(typealias init_var_run_t)
(typealiasactual init_var_run_t init_runtime_t)
(typealias initrc_var_run_t)
(typealiasactual initrc_var_run_t initrc_runtime_t)
(typeattribute init_domain_type)
(typeattributeset init_domain_type (initrc_t ))
(typeattribute init_mountpoint_type)
(typeattributeset init_mountpoint_type (init_runtime_t ))
(typeattribute init_path_unit_loc_type)
(typeattribute init_script_domain_type)
(typeattributeset init_script_domain_type (initrc_t ))
(typeattribute init_script_file_type)
(typeattributeset init_script_file_type (initrc_exec_t ))
(typeattribute init_run_all_scripts_domain)
(typeattributeset init_run_all_scripts_domain (initrc_t ))
(typeattribute init_linkable_keyring_type)
(typeattribute systemdunit)
(typeattributeset systemdunit (init_runtime_t systemd_unit_t systemd_transient_unit_t ))
(typeattribute initrc_transition_domain)
(typeattributeset initrc_transition_domain (init_t ))
(typeattribute daemon)
(typeattribute systemprocess)
(typeattribute daemonpidfile)
(type init_random_seed_t)
(roletype object_r init_random_seed_t)
(type init_t)
(roletype object_r init_t)
(type init_exec_t)
(roletype object_r init_exec_t)
(type init_runtime_t)
(roletype object_r init_runtime_t)
(type init_var_lib_t)
(roletype object_r init_var_lib_t)
(type initctl_t)
(roletype object_r initctl_t)
(type initrc_t)
(roletype object_r initrc_t)
(type initrc_exec_t)
(roletype object_r initrc_exec_t)
(type initrc_devpts_t)
(roletype object_r initrc_devpts_t)
(type initrc_lock_t)
(roletype object_r initrc_lock_t)
(type initrc_runtime_t)
(roletype object_r initrc_runtime_t)
(type initrc_state_t)
(roletype object_r initrc_state_t)
(type initrc_tmp_t)
(roletype object_r initrc_tmp_t)
(type init_tmpfs_t)
(roletype object_r init_tmpfs_t)
(type initrc_var_log_t)
(roletype object_r initrc_var_log_t)
(type systemd_unit_t)
(roletype object_r systemd_unit_t)
(type systemd_transient_unit_t)
(roletype object_r systemd_transient_unit_t)
(type rc_exec_t)
(roletype object_r rc_exec_t)
(typeattribute init_script_readable)
(boolean init_upstart false)
(boolean init_create_mountpoints false)
(boolean init_daemons_use_tty false)
(boolean init_mounton_non_security false)
(roleattributeset cil_gen_require system_r)
(roletype system_r init_t)
(roletype system_r initrc_t)
(typeattributeset cil_gen_require init_domain_type)
(typeattributeset init_domain_type (initrc_t ))
(typeattributeset cil_gen_require init_mountpoint_type)
(typeattributeset init_mountpoint_type (init_runtime_t ))
(typeattributeset cil_gen_require init_script_file_type)
(typeattributeset init_script_file_type (initrc_exec_t ))
(typeattributeset cil_gen_require systemdunit)
(typeattributeset systemdunit (init_runtime_t systemd_unit_t systemd_transient_unit_t ))
(typeattributeset cil_gen_require init_random_seed_t)
(typeattributeset cil_gen_require file_type)
(typeattributeset file_type (init_random_seed_t init_exec_t init_runtime_t init_var_lib_t initctl_t initrc_exec_t shell_exec_t initrc_devpts_t initrc_lock_t initrc_runtime_t initrc_state_t initrc_tmp_t init_tmpfs_t initrc_var_log_t systemd_unit_t systemd_transient_unit_t rc_exec_t ))
(typeattributeset cil_gen_require non_security_file_type)
(typeattributeset non_security_file_type (init_random_seed_t init_exec_t init_runtime_t init_var_lib_t initctl_t initrc_exec_t shell_exec_t initrc_devpts_t initrc_lock_t initrc_runtime_t initrc_state_t initrc_tmp_t init_tmpfs_t initrc_var_log_t systemd_unit_t systemd_transient_unit_t rc_exec_t ))
(typeattributeset cil_gen_require non_auth_file_type)
(typeattributeset non_auth_file_type (init_random_seed_t init_exec_t init_runtime_t init_var_lib_t initctl_t initrc_exec_t shell_exec_t initrc_devpts_t initrc_lock_t initrc_runtime_t initrc_state_t initrc_tmp_t init_tmpfs_t initrc_var_log_t systemd_unit_t systemd_transient_unit_t rc_exec_t ))
(typeattributeset cil_gen_require init_t)
(typeattributeset cil_gen_require init_exec_t)
(typeattributeset cil_gen_require domain)
(typeattributeset domain (init_t initrc_t ))
(typeattributeset cil_gen_require security_t)
(typeattributeset cil_gen_require sysfs_t)
(typeattributeset cil_gen_require selinux_config_t)
(typeattributeset cil_gen_require entry_type)
(typeattributeset entry_type (init_exec_t initrc_exec_t shell_exec_t rc_exec_t ))
(typeattributeset cil_gen_require exec_type)
(typeattributeset exec_type (init_exec_t initrc_exec_t shell_exec_t rc_exec_t ))
(typeattributeset cil_gen_require kernel_t)
(typeattributeset cil_gen_require init_runtime_t)
(typeattributeset cil_gen_require pidfile)
(typeattributeset pidfile (init_runtime_t initrc_runtime_t ))
(typeattributeset cil_gen_require initctl_t)
(typeattributeset cil_gen_require mlstrustedobject)
(typeattributeset mlstrustedobject (initctl_t ))
(typeattributeset cil_gen_require shell_exec_t)
(typeattributeset cil_gen_require initrc_devpts_t)
(typeattributeset cil_gen_require ptynode)
(typeattributeset ptynode (initrc_devpts_t ))
(typeattributeset cil_gen_require devpts_t)
(typeattributeset cil_gen_require device_node)
(typeattributeset device_node (initrc_devpts_t ))
(typeattributeset cil_gen_require lockfile)
(typeattributeset lockfile (initrc_lock_t ))
(typeattributeset cil_gen_require tmpfile)
(typeattributeset tmpfile (initrc_tmp_t ))
(typeattributeset cil_gen_require polymember)
(typeattributeset polymember (initrc_tmp_t ))
(typeattributeset cil_gen_require tmpfsfile)
(typeattributeset tmpfsfile (init_tmpfs_t ))
(typeattributeset cil_gen_require logfile)
(typeattributeset logfile (initrc_var_log_t ))
(typeattributeset cil_gen_require tmp_t)
(typeattributeset cil_gen_require tmpfs_t)
(typeattributeset cil_gen_require rc_exec_t)
(typeattributeset cil_gen_require var_t)
(typeattributeset cil_gen_require var_run_t)
(typeattributeset cil_gen_require device_t)
(typeattributeset cil_gen_require proc_t)
(typeattributeset cil_gen_require unlabeled_t)
(typeattributeset cil_gen_require chroot_exec_t)
(typeattributeset cil_gen_require bin_t)
(typeattributeset cil_gen_require usr_t)
(typeattributeset cil_gen_require etc_t)
(typeattributeset cil_gen_require modules_object_t)
(typeattributeset cil_gen_require etc_runtime_t)
(typeattributeset cil_gen_require root_t)
(typeattributeset cil_gen_require fs_t)
(typeattributeset cil_gen_require inotifyfs_t)
(typeattributeset cil_gen_require ramfs_t)
(typeattributeset cil_gen_require mcssetcats)
(typeattributeset mcssetcats (init_t initrc_t ))
(typeattributeset cil_gen_require mlsfileread)
(typeattributeset mlsfileread (init_t initrc_t ))
(typeattributeset cil_gen_require mlsfilewrite)
(typeattributeset mlsfilewrite (init_t initrc_t ))
(typeattributeset cil_gen_require mlsprocwrite)
(typeattributeset mlsprocwrite (init_t initrc_t ))
(typeattributeset cil_gen_require mlsfduse)
(typeattributeset mlsfduse (init_t ))
(typeattributeset cil_gen_require mlsprocsetsl)
(typeattributeset mlsprocsetsl (init_t ))
(typeattributeset cil_gen_require secure_mode_policyload_t)
(typeattributeset cil_gen_require boolean_type)
(typeattributeset cil_gen_require ttynode)
(typeattributeset cil_gen_require console_device_t)
(typeattributeset cil_gen_require tty_device_t)
(typeattributeset cil_gen_require ld_so_cache_t)
(typeattributeset cil_gen_require syslogd_t)
(typeattributeset cil_gen_require syslogd_runtime_t)
(typeattributeset cil_gen_require devlog_t)
(typeattributeset cil_gen_require var_log_t)
(typeattributeset cil_gen_require default_context_t)
(typeattributeset cil_gen_require locale_t)
(typeattributeset cil_gen_require sysadm_t)
(typeattributeset cil_gen_require boot_t)
(typeattributeset cil_gen_require wtmp_t)
(typeattributeset cil_gen_require var_lib_t)
(typeattributeset cil_gen_require can_change_object_identity)
(typeattributeset can_change_object_identity (initrc_t ))
(typeattributeset cil_gen_require bsdpty_device_t)
(typeattributeset cil_gen_require ptmx_t)
(typeattributeset cil_gen_require proc_mdstat_t)
(typeattributeset cil_gen_require proc_net_t)
(typeattributeset cil_gen_require sysctl_type)
(typeattributeset cil_gen_require proc_kmsg_t)
(typeattributeset cil_gen_require var_lock_t)
(typeattributeset cil_gen_require system_map_t)
(typeattributeset cil_gen_require netlabel_peer_t)
(typeattributeset cil_gen_require netif_type)
(typeattributeset cil_gen_require node_type)
(typeattributeset cil_gen_require port_type)
(typeattributeset cil_gen_require client_packet_type)
(typeattributeset cil_gen_require random_device_t)
(typeattributeset cil_gen_require urandom_device_t)
(typeattributeset cil_gen_require kmsg_device_t)
(typeattributeset cil_gen_require usbfs_t)
(typeattributeset cil_gen_require framebuf_device_t)
(typeattributeset cil_gen_require clock_device_t)
(typeattributeset cil_gen_require sound_device_t)
(typeattributeset cil_gen_require lvm_control_t)
(typeattributeset cil_gen_require xserver_misc_device_t)
(typeattributeset cil_gen_require privfd)
(typeattributeset cil_gen_require var_spool_t)
(typeattributeset cil_gen_require mnt_t)
(typeattributeset cil_gen_require cgroup_types)
(typeattributeset cil_gen_require binfmt_misc_fs_t)
(typeattributeset cil_gen_require sysctl_t)
(typeattributeset cil_gen_require sysctl_fs_t)
(typeattributeset cil_gen_require filesystem_type)
(typeattributeset cil_gen_require nfsd_fs_t)
(typeattributeset cil_gen_require mlsprocread)
(typeattributeset mlsprocread (initrc_t ))
(typeattributeset cil_gen_require privrangetrans)
(typeattributeset privrangetrans (initrc_t ))
(typeattributeset cil_gen_require mlsfdshare)
(typeattributeset mlsfdshare (initrc_t ))
(typeattributeset cil_gen_require mlsnetwritetoclr)
(typeattributeset mlsnetwritetoclr (initrc_t ))
(typeattributeset cil_gen_require fixed_disk_device_t)
(typeattributeset cil_gen_require removable_device_t)
(typeattributeset cil_gen_require lastlog_t)
(typeattributeset cil_gen_require pam_runtime_t)
(typeattributeset cil_gen_require pam_var_console_t)
(typeattributeset cil_gen_require nsswitch_domain)
(typeattributeset nsswitch_domain (initrc_t ))
(typeattributeset cil_gen_require lib_t)
(typeattributeset cil_gen_require ld_so_t)
(typeattributeset cil_gen_require auditd_etc_t)
(typeattributeset cil_gen_require cert_t)
(typeattributeset cil_gen_require user_home_dir_t)
(typeattributeset cil_gen_require user_home_t)
(typeattributeset cil_gen_require home_root_t)
(typeattributeset cil_gen_require user_devpts_t)
(typeattributeset cil_gen_require user_tty_device_t)
(typeattributeset cil_gen_require proc_kcore_t)
(typeattributeset cil_gen_require null_device_t)
(typeattributeset cil_gen_require zero_device_t)
(typeattributeset cil_gen_require mountpoint)
(typeattributeset mountpoint (initrc_state_t ))
(typeattributeset cil_gen_require adjtime_t)
(typeattributeset cil_gen_require net_conf_t)
(typeattributeset cil_gen_require can_setenforce)
(typeattributeset can_setenforce (initrc_t ))
(typeattributeset cil_gen_require nfs_t)
(typeattributeset cil_gen_require cifs_t)
(allow init_t init_exec_t (file (entrypoint)))
(allow init_t init_exec_t (file (ioctl read getattr lock map execute open)))
(allow kernel_t init_exec_t (file (ioctl read getattr map execute open)))
(allow kernel_t init_t (process (transition)))
(dontaudit kernel_t init_t (process (noatsecure siginh rlimitinh)))
(typetransition kernel_t init_exec_t process init_t)
(allow init_t kernel_t (fd (use)))
(allow init_t kernel_t (fifo_file (ioctl read write getattr lock append)))
(allow init_t kernel_t (process (sigchld)))
(allow initrc_t initrc_exec_t (file (entrypoint)))
(allow initrc_t initrc_exec_t (file (ioctl read getattr lock map execute open)))
(allow init_t initrc_exec_t (file (ioctl read getattr map execute open)))
(allow init_t initrc_t (process (transition)))
(dontaudit init_t initrc_t (process (noatsecure siginh rlimitinh)))
(typetransition init_t initrc_exec_t process initrc_t)
(allow initrc_t init_t (fd (use)))
(allow initrc_t init_t (fifo_file (ioctl read write getattr lock append)))
(allow initrc_t init_t (process (sigchld)))
(allow initrc_t shell_exec_t (file (entrypoint)))
(allow initrc_t shell_exec_t (file (ioctl read getattr lock map execute open)))
(allow initrc_devpts_t devpts_t (filesystem (associate)))
(allow initrc_var_log_t tmp_t (filesystem (associate)))
(allow initrc_var_log_t tmpfs_t (filesystem (associate)))
(allow initrc_t rc_exec_t (file (entrypoint)))
(allow initrc_t rc_exec_t (file (ioctl read getattr lock map execute open)))
(allow init_t rc_exec_t (file (ioctl read getattr map execute open)))
(allow init_t initrc_t (process (transition)))
(dontaudit init_t initrc_t (process (noatsecure siginh rlimitinh)))
(typetransition init_t rc_exec_t process initrc_t)
(allow initrc_t init_t (fd (use)))
(allow initrc_t init_t (fifo_file (ioctl read write getattr lock append)))
(allow initrc_t init_t (process (sigchld)))
(allow init_t self (capability (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
(allow init_t self (capability2 (wake_alarm block_suspend)))
(allow init_t self (fifo_file (ioctl read write getattr lock append open)))
(allow init_t init_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow init_t initrc_t (unix_stream_socket (connectto)))
(allow init_t init_linkable_keyring_type (key (link)))
(allow init_t init_runtime_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow init_t var_t (dir (getattr open search)))
(allow init_t var_run_t (lnk_file (read getattr)))
(allow init_t var_run_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition init_t var_run_t file init_runtime_t)
(allow init_t init_runtime_t (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow init_t init_runtime_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
(allow init_t initctl_t (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow init_t device_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition init_t device_t fifo_file initctl_t)
(allow initctl_t device_t (filesystem (associate)))
(allow initctl_t tmpfs_t (filesystem (associate)))
(allow initctl_t tmp_t (filesystem (associate)))
(allow init_t var_t (dir (getattr open search)))
(allow init_t var_run_t (lnk_file (read getattr)))
(allow init_t var_run_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition init_t var_run_t fifo_file initctl_t)
(allow init_t initrc_runtime_t (file (ioctl read write getattr setattr lock append open)))
(allow init_t init_tmpfs_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow init_tmpfs_t tmpfs_t (filesystem (associate)))
(allow init_t tmpfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition init_t tmpfs_t file init_tmpfs_t)
(allow init_t proc_t (dir (getattr open search)))
(allow init_t proc_t (file (ioctl read getattr lock open)))
(allow init_t proc_t (dir (getattr open search)))
(allow init_t proc_t (lnk_file (read getattr)))
(allow init_t proc_t (dir (getattr open search)))
(allow init_t proc_t (dir (ioctl read getattr lock open search)))
(allow kernel_t init_t (process (share)))
(dontaudit init_t unlabeled_t (dir (getattr open search)))
(allow init_t bin_t (dir (getattr open search)))
(allow init_t bin_t (lnk_file (read getattr)))
(allow init_t usr_t (dir (getattr open search)))
(allow init_t chroot_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow init_t self (capability (sys_chroot)))
(allow init_t bin_t (dir (getattr open search)))
(allow init_t bin_t (lnk_file (read getattr)))
(allow init_t usr_t (dir (getattr open search)))
(allow init_t bin_t (dir (getattr open search)))
(allow init_t bin_t (dir (ioctl read getattr lock open search)))
(allow init_t bin_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow init_t sysfs_t (dir (getattr open search)))
(allow init_t sysfs_t (file (ioctl read getattr lock open)))
(allow init_t sysfs_t (dir (getattr open search)))
(allow init_t sysfs_t (lnk_file (read getattr)))
(allow init_t sysfs_t (dir (getattr open search)))
(allow init_t sysfs_t (dir (ioctl read getattr lock open search)))
(allow init_t device_t (chr_file (ioctl read write getattr lock append open)))
(allow init_t domain (process (getpgid)))
(allow init_t domain (process (sigkill)))
(allow init_t self (capability (kill)))
(allow init_t domain (process (getattr)))
(allow init_t domain (process (signal)))
(allow init_t domain (process (signull)))
(allow init_t domain (process (sigstop)))
(allow init_t domain (process (sigchld)))
(allow init_t etc_t (dir (ioctl read getattr lock open search)))
(allow init_t etc_t (dir (getattr open search)))
(allow init_t etc_t (file (ioctl read getattr lock open)))
(allow init_t etc_t (dir (getattr open search)))
(allow init_t etc_t (lnk_file (read getattr)))
(allow init_t modules_object_t (dir (ioctl read getattr lock open search)))
(allow init_t modules_object_t (dir (getattr open search)))
(allow init_t modules_object_t (file (ioctl read getattr lock open)))
(allow init_t modules_object_t (file (map)))
(allow init_t modules_object_t (dir (getattr open search)))
(allow init_t modules_object_t (lnk_file (read getattr)))
(allow init_t var_run_t (lnk_file (read getattr)))
(allow init_t var_t (dir (getattr open search)))
(allow init_t var_run_t (dir (ioctl read getattr lock open search)))
(allow init_t var_run_t (dir (getattr open search)))
(allow init_t var_run_t (file (ioctl read write getattr lock append open)))
(allow init_t etc_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow init_t etc_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow init_t etc_runtime_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow init_t etc_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition init_t etc_t file etc_runtime_t)
(allow init_t etc_t (dir (ioctl read getattr lock open search)))
(allow init_t etc_t (dir (getattr open search)))
(allow init_t etc_t (lnk_file (read getattr)))
(allow init_t etc_t (dir (getattr open search)))
(allow init_t etc_t (file (ioctl read getattr map execute open execute_no_trans)))
(dontaudit init_t root_t (file (read write)))
(dontaudit init_t root_t (chr_file (read write)))
(allow init_t fs_t (filesystem (getattr)))
(allow init_t inotifyfs_t (dir (ioctl read getattr lock open search)))
(allow init_t ramfs_t (dir (getattr open search)))
(allow init_t ramfs_t (sock_file (write getattr append open)))
(allow init_t security_t (filesystem (getattr)))
(allow init_t sysfs_t (filesystem (getattr)))
(allow init_t sysfs_t (dir (getattr open search)))
(allow init_t sysfs_t (dir (getattr open search)))
(allow init_t proc_t (dir (getattr open search)))
(allow init_t proc_t (file (ioctl read getattr lock open)))
(allow init_t proc_t (dir (getattr open search)))
(allow init_t proc_t (lnk_file (read getattr)))
(allow init_t proc_t (dir (getattr open search)))
(allow init_t proc_t (dir (ioctl read getattr lock open search)))
(allow init_t sysfs_t (dir (getattr open search)))
(allow init_t sysfs_t (dir (getattr open search)))
(allow init_t security_t (dir (ioctl read getattr lock open search)))
(allow init_t boolean_type (file (ioctl read getattr lock open)))
(allow init_t secure_mode_policyload_t (file (ioctl read getattr lock open)))
(allow init_t device_t (dir (getattr open search)))
(allow init_t device_t (dir (ioctl read getattr lock open search)))
(allow init_t device_t (dir (getattr open search)))
(allow init_t device_t (lnk_file (read getattr)))
(allow init_t devpts_t (dir (ioctl read getattr lock open search)))
(allow init_t ptynode (chr_file (ioctl read write getattr lock append open)))
(allow init_t devpts_t (chr_file (ioctl read write getattr lock append open)))
(allow init_t ttynode (chr_file (ioctl read write getattr lock append open)))
(allow init_t console_device_t (chr_file (ioctl read write getattr lock append open)))
(allow init_t tty_device_t (chr_file (ioctl read write getattr lock append open)))
(allow init_t etc_t (dir (ioctl read getattr lock open search)))
(allow init_t ld_so_cache_t (file (ioctl read write getattr lock append open)))
(allow init_t devlog_t (sock_file (write getattr append open)))
(allow init_t var_run_t (lnk_file (read getattr)))
(allow init_t var_t (dir (getattr open search)))
(allow init_t var_run_t (dir (getattr open search)))
(allow init_t init_runtime_t (dir (getattr open search)))
(allow init_t syslogd_runtime_t (dir (getattr open search)))
(allow init_t syslogd_t (unix_dgram_socket (sendto)))
(allow init_t syslogd_t (unix_stream_socket (connectto)))
(allow init_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow init_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow init_t device_t (dir (getattr open search)))
(allow init_t device_t (dir (ioctl read getattr lock open search)))
(allow init_t device_t (dir (getattr open search)))
(allow init_t device_t (lnk_file (read getattr)))
(allow init_t console_device_t (chr_file (ioctl write getattr lock append open)))
(dontaudit init_t console_device_t (chr_file (ioctl read getattr lock open)))
(allow init_t var_t (dir (getattr open search)))
(allow init_t var_log_t (dir (ioctl read getattr lock open search)))
(allow init_t var_log_t (dir (getattr open search)))
(allow init_t var_log_t (file (ioctl read write getattr lock append open)))
(allow init_t var_log_t (lnk_file (read getattr)))
(allow init_t devlog_t (sock_file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow init_t device_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition init_t device_t sock_file devlog_t)
(allow devlog_t device_t (filesystem (associate)))
(allow devlog_t tmpfs_t (filesystem (associate)))
(allow devlog_t tmp_t (filesystem (associate)))
(allow init_t var_run_t (lnk_file (read getattr)))
(allow init_t var_t (dir (getattr open search)))
(allow init_t var_run_t (dir (getattr open search)))
(allow init_t init_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow init_t etc_t (dir (getattr open search)))
(allow init_t selinux_config_t (dir (ioctl read getattr lock open search)))
(allow init_t selinux_config_t (dir (getattr open search)))
(allow init_t selinux_config_t (file (ioctl read getattr lock open)))
(allow init_t selinux_config_t (dir (getattr open search)))
(allow init_t selinux_config_t (lnk_file (read getattr)))
(allow init_t etc_t (dir (getattr open search)))
(allow init_t selinux_config_t (dir (getattr open search)))
(allow init_t default_context_t (dir (ioctl read getattr lock open search)))
(allow init_t default_context_t (dir (getattr open search)))
(allow init_t default_context_t (file (ioctl read getattr lock open)))
(allow init_t etc_t (dir (getattr open search)))
(allow init_t etc_t (lnk_file (read getattr)))
(allow init_t usr_t (dir (getattr open search)))
(allow init_t locale_t (dir (ioctl read getattr lock open search)))
(allow init_t locale_t (dir (getattr open search)))
(allow init_t locale_t (file (ioctl read getattr lock open)))
(allow init_t locale_t (dir (getattr open search)))
(allow init_t locale_t (lnk_file (read getattr)))
(allow init_t locale_t (file (map)))
(allow init_t self (process (getcap setcap)))
(allow initrc_t bin_t (dir (getattr open search)))
(allow initrc_t bin_t (lnk_file (read getattr)))
(allow initrc_t usr_t (dir (getattr open search)))
(allow initrc_t rc_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow initrc_t self (process (getsched setsched getpgid setpgid getcap setrlimit)))
(allow initrc_t self (capability (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_rawio sys_chroot sys_ptrace sys_pacct sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
(allow initrc_t self (capability2 (wake_alarm block_suspend)))
(dontaudit initrc_t self (capability (sys_module)))
(allow initrc_t self (netlink_kobject_uevent_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow initrc_t self (passwd (rootok)))
(allow initrc_t self (key (view read write search link setattr create)))
