1 class security 2 class process 3 class system 4 class capability 5 class filesystem 6 class file 7 class dir 8 class fd 9 class lnk_file 10 class chr_file 11 class blk_file 12 class sock_file 13 class fifo_file 14 class socket 15 class tcp_socket 16 class udp_socket 17 class rawip_socket 18 class node 19 class netif 20 class netlink_socket 21 class packet_socket 22 class key_socket 23 class unix_stream_socket 24 class unix_dgram_socket 25 class sem 26 class msg 27 class msgq 28 class shm 29 class ipc 30 class passwd # userspace 31 class drawable # userspace 32 class window # userspace 33 class gc # userspace 34 class font # userspace 35 class colormap # userspace 36 class property # userspace 37 class cursor # userspace 38 class xclient # userspace 39 class xinput # userspace 40 class xserver # userspace 41 class xextension # userspace 42 class pax 43 class netlink_route_socket 44 class netlink_firewall_socket 45 class netlink_tcpdiag_socket 46 class netlink_nflog_socket 47 class netlink_xfrm_socket 48 class netlink_selinux_socket 49 class netlink_audit_socket 50 class netlink_ip6fw_socket 51 class netlink_dnrt_socket 52 class dbus # userspace 53 class nscd # userspace 54 class association 55 class netlink_kobject_uevent_socket 56 sid kernel 57 sid security 58 sid unlabeled 59 sid fs 60 sid file 61 sid file_labels 62 sid init 63 sid any_socket 64 sid port 65 sid netif 66 sid netmsg 67 sid node 68 sid igmp_packet 69 sid icmp_socket 70 sid tcp_socket 71 sid sysctl_modprobe 72 sid sysctl 73 sid sysctl_fs 74 sid sysctl_kernel 75 sid sysctl_net 76 sid sysctl_net_unix 77 sid sysctl_vm 78 sid sysctl_dev 79 sid kmod 80 sid policy 81 sid scmp_packet 82 sid devnull 83 common file 84 { 85 ioctl 86 read 87 write 88 create 89 getattr 90 setattr 91 lock 92 relabelfrom 93 relabelto 94 append 95 unlink 96 link 97 rename 98 execute 99 swapon 100 quotaon 101 mounton 102 } 103 common socket 104 { 105 ioctl 106 read 107 write 108 create 109 getattr 110 setattr 111 lock 112 relabelfrom 113 relabelto 114 append 115 bind 116 connect 117 listen 118 accept 119 getopt 120 setopt 121 shutdown 122 recvfrom 123 sendto 124 recv_msg 125 send_msg 126 name_bind 127 } 128 common ipc 129 { 130 create 131 destroy 132 getattr 133 setattr 134 read 135 write 136 associate 137 unix_read 138 unix_write 139 } 140 class filesystem 141 { 142 mount 143 remount 144 unmount 145 getattr 146 relabelfrom 147 relabelto 148 transition 149 associate 150 quotamod 151 quotaget 152 } 153 class dir 154 inherits file 155 { 156 add_name 157 remove_name 158 reparent 159 search 160 rmdir 161 } 162 class file 163 inherits file 164 { 165 execute_no_trans 166 entrypoint 167 execmod 168 } 169 class lnk_file 170 inherits file 171 class chr_file 172 inherits file 173 { 174 execute_no_trans 175 entrypoint 176 execmod 177 } 178 class blk_file 179 inherits file 180 class sock_file 181 inherits file 182 class fifo_file 183 inherits file 184 class fd 185 { 186 use 187 } 188 class socket 189 inherits socket 190 class tcp_socket 191 inherits socket 192 { 193 connectto 194 newconn 195 acceptfrom 196 node_bind 197 name_connect 198 } 199 class udp_socket 200 inherits socket 201 { 202 node_bind 203 } 204 class rawip_socket 205 inherits socket 206 { 207 node_bind 208 } 209 class node 210 { 211 tcp_recv 212 tcp_send 213 udp_recv 214 udp_send 215 rawip_recv 216 rawip_send 217 enforce_dest 218 } 219 class netif 220 { 221 tcp_recv 222 tcp_send 223 udp_recv 224 udp_send 225 rawip_recv 226 rawip_send 227 } 228 class netlink_socket 229 inherits socket 230 class packet_socket 231 inherits socket 232 class key_socket 233 inherits socket 234 class unix_stream_socket 235 inherits socket 236 { 237 connectto 238 newconn 239 acceptfrom 240 } 241 class unix_dgram_socket 242 inherits socket 243 class process 244 { 245 fork 246 transition 247 sigchld # commonly granted from child to parent 248 sigkill # cannot be caught or ignored 249 sigstop # cannot be caught or ignored 250 signull # for kill(pid, 0) 251 signal # all other signals 252 ptrace 253 getsched 254 setsched 255 getsession 256 getpgid 257 setpgid 258 getcap 259 setcap 260 share 261 getattr 262 setexec 263 setfscreate 264 noatsecure 265 siginh 266 setrlimit 267 rlimitinh 268 dyntransition 269 setcurrent 270 execmem 271 execstack 272 execheap 273 } 274 class ipc 275 inherits ipc 276 class sem 277 inherits ipc 278 class msgq 279 inherits ipc 280 { 281 enqueue 282 } 283 class msg 284 { 285 send 286 receive 287 } 288 class shm 289 inherits ipc 290 { 291 lock 292 } 293 class security 294 { 295 compute_av 296 compute_create 297 compute_member 298 check_context 299 load_policy 300 compute_relabel 301 compute_user 302 setenforce # was avc_toggle in system class 303 setbool 304 setsecparam 305 setcheckreqprot 306 } 307 class system 308 { 309 ipc_info 310 syslog_read 311 syslog_mod 312 syslog_console 313 } 314 class capability 315 { 316 chown 317 dac_override 318 dac_read_search 319 fowner 320 fsetid 321 kill 322 setgid 323 setuid 324 setpcap 325 linux_immutable 326 net_bind_service 327 net_broadcast 328 net_admin 329 net_raw 330 ipc_lock 331 ipc_owner 332 sys_module 333 sys_rawio 334 sys_chroot 335 sys_ptrace 336 sys_pacct 337 sys_admin 338 sys_boot 339 sys_nice 340 sys_resource 341 sys_time 342 sys_tty_config 343 mknod 344 lease 345 audit_write 346 audit_control 347 } 348 class passwd 349 { 350 passwd # change another user passwd 351 chfn # change another user finger info 352 chsh # change another user shell 353 rootok # pam_rootok check (skip auth) 354 crontab # crontab on another user 355 } 356 class drawable 357 { 358 create 359 destroy 360 draw 361 copy 362 getattr 363 } 364 class gc 365 { 366 create 367 free 368 getattr 369 setattr 370 } 371 class window 372 { 373 addchild 374 create 375 destroy 376 map 377 unmap 378 chstack 379 chproplist 380 chprop 381 listprop 382 getattr 383 setattr 384 setfocus 385 move 386 chselection 387 chparent 388 ctrllife 389 enumerate 390 transparent 391 mousemotion 392 clientcomevent 393 inputevent 394 drawevent 395 windowchangeevent 396 windowchangerequest 397 serverchangeevent 398 extensionevent 399 } 400 class font 401 { 402 load 403 free 404 getattr 405 use 406 } 407 class colormap 408 { 409 create 410 free 411 install 412 uninstall 413 list 414 read 415 store 416 getattr 417 setattr 418 } 419 class property 420 { 421 create 422 free 423 read 424 write 425 } 426 class cursor 427 { 428 create 429 createglyph 430 free 431 assign 432 setattr 433 } 434 class xclient 435 { 436 kill 437 } 438 class xinput 439 { 440 lookup 441 getattr 442 setattr 443 setfocus 444 warppointer 445 activegrab 446 passivegrab 447 ungrab 448 bell 449 mousemotion 450 relabelinput 451 } 452 class xserver 453 { 454 screensaver 455 gethostlist 456 sethostlist 457 getfontpath 458 setfontpath 459 getattr 460 grab 461 ungrab 462 } 463 class xextension 464 { 465 query 466 use 467 } 468 class pax 469 { 470 pageexec # Paging based non-executable pages 471 emutramp # Emulate trampolines 472 mprotect # Restrict mprotect() 473 randmmap # Randomize mmap() base 474 randexec # Randomize ET_EXEC base 475 segmexec # Segmentation based non-executable pages 476 } 477 class netlink_route_socket 478 inherits socket 479 { 480 nlmsg_read 481 nlmsg_write 482 } 483 class netlink_firewall_socket 484 inherits socket 485 { 486 nlmsg_read 487 nlmsg_write 488 } 489 class netlink_tcpdiag_socket 490 inherits socket 491 { 492 nlmsg_read 493 nlmsg_write 494 } 495 class netlink_nflog_socket 496 inherits socket 497 class netlink_xfrm_socket 498 inherits socket 499 { 500 nlmsg_read 501 nlmsg_write 502 } 503 class netlink_selinux_socket 504 inherits socket 505 class netlink_audit_socket 506 inherits socket 507 { 508 nlmsg_read 509 nlmsg_write 510 nlmsg_relay 511 nlmsg_readpriv 512 } 513 class netlink_ip6fw_socket 514 inherits socket 515 { 516 nlmsg_read 517 nlmsg_write 518 } 519 class netlink_dnrt_socket 520 inherits socket 521 class dbus 522 { 523 acquire_svc 524 send_msg 525 } 526 class nscd 527 { 528 getpwd 529 getgrp 530 gethost 531 getstat 532 admin 533 shmempwd 534 shmemgrp 535 shmemhost 536 } 537 class association 538 { 539 sendto 540 recvfrom 541 setcontext 542 } 543 class netlink_kobject_uevent_socket 544 inherits socket 545 sensitivity s0; 546 dominance { s0 } 547 category c0; category c1; category c2; category c3; 548 category c4; category c5; category c6; category c7; 549 category c8; category c9; category c10; category c11; 550 category c12; category c13; category c14; category c15; 551 category c16; category c17; category c18; category c19; 552 category c20; category c21; category c22; category c23; 553 category c24; category c25; category c26; category c27; 554 category c28; category c29; category c30; category c31; 555 category c32; category c33; category c34; category c35; 556 category c36; category c37; category c38; category c39; 557 category c40; category c41; category c42; category c43; 558 category c44; category c45; category c46; category c47; 559 category c48; category c49; category c50; category c51; 560 category c52; category c53; category c54; category c55; 561 category c56; category c57; category c58; category c59; 562 category c60; category c61; category c62; category c63; 563 category c64; category c65; category c66; category c67; 564 category c68; category c69; category c70; category c71; 565 category c72; category c73; category c74; category c75; 566 category c76; category c77; category c78; category