mirror/ udica
1
1
Fork 0
mirror of https://github.com/containers/udica synced 2024-05-25 01:56:14 +02:00
Code Issues

tests: Remove duplicate rules from test cil files 

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
This commit is contained in:
Vit Mojzis 2022-06-21 19:57:07 +02:00
parent 7c7b9ad505
commit d6e5a0d99a
14 changed files with 956 additions and 1514 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

612
tests/test_basic.cri.cil
View File

@ -2,6 +2,242 @@
(blockinherit container)
(blockinherit net_container)
(blockinherit home_container)
(allow process abrt_retrace_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_retrace_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_retrace_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_retrace_spool_t ( sock_file ( append getattr open read write )))
(allow process abrt_var_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_var_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_var_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_var_cache_t ( sock_file ( append getattr open read write )))
(allow process antivirus_db_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process antivirus_db_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process antivirus_db_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process antivirus_db_t ( sock_file ( append getattr open read write )))
(allow process asterisk_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process asterisk_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process asterisk_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process asterisk_spool_t ( sock_file ( append getattr open read write )))
(allow process audit_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process audit_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process audit_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process audit_spool_t ( sock_file ( append getattr open read write )))
(allow process bacula_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process bacula_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process bacula_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process bacula_spool_t ( sock_file ( append getattr open read write )))
(allow process callweaver_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process callweaver_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process callweaver_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process callweaver_spool_t ( sock_file ( append getattr open read write )))
(allow process courier_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process courier_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process courier_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process courier_spool_t ( sock_file ( append getattr open read write )))
(allow process cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process cron_spool_t ( sock_file ( append getattr open read write )))
(allow process ctdbd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process ctdbd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process ctdbd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process ctdbd_spool_t ( sock_file ( append getattr open read write )))
(allow process device_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process device_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process device_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process device_t ( sock_file ( append getattr open read write )))
(allow process devlog_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process devlog_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process devlog_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process devlog_t ( sock_file ( append getattr open read write )))
(allow process dkim_milter_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process dkim_milter_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process dkim_milter_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process dkim_milter_data_t ( sock_file ( append getattr open read write )))
(allow process dovecot_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process dovecot_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process dovecot_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process dovecot_spool_t ( sock_file ( append getattr open read write )))
(allow process etc_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process etc_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process etc_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process etc_t ( sock_file ( append getattr open read write )))
(allow process exim_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process exim_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process exim_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process exim_spool_t ( sock_file ( append getattr open read write )))
(allow process getty_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process getty_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process getty_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process getty_var_run_t ( sock_file ( append getattr open read write )))
(allow process httpd_sys_rw_content_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process httpd_sys_rw_content_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process httpd_sys_rw_content_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process httpd_sys_rw_content_t ( sock_file ( append getattr open read write )))
(allow process ld_so_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process ld_so_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process ld_so_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process ld_so_t ( sock_file ( append getattr open read write )))
(allow process lib_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process lib_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process lib_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process lib_t ( sock_file ( append getattr open read write )))
(allow process locale_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process locale_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process locale_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process locale_t ( sock_file ( append getattr open read write )))
(allow process lpd_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process lpd_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process lpd_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process lpd_var_run_t ( sock_file ( append getattr open read write )))
(allow process mail_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mail_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mail_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mail_spool_t ( sock_file ( append getattr open read write )))
(allow process mailman_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mailman_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mailman_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mailman_data_t ( sock_file ( append getattr open read write )))
(allow process mqueue_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mqueue_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mqueue_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mqueue_spool_t ( sock_file ( append getattr open read write )))
(allow process mscan_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mscan_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mscan_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mscan_spool_t ( sock_file ( append getattr open read write )))
(allow process nagios_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process nagios_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process nagios_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process nagios_spool_t ( sock_file ( append getattr open read write )))
(allow process news_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process news_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process news_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process news_spool_t ( sock_file ( append getattr open read write )))
(allow process plymouthd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process plymouthd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process plymouthd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process plymouthd_spool_t ( sock_file ( append getattr open read write )))
(allow process plymouthd_var_log_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process plymouthd_var_log_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process plymouthd_var_log_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process plymouthd_var_log_t ( sock_file ( append getattr open read write )))
(allow process postfix_private_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_private_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_private_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_private_t ( sock_file ( append getattr open read write )))
(allow process postfix_public_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_public_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_public_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_public_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_bounce_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_bounce_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_bounce_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_bounce_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_t ( sock_file ( append getattr open read write )))
(allow process postfix_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_var_run_t ( sock_file ( append getattr open read write )))
(allow process postgrey_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postgrey_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postgrey_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postgrey_spool_t ( sock_file ( append getattr open read write )))
(allow process prelude_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process prelude_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process prelude_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process prelude_spool_t ( sock_file ( append getattr open read write )))
(allow process print_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process print_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process print_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process print_spool_t ( sock_file ( append getattr open read write )))
(allow process public_content_rw_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process public_content_rw_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process public_content_rw_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process public_content_rw_t ( sock_file ( append getattr open read write )))
(allow process pyicqt_var_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process pyicqt_var_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process pyicqt_var_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process pyicqt_var_spool_t ( sock_file ( append getattr open read write )))
(allow process quota_db_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process quota_db_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process quota_db_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process quota_db_t ( sock_file ( append getattr open read write )))
(allow process regex_milter_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process regex_milter_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process regex_milter_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process regex_milter_data_t ( sock_file ( append getattr open read write )))
(allow process rpm_var_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process rpm_var_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process rpm_var_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process rpm_var_cache_t ( sock_file ( append getattr open read write )))
(allow process rwho_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process rwho_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process rwho_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process rwho_spool_t ( sock_file ( append getattr open read write )))
(allow process samba_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process samba_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process samba_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process samba_spool_t ( sock_file ( append getattr open read write )))
(allow process sge_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process sge_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process sge_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process sge_spool_t ( sock_file ( append getattr open read write )))
(allow process smsd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process smsd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process smsd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process smsd_spool_t ( sock_file ( append getattr open read write )))
(allow process snmpd_var_lib_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process snmpd_var_lib_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process snmpd_var_lib_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process snmpd_var_lib_t ( sock_file ( append getattr open read write )))
(allow process spamass_milter_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamass_milter_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamass_milter_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamass_milter_data_t ( sock_file ( append getattr open read write )))
(allow process spamd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamd_spool_t ( sock_file ( append getattr open read write )))
(allow process spamd_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamd_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamd_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamd_var_run_t ( sock_file ( append getattr open read write )))
(allow process squid_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process squid_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process squid_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process squid_cache_t ( sock_file ( append getattr open read write )))
(allow process squirrelmail_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process squirrelmail_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process squirrelmail_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process squirrelmail_spool_t ( sock_file ( append getattr open read write )))
(allow process system_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process system_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process system_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process system_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process tetex_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process tetex_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process tetex_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process tetex_data_t ( sock_file ( append getattr open read write )))
(allow process user_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process user_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process user_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process user_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process uucpd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process uucpd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process uucpd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process uucpd_spool_t ( sock_file ( append getattr open read write )))
(allow process var_log_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process var_log_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process var_log_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process var_log_t ( sock_file ( append getattr open read write )))
(allow process var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process var_run_t ( sock_file ( append getattr open read write )))
(allow process var_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process var_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process var_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
@ -10,384 +246,8 @@
(allow process xdm_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process xdm_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process xdm_spool_t ( sock_file ( append getattr open read write )))
(allow process mqueue_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mqueue_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mqueue_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mqueue_spool_t ( sock_file ( append getattr open read write )))
(allow process quota_db_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process quota_db_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process quota_db_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process quota_db_t ( sock_file ( append getattr open read write )))
(allow process user_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process user_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process user_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process user_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process abrt_retrace_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_retrace_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_retrace_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_retrace_spool_t ( sock_file ( append getattr open read write )))
(allow process getty_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process getty_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process getty_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process getty_var_run_t ( sock_file ( append getattr open read write )))
(allow process print_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process print_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process print_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process print_spool_t ( sock_file ( append getattr open read write )))
(allow process smsd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process smsd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process smsd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process smsd_spool_t ( sock_file ( append getattr open read write )))
(allow process abrt_var_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_var_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_var_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_var_cache_t ( sock_file ( append getattr open read write )))
(allow process ctdbd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process ctdbd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process ctdbd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process ctdbd_spool_t ( sock_file ( append getattr open read write )))
(allow process print_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process print_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process print_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process print_spool_t ( sock_file ( append getattr open read write )))
(allow process httpd_sys_rw_content_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process httpd_sys_rw_content_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process httpd_sys_rw_content_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process httpd_sys_rw_content_t ( sock_file ( append getattr open read write )))
(allow process mail_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mail_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mail_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mail_spool_t ( sock_file ( append getattr open read write )))
(allow process mail_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mail_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mail_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mail_spool_t ( sock_file ( append getattr open read write )))