(allow initrc_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow initrc_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown connectto)))
(allow initrc_t self (tcp_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown)))
(allow initrc_t self (udp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow initrc_t self (fifo_file (ioctl read write getattr lock append open)))
(allow initrc_t initrc_devpts_t (chr_file (ioctl read write getattr append open)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t device_t (dir (ioctl read getattr lock open search)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t device_t (lnk_file (read getattr)))
(allow initrc_t ptmx_t (chr_file (ioctl read write getattr lock append open)))
(allow initrc_t devpts_t (dir (ioctl read getattr lock open search)))
(allow initrc_t devpts_t (filesystem (getattr)))
(dontaudit initrc_t bsdpty_device_t (chr_file (read write getattr)))
(typetransition initrc_t devpts_t chr_file initrc_devpts_t)
(allow initrc_t init_t (dir (ioctl read getattr lock open search)))
(allow initrc_t init_t (file (ioctl read getattr lock open)))
(allow initrc_t init_t (lnk_file (read getattr)))
(allow initrc_t init_t (process (getattr)))
(allow initrc_t init_t (process (signal)))
(allow initrc_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow initrc_t init_t (unix_dgram_socket (sendto)))
(allow initrc_t init_t (unix_stream_socket (connectto)))
(allow initrc_t initctl_t (fifo_file (ioctl read write getattr lock append open)))
(allow initrc_t bin_t (dir (getattr open search)))
(allow initrc_t bin_t (lnk_file (read getattr)))
(allow initrc_t usr_t (dir (getattr open search)))
(allow initrc_t bin_t (dir (getattr open search)))
(allow initrc_t bin_t (dir (ioctl read getattr lock open search)))
(allow initrc_t bin_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t device_t (dir (ioctl read getattr lock open search)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t device_t (lnk_file (read getattr)))
(allow initrc_t var_run_t (lnk_file (read getattr)))
(allow initrc_t var_t (dir (getattr open search)))
(allow initrc_t var_run_t (dir (getattr open search)))
(allow initrc_t bin_t (dir (getattr open search)))
(allow initrc_t bin_t (lnk_file (read getattr)))
(allow initrc_t usr_t (dir (getattr open search)))
(allow initrc_t init_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow initrc_t init_script_file_type (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow initrc_t daemonpidfile (dir (ioctl write getattr lock open add_name search)))
(allow initrc_t daemonpidfile (dir (create getattr)))
(allow initrc_t daemonpidfile (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t daemonpidfile (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow initrc_t daemonpidfile (dir (getattr open search)))
(allow initrc_t daemonpidfile (dir (setattr)))
(allow init_run_all_scripts_domain initrc_exec_t (file (ioctl read getattr map execute open)))
(allow init_run_all_scripts_domain initrc_t (process (transition)))
(dontaudit init_run_all_scripts_domain initrc_t (process (noatsecure siginh rlimitinh)))
(typetransition init_run_all_scripts_domain initrc_exec_t process initrc_t)
(allow initrc_t init_run_all_scripts_domain (fd (use)))
(allow initrc_t init_run_all_scripts_domain (fifo_file (ioctl read write getattr lock append)))
(allow initrc_t init_run_all_scripts_domain (process (sigchld)))
(allow init_t initrc_state_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow init_t initrc_state_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow init_t initrc_state_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow init_t initrc_state_t (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow initrc_t initrc_state_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t initrc_state_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow initrc_t initrc_state_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t initrc_state_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow initrc_t initrc_state_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t initrc_state_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
(allow initrc_t initrc_state_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t initrc_state_t (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
(dontaudit initrc_t initrc_state_t (chr_file (create getattr setattr)))
(allow initrc_t initrc_runtime_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow initrc_t var_t (dir (getattr open search)))
(allow initrc_t var_run_t (lnk_file (read getattr)))
(allow initrc_t var_run_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition initrc_t var_run_t file initrc_runtime_t)
(allow initrc_t daemon (process (siginh)))
(allow initrc_t initrc_tmp_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow initrc_t initrc_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t initrc_tmp_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow initrc_t initrc_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t initrc_tmp_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow initrc_t initrc_tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t initrc_tmp_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
(allow initrc_t tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition initrc_t tmp_t dir initrc_tmp_t)
(typetransition initrc_t tmp_t file initrc_tmp_t)
(allow initrc_t initrc_tmp_t (dir (relabelfrom)))
(allow initrc_t initrc_var_log_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t initrc_var_log_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow initrc_t initrc_var_log_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t initrc_var_log_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow initrc_t var_t (dir (getattr open search)))
(allow initrc_t var_log_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition initrc_t var_log_t dir initrc_var_log_t)
(allow initrc_t var_log_t (lnk_file (read getattr)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t device_t (dir (ioctl read getattr lock open search)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t device_t (lnk_file (read getattr)))
(allow initrc_t var_run_t (lnk_file (read getattr)))
(allow initrc_t var_t (dir (getattr open search)))
(allow initrc_t var_run_t (dir (getattr open search)))
(allow initrc_t initctl_t (fifo_file (write)))
(allow initrc_t var_lib_t (dir (getattr open search)))
(allow initrc_t var_lib_t (dir (ioctl write getattr lock open add_name remove_name search)))
(allow initrc_t var_run_t (dir (getattr open search)))
(allow initrc_t var_run_t (dir (ioctl write getattr lock open add_name remove_name search)))
(allow initrc_t init_random_seed_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow initrc_t proc_t (dir (getattr open search)))
(allow initrc_t proc_t (file (ioctl read getattr lock open)))
(allow initrc_t proc_t (dir (getattr open search)))
(allow initrc_t proc_t (lnk_file (read getattr)))
(allow initrc_t proc_t (dir (getattr open search)))
(allow initrc_t proc_t (dir (ioctl read getattr lock open search)))
(allow initrc_t proc_t (dir (getattr open search)))
(allow initrc_t proc_mdstat_t (file (ioctl read getattr lock open)))
(allow initrc_t proc_t (dir (getattr open search)))
(allow initrc_t proc_t (dir (ioctl read getattr lock open search)))
(allow initrc_t proc_t (dir (getattr open search)))
(allow initrc_t proc_net_t (dir (getattr open search)))
(allow initrc_t proc_net_t (file (ioctl read getattr lock open)))
(allow initrc_t proc_t (dir (getattr open search)))
(allow initrc_t proc_net_t (dir (getattr open search)))
(allow initrc_t proc_net_t (lnk_file (read getattr)))
(allow initrc_t proc_t (dir (getattr open search)))
(allow initrc_t proc_net_t (dir (ioctl read getattr lock open search)))
(allow initrc_t self (capability2 (syslog)))
(allow initrc_t kernel_t (system (syslog_read)))
(allow initrc_t self (capability2 (syslog)))
(allow initrc_t kernel_t (system (syslog_console)))
(allow initrc_t self (capability2 (syslog)))
(allow initrc_t kernel_t (system (syslog_mod)))
(allow initrc_t kernel_t (system (ipc_info)))
(allow initrc_t proc_t (dir (getattr open search)))
(allow initrc_t proc_net_t (dir (getattr open search)))
(allow initrc_t sysctl_type (dir (getattr open search)))
(allow initrc_t sysctl_type (file (ioctl read getattr lock open)))
(allow initrc_t proc_t (dir (getattr open search)))
(allow initrc_t proc_net_t (dir (getattr open search)))
(allow initrc_t sysctl_type (dir (ioctl read getattr lock open search)))
(allow initrc_t proc_t (dir (getattr open search)))
(allow initrc_t proc_net_t (dir (getattr open search)))
(allow initrc_t sysctl_type (dir (getattr open search)))
(allow initrc_t sysctl_type (file (ioctl read write getattr lock append open)))
(allow initrc_t sysctl_type (dir (ioctl read getattr lock open search)))
(allow initrc_t sysctl_type (file (setattr)))
(allow initrc_t kernel_t (fd (use)))
(dontaudit initrc_t proc_kmsg_t (file (getattr)))
(allow initrc_t unlabeled_t (dir (ioctl read getattr lock open search)))
(allow initrc_t unlabeled_t (dir (getattr mounton open search)))
(allow initrc_t var_t (dir (getattr open search)))
(allow initrc_t var_lock_t (lnk_file (read getattr)))
(allow initrc_t var_lock_t (dir (ioctl write getattr lock open add_name search)))
(allow initrc_t var_lock_t (dir (create getattr)))
(allow initrc_t var_lock_t (lnk_file (read getattr)))
(allow initrc_t var_t (dir (getattr open search)))
(allow initrc_t var_lock_t (dir (getattr open search)))
(allow initrc_t lockfile (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t lockfile (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow initrc_t lockfile (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t lockfile (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow initrc_t lockfile (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t lockfile (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
(allow initrc_t var_t (dir (getattr open search)))
(allow initrc_t var_run_t (lnk_file (read getattr)))
(allow initrc_t var_run_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t boot_t (dir (ioctl read getattr lock open search)))
(allow initrc_t boot_t (dir (getattr open search)))
(allow initrc_t system_map_t (file (ioctl read getattr lock open)))
(allow initrc_t var_t (dir (getattr open search)))
(allow initrc_t var_lock_t (dir (setattr)))
(allow initrc_t bin_t (dir (getattr open search)))
(allow initrc_t bin_t (lnk_file (read getattr)))
(allow initrc_t usr_t (dir (getattr open search)))
(allow initrc_t bin_t (dir (getattr open search)))
(allow initrc_t bin_t (dir (ioctl read getattr lock open search)))
(allow initrc_t exec_type (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow initrc_t bin_t (dir (getattr open search)))
(allow initrc_t exec_type (lnk_file (read getattr)))
(allow initrc_t netlabel_peer_t (peer (recv)))
(allow initrc_t netlabel_peer_t (tcp_socket (recvfrom)))
(allow initrc_t netlabel_peer_t (udp_socket (recvfrom)))
(allow initrc_t netlabel_peer_t (rawip_socket (recvfrom)))
(allow initrc_t netif_type (netif (ingress egress)))
(allow initrc_t netif_type (netif (egress)))
(allow initrc_t netif_type (netif (ingress)))
(allow initrc_t node_type (node (recvfrom sendto)))
(allow initrc_t node_type (node (sendto)))
(allow initrc_t node_type (node (recvfrom)))
(allow initrc_t port_type (tcp_socket (name_connect)))
(allow initrc_t client_packet_type (packet (send)))
(allow initrc_t client_packet_type (packet (recv)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t random_device_t (chr_file (ioctl read getattr lock open)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t urandom_device_t (chr_file (ioctl read getattr lock open)))
(dontaudit initrc_t kmsg_device_t (chr_file (read)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t kmsg_device_t (chr_file (ioctl write getattr lock append open)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t random_device_t (chr_file (ioctl write getattr lock append open)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t urandom_device_t (chr_file (ioctl write getattr lock append open)))
(allow initrc_t sysfs_t (dir (getattr open search)))
(allow initrc_t sysfs_t (file (ioctl read write getattr lock append open)))
(allow initrc_t sysfs_t (dir (getattr open search)))
(allow initrc_t sysfs_t (lnk_file (read getattr)))
(allow initrc_t sysfs_t (dir (getattr open search)))
(allow initrc_t sysfs_t (dir (ioctl read getattr lock open search)))
(allow initrc_t usbfs_t (dir (getattr open search)))
(allow initrc_t usbfs_t (lnk_file (read getattr)))
(allow initrc_t usbfs_t (dir (getattr open search)))
(allow initrc_t usbfs_t (file (getattr)))
(allow initrc_t usbfs_t (dir (getattr open search)))
(allow initrc_t usbfs_t (dir (ioctl read getattr lock open search)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t framebuf_device_t (chr_file (ioctl read getattr lock open)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t framebuf_device_t (chr_file (ioctl write getattr lock append open)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t clock_device_t (chr_file (ioctl read getattr lock open)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t sound_device_t (chr_file (ioctl read getattr lock open)))
(allow initrc_t sound_device_t (chr_file (map)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t sound_device_t (chr_file (ioctl write getattr lock append open)))
(allow initrc_t sound_device_t (chr_file (map)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t device_t (dir (setattr)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t device_node (chr_file (setattr)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t lvm_control_t (chr_file (ioctl read write getattr lock append open)))
(allow initrc_t device_t (chr_file (ioctl read write getattr lock append open)))
(allow initrc_t device_t (dir (ioctl write getattr lock open remove_name search)))
(allow initrc_t lvm_control_t (chr_file (getattr unlink)))
(allow initrc_t device_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t device_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
(allow initrc_t device_t (dir (ioctl write getattr lock open remove_name search)))
(allow initrc_t device_t (lnk_file (getattr unlink)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t device_node (blk_file (getattr)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t device_node (chr_file (getattr)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t xserver_misc_device_t (chr_file (ioctl read write getattr lock append open)))
(allow initrc_t xserver_misc_device_t (chr_file (map)))
(allow initrc_t domain (process (sigkill)))
(allow initrc_t self (capability (kill)))
(allow initrc_t domain (process (signal)))
(allow initrc_t domain (process (signull)))
(allow initrc_t domain (process (sigstop)))
(allow initrc_t domain (process (sigchld)))
(allow initrc_t proc_t (dir (getattr open search)))
(allow initrc_t proc_t (dir (getattr open search)))
(allow initrc_t domain (dir (ioctl read getattr lock open search)))
(allow initrc_t domain (dir (getattr open search)))
(allow initrc_t domain (file (ioctl read getattr lock open)))
(allow initrc_t domain (dir (getattr open search)))
(allow initrc_t domain (lnk_file (read getattr)))
(allow initrc_t domain (process (getattr)))
(allow initrc_t domain (process (getsession)))
(allow initrc_t privfd (fd (use)))
(dontaudit initrc_t domain (udp_socket (getattr)))
(dontaudit initrc_t domain (tcp_socket (getattr)))
(dontaudit initrc_t domain (unix_dgram_socket (getattr)))
(dontaudit initrc_t domain (fifo_file (getattr)))
(allow initrc_t file_type (dir (getattr open search)))
(allow initrc_t file_type (dir (getattr)))
(allow initrc_t file_type (dir (getattr open search)))
(allow initrc_t file_type (file (getattr)))
(allow initrc_t file_type (dir (getattr open search)))
(allow initrc_t file_type (lnk_file (getattr)))
(allow initrc_t file_type (dir (getattr open search)))
(allow initrc_t file_type (lnk_file (getattr)))
(allow initrc_t file_type (dir (ioctl read getattr lock open search)))
(allow initrc_t file_type (dir (getattr open search)))
(allow initrc_t file_type (fifo_file (getattr)))
(allow initrc_t file_type (dir (ioctl read getattr lock open search)))
(allow initrc_t file_type (dir (getattr open search)))
(allow initrc_t file_type (sock_file (getattr)))
(allow initrc_t tmpfile (dir (ioctl read getattr lock open search)))
(allow initrc_t tmpfile (dir (ioctl write getattr lock open remove_name search)))
(allow initrc_t tmpfile (dir (getattr rmdir)))
(allow initrc_t tmpfile (dir (ioctl write getattr lock open remove_name search)))
(allow initrc_t tmpfile (file (getattr unlink)))
(allow initrc_t tmpfile (dir (ioctl write getattr lock open remove_name search)))
(allow initrc_t tmpfile (lnk_file (getattr unlink)))
(allow initrc_t tmpfile (dir (ioctl write getattr lock open remove_name search)))
(allow initrc_t tmpfile (fifo_file (getattr unlink)))
(allow initrc_t tmpfile (dir (ioctl write getattr lock open remove_name search)))
(allow initrc_t tmpfile (sock_file (getattr unlink)))
(allow initrc_t boot_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t boot_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow initrc_t var_run_t (lnk_file (read getattr)))
(allow initrc_t var_t (dir (getattr open search)))
(allow initrc_t pidfile (dir (ioctl read getattr lock open search)))
(allow initrc_t pidfile (dir (getattr open search)))
(allow initrc_t pidfile (file (ioctl read getattr lock open)))
(allow initrc_t root_t (file (unlink)))
(allow initrc_t var_run_t (dir (ioctl write getattr lock open remove_name search)))
(allow initrc_t var_run_t (lnk_file (getattr unlink)))
(allow initrc_t pidfile (dir (ioctl write getattr lock open remove_name search)))
(allow initrc_t pidfile (file (getattr unlink)))
(allow initrc_t pidfile (dir (ioctl write getattr lock open remove_name search)))
(allow initrc_t pidfile (dir (getattr rmdir)))
(allow initrc_t pidfile (sock_file (getattr unlink)))
(allow initrc_t pidfile (fifo_file (getattr unlink)))
(allow initrc_t etc_t (dir (ioctl read getattr lock open search)))
(allow initrc_t etc_t (dir (getattr open search)))
(allow initrc_t etc_t (file (ioctl read getattr lock open)))
(allow initrc_t etc_t (dir (getattr open search)))
(allow initrc_t etc_t (lnk_file (read getattr)))
(allow initrc_t etc_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t etc_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t etc_runtime_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow initrc_t etc_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition initrc_t etc_t file etc_runtime_t)
(allow initrc_t etc_t (dir (ioctl read getattr lock open search)))
(allow initrc_t etc_t (dir (getattr open search)))
(allow initrc_t etc_t (lnk_file (read getattr)))
(allow initrc_t etc_t (dir (getattr open search)))
(allow initrc_t etc_t (file (ioctl read getattr map execute open execute_no_trans)))
(allow initrc_t usr_t (dir (ioctl read getattr lock open search)))
(allow initrc_t usr_t (dir (getattr open search)))
(allow initrc_t usr_t (file (ioctl read getattr lock open)))
(allow initrc_t usr_t (dir (getattr open search)))
(allow initrc_t usr_t (lnk_file (read getattr)))
(allow initrc_t var_t (dir (getattr open search)))
(allow initrc_t var_spool_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t var_spool_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow initrc_t mnt_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow initrc_t mnt_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t mnt_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow initrc_t cgroup_types (dir (ioctl write getattr lock open remove_name search)))
(allow initrc_t cgroup_types (dir (getattr rmdir)))
(allow initrc_t sysfs_t (dir (getattr open search)))
(allow initrc_t sysfs_t (dir (getattr open search)))
(allow initrc_t cgroup_types (dir (getattr open search)))
(allow initrc_t cgroup_types (dir (ioctl read getattr lock open search)))
(allow initrc_t sysfs_t (dir (getattr open search)))
(allow initrc_t sysfs_t (dir (getattr open search)))
(allow initrc_t cgroup_types (dir (getattr open search)))
(allow initrc_t cgroup_types (file (ioctl read write getattr lock append open)))
(allow initrc_t cgroup_types (dir (getattr open search)))
(allow initrc_t cgroup_types (lnk_file (read getattr)))
(allow initrc_t sysfs_t (dir (getattr open search)))
(allow initrc_t sysfs_t (dir (getattr open search)))
(allow initrc_t inotifyfs_t (dir (ioctl read getattr lock open search)))
(allow initrc_t proc_t (dir (getattr open search)))
(allow initrc_t sysctl_t (dir (getattr open search)))
(allow initrc_t sysctl_fs_t (dir (getattr open search)))
(allow initrc_t sysctl_fs_t (dir (getattr open search)))
(allow initrc_t binfmt_misc_fs_t (dir (getattr open search)))
(allow initrc_t binfmt_misc_fs_t (file (ioctl read write getattr lock append open)))
(allow initrc_t filesystem_type (filesystem (mount)))
(allow initrc_t filesystem_type (filesystem (unmount)))
(allow initrc_t filesystem_type (filesystem (remount)))
(allow initrc_t filesystem_type (filesystem (getattr)))
(allow initrc_t file_type (filesystem (getattr)))
(allow initrc_t filesystem_type (dir (getattr open search)))
(allow initrc_t nfsd_fs_t (dir (getattr open search)))
(allow initrc_t nfsd_fs_t (file (getattr)))
(allow initrc_t sysfs_t (dir (getattr open search)))
(allow initrc_t sysfs_t (dir (getattr open search)))
(allow initrc_t security_t (dir (ioctl read getattr lock open search)))
(allow initrc_t security_t (file (ioctl read getattr map open)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t device_t (dir (ioctl read getattr lock open search)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t device_t (lnk_file (read getattr)))
(allow initrc_t fixed_disk_device_t (blk_file (getattr)))
(allow initrc_t fixed_disk_device_t (chr_file (getattr)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t device_t (dir (ioctl read getattr lock open search)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t device_t (lnk_file (read getattr)))
(allow initrc_t fixed_disk_device_t (blk_file (setattr)))
(allow initrc_t fixed_disk_device_t (chr_file (setattr)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t device_t (dir (ioctl read getattr lock open search)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t device_t (lnk_file (read getattr)))
(allow initrc_t removable_device_t (blk_file (setattr)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t device_t (dir (ioctl read getattr lock open search)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t device_t (lnk_file (read getattr)))
(allow initrc_t devpts_t (dir (ioctl read getattr lock open search)))
(allow initrc_t ptynode (chr_file (ioctl read write getattr lock append open)))
(allow initrc_t devpts_t (chr_file (ioctl read write getattr lock append open)))
(allow initrc_t ttynode (chr_file (ioctl read write getattr lock append open)))
(allow initrc_t console_device_t (chr_file (ioctl read write getattr lock append open)))
(allow initrc_t tty_device_t (chr_file (ioctl read write getattr lock append open)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t device_t (dir (ioctl read getattr lock open search)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t device_t (lnk_file (read getattr)))
(allow initrc_t ttynode (chr_file (relabelfrom)))
(allow initrc_t tty_device_t (chr_file (relabelto)))
(allow initrc_t wtmp_t (file (ioctl read write getattr lock append open)))
(allow initrc_t var_t (dir (getattr open search)))
(allow initrc_t var_log_t (dir (getattr open search)))
(allow initrc_t var_log_t (lnk_file (read getattr)))