c79; 567 category c80; category c81; category c82; category c83; 568 category c84; category c85; category c86; category c87; 569 category c88; category c89; category c90; category c91; 570 category c92; category c93; category c94; category c95; 571 category c96; category c97; category c98; category c99; 572 category c100; category c101; category c102; category c103; 573 category c104; category c105; category c106; category c107; 574 category c108; category c109; category c110; category c111; 575 category c112; category c113; category c114; category c115; 576 category c116; category c117; category c118; category c119; 577 category c120; category c121; category c122; category c123; 578 category c124; category c125; category c126; category c127; 579 category c128; category c129; category c130; category c131; 580 category c132; category c133; category c134; category c135; 581 category c136; category c137; category c138; category c139; 582 category c140; category c141; category c142; category c143; 583 category c144; category c145; category c146; category c147; 584 category c148; category c149; category c150; category c151; 585 category c152; category c153; category c154; category c155; 586 category c156; category c157; category c158; category c159; 587 category c160; category c161; category c162; category c163; 588 category c164; category c165; category c166; category c167; 589 category c168; category c169; category c170; category c171; 590 category c172; category c173; category c174; category c175; 591 category c176; category c177; category c178; category c179; 592 category c180; category c181; category c182; category c183; 593 category c184; category c185; category c186; category c187; 594 category c188; category c189; category c190; category c191; 595 category c192; category c193; category c194; category c195; 596 category c196; category c197; category c198; category c199; 597 category c200; category c201; category c202; category c203; 598 category c204; category c205; category c206; category c207; 599 category c208; category c209; category c210; category c211; 600 category c212; category c213; category c214; category c215; 601 category c216; category c217; category c218; category c219; 602 category c220; category c221; category c222; category c223; 603 category c224; category c225; category c226; category c227; 604 category c228; category c229; category c230; category c231; 605 category c232; category c233; category c234; category c235; 606 category c236; category c237; category c238; category c239; 607 category c240; category c241; category c242; category c243; 608 category c244; category c245; category c246; category c247; 609 category c248; category c249; category c250; category c251; 610 category c252; category c253; category c254; category c255; 611 level s0:c0.c255; 612 mlsconstrain file { write setattr append unlink link rename 613 ioctl lock execute relabelfrom } (h1 dom h2); 614 mlsconstrain file { create relabelto } ((h1 dom h2) and (l2 eq h2)); 615 mlsconstrain file { read } ((h1 dom h2) or ( t2 == domain ) or ( t1 == mlsfileread )); 616 mlsconstrain { dir lnk_file chr_file blk_file sock_file fifo_file } { relabelfrom } 617 ( h1 dom h2 ); 618 mlsconstrain { dir lnk_file chr_file blk_file sock_file fifo_file } { create relabelto } 619 (( h1 dom h2 ) and ( l2 eq h2 )); 620 mlsconstrain process { ptrace } ( h1 dom h2 ); 621 mlsconstrain process { sigkill sigstop } ( h1 dom h2 ) or 622 ( t1 == mcskillall ); 623 mlsconstrain xextension query ( t1 == mlsfileread ); 624 attribute netif_type; 625 attribute node_type; 626 attribute port_type; 627 attribute reserved_port_type; 628 attribute device_node; 629 attribute memory_raw_read; 630 attribute memory_raw_write; 631 attribute domain; 632 attribute unconfined_domain_type; 633 attribute set_curr_context; 634 attribute entry_type; 635 attribute privfd; 636 attribute can_change_process_identity; 637 attribute can_change_process_role; 638 attribute can_change_object_identity; 639 attribute can_system_change; 640 attribute process_user_target; 641 attribute cron_source_domain; 642 attribute cron_job_domain; 643 attribute process_uncond_exempt; # add userhelperdomain to this one 644 attribute file_type; 645 attribute lockfile; 646 attribute mountpoint; 647 attribute pidfile; 648 attribute polydir; 649 attribute usercanread; 650 attribute polyparent; 651 attribute polymember; 652 attribute security_file_type; 653 attribute tmpfile; 654 attribute tmpfsfile; 655 attribute filesystem_type; 656 attribute noxattrfs; 657 attribute can_load_kernmodule; 658 attribute can_receive_kernel_messages; 659 attribute kern_unconfined; 660 attribute proc_type; 661 attribute sysctl_type; 662 attribute mcskillall; 663 attribute mlsfileread; 664 attribute mlsfilereadtoclr; 665 attribute mlsfilewrite; 666 attribute mlsfilewritetoclr; 667 attribute mlsfileupgrade; 668 attribute mlsfiledowngrade; 669 attribute mlsnetread; 670 attribute mlsnetreadtoclr; 671 attribute mlsnetwrite; 672 attribute mlsnetwritetoclr; 673 attribute mlsnetupgrade; 674 attribute mlsnetdowngrade; 675 attribute mlsnetrecvall; 676 attribute mlsipcread; 677 attribute mlsipcreadtoclr; 678 attribute mlsipcwrite; 679 attribute mlsipcwritetoclr; 680 attribute mlsprocread; 681 attribute mlsprocreadtoclr; 682 attribute mlsprocwrite; 683 attribute mlsprocwritetoclr; 684 attribute mlsprocsetsl; 685 attribute mlsxwinread; 686 attribute mlsxwinreadtoclr; 687 attribute mlsxwinwrite; 688 attribute mlsxwinwritetoclr; 689 attribute mlsxwinreadproperty; 690 attribute mlsxwinwriteproperty; 691 attribute mlsxwinreadcolormap; 692 attribute mlsxwinwritecolormap; 693 attribute mlsxwinwritexinput; 694 attribute mlstrustedobject; 695 attribute privrangetrans; 696 attribute mlsrangetrans; 697 attribute can_load_policy; 698 attribute can_setenforce; 699 attribute can_setsecparam; 700 attribute ttynode; 701 attribute ptynode; 702 attribute server_ptynode; 703 attribute serial_device; 704 type bin_t; 705 type sbin_t; 706 type ls_exec_t; 707 type shell_exec_t; 708 type chroot_exec_t; 709 type ppp_device_t; 710 type tun_tap_device_t; 711 type port_t, port_type; 712 type reserved_port_t, port_type, reserved_port_type; 713 type afs_bos_port_t, port_type; 714 type afs_fs_port_t, port_type; 715 type afs_ka_port_t, port_type; 716 type afs_pt_port_t, port_type; 717 type afs_vl_port_t, port_type; 718 type amanda_port_t, port_type; 719 type amavisd_recv_port_t, port_type; 720 type amavisd_send_port_t, port_type; 721 type asterisk_port_t, port_type; 722 type auth_port_t, port_type; 723 type bgp_port_t, port_type; 724 type biff_port_t, port_type, reserved_port_type; 725 type clamd_port_t, port_type; 726 type clockspeed_port_t, port_type; 727 type comsat_port_t, port_type; 728 type cvs_port_t, port_type; 729 type dcc_port_t, port_type; 730 type dbskkd_port_t, port_type; 731 type dhcpc_port_t, port_type; 732 type dhcpd_port_t, port_type; 733 type dict_port_t, port_type; 734 type distccd_port_t, port_type; 735 type dns_port_t, port_type; 736 type fingerd_port_t, port_type; 737 type ftp_data_port_t, port_type; 738 type ftp_port_t, port_type; 739 type gatekeeper_port_t, port_type; 740 type giftd_port_t, port_type; 741 type gopher_port_t, port_type; 742 type http_cache_port_t, port_type; 743 type http_port_t, port_type; 744 type howl_port_t, port_type; 745 type hplip_port_t, port_type; 746 type i18n_input_port_t, port_type; 747 type imaze_port_t, port_type; 748 type inetd_child_port_t, port_type; 749 type innd_port_t, port_type; 750 type ipp_port_t, port_type; 751 type ircd_port_t, port_type; 752 type isakmp_port_t, port_type; 753 type jabber_client_port_t, port_type; 754 type jabber_interserver_port_t, port_type; 755 type kerberos_admin_port_t, port_type; 756 type kerberos_master_port_t, port_type; 757 type kerberos_port_t, port_type; 758 type ktalkd_port_t, port_type; 759 type ldap_port_t, port_type; 760 type lrrd_port_t, port_type; 761 type mail_port_t, port_type; 762 type monopd_port_t, port_type; 763 type mysqld_port_t, port_type; 764 type nessus_port_t, port_type; 765 type nmbd_port_t, port_type; 766 type ntp_port_t, port_type; 767 type openvpn_port_t, port_type; 768 type pegasus_http_port_t, port_type; 769 type pegasus_https_port_t, port_type; 770 type pop_port_t, port_type; 771 type portmap_port_t, port_type; 772 type postgresql_port_t, port_type; 773 type postgrey_port_t, port_type; 774 type printer_port_t, port_type; 775 type ptal_port_t, port_type; 776 type pxe_port_t, port_type; 777 type pyzor_port_t, port_type; 778 type radacct_port_t, port_type; 779 type radius_port_t, port_type; 780 type razor_port_t, port_type; 781 type rlogind_port_t, port_type; 782 type rndc_port_t, port_type; 783 type router_port_t, port_type; 784 type rsh_port_t, port_type; 785 type rsync_port_t, port_type; 786 type smbd_port_t, port_type; 787 type smtp_port_t, port_type; 788 type snmp_port_t, port_type; 789 type spamd_port_t, port_type; 790 type ssh_port_t, port_type; 791 type soundd_port_t, port_type; 792 type socks_port_t, port_type; type stunnel_port_t, port_type; 793 type swat_port_t, port_type; 794 type syslogd_port_t, port_type; 795 type telnetd_port_t, port_type; 796 type tftp_port_t, port_type; 797 type transproxy_port_t, port_type; 798 type utcpserver_port_t, port_type; 799 type uucpd_port_t, port_type; 800 type vnc_port_t, port_type; 801 type xserver_port_t, port_type; 802 type xen_port_t, port_type; 803 type