(allow process news_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process news_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process news_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process news_spool_t ( sock_file ( append getattr open read write )))
(allow process rwho_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process rwho_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process rwho_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process rwho_spool_t ( sock_file ( append getattr open read write )))
(allow process uucpd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process uucpd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process uucpd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process uucpd_spool_t ( sock_file ( append getattr open read write )))
(allow process exim_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process exim_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process exim_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process exim_spool_t ( sock_file ( append getattr open read write )))
(allow process audit_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process audit_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process audit_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process audit_spool_t ( sock_file ( append getattr open read write )))
(allow process abrt_var_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_var_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_var_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_var_cache_t ( sock_file ( append getattr open read write )))
(allow process samba_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process samba_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process samba_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process samba_spool_t ( sock_file ( append getattr open read write )))
(allow process mail_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mail_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mail_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mail_spool_t ( sock_file ( append getattr open read write )))
(allow process spamd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamd_spool_t ( sock_file ( append getattr open read write )))
(allow process squid_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process squid_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process squid_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process squid_cache_t ( sock_file ( append getattr open read write )))
(allow process tetex_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process tetex_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process tetex_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process tetex_data_t ( sock_file ( append getattr open read write )))
(allow process getty_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process getty_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process getty_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process getty_var_run_t ( sock_file ( append getattr open read write )))
(allow process bacula_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process bacula_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process bacula_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process bacula_spool_t ( sock_file ( append getattr open read write )))
(allow process nagios_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process nagios_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process nagios_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process nagios_spool_t ( sock_file ( append getattr open read write )))
(allow process nagios_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process nagios_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process nagios_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process nagios_spool_t ( sock_file ( append getattr open read write )))
(allow process snmpd_var_lib_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process snmpd_var_lib_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process snmpd_var_lib_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process snmpd_var_lib_t ( sock_file ( append getattr open read write )))
(allow process spamd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamd_spool_t ( sock_file ( append getattr open read write )))
(allow process httpd_sys_rw_content_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process httpd_sys_rw_content_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process httpd_sys_rw_content_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process httpd_sys_rw_content_t ( sock_file ( append getattr open read write )))
(allow process quota_db_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process quota_db_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process quota_db_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process quota_db_t ( sock_file ( append getattr open read write )))
(allow process mailman_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mailman_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mailman_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mailman_data_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_t ( sock_file ( append getattr open read write )))
(allow process antivirus_db_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process antivirus_db_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process antivirus_db_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process antivirus_db_t ( sock_file ( append getattr open read write )))
(allow process system_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process system_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process system_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process system_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process courier_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process courier_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process courier_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process courier_spool_t ( sock_file ( append getattr open read write )))
(allow process dovecot_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process dovecot_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process dovecot_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process dovecot_spool_t ( sock_file ( append getattr open read write )))
(allow process prelude_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process prelude_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process prelude_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process prelude_spool_t ( sock_file ( append getattr open read write )))
(allow process pyicqt_var_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process pyicqt_var_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process pyicqt_var_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process pyicqt_var_spool_t ( sock_file ( append getattr open read write )))
(allow process var_log_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process var_log_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process var_log_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process var_log_t ( sock_file ( append getattr open read write )))
(allow process rpm_var_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process rpm_var_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process rpm_var_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process rpm_var_cache_t ( sock_file ( append getattr open read write )))
(allow process asterisk_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process asterisk_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process asterisk_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process asterisk_spool_t ( sock_file ( append getattr open read write )))
(allow process print_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process print_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process print_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process print_spool_t ( sock_file ( append getattr open read write )))
(allow process dkim_milter_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process dkim_milter_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process dkim_milter_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process dkim_milter_data_t ( sock_file ( append getattr open read write )))
(allow process plymouthd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process plymouthd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process plymouthd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process plymouthd_spool_t ( sock_file ( append getattr open read write )))
(allow process mqueue_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mqueue_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mqueue_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mqueue_spool_t ( sock_file ( append getattr open read write )))
(allow process dkim_milter_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process dkim_milter_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process dkim_milter_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process dkim_milter_data_t ( sock_file ( append getattr open read write )))
(allow process spamd_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamd_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamd_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamd_var_run_t ( sock_file ( append getattr open read write )))
(allow process courier_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process courier_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process courier_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process courier_spool_t ( sock_file ( append getattr open read write )))
(allow process var_log_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process var_log_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process var_log_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process var_log_t ( sock_file ( append getattr open read write )))
(allow process callweaver_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process callweaver_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process callweaver_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process callweaver_spool_t ( sock_file ( append getattr open read write )))
(allow process sge_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process sge_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process sge_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process sge_spool_t ( sock_file ( append getattr open read write )))
(allow process abrt_var_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_var_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_var_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_var_cache_t ( sock_file ( append getattr open read write )))
(allow process lpd_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process lpd_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process lpd_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process lpd_var_run_t ( sock_file ( append getattr open read write )))
(allow process uucpd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process uucpd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process uucpd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process uucpd_spool_t ( sock_file ( append getattr open read write )))
(allow process mscan_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mscan_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mscan_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mscan_spool_t ( sock_file ( append getattr open read write )))
(allow process public_content_rw_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process public_content_rw_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process public_content_rw_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process public_content_rw_t ( sock_file ( append getattr open read write )))
(allow process etc_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process etc_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process etc_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process etc_t ( sock_file ( append getattr open read write )))
(allow process lib_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process lib_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process lib_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process lib_t ( sock_file ( append getattr open read write )))
(allow process lib_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process lib_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process lib_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process lib_t ( sock_file ( append getattr open read write )))
(allow process postfix_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_var_run_t ( sock_file ( append getattr open read write )))
(allow process abrt_retrace_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_retrace_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_retrace_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_retrace_spool_t ( sock_file ( append getattr open read write )))
(allow process regex_milter_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process regex_milter_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process regex_milter_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process regex_milter_data_t ( sock_file ( append getattr open read write )))
(allow process spamd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamd_spool_t ( sock_file ( append getattr open read write )))
(allow process squirrelmail_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process squirrelmail_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process squirrelmail_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process squirrelmail_spool_t ( sock_file ( append getattr open read write )))
(allow process spamd_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamd_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamd_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamd_var_run_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_t ( sock_file ( append getattr open read write )))
(allow process lib_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process lib_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process lib_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process lib_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_bounce_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_bounce_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_bounce_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_bounce_t ( sock_file ( append getattr open read write )))
(allow process postfix_public_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_public_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_public_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_public_t ( sock_file ( append getattr open read write )))
(allow process abrt_retrace_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_retrace_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_retrace_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_retrace_spool_t ( sock_file ( append getattr open read write )))
(allow process ld_so_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process ld_so_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process ld_so_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process ld_so_t ( sock_file ( append getattr open read write )))
(allow process postfix_private_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_private_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_private_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_private_t ( sock_file ( append getattr open read write )))
(allow process spamass_milter_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamass_milter_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamass_milter_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamass_milter_data_t ( sock_file ( append getattr open read write )))
(allow process prelude_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process prelude_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process prelude_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process prelude_spool_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_t ( sock_file ( append getattr open read write )))
(allow process postgrey_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postgrey_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postgrey_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postgrey_spool_t ( sock_file ( append getattr open read write )))
(allow process plymouthd_var_log_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process plymouthd_var_log_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process plymouthd_var_log_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process plymouthd_var_log_t ( sock_file ( append getattr open read write )))
(allow process zoneminder_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process zoneminder_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process zoneminder_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process zoneminder_spool_t ( sock_file ( append getattr open read write )))
(allow process user_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process user_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process user_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process user_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process cron_spool_t ( sock_file ( append getattr open read write )))
(allow process device_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process device_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process device_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process device_t ( sock_file ( append getattr open read write )))
(allow process var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process var_run_t ( sock_file ( append getattr open read write )))
(allow process system_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process system_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process system_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process system_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process cron_spool_t ( sock_file ( append getattr open read write )))
(allow process devlog_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process devlog_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process devlog_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process devlog_t ( sock_file ( append getattr open read write )))
(allow process system_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process system_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process system_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process system_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process system_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process system_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process system_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process system_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process locale_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process locale_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process locale_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process locale_t ( sock_file ( append getattr open read write )))
(allow process user_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process user_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process user_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process user_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process user_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process user_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process user_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process user_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process var_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process var_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process var_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process var_spool_t ( sock_file ( append getattr open read write )))
)