(allow initrc_t wtmp_t (file (setattr)))
(allow initrc_t var_t (dir (getattr open search)))
(allow initrc_t var_log_t (dir (getattr open search)))
(allow initrc_t var_log_t (lnk_file (read getattr)))
(allow initrc_t var_t (dir (getattr open search)))
(allow initrc_t var_log_t (dir (getattr open search)))
(allow initrc_t var_log_t (lnk_file (read getattr)))
(allow initrc_t lastlog_t (file (ioctl read write getattr setattr lock append open)))
(allow initrc_t var_run_t (lnk_file (read getattr)))
(allow initrc_t var_t (dir (getattr open search)))
(allow initrc_t var_run_t (dir (getattr open search)))
(allow initrc_t pam_runtime_t (dir (ioctl read getattr lock open search)))
(allow initrc_t pam_runtime_t (file (ioctl read getattr lock open)))
(allow initrc_t var_run_t (lnk_file (read getattr)))
(allow initrc_t var_t (dir (getattr open search)))
(allow initrc_t var_run_t (dir (getattr open search)))
(allow initrc_t pam_runtime_t (dir (ioctl write getattr lock open remove_name search)))
(allow initrc_t pam_runtime_t (file (getattr unlink)))
(allow initrc_t var_t (dir (getattr open search)))
(allow initrc_t var_run_t (lnk_file (read getattr)))
(allow initrc_t var_t (dir (getattr open search)))
(allow initrc_t var_run_t (dir (getattr open search)))
(allow initrc_t pam_var_console_t (dir (ioctl write getattr lock open remove_name search)))
(allow initrc_t pam_var_console_t (file (getattr unlink)))
(allow initrc_t init_t (system (status)))
(allow initrc_t init_runtime_t (dir (getattr open search)))
(allow initrc_t init_runtime_t (sock_file (write getattr append open)))
(allow initrc_t init_t (unix_stream_socket (connectto)))
(allow initrc_t var_run_t (lnk_file (read getattr)))
(allow initrc_t var_t (dir (getattr open search)))
(allow initrc_t var_run_t (dir (getattr open search)))
(allow initrc_t init_t (unix_stream_socket (getattr)))
(allow initrc_t init_script_file_type (service (start)))
(allow initrc_t systemdunit (service (start)))
(allow initrc_t init_script_file_type (service (stop)))
(allow initrc_t systemdunit (service (stop)))
(allow initrc_t etc_t (dir (ioctl read getattr lock open search)))
(allow initrc_t ld_so_cache_t (file (ioctl read write getattr lock append open)))
(allow initrc_t usr_t (dir (getattr open search)))
(allow initrc_t lib_t (dir (ioctl read getattr lock open search)))
(allow initrc_t lib_t (dir (getattr open search)))
(allow initrc_t lib_t (lnk_file (read getattr)))
(allow initrc_t lib_t (dir (getattr open search)))
(allow initrc_t lib_t (file (ioctl read getattr map execute open execute_no_trans)))
(allow initrc_t lib_t (dir (ioctl read getattr lock open search)))
(allow initrc_t lib_t (dir (getattr open search)))
(allow initrc_t lib_t (lnk_file (read getattr)))
(allow initrc_t ld_so_t (lnk_file (read getattr)))
(allow initrc_t lib_t (dir (getattr open search)))
(allow initrc_t ld_so_t (file (ioctl read getattr map execute open execute_no_trans)))
(allow initrc_t self (capability (audit_write)))
(allow initrc_t self (netlink_audit_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_relay)))
(allow initrc_t devlog_t (sock_file (write getattr append open)))
(allow initrc_t var_run_t (lnk_file (read getattr)))
(allow initrc_t var_t (dir (getattr open search)))
(allow initrc_t var_run_t (dir (getattr open search)))
(allow initrc_t init_runtime_t (dir (getattr open search)))
(allow initrc_t syslogd_runtime_t (dir (getattr open search)))
(allow initrc_t syslogd_t (unix_dgram_socket (sendto)))
(allow initrc_t syslogd_t (unix_stream_socket (connectto)))
(allow initrc_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow initrc_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t device_t (dir (ioctl read getattr lock open search)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t device_t (lnk_file (read getattr)))
(allow initrc_t console_device_t (chr_file (ioctl write getattr lock append open)))
(dontaudit initrc_t console_device_t (chr_file (ioctl read getattr lock open)))
(allow initrc_t var_t (dir (getattr open search)))
(allow initrc_t var_log_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t var_log_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow initrc_t var_t (dir (getattr open search)))
(allow initrc_t logfile (dir (ioctl read getattr lock open search)))
(allow initrc_t logfile (dir (getattr open search)))
(allow initrc_t logfile (file (ioctl read getattr lock open)))
(allow initrc_t var_t (dir (getattr open search)))
(allow initrc_t var_log_t (dir (getattr open search)))
(allow initrc_t logfile (file (ioctl getattr lock append open)))
(allow initrc_t var_log_t (lnk_file (read getattr)))
(allow initrc_t etc_t (dir (getattr open search)))
(allow initrc_t auditd_etc_t (dir (getattr open search)))
(allow initrc_t auditd_etc_t (file (ioctl read getattr lock open)))
(allow initrc_t auditd_etc_t (dir (ioctl read getattr lock open search)))
(dontaudit initrc_t auditd_etc_t (file (map)))
(allow initrc_t etc_t (dir (getattr open search)))
(allow initrc_t etc_t (lnk_file (read getattr)))
(allow initrc_t usr_t (dir (getattr open search)))
(allow initrc_t locale_t (dir (ioctl read getattr lock open search)))
(allow initrc_t locale_t (dir (getattr open search)))
(allow initrc_t locale_t (file (ioctl read getattr lock open)))
(allow initrc_t locale_t (dir (getattr open search)))
(allow initrc_t locale_t (lnk_file (read getattr)))
(allow initrc_t locale_t (file (map)))
(allow initrc_t cert_t (dir (ioctl read getattr lock open search)))
(allow initrc_t cert_t (dir (getattr open search)))
(allow initrc_t cert_t (file (ioctl read getattr lock open)))
(allow initrc_t cert_t (dir (getattr open search)))
(allow initrc_t cert_t (lnk_file (read getattr)))
(allow initrc_t etc_t (dir (getattr open search)))
(allow initrc_t selinux_config_t (dir (ioctl read getattr lock open search)))
(allow initrc_t selinux_config_t (dir (getattr open search)))
(allow initrc_t selinux_config_t (file (ioctl read getattr lock open)))
(allow initrc_t selinux_config_t (dir (getattr open search)))
(allow initrc_t selinux_config_t (lnk_file (read getattr)))
(allow initrc_t user_home_dir_t (dir (getattr open search)))
(allow initrc_t user_home_t (dir (getattr open search)))
(allow initrc_t user_home_t (file (ioctl read getattr lock open)))
(allow initrc_t home_root_t (dir (getattr open search)))
(allow initrc_t home_root_t (lnk_file (read getattr)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t device_t (dir (ioctl read getattr lock open search)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t device_t (lnk_file (read getattr)))
(allow initrc_t devpts_t (dir (ioctl read getattr lock open search)))
(allow initrc_t user_devpts_t (chr_file (ioctl read write getattr append)))
(allow initrc_t user_tty_device_t (chr_file (ioctl read write getattr append)))
(dontaudit initrc_t proc_kcore_t (file (getattr)))
(allow initrc_t self (process (setfscreate)))
(allow initrc_t self (capability (mknod)))
(allow initrc_t device_t (dir (ioctl write getattr lock open add_name search)))
(allow initrc_t null_device_t (chr_file (create getattr)))
(allow initrc_t self (capability (mknod)))
(allow initrc_t device_t (dir (ioctl write getattr lock open add_name search)))
(allow initrc_t zero_device_t (chr_file (create getattr)))
(allow initrc_t device_t (dir (ioctl write getattr lock open add_name search)))
(allow initrc_t console_device_t (chr_file (create getattr)))
(allow initrc_t self (capability (mknod)))
(allow initrc_t device_t (dir (ioctl read getattr lock open search)))
(allow initrc_t device_t (dir (ioctl write getattr lock open add_name search)))
(allow initrc_t device_t (dir (create getattr)))
(allow initrc_t device_t (dir (ioctl write getattr lock open remove_name search)))
(allow initrc_t device_t (dir (getattr rmdir)))
(allow initrc_t device_t (dir (getattr open search)))
(allow initrc_t device_t (dir (setattr)))
(allow initrc_t pidfile (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t pidfile (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow initrc_t pidfile (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t pidfile (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow initrc_t pidfile (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t pidfile (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
(allow initrc_t var_t (dir (getattr open search)))
(allow initrc_t var_lock_t (lnk_file (read getattr)))
(allow initrc_t var_lock_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t var_lock_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow initrc_t var_lock_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t var_lock_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow initrc_t var_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t var_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
(allow initrc_t var_t (dir (getattr open search)))
(allow initrc_t var_run_t (lnk_file (read getattr)))
(allow initrc_t var_run_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_state_t tmpfs_t (filesystem (associate)))
(allow initrc_t tmpfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition initrc_t tmpfs_t fifo_file initrc_state_t)
(typetransition initrc_t tmpfs_t lnk_file initrc_state_t)
(typetransition initrc_t tmpfs_t dir initrc_state_t)
(typetransition initrc_t tmpfs_t file initrc_state_t)
(allow init_t tmpfs_t (dir (getattr open search)))
(allow init_t tmpfs_t (file (ioctl read getattr lock open)))
(dontaudit initrc_t adjtime_t (file (write)))
(allow initrc_t etc_t (dir (getattr open search)))
(allow initrc_t selinux_config_t (dir (getattr open search)))
(allow initrc_t default_context_t (dir (ioctl read getattr lock open search)))
(allow initrc_t default_context_t (dir (getattr open search)))
(allow initrc_t default_context_t (file (ioctl read getattr lock open)))
(allow initrc_t etc_t (dir (getattr open search)))
(allow initrc_t net_conf_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow initrc_t self (capability (sys_admin)))
(allow initrc_t init_script_readable (dir (getattr open search)))
(allow initrc_t init_script_readable (file (ioctl read getattr lock open)))
(allow initrc_t init_script_readable (dir (getattr open search)))
(allow initrc_t init_script_readable (lnk_file (read getattr)))
(allow initrc_t initrc_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t initrc_runtime_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow initrc_t var_t (dir (getattr open search)))
(allow initrc_t var_run_t (lnk_file (read getattr)))
(allow initrc_t var_run_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition initrc_t var_run_t dir initrc_runtime_t)
(allow initrc_t proc_t (dir (getattr open search)))
(allow initrc_t proc_t (file (ioctl write getattr lock append open)))
(allow initrc_t sysfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t sysfs_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow initrc_t device_t (chr_file (setattr)))
(dontaudit initrc_t usr_t (dir (write)))
(allow initrc_t tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t tmp_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow initrc_t tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t tmp_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow initrc_t cgroup_types (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t cgroup_types (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow initrc_t sysfs_t (dir (getattr open search)))
(allow initrc_t sysfs_t (dir (getattr open search)))
(allow initrc_t cgroup_types (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow initrc_t cgroup_types (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow initrc_t sysfs_t (dir (getattr open search)))
(allow initrc_t sysfs_t (dir (getattr open search)))
(allow initrc_t devlog_t (sock_file (unlink)))
(allow init_t init_domain_type (process (noatsecure rlimitinh)))
(allow init_t init_script_domain_type (process (noatsecure rlimitinh)))
(allow init_t daemon (process (noatsecure rlimitinh)))
(allow init_t systemprocess (process (noatsecure rlimitinh)))
(allow initrc_t init_domain_type (process (noatsecure rlimitinh)))
(allow initrc_t init_script_domain_type (process (noatsecure rlimitinh)))
(allow initrc_t daemon (process (noatsecure rlimitinh)))
(allow initrc_t systemprocess (process (noatsecure rlimitinh)))
(allow init_t init_domain_type (process2 (nnp_transition nosuid_transition)))
(allow init_t init_script_domain_type (process2 (nnp_transition nosuid_transition)))
(allow init_t daemon (process2 (nnp_transition nosuid_transition)))
(allow init_t systemprocess (process2 (nnp_transition nosuid_transition)))
(allow initrc_t init_domain_type (process2 (nnp_transition nosuid_transition)))
(allow initrc_t init_script_domain_type (process2 (nnp_transition nosuid_transition)))
(allow initrc_t daemon (process2 (nnp_transition nosuid_transition)))
(allow initrc_t systemprocess (process2 (nnp_transition nosuid_transition)))
(dontaudit daemon privfd (fd (use)))
(dontaudit daemon console_device_t (chr_file (ioctl read write getattr lock append open)))
(dontaudit daemon init_t (fd (use)))
(allow daemon device_t (dir (getattr open search)))
(allow daemon device_t (dir (ioctl read getattr lock open search)))
(allow daemon device_t (dir (getattr open search)))
(allow daemon device_t (lnk_file (read getattr)))
(allow daemon devpts_t (dir (ioctl read getattr lock open search)))
(allow daemon initrc_devpts_t (chr_file (ioctl read write getattr lock append open)))
(dontaudit systemprocess init_t (unix_stream_socket (getattr)))
(typetransition initrc_t var_run_t dir "openrc" initrc_state_t)
(typetransition initrc_t var_run_t dir "lock" var_lock_t)
(typetransition init_t init_runtime_t sock_file "syslog" devlog_t)
(booleanif (use_samba_home_dirs)
    (true
        (dontaudit daemon cifs_t (file (ioctl read write getattr lock append open)))
    )
)
(booleanif (use_nfs_home_dirs)
    (true
        (dontaudit daemon nfs_t (file (ioctl read write getattr lock append open)))
    )
)
(booleanif (init_daemons_use_tty)
    (true
        (allow daemon ptynode (chr_file (ioctl read write getattr lock append open)))
        (allow daemon devpts_t (dir (ioctl read getattr lock open search)))
        (allow daemon device_t (lnk_file (read getattr)))
        (allow daemon device_t (dir (getattr open search)))
        (allow daemon device_t (dir (ioctl read getattr lock open search)))
        (allow daemon device_t (dir (getattr open search)))
        (allow daemon ttynode (chr_file (ioctl read write getattr lock append open)))
        (allow daemon device_t (lnk_file (read getattr)))
        (allow daemon device_t (dir (getattr open search)))
        (allow daemon device_t (dir (ioctl read getattr lock open search)))
        (allow daemon device_t (dir (getattr open search)))
        (allow daemon devpts_t (chr_file (ioctl read write getattr lock append open)))
        (allow daemon devpts_t (dir (ioctl read getattr lock open search)))
        (allow daemon device_t (lnk_file (read getattr)))
        (allow daemon device_t (dir (getattr open search)))
        (allow daemon device_t (dir (ioctl read getattr lock open search)))
        (allow daemon device_t (dir (getattr open search)))
        (allow daemon tty_device_t (chr_file (ioctl read write getattr lock append open)))
        (allow daemon device_t (lnk_file (read getattr)))
        (allow daemon device_t (dir (getattr open search)))
        (allow daemon device_t (dir (ioctl read getattr lock open search)))
        (allow daemon device_t (dir (getattr open search)))
    )
    (false
        (dontaudit daemon ptynode (chr_file (ioctl read write getattr lock append open)))
        (dontaudit daemon ttynode (chr_file (ioctl read write getattr lock append open)))
        (dontaudit daemon devpts_t (chr_file (ioctl read write getattr)))
        (dontaudit daemon tty_device_t (chr_file (ioctl read write getattr lock append open)))
    )
)
(booleanif (init_upstart)
    (true
        (typetransition init_t shell_exec_t process initrc_t)
        (dontaudit init_t initrc_t (process (noatsecure siginh rlimitinh)))
        (allow init_t initrc_t (process (transition)))
        (allow init_t shell_exec_t (file (ioctl read getattr map execute open)))
        (allow init_t bin_t (dir (ioctl read getattr lock open search)))
        (allow init_t bin_t (dir (getattr open search)))
        (allow init_t usr_t (dir (getattr open search)))
        (allow init_t bin_t (lnk_file (read getattr)))
        (allow init_t bin_t (dir (getattr open search)))
    )
    (false
        (allow sysadm_t init_t (process (sigchld)))
        (allow sysadm_t init_t (fifo_file (ioctl read write getattr lock append)))
        (allow sysadm_t init_t (fd (use)))
        (typetransition init_t shell_exec_t process sysadm_t)
        (dontaudit init_t sysadm_t (process (noatsecure siginh rlimitinh)))
        (allow init_t sysadm_t (process (transition)))
        (allow init_t shell_exec_t (file (ioctl read getattr map execute open)))
        (allow init_t bin_t (dir (ioctl read getattr lock open search)))
        (allow init_t bin_t (dir (getattr open search)))
        (allow init_t usr_t (dir (getattr open search)))
        (allow init_t bin_t (lnk_file (read getattr)))
        (allow init_t bin_t (dir (getattr open search)))
    )
)
(booleanif (and (not (secure_mode_policyload)) (not (secure_mode_setbool)))
    (true
        (allow init_t secure_mode_policyload_t (file (ioctl write getattr lock append open)))
    )
    (false
        (dontaudit init_t secure_mode_policyload_t (file (ioctl write getattr lock append open)))
    )
)
(booleanif (secure_mode_setbool)
    (true
        (dontaudit init_t init_typeattr_1 (file (ioctl write getattr lock append open)))
        (dontaudit init_t security_t (file (ioctl write getattr lock append open)))
        (dontaudit init_t security_t (security (setbool)))
    )
    (false
        (allow init_t init_typeattr_1 (file (ioctl write getattr lock append open)))
        (allow init_t security_t (file (ioctl write getattr lock append open)))
        (allow init_t security_t (security (setbool)))
    )
)
(typeattribute init_typeattr_1)
(typeattributeset init_typeattr_1 (and (boolean_type ) (not (secure_mode_policyload_t ))))
(optional init_optional_2
    (typeattributeset cil_gen_require init_t)
    (roletype system_r init_t)
    (allow init_t init_t (process (sigchld)))
    (allow init_t init_t (process (signull)))
    (optional init_optional_3
        (typeattributeset cil_gen_require rpm_t)
        (allow init_t rpm_t (fd (use)))
        (allow init_t rpm_t (fifo_file (ioctl read getattr lock open)))
    )
    (optional init_optional_4
        (typeattributeset cil_gen_require security_t)
        (typeattributeset cil_gen_require sysfs_t)
        (dontaudit init_t security_t (filesystem (getattr)))
        (dontaudit init_t sysfs_t (filesystem (getattr)))
        (dontaudit init_t sysfs_t (dir (getattr open search)))
        (dontaudit init_t security_t (dir (getattr open search)))
        (dontaudit init_t security_t (file (ioctl read getattr lock open)))
        (optional init_optional_5
            (typeattributeset cil_gen_require selinux_config_t)
            (dontaudit init_t selinux_config_t (dir (getattr open search)))
            (dontaudit init_t selinux_config_t (file (ioctl read getattr lock open)))
            (optional init_optional_6
                (typeattributeset cil_gen_require kubernetes_mountpoint_type)
                (typeattributeset cil_gen_require kubernetes_mountpoint_type)
                (typeattributeset kubernetes_mountpoint_type (init_t ))
            )
            (optional init_optional_7
                (typeattributeset cil_gen_require screen_exec_t)
                (allow init_t screen_exec_t (file (ioctl read getattr map execute open)))
            )
            (optional init_optional_8
                (typeattributeset cil_gen_require init_t)
                (roletype system_r init_t)
                (allow initrc_t init_t (process (sigchld)))
                (allow initrc_t init_t (process (signull)))
                (optional init_optional_9
                    (typeattributeset cil_gen_require rpm_t)
                    (allow initrc_t rpm_t (fd (use)))
                    (allow initrc_t rpm_t (fifo_file (ioctl read getattr lock open)))
                )
                (optional init_optional_10
                    (typeattributeset cil_gen_require security_t)
                    (typeattributeset cil_gen_require sysfs_t)
                    (dontaudit initrc_t security_t (filesystem (getattr)))
                    (dontaudit initrc_t sysfs_t (filesystem (getattr)))
                    (dontaudit initrc_t sysfs_t (dir (getattr open search)))
                    (dontaudit initrc_t security_t (dir (getattr open search)))
                    (dontaudit initrc_t security_t (file (ioctl read getattr lock open)))
                    (optional init_optional_11
                        (typeattributeset cil_gen_require selinux_config_t)
                        (dontaudit initrc_t selinux_config_t (dir (getattr open search)))
                        (dontaudit initrc_t selinux_config_t (file (ioctl read getattr lock open)))
                        (optional init_optional_12
                            (typeattributeset cil_gen_require etc_t)
                            (typeattributeset cil_gen_require modules_object_t)
                            (typeattributeset cil_gen_require modules_conf_t)
                            (typeattributeset cil_gen_require boot_t)
                            (typeattributeset cil_gen_require modules_dep_t)
                            (allow init_t etc_t (dir (getattr open search)))
                            (allow init_t boot_t (dir (getattr open search)))
                            (allow init_t modules_conf_t (dir (ioctl read getattr lock open search)))
                            (allow init_t modules_conf_t (file (ioctl read getattr lock open)))
                            (allow init_t modules_conf_t (lnk_file (read getattr)))
                            (allow init_t modules_object_t (dir (ioctl read getattr lock open search)))
                            (allow init_t modules_object_t (dir (getattr open search)))
                            (allow init_t modules_object_t (lnk_file (read getattr)))
                            (allow init_t modules_dep_t (file (ioctl read getattr lock map open)))
                        )
                        (optional init_optional_13
                            (typeattributeset cil_gen_require var_t)
                            (typeattributeset cil_gen_require var_log_t)
                            (typeattributeset cil_gen_require wtmp_t)
                            (allow init_t wtmp_t (file (ioctl read write getattr lock append open)))
                            (allow init_t var_t (dir (getattr open search)))
                            (allow init_t var_log_t (dir (getattr open search)))
                            (allow init_t var_log_t (lnk_file (read getattr)))
                            (optional init_optional_14
                                (typeattributeset cil_gen_require var_t)
                                (typeattributeset cil_gen_require var_run_t)
                                (typeattributeset cil_gen_require dbusd_system_bus_client)
                                (typeattributeset cil_gen_require system_dbusd_t)
                                (typeattributeset cil_gen_require system_dbusd_runtime_t)
                                (typeattributeset cil_gen_require system_dbusd_var_lib_t)
