(typealias restorecon_exec_t)
(typealiasactual restorecon_exec_t setfiles_exec_t)
(typealias semanage_var_lib_t)
(typealiasactual semanage_var_lib_t semanage_store_t)
(typealias restorecon_t)
(typealiasactual restorecon_t setfiles_t)
(roleattribute newrole_roles)
(roletype newrole_roles newrole_t)
(roletype newrole_roles chkpwd_t)
(roletype newrole_roles updpwd_t)
(roleattribute run_init_roles)
(roletype run_init_roles run_init_t)
(roletype run_init_roles chkpwd_t)
(roletype run_init_roles updpwd_t)
(roleattribute semanage_roles)
(roleattributeset semanage_roles (system_r ))
(roletype semanage_roles load_policy_t)
(roletype semanage_roles semanage_t)
(roletype semanage_roles setfiles_t)
(typeattribute can_write_binary_policy)
(typeattributeset can_write_binary_policy (checkpolicy_t semanage_t ))
(typeattribute can_relabelto_binary_policy)
(typeattributeset can_relabelto_binary_policy (restorecond_t setfiles_t ))
(type selinux_config_t)
(roletype object_r selinux_config_t)
(type checkpolicy_t)
(roletype object_r checkpolicy_t)
(type checkpolicy_exec_t)
(roletype object_r checkpolicy_exec_t)
(type default_context_t)
(roletype object_r default_context_t)
(type file_context_t)
(roletype object_r file_context_t)
(type load_policy_t)
(roletype object_r load_policy_t)
(type load_policy_exec_t)
(roletype object_r load_policy_exec_t)
(type newrole_t)
(roletype object_r newrole_t)
(type newrole_exec_t)
(roletype object_r newrole_exec_t)
(type policy_config_t)
(roletype object_r policy_config_t)
(type policy_src_t)
(roletype object_r policy_src_t)
(type restorecond_t)
(roletype object_r restorecond_t)
(type restorecond_exec_t)
(roletype object_r restorecond_exec_t)
(type restorecond_unit_t)
(roletype object_r restorecond_unit_t)
(type restorecond_run_t)
(roletype object_r restorecond_run_t)
(type run_init_t)
(roletype object_r run_init_t)
(type run_init_exec_t)
(roletype object_r run_init_exec_t)
(type selinux_dbus_t)
(roletype object_r selinux_dbus_t)
(type selinux_dbus_exec_t)
(roletype object_r selinux_dbus_exec_t)
(type semanage_t)
(roletype object_r semanage_t)
(type semanage_exec_t)
(roletype object_r semanage_exec_t)
(type semanage_store_t)
(roletype object_r semanage_store_t)
(type semanage_read_lock_t)
(roletype object_r semanage_read_lock_t)
(type semanage_tmp_t)
(roletype object_r semanage_tmp_t)
(type semanage_trans_lock_t)
(roletype object_r semanage_trans_lock_t)
(type setfiles_t)
(roletype object_r setfiles_t)
(type setfiles_exec_t)
(roletype object_r setfiles_exec_t)
(roleattributeset cil_gen_require system_r)
(roletype system_r checkpolicy_t)
(roletype system_r load_policy_t)
(roletype system_r restorecond_t)
(roletype system_r run_init_t)
(roletype system_r selinux_dbus_t)
(roletype system_r setfiles_t)
(typeattributeset cil_gen_require can_write_binary_policy)
(typeattributeset can_write_binary_policy (checkpolicy_t semanage_t ))
(typeattributeset cil_gen_require can_relabelto_binary_policy)
(typeattributeset can_relabelto_binary_policy (restorecond_t setfiles_t ))
(typeattributeset cil_gen_require selinux_config_t)
(typeattributeset cil_gen_require file_type)
(typeattributeset file_type (selinux_config_t checkpolicy_exec_t default_context_t file_context_t load_policy_exec_t newrole_exec_t policy_config_t policy_src_t restorecond_exec_t restorecond_unit_t restorecond_run_t run_init_exec_t selinux_dbus_exec_t semanage_exec_t semanage_store_t semanage_read_lock_t semanage_tmp_t semanage_trans_lock_t setfiles_exec_t initrc_exec_t ))
(typeattributeset cil_gen_require security_file_type)
(typeattributeset security_file_type (selinux_config_t default_context_t file_context_t policy_config_t ))
(typeattributeset cil_gen_require non_auth_file_type)
(typeattributeset non_auth_file_type (selinux_config_t checkpolicy_exec_t default_context_t file_context_t load_policy_exec_t newrole_exec_t policy_config_t policy_src_t restorecond_exec_t restorecond_unit_t restorecond_run_t run_init_exec_t selinux_dbus_exec_t semanage_exec_t semanage_store_t semanage_read_lock_t semanage_tmp_t semanage_trans_lock_t setfiles_exec_t initrc_exec_t ))
(typeattributeset cil_gen_require application_domain_type)
(typeattributeset application_domain_type (checkpolicy_t load_policy_t newrole_t run_init_t semanage_t setfiles_t ))
(typeattributeset cil_gen_require domain)
(typeattributeset domain (checkpolicy_t load_policy_t newrole_t restorecond_t run_init_t selinux_dbus_t semanage_t setfiles_t ))
(typeattributeset cil_gen_require init_t)
(typeattributeset cil_gen_require security_t)
(typeattributeset cil_gen_require sysfs_t)
(typeattributeset cil_gen_require application_exec_type)
(typeattributeset application_exec_type (checkpolicy_exec_t load_policy_exec_t newrole_exec_t run_init_exec_t semanage_exec_t setfiles_exec_t ))
(typeattributeset cil_gen_require exec_type)
(typeattributeset exec_type (checkpolicy_exec_t load_policy_exec_t newrole_exec_t restorecond_exec_t run_init_exec_t selinux_dbus_exec_t semanage_exec_t setfiles_exec_t initrc_exec_t ))
(typeattributeset cil_gen_require non_security_file_type)
(typeattributeset non_security_file_type (checkpolicy_exec_t load_policy_exec_t newrole_exec_t policy_src_t restorecond_exec_t restorecond_unit_t restorecond_run_t run_init_exec_t selinux_dbus_exec_t semanage_exec_t semanage_store_t semanage_read_lock_t semanage_tmp_t semanage_trans_lock_t setfiles_exec_t initrc_exec_t ))
(typeattributeset cil_gen_require entry_type)
(typeattributeset entry_type (checkpolicy_exec_t load_policy_exec_t newrole_exec_t restorecond_exec_t run_init_exec_t selinux_dbus_exec_t semanage_exec_t setfiles_exec_t initrc_exec_t ))
(typeattributeset cil_gen_require default_context_t)
(typeattributeset cil_gen_require file_context_t)
(typeattributeset cil_gen_require load_policy_t)
(typeattributeset cil_gen_require load_policy_exec_t)
(typeattributeset cil_gen_require newrole_t)
(typeattributeset cil_gen_require can_change_process_role)
(typeattributeset can_change_process_role (newrole_t ))
(typeattributeset cil_gen_require can_change_object_identity)
(typeattributeset can_change_object_identity (newrole_t restorecond_t setfiles_t ))
(typeattributeset cil_gen_require privfd)
(typeattributeset privfd (newrole_t semanage_t ))
(typeattributeset cil_gen_require policy_config_t)
(typeattributeset cil_gen_require initrc_t)
(typeattributeset cil_gen_require daemon)
(typeattributeset daemon (restorecond_t ))
(typeattributeset cil_gen_require systemdunit)
(typeattributeset systemdunit (restorecond_unit_t ))
(typeattributeset cil_gen_require pidfile)
(typeattributeset pidfile (restorecond_run_t ))
(typeattributeset cil_gen_require can_system_change)
(typeattributeset can_system_change (run_init_t ))
(typeattributeset cil_gen_require system_dbusd_t)
(typeattributeset cil_gen_require dbusd_system_bus_client)
(typeattributeset dbusd_system_bus_client (selinux_dbus_t ))
(typeattributeset cil_gen_require system_dbusd_runtime_t)
(typeattributeset cil_gen_require system_dbusd_var_lib_t)
(typeattributeset cil_gen_require var_t)
(typeattributeset cil_gen_require var_lib_t)
(typeattributeset cil_gen_require session_dbusd_tmp_t)
(typeattributeset cil_gen_require var_run_t)
(typeattributeset cil_gen_require dbusd_etc_t)
(typeattributeset cil_gen_require userdomain)
(typeattributeset cil_gen_require proc_t)
(typeattributeset cil_gen_require semanage_t)
(typeattributeset cil_gen_require semanage_exec_t)
(typeattributeset cil_gen_require semanage_store_t)
(typeattributeset cil_gen_require semanage_read_lock_t)
(typeattributeset cil_gen_require tmpfile)
(typeattributeset tmpfile (semanage_tmp_t ))
(typeattributeset cil_gen_require polymember)
(typeattributeset polymember (semanage_tmp_t ))
(typeattributeset cil_gen_require semanage_trans_lock_t)
(typeattributeset cil_gen_require setfiles_t)
(typeattributeset cil_gen_require setfiles_exec_t)
(typeattributeset cil_gen_require systemprocess)
(typeattributeset systemprocess (setfiles_t ))
(typeattributeset cil_gen_require usr_t)
(typeattributeset cil_gen_require etc_t)
(typeattributeset cil_gen_require fs_t)
(typeattributeset cil_gen_require console_device_t)
(typeattributeset cil_gen_require device_t)
(typeattributeset cil_gen_require initrc_devpts_t)
(typeattributeset cil_gen_require devpts_t)
(typeattributeset cil_gen_require user_devpts_t)
(typeattributeset cil_gen_require user_tty_device_t)
(typeattributeset cil_gen_require urandom_device_t)
(typeattributeset cil_gen_require etc_runtime_t)
(typeattributeset cil_gen_require mlsfileread)
(typeattributeset mlsfileread (load_policy_t newrole_t semanage_t setfiles_t ))
(typeattributeset cil_gen_require can_load_policy)
(typeattributeset can_load_policy (load_policy_t ))
(typeattributeset cil_gen_require secure_mode_policyload_t)
(typeattributeset cil_gen_require boolean_type)
(typeattributeset cil_gen_require locale_t)
(typeattributeset cil_gen_require sysctl_t)
(typeattributeset cil_gen_require sysctl_kernel_t)
(typeattributeset cil_gen_require bin_t)
(typeattributeset cil_gen_require autofs_t)
(typeattributeset cil_gen_require mlsfilewrite)
(typeattributeset mlsfilewrite (newrole_t semanage_t setfiles_t ))
(typeattributeset cil_gen_require mlsfileupgrade)
(typeattributeset mlsfileupgrade (newrole_t setfiles_t ))
(typeattributeset cil_gen_require mlsfiledowngrade)
(typeattributeset mlsfiledowngrade (newrole_t setfiles_t ))
(typeattributeset cil_gen_require mlsprocsetsl)
(typeattributeset mlsprocsetsl (newrole_t ))
(typeattributeset cil_gen_require mlsfdshare)
(typeattributeset mlsfdshare (newrole_t ))
(typeattributeset cil_gen_require ttynode)
(typeattributeset cil_gen_require ptynode)
(typeattributeset cil_gen_require tty_device_t)
(typeattributeset cil_gen_require nsswitch_domain)
(typeattributeset nsswitch_domain (newrole_t restorecond_t run_init_t semanage_t ))
(typeattributeset cil_gen_require chkpwd_t)
(typeattributeset cil_gen_require chkpwd_exec_t)
(typeattributeset cil_gen_require shadow_t)
(typeattributeset cil_gen_require auth_cache_t)
(typeattributeset cil_gen_require random_device_t)
(typeattributeset cil_gen_require faillog_t)
(typeattributeset cil_gen_require var_log_t)
(typeattributeset cil_gen_require cert_t)
(typeattributeset cil_gen_require updpwd_t)
(typeattributeset cil_gen_require updpwd_exec_t)
(typeattributeset cil_gen_require initrc_runtime_t)
(typeattributeset cil_gen_require syslogd_t)
(typeattributeset cil_gen_require syslogd_runtime_t)
(typeattributeset cil_gen_require devlog_t)
(typeattributeset cil_gen_require init_runtime_t)
(typeattributeset cil_gen_require user_home_t)
(typeattributeset cil_gen_require user_home_dir_t)
(typeattributeset cil_gen_require home_root_t)
(typeattributeset cil_gen_require unpriv_userdomain)
(typeattributeset cil_gen_require shell_exec_t)
(typeattributeset cil_gen_require polydir)
(typeattributeset cil_gen_require polyparent)
(typeattributeset cil_gen_require poly_t)
(typeattributeset cil_gen_require tmpfs_t)
(typeattributeset cil_gen_require debugfs_t)
(typeattributeset cil_gen_require kernel_t)
(typeattributeset cil_gen_require unlabeled_t)
(typeattributeset cil_gen_require nfs_t)
(typeattributeset cil_gen_require xattrfs)
(typeattributeset cil_gen_require cgroup_types)
(typeattributeset cil_gen_require pstore_t)
(typeattributeset cil_gen_require tracefs_t)
(typeattributeset cil_gen_require inotifyfs_t)
(typeattributeset cil_gen_require noxattrfs)
(typeattributeset cil_gen_require privrangetrans)
(typeattributeset privrangetrans (run_init_t ))
(typeattributeset cil_gen_require initrc_exec_t)
(typeattributeset cil_gen_require init_script_file_type)
(typeattributeset cil_gen_require rc_exec_t)
(typeattributeset cil_gen_require tmp_t)
(typeattributeset cil_gen_require lib_t)
(typeattributeset cil_gen_require user_tmp_t)
(typeattributeset cil_gen_require user_runtime_t)
(typeattributeset cil_gen_require user_runtime_root_t)
(typeattributeset cil_gen_require proc_type)
(typeattributeset cil_gen_require sysctl_type)
(typeattributeset cil_gen_require sysctl_vm_overcommit_t)
(typeattributeset cil_gen_require sysctl_vm_t)
(typeattributeset cil_gen_require device_node)
(typeattributeset cil_gen_require memory_pressure_t)
(typeattributeset cil_gen_require filesystem_type)
(typeattributeset cil_gen_require can_relabelto_shadow_passwords)
(typeattributeset can_relabelto_shadow_passwords (setfiles_t ))
(typeattributeset cil_gen_require can_read_shadow_passwords)
(typeattributeset can_read_shadow_passwords (run_init_t ))
(typeattributeset cil_gen_require shadow_history_t)
(allow checkpolicy_t checkpolicy_exec_t (file (entrypoint)))
(allow checkpolicy_t checkpolicy_exec_t (file (ioctl read getattr lock map execute open)))
(allow load_policy_t load_policy_exec_t (file (entrypoint)))
(allow load_policy_t load_policy_exec_t (file (ioctl read getattr lock map execute open)))
(allow newrole_t newrole_exec_t (file (entrypoint)))
(allow newrole_t newrole_exec_t (file (ioctl read getattr lock map execute open)))
(neverallow selinuxutil_typeattr_1 policy_config_t (file (relabelto)))
(allow restorecond_t restorecond_exec_t (file (entrypoint)))
(allow restorecond_t restorecond_exec_t (file (ioctl read getattr lock map execute open)))
(allow initrc_t restorecond_exec_t (file (ioctl read getattr map execute open)))
(allow initrc_t restorecond_t (process (transition)))
(dontaudit initrc_t restorecond_t (process (noatsecure siginh rlimitinh)))
(typetransition initrc_t restorecond_exec_t process restorecond_t)
(allow restorecond_t initrc_t (fd (use)))
(allow restorecond_t initrc_t (fifo_file (ioctl read write getattr lock append)))
(allow restorecond_t initrc_t (process (sigchld)))
(allow run_init_t run_init_exec_t (file (entrypoint)))
(allow run_init_t run_init_exec_t (file (ioctl read getattr lock map execute open)))
(allow selinux_dbus_t selinux_dbus_exec_t (file (entrypoint)))
(allow selinux_dbus_t selinux_dbus_exec_t (file (ioctl read getattr lock map execute open)))
(dontaudit selinux_dbus_t system_dbusd_t (netlink_selinux_socket (read write)))
(allow system_dbusd_t selinux_dbus_exec_t (file (ioctl read getattr map execute open)))
(allow system_dbusd_t selinux_dbus_t (process (transition)))
(dontaudit system_dbusd_t selinux_dbus_t (process (noatsecure siginh rlimitinh)))
(typetransition system_dbusd_t selinux_dbus_exec_t process selinux_dbus_t)
(allow selinux_dbus_t system_dbusd_t (fd (use)))
(allow selinux_dbus_t system_dbusd_t (fifo_file (ioctl read write getattr lock append)))
(allow selinux_dbus_t system_dbusd_t (process (sigchld)))
(allow selinux_dbus_t system_dbusd_t (dbus (send_msg)))
(allow selinux_dbus_t self (dbus (send_msg)))
(allow system_dbusd_t selinux_dbus_t (dbus (send_msg)))
(allow selinux_dbus_t var_t (dir (getattr open search)))
(allow selinux_dbus_t var_lib_t (dir (getattr open search)))
(allow selinux_dbus_t system_dbusd_var_lib_t (dir (getattr open search)))
(allow selinux_dbus_t system_dbusd_var_lib_t (file (ioctl read getattr lock open)))
(allow selinux_dbus_t system_dbusd_var_lib_t (dir (getattr open search)))
(allow selinux_dbus_t system_dbusd_var_lib_t (lnk_file (read getattr)))
(allow selinux_dbus_t session_dbusd_tmp_t (dir (getattr open search)))
(allow selinux_dbus_t session_dbusd_tmp_t (sock_file (read write getattr append open)))
(allow selinux_dbus_t var_run_t (lnk_file (read getattr)))
(allow selinux_dbus_t var_t (dir (getattr open search)))
(allow selinux_dbus_t var_run_t (dir (getattr open search)))
(allow selinux_dbus_t system_dbusd_runtime_t (dir (getattr open search)))
(allow selinux_dbus_t system_dbusd_runtime_t (sock_file (write getattr append open)))
(allow selinux_dbus_t system_dbusd_t (unix_stream_socket (connectto)))
(allow selinux_dbus_t dbusd_etc_t (dir (ioctl read getattr lock open search)))
(allow selinux_dbus_t dbusd_etc_t (file (ioctl read getattr lock open)))
(allow selinux_dbus_t system_dbusd_runtime_t (dir (ioctl read getattr lock open search)))
(allow selinux_dbus_t system_dbusd_runtime_t (sock_file (read)))
(allow selinux_dbus_t system_dbusd_var_lib_t (dir (getattr open search)))
(allow selinux_dbus_t system_dbusd_var_lib_t (lnk_file (read getattr)))
(allow selinux_dbus_t system_dbusd_t (dbus (acquire_svc)))
(allow system_dbusd_t selinux_dbus_t (dir (ioctl read getattr lock open search)))
(allow system_dbusd_t selinux_dbus_t (file (ioctl read getattr lock open)))
(allow system_dbusd_t selinux_dbus_t (lnk_file (read getattr)))
(allow system_dbusd_t selinux_dbus_t (process (getattr)))
(allow selinux_dbus_t userdomain (dir (getattr open search)))
(allow selinux_dbus_t userdomain (file (ioctl read getattr lock open)))
(allow selinux_dbus_t userdomain (dir (getattr open search)))
(allow selinux_dbus_t userdomain (lnk_file (read getattr)))
(allow selinux_dbus_t proc_t (dir (getattr open search)))
(allow selinux_dbus_t proc_t (dir (getattr open search)))
(allow semanage_t semanage_exec_t (file (entrypoint)))
(allow semanage_t semanage_exec_t (file (ioctl read getattr lock map execute open)))
(allow setfiles_t setfiles_exec_t (file (entrypoint)))
(allow setfiles_t setfiles_exec_t (file (ioctl read getattr lock map execute open)))
(allow initrc_t setfiles_exec_t (file (ioctl read getattr map execute open)))
(allow initrc_t setfiles_t (process (transition)))
(dontaudit initrc_t setfiles_t (process (noatsecure siginh rlimitinh)))
(typetransition initrc_t setfiles_exec_t process setfiles_t)
(allow setfiles_t initrc_t (fd (use)))
(allow setfiles_t initrc_t (fifo_file (ioctl read write getattr lock append)))
(allow setfiles_t initrc_t (process (sigchld)))
(allow checkpolicy_t self (capability (dac_override)))
(allow checkpolicy_t policy_config_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow checkpolicy_t policy_config_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow checkpolicy_t policy_src_t (dir (ioctl read write getattr lock open add_name search)))
(typetransition checkpolicy_t policy_src_t file policy_config_t)
(allow checkpolicy_t policy_src_t (dir (getattr open search)))
(allow checkpolicy_t policy_src_t (file (ioctl read getattr lock open)))
(allow checkpolicy_t policy_src_t (dir (getattr open search)))
(allow checkpolicy_t policy_src_t (lnk_file (read getattr)))
(allow checkpolicy_t selinux_config_t (dir (getattr open search)))
(allow checkpolicy_t privfd (fd (use)))
(allow checkpolicy_t usr_t (dir (ioctl read getattr lock open search)))
(allow checkpolicy_t etc_t (dir (getattr open search)))
(allow checkpolicy_t fs_t (filesystem (getattr)))
(allow checkpolicy_t device_t (dir (getattr open search)))