zebra_port_t, port_type; 804 type zope_port_t, port_type; 805 type node_t, node_type; 806 type compat_ipv4_node_t alias node_compat_ipv4_t, node_type; 807 type inaddr_any_node_t alias node_inaddr_any_t, node_type; 808 type node_internal_t, node_type; 809 type link_local_node_t alias node_link_local_t, node_type; 810 type lo_node_t alias node_lo_t, node_type; 811 type mapped_ipv4_node_t alias node_mapped_ipv4_t, node_type; 812 type multicast_node_t alias node_multicast_t, node_type; 813 type site_local_node_t alias node_site_local_t, node_type; 814 type unspec_node_t alias node_unspec_t, node_type; 815 type netif_t, netif_type; 816 type device_t; 817 type agp_device_t; 818 type apm_bios_t; 819 type cardmgr_dev_t; 820 type clock_device_t; 821 type cpu_device_t; 822 type crypt_device_t; 823 type dri_device_t; 824 type event_device_t; 825 type framebuf_device_t; 826 type lvm_control_t; 827 type memory_device_t; 828 type misc_device_t; 829 type mouse_device_t; 830 type mtrr_device_t; 831 type null_device_t; 832 type power_device_t; 833 type printer_device_t; 834 type random_device_t; 835 type scanner_device_t; 836 type sound_device_t; 837 type sysfs_t; 838 type urandom_device_t; 839 type usbfs_t alias usbdevfs_t; 840 type usb_device_t; 841 type v4l_device_t; 842 type xserver_misc_device_t; 843 type zero_device_t; 844 type xconsole_device_t; 845 type devfs_control_t; 846 type boot_t; 847 type default_t, file_type, mountpoint; 848 type etc_t, file_type; 849 type etc_runtime_t, file_type; 850 type file_t, file_type, mountpoint; 851 type home_root_t, file_type, mountpoint; 852 type lost_found_t, file_type; 853 type mnt_t, file_type, mountpoint; 854 type modules_object_t; 855 type no_access_t, file_type; 856 type poly_t, file_type; 857 type readable_t, file_type; 858 type root_t, file_type, mountpoint; 859 type src_t, file_type, mountpoint; 860 type system_map_t; 861 type tmp_t, mountpoint; #, polydir 862 type usr_t, file_type, mountpoint; 863 type var_t, file_type, mountpoint; 864 type var_lib_t, file_type, mountpoint; 865 type var_lock_t, file_type, lockfile; 866 type var_run_t, file_type, pidfile; 867 type var_spool_t; 868 type fs_t; 869 type bdev_t; 870 type binfmt_misc_fs_t; 871 type capifs_t; 872 type configfs_t; 873 type eventpollfs_t; 874 type futexfs_t; 875 type hugetlbfs_t; 876 type inotifyfs_t; 877 type nfsd_fs_t; 878 type ramfs_t; 879 type romfs_t; 880 type rpc_pipefs_t; 881 type tmpfs_t; 882 type autofs_t, noxattrfs; 883 type cifs_t alias sambafs_t, noxattrfs; 884 type dosfs_t, noxattrfs; 885 type iso9660_t, filesystem_type, noxattrfs; 886 type removable_t, noxattrfs; 887 type nfs_t, filesystem_type, noxattrfs; 888 type kernel_t, can_load_kernmodule; 889 type debugfs_t; 890 type proc_t, proc_type; 891 type proc_kmsg_t, proc_type; 892 type proc_kcore_t, proc_type; 893 type proc_mdstat_t, proc_type; 894 type proc_net_t, proc_type; 895 type proc_xen_t, proc_type; 896 type sysctl_t, sysctl_type; 897 type sysctl_irq_t, sysctl_type; 898 type sysctl_rpc_t, sysctl_type; 899 type sysctl_fs_t, sysctl_type; 900 type sysctl_kernel_t, sysctl_type; 901 type sysctl_modprobe_t, sysctl_type; 902 type sysctl_hotplug_t, sysctl_type; 903 type sysctl_net_t, sysctl_type; 904 type sysctl_net_unix_t, sysctl_type; 905 type sysctl_vm_t, sysctl_type; 906 type sysctl_dev_t, sysctl_type; 907 type unlabeled_t; 908 type auditd_exec_t; 909 type crond_exec_t; 910 type cupsd_exec_t; 911 type getty_t; 912 type init_t; 913 type init_exec_t; 914 type initrc_t; 915 type initrc_exec_t; 916 type login_exec_t; 917 type sshd_exec_t; 918 type su_exec_t; 919 type udev_exec_t; 920 type unconfined_t; 921 type xdm_exec_t; 922 type lvm_exec_t; 923 type security_t; 924 type bsdpty_device_t; 925 type console_device_t; 926 type devpts_t; 927 type devtty_t; 928 type ptmx_t; 929 type tty_device_t, serial_device; 930 type usbtty_device_t, serial_device; 931 bool secure_mode false; 932 bool secure_mode_insmod false; 933 bool secure_mode_policyload false; 934 bool allow_cvs_read_shadow false; 935 bool allow_execheap false; 936 bool allow_execmem true; 937 bool allow_execmod false; 938 bool allow_execstack true; 939 bool allow_ftpd_anon_write false; 940 bool allow_gssd_read_tmp true; 941 bool allow_httpd_anon_write false; 942 bool allow_java_execstack false; 943 bool allow_kerberos true; 944 bool allow_rsync_anon_write false; 945 bool allow_saslauthd_read_shadow false; 946 bool allow_smbd_anon_write false; 947 bool allow_ptrace false; 948 bool allow_ypbind false; 949 bool fcron_crond false; 950 bool ftp_home_dir false; 951 bool ftpd_is_daemon true; 952 bool httpd_builtin_scripting true; 953 bool httpd_can_network_connect false; 954 bool httpd_can_network_connect_db false; 955 bool httpd_can_network_relay false; 956 bool httpd_enable_cgi true; 957 bool httpd_enable_ftp_server false; 958 bool httpd_enable_homedirs true; 959 bool httpd_ssi_exec true; 960 bool httpd_tty_comm false; 961 bool httpd_unified true; 962 bool named_write_master_zones false; 963 bool nfs_export_all_rw true; 964 bool nfs_export_all_ro true; 965 bool pppd_can_insmod false; 966 bool read_default_t true; 967 bool run_ssh_inetd false; 968 bool samba_enable_home_dirs false; 969 bool spamassasin_can_network false; 970 bool squid_connect_any false; 971 bool ssh_sysadm_login false; 972 bool stunnel_is_daemon false; 973 bool use_nfs_home_dirs false; 974 bool use_samba_home_dirs false; 975 bool user_ping true; 976 bool spamd_enable_home_dirs true; 977 allow bin_t fs_t:filesystem associate; 978 allow bin_t noxattrfs:filesystem associate; 979 typeattribute bin_t file_type; 980 allow sbin_t fs_t:filesystem associate; 981 allow sbin_t noxattrfs:filesystem associate; 982 typeattribute sbin_t file_type; 983 allow ls_exec_t fs_t:filesystem associate; 984 allow ls_exec_t noxattrfs:filesystem associate; 985 typeattribute ls_exec_t file_type; 986 typeattribute ls_exec_t entry_type; 987 allow shell_exec_t fs_t:filesystem associate; 988 allow shell_exec_t noxattrfs:filesystem associate; 989 typeattribute shell_exec_t file_type; 990 allow chroot_exec_t fs_t:filesystem associate; 991 allow chroot_exec_t noxattrfs:filesystem associate; 992 typeattribute chroot_exec_t file_type; 993 typeattribute ppp_device_t device_node; 994 allow ppp_device_t fs_t:filesystem associate; 995 allow ppp_device_t tmpfs_t:filesystem associate; 996 allow ppp_device_t tmp_t:filesystem associate; 997 typeattribute tun_tap_device_t device_node; 998 allow tun_tap_device_t fs_t:filesystem associate; 999 allow tun_tap_device_t tmpfs_t:filesystem associate; 1000 allow tun_tap_device_t tmp_t:filesystem associate; 1001 typeattribute auth_port_t reserved_port_type; 1002 typeattribute bgp_port_t reserved_port_type; 1003 typeattribute bgp_port_t reserved_port_type; 1004 typeattribute comsat_port_t reserved_port_type; 1005 typeattribute dhcpc_port_t reserved_port_type; 1006 typeattribute dhcpd_port_t reserved_port_type; 1007 typeattribute dhcpd_port_t reserved_port_type; 1008 typeattribute dhcpd_port_t reserved_port_type; 1009 typeattribute dhcpd_port_t reserved_port_type; 1010 typeattribute dhcpd_port_t reserved_port_type; 1011 typeattribute dns_port_t reserved_port_type; 1012 typeattribute dns_port_t reserved_port_type; 1013 typeattribute fingerd_port_t reserved_port_type; 1014 typeattribute ftp_data_port_t reserved_port_type; 1015 typeattribute ftp_port_t reserved_port_type; 1016 typeattribute gopher_port_t reserved_port_type; 1017 typeattribute gopher_port_t reserved_port_type; 1018 typeattribute http_port_t reserved_port_type; 1019 typeattribute http_port_t reserved_port_type; 1020 typeattribute http_port_t reserved_port_type; 1021 typeattribute inetd_child_port_t reserved_port_type; 1022 typeattribute inetd_child_port_t reserved_port_type; 1023 typeattribute inetd_child_port_t reserved_port_type; 1024 typeattribute inetd_child_port_t reserved_port_type; 1025 typeattribute inetd_child_port_t reserved_port_type; 1026 typeattribute inetd_child_port_t reserved_port_type; 1027 typeattribute inetd_child_port_t reserved_port_type; 1028 typeattribute inetd_child_port_t reserved_port_type; 1029 typeattribute inetd_child_port_t reserved_port_type; 1030 typeattribute inetd_child_port_t reserved_port_type; 1031 typeattribute inetd_child_port_t reserved_port_type; 1032 typeattribute inetd_child_port_t reserved_port_type; 1033 typeattribute inetd_child_port_t reserved_port_type; 1034 typeattribute inetd_child_port_t reserved_port_type; 1035 typeattribute inetd_child_port_t reserved_port_type; 1036 typeattribute inetd_child_port_t reserved_port_type; 1037 typeattribute inetd_child_port_t reserved_port_type; 1038 typeattribute innd_port_t reserved_port_type; 1039 typeattribute ipp_port_t reserved_port_type; 1040 typeattribute ipp_port_t reserved_port_type; 1041 typeattribute isakmp_port_t reserved_port_type; 1042 typeattribute kerberos_admin_port_t reserved_port_type; 1043 typeattribute kerberos_admin_port_t reserved_port_type; 1044 typeattribute kerberos_admin_port_t reserved_port_type; 1045 typeattribute kerberos_port_t reserved_port_type; 1046 typeattribute kerberos_port_t reserved_port_type; 1047 typeattribute kerberos_port_t reserved_port_type; 1048 typeattribute kerberos_port_t reserved_port_type; 1049 typeattribute ktalkd_port_t reserved_port_type; 1050 typeattribute ktalkd_port_t reserved_port_type; 1051 typeattribute ldap_port_t reserved_port_type; 1052 typeattribute ldap_port_t reserved_port_type; 1053 typeattribute