                                (typeattributeset cil_gen_require var_lib_t)
                                (typeattributeset cil_gen_require session_dbusd_tmp_t)
                                (typeattributeset cil_gen_require dbusd_etc_t)
                                (typeattributeset cil_gen_require dbusd_system_bus_client)
                                (typeattributeset dbusd_system_bus_client (init_t ))
                                (allow init_t system_dbusd_t (dbus (send_msg)))
                                (allow init_t self (dbus (send_msg)))
                                (allow system_dbusd_t init_t (dbus (send_msg)))
                                (allow init_t var_t (dir (getattr open search)))
                                (allow init_t var_lib_t (dir (getattr open search)))
                                (allow init_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow init_t system_dbusd_var_lib_t (file (ioctl read getattr lock open)))
                                (allow init_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow init_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                (allow init_t session_dbusd_tmp_t (dir (getattr open search)))
                                (allow init_t session_dbusd_tmp_t (sock_file (read write getattr append open)))
                                (allow init_t var_run_t (lnk_file (read getattr)))
                                (allow init_t var_t (dir (getattr open search)))
                                (allow init_t var_run_t (dir (getattr open search)))
                                (allow init_t system_dbusd_runtime_t (dir (getattr open search)))
                                (allow init_t system_dbusd_runtime_t (sock_file (write getattr append open)))
                                (allow init_t system_dbusd_t (unix_stream_socket (connectto)))
                                (allow init_t dbusd_etc_t (dir (ioctl read getattr lock open search)))
                                (allow init_t dbusd_etc_t (file (ioctl read getattr lock open)))
                                (allow init_t system_dbusd_runtime_t (dir (ioctl read getattr lock open search)))
                                (allow init_t system_dbusd_runtime_t (sock_file (read)))
                                (allow init_t system_dbusd_var_lib_t (dir (getattr open search)))
                                (allow init_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                (optional init_optional_15
                                    (typeattributeset cil_gen_require unconfined_t)
                                    (allow init_t unconfined_t (dbus (send_msg)))
                                )
                            )
                            (optional init_optional_16
                                (typeattributeset cil_gen_require var_t)
                                (typeattributeset cil_gen_require var_run_t)
                                (typeattributeset cil_gen_require nscd_t)
                                (typeattributeset cil_gen_require nscd_runtime_t)
                                (booleanif (nscd_use_shm)
                                    (true
                                        (allow init_t nscd_runtime_t (sock_file (read getattr open)))
                                        (allow init_t nscd_runtime_t (dir (ioctl read getattr lock open search)))
                                        (dontaudit init_t nscd_runtime_t (file (ioctl read getattr lock open)))
                                        (allow init_t nscd_t (unix_stream_socket (connectto)))
                                        (allow init_t nscd_runtime_t (sock_file (write getattr append open)))
                                        (allow init_t nscd_runtime_t (dir (getattr open search)))
                                        (allow init_t var_run_t (dir (getattr open search)))
                                        (allow init_t var_t (dir (getattr open search)))
                                        (allow init_t var_run_t (lnk_file (read getattr)))
                                        (allow init_t nscd_t (fd (use)))
                                        (allow init_t nscd_t (nscd (getgrp gethost getpwd shmemgrp shmemhost shmempwd)))
                                        (allow init_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown)))
                                    )
                                    (false
                                        (allow nscd_t init_t (process (getattr)))
                                        (allow nscd_t init_t (lnk_file (read getattr)))
                                        (allow nscd_t init_t (file (ioctl read getattr lock open)))
                                        (allow nscd_t init_t (dir (ioctl read getattr lock open search)))
                                        (dontaudit init_t nscd_runtime_t (file (ioctl read getattr lock open)))
                                        (allow init_t nscd_t (unix_stream_socket (connectto)))
                                        (allow init_t nscd_runtime_t (sock_file (write getattr append open)))
                                        (allow init_t nscd_runtime_t (dir (getattr open search)))
                                        (allow init_t var_run_t (dir (getattr open search)))
                                        (allow init_t var_t (dir (getattr open search)))
                                        (allow init_t var_run_t (lnk_file (read getattr)))
                                        (dontaudit init_t nscd_t (nscd (shmemgrp shmemhost shmempwd getserv shmemserv)))
                                        (dontaudit init_t nscd_t (fd (use)))
                                        (allow init_t nscd_t (nscd (getgrp gethost getpwd)))
                                        (allow init_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                                    )
                                )
                            )
                            (optional init_optional_17
                                (typeattributeset cil_gen_require bin_t)
                                (typeattributeset cil_gen_require usr_t)
                                (typeattributeset cil_gen_require shutdown_t)
                                (typeattributeset cil_gen_require shutdown_exec_t)
                                (allow init_t bin_t (dir (getattr open search)))
                                (allow init_t bin_t (lnk_file (read getattr)))
                                (allow init_t usr_t (dir (getattr open search)))
                                (allow init_t shutdown_exec_t (file (ioctl read getattr map execute open)))
                                (allow init_t shutdown_t (process (transition)))
                                (dontaudit init_t shutdown_t (process (noatsecure siginh rlimitinh)))
                                (typetransition init_t shutdown_exec_t process shutdown_t)
                                (allow shutdown_t init_t (fd (use)))
                                (allow shutdown_t init_t (fifo_file (ioctl read write getattr lock append)))
                                (allow shutdown_t init_t (process (sigchld)))
                            )
                            (optional init_optional_18
                                (typeattributeset cil_gen_require var_t)
                                (typeattributeset cil_gen_require var_run_t)
                                (typeattributeset cil_gen_require sssd_t)
                                (typeattributeset cil_gen_require sssd_var_lib_t)
                                (allow init_t var_run_t (lnk_file (read getattr)))
                                (allow init_t var_t (dir (getattr open search)))
                                (allow init_t var_run_t (dir (getattr open search)))
                                (allow init_t sssd_var_lib_t (dir (getattr open search)))
                                (allow init_t sssd_var_lib_t (sock_file (write getattr append open)))
                                (allow init_t sssd_t (unix_stream_socket (connectto)))
                            )
                            (optional init_optional_19
                                (typeattributeset cil_gen_require domain)
                                (typeattributeset domain (init_t initrc_t ))
                                (typeattributeset cil_gen_require etc_t)
                                (typeattributeset cil_gen_require unconfined_t)
                                (typeattributeset cil_gen_require kern_unconfined)
                                (typeattributeset cil_gen_require can_load_kernmodule)
                                (typeattributeset cil_gen_require corenet_unconfined_type)
                                (typeattributeset cil_gen_require devices_unconfined_type)
                                (typeattributeset cil_gen_require set_curr_context)
                                (typeattributeset cil_gen_require can_change_object_identity)
                                (typeattributeset can_change_object_identity (initrc_t ))
                                (typeattributeset cil_gen_require unconfined_domain_type)
                                (typeattributeset cil_gen_require process_uncond_exempt)
                                (typeattributeset cil_gen_require files_unconfined_type)
                                (typeattributeset cil_gen_require filesystem_unconfined_type)
                                (typeattributeset cil_gen_require selinux_unconfined_type)
                                (typeattributeset cil_gen_require corenet_unconfined_type)
                                (typeattributeset corenet_unconfined_type (init_t ))
                                (typeattributeset cil_gen_require process_uncond_exempt)
                                (typeattributeset process_uncond_exempt (init_t ))
                                (typeattributeset cil_gen_require unconfined_domain_type)
                                (typeattributeset unconfined_domain_type (init_t ))
                                (typeattributeset cil_gen_require can_load_kernmodule)
                                (typeattributeset can_load_kernmodule (init_t ))
                                (typeattributeset cil_gen_require filesystem_unconfined_type)
                                (typeattributeset filesystem_unconfined_type (init_t ))
                                (typeattributeset cil_gen_require set_curr_context)
                                (typeattributeset set_curr_context (init_t ))
                                (typeattributeset cil_gen_require devices_unconfined_type)
                                (typeattributeset devices_unconfined_type (init_t ))
                                (typeattributeset cil_gen_require files_unconfined_type)
                                (typeattributeset files_unconfined_type (init_t ))
                                (typeattributeset cil_gen_require kern_unconfined)
                                (typeattributeset kern_unconfined (init_t ))
                                (typeattributeset cil_gen_require can_change_object_identity)
                                (typeattributeset can_change_object_identity (init_t ))
                                (typeattributeset cil_gen_require selinux_unconfined_type)
                                (typeattributeset selinux_unconfined_type (init_t ))
                                (allow init_t self (capability (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
                                (allow init_t self (cap_userns (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
                                (allow init_t self (capability2 (syslog wake_alarm perfmon bpf)))
                                (allow init_t self (cap2_userns (syslog wake_alarm perfmon bpf)))
                                (allow init_t self (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                (allow init_t self (cap_userns (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write setfcap)))
                                (allow init_t self (cap2_userns (mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon bpf)))
                                (allow init_t self (process (transition)))
                                (allow init_t self (file (ioctl read write getattr lock append open)))
                                (allow init_t self (anon_inode (read write create map)))
                                (allow init_t self (nscd (getgrp gethost getpwd shmemgrp shmemhost shmempwd getserv shmemserv getstat admin)))
                                (allow init_t self (dbus (send_msg acquire_svc)))
                                (allow init_t self (passwd (rootok passwd chfn chsh crontab)))
                                (allow init_t self (association (sendto recvfrom setcontext polmatch)))
                                (dontaudit init_t domain (dir (ioctl read getattr lock open search)))
                                (dontaudit init_t domain (lnk_file (read getattr)))
                                (dontaudit init_t domain (file (ioctl read getattr lock open)))
                                (dontaudit init_t domain (sock_file (read getattr open)))
                                (dontaudit init_t domain (fifo_file (ioctl read getattr lock open)))
                                (dontaudit init_t domain (process (ptrace)))
                                (allow init_t etc_t (service (status)))
                                (allow init_t etc_t (service (start)))
                                (allow init_t etc_t (service (stop)))
                                (booleanif (allow_execstack)
                                    (true
                                        (allow init_t self (process (execmem execstack)))
                                    )
                                )
                                (booleanif (allow_execmem)
                                    (true
                                        (allow init_t self (process (execmem)))
                                    )
                                )
                                (booleanif (allow_execheap)
                                    (true
                                        (allow init_t self (process (execheap)))
                                        (auditallow init_t self (process (execheap)))
                                    )
                                )
                                (optional init_optional_20
                                    (typeattributeset cil_gen_require can_read_shadow_passwords)
                                    (typeattributeset cil_gen_require can_write_shadow_passwords)
                                    (typeattributeset cil_gen_require can_relabelto_shadow_passwords)
                                    (typeattributeset cil_gen_require can_write_shadow_passwords)
                                    (typeattributeset can_write_shadow_passwords (init_t ))
                                    (typeattributeset cil_gen_require can_read_shadow_passwords)
                                    (typeattributeset can_read_shadow_passwords (init_t ))
                                    (typeattributeset cil_gen_require can_relabelto_shadow_passwords)
                                    (typeattributeset can_relabelto_shadow_passwords (init_t ))
                                )
                                (optional init_optional_21
                                    (typeattributeset cil_gen_require dbusd_unconfined)
                                    (typeattributeset cil_gen_require dbusd_unconfined)
                                    (typeattributeset dbusd_unconfined (init_t ))
                                )
                                (optional init_optional_22
                                    (typeattributeset cil_gen_require ipsec_spd_t)
                                    (allow init_t ipsec_spd_t (association (setcontext)))
                                    (allow init_t ipsec_spd_t (association (polmatch)))
                                    (allow init_t self (association (sendto)))
                                )
                                (optional init_optional_23
                                    (typeattributeset cil_gen_require nscd_t)
                                    (allow init_t nscd_t (nscd (getgrp gethost getpwd shmemgrp shmemhost shmempwd getserv shmemserv getstat admin)))
                                )
                                (optional init_optional_24
                                    (typeattributeset cil_gen_require sepgsql_unconfined_type)
                                    (typeattributeset cil_gen_require sepgsql_unconfined_type)
                                    (typeattributeset sepgsql_unconfined_type (init_t ))
                                )
                                (optional init_optional_25
                                    (typeattributeset cil_gen_require selinux_config_t)
                                    (typeattributeset cil_gen_require etc_t)
                                    (typeattributeset cil_gen_require policy_config_t)
                                    (typeattributeset cil_gen_require can_relabelto_binary_policy)
                                    (typeattributeset cil_gen_require can_relabelto_binary_policy)
                                    (typeattributeset can_relabelto_binary_policy (init_t ))
                                    (allow init_t etc_t (dir (getattr open search)))
                                    (allow init_t selinux_config_t (dir (getattr open search)))
                                    (allow init_t policy_config_t (dir (ioctl write getattr lock open add_name search)))
                                    (allow init_t policy_config_t (file (create getattr open)))
                                    (allow init_t policy_config_t (dir (getattr open search)))
                                    (allow init_t policy_config_t (file (ioctl write getattr lock append open)))
                                    (allow init_t policy_config_t (file (relabelto)))
                                )
                                (optional init_optional_26
                                    (typeattributeset cil_gen_require storage_unconfined_type)
                                    (typeattributeset cil_gen_require storage_unconfined_type)
                                    (typeattributeset storage_unconfined_type (init_t ))
                                )
                                (optional init_optional_27
                                    (typeattributeset cil_gen_require x_domain)
                                    (typeattributeset cil_gen_require xserver_unconfined_type)
                                    (typeattributeset cil_gen_require x_domain)
                                    (typeattributeset x_domain (init_t ))
                                    (typeattributeset cil_gen_require xserver_unconfined_type)
                                    (typeattributeset xserver_unconfined_type (init_t ))
                                )
                            )
                            (optional init_optional_28
                                (typeattributeset cil_gen_require init_mountpoint_type)
                                (typeattributeset init_mountpoint_type (init_runtime_t ))
                                (typeattributeset cil_gen_require init_mountpoint_type)
                                (typeattributeset init_mountpoint_type (initrc_state_t ))
                                (optional init_optional_29
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require var_run_t)
                                    (typeattributeset cil_gen_require abrt_runtime_t)
                                    (allow initrc_t var_run_t (lnk_file (read getattr)))
                                    (allow initrc_t var_t (dir (getattr open search)))
                                    (allow initrc_t var_run_t (dir (getattr open search)))
                                    (allow initrc_t abrt_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                    (allow initrc_t abrt_runtime_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                )
                                (optional init_optional_30
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require var_lib_t)
                                    (typeattributeset cil_gen_require alsa_var_lib_t)
                                    (allow initrc_t var_t (dir (getattr open search)))
                                    (allow initrc_t var_lib_t (dir (getattr open search)))
                                    (allow initrc_t alsa_var_lib_t (dir (getattr open search)))
                                    (allow initrc_t alsa_var_lib_t (file (ioctl read getattr lock open)))
                                    (allow initrc_t alsa_var_lib_t (dir (getattr open search)))
                                    (allow initrc_t alsa_var_lib_t (dir (ioctl read getattr lock open search)))
                                )
                                (optional init_optional_31
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require var_lib_t)
                                    (typeattributeset cil_gen_require arpwatch_data_t)
                                    (allow initrc_t var_t (dir (getattr open search)))
                                    (allow initrc_t var_lib_t (dir (getattr open search)))
                                    (allow initrc_t arpwatch_data_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                    (allow initrc_t arpwatch_data_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                )
                                (optional init_optional_32
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require var_lib_t)
                                    (typeattributeset cil_gen_require dhcpd_state_t)
                                    (typeattributeset cil_gen_require dhcp_state_t)
                                    (allow initrc_t var_t (dir (getattr open search)))
                                    (allow initrc_t var_lib_t (dir (getattr open search)))
                                    (allow initrc_t dhcp_state_t (dir (getattr open search)))
                                    (allow initrc_t dhcpd_state_t (file (setattr)))
                                )
                                (optional init_optional_33
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require var_run_t)
                                    (typeattributeset cil_gen_require var_lib_t)
                                    (typeattributeset cil_gen_require amavis_var_lib_t)
                                    (typeattributeset cil_gen_require amavis_runtime_t)
                                    (allow initrc_t amavis_var_lib_t (dir (getattr open search)))
                                    (allow initrc_t var_t (dir (getattr open search)))
                                    (allow initrc_t var_lib_t (dir (getattr open search)))
                                    (allow initrc_t amavis_runtime_t (file (setattr)))
                                    (allow initrc_t var_run_t (lnk_file (read getattr)))
                                    (allow initrc_t var_t (dir (getattr open search)))