(allow checkpolicy_t device_t (dir (ioctl read getattr lock open search)))
(allow checkpolicy_t device_t (dir (getattr open search)))
(allow checkpolicy_t device_t (lnk_file (read getattr)))
(allow checkpolicy_t console_device_t (chr_file (ioctl read write getattr lock append open)))
(allow checkpolicy_t init_t (fd (use)))
(allow checkpolicy_t device_t (dir (getattr open search)))
(allow checkpolicy_t device_t (dir (ioctl read getattr lock open search)))
(allow checkpolicy_t device_t (dir (getattr open search)))
(allow checkpolicy_t device_t (lnk_file (read getattr)))
(allow checkpolicy_t devpts_t (dir (ioctl read getattr lock open search)))
(allow checkpolicy_t initrc_devpts_t (chr_file (ioctl read write getattr lock append open)))
(allow checkpolicy_t device_t (dir (getattr open search)))
(allow checkpolicy_t device_t (dir (ioctl read getattr lock open search)))
(allow checkpolicy_t device_t (dir (getattr open search)))
(allow checkpolicy_t device_t (lnk_file (read getattr)))
(allow checkpolicy_t devpts_t (dir (ioctl read getattr lock open search)))
(allow checkpolicy_t user_devpts_t (chr_file (ioctl read write getattr append open)))
(allow checkpolicy_t user_tty_device_t (chr_file (ioctl read write getattr append open)))
(allow checkpolicy_t userdomain (fd (use)))
(allow load_policy_t self (capability (dac_override)))
(allow load_policy_t policy_config_t (dir (getattr open search)))
(allow load_policy_t policy_src_t (dir (getattr open search)))
(allow load_policy_t policy_config_t (file (ioctl read getattr lock open)))
(allow load_policy_t policy_config_t (file (map)))
(dontaudit load_policy_t selinux_config_t (file (write)))
(allow load_policy_t device_t (dir (getattr open search)))
(allow load_policy_t urandom_device_t (chr_file (ioctl read getattr lock open)))
(allow load_policy_t privfd (fd (use)))
(allow load_policy_t etc_t (dir (ioctl read getattr lock open search)))
(allow load_policy_t etc_t (dir (getattr open search)))
(allow load_policy_t etc_t (file (ioctl read getattr lock open)))
(allow load_policy_t etc_t (dir (getattr open search)))
(allow load_policy_t etc_t (lnk_file (read getattr)))
(allow load_policy_t etc_t (dir (ioctl read getattr lock open search)))
(allow load_policy_t etc_t (dir (getattr open search)))
(allow load_policy_t etc_runtime_t (file (ioctl read getattr lock open)))
(allow load_policy_t etc_t (dir (getattr open search)))
(allow load_policy_t etc_runtime_t (lnk_file (read getattr)))
(allow load_policy_t fs_t (filesystem (getattr)))
(allow load_policy_t sysfs_t (dir (getattr open search)))
(allow load_policy_t sysfs_t (dir (getattr open search)))
(allow load_policy_t security_t (dir (ioctl read getattr lock open search)))
(allow load_policy_t boolean_type (file (ioctl read getattr lock open)))
(allow load_policy_t secure_mode_policyload_t (file (ioctl read getattr lock open)))
(allow load_policy_t device_t (dir (getattr open search)))
(allow load_policy_t device_t (dir (ioctl read getattr lock open search)))
(allow load_policy_t device_t (dir (getattr open search)))
(allow load_policy_t device_t (lnk_file (read getattr)))
(allow load_policy_t console_device_t (chr_file (ioctl read write getattr lock append open)))
(allow load_policy_t device_t (dir (getattr open search)))
(allow load_policy_t device_t (dir (ioctl read getattr lock open search)))
(allow load_policy_t device_t (dir (getattr open search)))
(allow load_policy_t device_t (lnk_file (read getattr)))
(allow load_policy_t devpts_t (dir (ioctl read getattr lock open search)))
(allow load_policy_t initrc_t (fd (use)))
(allow load_policy_t device_t (dir (getattr open search)))
(allow load_policy_t device_t (dir (ioctl read getattr lock open search)))
(allow load_policy_t device_t (dir (getattr open search)))
(allow load_policy_t device_t (lnk_file (read getattr)))
(allow load_policy_t devpts_t (dir (ioctl read getattr lock open search)))
(allow load_policy_t initrc_devpts_t (chr_file (ioctl read write getattr lock append open)))
(allow load_policy_t etc_t (dir (getattr open search)))
(allow load_policy_t etc_t (lnk_file (read getattr)))
(allow load_policy_t usr_t (dir (getattr open search)))
(allow load_policy_t locale_t (dir (ioctl read getattr lock open search)))
(allow load_policy_t locale_t (dir (getattr open search)))
(allow load_policy_t locale_t (file (ioctl read getattr lock open)))
(allow load_policy_t locale_t (dir (getattr open search)))
(allow load_policy_t locale_t (lnk_file (read getattr)))
(allow load_policy_t locale_t (file (map)))
(allow load_policy_t security_t (filesystem (getattr)))
(allow load_policy_t sysfs_t (filesystem (getattr)))
(allow load_policy_t sysfs_t (dir (getattr open search)))
(allow load_policy_t sysfs_t (dir (getattr open search)))
(allow load_policy_t proc_t (dir (getattr open search)))
(allow load_policy_t proc_t (file (ioctl read getattr lock open)))
(allow load_policy_t proc_t (dir (getattr open search)))
(allow load_policy_t proc_t (lnk_file (read getattr)))
(allow load_policy_t proc_t (dir (getattr open search)))
(allow load_policy_t proc_t (dir (ioctl read getattr lock open search)))
(allow load_policy_t etc_t (dir (getattr open search)))
(allow load_policy_t selinux_config_t (dir (ioctl read getattr lock open search)))
(allow load_policy_t selinux_config_t (dir (getattr open search)))
(allow load_policy_t selinux_config_t (file (ioctl read getattr lock open)))
(allow load_policy_t selinux_config_t (dir (getattr open search)))
(allow load_policy_t selinux_config_t (lnk_file (read getattr)))
(allow load_policy_t device_t (dir (getattr open search)))
(allow load_policy_t device_t (dir (ioctl read getattr lock open search)))
(allow load_policy_t device_t (dir (getattr open search)))
(allow load_policy_t device_t (lnk_file (read getattr)))
(allow load_policy_t devpts_t (dir (ioctl read getattr lock open search)))
(allow load_policy_t user_devpts_t (chr_file (ioctl read write getattr append open)))
(allow load_policy_t user_tty_device_t (chr_file (ioctl read write getattr append open)))
(allow load_policy_t userdomain (fd (use)))
(dontaudit newrole_t self (capability (net_admin)))
(allow newrole_t self (capability (dac_override fowner setgid setuid)))
(allow newrole_t self (process (setcap setexec)))
(allow newrole_t self (fd (use)))
(allow newrole_t self (fifo_file (ioctl read write getattr lock append open)))
(allow newrole_t self (sock_file (read getattr open)))
(allow newrole_t self (shm (create destroy getattr setattr read write associate unix_read unix_write lock)))
(allow newrole_t self (sem (create destroy getattr setattr read write associate unix_read unix_write)))
(allow newrole_t self (msgq (create destroy getattr setattr read write associate unix_read unix_write enqueue)))
(allow newrole_t self (msg (send receive)))
(allow newrole_t self (unix_dgram_socket (sendto)))
(allow newrole_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown connectto)))
(allow newrole_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write nlmsg_relay)))
(dontaudit newrole_t self (capability (dac_read_search)))
(allow newrole_t default_context_t (dir (getattr open search)))
(allow newrole_t default_context_t (file (ioctl read getattr lock open)))
(allow newrole_t default_context_t (dir (getattr open search)))
(allow newrole_t default_context_t (lnk_file (read getattr)))
(allow newrole_t proc_t (dir (getattr open search)))
(allow newrole_t proc_t (file (ioctl read getattr lock open)))
(allow newrole_t proc_t (dir (getattr open search)))
(allow newrole_t proc_t (lnk_file (read getattr)))
(allow newrole_t proc_t (dir (getattr open search)))
(allow newrole_t proc_t (dir (ioctl read getattr lock open search)))
(allow newrole_t proc_t (dir (getattr open search)))
(allow newrole_t sysctl_t (dir (getattr open search)))
(allow newrole_t sysctl_kernel_t (dir (getattr open search)))
(allow newrole_t sysctl_kernel_t (file (ioctl read getattr lock open)))
(allow newrole_t proc_t (dir (getattr open search)))
(allow newrole_t sysctl_t (dir (getattr open search)))
(allow newrole_t sysctl_kernel_t (dir (ioctl read getattr lock open search)))
(dontaudit newrole_t proc_t (filesystem (getattr)))
(allow newrole_t bin_t (dir (getattr open search)))
(allow newrole_t bin_t (lnk_file (read getattr)))
(allow newrole_t usr_t (dir (getattr open search)))
(allow newrole_t bin_t (dir (getattr open search)))
(allow newrole_t bin_t (dir (ioctl read getattr lock open search)))
(allow newrole_t device_t (dir (getattr open search)))
(allow newrole_t urandom_device_t (chr_file (ioctl read getattr lock open)))
(allow newrole_t privfd (fd (use)))
(allow newrole_t privfd (process (sigchld)))
(allow newrole_t etc_t (dir (ioctl read getattr lock open search)))
(allow newrole_t etc_t (dir (getattr open search)))
(allow newrole_t etc_t (file (ioctl read getattr lock open)))
(allow newrole_t etc_t (dir (getattr open search)))
(allow newrole_t etc_t (lnk_file (read getattr)))
(allow newrole_t var_t (dir (getattr open search)))
(allow newrole_t var_t (file (ioctl read getattr lock open)))
(allow newrole_t var_t (dir (getattr open search)))
(allow newrole_t var_t (lnk_file (read getattr)))
(allow newrole_t fs_t (filesystem (getattr)))
(allow newrole_t autofs_t (dir (getattr open search)))
(allow newrole_t sysfs_t (dir (getattr open search)))
(allow newrole_t sysfs_t (dir (getattr open search)))
(allow newrole_t security_t (dir (ioctl read getattr lock open search)))
(allow newrole_t security_t (file (ioctl read write getattr map open)))
(allow newrole_t security_t (security (check_context)))
(allow newrole_t sysfs_t (dir (getattr open search)))
(allow newrole_t sysfs_t (dir (getattr open search)))
(allow newrole_t self (netlink_selinux_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow newrole_t security_t (dir (ioctl read getattr lock open search)))
(allow newrole_t security_t (file (ioctl read write getattr map open)))
(allow newrole_t security_t (security (compute_av)))
(allow newrole_t sysfs_t (dir (getattr open search)))
(allow newrole_t sysfs_t (dir (getattr open search)))
(allow newrole_t security_t (dir (ioctl read getattr lock open search)))
(allow newrole_t security_t (file (ioctl read write getattr map open)))
(allow newrole_t security_t (security (compute_create)))
(allow newrole_t sysfs_t (dir (getattr open search)))
(allow newrole_t sysfs_t (dir (getattr open search)))
(allow newrole_t security_t (dir (ioctl read getattr lock open search)))
(allow newrole_t security_t (file (ioctl read write getattr map open)))
(allow newrole_t security_t (security (compute_relabel)))
(allow newrole_t sysfs_t (dir (getattr open search)))
(allow newrole_t sysfs_t (dir (getattr open search)))
(allow newrole_t security_t (dir (ioctl read getattr lock open search)))
(allow newrole_t security_t (file (ioctl read write getattr map open)))
(allow newrole_t security_t (security (compute_user)))
(allow newrole_t device_t (dir (getattr open search)))
(allow newrole_t device_t (dir (ioctl read getattr lock open search)))
(allow newrole_t device_t (dir (getattr open search)))
(allow newrole_t device_t (lnk_file (read getattr)))
(allow newrole_t ttynode (chr_file (ioctl read write getattr lock append open)))
(allow newrole_t device_t (dir (getattr open search)))
(allow newrole_t device_t (dir (ioctl read getattr lock open search)))
(allow newrole_t device_t (dir (getattr open search)))
(allow newrole_t device_t (lnk_file (read getattr)))
(allow newrole_t devpts_t (dir (ioctl read getattr lock open search)))
(allow newrole_t ptynode (chr_file (ioctl read write getattr lock append open)))
(allow newrole_t device_t (dir (getattr open search)))
(allow newrole_t device_t (dir (ioctl read getattr lock open search)))
(allow newrole_t device_t (dir (getattr open search)))
(allow newrole_t device_t (lnk_file (read getattr)))
(allow newrole_t ttynode (chr_file (getattr relabelfrom relabelto)))
(allow newrole_t device_t (dir (getattr open search)))
(allow newrole_t device_t (dir (ioctl read getattr lock open search)))
(allow newrole_t device_t (dir (getattr open search)))
(allow newrole_t device_t (lnk_file (read getattr)))
(allow newrole_t devpts_t (dir (getattr open search)))
(allow newrole_t ptynode (chr_file (getattr relabelfrom relabelto)))
(allow newrole_t device_t (dir (getattr open search)))
(allow newrole_t device_t (dir (ioctl read getattr lock open search)))
(allow newrole_t device_t (dir (getattr open search)))
(allow newrole_t device_t (lnk_file (read getattr)))
(allow newrole_t tty_device_t (chr_file (getattr)))
(dontaudit newrole_t tty_device_t (chr_file (ioctl read write getattr lock append open)))
(allow newrole_t auth_cache_t (dir (getattr open search)))
(allow newrole_t bin_t (dir (getattr open search)))
(allow newrole_t bin_t (lnk_file (read getattr)))
(allow newrole_t usr_t (dir (getattr open search)))
(allow newrole_t chkpwd_exec_t (file (ioctl read getattr map execute open)))
(allow newrole_t chkpwd_t (process (transition)))
(dontaudit newrole_t chkpwd_t (process (noatsecure siginh rlimitinh)))
(typetransition newrole_t chkpwd_exec_t process chkpwd_t)
(allow chkpwd_t newrole_t (fd (use)))
(allow chkpwd_t newrole_t (fifo_file (ioctl read write getattr lock append)))
(allow chkpwd_t newrole_t (process (sigchld)))
(dontaudit newrole_t shadow_t (file (ioctl read getattr lock open)))
(allow newrole_t device_t (dir (getattr open search)))
(allow newrole_t random_device_t (chr_file (ioctl read getattr lock open)))
(allow newrole_t device_t (dir (getattr open search)))
(allow newrole_t urandom_device_t (chr_file (ioctl read getattr lock open)))
(allow newrole_t var_t (dir (getattr open search)))
(allow newrole_t var_log_t (dir (getattr open search)))
(allow newrole_t var_log_t (lnk_file (read getattr)))
(allow newrole_t faillog_t (file (ioctl read write getattr lock append open)))
(allow newrole_t self (capability (audit_write)))
(allow newrole_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_relay)))
(allow newrole_t cert_t (dir (ioctl read getattr lock open search)))
(allow newrole_t cert_t (dir (getattr open search)))
(allow newrole_t cert_t (file (ioctl read getattr lock open)))
(allow newrole_t cert_t (dir (getattr open search)))
(allow newrole_t cert_t (lnk_file (read getattr)))
(allow newrole_t updpwd_exec_t (file (ioctl read getattr map execute open)))
(allow newrole_t updpwd_t (process (transition)))
(dontaudit newrole_t updpwd_t (process (noatsecure siginh rlimitinh)))
(typetransition newrole_t updpwd_exec_t process updpwd_t)
(allow updpwd_t newrole_t (fd (use)))
(allow updpwd_t newrole_t (fifo_file (ioctl read write getattr lock append)))
(allow updpwd_t newrole_t (process (sigchld)))
(dontaudit newrole_t shadow_t (file (ioctl read getattr lock open)))
(allow newrole_t var_t (dir (getattr open search)))
(allow newrole_t var_log_t (dir (getattr open search)))
(allow newrole_t var_log_t (lnk_file (read getattr)))
(allow newrole_t faillog_t (file (ioctl read write getattr lock append open)))
(allow newrole_t faillog_t (dir (getattr open search)))
(allow newrole_t var_run_t (lnk_file (read getattr)))
(allow newrole_t var_t (dir (getattr open search)))
(allow newrole_t var_run_t (dir (ioctl read getattr lock open search)))
(allow newrole_t initrc_runtime_t (file (ioctl read write getattr lock append open)))
(allow newrole_t init_t (fd (use)))
(allow newrole_t devlog_t (sock_file (write getattr append open)))
(allow newrole_t var_run_t (lnk_file (read getattr)))
(allow newrole_t var_t (dir (getattr open search)))
(allow newrole_t var_run_t (dir (getattr open search)))
(allow newrole_t init_runtime_t (dir (getattr open search)))
(allow newrole_t syslogd_runtime_t (dir (getattr open search)))
(allow newrole_t syslogd_t (unix_dgram_socket (sendto)))
(allow newrole_t syslogd_t (unix_stream_socket (connectto)))
(allow newrole_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow newrole_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow newrole_t device_t (dir (getattr open search)))
(allow newrole_t device_t (dir (ioctl read getattr lock open search)))
(allow newrole_t device_t (dir (getattr open search)))
(allow newrole_t device_t (lnk_file (read getattr)))
(allow newrole_t console_device_t (chr_file (ioctl write getattr lock append open)))
(dontaudit newrole_t console_device_t (chr_file (ioctl read getattr lock open)))
(allow newrole_t etc_t (dir (getattr open search)))
(allow newrole_t etc_t (lnk_file (read getattr)))
(allow newrole_t usr_t (dir (getattr open search)))
(allow newrole_t locale_t (dir (ioctl read getattr lock open search)))
(allow newrole_t locale_t (dir (getattr open search)))
(allow newrole_t locale_t (file (ioctl read getattr lock open)))
(allow newrole_t locale_t (dir (getattr open search)))
(allow newrole_t locale_t (lnk_file (read getattr)))
(allow newrole_t locale_t (file (map)))
(allow newrole_t security_t (filesystem (getattr)))
(allow newrole_t sysfs_t (filesystem (getattr)))
(allow newrole_t sysfs_t (dir (getattr open search)))
(allow newrole_t sysfs_t (dir (getattr open search)))
(allow newrole_t proc_t (dir (getattr open search)))
(allow newrole_t proc_t (file (ioctl read getattr lock open)))
(allow newrole_t proc_t (dir (getattr open search)))
(allow newrole_t proc_t (lnk_file (read getattr)))
(allow newrole_t proc_t (dir (getattr open search)))
(allow newrole_t proc_t (dir (ioctl read getattr lock open search)))
(allow newrole_t etc_t (dir (getattr open search)))
(allow newrole_t selinux_config_t (dir (ioctl read getattr lock open search)))
(allow newrole_t selinux_config_t (dir (getattr open search)))
(allow newrole_t selinux_config_t (file (ioctl read getattr lock open)))
(allow newrole_t selinux_config_t (dir (getattr open search)))
(allow newrole_t selinux_config_t (lnk_file (read getattr)))
(dontaudit newrole_t user_home_t (dir (getattr open search)))
(allow newrole_t user_home_dir_t (dir (getattr open search)))
(allow newrole_t home_root_t (dir (getattr open search)))
(allow newrole_t home_root_t (lnk_file (read getattr)))
(allow restorecond_t self (capability (dac_override dac_read_search fowner)))
(allow restorecond_t self (fifo_file (ioctl read write getattr lock append open)))
(allow restorecond_t restorecond_run_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow restorecond_t var_t (dir (getattr open search)))
(allow restorecond_t var_run_t (lnk_file (read getattr)))
(allow restorecond_t var_run_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition restorecond_t var_run_t file restorecond_run_t)
(allow restorecond_t debugfs_t (filesystem (getattr)))