ldap_port_t reserved_port_type; 1054 typeattribute ldap_port_t reserved_port_type; 1055 typeattribute nmbd_port_t reserved_port_type; 1056 typeattribute nmbd_port_t reserved_port_type; 1057 typeattribute nmbd_port_t reserved_port_type; 1058 typeattribute ntp_port_t reserved_port_type; 1059 typeattribute pop_port_t reserved_port_type; 1060 typeattribute pop_port_t reserved_port_type; 1061 typeattribute pop_port_t reserved_port_type; 1062 typeattribute pop_port_t reserved_port_type; 1063 typeattribute pop_port_t reserved_port_type; 1064 typeattribute pop_port_t reserved_port_type; 1065 typeattribute pop_port_t reserved_port_type; 1066 typeattribute portmap_port_t reserved_port_type; 1067 typeattribute portmap_port_t reserved_port_type; 1068 typeattribute printer_port_t reserved_port_type; 1069 typeattribute rlogind_port_t reserved_port_type; 1070 typeattribute rndc_port_t reserved_port_type; 1071 typeattribute router_port_t reserved_port_type; 1072 typeattribute rsh_port_t reserved_port_type; 1073 typeattribute rsync_port_t reserved_port_type; 1074 typeattribute rsync_port_t reserved_port_type; 1075 typeattribute smbd_port_t reserved_port_type; 1076 typeattribute smbd_port_t reserved_port_type; 1077 typeattribute smtp_port_t reserved_port_type; 1078 typeattribute smtp_port_t reserved_port_type; 1079 typeattribute smtp_port_t reserved_port_type; 1080 typeattribute snmp_port_t reserved_port_type; 1081 typeattribute snmp_port_t reserved_port_type; 1082 typeattribute snmp_port_t reserved_port_type; 1083 typeattribute spamd_port_t reserved_port_type; 1084 typeattribute ssh_port_t reserved_port_type; 1085 typeattribute swat_port_t reserved_port_type; 1086 typeattribute syslogd_port_t reserved_port_type; 1087 typeattribute telnetd_port_t reserved_port_type; 1088 typeattribute tftp_port_t reserved_port_type; 1089 typeattribute uucpd_port_t reserved_port_type; 1090 allow device_t tmpfs_t:filesystem associate; 1091 allow device_t fs_t:filesystem associate; 1092 allow device_t noxattrfs:filesystem associate; 1093 typeattribute device_t file_type; 1094 allow device_t fs_t:filesystem associate; 1095 allow device_t noxattrfs:filesystem associate; 1096 typeattribute device_t file_type; 1097 typeattribute device_t mountpoint; 1098 allow device_t tmp_t:filesystem associate; 1099 typeattribute agp_device_t device_node; 1100 allow agp_device_t fs_t:filesystem associate; 1101 allow agp_device_t tmpfs_t:filesystem associate; 1102 allow agp_device_t tmp_t:filesystem associate; 1103 typeattribute apm_bios_t device_node; 1104 allow apm_bios_t fs_t:filesystem associate; 1105 allow apm_bios_t tmpfs_t:filesystem associate; 1106 allow apm_bios_t tmp_t:filesystem associate; 1107 typeattribute cardmgr_dev_t device_node; 1108 allow cardmgr_dev_t fs_t:filesystem associate; 1109 allow cardmgr_dev_t tmpfs_t:filesystem associate; 1110 allow cardmgr_dev_t tmp_t:filesystem associate; 1111 allow cardmgr_dev_t fs_t:filesystem associate; 1112 allow cardmgr_dev_t noxattrfs:filesystem associate; 1113 typeattribute cardmgr_dev_t file_type; 1114 allow cardmgr_dev_t fs_t:filesystem associate; 1115 allow cardmgr_dev_t noxattrfs:filesystem associate; 1116 typeattribute cardmgr_dev_t file_type; 1117 typeattribute cardmgr_dev_t polymember; 1118 allow cardmgr_dev_t tmpfs_t:filesystem associate; 1119 typeattribute cardmgr_dev_t tmpfile; 1120 allow cardmgr_dev_t tmp_t:filesystem associate; 1121 typeattribute clock_device_t device_node; 1122 allow clock_device_t fs_t:filesystem associate; 1123 allow clock_device_t tmpfs_t:filesystem associate; 1124 allow clock_device_t tmp_t:filesystem associate; 1125 typeattribute cpu_device_t device_node; 1126 allow cpu_device_t fs_t:filesystem associate; 1127 allow cpu_device_t tmpfs_t:filesystem associate; 1128 allow cpu_device_t tmp_t:filesystem associate; 1129 typeattribute crypt_device_t device_node; 1130 allow crypt_device_t fs_t:filesystem associate; 1131 allow crypt_device_t tmpfs_t:filesystem associate; 1132 allow crypt_device_t tmp_t:filesystem associate; 1133 typeattribute dri_device_t device_node; 1134 allow dri_device_t fs_t:filesystem associate; 1135 allow dri_device_t tmpfs_t:filesystem associate; 1136 allow dri_device_t tmp_t:filesystem associate; 1137 typeattribute event_device_t device_node; 1138 allow event_device_t fs_t:filesystem associate; 1139 allow event_device_t tmpfs_t:filesystem associate; 1140 allow event_device_t tmp_t:filesystem associate; 1141 typeattribute framebuf_device_t device_node; 1142 allow framebuf_device_t fs_t:filesystem associate; 1143 allow framebuf_device_t tmpfs_t:filesystem associate; 1144 allow framebuf_device_t tmp_t:filesystem associate; 1145 typeattribute lvm_control_t device_node; 1146 allow lvm_control_t fs_t:filesystem associate; 1147 allow lvm_control_t tmpfs_t:filesystem associate; 1148 allow lvm_control_t tmp_t:filesystem associate; 1149 typeattribute memory_device_t device_node; 1150 allow memory_device_t fs_t:filesystem associate; 1151 allow memory_device_t tmpfs_t:filesystem associate; 1152 allow memory_device_t tmp_t:filesystem associate; 1153 neverallow ~memory_raw_read memory_device_t:{ chr_file blk_file } read; 1154 neverallow ~memory_raw_write memory_device_t:{ chr_file blk_file } { append write }; 1155 typeattribute misc_device_t device_node; 1156 allow misc_device_t fs_t:filesystem associate; 1157 allow misc_device_t tmpfs_t:filesystem associate; 1158 allow misc_device_t tmp_t:filesystem associate; 1159 typeattribute mouse_device_t device_node; 1160 allow mouse_device_t fs_t:filesystem associate; 1161 allow mouse_device_t tmpfs_t:filesystem associate; 1162 allow mouse_device_t tmp_t:filesystem associate; 1163 typeattribute mtrr_device_t device_node; 1164 allow mtrr_device_t fs_t:filesystem associate; 1165 allow mtrr_device_t tmpfs_t:filesystem associate; 1166 allow mtrr_device_t tmp_t:filesystem associate; 1167 typeattribute null_device_t device_node; 1168 allow null_device_t fs_t:filesystem associate; 1169 allow null_device_t tmpfs_t:filesystem associate; 1170 allow null_device_t tmp_t:filesystem associate; 1171 typeattribute null_device_t mlstrustedobject; 1172 typeattribute power_device_t device_node; 1173 allow power_device_t fs_t:filesystem associate; 1174 allow power_device_t tmpfs_t:filesystem associate; 1175 allow power_device_t tmp_t:filesystem associate; 1176 typeattribute printer_device_t device_node; 1177 allow printer_device_t fs_t:filesystem associate; 1178 allow printer_device_t tmpfs_t:filesystem associate; 1179 allow printer_device_t tmp_t:filesystem associate; 1180 typeattribute random_device_t device_node; 1181 allow random_device_t fs_t:filesystem associate; 1182 allow random_device_t tmpfs_t:filesystem associate; 1183 allow random_device_t tmp_t:filesystem associate; 1184 typeattribute scanner_device_t device_node; 1185 allow scanner_device_t fs_t:filesystem associate; 1186 allow scanner_device_t tmpfs_t:filesystem associate; 1187 allow scanner_device_t tmp_t:filesystem associate; 1188 typeattribute sound_device_t device_node; 1189 allow sound_device_t fs_t:filesystem associate; 1190 allow sound_device_t tmpfs_t:filesystem associate; 1191 allow sound_device_t tmp_t:filesystem associate; 1192 allow sysfs_t fs_t:filesystem associate; 1193 allow sysfs_t noxattrfs:filesystem associate; 1194 typeattribute sysfs_t file_type; 1195 typeattribute sysfs_t mountpoint; 1196 typeattribute sysfs_t filesystem_type; 1197 allow sysfs_t self:filesystem associate; 1198 typeattribute urandom_device_t device_node; 1199 allow urandom_device_t fs_t:filesystem associate; 1200 allow urandom_device_t tmpfs_t:filesystem associate; 1201 allow urandom_device_t tmp_t:filesystem associate; 1202 allow usbfs_t fs_t:filesystem associate; 1203 allow usbfs_t noxattrfs:filesystem associate; 1204 typeattribute usbfs_t file_type; 1205 typeattribute usbfs_t mountpoint; 1206 typeattribute usbfs_t filesystem_type; 1207 allow usbfs_t self:filesystem associate; 1208 typeattribute usbfs_t noxattrfs; 1209 typeattribute usb_device_t device_node; 1210 allow usb_device_t fs_t:filesystem associate; 1211 allow usb_device_t tmpfs_t:filesystem associate; 1212 allow usb_device_t tmp_t:filesystem associate; 1213 typeattribute v4l_device_t device_node; 1214 allow v4l_device_t fs_t:filesystem associate; 1215 allow v4l_device_t tmpfs_t:filesystem associate; 1216 allow v4l_device_t tmp_t:filesystem associate; 1217 typeattribute xserver_misc_device_t device_node; 1218 allow xserver_misc_device_t fs_t:filesystem associate; 1219 allow xserver_misc_device_t tmpfs_t:filesystem associate; 1220 allow xserver_misc_device_t tmp_t:filesystem associate; 1221 typeattribute zero_device_t device_node; 1222 allow zero_device_t fs_t:filesystem associate; 1223 allow zero_device_t tmpfs_t:filesystem associate; 1224 allow zero_device_t tmp_t:filesystem associate; 1225 typeattribute zero_device_t mlstrustedobject; 1226 allow xconsole_device_t fs_t:filesystem associate; 1227 allow xconsole_device_t noxattrfs:filesystem associate; 1228 typeattribute xconsole_device_t file_type; 1229 allow xconsole_device_t tmpfs_t:filesystem associate; 1230 allow xconsole_device_t tmp_t:filesystem associate; 1231 typeattribute devfs_control_t device_node; 1232 allow devfs_control_t fs_t:filesystem associate; 1233 allow devfs_control_t tmpfs_t:filesystem associate; 1234 allow devfs_control_t tmp_t:filesystem associate; 1235 neverallow domain ~domain:process { transition dyntransition }; 1236 