                                    (allow initrc_t var_run_t (dir (getattr open search)))
                                )
                                (optional init_optional_34
                                    (typeattributeset cil_gen_require device_t)
                                    (typeattributeset cil_gen_require acpi_bios_t)
                                    (allow initrc_t device_t (dir (getattr open search)))
                                    (allow initrc_t acpi_bios_t (chr_file (ioctl read write getattr lock append open)))
                                )
                                (optional init_optional_35
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require etc_t)
                                    (typeattributeset cil_gen_require httpd_config_t)
                                    (typeattributeset cil_gen_require httpd_modules_t)
                                    (typeattributeset cil_gen_require httpd_sys_content_t)
                                    (allow initrc_t etc_t (dir (getattr open search)))
                                    (allow initrc_t httpd_config_t (dir (ioctl read getattr lock open search)))
                                    (allow initrc_t httpd_config_t (dir (getattr open search)))
                                    (allow initrc_t httpd_config_t (file (ioctl read getattr lock open)))
                                    (allow initrc_t httpd_config_t (dir (getattr open search)))
                                    (allow initrc_t httpd_config_t (lnk_file (read getattr)))
                                    (allow initrc_t httpd_modules_t (dir (ioctl read getattr lock open search)))
                                    (allow daemon var_t (dir (getattr open search)))
                                    (allow daemon httpd_sys_content_t (dir (getattr open search)))
                                )
                                (optional init_optional_36
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require var_log_t)
                                    (typeattributeset cil_gen_require asterisk_log_t)
                                    (allow initrc_t asterisk_log_t (dir (getattr open search)))
                                    (allow initrc_t asterisk_log_t (file (setattr)))
                                    (allow initrc_t asterisk_log_t (dir (getattr open search)))
                                    (allow initrc_t asterisk_log_t (dir (setattr)))
                                    (allow initrc_t var_t (dir (getattr open search)))
                                    (allow initrc_t var_log_t (dir (getattr open search)))
                                    (allow initrc_t var_log_t (lnk_file (read getattr)))
                                )
                                (optional init_optional_37
                                    (typeattributeset cil_gen_require named_conf_t)
                                    (allow initrc_t named_conf_t (dir (getattr open search)))
                                    (allow initrc_t named_conf_t (file (ioctl read getattr lock open)))
                                )
                                (optional init_optional_38
                                    (typeattributeset cil_gen_require bluetooth_conf_t)
                                    (allow initrc_t bluetooth_conf_t (file (ioctl read getattr lock open)))
                                )
                                (optional init_optional_39
                                    (typeattributeset cil_gen_require domain)
                                    (typeattributeset domain (init_t initrc_t ))
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require var_run_t)
                                    (typeattributeset cil_gen_require cgred_runtime_t)
                                    (typeattributeset cil_gen_require cgred_t)
                                    (allow initrc_t cgred_runtime_t (dir (getattr open search)))
                                    (allow initrc_t cgred_runtime_t (sock_file (write getattr append open)))
                                    (allow initrc_t cgred_t (unix_stream_socket (connectto)))
                                    (allow initrc_t var_run_t (lnk_file (read getattr)))
                                    (allow initrc_t var_t (dir (getattr open search)))
                                    (allow initrc_t var_run_t (dir (getattr open search)))
                                    (allow initrc_t domain (process (setsched)))
                                )
                                (optional init_optional_40
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require var_run_t)
                                    (typeattributeset cil_gen_require etc_t)
                                    (typeattributeset cil_gen_require clamd_runtime_t)
                                    (typeattributeset cil_gen_require clamd_etc_t)
                                    (allow initrc_t var_t (dir (getattr open search)))
                                    (allow initrc_t var_run_t (lnk_file (read getattr)))
                                    (allow initrc_t var_run_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                    (allow initrc_t etc_t (dir (getattr open search)))
                                    (allow initrc_t clamd_etc_t (file (ioctl read getattr lock open)))
                                    (typetransition initrc_t var_run_t dir "clamav" clamd_runtime_t)
                                )
                                (optional init_optional_41
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require var_run_t)
                                    (typeattributeset cil_gen_require cockpit_runtime_t)
                                    (allow initrc_t var_run_t (lnk_file (read getattr)))
                                    (allow initrc_t var_t (dir (getattr open search)))
                                    (allow initrc_t var_run_t (dir (getattr open search)))
                                    (allow initrc_t cockpit_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                    (allow initrc_t cockpit_runtime_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                                )
                                (optional init_optional_42
                                    (typeattributeset cil_gen_require etc_t)
                                    (typeattributeset cil_gen_require courier_etc_t)
                                    (allow initrc_t etc_t (dir (getattr open search)))
                                    (allow initrc_t courier_etc_t (dir (getattr open search)))
                                    (allow initrc_t courier_etc_t (file (ioctl read getattr lock open)))
                                )
                                (optional init_optional_43
                                    (typeattributeset cil_gen_require device_t)
                                    (typeattributeset cil_gen_require cpucontrol_t)
                                    (typeattributeset cil_gen_require cpu_device_t)
                                    (allow initrc_t device_t (dir (getattr open search)))
                                    (allow initrc_t cpu_device_t (chr_file (getattr)))
                                )
                                (optional init_optional_44
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require var_spool_t)
                                    (typeattributeset cil_gen_require crond_t)
                                    (typeattributeset cil_gen_require system_cron_spool_t)
                                    (allow initrc_t crond_t (fifo_file (ioctl read getattr lock open)))
                                    (allow initrc_t var_t (dir (getattr open search)))
                                    (allow initrc_t var_spool_t (dir (getattr open search)))
                                    (allow initrc_t system_cron_spool_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                    (allow initrc_t system_cron_spool_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                )
                                (optional init_optional_45
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require device_t)
                                    (typeattributeset cil_gen_require etc_t)
                                    (typeattributeset cil_gen_require var_log_t)
                                    (typeattributeset cil_gen_require printer_device_t)
                                    (typeattributeset cil_gen_require cupsd_log_t)
                                    (typeattributeset cil_gen_require cupsd_etc_t)
                                    (typeattributeset cil_gen_require cupsd_rw_etc_t)
                                    (allow initrc_t device_t (dir (getattr open search)))
                                    (allow initrc_t printer_device_t (chr_file (getattr)))
                                    (allow initrc_t var_t (dir (getattr open search)))
                                    (allow initrc_t var_log_t (dir (getattr open search)))
                                    (allow initrc_t var_log_t (lnk_file (read getattr)))
                                    (allow initrc_t cupsd_log_t (file (ioctl read getattr lock open)))
                                    (allow initrc_t etc_t (dir (getattr open search)))
                                    (allow initrc_t cupsd_etc_t (dir (getattr open search)))
                                    (allow initrc_t cupsd_rw_etc_t (dir (getattr open search)))
                                    (allow initrc_t cupsd_rw_etc_t (file (ioctl read getattr lock open)))
                                    (allow initrc_t var_t (dir (getattr open search)))
                                    (allow initrc_t var_log_t (dir (getattr open search)))
                                    (allow initrc_t var_log_t (lnk_file (read getattr)))
                                    (allow initrc_t cupsd_log_t (file (ioctl write getattr lock append open)))
                                )
                                (optional init_optional_46
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require svc_svc_t)
                                    (allow initrc_t var_t (dir (getattr open search)))
                                    (allow initrc_t svc_svc_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                                    (allow initrc_t svc_svc_t (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                    (allow initrc_t svc_svc_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                    (allow initrc_t svc_svc_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                                )
                                (optional init_optional_47
                                    (typeattributeset cil_gen_require init_t)
                                    (roletype system_r init_t)
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require var_run_t)
                                    (typeattributeset cil_gen_require dbusd_system_bus_client)
                                    (typeattributeset cil_gen_require system_dbusd_t)
                                    (typeattributeset cil_gen_require system_dbusd_runtime_t)
                                    (typeattributeset cil_gen_require system_dbusd_var_lib_t)
                                    (typeattributeset cil_gen_require var_lib_t)
                                    (typeattributeset cil_gen_require session_dbusd_tmp_t)
                                    (typeattributeset cil_gen_require dbusd_etc_t)
                                    (typeattributeset cil_gen_require dbusd_system_bus_client)
                                    (typeattributeset dbusd_system_bus_client (initrc_t ))
                                    (allow initrc_t system_dbusd_t (dbus (acquire_svc)))
                                    (allow initrc_t system_dbusd_t (dbus (send_msg)))
                                    (allow initrc_t self (dbus (send_msg)))
                                    (allow system_dbusd_t initrc_t (dbus (send_msg)))
                                    (allow initrc_t var_t (dir (getattr open search)))
                                    (allow initrc_t var_lib_t (dir (getattr open search)))
                                    (allow initrc_t system_dbusd_var_lib_t (dir (getattr open search)))
                                    (allow initrc_t system_dbusd_var_lib_t (file (ioctl read getattr lock open)))
                                    (allow initrc_t system_dbusd_var_lib_t (dir (getattr open search)))
                                    (allow initrc_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                    (allow initrc_t session_dbusd_tmp_t (dir (getattr open search)))
                                    (allow initrc_t session_dbusd_tmp_t (sock_file (read write getattr append open)))
                                    (allow initrc_t var_run_t (lnk_file (read getattr)))
                                    (allow initrc_t var_t (dir (getattr open search)))
                                    (allow initrc_t var_run_t (dir (getattr open search)))
                                    (allow initrc_t system_dbusd_runtime_t (dir (getattr open search)))
                                    (allow initrc_t system_dbusd_runtime_t (sock_file (write getattr append open)))
                                    (allow initrc_t system_dbusd_t (unix_stream_socket (connectto)))
                                    (allow initrc_t dbusd_etc_t (dir (ioctl read getattr lock open search)))
                                    (allow initrc_t dbusd_etc_t (file (ioctl read getattr lock open)))
                                    (allow initrc_t system_dbusd_runtime_t (dir (ioctl read getattr lock open search)))
                                    (allow initrc_t system_dbusd_runtime_t (sock_file (read)))
                                    (allow initrc_t system_dbusd_var_lib_t (dir (getattr open search)))
                                    (allow initrc_t system_dbusd_var_lib_t (lnk_file (read getattr)))
                                    (allow initrc_t dbusd_etc_t (dir (ioctl read getattr lock open search)))
                                    (allow initrc_t dbusd_etc_t (file (ioctl read getattr lock open)))
                                    (allow initrc_t var_t (dir (getattr open search)))
                                    (allow initrc_t var_lib_t (dir (getattr open search)))
                                    (allow initrc_t system_dbusd_var_lib_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                    (allow initrc_t system_dbusd_var_lib_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                    (allow initrc_t init_t (dbus (send_msg)))
                                    (allow init_t initrc_t (dbus (send_msg)))
                                    (optional init_optional_48
                                        (typeattributeset cil_gen_require NetworkManager_t)
                                        (allow initrc_t NetworkManager_t (dbus (send_msg)))
                                        (allow NetworkManager_t initrc_t (dbus (send_msg)))
                                    )
                                    (optional init_optional_49
                                        (typeattributeset cil_gen_require policykit_t)
                                        (allow initrc_t policykit_t (dbus (send_msg)))
                                        (allow policykit_t initrc_t (dbus (send_msg)))
                                    )
                                )
                                (optional init_optional_50
                                    (typeattributeset cil_gen_require dovecot_var_lib_t)
                                    (dontaudit initrc_t dovecot_var_lib_t (file (getattr unlink)))
                                )
                                (optional init_optional_51
                                    (typeattributeset cil_gen_require etc_t)
                                    (typeattributeset cil_gen_require ftpd_etc_t)
                                    (allow initrc_t etc_t (dir (getattr open search)))
                                    (allow initrc_t ftpd_etc_t (file (ioctl read getattr lock open)))
                                )
                                (optional init_optional_52
                                    (typeattributeset cil_gen_require device_t)
                                    (typeattributeset cil_gen_require gpmctl_t)
                                    (allow initrc_t device_t (dir (getattr open search)))
                                    (allow initrc_t device_t (dir (ioctl read getattr lock open search)))
                                    (allow initrc_t device_t (dir (getattr open search)))
                                    (allow initrc_t device_t (lnk_file (read getattr)))
                                    (allow initrc_t gpmctl_t (sock_file (setattr)))
                                )
                                (optional init_optional_53
                                    (typeattributeset cil_gen_require modules_object_t)
                                    (typeattributeset cil_gen_require modules_dep_t)
                                    (allow initrc_t modules_object_t (dir (ioctl read getattr lock open search)))
                                    (allow initrc_t modules_object_t (dir (getattr open search)))
                                    (allow initrc_t modules_object_t (lnk_file (read getattr)))
                                    (allow initrc_t modules_dep_t (file (ioctl read getattr lock map open)))
                                )
                                (optional init_optional_54
                                    (typeattributeset cil_gen_require etc_t)
                                    (typeattributeset cil_gen_require innd_etc_t)
                                    (allow initrc_t etc_t (dir (getattr open search)))
                                    (allow initrc_t innd_etc_t (dir (getattr open search)))
                                    (allow initrc_t innd_etc_t (file (ioctl read getattr map execute open execute_no_trans)))
                                )
                                (optional init_optional_55
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require var_run_t)
                                    (typeattributeset cil_gen_require etc_t)
                                    (typeattributeset cil_gen_require ipsec_conf_file_t)
                                    (typeattributeset cil_gen_require ipsec_runtime_t)
                                    (allow initrc_t etc_t (dir (getattr open search)))
                                    (allow initrc_t ipsec_conf_file_t (file (ioctl read getattr lock open)))
                                    (allow initrc_t var_run_t (lnk_file (read getattr)))
                                    (allow initrc_t var_t (dir (getattr open search)))
                                    (allow initrc_t var_run_t (dir (getattr open search)))
                                    (allow initrc_t ipsec_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                    (allow initrc_t ipsec_runtime_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                )
                                (optional init_optional_56
                                    (typeattributeset cil_gen_require etc_t)
                                    (typeattributeset cil_gen_require iptables_conf_t)
                                    (allow initrc_t etc_t (dir (getattr open search)))
                                    (allow initrc_t iptables_conf_t (dir (ioctl read getattr lock open search)))
                                    (allow initrc_t iptables_conf_t (dir (getattr open search)))
                                    (allow initrc_t iptables_conf_t (file (ioctl read getattr lock open)))
                                )
                                (optional init_optional_57
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require var_lib_t)
                                    (typeattributeset cil_gen_require iscsid_t)
                                    (typeattributeset cil_gen_require iscsi_var_lib_t)
                                    (allow initrc_t var_t (dir (getattr open search)))
                                    (allow initrc_t var_lib_t (dir (getattr open search)))
                                    (allow initrc_t iscsi_var_lib_t (dir (getattr open search)))
                                    (allow initrc_t iscsi_var_lib_t (sock_file (write getattr append open)))
                                    (allow initrc_t iscsid_t (unix_stream_socket (connectto)))
                                    (allow initrc_t iscsi_var_lib_t (dir (getattr open search)))
                                    (allow initrc_t iscsi_var_lib_t (file (ioctl read getattr lock open)))
                                    (allow initrc_t iscsi_var_lib_t (dir (ioctl read getattr lock open search)))
                                    (allow initrc_t var_t (dir (getattr open search)))
                                    (allow initrc_t var_lib_t (dir (getattr open search)))
                                )
                                (optional init_optional_58
                                    (typeattributeset cil_gen_require security_t)
                                    (typeattributeset cil_gen_require selinux_config_t)
                                    (typeattributeset cil_gen_require etc_t)
                                    (typeattributeset cil_gen_require default_context_t)
                                    (typeattributeset cil_gen_require netlabel_peer_t)
                                    (typeattributeset cil_gen_require user_home_dir_t)
                                    (typeattributeset cil_gen_require home_root_t)
                                    (typeattributeset cil_gen_require krb5kdc_conf_t)
                                    (typeattributeset cil_gen_require krb5_host_rcache_t)
                                    (typeattributeset cil_gen_require krb5_conf_t)
                                    (typeattributeset cil_gen_require krb5_home_t)
                                    (typeattributeset cil_gen_require file_context_t)
                                    (typeattributeset cil_gen_require netif_t)
                                    (typeattributeset cil_gen_require node_t)
                                    (typeattributeset cil_gen_require kerberos_client_packet_t)
                                    (typeattributeset cil_gen_require kerberos_port_t)
                                    (typeattributeset cil_gen_require ocsp_client_packet_t)
                                    (typeattributeset cil_gen_require ocsp_port_t)
                                    (allow initrc_t etc_t (dir (getattr open search)))
                                    (allow initrc_t krb5_conf_t (file (ioctl read getattr lock open)))
                                    (allow initrc_t user_home_dir_t (dir (getattr open search)))
                                    (allow initrc_t home_root_t (dir (getattr open search)))
                                    (allow initrc_t home_root_t (lnk_file (read getattr)))
