dir { getattr search };
allow $1 home_root_t:dir { getattr search };
system,userdomain.if,userdom_user_home_dir_filetrans_user_home_content'
allow $1 user_home_dir_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 home_root_t:dir { getattr search };
system,userdomain.if,userdom_write_user_tmp_sockets'
allow $1 user_tmp_t:sock_file write;
allow $1 tmp_t:dir { getattr search };
system,userdomain.if,userdom_list_user_tmp'
allow $1 user_tmp_t:dir { getattr search read lock ioctl };
allow $1 tmp_t:dir { getattr search };
system,userdomain.if,userdom_dontaudit_list_user_tmp'
system,userdomain.if,userdom_dontaudit_manage_user_tmp_dirs'
system,userdomain.if,userdom_read_user_tmp_files'
allow $1 user_tmp_t:dir { getattr search };
allow $1 user_tmp_t:file { getattr read lock ioctl };
allow $1 user_tmp_t:dir { getattr search read lock ioctl };
allow $1 tmp_t:dir { getattr search };
system,userdomain.if,userdom_dontaudit_read_user_tmp_files'
system,userdomain.if,userdom_dontaudit_append_user_tmp_files'
system,userdomain.if,userdom_rw_user_tmp_files'
allow $1 user_tmp_t:dir { getattr search read lock ioctl };
allow $1 user_tmp_t:dir { getattr search };
allow $1 user_tmp_t:file { getattr read write append ioctl lock };
allow $1 tmp_t:dir { getattr search };
system,userdomain.if,userdom_dontaudit_manage_user_tmp_files'
system,userdomain.if,userdom_read_user_tmp_symlinks'
allow $1 user_tmp_t:dir { getattr search };
allow $1 user_tmp_t:lnk_file { getattr read };
allow $1 user_tmp_t:dir { getattr search read lock ioctl };
allow $1 tmp_t:dir { getattr search };
system,userdomain.if,userdom_manage_user_tmp_dirs'
allow $1 user_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 user_tmp_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 tmp_t:dir { getattr search };
system,userdomain.if,userdom_manage_user_tmp_files'
allow $1 user_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 user_tmp_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 tmp_t:dir { getattr search };
system,userdomain.if,userdom_manage_user_tmp_symlinks'
allow $1 user_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 user_tmp_t:lnk_file { create read getattr setattr unlink rename };
allow $1 tmp_t:dir { getattr search };
system,userdomain.if,userdom_manage_user_tmp_pipes'
allow $1 user_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 user_tmp_t:fifo_file { create open getattr setattr read write append rename link unlink ioctl lock };
allow $1 tmp_t:dir { getattr search };
system,userdomain.if,userdom_manage_user_tmp_sockets'
allow $1 user_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 user_tmp_t:sock_file { create getattr setattr read write rename link unlink ioctl lock append };
allow $1 tmp_t:dir { getattr search };
system,userdomain.if,userdom_user_tmp_filetrans'
allow $1 user_tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 tmp_t:dir { getattr search };
system,userdomain.if,userdom_tmp_filetrans_user_tmp'
allow $1 tmp_t:dir { read getattr lock search ioctl add_name remove_name write };
system,userdomain.if,userdom_rw_user_tmpfs_files'
allow $1 user_tmpfs_t:dir { getattr search };
allow $1 user_tmpfs_t:file { getattr read write append ioctl lock };
allow $1 user_tmpfs_t:dir { getattr search };
allow $1 user_tmpfs_t:lnk_file { getattr read };
allow $1 user_tmpfs_t:dir { getattr search read lock ioctl };
allow $1 tmpfs_t:dir { getattr search };
system,userdomain.if,userdom_getattr_user_ttys'
allow $1 user_tty_device_t:chr_file getattr;
system,userdomain.if,userdom_dontaudit_getattr_user_ttys'
system,userdomain.if,userdom_setattr_user_ttys'
allow $1 user_tty_device_t:chr_file setattr;
system,userdomain.if,userdom_dontaudit_setattr_user_ttys'
system,userdomain.if,userdom_use_user_ttys'
allow $1 user_tty_device_t:chr_file { getattr read write ioctl };
system,userdomain.if,userdom_use_user_ptys'
allow $1 user_devpts_t:chr_file { getattr read write ioctl };
system,userdomain.if,userdom_use_user_terminals'
allow $1 user_tty_device_t:chr_file { getattr read write ioctl };
allow $1 user_devpts_t:chr_file { getattr read write ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:dir { getattr search read lock ioctl };
allow $1 device_t:dir { getattr search };
allow $1 device_t:lnk_file { getattr read };
allow $1 devpts_t:dir { getattr search read lock ioctl };
system,userdomain.if,userdom_dontaudit_use_user_terminals'
system,userdomain.if,userdom_spec_domtrans_all_users'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search read lock ioctl };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:lnk_file { getattr read };
allow $1 shell_exec_t:file { getattr read execute };
allow $1 userdomain:process transition;
allow userdomain $1:fd use;
allow userdomain $1:fifo_file { getattr read write append ioctl lock };
allow userdomain $1:process sigchld;
system,userdomain.if,userdom_xsession_spec_domtrans_all_users'
allow $1 xsession_exec_t:file { getattr read execute };
allow $1 userdomain:process transition;
allow userdomain $1:fd use;
allow userdomain $1:fifo_file { getattr read write append ioctl lock };
allow userdomain $1:process sigchld;
system,userdomain.if,userdom_spec_domtrans_unpriv_users'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:dir { getattr search read lock ioctl };