612
tests/test_basic.docker.cil
View File

@ -3,6 +3,242 @@
(blockinherit restricted_net_container)
(allow process ftp_port_t ( tcp_socket ( name_bind )))
(blockinherit home_container)
(allow process abrt_retrace_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_retrace_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_retrace_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_retrace_spool_t ( sock_file ( append getattr open read write )))
(allow process abrt_var_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_var_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_var_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_var_cache_t ( sock_file ( append getattr open read write )))
(allow process antivirus_db_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process antivirus_db_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process antivirus_db_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process antivirus_db_t ( sock_file ( append getattr open read write )))
(allow process asterisk_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process asterisk_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process asterisk_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process asterisk_spool_t ( sock_file ( append getattr open read write )))
(allow process audit_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process audit_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process audit_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process audit_spool_t ( sock_file ( append getattr open read write )))
(allow process bacula_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process bacula_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process bacula_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process bacula_spool_t ( sock_file ( append getattr open read write )))
(allow process callweaver_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process callweaver_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process callweaver_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process callweaver_spool_t ( sock_file ( append getattr open read write )))
(allow process courier_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process courier_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process courier_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process courier_spool_t ( sock_file ( append getattr open read write )))
(allow process cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process cron_spool_t ( sock_file ( append getattr open read write )))
(allow process ctdbd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process ctdbd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process ctdbd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process ctdbd_spool_t ( sock_file ( append getattr open read write )))
(allow process device_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process device_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process device_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process device_t ( sock_file ( append getattr open read write )))
(allow process devlog_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process devlog_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process devlog_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process devlog_t ( sock_file ( append getattr open read write )))
(allow process dkim_milter_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process dkim_milter_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process dkim_milter_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process dkim_milter_data_t ( sock_file ( append getattr open read write )))
(allow process dovecot_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process dovecot_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process dovecot_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process dovecot_spool_t ( sock_file ( append getattr open read write )))
(allow process etc_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process etc_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process etc_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process etc_t ( sock_file ( append getattr open read write )))
(allow process exim_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process exim_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process exim_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process exim_spool_t ( sock_file ( append getattr open read write )))
(allow process getty_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process getty_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process getty_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process getty_var_run_t ( sock_file ( append getattr open read write )))
(allow process httpd_sys_rw_content_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process httpd_sys_rw_content_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process httpd_sys_rw_content_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process httpd_sys_rw_content_t ( sock_file ( append getattr open read write )))
(allow process ld_so_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process ld_so_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process ld_so_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process ld_so_t ( sock_file ( append getattr open read write )))
(allow process lib_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process lib_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process lib_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process lib_t ( sock_file ( append getattr open read write )))
(allow process locale_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process locale_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process locale_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process locale_t ( sock_file ( append getattr open read write )))
(allow process lpd_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process lpd_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process lpd_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process lpd_var_run_t ( sock_file ( append getattr open read write )))
(allow process mail_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mail_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mail_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mail_spool_t ( sock_file ( append getattr open read write )))
(allow process mailman_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mailman_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mailman_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mailman_data_t ( sock_file ( append getattr open read write )))
(allow process mqueue_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mqueue_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mqueue_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mqueue_spool_t ( sock_file ( append getattr open read write )))
(allow process mscan_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mscan_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mscan_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mscan_spool_t ( sock_file ( append getattr open read write )))
(allow process nagios_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process nagios_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process nagios_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process nagios_spool_t ( sock_file ( append getattr open read write )))
(allow process news_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process news_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process news_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process news_spool_t ( sock_file ( append getattr open read write )))
(allow process plymouthd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process plymouthd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process plymouthd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process plymouthd_spool_t ( sock_file ( append getattr open read write )))
(allow process plymouthd_var_log_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process plymouthd_var_log_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process plymouthd_var_log_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process plymouthd_var_log_t ( sock_file ( append getattr open read write )))
(allow process postfix_private_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_private_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_private_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_private_t ( sock_file ( append getattr open read write )))
(allow process postfix_public_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_public_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_public_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_public_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_bounce_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_bounce_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_bounce_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_bounce_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_t ( sock_file ( append getattr open read write )))
(allow process postfix_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_var_run_t ( sock_file ( append getattr open read write )))
(allow process postgrey_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postgrey_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postgrey_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postgrey_spool_t ( sock_file ( append getattr open read write )))
(allow process prelude_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process prelude_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process prelude_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process prelude_spool_t ( sock_file ( append getattr open read write )))
(allow process print_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process print_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process print_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process print_spool_t ( sock_file ( append getattr open read write )))
(allow process public_content_rw_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process public_content_rw_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process public_content_rw_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process public_content_rw_t ( sock_file ( append getattr open read write )))
(allow process pyicqt_var_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process pyicqt_var_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process pyicqt_var_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process pyicqt_var_spool_t ( sock_file ( append getattr open read write )))
(allow process quota_db_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process quota_db_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process quota_db_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process quota_db_t ( sock_file ( append getattr open read write )))
(allow process regex_milter_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process regex_milter_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process regex_milter_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process regex_milter_data_t ( sock_file ( append getattr open read write )))
(allow process rpm_var_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process rpm_var_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process rpm_var_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process rpm_var_cache_t ( sock_file ( append getattr open read write )))
(allow process rwho_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process rwho_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process rwho_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process rwho_spool_t ( sock_file ( append getattr open read write )))
(allow process samba_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process samba_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process samba_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process samba_spool_t ( sock_file ( append getattr open read write )))
(allow process sge_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process sge_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process sge_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process sge_spool_t ( sock_file ( append getattr open read write )))
(allow process smsd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process smsd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process smsd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process smsd_spool_t ( sock_file ( append getattr open read write )))
(allow process snmpd_var_lib_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process snmpd_var_lib_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process snmpd_var_lib_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process snmpd_var_lib_t ( sock_file ( append getattr open read write )))
(allow process spamass_milter_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamass_milter_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamass_milter_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamass_milter_data_t ( sock_file ( append getattr open read write )))
(allow process spamd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamd_spool_t ( sock_file ( append getattr open read write )))
(allow process spamd_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamd_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamd_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamd_var_run_t ( sock_file ( append getattr open read write )))
(allow process squid_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process squid_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process squid_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process squid_cache_t ( sock_file ( append getattr open read write )))
(allow process squirrelmail_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process squirrelmail_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process squirrelmail_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process squirrelmail_spool_t ( sock_file ( append getattr open read write )))
(allow process system_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process system_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process system_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process system_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process tetex_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process tetex_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process tetex_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process tetex_data_t ( sock_file ( append getattr open read write )))
(allow process user_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process user_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process user_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process user_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process uucpd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process uucpd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process uucpd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process uucpd_spool_t ( sock_file ( append getattr open read write )))
(allow process var_log_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process var_log_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process var_log_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process var_log_t ( sock_file ( append getattr open read write )))
(allow process var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process var_run_t ( sock_file ( append getattr open read write )))
(allow process var_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process var_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process var_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
@ -11,384 +247,8 @@
(allow process xdm_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process xdm_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process xdm_spool_t ( sock_file ( append getattr open read write )))
(allow process mqueue_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mqueue_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mqueue_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mqueue_spool_t ( sock_file ( append getattr open read write )))
(allow process quota_db_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process quota_db_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process quota_db_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process quota_db_t ( sock_file ( append getattr open read write )))
(allow process user_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process user_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process user_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process user_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process abrt_retrace_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_retrace_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_retrace_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_retrace_spool_t ( sock_file ( append getattr open read write )))
(allow process getty_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process getty_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process getty_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process getty_var_run_t ( sock_file ( append getattr open read write )))
(allow process print_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process print_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process print_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process print_spool_t ( sock_file ( append getattr open read write )))
(allow process smsd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process smsd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process smsd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process smsd_spool_t ( sock_file ( append getattr open read write )))
(allow process abrt_var_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_var_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_var_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_var_cache_t ( sock_file ( append getattr open read write )))
(allow process ctdbd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process ctdbd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process ctdbd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process ctdbd_spool_t ( sock_file ( append getattr open read write )))
(allow process print_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process print_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process print_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process print_spool_t ( sock_file ( append getattr open read write )))
(allow process httpd_sys_rw_content_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process httpd_sys_rw_content_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process httpd_sys_rw_content_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process httpd_sys_rw_content_t ( sock_file ( append getattr open read write )))
(allow process mail_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mail_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mail_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mail_spool_t ( sock_file ( append getattr open read write )))
(allow process mail_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mail_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mail_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mail_spool_t ( sock_file ( append getattr open read write )))
(allow process news_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process news_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process news_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process news_spool_t ( sock_file ( append getattr open read write )))