(allow restorecond_t proc_t (dir (getattr open search)))
(allow restorecond_t proc_t (file (ioctl read getattr lock open)))
(allow restorecond_t proc_t (dir (getattr open search)))
(allow restorecond_t proc_t (lnk_file (read getattr)))
(allow restorecond_t proc_t (dir (getattr open search)))
(allow restorecond_t proc_t (dir (ioctl read getattr lock open search)))
(allow restorecond_t kernel_t (fifo_file (ioctl read write getattr lock append)))
(allow restorecond_t kernel_t (fd (use)))
(allow restorecond_t unlabeled_t (dir (ioctl read getattr lock open search)))
(allow restorecond_t unlabeled_t (dir (ioctl read getattr lock relabelfrom open search)))
(allow restorecond_t unlabeled_t (dir (ioctl read getattr lock open search)))
(allow restorecond_t unlabeled_t (file (getattr relabelfrom)))
(allow restorecond_t unlabeled_t (dir (ioctl read getattr lock open search)))
(allow restorecond_t unlabeled_t (lnk_file (getattr relabelfrom)))
(allow restorecond_t unlabeled_t (dir (ioctl read getattr lock open search)))
(allow restorecond_t unlabeled_t (fifo_file (getattr relabelfrom)))
(allow restorecond_t unlabeled_t (dir (ioctl read getattr lock open search)))
(allow restorecond_t unlabeled_t (sock_file (getattr relabelfrom)))
(allow restorecond_t unlabeled_t (blk_file (getattr relabelfrom)))
(allow restorecond_t unlabeled_t (chr_file (getattr relabelfrom)))
(dontaudit restorecond_t nfs_t (dir (ioctl read getattr lock open search)))
(allow restorecond_t xattrfs (filesystem (getattr)))
(allow restorecond_t cgroup_types (filesystem (getattr)))
(allow restorecond_t pstore_t (dir (getattr open search)))
(allow restorecond_t pstore_t (file (getattr)))
(allow restorecond_t sysfs_t (dir (getattr open search)))
(allow restorecond_t sysfs_t (dir (getattr open search)))
(allow restorecond_t tracefs_t (filesystem (getattr)))
(allow restorecond_t inotifyfs_t (dir (ioctl read getattr lock open search)))
(allow restorecond_t noxattrfs (dir (ioctl read getattr lock open search)))
(allow restorecond_t noxattrfs (dir (getattr open search)))
(allow restorecond_t noxattrfs (dir (getattr relabelfrom)))
(allow restorecond_t noxattrfs (dir (getattr open search)))
(allow restorecond_t noxattrfs (file (getattr relabelfrom)))
(allow restorecond_t noxattrfs (dir (getattr open search)))
(allow restorecond_t noxattrfs (lnk_file (getattr relabelfrom)))
(allow restorecond_t noxattrfs (dir (getattr open search)))
(allow restorecond_t noxattrfs (fifo_file (getattr relabelfrom)))
(allow restorecond_t noxattrfs (dir (getattr open search)))
(allow restorecond_t noxattrfs (sock_file (getattr relabelfrom)))
(allow restorecond_t noxattrfs (dir (getattr open search)))
(allow restorecond_t noxattrfs (blk_file (getattr relabelfrom)))
(allow restorecond_t noxattrfs (dir (getattr open search)))
(allow restorecond_t noxattrfs (chr_file (getattr relabelfrom)))
(allow restorecond_t pstore_t (filesystem (getattr)))
(allow restorecond_t sysfs_t (dir (getattr open search)))
(allow restorecond_t sysfs_t (dir (getattr open search)))
(allow restorecond_t security_t (dir (ioctl read getattr lock open search)))
(allow restorecond_t security_t (file (ioctl read write getattr map open)))
(allow restorecond_t security_t (security (check_context)))
(allow restorecond_t sysfs_t (dir (getattr open search)))
(allow restorecond_t sysfs_t (dir (getattr open search)))
(allow restorecond_t self (netlink_selinux_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow restorecond_t security_t (dir (ioctl read getattr lock open search)))
(allow restorecond_t security_t (file (ioctl read write getattr map open)))
(allow restorecond_t security_t (security (compute_av)))
(allow restorecond_t sysfs_t (dir (getattr open search)))
(allow restorecond_t sysfs_t (dir (getattr open search)))
(allow restorecond_t security_t (dir (ioctl read getattr lock open search)))
(allow restorecond_t security_t (file (ioctl read write getattr map open)))
(allow restorecond_t security_t (security (compute_create)))
(allow restorecond_t sysfs_t (dir (getattr open search)))
(allow restorecond_t sysfs_t (dir (getattr open search)))
(allow restorecond_t security_t (dir (ioctl read getattr lock open search)))
(allow restorecond_t security_t (file (ioctl read write getattr map open)))
(allow restorecond_t security_t (security (compute_relabel)))
(allow restorecond_t sysfs_t (dir (getattr open search)))
(allow restorecond_t sysfs_t (dir (getattr open search)))
(allow restorecond_t security_t (dir (ioctl read getattr lock open search)))
(allow restorecond_t security_t (file (ioctl read write getattr map open)))
(allow restorecond_t security_t (security (compute_user)))
(allow restorecond_t non_auth_file_type (dir (ioctl read getattr lock open search)))
(allow restorecond_t non_auth_file_type (dir (getattr open search)))
(allow restorecond_t non_auth_file_type (dir (getattr relabelfrom relabelto)))
(allow restorecond_t non_auth_file_type (dir (getattr open search)))
(allow restorecond_t non_auth_file_type (file (getattr relabelfrom relabelto)))
(allow restorecond_t non_auth_file_type (dir (getattr open search)))
(allow restorecond_t non_auth_file_type (lnk_file (getattr relabelfrom relabelto)))
(allow restorecond_t non_auth_file_type (dir (getattr open search)))
(allow restorecond_t non_auth_file_type (fifo_file (getattr relabelfrom relabelto)))
(allow restorecond_t non_auth_file_type (dir (getattr open search)))
(allow restorecond_t non_auth_file_type (sock_file (getattr relabelfrom relabelto)))
(allow restorecond_t non_auth_file_type (dir (getattr open search)))
(allow restorecond_t non_auth_file_type (blk_file (getattr relabelfrom)))
(allow restorecond_t non_auth_file_type (dir (getattr open search)))
(allow restorecond_t non_auth_file_type (chr_file (getattr relabelfrom)))
(dontaudit restorecond_t file_type (lnk_file (read)))
(allow restorecond_t devlog_t (sock_file (write getattr append open)))
(allow restorecond_t var_run_t (lnk_file (read getattr)))
(allow restorecond_t var_t (dir (getattr open search)))
(allow restorecond_t var_run_t (dir (getattr open search)))
(allow restorecond_t init_runtime_t (dir (getattr open search)))
(allow restorecond_t syslogd_runtime_t (dir (getattr open search)))
(allow restorecond_t syslogd_t (unix_dgram_socket (sendto)))
(allow restorecond_t syslogd_t (unix_stream_socket (connectto)))
(allow restorecond_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow restorecond_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow restorecond_t device_t (dir (getattr open search)))
(allow restorecond_t device_t (dir (ioctl read getattr lock open search)))
(allow restorecond_t device_t (dir (getattr open search)))
(allow restorecond_t device_t (lnk_file (read getattr)))
(allow restorecond_t console_device_t (chr_file (ioctl write getattr lock append open)))
(dontaudit restorecond_t console_device_t (chr_file (ioctl read getattr lock open)))
(allow restorecond_t etc_t (dir (getattr open search)))
(allow restorecond_t etc_t (lnk_file (read getattr)))
(allow restorecond_t usr_t (dir (getattr open search)))
(allow restorecond_t locale_t (dir (ioctl read getattr lock open search)))
(allow restorecond_t locale_t (dir (getattr open search)))
(allow restorecond_t locale_t (file (ioctl read getattr lock open)))
(allow restorecond_t locale_t (dir (getattr open search)))
(allow restorecond_t locale_t (lnk_file (read getattr)))
(allow restorecond_t locale_t (file (map)))
(allow restorecond_t security_t (filesystem (getattr)))
(allow restorecond_t sysfs_t (filesystem (getattr)))
(allow restorecond_t sysfs_t (dir (getattr open search)))
(allow restorecond_t sysfs_t (dir (getattr open search)))
(allow restorecond_t proc_t (dir (getattr open search)))
(allow restorecond_t proc_t (file (ioctl read getattr lock open)))
(allow restorecond_t proc_t (dir (getattr open search)))
(allow restorecond_t proc_t (lnk_file (read getattr)))
(allow restorecond_t proc_t (dir (getattr open search)))
(allow restorecond_t proc_t (dir (ioctl read getattr lock open search)))
(allow restorecond_t etc_t (dir (getattr open search)))
(allow restorecond_t selinux_config_t (dir (ioctl read getattr lock open search)))
(allow restorecond_t selinux_config_t (dir (getattr open search)))
(allow restorecond_t selinux_config_t (file (ioctl read getattr lock open)))
(allow restorecond_t selinux_config_t (dir (getattr open search)))
(allow restorecond_t selinux_config_t (lnk_file (read getattr)))
(allow restorecond_t etc_t (dir (getattr open search)))
(allow restorecond_t selinux_config_t (dir (getattr open search)))
(allow restorecond_t default_context_t (dir (ioctl read getattr lock open search)))
(allow restorecond_t default_context_t (dir (getattr open search)))
(allow restorecond_t default_context_t (file (ioctl read getattr lock open)))
(allow run_init_t self (process (setexec)))
(allow run_init_t self (capability (setuid)))
(allow run_init_t self (fifo_file (ioctl read write getattr lock append open)))
(allow run_init_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write nlmsg_relay)))
(dontaudit run_init_t self (capability (dac_override dac_read_search)))
(allow run_init_t bin_t (dir (getattr open search)))
(allow run_init_t bin_t (lnk_file (read getattr)))
(allow run_init_t usr_t (dir (getattr open search)))
(allow run_init_t bin_t (dir (getattr open search)))
(allow run_init_t bin_t (dir (ioctl read getattr lock open search)))
(allow run_init_t bin_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow run_init_t bin_t (dir (getattr open search)))
(allow run_init_t bin_t (lnk_file (read getattr)))
(allow run_init_t usr_t (dir (getattr open search)))
(allow run_init_t bin_t (dir (getattr open search)))
(allow run_init_t bin_t (dir (ioctl read getattr lock open search)))
(allow run_init_t shell_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(dontaudit run_init_t device_t (dir (ioctl read getattr lock open search)))
(allow run_init_t privfd (fd (use)))
(allow run_init_t etc_t (dir (ioctl read getattr lock open search)))
(allow run_init_t etc_t (dir (getattr open search)))
(allow run_init_t etc_t (file (ioctl read getattr lock open)))
(allow run_init_t etc_t (dir (getattr open search)))
(allow run_init_t etc_t (lnk_file (read getattr)))
(dontaudit run_init_t file_type (dir (getattr open search)))
(allow run_init_t fs_t (filesystem (getattr)))
(allow run_init_t sysfs_t (dir (getattr open search)))
(allow run_init_t sysfs_t (dir (getattr open search)))
(allow run_init_t security_t (dir (ioctl read getattr lock open search)))
(allow run_init_t security_t (file (ioctl read write getattr map open)))
(allow run_init_t security_t (security (check_context)))
(allow run_init_t sysfs_t (dir (getattr open search)))
(allow run_init_t sysfs_t (dir (getattr open search)))
(allow run_init_t self (netlink_selinux_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow run_init_t security_t (dir (ioctl read getattr lock open search)))
(allow run_init_t security_t (file (ioctl read write getattr map open)))
(allow run_init_t security_t (security (compute_av)))
(allow run_init_t sysfs_t (dir (getattr open search)))
(allow run_init_t sysfs_t (dir (getattr open search)))
(allow run_init_t security_t (dir (ioctl read getattr lock open search)))
(allow run_init_t security_t (file (ioctl read write getattr map open)))
(allow run_init_t security_t (security (compute_create)))
(allow run_init_t sysfs_t (dir (getattr open search)))
(allow run_init_t sysfs_t (dir (getattr open search)))
(allow run_init_t security_t (dir (ioctl read getattr lock open search)))
(allow run_init_t security_t (file (ioctl read write getattr map open)))
(allow run_init_t security_t (security (compute_relabel)))
(allow run_init_t sysfs_t (dir (getattr open search)))
(allow run_init_t sysfs_t (dir (getattr open search)))
(allow run_init_t security_t (dir (ioctl read getattr lock open search)))
(allow run_init_t security_t (file (ioctl read write getattr map open)))
(allow run_init_t security_t (security (compute_user)))
(allow run_init_t auth_cache_t (dir (getattr open search)))
(allow run_init_t bin_t (dir (getattr open search)))
(allow run_init_t bin_t (lnk_file (read getattr)))
(allow run_init_t usr_t (dir (getattr open search)))
(allow run_init_t chkpwd_exec_t (file (ioctl read getattr map execute open)))
(allow run_init_t chkpwd_t (process (transition)))
(dontaudit run_init_t chkpwd_t (process (noatsecure siginh rlimitinh)))
(typetransition run_init_t chkpwd_exec_t process chkpwd_t)
(allow chkpwd_t run_init_t (fd (use)))
(allow chkpwd_t run_init_t (fifo_file (ioctl read write getattr lock append)))
(allow chkpwd_t run_init_t (process (sigchld)))
(dontaudit run_init_t shadow_t (file (ioctl read getattr lock open)))
(allow run_init_t device_t (dir (getattr open search)))
(allow run_init_t random_device_t (chr_file (ioctl read getattr lock open)))
(allow run_init_t device_t (dir (getattr open search)))
(allow run_init_t urandom_device_t (chr_file (ioctl read getattr lock open)))
(allow run_init_t var_t (dir (getattr open search)))
(allow run_init_t var_log_t (dir (getattr open search)))
(allow run_init_t var_log_t (lnk_file (read getattr)))
(allow run_init_t faillog_t (file (ioctl read write getattr lock append open)))
(allow run_init_t self (capability (audit_write)))
(allow run_init_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_relay)))
(allow run_init_t cert_t (dir (ioctl read getattr lock open search)))
(allow run_init_t cert_t (dir (getattr open search)))
(allow run_init_t cert_t (file (ioctl read getattr lock open)))
(allow run_init_t cert_t (dir (getattr open search)))
(allow run_init_t cert_t (lnk_file (read getattr)))
(allow run_init_t updpwd_exec_t (file (ioctl read getattr map execute open)))
(allow run_init_t updpwd_t (process (transition)))
(dontaudit run_init_t updpwd_t (process (noatsecure siginh rlimitinh)))
(typetransition run_init_t updpwd_exec_t process updpwd_t)
(allow updpwd_t run_init_t (fd (use)))
(allow updpwd_t run_init_t (fifo_file (ioctl read write getattr lock append)))
(allow updpwd_t run_init_t (process (sigchld)))
(dontaudit run_init_t shadow_t (file (ioctl read getattr lock open)))
(dontaudit run_init_t shadow_t (file (ioctl read getattr lock open)))
(allow run_init_t etc_t (dir (ioctl read getattr lock open search)))
(allow run_init_t self (process (setexec)))
(allow run_init_t initrc_exec_t (file (ioctl read getattr map execute open)))
(allow run_init_t initrc_t (process (transition)))
(dontaudit run_init_t initrc_t (process (noatsecure siginh rlimitinh)))
(allow initrc_t run_init_t (fd (use)))
(allow initrc_t run_init_t (fifo_file (ioctl read write getattr lock append)))
(allow initrc_t run_init_t (process (sigchld)))
(allow run_init_t var_run_t (lnk_file (read getattr)))
(allow run_init_t var_t (dir (getattr open search)))
(allow run_init_t var_run_t (dir (ioctl read getattr lock open search)))
(allow run_init_t initrc_runtime_t (file (ioctl read write getattr lock append open)))
(allow run_init_t proc_t (dir (getattr open search)))
(allow run_init_t sysctl_t (dir (getattr open search)))
(allow run_init_t sysctl_kernel_t (dir (getattr open search)))
(allow run_init_t sysctl_kernel_t (file (ioctl read getattr lock open)))
(allow run_init_t proc_t (dir (getattr open search)))
(allow run_init_t sysctl_t (dir (getattr open search)))
(allow run_init_t sysctl_kernel_t (dir (ioctl read getattr lock open search)))
(allow run_init_t devlog_t (sock_file (write getattr append open)))
(allow run_init_t var_run_t (lnk_file (read getattr)))
(allow run_init_t var_t (dir (getattr open search)))
(allow run_init_t var_run_t (dir (getattr open search)))
(allow run_init_t init_runtime_t (dir (getattr open search)))
(allow run_init_t syslogd_runtime_t (dir (getattr open search)))
(allow run_init_t syslogd_t (unix_dgram_socket (sendto)))
(allow run_init_t syslogd_t (unix_stream_socket (connectto)))
(allow run_init_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow run_init_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow run_init_t device_t (dir (getattr open search)))
(allow run_init_t device_t (dir (ioctl read getattr lock open search)))
(allow run_init_t device_t (dir (getattr open search)))
(allow run_init_t device_t (lnk_file (read getattr)))
(allow run_init_t console_device_t (chr_file (ioctl write getattr lock append open)))
(dontaudit run_init_t console_device_t (chr_file (ioctl read getattr lock open)))
(allow run_init_t etc_t (dir (getattr open search)))
(allow run_init_t etc_t (lnk_file (read getattr)))
(allow run_init_t usr_t (dir (getattr open search)))
(allow run_init_t locale_t (dir (ioctl read getattr lock open search)))
(allow run_init_t locale_t (dir (getattr open search)))
(allow run_init_t locale_t (file (ioctl read getattr lock open)))
(allow run_init_t locale_t (dir (getattr open search)))
(allow run_init_t locale_t (lnk_file (read getattr)))
(allow run_init_t locale_t (file (map)))
(allow run_init_t security_t (filesystem (getattr)))
(allow run_init_t sysfs_t (filesystem (getattr)))
(allow run_init_t sysfs_t (dir (getattr open search)))
(allow run_init_t sysfs_t (dir (getattr open search)))
(allow run_init_t proc_t (dir (getattr open search)))
(allow run_init_t proc_t (file (ioctl read getattr lock open)))
(allow run_init_t proc_t (dir (getattr open search)))
(allow run_init_t proc_t (lnk_file (read getattr)))
(allow run_init_t proc_t (dir (getattr open search)))
(allow run_init_t proc_t (dir (ioctl read getattr lock open search)))
(allow run_init_t etc_t (dir (getattr open search)))
(allow run_init_t selinux_config_t (dir (ioctl read getattr lock open search)))
(allow run_init_t selinux_config_t (dir (getattr open search)))
(allow run_init_t selinux_config_t (file (ioctl read getattr lock open)))
(allow run_init_t selinux_config_t (dir (getattr open search)))
(allow run_init_t selinux_config_t (lnk_file (read getattr)))
(allow run_init_t etc_t (dir (getattr open search)))
(allow run_init_t selinux_config_t (dir (getattr open search)))
(allow run_init_t default_context_t (dir (ioctl read getattr lock open search)))
(allow run_init_t default_context_t (dir (getattr open search)))
(allow run_init_t default_context_t (file (ioctl read getattr lock open)))
(allow run_init_t device_t (dir (getattr open search)))
(allow run_init_t device_t (dir (ioctl read getattr lock open search)))
(allow run_init_t device_t (dir (getattr open search)))
(allow run_init_t device_t (lnk_file (read getattr)))
(allow run_init_t devpts_t (dir (ioctl read getattr lock open search)))