                                    (allow initrc_t krb5_home_t (file (ioctl read getattr lock open)))
                                    (dontaudit initrc_t krb5_conf_t (file (ioctl write getattr lock append open)))
                                    (dontaudit initrc_t krb5kdc_conf_t (dir (ioctl read getattr lock open search)))
                                    (dontaudit initrc_t krb5kdc_conf_t (file (ioctl read write getattr lock append open)))
                                    (dontaudit initrc_t self (process (setfscreate)))
                                    (dontaudit initrc_t security_t (dir (ioctl read getattr lock open search)))
                                    (dontaudit initrc_t security_t (file (ioctl read write getattr map open)))
                                    (dontaudit initrc_t security_t (security (check_context)))
                                    (dontaudit initrc_t selinux_config_t (dir (getattr open search)))
                                    (dontaudit initrc_t default_context_t (dir (getattr open search)))
                                    (dontaudit initrc_t file_context_t (dir (getattr open search)))
                                    (dontaudit initrc_t file_context_t (file (ioctl read getattr lock open)))
                                    (dontaudit initrc_t file_context_t (file (map)))
                                    (booleanif (allow_kerberos)
                                        (true
                                            (allow initrc_t krb5_host_rcache_t (file (getattr)))
                                            (allow initrc_t ocsp_port_t (tcp_socket (name_connect)))
                                            (allow initrc_t ocsp_client_packet_t (packet (recv)))
                                            (allow initrc_t ocsp_client_packet_t (packet (send)))
                                            (allow initrc_t kerberos_port_t (tcp_socket (name_connect)))
                                            (allow initrc_t kerberos_client_packet_t (packet (recv)))
                                            (allow initrc_t kerberos_client_packet_t (packet (send)))
                                            (allow initrc_t node_t (node (recvfrom)))
                                            (allow initrc_t node_t (node (sendto)))
                                            (allow initrc_t node_t (node (recvfrom sendto)))
                                            (allow initrc_t netif_t (netif (ingress)))
                                            (allow initrc_t netif_t (netif (egress)))
                                            (allow initrc_t netif_t (netif (ingress egress)))
                                            (allow initrc_t netlabel_peer_t (tcp_socket (recvfrom)))
                                            (allow initrc_t netlabel_peer_t (udp_socket (recvfrom)))
                                            (allow initrc_t netlabel_peer_t (rawip_socket (recvfrom)))
                                            (allow initrc_t netlabel_peer_t (peer (recv)))
                                            (allow initrc_t self (udp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                                            (allow initrc_t self (tcp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                                        )
                                    )
                                    (optional init_optional_59
                                        (typeattributeset cil_gen_require var_t)
                                        (typeattributeset cil_gen_require var_run_t)
                                        (typeattributeset cil_gen_require pcscd_t)
                                        (typeattributeset cil_gen_require pcscd_runtime_t)
                                        (booleanif (allow_kerberos)
                                            (true
                                                (allow pcscd_t initrc_t (file (ioctl read getattr lock open)))
                                                (allow pcscd_t initrc_t (dir (ioctl read getattr lock open search)))
                                                (allow initrc_t pcscd_t (unix_stream_socket (connectto)))
                                                (allow initrc_t pcscd_runtime_t (sock_file (write getattr append open)))
                                                (allow initrc_t pcscd_runtime_t (dir (getattr open search)))
                                                (allow initrc_t var_run_t (dir (getattr open search)))
                                                (allow initrc_t var_t (dir (getattr open search)))
                                                (allow initrc_t var_run_t (lnk_file (read getattr)))
                                            )
                                        )
                                    )
                                    (optional init_optional_60
                                        (typeattributeset cil_gen_require var_t)
                                        (typeattributeset cil_gen_require var_lib_t)
                                        (typeattributeset cil_gen_require sssd_var_lib_t)
                                        (typeattributeset cil_gen_require sssd_public_t)
                                        (allow initrc_t sssd_var_lib_t (dir (getattr open search)))
                                        (allow initrc_t var_t (dir (getattr open search)))
                                        (allow initrc_t var_lib_t (dir (getattr open search)))
                                        (allow initrc_t sssd_public_t (dir (ioctl read getattr lock open search)))
                                        (allow initrc_t sssd_public_t (dir (getattr open search)))
                                        (allow initrc_t sssd_public_t (file (ioctl read getattr lock open)))
                                    )
                                )
                                (optional init_optional_61
                                    (typeattributeset cil_gen_require etc_t)
                                    (typeattributeset cil_gen_require knot_conf_t)
                                    (allow initrc_t knot_conf_t (dir (getattr open search)))
                                    (allow initrc_t knot_conf_t (file (ioctl read getattr lock open)))
                                    (allow initrc_t etc_t (dir (getattr open search)))
                                )
                                (optional init_optional_62
                                    (typeattributeset cil_gen_require etc_t)
                                    (typeattributeset cil_gen_require slapd_etc_t)
                                    (typeattributeset cil_gen_require slapd_db_t)
                                    (allow initrc_t etc_t (dir (getattr open search)))
                                    (allow initrc_t slapd_etc_t (file (ioctl read getattr lock open)))
                                    (allow initrc_t etc_t (dir (getattr open search)))
                                    (allow initrc_t slapd_db_t (dir (ioctl read getattr lock open search)))
                                )
                                (optional init_optional_63
                                    (typeattributeset cil_gen_require bin_t)
                                    (typeattributeset cil_gen_require usr_t)
                                    (typeattributeset cil_gen_require loadkeys_exec_t)
                                    (allow initrc_t bin_t (dir (getattr open search)))
                                    (allow initrc_t bin_t (lnk_file (read getattr)))
                                    (allow initrc_t usr_t (dir (getattr open search)))
                                    (allow initrc_t loadkeys_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
                                )
                                (optional init_optional_64
                                    (typeattributeset cil_gen_require sulogin_exec_t)
                                    (typeattributeset cil_gen_require sulogin_t)
                                    (allow initrc_t sulogin_exec_t (file (ioctl read getattr map execute open)))
                                    (allow initrc_t sulogin_t (process (transition)))
                                    (dontaudit initrc_t sulogin_t (process (noatsecure siginh rlimitinh)))
                                    (typetransition initrc_t sulogin_exec_t process sulogin_t)
                                    (allow sulogin_t initrc_t (fd (use)))
                                    (allow sulogin_t initrc_t (fifo_file (ioctl read write getattr lock append)))
                                    (allow sulogin_t initrc_t (process (sigchld)))
                                )
                                (optional init_optional_65
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require var_spool_t)
                                    (typeattributeset cil_gen_require print_spool_t)
                                    (typeattributeset cil_gen_require printconf_t)
                                    (allow initrc_t var_t (dir (getattr open search)))
                                    (allow initrc_t var_spool_t (dir (getattr open search)))
                                    (allow initrc_t print_spool_t (dir (ioctl read getattr lock open search)))
                                    (allow initrc_t printconf_t (dir (ioctl read getattr lock open search)))
                                    (allow initrc_t printconf_t (dir (getattr open search)))
                                    (allow initrc_t printconf_t (file (ioctl read getattr lock open)))
                                    (allow init_t var_t (dir (getattr open search)))
                                    (allow init_t var_spool_t (dir (getattr open search)))
                                    (allow init_t print_spool_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                    (allow init_t print_spool_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                                    (allow init_t print_spool_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                    (allow init_t print_spool_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                    (allow init_t print_spool_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                    (allow init_t print_spool_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                                )
                                (optional init_optional_66
                                    (typeattributeset cil_gen_require device_t)
                                    (typeattributeset cil_gen_require etc_t)
                                    (typeattributeset cil_gen_require lvm_control_t)
                                    (typeattributeset cil_gen_require lvm_etc_t)
                                    (allow initrc_t device_t (dir (getattr open search)))
                                    (allow initrc_t lvm_control_t (chr_file (ioctl read getattr lock open)))
                                    (allow initrc_t self (capability (mknod)))
                                    (allow initrc_t device_t (dir (ioctl write getattr lock open add_name search)))
                                    (allow initrc_t device_t (chr_file (create getattr)))
                                    (allow initrc_t etc_t (dir (getattr open search)))
                                    (allow initrc_t lvm_etc_t (dir (ioctl read getattr lock open search)))
                                    (allow initrc_t lvm_etc_t (dir (getattr open search)))
                                    (allow initrc_t lvm_etc_t (file (ioctl read getattr lock open)))
                                )
                                (optional init_optional_67
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require var_spool_t)
                                    (typeattributeset cil_gen_require mailman_data_t)
                                    (allow initrc_t var_t (dir (getattr open search)))
                                    (allow initrc_t var_spool_t (dir (getattr open search)))
                                    (allow initrc_t mailman_data_t (dir (ioctl read getattr lock open search)))
                                    (allow initrc_t mailman_data_t (dir (getattr open search)))
                                    (allow initrc_t mailman_data_t (lnk_file (read getattr)))
                                )
                                (optional init_optional_68
                                    (typeattributeset cil_gen_require etc_t)
                                    (typeattributeset cil_gen_require modules_conf_t)
                                    (typeattributeset cil_gen_require boot_t)
                                    (allow initrc_t etc_t (dir (getattr open search)))
                                    (allow initrc_t boot_t (dir (getattr open search)))
                                    (allow initrc_t modules_conf_t (dir (ioctl read getattr lock open search)))
                                    (allow initrc_t modules_conf_t (file (ioctl read getattr lock open)))
                                    (allow initrc_t modules_conf_t (lnk_file (read getattr)))
                                )
                                (optional init_optional_69
                                    (typeattributeset cil_gen_require etc_t)
                                    (typeattributeset cil_gen_require etc_mail_t)
                                    (typeattributeset cil_gen_require mail_spool_t)
                                    (allow initrc_t etc_t (dir (getattr open search)))
                                    (allow initrc_t etc_mail_t (dir (ioctl read getattr lock open search)))
                                    (allow initrc_t etc_mail_t (file (ioctl read getattr lock open)))
                                    (allow initrc_t etc_mail_t (lnk_file (read getattr)))
                                    (allow initrc_t etc_t (dir (getattr open search)))
                                    (allow initrc_t etc_mail_t (dir (getattr open search)))
                                    (allow initrc_t etc_mail_t (file (ioctl write getattr lock append open)))
                                    (dontaudit initrc_t mail_spool_t (lnk_file (read)))
                                )
                                (optional init_optional_70
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require var_run_t)
                                    (typeattributeset cil_gen_require etc_t)
                                    (typeattributeset cil_gen_require var_log_t)
                                    (typeattributeset cil_gen_require mysqld_t)
                                    (typeattributeset cil_gen_require mysqld_runtime_t)
                                    (typeattributeset cil_gen_require mysqld_db_t)
                                    (typeattributeset cil_gen_require mysqld_log_t)
                                    (typeattributeset cil_gen_require mysqld_etc_t)
                                    (allow initrc_t var_run_t (lnk_file (read getattr)))
                                    (allow initrc_t var_t (dir (getattr open search)))
                                    (allow initrc_t var_run_t (dir (getattr open search)))
                                    (allow initrc_t mysqld_runtime_t (dir (getattr open search)))
                                    (allow initrc_t mysqld_db_t (dir (getattr open search)))
                                    (allow initrc_t mysqld_runtime_t (sock_file (write getattr append open)))
                                    (allow initrc_t mysqld_t (unix_stream_socket (connectto)))
                                    (allow initrc_t var_t (dir (getattr open search)))
                                    (allow initrc_t var_log_t (dir (getattr open search)))
                                    (allow initrc_t var_log_t (lnk_file (read getattr)))
                                    (allow initrc_t mysqld_log_t (dir (getattr open search)))
                                    (allow initrc_t mysqld_log_t (file (ioctl write getattr lock append open)))
                                    (allow initrc_t etc_t (dir (getattr open search)))
                                    (allow initrc_t mysqld_etc_t (dir (ioctl read getattr lock open search)))
                                    (allow initrc_t mysqld_etc_t (file (ioctl read getattr lock open)))
                                    (allow initrc_t mysqld_etc_t (lnk_file (read getattr)))
                                )
                                (optional init_optional_71
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require var_yp_t)
                                    (allow initrc_t var_t (dir (getattr open search)))
                                    (allow initrc_t var_yp_t (dir (ioctl read getattr lock open search)))
                                )
                                (optional init_optional_72
                                    (typeattributeset cil_gen_require etc_t)
                                    (typeattributeset cil_gen_require openvpn_etc_t)
                                    (allow initrc_t etc_t (dir (getattr open search)))
                                    (allow initrc_t openvpn_etc_t (dir (ioctl read getattr lock open search)))
                                    (allow initrc_t openvpn_etc_t (file (ioctl read getattr lock open)))
                                    (allow initrc_t openvpn_etc_t (lnk_file (read getattr)))
                                )
                                (optional init_optional_73
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require var_spool_t)
                                    (typeattributeset cil_gen_require plymouthd_t)
                                    (typeattributeset cil_gen_require plymouthd_spool_t)
                                    (allow initrc_t var_t (dir (getattr open search)))
                                    (allow initrc_t var_spool_t (dir (getattr open search)))
                                    (allow initrc_t plymouthd_spool_t (dir (getattr open search)))
                                    (allow initrc_t plymouthd_spool_t (sock_file (write getattr append open)))
                                    (allow initrc_t plymouthd_t (unix_stream_socket (connectto)))
                                )
                                (optional init_optional_74
                                    (typeattributeset cil_gen_require etc_t)
                                    (typeattributeset cil_gen_require postgresql_db_t)
                                    (typeattributeset cil_gen_require postgresql_etc_t)
                                    (allow initrc_t postgresql_db_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                    (allow initrc_t postgresql_db_t (file (ioctl read write getattr lock append open)))
                                    (allow initrc_t postgresql_db_t (lnk_file (read getattr)))
                                    (allow initrc_t etc_t (dir (getattr open search)))
                                    (allow initrc_t postgresql_etc_t (dir (ioctl read getattr lock open search)))
                                    (allow initrc_t postgresql_etc_t (file (ioctl read getattr lock open)))
                                    (allow initrc_t postgresql_etc_t (lnk_file (read getattr)))
                                )
                                (optional init_optional_75
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require var_spool_t)
                                    (typeattributeset cil_gen_require postfix_spool_t)
                                    (allow initrc_t var_t (dir (getattr open search)))
                                    (allow initrc_t var_spool_t (dir (getattr open search)))
                                    (allow initrc_t postfix_spool_t (dir (ioctl read getattr lock open search)))
                                )
                                (optional init_optional_76
                                    (typeattributeset cil_gen_require tmp_t)
                                    (typeattributeset cil_gen_require puppet_tmp_t)
                                    (allow initrc_t tmp_t (dir (getattr open search)))
                                    (allow initrc_t puppet_tmp_t (file (ioctl read write getattr lock append open)))
                                )
                                (optional init_optional_77
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require var_lib_t)
                                    (typeattributeset cil_gen_require quota_flag_t)
                                    (allow initrc_t var_t (dir (getattr open search)))
                                    (allow initrc_t var_lib_t (dir (getattr open search)))
                                    (allow initrc_t quota_flag_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                    (allow initrc_t quota_flag_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                )
                                (optional init_optional_78
                                    (typeattributeset cil_gen_require var_t)
                                    (typeattributeset cil_gen_require var_run_t)
                                    (typeattributeset cil_gen_require mdadm_runtime_t)
                                    (allow initrc_t var_run_t (lnk_file (read getattr)))
                                    (allow initrc_t var_t (dir (getattr open search)))
                                    (allow initrc_t var_run_t (dir (getattr open search)))
                                    (allow initrc_t mdadm_runtime_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                )
                                (optional init_optional_79
                                    (typeattributeset cil_gen_require ramfs_t)
                                    (allow initrc_t ramfs_t (dir (getattr open search)))
                                    (allow initrc_t ramfs_t (sock_file (write getattr append open)))
                                    (allow initrc_t ramfs_t (dir (getattr open search)))
                                    (optional init_optional_80
                                        (typeattributeset cil_gen_require var_t)
                                        (typeattributeset cil_gen_require var_run_t)
                                        (typeattributeset cil_gen_require ftpd_runtime_t)
                                        (allow initrc_t var_t (dir (getattr open search)))
                                        (allow initrc_t var_run_t (lnk_file (read getattr)))
                                        (allow initrc_t var_run_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                        (typetransition initrc_t var_run_t dir "pure-ftpd" ftpd_runtime_t)
                                    )
                                    (optional init_optional_81
                                        (typeattributeset cil_gen_require exports_t)
                                        (allow initrc_t exports_t (file (ioctl read getattr lock open)))
                                    )
                                    (optional init_optional_82