(allow process rwho_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process rwho_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process rwho_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process rwho_spool_t ( sock_file ( append getattr open read write )))
(allow process uucpd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process uucpd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process uucpd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process uucpd_spool_t ( sock_file ( append getattr open read write )))
(allow process exim_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process exim_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process exim_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process exim_spool_t ( sock_file ( append getattr open read write )))
(allow process audit_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process audit_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process audit_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process audit_spool_t ( sock_file ( append getattr open read write )))
(allow process abrt_var_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_var_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_var_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_var_cache_t ( sock_file ( append getattr open read write )))
(allow process samba_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process samba_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process samba_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process samba_spool_t ( sock_file ( append getattr open read write )))
(allow process mail_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mail_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mail_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mail_spool_t ( sock_file ( append getattr open read write )))
(allow process spamd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamd_spool_t ( sock_file ( append getattr open read write )))
(allow process squid_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process squid_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process squid_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process squid_cache_t ( sock_file ( append getattr open read write )))
(allow process tetex_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process tetex_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process tetex_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process tetex_data_t ( sock_file ( append getattr open read write )))
(allow process getty_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process getty_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process getty_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process getty_var_run_t ( sock_file ( append getattr open read write )))
(allow process bacula_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process bacula_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process bacula_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process bacula_spool_t ( sock_file ( append getattr open read write )))
(allow process nagios_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process nagios_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process nagios_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process nagios_spool_t ( sock_file ( append getattr open read write )))
(allow process nagios_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process nagios_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process nagios_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process nagios_spool_t ( sock_file ( append getattr open read write )))
(allow process snmpd_var_lib_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process snmpd_var_lib_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process snmpd_var_lib_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process snmpd_var_lib_t ( sock_file ( append getattr open read write )))
(allow process spamd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamd_spool_t ( sock_file ( append getattr open read write )))
(allow process httpd_sys_rw_content_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process httpd_sys_rw_content_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process httpd_sys_rw_content_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process httpd_sys_rw_content_t ( sock_file ( append getattr open read write )))
(allow process quota_db_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process quota_db_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process quota_db_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process quota_db_t ( sock_file ( append getattr open read write )))
(allow process mailman_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mailman_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mailman_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mailman_data_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_t ( sock_file ( append getattr open read write )))
(allow process antivirus_db_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process antivirus_db_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process antivirus_db_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process antivirus_db_t ( sock_file ( append getattr open read write )))
(allow process system_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process system_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process system_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process system_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process courier_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process courier_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process courier_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process courier_spool_t ( sock_file ( append getattr open read write )))
(allow process dovecot_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process dovecot_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process dovecot_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process dovecot_spool_t ( sock_file ( append getattr open read write )))
(allow process prelude_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process prelude_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process prelude_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process prelude_spool_t ( sock_file ( append getattr open read write )))
(allow process pyicqt_var_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process pyicqt_var_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process pyicqt_var_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process pyicqt_var_spool_t ( sock_file ( append getattr open read write )))
(allow process var_log_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process var_log_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process var_log_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process var_log_t ( sock_file ( append getattr open read write )))
(allow process rpm_var_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process rpm_var_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process rpm_var_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process rpm_var_cache_t ( sock_file ( append getattr open read write )))
(allow process asterisk_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process asterisk_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process asterisk_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process asterisk_spool_t ( sock_file ( append getattr open read write )))
(allow process print_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process print_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process print_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process print_spool_t ( sock_file ( append getattr open read write )))
(allow process dkim_milter_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process dkim_milter_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process dkim_milter_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process dkim_milter_data_t ( sock_file ( append getattr open read write )))
(allow process plymouthd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process plymouthd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process plymouthd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process plymouthd_spool_t ( sock_file ( append getattr open read write )))
(allow process mqueue_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mqueue_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mqueue_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mqueue_spool_t ( sock_file ( append getattr open read write )))
(allow process dkim_milter_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process dkim_milter_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process dkim_milter_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process dkim_milter_data_t ( sock_file ( append getattr open read write )))
(allow process spamd_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamd_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamd_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamd_var_run_t ( sock_file ( append getattr open read write )))
(allow process courier_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process courier_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process courier_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process courier_spool_t ( sock_file ( append getattr open read write )))
(allow process var_log_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process var_log_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process var_log_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process var_log_t ( sock_file ( append getattr open read write )))
(allow process callweaver_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process callweaver_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process callweaver_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process callweaver_spool_t ( sock_file ( append getattr open read write )))
(allow process sge_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process sge_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process sge_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process sge_spool_t ( sock_file ( append getattr open read write )))
(allow process abrt_var_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_var_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_var_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_var_cache_t ( sock_file ( append getattr open read write )))
(allow process lpd_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process lpd_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process lpd_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process lpd_var_run_t ( sock_file ( append getattr open read write )))
(allow process uucpd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process uucpd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process uucpd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process uucpd_spool_t ( sock_file ( append getattr open read write )))
(allow process mscan_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mscan_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mscan_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mscan_spool_t ( sock_file ( append getattr open read write )))
(allow process public_content_rw_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process public_content_rw_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process public_content_rw_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process public_content_rw_t ( sock_file ( append getattr open read write )))
(allow process etc_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process etc_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process etc_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process etc_t ( sock_file ( append getattr open read write )))
(allow process lib_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process lib_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process lib_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process lib_t ( sock_file ( append getattr open read write )))
(allow process lib_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process lib_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process lib_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process lib_t ( sock_file ( append getattr open read write )))
(allow process postfix_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_var_run_t ( sock_file ( append getattr open read write )))
(allow process abrt_retrace_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_retrace_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_retrace_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_retrace_spool_t ( sock_file ( append getattr open read write )))
(allow process regex_milter_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process regex_milter_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process regex_milter_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process regex_milter_data_t ( sock_file ( append getattr open read write )))
(allow process spamd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamd_spool_t ( sock_file ( append getattr open read write )))
(allow process squirrelmail_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process squirrelmail_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process squirrelmail_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process squirrelmail_spool_t ( sock_file ( append getattr open read write )))
(allow process spamd_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamd_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamd_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamd_var_run_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_t ( sock_file ( append getattr open read write )))
(allow process lib_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process lib_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process lib_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process lib_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_bounce_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_bounce_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_bounce_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_bounce_t ( sock_file ( append getattr open read write )))
(allow process postfix_public_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_public_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_public_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_public_t ( sock_file ( append getattr open read write )))
(allow process abrt_retrace_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_retrace_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_retrace_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_retrace_spool_t ( sock_file ( append getattr open read write )))
(allow process ld_so_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process ld_so_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process ld_so_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process ld_so_t ( sock_file ( append getattr open read write )))
(allow process postfix_private_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_private_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_private_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_private_t ( sock_file ( append getattr open read write )))
(allow process spamass_milter_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamass_milter_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamass_milter_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamass_milter_data_t ( sock_file ( append getattr open read write )))
(allow process prelude_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process prelude_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process prelude_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process prelude_spool_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_t ( sock_file ( append getattr open read write )))
(allow process postgrey_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postgrey_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postgrey_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postgrey_spool_t ( sock_file ( append getattr open read write )))
(allow process plymouthd_var_log_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process plymouthd_var_log_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process plymouthd_var_log_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process plymouthd_var_log_t ( sock_file ( append getattr open read write )))
(allow process zoneminder_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process zoneminder_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process zoneminder_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process zoneminder_spool_t ( sock_file ( append getattr open read write )))
(allow process user_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process user_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process user_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process user_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process cron_spool_t ( sock_file ( append getattr open read write )))
(allow process device_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process device_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process device_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process device_t ( sock_file ( append getattr open read write )))
(allow process var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process var_run_t ( sock_file ( append getattr open read write )))
(allow process system_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process system_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process system_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process system_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process cron_spool_t ( sock_file ( append getattr open read write )))
(allow process devlog_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process devlog_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process devlog_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process devlog_t ( sock_file ( append getattr open read write )))
(allow process system_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process system_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process system_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process system_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process system_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process system_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process system_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process system_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process locale_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process locale_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process locale_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process locale_t ( sock_file ( append getattr open read write )))
(allow process user_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process user_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process user_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process user_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process user_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process user_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process user_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process user_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process var_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process var_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process var_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process var_spool_t ( sock_file ( append getattr open read write )))
)