(allow run_init_t user_devpts_t (chr_file (ioctl read write getattr append open)))
(allow run_init_t user_tty_device_t (chr_file (ioctl read write getattr append open)))
(allow run_init_t etc_t (dir (getattr open search)))
(allow run_init_t init_script_file_type (file (ioctl read getattr lock open)))
(allow run_init_t init_script_file_type (lnk_file (read getattr)))
(allow run_init_t initrc_exec_t (file (entrypoint)))
(allow run_init_t initrc_exec_t (file (ioctl read getattr lock map execute open)))
(allow run_init_t bin_t (dir (getattr open search)))
(allow run_init_t bin_t (lnk_file (read getattr)))
(allow run_init_t usr_t (dir (getattr open search)))
(allow run_init_t rc_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow selinux_dbus_t self (fifo_file (ioctl read write getattr lock append)))
(allow selinux_dbus_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow selinux_dbus_t bin_t (dir (getattr open search)))
(allow selinux_dbus_t bin_t (lnk_file (read getattr)))
(allow selinux_dbus_t usr_t (dir (getattr open search)))
(allow selinux_dbus_t bin_t (dir (getattr open search)))
(allow selinux_dbus_t bin_t (dir (ioctl read getattr lock open search)))
(allow selinux_dbus_t bin_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow selinux_dbus_t etc_t (dir (getattr open search)))
(allow selinux_dbus_t etc_t (lnk_file (read getattr)))
(allow selinux_dbus_t usr_t (dir (ioctl read getattr lock open search)))
(allow selinux_dbus_t etc_t (dir (getattr open search)))
(allow selinux_dbus_t etc_t (lnk_file (read getattr)))
(allow selinux_dbus_t usr_t (dir (getattr open search)))
(allow selinux_dbus_t locale_t (dir (ioctl read getattr lock open search)))
(allow selinux_dbus_t locale_t (dir (getattr open search)))
(allow selinux_dbus_t locale_t (file (ioctl read getattr lock open)))
(allow selinux_dbus_t locale_t (dir (getattr open search)))
(allow selinux_dbus_t locale_t (lnk_file (read getattr)))
(allow selinux_dbus_t locale_t (file (map)))
(allow selinux_dbus_t usr_t (dir (getattr open search)))
(allow selinux_dbus_t bin_t (dir (getattr open search)))
(allow selinux_dbus_t bin_t (lnk_file (read getattr)))
(allow selinux_dbus_t usr_t (dir (getattr open search)))
(allow selinux_dbus_t semanage_exec_t (file (ioctl read getattr map execute open)))
(allow selinux_dbus_t semanage_t (process (transition)))
(dontaudit selinux_dbus_t semanage_t (process (noatsecure siginh rlimitinh)))
(typetransition selinux_dbus_t semanage_exec_t process semanage_t)
(allow semanage_t selinux_dbus_t (fd (use)))
(allow semanage_t selinux_dbus_t (fifo_file (ioctl read write getattr lock append)))
(allow semanage_t selinux_dbus_t (process (sigchld)))
(allow semanage_t self (capability (dac_override audit_write)))
(dontaudit semanage_t self (capability (sys_admin sys_resource)))
(allow semanage_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown)))
(allow semanage_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow semanage_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write nlmsg_relay)))
(allow semanage_t self (fifo_file (ioctl read write getattr lock append open)))
(allow semanage_t policy_config_t (file (ioctl read write getattr lock append open)))
(allow semanage_t policy_src_t (dir (search)))
(allow semanage_t selinux_config_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow semanage_t semanage_tmp_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow semanage_t semanage_tmp_t (file (ioctl read write create getattr setattr lock append map unlink link rename execute open)))
(allow semanage_t tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition semanage_t tmp_t dir semanage_tmp_t)
(typetransition semanage_t tmp_t file semanage_tmp_t)
(allow semanage_t proc_t (dir (getattr open search)))
(allow semanage_t proc_t (file (ioctl read getattr lock open)))
(allow semanage_t proc_t (dir (getattr open search)))
(allow semanage_t proc_t (lnk_file (read getattr)))
(allow semanage_t proc_t (dir (getattr open search)))
(allow semanage_t proc_t (dir (ioctl read getattr lock open search)))
(allow semanage_t proc_t (dir (getattr open search)))
(allow semanage_t sysctl_t (dir (getattr open search)))
(allow semanage_t sysctl_kernel_t (dir (getattr open search)))
(allow semanage_t sysctl_kernel_t (file (ioctl read getattr lock open)))
(allow semanage_t proc_t (dir (getattr open search)))
(allow semanage_t sysctl_t (dir (getattr open search)))
(allow semanage_t sysctl_kernel_t (dir (ioctl read getattr lock open search)))
(dontaudit semanage_t proc_t (filesystem (getattr)))
(allow semanage_t bin_t (dir (getattr open search)))
(allow semanage_t bin_t (lnk_file (read getattr)))
(allow semanage_t usr_t (dir (getattr open search)))
(allow semanage_t bin_t (dir (getattr open search)))
(allow semanage_t bin_t (dir (ioctl read getattr lock open search)))
(allow semanage_t bin_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow semanage_t bin_t (dir (getattr open search)))
(allow semanage_t bin_t (lnk_file (read getattr)))
(allow semanage_t usr_t (dir (getattr open search)))
(allow semanage_t bin_t (dir (getattr open search)))
(allow semanage_t bin_t (dir (ioctl read getattr lock open search)))
(allow semanage_t shell_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow semanage_t device_t (dir (getattr open search)))
(allow semanage_t urandom_device_t (chr_file (ioctl read getattr lock open)))
(allow semanage_t privfd (fd (use)))
(allow semanage_t etc_t (dir (ioctl read getattr lock open search)))
(allow semanage_t etc_t (dir (getattr open search)))
(allow semanage_t etc_t (file (ioctl read getattr lock open)))
(allow semanage_t etc_t (dir (getattr open search)))
(allow semanage_t etc_t (lnk_file (read getattr)))
(allow semanage_t etc_t (dir (ioctl read getattr lock open search)))
(allow semanage_t etc_t (dir (getattr open search)))
(allow semanage_t etc_runtime_t (file (ioctl read getattr lock open)))
(allow semanage_t etc_t (dir (getattr open search)))
(allow semanage_t etc_runtime_t (lnk_file (read getattr)))
(allow semanage_t usr_t (file (map)))
(allow semanage_t usr_t (dir (ioctl read getattr lock open search)))
(allow semanage_t usr_t (dir (getattr open search)))
(allow semanage_t usr_t (file (ioctl read getattr lock open)))
(allow semanage_t usr_t (dir (getattr open search)))
(allow semanage_t usr_t (lnk_file (read getattr)))
(allow semanage_t var_run_t (lnk_file (read getattr)))
(allow semanage_t var_t (dir (getattr open search)))
(allow semanage_t var_run_t (dir (ioctl read getattr lock open search)))
(allow semanage_t sysfs_t (dir (getattr open search)))
(allow semanage_t sysfs_t (dir (getattr open search)))
(allow semanage_t security_t (dir (ioctl read getattr lock open search)))
(allow semanage_t security_t (file (ioctl read write getattr map open)))
(allow semanage_t security_t (security (check_context)))
(allow semanage_t sysfs_t (dir (getattr open search)))
(allow semanage_t sysfs_t (dir (getattr open search)))
(allow semanage_t security_t (dir (ioctl read getattr lock open search)))
(allow semanage_t security_t (file (ioctl read getattr map open)))
(allow semanage_t security_t (filesystem (getattr)))
(allow semanage_t sysfs_t (filesystem (getattr)))
(allow semanage_t sysfs_t (dir (getattr open search)))
(allow semanage_t sysfs_t (dir (getattr open search)))
(allow semanage_t sysfs_t (dir (getattr open search)))
(allow semanage_t sysfs_t (dir (getattr open search)))
(allow semanage_t security_t (dir (ioctl read getattr lock open search)))
(allow semanage_t security_t (file (ioctl read getattr map open)))
(allow semanage_t security_t (security (read_policy)))
(allow semanage_t sysfs_t (dir (getattr open search)))
(allow semanage_t sysfs_t (dir (getattr open search)))
(allow semanage_t security_t (dir (ioctl read getattr lock open search)))
(allow semanage_t boolean_type (file (ioctl read getattr lock open)))
(allow semanage_t secure_mode_policyload_t (file (ioctl read getattr lock open)))
(allow semanage_t device_t (dir (getattr open search)))
(allow semanage_t device_t (dir (ioctl read getattr lock open search)))
(allow semanage_t device_t (dir (getattr open search)))
(allow semanage_t device_t (lnk_file (read getattr)))
(allow semanage_t devpts_t (dir (ioctl read getattr lock open search)))
(allow semanage_t console_device_t (chr_file (ioctl read write getattr lock append open)))
(allow semanage_t devpts_t (chr_file (ioctl read write getattr lock append open)))
(allow semanage_t ttynode (chr_file (ioctl read write getattr lock append open)))
(allow semanage_t ptynode (chr_file (ioctl read write getattr lock append open)))
(allow semanage_t tty_device_t (chr_file (ioctl read write getattr lock append open)))
(dontaudit semanage_t lib_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(dontaudit semanage_t lib_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow semanage_t devlog_t (sock_file (write getattr append open)))
(allow semanage_t var_run_t (lnk_file (read getattr)))
(allow semanage_t var_t (dir (getattr open search)))
(allow semanage_t var_run_t (dir (getattr open search)))
(allow semanage_t init_runtime_t (dir (getattr open search)))
(allow semanage_t syslogd_runtime_t (dir (getattr open search)))
(allow semanage_t syslogd_t (unix_dgram_socket (sendto)))
(allow semanage_t syslogd_t (unix_stream_socket (connectto)))
(allow semanage_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow semanage_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow semanage_t device_t (dir (getattr open search)))
(allow semanage_t device_t (dir (ioctl read getattr lock open search)))
(allow semanage_t device_t (dir (getattr open search)))
(allow semanage_t device_t (lnk_file (read getattr)))
(allow semanage_t console_device_t (chr_file (ioctl write getattr lock append open)))
(dontaudit semanage_t console_device_t (chr_file (ioctl read getattr lock open)))
(allow semanage_t etc_t (dir (getattr open search)))
(allow semanage_t etc_t (lnk_file (read getattr)))
(allow semanage_t usr_t (dir (getattr open search)))
(allow semanage_t locale_t (dir (ioctl read getattr lock open search)))
(allow semanage_t locale_t (dir (getattr open search)))
(allow semanage_t locale_t (file (ioctl read getattr lock open)))
(allow semanage_t locale_t (dir (getattr open search)))
(allow semanage_t locale_t (lnk_file (read getattr)))
(allow semanage_t locale_t (file (map)))
(allow semanage_t security_t (filesystem (getattr)))
(allow semanage_t sysfs_t (filesystem (getattr)))
(allow semanage_t sysfs_t (dir (getattr open search)))
(allow semanage_t sysfs_t (dir (getattr open search)))
(allow semanage_t proc_t (dir (getattr open search)))
(allow semanage_t proc_t (file (ioctl read getattr lock open)))
(allow semanage_t proc_t (dir (getattr open search)))
(allow semanage_t proc_t (lnk_file (read getattr)))
(allow semanage_t proc_t (dir (getattr open search)))
(allow semanage_t proc_t (dir (ioctl read getattr lock open search)))
(allow semanage_t etc_t (dir (getattr open search)))
(allow semanage_t selinux_config_t (dir (ioctl read getattr lock open search)))
(allow semanage_t selinux_config_t (dir (getattr open search)))
(allow semanage_t selinux_config_t (file (ioctl read getattr lock open)))
(allow semanage_t selinux_config_t (dir (getattr open search)))
(allow semanage_t selinux_config_t (lnk_file (read getattr)))
(allow semanage_t etc_t (dir (getattr open search)))
(allow semanage_t selinux_config_t (dir (getattr open search)))
(allow semanage_t default_context_t (dir (getattr open search)))
(allow semanage_t file_context_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow semanage_t file_context_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow semanage_t file_context_t (file (map)))
(allow semanage_t etc_t (dir (getattr open search)))
(allow semanage_t selinux_config_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow semanage_t selinux_config_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow semanage_t selinux_config_t (dir (getattr open search)))
(allow semanage_t selinux_config_t (lnk_file (read getattr)))
(allow semanage_t etc_t (dir (getattr open search)))
(allow semanage_t selinux_config_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow semanage_t usr_t (dir (getattr open search)))
(allow semanage_t bin_t (dir (getattr open search)))
(allow semanage_t bin_t (lnk_file (read getattr)))
(allow semanage_t usr_t (dir (getattr open search)))
(allow semanage_t setfiles_exec_t (file (ioctl read getattr map execute open)))
(allow semanage_t setfiles_t (process (transition)))
(dontaudit semanage_t setfiles_t (process (noatsecure siginh rlimitinh)))
(typetransition semanage_t setfiles_exec_t process setfiles_t)
(allow setfiles_t semanage_t (fd (use)))
(allow setfiles_t semanage_t (fifo_file (ioctl read write getattr lock append)))
(allow setfiles_t semanage_t (process (sigchld)))
(allow semanage_t bin_t (dir (getattr open search)))
(allow semanage_t bin_t (lnk_file (read getattr)))
(allow semanage_t usr_t (dir (getattr open search)))
(allow semanage_t load_policy_exec_t (file (ioctl read getattr map execute open)))
(allow semanage_t load_policy_t (process (transition)))
(dontaudit semanage_t load_policy_t (process (noatsecure siginh rlimitinh)))
(typetransition semanage_t load_policy_exec_t process load_policy_t)
(allow load_policy_t semanage_t (fd (use)))
(allow load_policy_t semanage_t (fifo_file (ioctl read write getattr lock append)))
(allow load_policy_t semanage_t (process (sigchld)))
(allow semanage_t etc_t (dir (getattr open search)))
(allow semanage_t selinux_config_t (dir (getattr open search)))
(allow semanage_t policy_config_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow semanage_t policy_config_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow semanage_t newrole_t (fd (use)))
(allow semanage_t etc_t (dir (getattr open search)))
(allow semanage_t var_t (dir (getattr open search)))
(allow semanage_t selinux_config_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow semanage_t semanage_store_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow semanage_t semanage_store_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow semanage_t semanage_store_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow semanage_t semanage_store_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow semanage_t semanage_store_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow semanage_t semanage_store_t (file (map)))
(allow semanage_t semanage_store_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow semanage_t semanage_store_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
(allow semanage_t etc_t (dir (getattr open search)))
(allow semanage_t selinux_config_t (dir (getattr open search)))
(allow semanage_t semanage_trans_lock_t (file (ioctl read write getattr lock append open)))
(allow semanage_t etc_t (dir (getattr open search)))
(allow semanage_t selinux_config_t (dir (getattr open search)))
(allow semanage_t semanage_read_lock_t (file (ioctl read write getattr lock append open)))
(allow semanage_t etc_t (dir (getattr open search)))
(allow semanage_t selinux_config_t (dir (getattr open search)))
(allow semanage_t default_context_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow semanage_t default_context_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow semanage_t user_home_t (dir (getattr open search)))
(allow semanage_t user_home_dir_t (dir (getattr open search)))
(allow semanage_t user_home_t (file (ioctl read getattr lock open)))
(allow semanage_t home_root_t (dir (getattr open search)))
(allow semanage_t home_root_t (lnk_file (read getattr)))
(allow semanage_t user_home_t (file (map)))
(allow semanage_t user_tmp_t (dir (getattr open search)))
(allow semanage_t user_tmp_t (file (ioctl read getattr lock open)))
(allow semanage_t user_tmp_t (dir (ioctl read getattr lock open search)))
(allow semanage_t tmp_t (dir (getattr open search)))
(allow semanage_t user_runtime_t (dir (getattr open search)))
(allow semanage_t user_runtime_root_t (dir (getattr open search)))
(allow semanage_t var_run_t (lnk_file (read getattr)))
(allow semanage_t var_t (dir (getattr open search)))
(allow semanage_t var_run_t (dir (getattr open search)))
(allow semanage_t user_tmp_t (file (map)))
(allow setfiles_t self (capability (dac_override dac_read_search fowner)))
(dontaudit setfiles_t self (capability (sys_tty_config)))
(allow setfiles_t self (process (getsched)))
(allow setfiles_t self (fifo_file (ioctl read write getattr lock append open)))
(allow setfiles_t default_context_t (dir (ioctl read getattr lock open search)))
(allow setfiles_t file_context_t (dir (ioctl read getattr lock open search)))
(allow setfiles_t policy_config_t (dir (ioctl read getattr lock open search)))
(allow setfiles_t policy_src_t (dir (ioctl read getattr lock open search)))
(allow setfiles_t default_context_t (file (ioctl read getattr lock open)))
(allow setfiles_t file_context_t (file (ioctl read getattr lock open)))
(allow setfiles_t policy_config_t (file (ioctl read getattr lock open)))
(allow setfiles_t policy_src_t (file (ioctl read getattr lock open)))
(allow setfiles_t default_context_t (lnk_file (ioctl read getattr lock)))
(allow setfiles_t file_context_t (lnk_file (ioctl read getattr lock)))
(allow setfiles_t policy_config_t (lnk_file (ioctl read getattr lock)))
(allow setfiles_t policy_src_t (lnk_file (ioctl read getattr lock)))
(allow setfiles_t file_context_t (file (map)))
(allow setfiles_t proc_t (dir (getattr open search)))
(allow setfiles_t proc_t (file (ioctl read getattr lock open)))
(allow setfiles_t proc_t (dir (getattr open search)))
(allow setfiles_t proc_t (lnk_file (read getattr)))
(allow setfiles_t proc_t (dir (getattr open search)))
(allow setfiles_t proc_t (dir (ioctl read getattr lock open search)))
(allow setfiles_t unlabeled_t (dir (ioctl read getattr lock relabelfrom open search)))
(allow setfiles_t unlabeled_t (dir (ioctl read getattr lock open search)))
(allow setfiles_t unlabeled_t (file (getattr relabelfrom)))
(allow setfiles_t unlabeled_t (dir (ioctl read getattr lock open search)))
(allow setfiles_t unlabeled_t (lnk_file (getattr relabelfrom)))
(allow setfiles_t unlabeled_t (dir (ioctl read getattr lock open search)))
(allow setfiles_t unlabeled_t (fifo_file (getattr relabelfrom)))
(allow setfiles_t unlabeled_t (dir (ioctl read getattr lock open search)))
(allow setfiles_t unlabeled_t (sock_file (getattr relabelfrom)))
(allow setfiles_t unlabeled_t (blk_file (getattr relabelfrom)))
(allow setfiles_t unlabeled_t (chr_file (getattr relabelfrom)))