neverallow { domain -set_curr_context } self:process setcurrent; 1237 neverallow { domain unlabeled_t } ~{ domain unlabeled_t }:process *; 1238 neverallow ~{ domain unlabeled_t } *:process *; 1239 allow file_type self:filesystem associate; 1240 allow boot_t fs_t:filesystem associate; 1241 allow boot_t noxattrfs:filesystem associate; 1242 typeattribute boot_t file_type; 1243 allow boot_t fs_t:filesystem associate; 1244 allow boot_t noxattrfs:filesystem associate; 1245 typeattribute boot_t file_type; 1246 typeattribute boot_t mountpoint; 1247 allow default_t fs_t:filesystem associate; 1248 allow default_t noxattrfs:filesystem associate; 1249 allow etc_t fs_t:filesystem associate; 1250 allow etc_t noxattrfs:filesystem associate; 1251 allow etc_runtime_t fs_t:filesystem associate; 1252 allow etc_runtime_t noxattrfs:filesystem associate; 1253 allow file_t fs_t:filesystem associate; 1254 allow file_t noxattrfs:filesystem associate; 1255 allow kernel_t file_t:dir mounton; 1256 allow home_root_t fs_t:filesystem associate; 1257 allow home_root_t noxattrfs:filesystem associate; 1258 allow home_root_t fs_t:filesystem associate; 1259 allow home_root_t noxattrfs:filesystem associate; 1260 typeattribute home_root_t file_type; 1261 typeattribute home_root_t polyparent; 1262 allow lost_found_t fs_t:filesystem associate; 1263 allow lost_found_t noxattrfs:filesystem associate; 1264 allow mnt_t fs_t:filesystem associate; 1265 allow mnt_t noxattrfs:filesystem associate; 1266 allow modules_object_t fs_t:filesystem associate; 1267 allow modules_object_t noxattrfs:filesystem associate; 1268 typeattribute modules_object_t file_type; 1269 allow no_access_t fs_t:filesystem associate; 1270 allow no_access_t noxattrfs:filesystem associate; 1271 allow poly_t fs_t:filesystem associate; 1272 allow poly_t noxattrfs:filesystem associate; 1273 allow readable_t fs_t:filesystem associate; 1274 allow readable_t noxattrfs:filesystem associate; 1275 allow root_t fs_t:filesystem associate; 1276 allow root_t noxattrfs:filesystem associate; 1277 allow root_t fs_t:filesystem associate; 1278 allow root_t noxattrfs:filesystem associate; 1279 typeattribute root_t file_type; 1280 typeattribute root_t polyparent; 1281 allow kernel_t root_t:dir mounton; 1282 allow src_t fs_t:filesystem associate; 1283 allow src_t noxattrfs:filesystem associate; 1284 allow system_map_t fs_t:filesystem associate; 1285 allow system_map_t noxattrfs:filesystem associate; 1286 typeattribute system_map_t file_type; 1287 allow tmp_t fs_t:filesystem associate; 1288 allow tmp_t noxattrfs:filesystem associate; 1289 typeattribute tmp_t file_type; 1290 allow tmp_t fs_t:filesystem associate; 1291 allow tmp_t noxattrfs:filesystem associate; 1292 typeattribute tmp_t file_type; 1293 typeattribute tmp_t polymember; 1294 allow tmp_t tmpfs_t:filesystem associate; 1295 typeattribute tmp_t tmpfile; 1296 allow tmp_t tmp_t:filesystem associate; 1297 allow tmp_t fs_t:filesystem associate; 1298 allow tmp_t noxattrfs:filesystem associate; 1299 typeattribute tmp_t file_type; 1300 typeattribute tmp_t polyparent; 1301 allow usr_t fs_t:filesystem associate; 1302 allow usr_t noxattrfs:filesystem associate; 1303 allow var_t fs_t:filesystem associate; 1304 allow var_t noxattrfs:filesystem associate; 1305 allow var_lib_t fs_t:filesystem associate; 1306 allow var_lib_t noxattrfs:filesystem associate; 1307 allow var_lock_t fs_t:filesystem associate; 1308 allow var_lock_t noxattrfs:filesystem associate; 1309 allow var_run_t fs_t:filesystem associate; 1310 allow var_run_t noxattrfs:filesystem associate; 1311 allow var_spool_t fs_t:filesystem associate; 1312 allow var_spool_t noxattrfs:filesystem associate; 1313 typeattribute var_spool_t file_type; 1314 allow var_spool_t fs_t:filesystem associate; 1315 allow var_spool_t noxattrfs:filesystem associate; 1316 typeattribute var_spool_t file_type; 1317 typeattribute var_spool_t polymember; 1318 allow var_spool_t tmpfs_t:filesystem associate; 1319 typeattribute var_spool_t tmpfile; 1320 allow var_spool_t tmp_t:filesystem associate; 1321 typeattribute fs_t filesystem_type; 1322 allow fs_t self:filesystem associate; 1323 typeattribute bdev_t filesystem_type; 1324 allow bdev_t self:filesystem associate; 1325 typeattribute binfmt_misc_fs_t filesystem_type; 1326 allow binfmt_misc_fs_t self:filesystem associate; 1327 allow binfmt_misc_fs_t fs_t:filesystem associate; 1328 allow binfmt_misc_fs_t noxattrfs:filesystem associate; 1329 typeattribute binfmt_misc_fs_t file_type; 1330 typeattribute binfmt_misc_fs_t mountpoint; 1331 typeattribute capifs_t filesystem_type; 1332 allow capifs_t self:filesystem associate; 1333 typeattribute configfs_t filesystem_type; 1334 allow configfs_t self:filesystem associate; 1335 typeattribute eventpollfs_t filesystem_type; 1336 allow eventpollfs_t self:filesystem associate; 1337 typeattribute futexfs_t filesystem_type; 1338 allow futexfs_t self:filesystem associate; 1339 typeattribute hugetlbfs_t filesystem_type; 1340 allow hugetlbfs_t self:filesystem associate; 1341 allow hugetlbfs_t fs_t:filesystem associate; 1342 allow hugetlbfs_t noxattrfs:filesystem associate; 1343 typeattribute hugetlbfs_t file_type; 1344 typeattribute hugetlbfs_t mountpoint; 1345 typeattribute inotifyfs_t filesystem_type; 1346 allow inotifyfs_t self:filesystem associate; 1347 typeattribute nfsd_fs_t filesystem_type; 1348 allow nfsd_fs_t self:filesystem associate; 1349 typeattribute ramfs_t filesystem_type; 1350 allow ramfs_t self:filesystem associate; 1351 typeattribute romfs_t filesystem_type; 1352 allow romfs_t self:filesystem associate; 1353 typeattribute rpc_pipefs_t filesystem_type; 1354 allow rpc_pipefs_t self:filesystem associate; 1355 typeattribute tmpfs_t filesystem_type; 1356 allow tmpfs_t self:filesystem associate; 1357 allow tmpfs_t fs_t:filesystem associate; 1358 allow tmpfs_t noxattrfs:filesystem associate; 1359 typeattribute tmpfs_t file_type; 1360 allow tmpfs_t fs_t:filesystem associate; 1361 allow tmpfs_t noxattrfs:filesystem associate; 1362 typeattribute tmpfs_t file_type; 1363 typeattribute tmpfs_t mountpoint; 1364 allow tmpfs_t noxattrfs:filesystem associate; 1365 typeattribute autofs_t filesystem_type; 1366 allow autofs_t self:filesystem associate; 1367 allow autofs_t fs_t:filesystem associate; 1368 allow autofs_t noxattrfs:filesystem associate; 1369 typeattribute autofs_t file_type; 1370 typeattribute autofs_t mountpoint; 1371 typeattribute cifs_t filesystem_type; 1372 allow cifs_t self:filesystem associate; 1373 typeattribute dosfs_t filesystem_type; 1374 allow dosfs_t self:filesystem associate; 1375 allow dosfs_t fs_t:filesystem associate; 1376 typeattribute iso9660_t filesystem_type; 1377 allow iso9660_t self:filesystem associate; 1378 allow removable_t noxattrfs:filesystem associate; 1379 typeattribute removable_t filesystem_type; 1380 allow removable_t self:filesystem associate; 1381 allow removable_t fs_t:filesystem associate; 1382 allow removable_t noxattrfs:filesystem associate; 1383 typeattribute removable_t file_type; 1384 typeattribute removable_t usercanread; 1385 typeattribute nfs_t filesystem_type; 1386 allow nfs_t self:filesystem associate; 1387 allow nfs_t fs_t:filesystem associate; 1388 allow nfs_t noxattrfs:filesystem associate; 1389 typeattribute nfs_t file_type; 1390 typeattribute nfs_t mountpoint; 1391 neverallow ~can_load_kernmodule self:capability sys_module; 1392 role system_r; 1393 role sysadm_r; 1394 role staff_r; 1395 role user_r; 1396 role secadm_r; 1397 typeattribute kernel_t domain; 1398 allow kernel_t self:dir { read getattr lock search ioctl }; 1399 allow kernel_t self:lnk_file { read getattr lock ioctl }; 1400 allow kernel_t self:file { getattr read write append ioctl lock }; 1401 allow kernel_t self:process { fork sigchld }; 1402 role secadm_r types kernel_t; 1403 role sysadm_r types kernel_t; 1404 role user_r types kernel_t; 1405 role staff_r types kernel_t; 1406 typeattribute kernel_t privrangetrans; 1407 role system_r types kernel_t; 1408 typeattribute debugfs_t filesystem_type; 1409 allow debugfs_t self:filesystem associate; 1410 allow debugfs_t self:filesystem associate; 1411 allow proc_t fs_t:filesystem associate; 1412 allow proc_t noxattrfs:filesystem associate; 1413 typeattribute proc_t file_type; 1414 typeattribute proc_t mountpoint; 1415 typeattribute proc_t filesystem_type; 1416 allow proc_t self:filesystem associate; 1417 neverallow ~can_receive_kernel_messages proc_kmsg_t:file ~getattr; 1418 neverallow { domain -kern_unconfined } proc_kcore_t:file ~getattr; 1419 allow sysctl_t fs_t:filesystem associate; 1420 allow sysctl_t noxattrfs:filesystem associate; 1421 typeattribute sysctl_t file_type; 1422 typeattribute sysctl_t mountpoint; 1423 allow sysctl_fs_t fs_t:filesystem associate; 1424 allow sysctl_fs_t noxattrfs:filesystem associate; 1425 typeattribute sysctl_fs_t file_type; 1426 typeattribute sysctl_fs_t mountpoint; 1427 allow kernel_t self:capability *; 1428 allow kernel_t unlabeled_t:dir mounton; 1429 allow kernel_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap }; 1430 allow kernel_t self:shm { associate getattr setattr create destroy read write lock unix_read unix_write }; 1431 allow kernel_t self:sem { associate getattr setattr create destroy read write unix_read unix_write }; 1432 allow kernel_t self:msg { send receive }; 1433 allow kernel_t self:msgq { associate getattr setattr create destroy read write enqueue unix_read unix_write }; 1434 