614
tests/test_basic.oci.cil
View File

@ -5,6 +5,242 @@
(allow process ftp_port_t ( tcp_socket ( name_bind )))
(blockinherit home_container)
(allow process abrt_retrace_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_retrace_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_retrace_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_retrace_spool_t ( sock_file ( append getattr open read write )))
(allow process abrt_var_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_var_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_var_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_var_cache_t ( sock_file ( append getattr open read write )))
(allow process antivirus_db_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process antivirus_db_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process antivirus_db_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process antivirus_db_t ( sock_file ( append getattr open read write )))
(allow process asterisk_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process asterisk_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process asterisk_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process asterisk_spool_t ( sock_file ( append getattr open read write )))
(allow process audit_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process audit_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process audit_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process audit_spool_t ( sock_file ( append getattr open read write )))
(allow process bacula_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process bacula_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process bacula_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process bacula_spool_t ( sock_file ( append getattr open read write )))
(allow process callweaver_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process callweaver_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process callweaver_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process callweaver_spool_t ( sock_file ( append getattr open read write )))
(allow process courier_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process courier_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process courier_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process courier_spool_t ( sock_file ( append getattr open read write )))
(allow process cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process cron_spool_t ( sock_file ( append getattr open read write )))
(allow process ctdbd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process ctdbd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process ctdbd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process ctdbd_spool_t ( sock_file ( append getattr open read write )))
(allow process device_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process device_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process device_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process device_t ( sock_file ( append getattr open read write )))
(allow process devlog_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process devlog_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process devlog_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process devlog_t ( sock_file ( append getattr open read write )))
(allow process dkim_milter_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process dkim_milter_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process dkim_milter_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process dkim_milter_data_t ( sock_file ( append getattr open read write )))
(allow process dovecot_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process dovecot_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process dovecot_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process dovecot_spool_t ( sock_file ( append getattr open read write )))
(allow process etc_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process etc_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process etc_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process etc_t ( sock_file ( append getattr open read write )))
(allow process exim_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process exim_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process exim_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process exim_spool_t ( sock_file ( append getattr open read write )))
(allow process getty_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process getty_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process getty_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process getty_var_run_t ( sock_file ( append getattr open read write )))
(allow process httpd_sys_rw_content_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process httpd_sys_rw_content_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process httpd_sys_rw_content_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process httpd_sys_rw_content_t ( sock_file ( append getattr open read write )))
(allow process ld_so_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process ld_so_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process ld_so_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process ld_so_t ( sock_file ( append getattr open read write )))
(allow process lib_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process lib_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process lib_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process lib_t ( sock_file ( append getattr open read write )))
(allow process locale_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process locale_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process locale_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process locale_t ( sock_file ( append getattr open read write )))
(allow process lpd_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process lpd_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process lpd_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process lpd_var_run_t ( sock_file ( append getattr open read write )))
(allow process mail_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mail_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mail_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mail_spool_t ( sock_file ( append getattr open read write )))
(allow process mailman_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mailman_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mailman_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mailman_data_t ( sock_file ( append getattr open read write )))
(allow process mqueue_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mqueue_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mqueue_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mqueue_spool_t ( sock_file ( append getattr open read write )))
(allow process mscan_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mscan_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mscan_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mscan_spool_t ( sock_file ( append getattr open read write )))
(allow process nagios_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process nagios_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process nagios_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process nagios_spool_t ( sock_file ( append getattr open read write )))
(allow process news_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process news_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process news_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process news_spool_t ( sock_file ( append getattr open read write )))
(allow process plymouthd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process plymouthd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process plymouthd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process plymouthd_spool_t ( sock_file ( append getattr open read write )))
(allow process plymouthd_var_log_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process plymouthd_var_log_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process plymouthd_var_log_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process plymouthd_var_log_t ( sock_file ( append getattr open read write )))
(allow process postfix_private_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_private_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_private_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_private_t ( sock_file ( append getattr open read write )))
(allow process postfix_public_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_public_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_public_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_public_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_bounce_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_bounce_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_bounce_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_bounce_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_t ( sock_file ( append getattr open read write )))
(allow process postfix_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_var_run_t ( sock_file ( append getattr open read write )))
(allow process postgrey_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postgrey_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postgrey_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postgrey_spool_t ( sock_file ( append getattr open read write )))
(allow process prelude_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process prelude_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process prelude_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process prelude_spool_t ( sock_file ( append getattr open read write )))
(allow process print_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process print_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process print_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process print_spool_t ( sock_file ( append getattr open read write )))
(allow process public_content_rw_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process public_content_rw_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process public_content_rw_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process public_content_rw_t ( sock_file ( append getattr open read write )))
(allow process pyicqt_var_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process pyicqt_var_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process pyicqt_var_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process pyicqt_var_spool_t ( sock_file ( append getattr open read write )))
(allow process quota_db_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process quota_db_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process quota_db_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process quota_db_t ( sock_file ( append getattr open read write )))
(allow process regex_milter_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process regex_milter_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process regex_milter_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process regex_milter_data_t ( sock_file ( append getattr open read write )))
(allow process rpm_var_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process rpm_var_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process rpm_var_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process rpm_var_cache_t ( sock_file ( append getattr open read write )))
(allow process rwho_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process rwho_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process rwho_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process rwho_spool_t ( sock_file ( append getattr open read write )))
(allow process samba_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process samba_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process samba_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process samba_spool_t ( sock_file ( append getattr open read write )))
(allow process sge_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process sge_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process sge_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process sge_spool_t ( sock_file ( append getattr open read write )))
(allow process smsd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process smsd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process smsd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process smsd_spool_t ( sock_file ( append getattr open read write )))
(allow process snmpd_var_lib_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process snmpd_var_lib_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process snmpd_var_lib_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process snmpd_var_lib_t ( sock_file ( append getattr open read write )))
(allow process spamass_milter_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamass_milter_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamass_milter_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamass_milter_data_t ( sock_file ( append getattr open read write )))
(allow process spamd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamd_spool_t ( sock_file ( append getattr open read write )))
(allow process spamd_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamd_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamd_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamd_var_run_t ( sock_file ( append getattr open read write )))
(allow process squid_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process squid_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process squid_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process squid_cache_t ( sock_file ( append getattr open read write )))
(allow process squirrelmail_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process squirrelmail_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process squirrelmail_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process squirrelmail_spool_t ( sock_file ( append getattr open read write )))
(allow process system_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process system_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process system_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process system_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process tetex_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process tetex_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process tetex_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process tetex_data_t ( sock_file ( append getattr open read write )))
(allow process user_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process user_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process user_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process user_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process uucpd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process uucpd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process uucpd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process uucpd_spool_t ( sock_file ( append getattr open read write )))
(allow process var_log_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process var_log_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process var_log_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process var_log_t ( sock_file ( append getattr open read write )))
(allow process var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process var_run_t ( sock_file ( append getattr open read write )))
(allow process var_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process var_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process var_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
@ -13,384 +249,8 @@
(allow process xdm_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process xdm_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process xdm_spool_t ( sock_file ( append getattr open read write )))
(allow process mqueue_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mqueue_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mqueue_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mqueue_spool_t ( sock_file ( append getattr open read write )))
(allow process quota_db_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process quota_db_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process quota_db_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process quota_db_t ( sock_file ( append getattr open read write )))
(allow process user_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process user_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process user_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process user_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process abrt_retrace_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_retrace_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_retrace_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_retrace_spool_t ( sock_file ( append getattr open read write )))
(allow process getty_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process getty_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process getty_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process getty_var_run_t ( sock_file ( append getattr open read write )))
(allow process print_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process print_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process print_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process print_spool_t ( sock_file ( append getattr open read write )))
(allow process smsd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process smsd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process smsd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process smsd_spool_t ( sock_file ( append getattr open read write )))
(allow process abrt_var_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_var_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_var_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_var_cache_t ( sock_file ( append getattr open read write )))
(allow process ctdbd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process ctdbd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process ctdbd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process ctdbd_spool_t ( sock_file ( append getattr open read write )))
(allow process print_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process print_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process print_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process print_spool_t ( sock_file ( append getattr open read write )))
(allow process httpd_sys_rw_content_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process httpd_sys_rw_content_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process httpd_sys_rw_content_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process httpd_sys_rw_content_t ( sock_file ( append getattr open read write )))
(allow process mail_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mail_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mail_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mail_spool_t ( sock_file ( append getattr open read write )))
(allow process mail_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mail_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mail_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mail_spool_t ( sock_file ( append getattr open read write )))
(allow process news_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process news_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process news_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process news_spool_t ( sock_file ( append getattr open read write )))