(allow setfiles_t kernel_t (fd (use)))
(allow setfiles_t kernel_t (fifo_file (ioctl read write getattr lock append)))
(allow setfiles_t kernel_t (unix_dgram_socket (ioctl read write)))
(dontaudit setfiles_t proc_type (dir (ioctl read getattr lock open search)))
(dontaudit setfiles_t proc_type (file (getattr)))
(dontaudit setfiles_t sysctl_type (dir (ioctl read getattr lock open search)))
(dontaudit setfiles_t sysctl_type (file (getattr)))
(allow setfiles_t debugfs_t (filesystem (getattr)))
(allow setfiles_t proc_t (dir (getattr open search)))
(allow setfiles_t sysctl_t (dir (getattr open search)))
(allow setfiles_t sysctl_kernel_t (dir (getattr open search)))
(allow setfiles_t sysctl_kernel_t (file (ioctl read getattr lock open)))
(allow setfiles_t proc_t (dir (getattr open search)))
(allow setfiles_t sysctl_t (dir (getattr open search)))
(allow setfiles_t sysctl_kernel_t (dir (ioctl read getattr lock open search)))
(allow setfiles_t proc_t (dir (getattr open search)))
(allow setfiles_t sysctl_t (dir (getattr open search)))
(allow setfiles_t sysctl_vm_t (dir (getattr open search)))
(allow setfiles_t sysctl_vm_overcommit_t (file (ioctl read getattr lock open)))
(dontaudit setfiles_t proc_t (filesystem (getattr)))
(allow setfiles_t device_t (dir (getattr open search)))
(allow setfiles_t urandom_device_t (chr_file (ioctl read getattr lock open)))
(allow setfiles_t device_t (dir (getattr open search)))
(allow setfiles_t device_t (dir (getattr relabelfrom)))
(allow setfiles_t device_node (dir (getattr relabelfrom)))
(allow setfiles_t device_t (dir (getattr open search)))
(allow setfiles_t device_t (file (getattr relabelfrom)))
(allow setfiles_t device_node (file (getattr relabelfrom)))
(allow setfiles_t device_t (dir (getattr open search)))
(allow setfiles_t device_t (lnk_file (getattr relabelfrom)))
(allow setfiles_t device_node (lnk_file (getattr relabelfrom)))
(allow setfiles_t device_t (dir (getattr open search)))
(allow setfiles_t device_t (fifo_file (getattr relabelfrom)))
(allow setfiles_t device_node (fifo_file (getattr relabelfrom)))
(allow setfiles_t device_t (dir (getattr open search)))
(allow setfiles_t device_t (sock_file (getattr relabelfrom)))
(allow setfiles_t device_node (sock_file (getattr relabelfrom)))
(allow setfiles_t device_t (dir (getattr open search)))
(allow setfiles_t device_t (blk_file (getattr relabelfrom relabelto)))
(allow setfiles_t device_node (blk_file (getattr relabelfrom relabelto)))
(allow setfiles_t device_t (dir (getattr open search)))
(allow setfiles_t device_t (chr_file (getattr relabelfrom relabelto)))
(allow setfiles_t device_node (chr_file (getattr relabelfrom relabelto)))
(allow setfiles_t device_t (chr_file (ioctl read write getattr lock append open)))
(allow setfiles_t privfd (fd (use)))
(dontaudit setfiles_t domain (dir (getattr open search)))
(allow setfiles_t etc_t (dir (ioctl read getattr lock open search)))
(allow setfiles_t etc_t (dir (getattr open search)))
(allow setfiles_t etc_runtime_t (file (ioctl read getattr lock open)))
(allow setfiles_t etc_t (dir (getattr open search)))
(allow setfiles_t etc_runtime_t (lnk_file (read getattr)))
(allow setfiles_t etc_t (dir (ioctl read getattr lock open search)))
(allow setfiles_t etc_t (dir (getattr open search)))
(allow setfiles_t etc_t (file (ioctl read getattr lock open)))
(allow setfiles_t etc_t (dir (getattr open search)))
(allow setfiles_t etc_t (lnk_file (read getattr)))
(allow setfiles_t file_type (dir (ioctl read getattr lock open search)))
(allow setfiles_t file_type (dir (ioctl read getattr lock open search)))
(allow setfiles_t file_type (dir (getattr open search)))
(allow setfiles_t file_type (dir (getattr relabelfrom relabelto)))
(allow setfiles_t file_type (dir (getattr open search)))
(allow setfiles_t file_type (file (getattr relabelfrom relabelto)))
(allow setfiles_t file_type (dir (getattr open search)))
(allow setfiles_t file_type (lnk_file (getattr relabelfrom relabelto)))
(allow setfiles_t file_type (dir (getattr open search)))
(allow setfiles_t file_type (fifo_file (getattr relabelfrom relabelto)))
(allow setfiles_t file_type (dir (getattr open search)))
(allow setfiles_t file_type (sock_file (getattr relabelfrom relabelto)))
(allow setfiles_t file_type (dir (getattr open search)))
(allow setfiles_t file_type (blk_file (getattr relabelfrom)))
(allow setfiles_t file_type (dir (getattr open search)))
(allow setfiles_t file_type (chr_file (getattr relabelfrom)))
(allow setfiles_t policy_config_t (file (relabelto)))
(allow setfiles_t usr_t (dir (getattr open search)))
(allow setfiles_t usr_t (lnk_file (read getattr)))
(dontaudit setfiles_t file_type (lnk_file (read)))
(allow setfiles_t xattrfs (filesystem (getattr)))
(allow setfiles_t cgroup_types (filesystem (getattr)))
(allow setfiles_t memory_pressure_t (file (getattr)))
(allow setfiles_t nfs_t (filesystem (getattr)))
(allow setfiles_t pstore_t (dir (getattr open search)))
(allow setfiles_t pstore_t (file (getattr)))
(allow setfiles_t sysfs_t (dir (getattr open search)))
(allow setfiles_t sysfs_t (dir (getattr open search)))
(allow setfiles_t pstore_t (filesystem (getattr)))
(allow setfiles_t tracefs_t (filesystem (getattr)))
(allow setfiles_t tracefs_t (file (getattr)))
(allow setfiles_t filesystem_type (dir (ioctl read getattr lock open search)))
(allow setfiles_t noxattrfs (dir (ioctl read getattr lock open search)))
(allow setfiles_t noxattrfs (dir (getattr open search)))
(allow setfiles_t noxattrfs (dir (getattr relabelfrom)))
(allow setfiles_t noxattrfs (dir (getattr open search)))
(allow setfiles_t noxattrfs (file (getattr relabelfrom)))
(allow setfiles_t noxattrfs (dir (getattr open search)))
(allow setfiles_t noxattrfs (lnk_file (getattr relabelfrom)))
(allow setfiles_t noxattrfs (dir (getattr open search)))
(allow setfiles_t noxattrfs (fifo_file (getattr relabelfrom)))
(allow setfiles_t noxattrfs (dir (getattr open search)))
(allow setfiles_t noxattrfs (sock_file (getattr relabelfrom)))
(allow setfiles_t noxattrfs (dir (getattr open search)))
(allow setfiles_t noxattrfs (blk_file (getattr relabelfrom)))
(allow setfiles_t noxattrfs (dir (getattr open search)))
(allow setfiles_t noxattrfs (chr_file (getattr relabelfrom)))
(allow setfiles_t autofs_t (dir (getattr open search)))
(allow setfiles_t sysfs_t (dir (getattr open search)))
(allow setfiles_t sysfs_t (dir (getattr open search)))
(allow setfiles_t security_t (dir (ioctl read getattr lock open search)))
(allow setfiles_t security_t (file (ioctl read write getattr map open)))
(allow setfiles_t security_t (security (check_context)))
(allow setfiles_t sysfs_t (dir (getattr open search)))
(allow setfiles_t sysfs_t (dir (getattr open search)))
(allow setfiles_t self (netlink_selinux_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow setfiles_t security_t (dir (ioctl read getattr lock open search)))
(allow setfiles_t security_t (file (ioctl read write getattr map open)))
(allow setfiles_t security_t (security (compute_av)))
(allow setfiles_t sysfs_t (dir (getattr open search)))
(allow setfiles_t sysfs_t (dir (getattr open search)))
(allow setfiles_t security_t (dir (ioctl read getattr lock open search)))
(allow setfiles_t security_t (file (ioctl read write getattr map open)))
(allow setfiles_t security_t (security (compute_create)))
(allow setfiles_t sysfs_t (dir (getattr open search)))
(allow setfiles_t sysfs_t (dir (getattr open search)))
(allow setfiles_t security_t (dir (ioctl read getattr lock open search)))
(allow setfiles_t security_t (file (ioctl read write getattr map open)))
(allow setfiles_t security_t (security (compute_relabel)))
(allow setfiles_t sysfs_t (dir (getattr open search)))
(allow setfiles_t sysfs_t (dir (getattr open search)))
(allow setfiles_t security_t (dir (ioctl read getattr lock open search)))
(allow setfiles_t security_t (file (ioctl read write getattr map open)))
(allow setfiles_t security_t (security (compute_user)))
(allow setfiles_t device_t (dir (getattr open search)))
(allow setfiles_t device_t (dir (ioctl read getattr lock open search)))
(allow setfiles_t device_t (dir (getattr open search)))
(allow setfiles_t device_t (lnk_file (read getattr)))
(allow setfiles_t ttynode (chr_file (ioctl read write getattr lock append open)))
(allow setfiles_t device_t (dir (getattr open search)))
(allow setfiles_t device_t (dir (ioctl read getattr lock open search)))
(allow setfiles_t device_t (dir (getattr open search)))
(allow setfiles_t device_t (lnk_file (read getattr)))
(allow setfiles_t devpts_t (dir (ioctl read getattr lock open search)))
(allow setfiles_t ptynode (chr_file (ioctl read write getattr lock append open)))
(allow setfiles_t device_t (dir (getattr open search)))
(allow setfiles_t device_t (dir (ioctl read getattr lock open search)))
(allow setfiles_t device_t (dir (getattr open search)))
(allow setfiles_t device_t (lnk_file (read getattr)))
(allow setfiles_t tty_device_t (chr_file (ioctl read write getattr lock append open)))
(allow setfiles_t etc_t (dir (getattr open search)))
(allow setfiles_t shadow_t (file (relabelto)))
(allow setfiles_t init_t (fd (use)))
(allow setfiles_t initrc_t (fd (use)))
(allow setfiles_t device_t (dir (getattr open search)))
(allow setfiles_t device_t (dir (ioctl read getattr lock open search)))
(allow setfiles_t device_t (dir (getattr open search)))
(allow setfiles_t device_t (lnk_file (read getattr)))
(allow setfiles_t devpts_t (dir (ioctl read getattr lock open search)))
(allow setfiles_t initrc_devpts_t (chr_file (ioctl read write getattr lock append open)))
(allow setfiles_t etc_t (dir (ioctl read getattr lock open search)))
(allow setfiles_t initrc_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow setfiles_t self (capability (audit_write)))
(allow setfiles_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_relay)))
(allow setfiles_t devlog_t (sock_file (write getattr append open)))
(allow setfiles_t var_run_t (lnk_file (read getattr)))
(allow setfiles_t var_t (dir (getattr open search)))
(allow setfiles_t var_run_t (dir (getattr open search)))
(allow setfiles_t init_runtime_t (dir (getattr open search)))
(allow setfiles_t syslogd_runtime_t (dir (getattr open search)))
(allow setfiles_t syslogd_t (unix_dgram_socket (sendto)))
(allow setfiles_t syslogd_t (unix_stream_socket (connectto)))
(allow setfiles_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow setfiles_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow setfiles_t device_t (dir (getattr open search)))
(allow setfiles_t device_t (dir (ioctl read getattr lock open search)))
(allow setfiles_t device_t (dir (getattr open search)))
(allow setfiles_t device_t (lnk_file (read getattr)))
(allow setfiles_t console_device_t (chr_file (ioctl write getattr lock append open)))
(dontaudit setfiles_t console_device_t (chr_file (ioctl read getattr lock open)))
(allow setfiles_t etc_t (dir (getattr open search)))
(allow setfiles_t etc_t (lnk_file (read getattr)))
(allow setfiles_t usr_t (dir (getattr open search)))
(allow setfiles_t locale_t (dir (ioctl read getattr lock open search)))
(allow setfiles_t locale_t (dir (getattr open search)))
(allow setfiles_t locale_t (file (ioctl read getattr lock open)))
(allow setfiles_t locale_t (dir (getattr open search)))
(allow setfiles_t locale_t (lnk_file (read getattr)))
(allow setfiles_t locale_t (file (map)))
(allow setfiles_t security_t (filesystem (getattr)))
(allow setfiles_t sysfs_t (filesystem (getattr)))
(allow setfiles_t sysfs_t (dir (getattr open search)))
(allow setfiles_t sysfs_t (dir (getattr open search)))
(allow setfiles_t proc_t (dir (getattr open search)))
(allow setfiles_t proc_t (file (ioctl read getattr lock open)))
(allow setfiles_t proc_t (dir (getattr open search)))
(allow setfiles_t proc_t (lnk_file (read getattr)))
(allow setfiles_t proc_t (dir (getattr open search)))
(allow setfiles_t proc_t (dir (ioctl read getattr lock open search)))
(allow setfiles_t etc_t (dir (getattr open search)))
(allow setfiles_t selinux_config_t (dir (ioctl read getattr lock open search)))
(allow setfiles_t selinux_config_t (dir (getattr open search)))
(allow setfiles_t selinux_config_t (file (ioctl read getattr lock open)))
(allow setfiles_t selinux_config_t (dir (getattr open search)))
(allow setfiles_t selinux_config_t (lnk_file (read getattr)))
(allow setfiles_t etc_t (dir (getattr open search)))
(allow setfiles_t var_t (dir (getattr open search)))
(allow setfiles_t selinux_config_t (dir (getattr open search)))
(allow setfiles_t semanage_store_t (dir (ioctl read getattr lock open search)))
(allow setfiles_t semanage_store_t (dir (getattr open search)))
(allow setfiles_t semanage_store_t (dir (ioctl read getattr lock open search)))
(allow setfiles_t semanage_store_t (dir (getattr open search)))
(allow setfiles_t semanage_store_t (file (ioctl read getattr lock open)))
(allow setfiles_t semanage_store_t (file (map)))
(allow setfiles_t semanage_store_t (dir (getattr open search)))
(allow setfiles_t semanage_store_t (lnk_file (read getattr)))
(allow setfiles_t userdomain (fd (use)))
(allow setfiles_t user_home_t (dir (getattr open search)))
(allow setfiles_t user_home_dir_t (dir (getattr open search)))
(allow setfiles_t user_home_t (file (ioctl read getattr lock open)))
(allow setfiles_t home_root_t (dir (getattr open search)))
(allow setfiles_t home_root_t (lnk_file (read getattr)))
(allow run_init_t self (passwd (passwd rootok)))
(allow run_init_t self (process (signal)))
(allow run_init_t self (netlink_selinux_socket (create bind)))
(allow run_init_t etc_t (dir (getattr open search)))
(allow run_init_t shadow_history_t (file (ioctl read getattr lock open)))
(allow run_init_t etc_t (dir (ioctl read getattr lock open search)))
(allow run_init_t shadow_t (file (ioctl read getattr lock open)))
(allow setfiles_t tmpfs_t (filesystem (getattr)))
(allow setfiles_t device_t (filesystem (getattr)))
(allow setfiles_t devpts_t (filesystem (getattr)))
(allow setfiles_t file_type (dir (ioctl read getattr lock open search)))
(allow setfiles_t file_type (dir (getattr open search)))
(allow setfiles_t file_type (lnk_file (read getattr)))
(allow restorecond_t policy_config_t (file (relabelto)))
(allow semanage_t self (process (setfscreate)))
(roleallow run_init_roles system_r)
(rangetransition run_init_t initrc_exec_t process ((s0 ) (s15 (range c0 c1023))))
(typetransition semanage_t selinux_config_t dir "modules" semanage_store_t)
(booleanif (allow_polyinstantiation)
    (true
        (allow newrole_t tmpfs_t (filesystem (unmount)))
        (allow newrole_t tmpfs_t (filesystem (mount)))
        (allow newrole_t fs_t (filesystem (unmount)))
        (allow newrole_t poly_t (dir (create mounton)))
        (allow newrole_t polyparent (dir (ioctl read write getattr lock relabelfrom relabelto open add_name remove_name search)))
        (allow newrole_t polydir (dir (write open add_name)))
        (allow newrole_t polymember (dir (create setattr relabelto)))
        (allow newrole_t self (process (setfscreate)))
        (allow newrole_t polyparent (dir (getattr mounton)))
        (allow newrole_t polymember (dir (getattr open search)))
        (allow newrole_t polydir (dir (ioctl write create getattr setattr lock mounton open add_name search rmdir)))
        (allow newrole_t self (capability (chown fowner fsetid sys_admin)))
        (allow newrole_t security_t (security (compute_member)))
        (allow newrole_t security_t (file (ioctl read write getattr map open)))
        (allow newrole_t security_t (dir (ioctl read getattr lock open search)))
        (allow newrole_t sysfs_t (dir (getattr open search)))
        (allow newrole_t sysfs_t (dir (getattr open search)))
    )
)
(booleanif (secure_mode)
    (true
        (allow unpriv_userdomain newrole_t (process (sigchld)))
        (allow unpriv_userdomain newrole_t (fifo_file (ioctl read write getattr lock append)))
        (allow unpriv_userdomain newrole_t (fd (use)))
        (dontaudit newrole_t unpriv_userdomain (process (noatsecure siginh rlimitinh)))
        (allow newrole_t unpriv_userdomain (process (transition)))
        (allow newrole_t shell_exec_t (file (ioctl read getattr map execute open)))
        (allow newrole_t bin_t (dir (ioctl read getattr lock open search)))
        (allow newrole_t bin_t (dir (getattr open search)))
        (allow newrole_t usr_t (dir (getattr open search)))
        (allow newrole_t bin_t (lnk_file (read getattr)))
        (allow newrole_t bin_t (dir (getattr open search)))
    )
    (false
        (allow userdomain newrole_t (process (sigchld)))
        (allow userdomain newrole_t (fifo_file (ioctl read write getattr lock append)))
        (allow userdomain newrole_t (fd (use)))
        (dontaudit newrole_t userdomain (process (noatsecure siginh rlimitinh)))
        (allow newrole_t userdomain (process (transition)))
        (allow newrole_t shell_exec_t (file (ioctl read getattr map execute open)))
        (allow newrole_t bin_t (dir (ioctl read getattr lock open search)))
        (allow newrole_t bin_t (dir (getattr open search)))
        (allow newrole_t usr_t (dir (getattr open search)))
        (allow newrole_t bin_t (lnk_file (read getattr)))
        (allow newrole_t bin_t (dir (getattr open search)))
    )
)
(booleanif (and (not (secure_mode_policyload)) (not (secure_mode_setbool)))
    (true
        (allow load_policy_t secure_mode_policyload_t (file (ioctl write getattr lock append open)))
        (allow semanage_t secure_mode_policyload_t (file (ioctl write getattr lock append open)))
    )
    (false
        (dontaudit load_policy_t secure_mode_policyload_t (file (ioctl write getattr lock append open)))
        (dontaudit semanage_t secure_mode_policyload_t (file (ioctl write getattr lock append open)))
    )
)
(booleanif (secure_mode_setbool)
    (true
        (dontaudit load_policy_t selinuxutil_typeattr_2 (file (ioctl write getattr lock append open)))
        (dontaudit load_policy_t security_t (file (ioctl write getattr lock append open)))
        (dontaudit load_policy_t security_t (security (setbool)))
        (dontaudit semanage_t selinuxutil_typeattr_2 (file (ioctl write getattr lock append open)))
        (dontaudit semanage_t security_t (file (ioctl write getattr lock append open)))
        (dontaudit semanage_t security_t (security (setbool)))
    )
    (false
        (allow load_policy_t selinuxutil_typeattr_2 (file (ioctl write getattr lock append open)))
        (allow load_policy_t security_t (file (ioctl write getattr lock append open)))