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:lnk_file { getattr read };
allow $1 shell_exec_t:file { getattr read execute };
allow $1 unpriv_userdomain:process transition;
allow unpriv_userdomain $1:fd use;
allow unpriv_userdomain $1:fifo_file { getattr read write append ioctl lock };
allow unpriv_userdomain $1:process sigchld;
system,userdomain.if,userdom_xsession_spec_domtrans_unpriv_users'
allow $1 xsession_exec_t:file { getattr read execute };
allow $1 unpriv_userdomain:process transition;
allow unpriv_userdomain $1:fd use;
allow unpriv_userdomain $1:fifo_file { getattr read write append ioctl lock };
allow unpriv_userdomain $1:process sigchld;
system,userdomain.if,userdom_manage_unpriv_user_semaphores'
allow $1 unpriv_userdomain:sem { associate getattr setattr create destroy read write unix_read unix_write };
system,userdomain.if,userdom_manage_unpriv_user_shared_mem'
allow $1 unpriv_userdomain:shm { associate getattr setattr create destroy read write lock unix_read unix_write };
system,userdomain.if,userdom_bin_spec_domtrans_unpriv_users'
allow $1 bin_t:dir { getattr search };
allow $1 bin_t:lnk_file { getattr read };
allow $1 bin_t:file { getattr read execute };
allow $1 unpriv_userdomain:process transition;
allow unpriv_userdomain $1:fd use;
allow unpriv_userdomain $1:fifo_file { getattr read write append ioctl lock };
allow unpriv_userdomain $1:process sigchld;
system,userdomain.if,userdom_entry_spec_domtrans_unpriv_users'
allow $1 entry_type:file { getattr read execute };
allow $1 unpriv_userdomain:process transition;
allow unpriv_userdomain $1:fd use;
allow unpriv_userdomain $1:fifo_file { getattr read write append ioctl lock };
allow unpriv_userdomain $1:process sigchld;
system,userdomain.if,userdom_search_user_home_content'
allow $1 home_root_t:dir { getattr search read lock ioctl };
allow $1 { user_home_dir_t user_home_t }:dir { getattr search };
system,userdomain.if,userdom_signal_unpriv_users'
allow $1 unpriv_userdomain:process signal;
system,userdomain.if,userdom_use_unpriv_users_fds'
allow $1 unpriv_userdomain:fd use;
system,userdomain.if,userdom_dontaudit_use_unpriv_user_fds'
system,userdomain.if,userdom_dontaudit_use_user_ptys'
system,userdomain.if,userdom_relabelto_user_ptys'
allow $1 user_devpts_t:chr_file relabelto;
system,userdomain.if,userdom_dontaudit_relabelfrom_user_ptys'
system,userdomain.if,userdom_write_user_tmp_files'
allow $1 user_tmp_t:file { getattr write append lock ioctl };
system,userdomain.if,userdom_dontaudit_use_user_ttys'
system,userdomain.if,userdom_read_all_users_state'
allow $1 userdomain:dir { getattr search };
allow $1 userdomain:file { getattr read lock ioctl };
allow $1 proc_t:dir { getattr search };
allow $1 proc_t:dir { getattr search };
system,userdomain.if,userdom_getattr_all_users'
allow $1 userdomain:process getattr;
system,userdomain.if,userdom_use_all_users_fds'
allow $1 userdomain:fd use;
system,userdomain.if,userdom_dontaudit_use_all_users_fds'
system,userdomain.if,userdom_signal_all_users'
allow $1 userdomain:process signal;
system,userdomain.if,userdom_sigchld_all_users'
allow $1 userdomain:process sigchld;
system,userdomain.if,userdom_create_all_users_keys'
allow $1 userdomain:key create;
system,userdomain.if,userdom_dbus_send_all_users'
allow $1 userdomain:dbus send_msg;
system,xen.if,xen_domtrans'
allow $1 xend_exec_t:file { getattr read execute };
allow $1 xend_t:process transition;
allow xend_t $1:fd use;
allow xend_t $1:fifo_file { getattr read write append ioctl lock };
allow xend_t $1:process sigchld;
system,xen.if,xen_use_fds'
allow $1 xend_t:fd use;
system,xen.if,xen_dontaudit_use_fds'
system,xen.if,xen_read_image_files'
allow $1 var_t:dir { getattr search };
allow $1 var_lib_t:dir { getattr search read lock ioctl };
allow $1 { xend_var_lib_t xen_image_t }:dir { getattr search };
allow $1 xen_image_t:file { getattr read lock ioctl };
system,xen.if,xen_append_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 xend_var_log_t:dir { getattr search };
allow $1 xend_var_log_t:file { getattr append lock ioctl };
system,xen.if,xen_manage_log'
allow $1 var_t:dir { getattr search };
allow $1 var_log_t:dir { getattr search };
allow $1 xend_var_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 xend_var_log_t:dir { create open getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl };
allow $1 xend_var_log_t:dir { read getattr lock search ioctl add_name remove_name write };
allow $1 xend_var_log_t:file { create open getattr setattr read write append rename link unlink ioctl lock };
system,xen.if,xen_dontaudit_rw_unix_stream_sockets'
system,xen.if,xen_stream_connect_xenstore'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 xenstored_var_run_t:dir { getattr search };
allow $1 xenstored_var_run_t:sock_file { getattr write };
allow $1 xenstored_t:unix_stream_socket connectto;
system,xen.if,xen_stream_connect'
allow $1 var_t:dir { getattr search };
allow $1 var_run_t:dir { getattr search };
allow $1 xend_var_run_t:dir { getattr search };
allow $1 xend_var_run_t:sock_file { getattr write };
allow $1 xend_t:unix_stream_socket connectto;
system,xen.if,xen_domtrans_xm'
allow $1 xm_exec_t:file { getattr read execute };
allow $1 xm_t:process transition;
allow xm_t $1:fd use;
allow xm_t $1:fifo_file { getattr read write append ioctl lock };
allow xm_t $1:process sigchld;