allow kernel_t self:unix_dgram_socket { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } }; 1435 allow kernel_t self:unix_stream_socket { { create { ioctl read getattr write setattr append bind connect getopt setopt shutdown } } listen accept }; 1436 allow kernel_t self:unix_dgram_socket sendto; 1437 allow kernel_t self:unix_stream_socket connectto; 1438 allow kernel_t self:fifo_file { getattr read write append ioctl lock }; 1439 allow kernel_t self:sock_file { read getattr lock ioctl }; 1440 allow kernel_t self:fd use; 1441 allow kernel_t proc_t:dir { read getattr lock search ioctl }; 1442 allow kernel_t proc_t:{ lnk_file file } { read getattr lock ioctl }; 1443 allow kernel_t proc_net_t:dir { read getattr lock search ioctl }; 1444 allow kernel_t proc_net_t:file { read getattr lock ioctl }; 1445 allow kernel_t proc_mdstat_t:file { read getattr lock ioctl }; 1446 allow kernel_t proc_kcore_t:file getattr; 1447 allow kernel_t proc_kmsg_t:file getattr; 1448 allow kernel_t sysctl_t:dir { read getattr lock search ioctl }; 1449 allow kernel_t sysctl_kernel_t:dir { read getattr lock search ioctl }; 1450 allow kernel_t sysctl_kernel_t:file { read getattr lock ioctl }; 1451 allow kernel_t unlabeled_t:fifo_file { getattr read write append ioctl lock }; 1452 allow kernel_t unlabeled_t:association { sendto recvfrom }; 1453 allow kernel_t netif_type:netif rawip_send; 1454 allow kernel_t netif_type:netif rawip_recv; 1455 allow kernel_t node_type:node rawip_send; 1456 allow kernel_t node_type:node rawip_recv; 1457 allow kernel_t netif_t:netif rawip_send; 1458 allow kernel_t netif_type:netif { tcp_send tcp_recv }; 1459 allow kernel_t node_type:node { tcp_send tcp_recv }; 1460 allow kernel_t node_t:node rawip_send; 1461 allow kernel_t multicast_node_t:node rawip_send; 1462 allow kernel_t sysfs_t:dir { read getattr lock search ioctl }; 1463 allow kernel_t sysfs_t:{ file lnk_file } { read getattr lock ioctl }; 1464 allow kernel_t usbfs_t:dir search; 1465 allow kernel_t filesystem_type:filesystem mount; 1466 allow kernel_t security_t:dir { read search getattr }; 1467 allow kernel_t security_t:file { getattr read write }; 1468 typeattribute kernel_t can_load_policy; 1469 if(!secure_mode_policyload) { 1470 allow kernel_t security_t:security load_policy; 1471 auditallow kernel_t security_t:security load_policy; 1472 } 1473 allow kernel_t device_t:dir { read getattr lock search ioctl }; 1474 allow kernel_t device_t:lnk_file { getattr read }; 1475 allow kernel_t console_device_t:chr_file { getattr read write append ioctl lock }; 1476 allow kernel_t bin_t:dir { read getattr lock search ioctl }; 1477 allow kernel_t bin_t:lnk_file { read getattr lock ioctl }; 1478 allow kernel_t shell_exec_t:file { { read getattr lock execute ioctl } execute_no_trans }; 1479 allow kernel_t sbin_t:dir { read getattr lock search ioctl }; 1480 allow kernel_t bin_t:dir { read getattr lock search ioctl }; 1481 allow kernel_t bin_t:lnk_file { read getattr lock ioctl }; 1482 allow kernel_t bin_t:file { { read getattr lock execute ioctl } execute_no_trans }; 1483 allow kernel_t domain:process signal; 1484 allow kernel_t proc_t:dir search; 1485 allow kernel_t domain:dir search; 1486 allow kernel_t root_t:dir { read getattr lock search ioctl }; 1487 allow kernel_t root_t:lnk_file { read getattr lock ioctl }; 1488 allow kernel_t etc_t:dir { read getattr lock search ioctl }; 1489 allow kernel_t home_root_t:dir { read getattr lock search ioctl }; 1490 allow kernel_t usr_t:dir { read getattr lock search ioctl }; 1491 allow kernel_t usr_t:{ file lnk_file } { read getattr lock ioctl }; 1492 typeattribute kernel_t mlsprocread; 1493 typeattribute kernel_t mlsprocwrite; 1494 allow kernel_t self:capability *; 1495 allow kernel_t self:fifo_file { create ioctl read getattr lock write setattr append link unlink rename }; 1496 allow kernel_t self:process transition; 1497 allow kernel_t self:file { getattr read write append ioctl lock }; 1498 allow kernel_t self:nscd *; 1499 allow kernel_t self:dbus *; 1500 allow kernel_t self:passwd *; 1501 allow kernel_t proc_type:{ dir file } *; 1502 allow kernel_t sysctl_t:{ dir file } *; 1503 allow kernel_t kernel_t:system *; 1504 allow kernel_t unlabeled_t:{ dir file lnk_file sock_file fifo_file chr_file blk_file } *; 1505 allow kernel_t unlabeled_t:filesystem *; 1506 allow kernel_t unlabeled_t:association *; 1507 typeattribute kernel_t can_load_kernmodule, can_receive_kernel_messages; 1508 typeattribute kernel_t kern_unconfined; 1509 allow kernel_t { proc_t proc_net_t }:dir search; 1510 allow kernel_t sysctl_type:dir { read getattr lock search ioctl }; 1511 allow kernel_t sysctl_type:file { { getattr read write append ioctl lock } setattr }; 1512 allow kernel_t node_type:node *; 1513 allow kernel_t netif_type:netif *; 1514 allow kernel_t port_type:tcp_socket { send_msg recv_msg name_connect }; 1515 allow kernel_t port_type:udp_socket { send_msg recv_msg }; 1516 allow kernel_t port_type:{ tcp_socket udp_socket rawip_socket } name_bind; 1517 allow kernel_t node_type:{ tcp_socket udp_socket rawip_socket } node_bind; 1518 allow kernel_t unlabeled_t:association { sendto recvfrom }; 1519 allow kernel_t device_node:{ chr_file blk_file } *; 1520 allow kernel_t mtrr_device_t:{ dir file } *; 1521 allow kernel_t self:capability sys_rawio; 1522 typeattribute kernel_t memory_raw_write, memory_raw_read; 1523 typeattribute kernel_t unconfined_domain_type; 1524 typeattribute kernel_t can_change_process_identity; 1525 typeattribute kernel_t can_change_process_role; 1526 typeattribute kernel_t can_change_object_identity; 1527 typeattribute kernel_t set_curr_context; 1528 allow kernel_t domain:{ { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket netlink_kobject_uevent_socket } socket key_socket } *; 1529 allow kernel_t domain:fd use; 1530 allow kernel_t domain:fifo_file { getattr read write append ioctl lock }; 1531 allow kernel_t domain:process ~{ transition dyntransition execmem execstack execheap }; 1532 allow kernel_t domain:{ sem msgq shm } *; 1533 allow kernel_t domain:msg { send receive }; 1534 allow kernel_t domain:dir { read getattr lock search ioctl }; 1535 allow kernel_t domain:file { read getattr lock ioctl }; 1536 allow kernel_t domain:lnk_file { read getattr lock ioctl }; 1537 dontaudit kernel_t domain:dir { read getattr lock search ioctl }; 1538 dontaudit kernel_t domain:lnk_file { read getattr lock ioctl }; 1539 dontaudit kernel_t domain:file { read getattr lock ioctl }; 1540 dontaudit kernel_t domain:sock_file { read getattr lock ioctl }; 1541 dontaudit kernel_t domain:fifo_file { read getattr lock ioctl }; 1542 allow kernel_t file_type:{ file chr_file } ~execmod; 1543 allow kernel_t file_type:{ dir lnk_file sock_file fifo_file blk_file } *; 1544 allow kernel_t file_type:filesystem *; 1545 allow kernel_t file_type:{ unix_stream_socket unix_dgram_socket } name_bind; 1546 if (allow_execmod) { 1547 allow kernel_t file_type:file execmod; 1548 } 1549 allow kernel_t filesystem_type:filesystem *; 1550 allow kernel_t filesystem_type:{ dir file lnk_file sock_file fifo_file chr_file blk_file } *; 1551 allow kernel_t security_t:dir { getattr search read }; 1552 allow kernel_t security_t:file { getattr read write }; 1553 typeattribute kernel_t can_load_policy, can_setenforce, can_setsecparam; 1554 if(!secure_mode_policyload) { 1555 allow kernel_t security_t:security *; 1556 auditallow kernel_t security_t:security { load_policy setenforce setbool }; 1557 } 1558 if (allow_execheap) { 1559 allow kernel_t self:process execheap; 1560 } 1561 if (allow_execmem) { 1562 allow kernel_t self:process execmem; 1563 } 1564 if (allow_execmem && allow_execstack) { 1565 allow kernel_t self:process execstack; 1566 auditallow kernel_t self:process execstack; 1567 } else { 1568 } 1569 if (allow_execheap) { 1570 auditallow kernel_t self:process execheap; 1571 } 1572 if (allow_execmem) { 1573 auditallow kernel_t self:process execmem; 1574 } 1575 if (read_default_t) { 1576 allow kernel_t default_t:dir { read getattr lock search ioctl }; 1577 allow kernel_t default_t:file { read getattr lock ioctl }; 1578 allow kernel_t default_t:lnk_file { read getattr lock ioctl }; 1579 allow kernel_t default_t:sock_file { read getattr lock ioctl }; 1580 allow kernel_t default_t:fifo_file { read getattr lock ioctl }; 1581 } 1582 allow unlabeled_t self:filesystem associate; 1583 range_transition getty_t login_exec_t s0 - s0:c0.c255; 1584 range_transition init_t xdm_exec_t s0 - s0:c0.c255; 1585 range_transition initrc_t crond_exec_t s0 - s0:c0.c255; 1586 range_transition initrc_t cupsd_exec_t s0 - s0:c0.c255; 1587 range_transition initrc_t sshd_exec_t s0 - s0:c0.c255; 1588 range_transition initrc_t udev_exec_t s0 - s0:c0.c255; 1589 range_transition initrc_t xdm_exec_t s0 - s0:c0.c255; 1590 range_transition kernel_t udev_exec_t s0 - s0:c0.c255; 1591 range_transition unconfined_t su_exec_t s0 - s0:c0.c255; 1592 range_transition unconfined_t initrc_exec_t s0; 1593 typeattribute security_t filesystem_type; 1594 allow security_t self:filesystem associate; 1595 typeattribute security_t mlstrustedobject; 1596 neverallow ~can_load_policy security_t:security load_policy; 1597 neverallow ~can_setenforce security_t:security setenforce; 1598 neverallow ~can_setsecparam security_t:security setsecparam; 1599 typeattribute bsdpty_device_t device_node; 1600 allow bsdpty_device_t fs_t:filesystem associate; 1601 allow bsdpty_device_t tmpfs_t:filesystem