                                        (typeattributeset cil_gen_require pidfile)
                                        (typeattributeset pidfile (init_runtime_t initrc_runtime_t ))
                                        (typeattributeset cil_gen_require var_run_t)
                                        (typeattributeset cil_gen_require unlabeled_t)
                                        (dontaudit initrc_t unlabeled_t (blk_file (getattr)))
                                        (dontaudit initrc_t var_run_t (lnk_file (read getattr)))
                                        (dontaudit initrc_t pidfile (file (write)))
                                        (dontaudit initrc_t var_run_t (lnk_file (read getattr)))
                                        (dontaudit initrc_t pidfile (file (ioctl)))
                                        (optional init_optional_83
                                            (typeattributeset cil_gen_require var_t)
                                            (typeattributeset cil_gen_require var_run_t)
                                            (typeattributeset cil_gen_require etc_t)
                                            (typeattributeset cil_gen_require samba_etc_t)
                                            (typeattributeset cil_gen_require winbind_runtime_t)
                                            (typeattributeset cil_gen_require samba_runtime_t)
                                            (allow initrc_t etc_t (dir (getattr open search)))
                                            (allow initrc_t samba_etc_t (dir (getattr open search)))
                                            (allow initrc_t samba_etc_t (file (ioctl read write getattr lock append open)))
                                            (allow initrc_t var_run_t (lnk_file (read getattr)))
                                            (allow initrc_t var_t (dir (getattr open search)))
                                            (allow initrc_t var_run_t (dir (getattr open search)))
                                            (allow initrc_t winbind_runtime_t (dir (getattr open search)))
                                            (allow initrc_t samba_runtime_t (dir (getattr open search)))
                                            (allow initrc_t winbind_runtime_t (file (ioctl read getattr lock open)))
                                        )
                                        (optional init_optional_84
                                            (typeattributeset cil_gen_require var_t)
                                            (typeattributeset cil_gen_require var_lib_t)
                                            (typeattributeset cil_gen_require shorewall_t)
                                            (typeattributeset cil_gen_require shorewall_var_lib_t)
                                            (allow initrc_t var_t (dir (getattr open search)))
                                            (allow initrc_t var_lib_t (dir (getattr open search)))
                                            (allow initrc_t shorewall_var_lib_t (file (ioctl read getattr map execute open)))
                                            (allow initrc_t shorewall_t (process (transition)))
                                            (dontaudit initrc_t shorewall_t (process (noatsecure siginh rlimitinh)))
                                            (typetransition initrc_t shorewall_var_lib_t process shorewall_t)
                                            (allow shorewall_t initrc_t (fd (use)))
                                            (allow shorewall_t initrc_t (fifo_file (ioctl read write getattr lock append)))
                                            (allow shorewall_t initrc_t (process (sigchld)))
                                        )
                                        (optional init_optional_85
                                            (typeattributeset cil_gen_require var_t)
                                            (typeattributeset cil_gen_require etc_t)
                                            (typeattributeset cil_gen_require var_log_t)
                                            (typeattributeset cil_gen_require squid_conf_t)
                                            (typeattributeset cil_gen_require squid_log_t)
                                            (allow initrc_t etc_t (dir (getattr open search)))
                                            (allow initrc_t squid_conf_t (dir (getattr open search)))
                                            (allow initrc_t squid_conf_t (file (ioctl read getattr lock open)))
                                            (allow initrc_t var_t (dir (getattr open search)))
                                            (allow initrc_t var_log_t (dir (getattr open search)))
                                            (allow initrc_t var_log_t (lnk_file (read getattr)))
                                            (allow initrc_t squid_log_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                            (allow initrc_t squid_log_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                        )
                                        (optional init_optional_86
                                            (typeattributeset cil_gen_require var_t)
                                            (typeattributeset cil_gen_require var_run_t)
                                            (typeattributeset cil_gen_require sshd_key_t)
                                            (dontaudit initrc_t sshd_key_t (file (read getattr)))
                                            (allow initrc_t sshd_key_t (file (setattr)))
                                            (allow initrc_t var_run_t (lnk_file (read getattr)))
                                            (allow initrc_t var_t (dir (getattr open search)))
                                            (allow initrc_t var_run_t (dir (getattr open search)))
                                        )
                                        (optional init_optional_87
                                            (typeattributeset cil_gen_require etc_t)
                                            (typeattributeset cil_gen_require stunnel_etc_t)
                                            (allow initrc_t etc_t (dir (getattr open search)))
                                            (allow initrc_t stunnel_etc_t (dir (ioctl read getattr lock open search)))
                                            (allow initrc_t stunnel_etc_t (file (ioctl read getattr lock open)))
                                            (allow initrc_t stunnel_etc_t (lnk_file (read getattr)))
                                        )
                                        (optional init_optional_88
                                            (typeattributeset cil_gen_require dhcpc_state_t)
                                            (allow initrc_t dhcpc_state_t (dir (getattr open search)))
                                            (allow initrc_t dhcpc_state_t (file (ioctl read getattr lock open)))
                                        )
                                        (optional init_optional_89
                                            (typeattributeset cil_gen_require var_t)
                                            (typeattributeset cil_gen_require var_run_t)
                                            (typeattributeset cil_gen_require etc_t)
                                            (typeattributeset cil_gen_require var_lib_t)
                                            (typeattributeset cil_gen_require udev_runtime_t)
                                            (typeattributeset cil_gen_require udev_rules_t)
                                            (allow initrc_t var_run_t (lnk_file (read getattr)))
                                            (allow initrc_t var_t (dir (getattr open search)))
                                            (allow initrc_t var_run_t (dir (getattr open search)))
                                            (allow initrc_t udev_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                            (allow initrc_t udev_runtime_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                            (allow initrc_t var_t (dir (getattr open search)))
                                            (allow initrc_t var_lib_t (dir (getattr open search)))
                                            (allow initrc_t udev_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                            (allow initrc_t udev_runtime_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                                            (allow initrc_t udev_rules_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                            (allow initrc_t udev_rules_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                            (allow initrc_t etc_t (dir (getattr open search)))
                                            (allow initrc_t var_t (dir (getattr open search)))
                                            (allow initrc_t var_lib_t (dir (getattr open search)))
                                            (allow initrc_t udev_runtime_t (dir (getattr open search)))
                                            (allow initrc_t udev_runtime_t (dir (getattr open search)))
                                        )
                                        (optional init_optional_90
                                            (typeattributeset cil_gen_require uml_switch_runtime_t)
                                            (allow initrc_t uml_switch_runtime_t (sock_file (setattr)))
                                        )
                                        (optional init_optional_91
                                            (typeattributeset cil_gen_require var_t)
                                            (typeattributeset cil_gen_require var_run_t)
                                            (typeattributeset cil_gen_require virtd_t)
                                            (typeattributeset cil_gen_require virt_runtime_t)
                                            (typeattributeset cil_gen_require virt_cache_t)
                                            (allow initrc_t var_run_t (lnk_file (read getattr)))
                                            (allow initrc_t var_t (dir (getattr open search)))
                                            (allow initrc_t var_run_t (dir (getattr open search)))
                                            (allow initrc_t virt_runtime_t (dir (getattr open search)))
                                            (allow initrc_t virt_runtime_t (sock_file (write getattr append open)))
                                            (allow initrc_t virtd_t (unix_stream_socket (connectto)))
                                            (allow initrc_t var_t (dir (getattr open search)))
                                            (allow initrc_t virt_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                            (allow initrc_t virt_cache_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                                            (allow initrc_t virt_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                            (allow initrc_t virt_cache_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                            (allow initrc_t virt_cache_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                            (allow initrc_t virt_cache_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                                        )
                                        (optional init_optional_92
                                            (typeattributeset cil_gen_require domain)
                                            (typeattributeset domain (init_t initrc_t ))
                                            (typeattributeset cil_gen_require etc_t)
                                            (typeattributeset cil_gen_require unconfined_t)
                                            (typeattributeset cil_gen_require kern_unconfined)
                                            (typeattributeset cil_gen_require can_load_kernmodule)
                                            (typeattributeset cil_gen_require corenet_unconfined_type)
                                            (typeattributeset cil_gen_require devices_unconfined_type)
                                            (typeattributeset cil_gen_require set_curr_context)
                                            (typeattributeset cil_gen_require can_change_object_identity)
                                            (typeattributeset can_change_object_identity (initrc_t ))
                                            (typeattributeset cil_gen_require unconfined_domain_type)
                                            (typeattributeset cil_gen_require process_uncond_exempt)
                                            (typeattributeset cil_gen_require files_unconfined_type)
                                            (typeattributeset cil_gen_require filesystem_unconfined_type)
                                            (typeattributeset cil_gen_require selinux_unconfined_type)
                                            (typeattributeset cil_gen_require can_change_process_role)
                                            (typeattributeset cil_gen_require corenet_unconfined_type)
                                            (typeattributeset corenet_unconfined_type (initrc_t ))
                                            (typeattributeset cil_gen_require process_uncond_exempt)
                                            (typeattributeset process_uncond_exempt (initrc_t ))
                                            (typeattributeset cil_gen_require unconfined_domain_type)
                                            (typeattributeset unconfined_domain_type (initrc_t ))
                                            (typeattributeset cil_gen_require can_load_kernmodule)
                                            (typeattributeset can_load_kernmodule (initrc_t ))
                                            (typeattributeset cil_gen_require filesystem_unconfined_type)
                                            (typeattributeset filesystem_unconfined_type (initrc_t ))
                                            (typeattributeset cil_gen_require set_curr_context)
                                            (typeattributeset set_curr_context (initrc_t ))
                                            (typeattributeset cil_gen_require can_change_process_role)
                                            (typeattributeset can_change_process_role (initrc_t ))
                                            (typeattributeset cil_gen_require devices_unconfined_type)
                                            (typeattributeset devices_unconfined_type (initrc_t ))
                                            (typeattributeset cil_gen_require files_unconfined_type)
                                            (typeattributeset files_unconfined_type (initrc_t ))
                                            (typeattributeset cil_gen_require kern_unconfined)
                                            (typeattributeset kern_unconfined (initrc_t ))
                                            (typeattributeset cil_gen_require can_change_object_identity)
                                            (typeattributeset can_change_object_identity (initrc_t ))
                                            (typeattributeset cil_gen_require selinux_unconfined_type)
                                            (typeattributeset selinux_unconfined_type (initrc_t ))
                                            (allow initrc_t self (capability (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
                                            (allow initrc_t self (cap_userns (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap)))
                                            (allow initrc_t self (capability2 (syslog wake_alarm perfmon bpf)))
                                            (allow initrc_t self (cap2_userns (syslog wake_alarm perfmon bpf)))
                                            (allow initrc_t self (fifo_file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                            (allow initrc_t self (cap_userns (chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write setfcap)))
                                            (allow initrc_t self (cap2_userns (mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon bpf)))
                                            (allow initrc_t self (process (transition)))
                                            (allow initrc_t self (file (ioctl read write getattr lock append open)))
                                            (allow initrc_t self (anon_inode (read write create map)))
                                            (allow initrc_t self (nscd (getgrp gethost getpwd shmemgrp shmemhost shmempwd getserv shmemserv getstat admin)))
                                            (allow initrc_t self (dbus (send_msg acquire_svc)))
                                            (allow initrc_t self (passwd (rootok passwd chfn chsh crontab)))
                                            (allow initrc_t self (association (sendto recvfrom setcontext polmatch)))
                                            (dontaudit initrc_t domain (dir (ioctl read getattr lock open search)))
                                            (dontaudit initrc_t domain (lnk_file (read getattr)))
                                            (dontaudit initrc_t domain (file (ioctl read getattr lock open)))
                                            (dontaudit initrc_t domain (sock_file (read getattr open)))
                                            (dontaudit initrc_t domain (fifo_file (ioctl read getattr lock open)))
                                            (dontaudit initrc_t domain (process (ptrace)))
                                            (allow initrc_t etc_t (service (status)))
                                            (allow initrc_t etc_t (service (start)))
                                            (allow initrc_t etc_t (service (stop)))
                                            (booleanif (allow_execstack)
                                                (true
                                                    (allow initrc_t self (process (execmem execstack)))
                                                )
                                            )
                                            (booleanif (allow_execmem)
                                                (true
                                                    (allow initrc_t self (process (execmem)))
                                                )
                                            )
                                            (booleanif (allow_execheap)
                                                (true
                                                    (allow initrc_t self (process (execheap)))
                                                    (auditallow initrc_t self (process (execheap)))
                                                )
                                            )
                                            (optional init_optional_93
                                                (typeattributeset cil_gen_require can_read_shadow_passwords)
                                                (typeattributeset cil_gen_require can_write_shadow_passwords)
                                                (typeattributeset cil_gen_require can_relabelto_shadow_passwords)
                                                (typeattributeset cil_gen_require can_write_shadow_passwords)
                                                (typeattributeset can_write_shadow_passwords (initrc_t ))
                                                (typeattributeset cil_gen_require can_read_shadow_passwords)
                                                (typeattributeset can_read_shadow_passwords (initrc_t ))
                                                (typeattributeset cil_gen_require can_relabelto_shadow_passwords)
                                                (typeattributeset can_relabelto_shadow_passwords (initrc_t ))
                                            )
                                            (optional init_optional_94
                                                (typeattributeset cil_gen_require dbusd_unconfined)
                                                (typeattributeset cil_gen_require dbusd_unconfined)
                                                (typeattributeset dbusd_unconfined (initrc_t ))
                                            )
                                            (optional init_optional_95
                                                (typeattributeset cil_gen_require ipsec_spd_t)
                                                (allow initrc_t ipsec_spd_t (association (setcontext)))
                                                (allow initrc_t ipsec_spd_t (association (polmatch)))
                                                (allow initrc_t self (association (sendto)))
                                            )
                                            (optional init_optional_96
                                                (typeattributeset cil_gen_require nscd_t)
                                                (allow initrc_t nscd_t (nscd (getgrp gethost getpwd shmemgrp shmemhost shmempwd getserv shmemserv getstat admin)))
                                            )
                                            (optional init_optional_97
                                                (typeattributeset cil_gen_require sepgsql_unconfined_type)
                                                (typeattributeset cil_gen_require sepgsql_unconfined_type)
                                                (typeattributeset sepgsql_unconfined_type (initrc_t ))
                                            )
                                            (optional init_optional_98
                                                (typeattributeset cil_gen_require selinux_config_t)
                                                (typeattributeset cil_gen_require etc_t)
                                                (typeattributeset cil_gen_require policy_config_t)
                                                (typeattributeset cil_gen_require can_relabelto_binary_policy)
                                                (typeattributeset cil_gen_require can_relabelto_binary_policy)
                                                (typeattributeset can_relabelto_binary_policy (initrc_t ))
                                                (allow initrc_t etc_t (dir (getattr open search)))
                                                (allow initrc_t selinux_config_t (dir (getattr open search)))
                                                (allow initrc_t policy_config_t (dir (ioctl write getattr lock open add_name search)))
                                                (allow initrc_t policy_config_t (file (create getattr open)))
                                                (allow initrc_t policy_config_t (dir (getattr open search)))
                                                (allow initrc_t policy_config_t (file (ioctl write getattr lock append open)))