(allow process rwho_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process rwho_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process rwho_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process rwho_spool_t ( sock_file ( append getattr open read write )))
(allow process uucpd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process uucpd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process uucpd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process uucpd_spool_t ( sock_file ( append getattr open read write )))
(allow process exim_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process exim_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process exim_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process exim_spool_t ( sock_file ( append getattr open read write )))
(allow process audit_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process audit_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process audit_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process audit_spool_t ( sock_file ( append getattr open read write )))
(allow process abrt_var_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_var_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_var_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_var_cache_t ( sock_file ( append getattr open read write )))
(allow process samba_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process samba_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process samba_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process samba_spool_t ( sock_file ( append getattr open read write )))
(allow process mail_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mail_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mail_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mail_spool_t ( sock_file ( append getattr open read write )))
(allow process spamd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamd_spool_t ( sock_file ( append getattr open read write )))
(allow process squid_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process squid_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process squid_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process squid_cache_t ( sock_file ( append getattr open read write )))
(allow process tetex_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process tetex_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process tetex_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process tetex_data_t ( sock_file ( append getattr open read write )))
(allow process getty_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process getty_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process getty_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process getty_var_run_t ( sock_file ( append getattr open read write )))
(allow process bacula_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process bacula_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process bacula_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process bacula_spool_t ( sock_file ( append getattr open read write )))
(allow process nagios_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process nagios_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process nagios_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process nagios_spool_t ( sock_file ( append getattr open read write )))
(allow process nagios_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process nagios_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process nagios_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process nagios_spool_t ( sock_file ( append getattr open read write )))
(allow process snmpd_var_lib_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process snmpd_var_lib_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process snmpd_var_lib_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process snmpd_var_lib_t ( sock_file ( append getattr open read write )))
(allow process spamd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamd_spool_t ( sock_file ( append getattr open read write )))
(allow process httpd_sys_rw_content_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process httpd_sys_rw_content_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process httpd_sys_rw_content_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process httpd_sys_rw_content_t ( sock_file ( append getattr open read write )))
(allow process quota_db_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process quota_db_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process quota_db_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process quota_db_t ( sock_file ( append getattr open read write )))
(allow process mailman_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mailman_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mailman_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mailman_data_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_t ( sock_file ( append getattr open read write )))
(allow process antivirus_db_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process antivirus_db_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process antivirus_db_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process antivirus_db_t ( sock_file ( append getattr open read write )))
(allow process system_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process system_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process system_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process system_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process courier_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process courier_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process courier_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process courier_spool_t ( sock_file ( append getattr open read write )))
(allow process dovecot_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process dovecot_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process dovecot_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process dovecot_spool_t ( sock_file ( append getattr open read write )))
(allow process prelude_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process prelude_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process prelude_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process prelude_spool_t ( sock_file ( append getattr open read write )))
(allow process pyicqt_var_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process pyicqt_var_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process pyicqt_var_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process pyicqt_var_spool_t ( sock_file ( append getattr open read write )))
(allow process var_log_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process var_log_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process var_log_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process var_log_t ( sock_file ( append getattr open read write )))
(allow process rpm_var_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process rpm_var_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process rpm_var_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process rpm_var_cache_t ( sock_file ( append getattr open read write )))
(allow process asterisk_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process asterisk_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process asterisk_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process asterisk_spool_t ( sock_file ( append getattr open read write )))
(allow process print_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process print_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process print_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process print_spool_t ( sock_file ( append getattr open read write )))
(allow process dkim_milter_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process dkim_milter_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process dkim_milter_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process dkim_milter_data_t ( sock_file ( append getattr open read write )))
(allow process plymouthd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process plymouthd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process plymouthd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process plymouthd_spool_t ( sock_file ( append getattr open read write )))
(allow process mqueue_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mqueue_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mqueue_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mqueue_spool_t ( sock_file ( append getattr open read write )))
(allow process dkim_milter_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process dkim_milter_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process dkim_milter_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process dkim_milter_data_t ( sock_file ( append getattr open read write )))
(allow process spamd_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamd_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamd_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamd_var_run_t ( sock_file ( append getattr open read write )))
(allow process courier_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process courier_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process courier_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process courier_spool_t ( sock_file ( append getattr open read write )))
(allow process var_log_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process var_log_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process var_log_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process var_log_t ( sock_file ( append getattr open read write )))
(allow process callweaver_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process callweaver_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process callweaver_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process callweaver_spool_t ( sock_file ( append getattr open read write )))
(allow process sge_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process sge_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process sge_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process sge_spool_t ( sock_file ( append getattr open read write )))
(allow process abrt_var_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_var_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_var_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_var_cache_t ( sock_file ( append getattr open read write )))
(allow process lpd_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process lpd_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process lpd_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process lpd_var_run_t ( sock_file ( append getattr open read write )))
(allow process uucpd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process uucpd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process uucpd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process uucpd_spool_t ( sock_file ( append getattr open read write )))
(allow process mscan_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mscan_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mscan_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mscan_spool_t ( sock_file ( append getattr open read write )))
(allow process public_content_rw_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process public_content_rw_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process public_content_rw_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process public_content_rw_t ( sock_file ( append getattr open read write )))
(allow process etc_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process etc_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process etc_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process etc_t ( sock_file ( append getattr open read write )))
(allow process lib_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process lib_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process lib_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process lib_t ( sock_file ( append getattr open read write )))
(allow process lib_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process lib_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process lib_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process lib_t ( sock_file ( append getattr open read write )))
(allow process postfix_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_var_run_t ( sock_file ( append getattr open read write )))
(allow process abrt_retrace_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_retrace_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_retrace_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_retrace_spool_t ( sock_file ( append getattr open read write )))
(allow process regex_milter_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process regex_milter_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process regex_milter_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process regex_milter_data_t ( sock_file ( append getattr open read write )))
(allow process spamd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamd_spool_t ( sock_file ( append getattr open read write )))
(allow process squirrelmail_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process squirrelmail_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process squirrelmail_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process squirrelmail_spool_t ( sock_file ( append getattr open read write )))
(allow process spamd_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamd_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamd_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamd_var_run_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_t ( sock_file ( append getattr open read write )))
(allow process lib_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process lib_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process lib_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process lib_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_bounce_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_bounce_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_bounce_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_bounce_t ( sock_file ( append getattr open read write )))
(allow process postfix_public_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_public_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_public_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_public_t ( sock_file ( append getattr open read write )))
(allow process abrt_retrace_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_retrace_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_retrace_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_retrace_spool_t ( sock_file ( append getattr open read write )))
(allow process ld_so_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process ld_so_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process ld_so_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process ld_so_t ( sock_file ( append getattr open read write )))
(allow process postfix_private_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_private_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_private_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_private_t ( sock_file ( append getattr open read write )))
(allow process spamass_milter_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamass_milter_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamass_milter_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamass_milter_data_t ( sock_file ( append getattr open read write )))
(allow process prelude_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process prelude_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process prelude_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process prelude_spool_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_t ( sock_file ( append getattr open read write )))
(allow process postgrey_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postgrey_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postgrey_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postgrey_spool_t ( sock_file ( append getattr open read write )))
(allow process plymouthd_var_log_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process plymouthd_var_log_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process plymouthd_var_log_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process plymouthd_var_log_t ( sock_file ( append getattr open read write )))
(allow process zoneminder_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process zoneminder_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process zoneminder_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process zoneminder_spool_t ( sock_file ( append getattr open read write )))
(allow process user_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process user_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process user_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process user_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process cron_spool_t ( sock_file ( append getattr open read write )))
(allow process device_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process device_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process device_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process device_t ( sock_file ( append getattr open read write )))
(allow process var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process var_run_t ( sock_file ( append getattr open read write )))
(allow process system_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process system_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process system_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process system_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process cron_spool_t ( sock_file ( append getattr open read write )))
(allow process devlog_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process devlog_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process devlog_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process devlog_t ( sock_file ( append getattr open read write )))
(allow process system_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process system_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process system_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process system_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process system_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process system_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process system_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process system_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process locale_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process locale_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process locale_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process locale_t ( sock_file ( append getattr open read write )))
(allow process user_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process user_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process user_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process user_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process user_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process user_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process user_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process user_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process var_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process var_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process var_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process var_spool_t ( sock_file ( append getattr open read write )))
)
)