associate; 1602 allow bsdpty_device_t tmp_t:filesystem associate; 1603 typeattribute console_device_t device_node; 1604 allow console_device_t fs_t:filesystem associate; 1605 allow console_device_t tmpfs_t:filesystem associate; 1606 allow console_device_t tmp_t:filesystem associate; 1607 allow devpts_t fs_t:filesystem associate; 1608 allow devpts_t noxattrfs:filesystem associate; 1609 typeattribute devpts_t file_type; 1610 typeattribute devpts_t mountpoint; 1611 allow devpts_t tmpfs_t:filesystem associate; 1612 allow devpts_t tmp_t:filesystem associate; 1613 typeattribute devpts_t filesystem_type; 1614 allow devpts_t self:filesystem associate; 1615 typeattribute devpts_t ttynode, ptynode; 1616 typeattribute devtty_t device_node; 1617 allow devtty_t fs_t:filesystem associate; 1618 allow devtty_t tmpfs_t:filesystem associate; 1619 allow devtty_t tmp_t:filesystem associate; 1620 typeattribute devtty_t mlstrustedobject; 1621 typeattribute ptmx_t device_node; 1622 allow ptmx_t fs_t:filesystem associate; 1623 allow ptmx_t tmpfs_t:filesystem associate; 1624 allow ptmx_t tmp_t:filesystem associate; 1625 typeattribute ptmx_t mlstrustedobject; 1626 typeattribute tty_device_t device_node; 1627 allow tty_device_t fs_t:filesystem associate; 1628 allow tty_device_t tmpfs_t:filesystem associate; 1629 allow tty_device_t tmp_t:filesystem associate; 1630 typeattribute tty_device_t ttynode; 1631 typeattribute usbtty_device_t device_node; 1632 allow usbtty_device_t fs_t:filesystem associate; 1633 allow usbtty_device_t tmpfs_t:filesystem associate; 1634 allow usbtty_device_t tmp_t:filesystem associate; 1635 user system_u roles { system_r } level s0 range s0 - s0:c0.c255; 1636 user user_u roles { user_r sysadm_r system_r } level s0 range s0 - s0:c0.c255; 1637 user root roles { user_r sysadm_r system_r } level s0 range s0 - s0:c0.c255; 1638 constrain process transition 1639 ( u1 == u2 1640 or t1 == can_change_process_identity 1641 ); 1642 constrain process transition 1643 ( r1 == r2 1644 or t1 == can_change_process_role 1645 ); 1646 constrain process dyntransition 1647 ( u1 == u2 and r1 == r2 ); 1648 constrain { dir file lnk_file sock_file fifo_file chr_file blk_file } { create relabelto relabelfrom } 1649 ( u1 == u2 or t1 == can_change_object_identity ); 1650 constrain { tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket netlink_kobject_uevent_socket } { create relabelto relabelfrom } 1651 ( u1 == u2 or t1 == can_change_object_identity ); 1652 sid port system_u:object_r:port_t:s0 1653 sid node system_u:object_r:node_t:s0 1654 sid netif system_u:object_r:netif_t:s0 1655 sid devnull system_u:object_r:null_device_t:s0 1656 sid file system_u:object_r:file_t:s0 1657 sid fs system_u:object_r:fs_t:s0 1658 sid kernel system_u:system_r:kernel_t:s0 1659 sid sysctl system_u:object_r:sysctl_t:s0 1660 sid unlabeled system_u:object_r:unlabeled_t:s0 1661 sid any_socket system_u:object_r:unlabeled_t:s0 1662 sid file_labels system_u:object_r:unlabeled_t:s0 1663 sid icmp_socket system_u:object_r:unlabeled_t:s0 1664 sid igmp_packet system_u:object_r:unlabeled_t:s0 1665 sid init system_u:object_r:unlabeled_t:s0 1666 sid kmod system_u:object_r:unlabeled_t:s0 1667 sid netmsg system_u:object_r:unlabeled_t:s0 1668 sid policy system_u:object_r:unlabeled_t:s0 1669 sid scmp_packet system_u:object_r:unlabeled_t:s0 1670 sid sysctl_modprobe system_u:object_r:unlabeled_t:s0 1671 sid sysctl_fs system_u:object_r:unlabeled_t:s0 1672 sid sysctl_kernel system_u:object_r:unlabeled_t:s0 1673 sid sysctl_net system_u:object_r:unlabeled_t:s0 1674 sid sysctl_net_unix system_u:object_r:unlabeled_t:s0 1675 sid sysctl_vm system_u:object_r:unlabeled_t:s0 1676 sid sysctl_dev system_u:object_r:unlabeled_t:s0 1677 sid tcp_socket system_u:object_r:unlabeled_t:s0 1678 sid security system_u:object_r:security_t:s0 1679 fs_use_xattr ext2 system_u:object_r:fs_t:s0; 1680 fs_use_xattr ext3 system_u:object_r:fs_t:s0; 1681 fs_use_xattr gfs system_u:object_r:fs_t:s0; 1682 fs_use_xattr jfs system_u:object_r:fs_t:s0; 1683 fs_use_xattr reiserfs system_u:object_r:fs_t:s0; 1684 fs_use_xattr xfs system_u:object_r:fs_t:s0; 1685 fs_use_task pipefs system_u:object_r:fs_t:s0; 1686 fs_use_task sockfs system_u:object_r:fs_t:s0; 1687 fs_use_trans mqueue system_u:object_r:tmpfs_t:s0; 1688 fs_use_trans shm system_u:object_r:tmpfs_t:s0; 1689 fs_use_trans tmpfs system_u:object_r:tmpfs_t:s0; 1690 fs_use_trans devpts system_u:object_r:devpts_t:s0; 1691 genfscon proc /mtrr system_u:object_r:mtrr_device_t:s0 1692 genfscon sysfs / system_u:object_r:sysfs_t:s0 1693 genfscon usbfs / system_u:object_r:usbfs_t:s0 1694 genfscon usbdevfs / system_u:object_r:usbfs_t:s0 1695 genfscon rootfs / system_u:object_r:root_t:s0 1696 genfscon bdev / system_u:object_r:bdev_t:s0 1697 genfscon binfmt_misc / system_u:object_r:binfmt_misc_fs_t:s0 1698 genfscon capifs / system_u:object_r:capifs_t:s0 1699 genfscon configfs / system_u:object_r:configfs_t:s0 1700 genfscon eventpollfs / system_u:object_r:eventpollfs_t:s0 1701 genfscon futexfs / system_u:object_r:futexfs_t:s0 1702 genfscon hugetlbfs / system_u:object_r:hugetlbfs_t:s0 1703 genfscon inotifyfs / system_u:object_r:inotifyfs_t:s0 1704 genfscon nfsd / system_u:object_r:nfsd_fs_t:s0 1705 genfscon ramfs / system_u:object_r:ramfs_t:s0 1706 genfscon romfs / system_u:object_r:romfs_t:s0 1707 genfscon cramfs / system_u:object_r:romfs_t:s0 1708 genfscon rpc_pipefs / system_u:object_r:rpc_pipefs_t:s0 1709 genfscon autofs / system_u:object_r:autofs_t:s0 1710 genfscon automount / system_u:object_r:autofs_t:s0 1711 genfscon cifs / system_u:object_r:cifs_t:s0 1712 genfscon smbfs / system_u:object_r:cifs_t:s0 1713 genfscon fat / system_u:object_r:dosfs_t:s0 1714 genfscon msdos / system_u:object_r:dosfs_t:s0 1715 genfscon ntfs / system_u:object_r:dosfs_t:s0 1716 genfscon vfat / system_u:object_r:dosfs_t:s0 1717 genfscon iso9660 / system_u:object_r:iso9660_t:s0 1718 genfscon udf / system_u:object_r:iso9660_t:s0 1719 genfscon nfs / system_u:object_r:nfs_t:s0 1720 genfscon nfs4 / system_u:object_r:nfs_t:s0 1721 genfscon afs / system_u:object_r:nfs_t:s0 1722 genfscon hfsplus / system_u:object_r:nfs_t:s0 1723 genfscon debugfs / system_u:object_r:debugfs_t:s0 1724 genfscon proc / system_u:object_r:proc_t:s0 1725 genfscon proc /sysvipc system_u:object_r:proc_t:s0 1726 genfscon proc /kmsg system_u:object_r:proc_kmsg_t:s0 1727 genfscon proc /kcore system_u:object_r:proc_kcore_t:s0 1728 genfscon proc /mdstat system_u:object_r:proc_mdstat_t:s0 1729 genfscon proc /net system_u:object_r:proc_net_t:s0 1730 genfscon proc /xen system_u:object_r:proc_xen_t:s0 1731 genfscon proc /sys system_u:object_r:sysctl_t:s0 1732 genfscon proc /irq system_u:object_r:sysctl_irq_t:s0 1733 genfscon proc /net/rpc system_u:object_r:sysctl_rpc_t:s0 1734 genfscon proc /sys/fs system_u:object_r:sysctl_fs_t:s0 1735 genfscon proc /sys/kernel system_u:object_r:sysctl_kernel_t:s0 1736 genfscon proc /sys/kernel/modprobe system_u:object_r:sysctl_modprobe_t:s0 1737 genfscon proc /sys/kernel/hotplug system_u:object_r:sysctl_hotplug_t:s0 1738 genfscon proc /sys/net system_u:object_r:sysctl_net_t:s0 1739 genfscon proc /sys/net/unix system_u:object_r:sysctl_net_unix_t:s0 1740 genfscon proc /sys/vm system_u:object_r:sysctl_vm_t:s0 1741 genfscon proc /sys/dev system_u:object_r:sysctl_dev_t:s0 1742 genfscon selinuxfs / system_u:object_r:security_t:s0 1743 portcon udp 7007 system_u:object_r:afs_bos_port_t:s0 1744 portcon tcp 2040 system_u:object_r:afs_fs_port_t:s0 1745 portcon udp 7000 system_u:object_r:afs_fs_port_t:s0 1746 portcon udp 7005 system_u:object_r:afs_fs_port_t:s0 1747 portcon udp 7004 system_u:object_r:afs_ka_port_t:s0 1748 portcon udp 7002 system_u:object_r:afs_pt_port_t:s0 1749 portcon udp 7003 system_u:object_r:afs_vl_port_t:s0 1750 portcon udp 10080 system_u:object_r:amanda_port_t:s0 1751 portcon tcp 10080 system_u:object_r:amanda_port_t:s0 1752 portcon udp 10081 system_u:object_r:amanda_port_t:s0 1753 portcon tcp 10081 system_u:object_r:amanda_port_t:s0 1754 portcon tcp 10082 system_u:object_r:amanda_port_t:s0 1755 portcon tcp 10083 system_u:object_r:amanda_port_t:s0 1756 portcon tcp 10024 system_u:object_r:amavisd_recv_port_t:s0 1757 portcon tcp 10025 system_u:object_r:amavisd_send_port_t:s0 1758 portcon tcp 1720 system_u:object_r:asterisk_port_t:s0 1759 portcon udp 2427 system_u:object_r:asterisk_port_t:s0 1760 portcon udp 2727 system_u:object_r:asterisk_port_t:s0 1761 portcon udp 4569 system_u:object_r:asterisk_port_t:s0 1762 portcon udp 5060 system_u:object_r:asterisk_port_t:s0 1763 portcon tcp 113 system_u:object_r:auth_port_t:s0 1764 portcon tcp 179 system_u:object_r:bgp_port_t:s0 1765 portcon udp 179 system_u:object_r:bgp_port_t:s0 1766 portcon tcp 3310 system_u:object_r:clamd_port_t:s0 1767 portcon udp 4041 system_u:object_r:clockspeed_port_t:s0 1768 portcon udp 512 system_u:object_r:comsat_port_t:s0 1769 portcon tcp 2401 system_u:object_r:cvs_port_t:s0 1770 portcon udp 2401 system_u:object_r:cvs_port_t:s0 1771 portcon udp 6276 system_u:object_r:dcc_port_t:s0 1772 portcon udp 6277 system_u:object_r:dcc_port_t:s0 1773 portcon tcp 1178 system_u:object_r:dbskkd_port_t:s0 1774 portcon udp 68 system_u:object_r:dhcpc_port_t:s0 1775 portcon udp 67 system_u:object_r:dhcpd_port_t:s0 1776 portcon tcp 647 system_u:object_r:dhcpd_port_t:s0 1777 portcon udp 647 system_u:object_r:dhcpd_port_t:s0 1778 portcon tcp 847 system_u:object_r:dhcpd_port_t:s0 1779 portcon udp 847 