        (allow load_policy_t security_t (security (setbool)))
        (allow semanage_t selinuxutil_typeattr_2 (file (ioctl write getattr lock append open)))
        (allow semanage_t security_t (file (ioctl write getattr lock append open)))
        (allow semanage_t security_t (security (setbool)))
    )
)
(typeattribute selinuxutil_typeattr_2)
(typeattributeset selinuxutil_typeattr_2 (and (boolean_type ) (not (secure_mode_policyload_t ))))
(typeattribute selinuxutil_typeattr_1)
(typeattributeset selinuxutil_typeattr_1 (not (can_relabelto_binary_policy ) ))
(optional selinuxutil_optional_2
    (typeattributeset cil_gen_require init_t)
    (allow checkpolicy_t init_t (process (sigchld)))
    (allow checkpolicy_t init_t (process (signull)))
    (optional selinuxutil_optional_3
        (typeattributeset cil_gen_require rpm_t)
        (allow checkpolicy_t rpm_t (fd (use)))
        (allow checkpolicy_t rpm_t (fifo_file (ioctl read getattr lock open)))
    )
    (optional selinuxutil_optional_4
        (typeattributeset cil_gen_require security_t)
        (typeattributeset cil_gen_require sysfs_t)
        (dontaudit checkpolicy_t security_t (filesystem (getattr)))
        (dontaudit checkpolicy_t sysfs_t (filesystem (getattr)))
        (dontaudit checkpolicy_t sysfs_t (dir (getattr open search)))
        (dontaudit checkpolicy_t security_t (dir (getattr open search)))
        (dontaudit checkpolicy_t security_t (file (ioctl read getattr lock open)))
        (optional selinuxutil_optional_5
            (typeattributeset cil_gen_require selinux_config_t)
            (dontaudit checkpolicy_t selinux_config_t (dir (getattr open search)))
            (dontaudit checkpolicy_t selinux_config_t (file (ioctl read getattr lock open)))
            (optional selinuxutil_optional_6
                (typeattributeset cil_gen_require init_t)
                (allow load_policy_t init_t (process (sigchld)))
                (allow load_policy_t init_t (process (signull)))
                (optional selinuxutil_optional_7
                    (typeattributeset cil_gen_require rpm_t)
                    (allow load_policy_t rpm_t (fd (use)))
                    (allow load_policy_t rpm_t (fifo_file (ioctl read getattr lock open)))
                )
                (optional selinuxutil_optional_8
                    (typeattributeset cil_gen_require security_t)
                    (typeattributeset cil_gen_require sysfs_t)
                    (dontaudit load_policy_t security_t (filesystem (getattr)))
                    (dontaudit load_policy_t sysfs_t (filesystem (getattr)))
                    (dontaudit load_policy_t sysfs_t (dir (getattr open search)))
                    (dontaudit load_policy_t security_t (dir (getattr open search)))
                    (dontaudit load_policy_t security_t (file (ioctl read getattr lock open)))
                    (optional selinuxutil_optional_9
                        (typeattributeset cil_gen_require selinux_config_t)
                        (dontaudit load_policy_t selinux_config_t (dir (getattr open search)))
                        (dontaudit load_policy_t selinux_config_t (file (ioctl read getattr lock open)))
                        (optional selinuxutil_optional_10
                            (typeattributeset cil_gen_require init_t)
                            (allow newrole_t init_t (process (sigchld)))
                            (allow newrole_t init_t (process (signull)))
                            (optional selinuxutil_optional_11
                                (typeattributeset cil_gen_require rpm_t)
                                (allow newrole_t rpm_t (fd (use)))
                                (allow newrole_t rpm_t (fifo_file (ioctl read getattr lock open)))
                            )
                            (optional selinuxutil_optional_12
                                (typeattributeset cil_gen_require security_t)
                                (typeattributeset cil_gen_require sysfs_t)
                                (dontaudit newrole_t security_t (filesystem (getattr)))
                                (dontaudit newrole_t sysfs_t (filesystem (getattr)))
                                (dontaudit newrole_t sysfs_t (dir (getattr open search)))
                                (dontaudit newrole_t security_t (dir (getattr open search)))
                                (dontaudit newrole_t security_t (file (ioctl read getattr lock open)))
                                (optional selinuxutil_optional_13
                                    (typeattributeset cil_gen_require selinux_config_t)
                                    (dontaudit newrole_t selinux_config_t (dir (getattr open search)))
                                    (dontaudit newrole_t selinux_config_t (file (ioctl read getattr lock open)))
                                    (optional selinuxutil_optional_14
                                        (typeattributeset cil_gen_require init_t)
                                        (allow restorecond_t init_t (process (sigchld)))
                                        (allow restorecond_t init_t (process (signull)))
                                        (optional selinuxutil_optional_15
                                            (typeattributeset cil_gen_require rpm_t)
                                            (allow restorecond_t rpm_t (fd (use)))
                                            (allow restorecond_t rpm_t (fifo_file (ioctl read getattr lock open)))
                                        )
                                        (optional selinuxutil_optional_16
                                            (typeattributeset cil_gen_require security_t)
                                            (typeattributeset cil_gen_require sysfs_t)
                                            (dontaudit restorecond_t security_t (filesystem (getattr)))
                                            (dontaudit restorecond_t sysfs_t (filesystem (getattr)))
                                            (dontaudit restorecond_t sysfs_t (dir (getattr open search)))
                                            (dontaudit restorecond_t security_t (dir (getattr open search)))
                                            (dontaudit restorecond_t security_t (file (ioctl read getattr lock open)))
                                            (optional selinuxutil_optional_17
                                                (typeattributeset cil_gen_require selinux_config_t)
                                                (dontaudit restorecond_t selinux_config_t (dir (getattr open search)))
                                                (dontaudit restorecond_t selinux_config_t (file (ioctl read getattr lock open)))
                                                (optional selinuxutil_optional_18
                                                    (typeattributeset cil_gen_require init_t)
                                                    (allow run_init_t init_t (process (sigchld)))
                                                    (allow run_init_t init_t (process (signull)))
                                                    (optional selinuxutil_optional_19
                                                        (typeattributeset cil_gen_require rpm_t)
                                                        (allow run_init_t rpm_t (fd (use)))
                                                        (allow run_init_t rpm_t (fifo_file (ioctl read getattr lock open)))
                                                    )
                                                    (optional selinuxutil_optional_20
                                                        (typeattributeset cil_gen_require security_t)
                                                        (typeattributeset cil_gen_require sysfs_t)
                                                        (dontaudit run_init_t security_t (filesystem (getattr)))
                                                        (dontaudit run_init_t sysfs_t (filesystem (getattr)))
                                                        (dontaudit run_init_t sysfs_t (dir (getattr open search)))
                                                        (dontaudit run_init_t security_t (dir (getattr open search)))
                                                        (dontaudit run_init_t security_t (file (ioctl read getattr lock open)))
                                                        (optional selinuxutil_optional_21
                                                            (typeattributeset cil_gen_require selinux_config_t)
                                                            (dontaudit run_init_t selinux_config_t (dir (getattr open search)))
                                                            (dontaudit run_init_t selinux_config_t (file (ioctl read getattr lock open)))
                                                            (optional selinuxutil_optional_22
                                                                (typeattributeset cil_gen_require init_t)
                                                                (allow selinux_dbus_t init_t (process (sigchld)))
                                                                (allow selinux_dbus_t init_t (process (signull)))
                                                                (optional selinuxutil_optional_23
                                                                    (typeattributeset cil_gen_require rpm_t)
                                                                    (allow selinux_dbus_t rpm_t (fd (use)))
                                                                    (allow selinux_dbus_t rpm_t (fifo_file (ioctl read getattr lock open)))
                                                                )
                                                                (optional selinuxutil_optional_24
                                                                    (typeattributeset cil_gen_require security_t)
                                                                    (typeattributeset cil_gen_require sysfs_t)
                                                                    (dontaudit selinux_dbus_t security_t (filesystem (getattr)))
                                                                    (dontaudit selinux_dbus_t sysfs_t (filesystem (getattr)))
                                                                    (dontaudit selinux_dbus_t sysfs_t (dir (getattr open search)))
                                                                    (dontaudit selinux_dbus_t security_t (dir (getattr open search)))
                                                                    (dontaudit selinux_dbus_t security_t (file (ioctl read getattr lock open)))
                                                                    (optional selinuxutil_optional_25
                                                                        (typeattributeset cil_gen_require selinux_config_t)
                                                                        (dontaudit selinux_dbus_t selinux_config_t (dir (getattr open search)))
                                                                        (dontaudit selinux_dbus_t selinux_config_t (file (ioctl read getattr lock open)))
                                                                        (optional selinuxutil_optional_26
                                                                            (typeattributeset cil_gen_require init_t)
                                                                            (allow semanage_t init_t (process (sigchld)))
                                                                            (allow semanage_t init_t (process (signull)))
                                                                            (optional selinuxutil_optional_27
                                                                                (typeattributeset cil_gen_require rpm_t)
                                                                                (allow semanage_t rpm_t (fd (use)))
                                                                                (allow semanage_t rpm_t (fifo_file (ioctl read getattr lock open)))
                                                                            )
                                                                            (optional selinuxutil_optional_28
                                                                                (typeattributeset cil_gen_require security_t)
                                                                                (typeattributeset cil_gen_require sysfs_t)
                                                                                (dontaudit semanage_t security_t (filesystem (getattr)))
                                                                                (dontaudit semanage_t sysfs_t (filesystem (getattr)))
                                                                                (dontaudit semanage_t sysfs_t (dir (getattr open search)))
                                                                                (dontaudit semanage_t security_t (dir (getattr open search)))
                                                                                (dontaudit semanage_t security_t (file (ioctl read getattr lock open)))
                                                                                (optional selinuxutil_optional_29
                                                                                    (typeattributeset cil_gen_require selinux_config_t)
                                                                                    (dontaudit semanage_t selinux_config_t (dir (getattr open search)))
                                                                                    (dontaudit semanage_t selinux_config_t (file (ioctl read getattr lock open)))
                                                                                    (optional selinuxutil_optional_30
                                                                                        (typeattributeset cil_gen_require init_t)
                                                                                        (allow setfiles_t init_t (process (sigchld)))
                                                                                        (allow setfiles_t init_t (process (signull)))
                                                                                        (optional selinuxutil_optional_31
                                                                                            (typeattributeset cil_gen_require rpm_t)
                                                                                            (allow setfiles_t rpm_t (fd (use)))
                                                                                            (allow setfiles_t rpm_t (fifo_file (ioctl read getattr lock open)))
                                                                                        )
                                                                                        (optional selinuxutil_optional_32
                                                                                            (typeattributeset cil_gen_require security_t)
                                                                                            (typeattributeset cil_gen_require sysfs_t)
                                                                                            (dontaudit setfiles_t security_t (filesystem (getattr)))
                                                                                            (dontaudit setfiles_t sysfs_t (filesystem (getattr)))
                                                                                            (dontaudit setfiles_t sysfs_t (dir (getattr open search)))
                                                                                            (dontaudit setfiles_t security_t (dir (getattr open search)))
                                                                                            (dontaudit setfiles_t security_t (file (ioctl read getattr lock open)))
                                                                                            (optional selinuxutil_optional_33
                                                                                                (typeattributeset cil_gen_require selinux_config_t)
                                                                                                (dontaudit setfiles_t selinux_config_t (dir (getattr open search)))
                                                                                                (dontaudit setfiles_t selinux_config_t (file (ioctl read getattr lock open)))
                                                                                                (optional selinuxutil_optional_34
                                                                                                    (typeattributeset cil_gen_require glusterd_t)
                                                                                                    (booleanif (glusterfs_modify_policy)
                                                                                                        (true
                                                                                                            (allow load_policy_t glusterd_t (fd (use)))
                                                                                                        )
                                                                                                    )
                                                                                                )
                                                                                                (optional selinuxutil_optional_35
                                                                                                    (typeattributeset cil_gen_require portage_t)
                                                                                                    (typeattributeset cil_gen_require portage_devpts_t)
                                                                                                    (dontaudit load_policy_t portage_t (fd (use)))