612
tests/test_basic.podman.cil
View File

@ -5,6 +5,242 @@
(allow process ftp_port_t ( tcp_socket ( name_bind )))
(blockinherit home_container)
(allow process abrt_retrace_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_retrace_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_retrace_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_retrace_spool_t ( sock_file ( append getattr open read write )))
(allow process abrt_var_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_var_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_var_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_var_cache_t ( sock_file ( append getattr open read write )))
(allow process antivirus_db_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process antivirus_db_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process antivirus_db_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process antivirus_db_t ( sock_file ( append getattr open read write )))
(allow process asterisk_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process asterisk_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process asterisk_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process asterisk_spool_t ( sock_file ( append getattr open read write )))
(allow process audit_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process audit_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process audit_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process audit_spool_t ( sock_file ( append getattr open read write )))
(allow process bacula_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process bacula_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process bacula_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process bacula_spool_t ( sock_file ( append getattr open read write )))
(allow process callweaver_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process callweaver_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process callweaver_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process callweaver_spool_t ( sock_file ( append getattr open read write )))
(allow process courier_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process courier_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process courier_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process courier_spool_t ( sock_file ( append getattr open read write )))
(allow process cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process cron_spool_t ( sock_file ( append getattr open read write )))
(allow process ctdbd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process ctdbd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process ctdbd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process ctdbd_spool_t ( sock_file ( append getattr open read write )))
(allow process device_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process device_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process device_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process device_t ( sock_file ( append getattr open read write )))
(allow process devlog_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process devlog_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process devlog_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process devlog_t ( sock_file ( append getattr open read write )))
(allow process dkim_milter_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process dkim_milter_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process dkim_milter_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process dkim_milter_data_t ( sock_file ( append getattr open read write )))
(allow process dovecot_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process dovecot_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process dovecot_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process dovecot_spool_t ( sock_file ( append getattr open read write )))
(allow process etc_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process etc_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process etc_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process etc_t ( sock_file ( append getattr open read write )))
(allow process exim_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process exim_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process exim_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process exim_spool_t ( sock_file ( append getattr open read write )))
(allow process getty_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process getty_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process getty_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process getty_var_run_t ( sock_file ( append getattr open read write )))
(allow process httpd_sys_rw_content_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process httpd_sys_rw_content_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process httpd_sys_rw_content_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process httpd_sys_rw_content_t ( sock_file ( append getattr open read write )))
(allow process ld_so_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process ld_so_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process ld_so_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process ld_so_t ( sock_file ( append getattr open read write )))
(allow process lib_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process lib_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process lib_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process lib_t ( sock_file ( append getattr open read write )))
(allow process locale_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process locale_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process locale_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process locale_t ( sock_file ( append getattr open read write )))
(allow process lpd_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process lpd_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process lpd_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process lpd_var_run_t ( sock_file ( append getattr open read write )))
(allow process mail_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mail_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mail_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mail_spool_t ( sock_file ( append getattr open read write )))
(allow process mailman_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mailman_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mailman_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mailman_data_t ( sock_file ( append getattr open read write )))
(allow process mqueue_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mqueue_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mqueue_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mqueue_spool_t ( sock_file ( append getattr open read write )))
(allow process mscan_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mscan_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mscan_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mscan_spool_t ( sock_file ( append getattr open read write )))
(allow process nagios_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process nagios_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process nagios_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process nagios_spool_t ( sock_file ( append getattr open read write )))
(allow process news_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process news_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process news_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process news_spool_t ( sock_file ( append getattr open read write )))
(allow process plymouthd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process plymouthd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process plymouthd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process plymouthd_spool_t ( sock_file ( append getattr open read write )))
(allow process plymouthd_var_log_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process plymouthd_var_log_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process plymouthd_var_log_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process plymouthd_var_log_t ( sock_file ( append getattr open read write )))
(allow process postfix_private_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_private_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_private_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_private_t ( sock_file ( append getattr open read write )))
(allow process postfix_public_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_public_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_public_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_public_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_bounce_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_bounce_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_bounce_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_bounce_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_t ( sock_file ( append getattr open read write )))
(allow process postfix_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_var_run_t ( sock_file ( append getattr open read write )))
(allow process postgrey_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postgrey_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postgrey_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postgrey_spool_t ( sock_file ( append getattr open read write )))
(allow process prelude_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process prelude_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process prelude_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process prelude_spool_t ( sock_file ( append getattr open read write )))
(allow process print_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process print_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process print_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process print_spool_t ( sock_file ( append getattr open read write )))
(allow process public_content_rw_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process public_content_rw_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process public_content_rw_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process public_content_rw_t ( sock_file ( append getattr open read write )))
(allow process pyicqt_var_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process pyicqt_var_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process pyicqt_var_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process pyicqt_var_spool_t ( sock_file ( append getattr open read write )))
(allow process quota_db_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process quota_db_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process quota_db_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process quota_db_t ( sock_file ( append getattr open read write )))
(allow process regex_milter_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process regex_milter_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process regex_milter_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process regex_milter_data_t ( sock_file ( append getattr open read write )))
(allow process rpm_var_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process rpm_var_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process rpm_var_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process rpm_var_cache_t ( sock_file ( append getattr open read write )))
(allow process rwho_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process rwho_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process rwho_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process rwho_spool_t ( sock_file ( append getattr open read write )))
(allow process samba_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process samba_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process samba_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process samba_spool_t ( sock_file ( append getattr open read write )))
(allow process sge_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process sge_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process sge_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process sge_spool_t ( sock_file ( append getattr open read write )))
(allow process smsd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process smsd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process smsd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process smsd_spool_t ( sock_file ( append getattr open read write )))
(allow process snmpd_var_lib_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process snmpd_var_lib_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process snmpd_var_lib_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process snmpd_var_lib_t ( sock_file ( append getattr open read write )))
(allow process spamass_milter_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamass_milter_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamass_milter_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamass_milter_data_t ( sock_file ( append getattr open read write )))
(allow process spamd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamd_spool_t ( sock_file ( append getattr open read write )))
(allow process spamd_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamd_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamd_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamd_var_run_t ( sock_file ( append getattr open read write )))
(allow process squid_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process squid_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process squid_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process squid_cache_t ( sock_file ( append getattr open read write )))
(allow process squirrelmail_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process squirrelmail_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process squirrelmail_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process squirrelmail_spool_t ( sock_file ( append getattr open read write )))
(allow process system_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process system_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process system_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process system_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process tetex_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process tetex_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process tetex_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process tetex_data_t ( sock_file ( append getattr open read write )))
(allow process user_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process user_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process user_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process user_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process uucpd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process uucpd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process uucpd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process uucpd_spool_t ( sock_file ( append getattr open read write )))
(allow process var_log_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process var_log_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process var_log_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process var_log_t ( sock_file ( append getattr open read write )))
(allow process var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process var_run_t ( sock_file ( append getattr open read write )))
(allow process var_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process var_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process var_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
@ -13,384 +249,8 @@
(allow process xdm_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process xdm_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process xdm_spool_t ( sock_file ( append getattr open read write )))
(allow process mqueue_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mqueue_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mqueue_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mqueue_spool_t ( sock_file ( append getattr open read write )))
(allow process quota_db_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process quota_db_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process quota_db_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process quota_db_t ( sock_file ( append getattr open read write )))
(allow process user_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process user_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process user_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process user_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process abrt_retrace_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_retrace_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_retrace_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_retrace_spool_t ( sock_file ( append getattr open read write )))
(allow process getty_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process getty_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process getty_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process getty_var_run_t ( sock_file ( append getattr open read write )))
(allow process print_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process print_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process print_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process print_spool_t ( sock_file ( append getattr open read write )))
(allow process smsd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process smsd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process smsd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process smsd_spool_t ( sock_file ( append getattr open read write )))
(allow process abrt_var_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_var_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_var_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_var_cache_t ( sock_file ( append getattr open read write )))
(allow process ctdbd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process ctdbd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process ctdbd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process ctdbd_spool_t ( sock_file ( append getattr open read write )))
(allow process print_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process print_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process print_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process print_spool_t ( sock_file ( append getattr open read write )))
(allow process httpd_sys_rw_content_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process httpd_sys_rw_content_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process httpd_sys_rw_content_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process httpd_sys_rw_content_t ( sock_file ( append getattr open read write )))
(allow process mail_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mail_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mail_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mail_spool_t ( sock_file ( append getattr open read write )))
(allow process mail_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mail_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mail_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mail_spool_t ( sock_file ( append getattr open read write )))
(allow process news_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process news_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process news_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process news_spool_t ( sock_file ( append getattr open read write )))
(allow process rwho_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process rwho_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process rwho_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process rwho_spool_t ( sock_file ( append getattr open read write )))
(allow process uucpd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process uucpd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process uucpd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process uucpd_spool_t ( sock_file ( append getattr open read write )))
(allow process exim_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process exim_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process exim_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process exim_spool_t ( sock_file ( append getattr open read write )))
(allow process audit_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process audit_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process audit_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process audit_spool_t ( sock_file ( append getattr open read write )))
(allow process abrt_var_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_var_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_var_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_var_cache_t ( sock_file ( append getattr open read write )))
(allow process samba_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process samba_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process samba_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process samba_spool_t ( sock_file ( append getattr open read write )))
(allow process mail_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mail_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mail_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mail_spool_t ( sock_file ( append getattr open read write )))
(allow process spamd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamd_spool_t ( sock_file ( append getattr open read write )))
(allow process squid_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process squid_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process squid_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process squid_cache_t ( sock_file ( append getattr open read write )))
(allow process tetex_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process tetex_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process tetex_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process tetex_data_t ( sock_file ( append getattr open read write )))
(allow process getty_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process getty_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process getty_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process getty_var_run_t ( sock_file ( append getattr open read write )))
(allow process bacula_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process bacula_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process bacula_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process bacula_spool_t ( sock_file ( append getattr open read write )))
(allow process nagios_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process nagios_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process nagios_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process nagios_spool_t ( sock_file ( append getattr open read write )))
(allow process nagios_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process nagios_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process nagios_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process nagios_spool_t ( sock_file ( append getattr open read write )))
(allow process snmpd_var_lib_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process snmpd_var_lib_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process snmpd_var_lib_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process snmpd_var_lib_t ( sock_file ( append getattr open read write )))
(allow process spamd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamd_spool_t ( sock_file ( append getattr open read write )))
(allow process httpd_sys_rw_content_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process httpd_sys_rw_content_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process httpd_sys_rw_content_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process httpd_sys_rw_content_t ( sock_file ( append getattr open read write )))
(allow process quota_db_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process quota_db_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process quota_db_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process quota_db_t ( sock_file ( append getattr open read write )))
(allow process mailman_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mailman_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mailman_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mailman_data_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_t ( sock_file ( append getattr open read write )))
(allow process antivirus_db_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process antivirus_db_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process antivirus_db_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process antivirus_db_t ( sock_file ( append getattr open read write )))
(allow process system_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process system_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process system_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process system_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process courier_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process courier_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process courier_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process courier_spool_t ( sock_file ( append getattr open read write )))
(allow process dovecot_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process dovecot_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process dovecot_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process dovecot_spool_t ( sock_file ( append getattr open read write )))
(allow process prelude_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process prelude_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process prelude_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process prelude_spool_t ( sock_file ( append getattr open read write )))
(allow process pyicqt_var_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process pyicqt_var_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process pyicqt_var_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process pyicqt_var_spool_t ( sock_file ( append getattr open read write )))
(allow process var_log_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process var_log_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process var_log_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process var_log_t ( sock_file ( append getattr open read write )))
(allow process rpm_var_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process rpm_var_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process rpm_var_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process rpm_var_cache_t ( sock_file ( append getattr open read write )))
(allow process asterisk_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process asterisk_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process asterisk_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process asterisk_spool_t ( sock_file ( append getattr open read write )))
(allow process print_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process print_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process print_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process print_spool_t ( sock_file ( append getattr open read write )))
(allow process dkim_milter_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process dkim_milter_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process dkim_milter_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process dkim_milter_data_t ( sock_file ( append getattr open read write )))
(allow process plymouthd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process plymouthd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process plymouthd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process plymouthd_spool_t ( sock_file ( append getattr open read write )))
(allow process mqueue_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mqueue_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mqueue_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mqueue_spool_t ( sock_file ( append getattr open read write )))
(allow process dkim_milter_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process dkim_milter_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process dkim_milter_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process dkim_milter_data_t ( sock_file ( append getattr open read write )))
(allow process spamd_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamd_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamd_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamd_var_run_t ( sock_file ( append getattr open read write )))
(allow process courier_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process courier_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process courier_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process courier_spool_t ( sock_file ( append getattr open read write )))
(allow process var_log_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process var_log_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process var_log_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process var_log_t ( sock_file ( append getattr open read write )))
(allow process callweaver_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process callweaver_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process callweaver_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process callweaver_spool_t ( sock_file ( append getattr open read write )))
(allow process sge_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process sge_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process sge_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process sge_spool_t ( sock_file ( append getattr open read write )))
(allow process abrt_var_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_var_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_var_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_var_cache_t ( sock_file ( append getattr open read write )))
(allow process lpd_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process lpd_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process lpd_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process lpd_var_run_t ( sock_file ( append getattr open read write )))
(allow process uucpd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process uucpd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process uucpd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process uucpd_spool_t ( sock_file ( append getattr open read write )))
(allow process mscan_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mscan_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mscan_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mscan_spool_t ( sock_file ( append getattr open read write )))
(allow process public_content_rw_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process public_content_rw_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process public_content_rw_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process public_content_rw_t ( sock_file ( append getattr open read write )))
(allow process etc_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process etc_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process etc_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process etc_t ( sock_file ( append getattr open read write )))
(allow process lib_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process lib_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process lib_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process lib_t ( sock_file ( append getattr open read write )))
(allow process lib_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process lib_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process lib_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process lib_t ( sock_file ( append getattr open read write )))
(allow process postfix_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_var_run_t ( sock_file ( append getattr open read write )))
(allow process abrt_retrace_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_retrace_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_retrace_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_retrace_spool_t ( sock_file ( append getattr open read write )))
(allow process regex_milter_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process regex_milter_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process regex_milter_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process regex_milter_data_t ( sock_file ( append getattr open read write )))
(allow process spamd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamd_spool_t ( sock_file ( append getattr open read write )))
(allow process squirrelmail_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process squirrelmail_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process squirrelmail_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process squirrelmail_spool_t ( sock_file ( append getattr open read write )))
(allow process spamd_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamd_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamd_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamd_var_run_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_t ( sock_file ( append getattr open read write )))
(allow process lib_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process lib_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process lib_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process lib_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_bounce_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_bounce_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_bounce_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_bounce_t ( sock_file ( append getattr open read write )))
(allow process postfix_public_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_public_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_public_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_public_t ( sock_file ( append getattr open read write )))
(allow process abrt_retrace_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_retrace_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_retrace_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_retrace_spool_t ( sock_file ( append getattr open read write )))
(allow process ld_so_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process ld_so_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process ld_so_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process ld_so_t ( sock_file ( append getattr open read write )))
(allow process postfix_private_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_private_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_private_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_private_t ( sock_file ( append getattr open read write )))
(allow process spamass_milter_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamass_milter_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamass_milter_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamass_milter_data_t ( sock_file ( append getattr open read write )))
(allow process prelude_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process prelude_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process prelude_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process prelude_spool_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_t ( sock_file ( append getattr open read write )))
(allow process postgrey_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postgrey_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postgrey_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postgrey_spool_t ( sock_file ( append getattr open read write )))
(allow process plymouthd_var_log_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process plymouthd_var_log_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process plymouthd_var_log_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process plymouthd_var_log_t ( sock_file ( append getattr open read write )))
(allow process zoneminder_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process zoneminder_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process zoneminder_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process zoneminder_spool_t ( sock_file ( append getattr open read write )))
(allow process user_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process user_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process user_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process user_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process cron_spool_t ( sock_file ( append getattr open read write )))
(allow process device_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process device_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process device_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process device_t ( sock_file ( append getattr open read write )))
(allow process var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process var_run_t ( sock_file ( append getattr open read write )))
(allow process system_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process system_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process system_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process system_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process cron_spool_t ( sock_file ( append getattr open read write )))
(allow process devlog_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process devlog_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process devlog_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process devlog_t ( sock_file ( append getattr open read write )))
(allow process system_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process system_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process system_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process system_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process system_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process system_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process system_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process system_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process locale_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process locale_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process locale_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process locale_t ( sock_file ( append getattr open read write )))
(allow process user_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process user_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process user_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process user_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process user_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process user_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process user_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process user_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process var_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process var_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process var_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process var_spool_t ( sock_file ( append getattr open read write )))
)