system_u:object_r:dhcpd_port_t:s0 1780 portcon tcp 2628 system_u:object_r:dict_port_t:s0 1781 portcon tcp 3632 system_u:object_r:distccd_port_t:s0 1782 portcon udp 53 system_u:object_r:dns_port_t:s0 1783 portcon tcp 53 system_u:object_r:dns_port_t:s0 1784 portcon tcp 79 system_u:object_r:fingerd_port_t:s0 1785 portcon tcp 20 system_u:object_r:ftp_data_port_t:s0 1786 portcon tcp 21 system_u:object_r:ftp_port_t:s0 1787 portcon udp 1718 system_u:object_r:gatekeeper_port_t:s0 1788 portcon udp 1719 system_u:object_r:gatekeeper_port_t:s0 1789 portcon tcp 1721 system_u:object_r:gatekeeper_port_t:s0 1790 portcon tcp 7000 system_u:object_r:gatekeeper_port_t:s0 1791 portcon tcp 1213 system_u:object_r:giftd_port_t:s0 1792 portcon tcp 70 system_u:object_r:gopher_port_t:s0 1793 portcon udp 70 system_u:object_r:gopher_port_t:s0 1794 portcon tcp 3128 system_u:object_r:http_cache_port_t:s0 1795 portcon udp 3130 system_u:object_r:http_cache_port_t:s0 1796 portcon tcp 8080 system_u:object_r:http_cache_port_t:s0 1797 portcon tcp 8118 system_u:object_r:http_cache_port_t:s0 1798 portcon tcp 80 system_u:object_r:http_port_t:s0 1799 portcon tcp 443 system_u:object_r:http_port_t:s0 1800 portcon tcp 488 system_u:object_r:http_port_t:s0 1801 portcon tcp 8008 system_u:object_r:http_port_t:s0 1802 portcon tcp 9050 system_u:object_r:http_port_t:s0 1803 portcon tcp 5335 system_u:object_r:howl_port_t:s0 1804 portcon udp 5353 system_u:object_r:howl_port_t:s0 1805 portcon tcp 50000 system_u:object_r:hplip_port_t:s0 1806 portcon tcp 50002 system_u:object_r:hplip_port_t:s0 1807 portcon tcp 9010 system_u:object_r:i18n_input_port_t:s0 1808 portcon tcp 5323 system_u:object_r:imaze_port_t:s0 1809 portcon udp 5323 system_u:object_r:imaze_port_t:s0 1810 portcon tcp 7 system_u:object_r:inetd_child_port_t:s0 1811 portcon udp 7 system_u:object_r:inetd_child_port_t:s0 1812 portcon tcp 9 system_u:object_r:inetd_child_port_t:s0 1813 portcon udp 9 system_u:object_r:inetd_child_port_t:s0 1814 portcon tcp 13 system_u:object_r:inetd_child_port_t:s0 1815 portcon udp 13 system_u:object_r:inetd_child_port_t:s0 1816 portcon tcp 19 system_u:object_r:inetd_child_port_t:s0 1817 portcon udp 19 system_u:object_r:inetd_child_port_t:s0 1818 portcon tcp 37 system_u:object_r:inetd_child_port_t:s0 1819 portcon udp 37 system_u:object_r:inetd_child_port_t:s0 1820 portcon tcp 512 system_u:object_r:inetd_child_port_t:s0 1821 portcon tcp 543 system_u:object_r:inetd_child_port_t:s0 1822 portcon tcp 544 system_u:object_r:inetd_child_port_t:s0 1823 portcon tcp 891 system_u:object_r:inetd_child_port_t:s0 1824 portcon udp 891 system_u:object_r:inetd_child_port_t:s0 1825 portcon tcp 892 system_u:object_r:inetd_child_port_t:s0 1826 portcon udp 892 system_u:object_r:inetd_child_port_t:s0 1827 portcon tcp 2105 system_u:object_r:inetd_child_port_t:s0 1828 portcon tcp 5666 system_u:object_r:inetd_child_port_t:s0 1829 portcon tcp 119 system_u:object_r:innd_port_t:s0 1830 portcon tcp 631 system_u:object_r:ipp_port_t:s0 1831 portcon udp 631 system_u:object_r:ipp_port_t:s0 1832 portcon tcp 6667 system_u:object_r:ircd_port_t:s0 1833 portcon udp 500 system_u:object_r:isakmp_port_t:s0 1834 portcon tcp 5222 system_u:object_r:jabber_client_port_t:s0 1835 portcon tcp 5223 system_u:object_r:jabber_client_port_t:s0 1836 portcon tcp 5269 system_u:object_r:jabber_interserver_port_t:s0 1837 portcon tcp 464 system_u:object_r:kerberos_admin_port_t:s0 1838 portcon udp 464 system_u:object_r:kerberos_admin_port_t:s0 1839 portcon tcp 749 system_u:object_r:kerberos_admin_port_t:s0 1840 portcon tcp 4444 system_u:object_r:kerberos_master_port_t:s0 1841 portcon udp 4444 system_u:object_r:kerberos_master_port_t:s0 1842 portcon tcp 88 system_u:object_r:kerberos_port_t:s0 1843 portcon udp 88 system_u:object_r:kerberos_port_t:s0 1844 portcon tcp 750 system_u:object_r:kerberos_port_t:s0 1845 portcon udp 750 system_u:object_r:kerberos_port_t:s0 1846 portcon udp 517 system_u:object_r:ktalkd_port_t:s0 1847 portcon udp 518 system_u:object_r:ktalkd_port_t:s0 1848 portcon tcp 389 system_u:object_r:ldap_port_t:s0 1849 portcon udp 389 system_u:object_r:ldap_port_t:s0 1850 portcon tcp 636 system_u:object_r:ldap_port_t:s0 1851 portcon udp 636 system_u:object_r:ldap_port_t:s0 1852 portcon tcp 2000 system_u:object_r:mail_port_t:s0 1853 portcon tcp 1234 system_u:object_r:monopd_port_t:s0 1854 portcon tcp 3306 system_u:object_r:mysqld_port_t:s0 1855 portcon tcp 1241 system_u:object_r:nessus_port_t:s0 1856 portcon udp 137 system_u:object_r:nmbd_port_t:s0 1857 portcon udp 138 system_u:object_r:nmbd_port_t:s0 1858 portcon udp 139 system_u:object_r:nmbd_port_t:s0 1859 portcon udp 123 system_u:object_r:ntp_port_t:s0 1860 portcon udp 5000 system_u:object_r:openvpn_port_t:s0 1861 portcon tcp 5988 system_u:object_r:pegasus_http_port_t:s0 1862 portcon tcp 5989 system_u:object_r:pegasus_https_port_t:s0 1863 portcon tcp 106 system_u:object_r:pop_port_t:s0 1864 portcon tcp 109 system_u:object_r:pop_port_t:s0 1865 portcon tcp 110 system_u:object_r:pop_port_t:s0 1866 portcon tcp 143 system_u:object_r:pop_port_t:s0 1867 portcon tcp 220 system_u:object_r:pop_port_t:s0 1868 portcon tcp 993 system_u:object_r:pop_port_t:s0 1869 portcon tcp 995 system_u:object_r:pop_port_t:s0 1870 portcon tcp 1109 system_u:object_r:pop_port_t:s0 1871 portcon udp 111 system_u:object_r:portmap_port_t:s0 1872 portcon tcp 111 system_u:object_r:portmap_port_t:s0 1873 portcon tcp 5432 system_u:object_r:postgresql_port_t:s0 1874 portcon tcp 60000 system_u:object_r:postgrey_port_t:s0 1875 portcon tcp 515 system_u:object_r:printer_port_t:s0 1876 portcon tcp 5703 system_u:object_r:ptal_port_t:s0 1877 portcon udp 4011 system_u:object_r:pxe_port_t:s0 1878 portcon udp 24441 system_u:object_r:pyzor_port_t:s0 1879 portcon udp 1646 system_u:object_r:radacct_port_t:s0 1880 portcon udp 1813 system_u:object_r:radacct_port_t:s0 1881 portcon udp 1645 system_u:object_r:radius_port_t:s0 1882 portcon udp 1812 system_u:object_r:radius_port_t:s0 1883 portcon tcp 2703 system_u:object_r:razor_port_t:s0 1884 portcon tcp 513 system_u:object_r:rlogind_port_t:s0 1885 portcon tcp 953 system_u:object_r:rndc_port_t:s0 1886 portcon udp 520 system_u:object_r:router_port_t:s0 1887 portcon tcp 514 system_u:object_r:rsh_port_t:s0 1888 portcon tcp 873 system_u:object_r:rsync_port_t:s0 1889 portcon udp 873 system_u:object_r:rsync_port_t:s0 1890 portcon tcp 137-139 system_u:object_r:smbd_port_t:s0 1891 portcon tcp 445 system_u:object_r:smbd_port_t:s0 1892 portcon tcp 25 system_u:object_r:smtp_port_t:s0 1893 portcon tcp 465 system_u:object_r:smtp_port_t:s0 1894 portcon tcp 587 system_u:object_r:smtp_port_t:s0 1895 portcon udp 161 system_u:object_r:snmp_port_t:s0 1896 portcon udp 162 system_u:object_r:snmp_port_t:s0 1897 portcon tcp 199 system_u:object_r:snmp_port_t:s0 1898 portcon tcp 783 system_u:object_r:spamd_port_t:s0 1899 portcon tcp 22 system_u:object_r:ssh_port_t:s0 1900 portcon tcp 8000 system_u:object_r:soundd_port_t:s0 1901 portcon tcp 9433 system_u:object_r:soundd_port_t:s0 1902 portcon tcp 901 system_u:object_r:swat_port_t:s0 1903 portcon udp 514 system_u:object_r:syslogd_port_t:s0 1904 portcon tcp 23 system_u:object_r:telnetd_port_t:s0 1905 portcon udp 69 system_u:object_r:tftp_port_t:s0 1906 portcon tcp 8081 system_u:object_r:transproxy_port_t:s0 1907 portcon tcp 540 system_u:object_r:uucpd_port_t:s0 1908 portcon tcp 5900 system_u:object_r:vnc_port_t:s0 1909 portcon tcp 6001 system_u:object_r:xserver_port_t:s0 1910 portcon tcp 6002 system_u:object_r:xserver_port_t:s0 1911 portcon tcp 6003 system_u:object_r:xserver_port_t:s0 1912 portcon tcp 6004 system_u:object_r:xserver_port_t:s0 1913 portcon tcp 6005 system_u:object_r:xserver_port_t:s0 1914 portcon tcp 6006 system_u:object_r:xserver_port_t:s0 1915 portcon tcp 6007 system_u:object_r:xserver_port_t:s0 1916 portcon tcp 6008 system_u:object_r:xserver_port_t:s0 1917 portcon tcp 6009 system_u:object_r:xserver_port_t:s0 1918 portcon tcp 6010 system_u:object_r:xserver_port_t:s0 1919 portcon tcp 6011 system_u:object_r:xserver_port_t:s0 1920 portcon tcp 6012 system_u:object_r:xserver_port_t:s0 1921 portcon tcp 6013 system_u:object_r:xserver_port_t:s0 1922 portcon tcp 6014 system_u:object_r:xserver_port_t:s0 1923 portcon tcp 6015 system_u:object_r:xserver_port_t:s0 1924 portcon tcp 6016 system_u:object_r:xserver_port_t:s0 1925 portcon tcp 6017 system_u:object_r:xserver_port_t:s0 1926 portcon tcp 6018 system_u:object_r:xserver_port_t:s0 1927 portcon tcp 6019 system_u:object_r:xserver_port_t:s0 1928 portcon tcp 8002 system_u:object_r:xen_port_t:s0 1929 portcon tcp 2601 system_u:object_r:zebra_port_t:s0 1930 portcon tcp 8021 system_u:object_r:zope_port_t:s0 1931 portcon tcp 1-1023 system_u:object_r:reserved_port_t:s0 1932 portcon udp 1-1023 system_u:object_r:reserved_port_t:s0 1933 nodecon :: ffff:ffff:ffff:ffff:ffff:ffff:: system_u:object_r:compat_ipv4_node_t:s0 1934 nodecon 0.0.0.0 255.255.255.255 system_u:object_r:inaddr_any_node_t:s0 1935 nodecon fe80:: ffff:ffff:ffff:ffff:: system_u:object_r:link_local_node_t:s0 1936 nodecon 127.0.0.1 255.255.255.255 system_u:object_r:lo_node_t:s0 1937 nodecon ::ffff:0000:0000 ffff:ffff:ffff:ffff:ffff:ffff:: system_u:object_r:mapped_ipv4_node_t:s0 1938 nodecon ff00:: ff00:: system_u:object_r:multicast_node_t:s0 1939 nodecon fec0:: ffc0:: system_u:object_r:site_local_node_t:s0 1940 nodecon :: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff system_u:object_r:unspec_node_t:s0 1941