                                                (allow initrc_t policy_config_t (file (relabelto)))
                                            )
                                            (optional init_optional_99
                                                (typeattributeset cil_gen_require storage_unconfined_type)
                                                (typeattributeset cil_gen_require storage_unconfined_type)
                                                (typeattributeset storage_unconfined_type (initrc_t ))
                                            )
                                            (optional init_optional_100
                                                (typeattributeset cil_gen_require x_domain)
                                                (typeattributeset cil_gen_require xserver_unconfined_type)
                                                (typeattributeset cil_gen_require x_domain)
                                                (typeattributeset x_domain (initrc_t ))
                                                (typeattributeset cil_gen_require xserver_unconfined_type)
                                                (typeattributeset xserver_unconfined_type (initrc_t ))
                                            )
                                            (optional init_optional_101
                                                (typeattributeset cil_gen_require bin_t)
                                                (typeattributeset cil_gen_require usr_t)
                                                (typeattributeset cil_gen_require mono_t)
                                                (typeattributeset cil_gen_require mono_exec_t)
                                                (allow initrc_t bin_t (dir (getattr open search)))
                                                (allow initrc_t bin_t (lnk_file (read getattr)))
                                                (allow initrc_t usr_t (dir (getattr open search)))
                                                (allow initrc_t mono_exec_t (file (ioctl read getattr map execute open)))
                                                (allow initrc_t mono_t (process (transition)))
                                                (dontaudit initrc_t mono_t (process (noatsecure siginh rlimitinh)))
                                                (typetransition initrc_t mono_exec_t process mono_t)
                                                (allow mono_t initrc_t (fd (use)))
                                                (allow mono_t initrc_t (fifo_file (ioctl read write getattr lock append)))
                                                (allow mono_t initrc_t (process (sigchld)))
                                            )
                                            (optional init_optional_102
                                                (typeattributeset cil_gen_require proc_t)
                                                (typeattributeset cil_gen_require rtkit_daemon_t)
                                                (allow rtkit_daemon_t initrc_t (process (getsched setsched)))
                                                (allow initrc_t proc_t (dir (getattr open search)))
                                                (allow initrc_t proc_t (dir (getattr open search)))
                                                (allow rtkit_daemon_t initrc_t (dir (ioctl read getattr lock open search)))
                                                (allow rtkit_daemon_t initrc_t (file (ioctl read getattr lock open)))
                                                (allow rtkit_daemon_t initrc_t (lnk_file (read getattr)))
                                                (allow rtkit_daemon_t initrc_t (process (getattr)))
                                                (optional init_optional_103
                                                    (typeattributeset cil_gen_require rtkit_daemon_t)
                                                    (allow initrc_t rtkit_daemon_t (dbus (send_msg)))
                                                    (allow rtkit_daemon_t initrc_t (dbus (send_msg)))
                                                )
                                            )
                                        )
                                        (optional init_optional_104
                                            (typeattributeset cil_gen_require var_t)
                                            (typeattributeset cil_gen_require var_lib_t)
                                            (typeattributeset cil_gen_require rpm_var_lib_t)
                                            (allow initrc_t var_t (dir (getattr open search)))
                                            (allow initrc_t var_lib_t (dir (getattr open search)))
                                            (allow initrc_t rpm_var_lib_t (dir (ioctl read getattr lock open search)))
                                            (allow initrc_t rpm_var_lib_t (dir (getattr open search)))
                                            (allow initrc_t rpm_var_lib_t (file (ioctl read getattr lock open)))
                                            (allow initrc_t rpm_var_lib_t (dir (getattr open search)))
                                            (allow initrc_t rpm_var_lib_t (lnk_file (read getattr)))
                                            (allow initrc_t rpm_var_lib_t (file (map)))
                                            (allow initrc_t var_t (dir (getattr open search)))
                                            (allow initrc_t var_lib_t (dir (getattr open search)))
                                            (allow initrc_t rpm_var_lib_t (dir (ioctl write getattr lock open remove_name search)))
                                            (allow initrc_t rpm_var_lib_t (file (getattr unlink)))
                                        )
                                        (optional init_optional_105
                                            (typeattributeset cil_gen_require etc_t)
                                            (typeattributeset cil_gen_require vmware_sys_conf_t)
                                            (allow initrc_t etc_t (dir (getattr open search)))
                                            (allow initrc_t vmware_sys_conf_t (file (ioctl read getattr lock open)))
                                            (allow initrc_t etc_t (dir (getattr open search)))
                                            (allow initrc_t vmware_sys_conf_t (file (ioctl getattr lock append open)))
                                        )
                                        (optional init_optional_106
                                            (typeattributeset cil_gen_require tmp_t)
                                            (typeattributeset cil_gen_require usr_t)
                                            (typeattributeset cil_gen_require lib_t)
                                            (typeattributeset cil_gen_require fonts_t)
                                            (typeattributeset cil_gen_require xfs_tmp_t)
                                            (allow initrc_t usr_t (dir (getattr open search)))
                                            (allow initrc_t lib_t (dir (getattr open search)))
                                            (allow initrc_t fonts_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                            (allow initrc_t fonts_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
                                            (allow initrc_t fonts_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                            (allow initrc_t fonts_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                            (allow initrc_t fonts_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                            (allow initrc_t fonts_t (lnk_file (ioctl read write create getattr setattr lock append unlink link rename)))
                                            (allow initrc_t tmp_t (dir (getattr open search)))
                                            (allow initrc_t xfs_tmp_t (dir (getattr open search)))
                                            (allow initrc_t xfs_tmp_t (sock_file (read getattr open)))
                                        )
                                        (optional init_optional_107
                                            (typeattributeset cil_gen_require etc_t)
                                            (typeattributeset cil_gen_require xconsole_device_t)
                                            (typeattributeset cil_gen_require xdm_rw_etc_t)
                                            (allow initrc_t xconsole_device_t (fifo_file (setattr)))
                                            (allow initrc_t etc_t (dir (getattr open search)))
                                            (allow initrc_t xdm_rw_etc_t (file (ioctl read getattr lock open)))
                                        )
                                        (optional init_optional_108
                                            (typeattributeset cil_gen_require etc_t)
                                            (typeattributeset cil_gen_require zebra_conf_t)
                                            (allow initrc_t etc_t (dir (getattr open search)))
                                            (allow initrc_t zebra_conf_t (dir (ioctl read getattr lock open search)))
                                            (allow initrc_t zebra_conf_t (file (ioctl read getattr lock open)))
                                            (allow initrc_t zebra_conf_t (lnk_file (read getattr)))
                                        )
                                        (optional init_optional_109
                                            (typeattributeset cil_gen_require var_t)
                                            (typeattributeset cil_gen_require var_lib_t)
                                            (typeattributeset cil_gen_require alsa_var_lib_t)
                                            (allow initrc_t var_t (dir (getattr open search)))
                                            (allow initrc_t var_lib_t (dir (getattr open search)))
                                            (allow initrc_t alsa_var_lib_t (dir (getattr open search)))
                                            (allow initrc_t alsa_var_lib_t (file (ioctl write getattr lock append open)))
                                            (allow initrc_t alsa_var_lib_t (dir (getattr open search)))
                                            (allow initrc_t alsa_var_lib_t (dir (ioctl write getattr lock open add_name remove_name search)))
                                        )
                                        (optional init_optional_110
                                            (typeattributeset cil_gen_require mysqld_runtime_t)
                                            (allow initrc_t mysqld_runtime_t (dir (getattr open search)))
                                            (allow initrc_t mysqld_runtime_t (dir (setattr)))
                                        )
                                        (optional init_optional_111
                                            (typeattributeset cil_gen_require var_t)
                                            (typeattributeset cil_gen_require var_run_t)
                                            (typeattributeset cil_gen_require NetworkManager_t)
                                            (typeattributeset cil_gen_require NetworkManager_runtime_t)
                                            (allow initrc_t NetworkManager_t (rawip_socket (read write)))
                                            (allow initrc_t var_run_t (lnk_file (read getattr)))
                                            (allow initrc_t var_t (dir (getattr open search)))
                                            (allow initrc_t var_run_t (dir (getattr open search)))
                                            (allow initrc_t NetworkManager_runtime_t (dir (getattr open search)))
                                            (allow initrc_t NetworkManager_runtime_t (sock_file (write getattr append open)))
                                            (allow initrc_t NetworkManager_t (unix_stream_socket (connectto)))
                                        )
                                        (optional init_optional_112
                                            (typeattributeset cil_gen_require var_t)
                                            (typeattributeset cil_gen_require var_run_t)
                                            (typeattributeset cil_gen_require fail2ban_t)
                                            (typeattributeset cil_gen_require fail2ban_runtime_t)
                                            (allow initrc_t var_run_t (lnk_file (read getattr)))
                                            (allow initrc_t var_t (dir (getattr open search)))
                                            (allow initrc_t var_run_t (dir (getattr open search)))
                                            (allow initrc_t fail2ban_runtime_t (dir (getattr open search)))
                                            (allow initrc_t fail2ban_runtime_t (sock_file (write getattr append open)))
                                            (allow initrc_t fail2ban_t (unix_stream_socket (connectto)))
                                        )
                                        (optional init_optional_113
                                            (typeattributeset cil_gen_require var_t)
                                            (typeattributeset cil_gen_require var_lib_t)
                                            (typeattributeset cil_gen_require var_lib_nfs_t)
                                            (allow initrc_t var_t (dir (getattr open search)))
                                            (allow initrc_t var_lib_t (dir (getattr open search)))
                                            (allow initrc_t var_lib_nfs_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                            (allow initrc_t var_lib_nfs_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
                                            (allow initrc_t var_lib_nfs_t (dir (getattr open search)))
                                            (allow initrc_t var_lib_nfs_t (dir (ioctl write getattr lock open add_name remove_name search)))
                                        )
                                        (optional init_optional_114
                                            (typeattributeset cil_gen_require udev_runtime_t)
                                            (typeattributeset cil_gen_require udev_rules_t)
                                            (allow initrc_t udev_runtime_t (dir (ioctl write getattr lock open add_name search)))
                                            (allow initrc_t udev_rules_t (dir (create getattr)))
                                            (allow initrc_t udev_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
                                            (typetransition initrc_t udev_runtime_t dir "rules.d" udev_rules_t)
                                        )
                                        (optional init_optional_115
                                            (typeattributeset cil_gen_require unconfined_t)
                                            (dontaudit daemon unconfined_t (fifo_file (ioctl read write getattr lock append open)))
                                            (dontaudit daemon unconfined_t (unix_stream_socket (ioctl read write getattr setattr append bind connect getopt setopt shutdown)))
                                        )
                                        (optional init_optional_116
                                            (typeattributeset cil_gen_require user_devpts_t)
                                            (typeattributeset cil_gen_require user_tty_device_t)
                                            (typeattributeset cil_gen_require userdomain)
                                            (typeattributeset cil_gen_require user_tmp_t)
                                            (dontaudit daemon userdomain (unix_stream_socket (ioctl read write getattr setattr append bind connect getopt setopt shutdown)))
                                            (dontaudit daemon user_tmp_t (file (ioctl read getattr lock open)))
                                            (dontaudit daemon user_tmp_t (file (write)))
                                            (dontaudit daemon user_tty_device_t (chr_file (ioctl read write getattr append open)))
                                            (dontaudit daemon user_devpts_t (chr_file (ioctl read write getattr append open)))
                                            (optional init_optional_117
                                                (typeattributeset cil_gen_require user_home_dir_t)
                                                (typeattributeset cil_gen_require user_devpts_t)
                                                (typeattributeset cil_gen_require user_tty_device_t)
                                                (typeattributeset cil_gen_require userdomain)
                                                (typeattributeset cil_gen_require user_tmp_t)
                                                (dontaudit systemprocess user_home_dir_t (dir (getattr open search)))
                                                (dontaudit systemprocess userdomain (unix_stream_socket (ioctl read write getattr setattr append bind connect getopt setopt shutdown)))
                                                (dontaudit systemprocess user_tmp_t (file (write)))
                                                (dontaudit systemprocess user_tty_device_t (chr_file (ioctl read write getattr append open)))
                                                (dontaudit systemprocess user_devpts_t (chr_file (ioctl read write getattr append open)))
                                            )
                                        )
                                    )
                                )
                            )
                        )
                    )
                )
            )
        )
    )
)
(filecon "/etc/rc\.d/rc" file (system_u object_r initrc_exec_t (systemlow systemlow)))
(filecon "/etc/rc\.d/rc\.[^/]+" file (system_u object_r initrc_exec_t (systemlow systemlow)))
(filecon "/etc/rc\.d/init\.d/.*" file (system_u object_r initrc_exec_t (systemlow systemlow)))
(filecon "/etc/sysconfig/network-scripts/ifup-ipsec" file (system_u object_r initrc_exec_t (systemlow systemlow)))
(filecon "/etc/X11/prefdm" file (system_u object_r initrc_exec_t (systemlow systemlow)))
(filecon "/etc/vmware/init\.d/vmware" file (system_u object_r initrc_exec_t (systemlow systemlow)))
(filecon "/etc/x11/startDM\.sh" file (system_u object_r initrc_exec_t (systemlow systemlow)))
(filecon "/dev/initctl" pipe (system_u object_r initctl_t (systemlow systemlow)))
(filecon "/etc/containers/systemd(/.*)?" any (system_u object_r systemd_unit_t (systemlow systemlow)))
(filecon "/usr/bin/init(ng)?" file (system_u object_r init_exec_t (systemlow systemlow)))
(filecon "/usr/bin/open_init_pty" file (system_u object_r initrc_exec_t (systemlow systemlow)))
(filecon "/usr/bin/sepg_ctl" file (system_u object_r initrc_exec_t (systemlow systemlow)))
(filecon "/usr/bin/systemd" file (system_u object_r init_exec_t (systemlow systemlow)))
(filecon "/usr/bin/upstart" file (system_u object_r init_exec_t (systemlow systemlow)))
(filecon "/usr/lib/dracut/modules\.d/[^/]+/.*\.service" file (system_u object_r systemd_unit_t (systemlow systemlow)))
(filecon "/usr/lib/systemd/systemd" file (system_u object_r init_exec_t (systemlow systemlow)))
(filecon "/usr/lib/systemd/systemd-executor" file (system_u object_r init_exec_t (systemlow systemlow)))
(filecon "/usr/lib/systemd/systemd-shutdown" file (system_u object_r init_exec_t (systemlow systemlow)))
(filecon "/usr/lib/systemd/systemd-oomd" file (system_u object_r init_exec_t (systemlow systemlow)))
(filecon "/usr/lib/systemd/system-preset(/.*)?" any (system_u object_r systemd_unit_t (systemlow systemlow)))
(filecon "/usr/lib/systemd/user-preset(/.*)?" any (system_u object_r systemd_unit_t (systemlow systemlow)))
(filecon "/usr/lib/systemd/ntp-units\.d" dir (system_u object_r systemd_unit_t (systemlow systemlow)))
(filecon "/usr/lib/systemd/system(/.*)?" any (system_u object_r systemd_unit_t (systemlow systemlow)))
(filecon "/usr/share/containers/systemd(/.*)?" any (system_u object_r systemd_unit_t (systemlow systemlow)))
(filecon "/run/systemd/transient(/.*)?" any (system_u object_r systemd_transient_unit_t (systemlow systemlow)))
(filecon "/usr/libexec/dcc/start-.*" file (system_u object_r initrc_exec_t (systemlow systemlow)))
(filecon "/usr/libexec/dcc/stop-.*" file (system_u object_r initrc_exec_t (systemlow systemlow)))
(filecon "/usr/sbin/init(ng)?" file (system_u object_r init_exec_t (systemlow systemlow)))
(filecon "/usr/sbin/open_init_pty" file (system_u object_r initrc_exec_t (systemlow systemlow)))
(filecon "/usr/sbin/upstart" file (system_u object_r init_exec_t (systemlow systemlow)))
(filecon "/usr/bin/rc" file (system_u object_r rc_exec_t (systemlow systemlow)))
(filecon "/usr/bin/openrc" file (system_u object_r rc_exec_t (systemlow systemlow)))
(filecon "/usr/bin/openrc-init" file (system_u object_r init_exec_t (systemlow systemlow)))
(filecon "/usr/bin/openrc-shutdown" file (system_u object_r init_exec_t (systemlow systemlow)))
(filecon "/usr/lib/rc/cache(/.*)?" any (system_u object_r initrc_state_t (systemlow systemlow)))
(filecon "/usr/lib/rc/console(/.*)?" any (system_u object_r initrc_state_t (systemlow systemlow)))
(filecon "/usr/lib/rc/init\.d(/.*)?" any (system_u object_r initrc_state_t (systemlow systemlow)))
(filecon "/usr/sbin/rc" file (system_u object_r rc_exec_t (systemlow systemlow)))
(filecon "/usr/sbin/openrc" file (system_u object_r rc_exec_t (systemlow systemlow)))
(filecon "/usr/sbin/openrc-init" file (system_u object_r init_exec_t (systemlow systemlow)))
(filecon "/usr/sbin/openrc-shutdown" file (system_u object_r init_exec_t (systemlow systemlow)))
(filecon "/var/lib/random-seed" file (system_u object_r init_random_seed_t (systemlow systemlow)))
(filecon "/var/lib/systemd(/.*)?" any (system_u object_r init_var_lib_t (systemlow systemlow)))
(filecon "/run/initctl" pipe (system_u object_r initctl_t (systemlow systemlow)))
(filecon "/run/kerneloops\.pid" file (system_u object_r initrc_runtime_t (systemlow systemlow)))
(filecon "/run/utmp" file (system_u object_r initrc_runtime_t (systemlow systemlow)))
(filecon "/run/runlevel\.dir" any (system_u object_r initrc_runtime_t (systemlow systemlow)))
(filecon "/run/random-seed" file (system_u object_r init_random_seed_t (systemlow systemlow)))
(filecon "/run/setmixer_flag" file (system_u object_r initrc_runtime_t (systemlow systemlow)))
(filecon "/run/systemd(/.*)?" any (system_u object_r init_runtime_t (systemlow systemlow)))
(filecon "/run/wd_keepalive\.pid" file (system_u object_r initrc_runtime_t (systemlow systemlow)))
(filecon "/var/lib/init\.d(/.*)?" any (system_u object_r initrc_state_t (systemlow systemlow)))
(filecon "/run/openrc(/.*)?" any (system_u object_r initrc_state_t (systemlow systemlow)))
(filecon "/run/svscan\.pid" file (system_u object_r initrc_runtime_t (systemlow systemlow)))