                                                                                                    (dontaudit load_policy_t portage_devpts_t (chr_file (ioctl read write getattr append)))
                                                                                                )
                                                                                                (optional selinuxutil_optional_36
                                                                                                    (typeattributeset cil_gen_require unconfined_t)
                                                                                                    (allow load_policy_t unconfined_t (fd (use)))
                                                                                                    (allow load_policy_t unconfined_t (fifo_file (ioctl write getattr lock append)))
                                                                                                    (dontaudit load_policy_t unconfined_t (fifo_file (read)))
                                                                                                )
                                                                                                (optional selinuxutil_optional_37
                                                                                                    (typeattributeset cil_gen_require etc_t)
                                                                                                    (typeattributeset cil_gen_require krb5_keytab_t)
                                                                                                    (allow newrole_t etc_t (dir (getattr open search)))
                                                                                                    (allow newrole_t krb5_keytab_t (file (ioctl read getattr lock open)))
                                                                                                )
                                                                                                (optional selinuxutil_optional_38
                                                                                                    (typeattributeset cil_gen_require var_t)
                                                                                                    (typeattributeset cil_gen_require var_run_t)
                                                                                                    (typeattributeset cil_gen_require pcscd_runtime_t)
                                                                                                    (typeattributeset cil_gen_require pcscd_t)
                                                                                                    (allow newrole_t var_run_t (lnk_file (read getattr)))
                                                                                                    (allow newrole_t var_t (dir (getattr open search)))
                                                                                                    (allow newrole_t var_run_t (dir (getattr open search)))
                                                                                                    (allow newrole_t pcscd_runtime_t (dir (getattr open search)))
                                                                                                    (allow newrole_t pcscd_runtime_t (file (ioctl read getattr lock open)))
                                                                                                    (allow newrole_t var_run_t (lnk_file (read getattr)))
                                                                                                    (allow newrole_t var_t (dir (getattr open search)))
                                                                                                    (allow newrole_t var_run_t (dir (getattr open search)))
                                                                                                    (allow newrole_t pcscd_runtime_t (dir (getattr open search)))
                                                                                                    (allow newrole_t pcscd_runtime_t (sock_file (write getattr append open)))
                                                                                                    (allow newrole_t pcscd_t (unix_stream_socket (connectto)))
                                                                                                    (allow pcscd_t newrole_t (dir (ioctl read getattr lock open search)))
                                                                                                    (allow pcscd_t newrole_t (file (ioctl read getattr lock open)))
                                                                                                )
                                                                                                (optional selinuxutil_optional_39
                                                                                                    (typeattributeset cil_gen_require system_dbusd_t)
                                                                                                    (typeattributeset cil_gen_require dbusd_system_bus_client)
                                                                                                    (typeattributeset dbusd_system_bus_client (selinux_dbus_t ))
                                                                                                    (typeattributeset cil_gen_require system_dbusd_runtime_t)
                                                                                                    (typeattributeset cil_gen_require system_dbusd_var_lib_t)
                                                                                                    (typeattributeset cil_gen_require var_t)
                                                                                                    (typeattributeset cil_gen_require var_lib_t)
                                                                                                    (typeattributeset cil_gen_require session_dbusd_tmp_t)
                                                                                                    (typeattributeset cil_gen_require var_run_t)
                                                                                                    (typeattributeset cil_gen_require dbusd_etc_t)
                                                                                                    (typeattributeset cil_gen_require etc_t)
                                                                                                    (typeattributeset cil_gen_require etc_runtime_t)
                                                                                                    (typeattributeset cil_gen_require systemd_machined_t)
                                                                                                    (typeattributeset cil_gen_require systemd_logind_t)
                                                                                                    (typeattributeset cil_gen_require dbusd_system_bus_client)
                                                                                                    (typeattributeset dbusd_system_bus_client (newrole_t ))
                                                                                                    (allow newrole_t system_dbusd_t (dbus (send_msg)))
                                                                                                    (allow newrole_t self (dbus (send_msg)))
                                                                                                    (allow system_dbusd_t newrole_t (dbus (send_msg)))
                                                                                                    (allow newrole_t var_t (dir (getattr open search)))
                                                                                                    (allow newrole_t var_lib_t (dir (getattr open search)))
                                                                                                    (allow newrole_t system_dbusd_var_lib_t (dir (getattr open search)))
                                                                                                    (allow newrole_t system_dbusd_var_lib_t (file (ioctl read getattr lock open)))
                                                                                                    (allow newrole_t system_dbusd_var_lib_t (dir (getattr open search)))
                                                                                                    (allow newrole_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                                                                                    (allow newrole_t session_dbusd_tmp_t (dir (getattr open search)))
                                                                                                    (allow newrole_t session_dbusd_tmp_t (sock_file (read write getattr append open)))
                                                                                                    (allow newrole_t var_run_t (lnk_file (read getattr)))
                                                                                                    (allow newrole_t var_t (dir (getattr open search)))
                                                                                                    (allow newrole_t var_run_t (dir (getattr open search)))
                                                                                                    (allow newrole_t system_dbusd_runtime_t (dir (getattr open search)))
                                                                                                    (allow newrole_t system_dbusd_runtime_t (sock_file (write getattr append open)))
                                                                                                    (allow newrole_t system_dbusd_t (unix_stream_socket (connectto)))
                                                                                                    (allow newrole_t dbusd_etc_t (dir (ioctl read getattr lock open search)))
                                                                                                    (allow newrole_t dbusd_etc_t (file (ioctl read getattr lock open)))
                                                                                                    (allow newrole_t system_dbusd_runtime_t (dir (ioctl read getattr lock open search)))
                                                                                                    (allow newrole_t system_dbusd_runtime_t (sock_file (read)))
                                                                                                    (allow newrole_t system_dbusd_var_lib_t (dir (getattr open search)))
                                                                                                    (allow newrole_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                                                                                    (allow newrole_t systemd_machined_t (unix_stream_socket (connectto)))
                                                                                                    (allow newrole_t systemd_logind_t (dbus (send_msg)))
                                                                                                    (allow systemd_logind_t newrole_t (dbus (send_msg)))
                                                                                                    (allow systemd_logind_t newrole_t (dir (ioctl read getattr lock open search)))
                                                                                                    (allow systemd_logind_t newrole_t (file (ioctl read getattr lock open)))
                                                                                                    (allow newrole_t etc_t (dir (ioctl read getattr lock open search)))
                                                                                                    (allow newrole_t etc_t (dir (getattr open search)))
                                                                                                    (allow newrole_t etc_runtime_t (file (ioctl read getattr lock open)))
                                                                                                    (allow newrole_t etc_t (dir (getattr open search)))
                                                                                                    (allow newrole_t etc_runtime_t (lnk_file (read getattr)))
                                                                                                )
                                                                                                (optional selinuxutil_optional_40
                                                                                                    (typeattributeset cil_gen_require system_dbusd_t)
                                                                                                    (typeattributeset cil_gen_require dbusd_system_bus_client)
                                                                                                    (typeattributeset dbusd_system_bus_client (selinux_dbus_t ))
                                                                                                    (typeattributeset cil_gen_require system_dbusd_runtime_t)
                                                                                                    (typeattributeset cil_gen_require system_dbusd_var_lib_t)
                                                                                                    (typeattributeset cil_gen_require var_t)
                                                                                                    (typeattributeset cil_gen_require var_lib_t)
                                                                                                    (typeattributeset cil_gen_require session_dbusd_tmp_t)
                                                                                                    (typeattributeset cil_gen_require var_run_t)
                                                                                                    (typeattributeset cil_gen_require dbusd_etc_t)
                                                                                                    (typeattributeset cil_gen_require dbusd_system_bus_client)
                                                                                                    (typeattributeset dbusd_system_bus_client (newrole_t ))
                                                                                                    (allow newrole_t system_dbusd_t (dbus (send_msg)))
                                                                                                    (allow newrole_t self (dbus (send_msg)))
                                                                                                    (allow system_dbusd_t newrole_t (dbus (send_msg)))
                                                                                                    (allow newrole_t var_t (dir (getattr open search)))
                                                                                                    (allow newrole_t var_lib_t (dir (getattr open search)))
                                                                                                    (allow newrole_t system_dbusd_var_lib_t (dir (getattr open search)))
                                                                                                    (allow newrole_t system_dbusd_var_lib_t (file (ioctl read getattr lock open)))
                                                                                                    (allow newrole_t system_dbusd_var_lib_t (dir (getattr open search)))
                                                                                                    (allow newrole_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                                                                                    (allow newrole_t session_dbusd_tmp_t (dir (getattr open search)))
                                                                                                    (allow newrole_t session_dbusd_tmp_t (sock_file (read write getattr append open)))
                                                                                                    (allow newrole_t var_run_t (lnk_file (read getattr)))
                                                                                                    (allow newrole_t var_t (dir (getattr open search)))
                                                                                                    (allow newrole_t var_run_t (dir (getattr open search)))
                                                                                                    (allow newrole_t system_dbusd_runtime_t (dir (getattr open search)))
                                                                                                    (allow newrole_t system_dbusd_runtime_t (sock_file (write getattr append open)))
                                                                                                    (allow newrole_t system_dbusd_t (unix_stream_socket (connectto)))
                                                                                                    (allow newrole_t dbusd_etc_t (dir (ioctl read getattr lock open search)))
                                                                                                    (allow newrole_t dbusd_etc_t (file (ioctl read getattr lock open)))
                                                                                                    (allow newrole_t system_dbusd_runtime_t (dir (ioctl read getattr lock open search)))
                                                                                                    (allow newrole_t system_dbusd_runtime_t (sock_file (read)))
                                                                                                    (allow newrole_t system_dbusd_var_lib_t (dir (getattr open search)))
                                                                                                    (allow newrole_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                                                                                    (optional selinuxutil_optional_41
                                                                                                        (typeattributeset cil_gen_require systemd_logind_t)
                                                                                                        (allow newrole_t systemd_logind_t (fd (use)))
                                                                                                    )
                                                                                                    (optional selinuxutil_optional_42
                                                                                                        (typeattributeset cil_gen_require local_login_t)
                                                                                                        (dontaudit restorecond_t local_login_t (fd (use)))
                                                                                                    )
                                                                                                    (optional selinuxutil_optional_43
                                                                                                        (typeattributeset cil_gen_require rpm_script_t)
                                                                                                        (allow restorecond_t rpm_script_t (fd (use)))
                                                                                                    )
                                                                                                    (optional selinuxutil_optional_44
                                                                                                        (typeattributeset cil_gen_require etc_t)
                                                                                                        (typeattributeset cil_gen_require krb5_keytab_t)
                                                                                                        (allow run_init_t etc_t (dir (getattr open search)))
                                                                                                        (allow run_init_t krb5_keytab_t (file (ioctl read getattr lock open)))
                                                                                                    )
                                                                                                    (optional selinuxutil_optional_45
                                                                                                        (typeattributeset cil_gen_require var_t)
                                                                                                        (typeattributeset cil_gen_require var_run_t)
                                                                                                        (typeattributeset cil_gen_require pcscd_runtime_t)
                                                                                                        (typeattributeset cil_gen_require pcscd_t)
                                                                                                        (allow run_init_t var_run_t (lnk_file (read getattr)))
                                                                                                        (allow run_init_t var_t (dir (getattr open search)))
                                                                                                        (allow run_init_t var_run_t (dir (getattr open search)))
                                                                                                        (allow run_init_t pcscd_runtime_t (dir (getattr open search)))
                                                                                                        (allow run_init_t pcscd_runtime_t (file (ioctl read getattr lock open)))
                                                                                                        (allow run_init_t var_run_t (lnk_file (read getattr)))
                                                                                                        (allow run_init_t var_t (dir (getattr open search)))
                                                                                                        (allow run_init_t var_run_t (dir (getattr open search)))
                                                                                                        (allow run_init_t pcscd_runtime_t (dir (getattr open search)))
                                                                                                        (allow run_init_t pcscd_runtime_t (sock_file (write getattr append open)))
                                                                                                        (allow run_init_t pcscd_t (unix_stream_socket (connectto)))
                                                                                                        (allow pcscd_t run_init_t (dir (ioctl read getattr lock open search)))
                                                                                                        (allow pcscd_t run_init_t (file (ioctl read getattr lock open)))
                                                                                                    )
                                                                                                    (optional selinuxutil_optional_46
                                                                                                        (typeattributeset cil_gen_require usr_t)
                                                                                                        (typeattributeset cil_gen_require bin_t)
                                                                                                        (typeattributeset cil_gen_require svc_start_t)
                                                                                                        (typeattributeset cil_gen_require svc_start_exec_t)
                                                                                                        (allow run_init_t bin_t (dir (getattr open search)))
                                                                                                        (allow run_init_t bin_t (lnk_file (read getattr)))
                                                                                                        (allow run_init_t usr_t (dir (getattr open search)))
                                                                                                        (allow run_init_t svc_start_exec_t (file (ioctl read getattr map execute open)))
                                                                                                        (allow run_init_t svc_start_t (process (transition)))
                                                                                                        (dontaudit run_init_t svc_start_t (process (noatsecure siginh rlimitinh)))
                                                                                                        (typetransition run_init_t svc_start_exec_t process svc_start_t)
                                                                                                        (allow svc_start_t run_init_t (fd (use)))
                                                                                                        (allow svc_start_t run_init_t (fifo_file (ioctl read write getattr lock append)))
                                                                                                        (allow svc_start_t run_init_t (process (sigchld)))
                                                                                                    )
                                                                                                    (optional selinuxutil_optional_47
                                                                                                        (typeattributeset cil_gen_require policykit_t)
                                                                                                        (allow selinux_dbus_t policykit_t (dbus (send_msg)))
                                                                                                        (allow policykit_t selinux_dbus_t (dbus (send_msg)))
                                                                                                    )
                                                                                                    (optional selinuxutil_optional_48
                                                                                                        (typeattributeset cil_gen_require portage_eselect_domain)
                                                                                                        (typeattributeset cil_gen_require portage_eselect_domain)
                                                                                                        (typeattributeset portage_eselect_domain (semanage_t ))
                                                                                                    )
                                                                                                    (optional selinuxutil_optional_49
                                                                                                        (typeattributeset cil_gen_require local_login_t)
                                                                                                        (allow semanage_t local_login_t (fd (use)))
                                                                                                    )
                                                                                                    (optional selinuxutil_optional_50
                                                                                                        (typeattributeset cil_gen_require glusterd_t)
                                                                                                        (booleanif (glusterfs_modify_policy)
                                                                                                            (true
                                                                                                                (allow setfiles_t glusterd_t (fd (use)))
                                                                                                            )
                                                                                                        )
                                                                                                    )
                                                                                                    (optional selinuxutil_optional_51
                                                                                                        (typeattributeset cil_gen_require apt_t)
                                                                                                        (allow setfiles_t apt_t (fd (use)))
                                                                                                    )
                                                                                                    (optional selinuxutil_optional_52
                                                                                                        (typeattributeset cil_gen_require container_file_t)
                                                                                                        (allow setfiles_t container_file_t (filesystem (getattr)))
                                                                                                    )
                                                                                                    (optional selinuxutil_optional_53
                                                                                                        (typeattributeset cil_gen_require udev_t)
                                                                                                        (dontaudit setfiles_t udev_t (unix_dgram_socket (read write)))
                                                                                                    )
                                                                                                    (optional selinuxutil_optional_54
                                                                                                        (typeattributeset cil_gen_require unconfined_t)
                                                                                                        (dontaudit setfiles_t unconfined_t (fifo_file (read)))
                                                                                                        (dontaudit setfiles_t unconfined_t (tcp_socket (read write)))
                                                                                                    )
                                                                                                )
                                                                                            )
                                                                                        )
                                                                                    )
                                                                                )
                                                                            )
                                                                        )
                                                                    )
                                                                )
                                                            )
                                                        )
                                                    )
                                                )
                                            )
                                        )
                                    )
                                )
                            )
                        )
                    )
                )
            )
        )
    )
)
(filecon "/etc/selinux(/.*)?" any (system_u object_r selinux_config_t ((s0) (s0))))
(filecon "/etc/selinux/([^/]*/)?contexts(/.*)?" any (system_u object_r default_context_t ((s0) (s0))))
(filecon "/etc/selinux/([^/]*/)?contexts/files(/.*)?" any (system_u object_r file_context_t ((s0) (s0))))
(filecon "/etc/selinux/([^/]*/)?policy(/.*)?" any (system_u object_r policy_config_t ((s15((range c0 c1023) )) (s15((range c0 c1023) )))))
(filecon "/etc/selinux/([^/]*/)?setrans\.conf" file (system_u object_r selinux_config_t ((s15((range c0 c1023) )) (s15((range c0 c1023) )))))
(filecon "/etc/selinux/([^/]*/)?seusers" file (system_u object_r selinux_config_t ((s15((range c0 c1023) )) (s15((range c0 c1023) )))))
(filecon "/etc/selinux/([^/]*/)?modules(/.*)?" any (system_u object_r semanage_store_t ((s0) (s0))))
(filecon "/etc/selinux/([^/]*/)?modules/semanage\.read\.LOCK" file (system_u object_r semanage_read_lock_t ((s0) (s0))))
(filecon "/etc/selinux/([^/]*/)?modules/semanage\.trans\.LOCK" file (system_u object_r semanage_trans_lock_t ((s0) (s0))))
(filecon "/etc/selinux/([^/]*/)?users(/.*)?" file (system_u object_r selinux_config_t ((s15((range c0 c1023) )) (s15((range c0 c1023) )))))
(filecon "/root/\.default_contexts" file (system_u object_r default_context_t ((s0) (s0))))
(filecon "/run/restorecond\.pid" file (system_u object_r restorecond_run_t ((s0) (s0))))
(filecon "/usr/bin/checkpolicy" file (system_u object_r checkpolicy_exec_t ((s0) (s0))))
(filecon "/usr/bin/load_policy" file (system_u object_r load_policy_exec_t ((s0) (s0))))
(filecon "/usr/bin/newrole" file (system_u object_r newrole_exec_t ((s0) (s0))))
(filecon "/usr/bin/restorecon" file (system_u object_r setfiles_exec_t ((s0) (s0))))
(filecon "/usr/bin/restorecond" file (system_u object_r restorecond_exec_t ((s0) (s0))))
(filecon "/usr/bin/run_init" file (system_u object_r run_init_exec_t ((s0) (s0))))
(filecon "/usr/bin/setfiles.*" file (system_u object_r setfiles_exec_t ((s0) (s0))))
(filecon "/usr/bin/setsebool" file (system_u object_r semanage_exec_t ((s0) (s0))))
(filecon "/usr/bin/semanage" file (system_u object_r semanage_exec_t ((s0) (s0))))
(filecon "/usr/bin/semodule" file (system_u object_r semanage_exec_t ((s0) (s0))))
(filecon "/usr/lib/systemd/system/restorecond.*\.service" file (system_u object_r restorecond_unit_t ((s0) (s0))))
(filecon "/usr/sbin/load_policy" file (system_u object_r load_policy_exec_t ((s0) (s0))))
(filecon "/usr/sbin/restorecon" file (system_u object_r setfiles_exec_t ((s0) (s0))))
(filecon "/usr/sbin/restorecond" file (system_u object_r restorecond_exec_t ((s0) (s0))))
(filecon "/usr/sbin/run_init" file (system_u object_r run_init_exec_t ((s0) (s0))))
(filecon "/usr/sbin/setfiles.*" file (system_u object_r setfiles_exec_t ((s0) (s0))))
(filecon "/usr/sbin/setsebool" file (system_u object_r semanage_exec_t ((s0) (s0))))
(filecon "/usr/sbin/semanage" file (system_u object_r semanage_exec_t ((s0) (s0))))
(filecon "/usr/sbin/semodule" file (system_u object_r semanage_exec_t ((s0) (s0))))
(filecon "/usr/share/system-config-selinux/selinux_server\.py" file (system_u object_r selinux_dbus_exec_t ((s0) (s0))))
(filecon "/usr/libexec/selinux/semanage_migrate_store" file (system_u object_r semanage_exec_t ((s0) (s0))))
(filecon "/var/lib/selinux(/.*)?" any (system_u object_r semanage_store_t ((s0) (s0))))
(filecon "/var/lib/selinux/[^/]+/semanage\.read\.LOCK" file (system_u object_r semanage_read_lock_t ((s0) (s0))))
(filecon "/var/lib/selinux/[^/]+/semanage\.trans\.LOCK" file (system_u object_r semanage_trans_lock_t ((s0) (s0))))
(filecon "/usr/lib/selinux/semanage_migrate_store" file (system_u object_r semanage_exec_t ((s0) (s0))))
(filecon "/usr/sbin/semanage-python.*" file (system_u object_r semanage_exec_t ((s0) (s0))))
(filecon "/usr/lib/python-exec/python.*/semanage" file (system_u object_r semanage_exec_t ((s0) (s0))))