2
tests/test_default.docker.cil
View File

@ -1,3 +1,3 @@
(block my_container
(blockinherit container)
)
)

2
tests/test_default.podman.cil
View File

@ -2,4 +2,4 @@
(blockinherit container)
(allow process process ( capability ( audit_write chown dac_override fowner fsetid kill mknod net_bind_service net_raw setfcap setgid setpcap setuid sys_chroot )))
)
)

2
tests/test_devices.podman.cil
View File

@ -4,4 +4,6 @@
(allow process framebuf_device_t ( blk_file ( getattr read write append ioctl lock open )))
(allow process framebuf_device_t ( chr_file ( getattr read write append ioctl lock open )))
(allow process var_spool_t ( blk_file ( getattr read write append ioctl lock open )))
(allow process var_spool_t ( chr_file ( getattr read write append ioctl lock open )))
)

2
tests/test_fullnetworkaccess.podman.cil
View File

@ -3,4 +3,4 @@
(blockinherit net_container)
(allow process process ( capability ( audit_write chown dac_override fowner fsetid kill mknod net_bind_service net_raw setfcap setgid setpcap setuid sys_chroot )))
)
)

2
tests/test_ports.docker.cil
View File

@ -2,4 +2,4 @@
(blockinherit container)
(blockinherit restricted_net_container)
(allow process mysqld_port_t ( tcp_socket ( name_bind )))
)
)

2
tests/test_ports.podman.cil
View File

@ -4,4 +4,4 @@
(allow process process ( capability ( audit_write chown dac_override fowner fsetid kill mknod net_bind_service net_raw setfcap setgid setpcap setuid sys_chroot )))
(allow process mysqld_port_t ( tcp_socket ( name_bind )))
)
)

2
tests/test_stream_connect.podman.cil
View File

@ -4,4 +4,4 @@
(allow process network_container.socket ( sock_file ( getattr write open append )))
(allow process process ( capability ( audit_write chown dac_override fowner fsetid kill mknod net_bind_service net_raw setfcap setgid setpcap setuid sys_chroot )))
)
)

2
tests/test_ttyaccess.podman.cil
View File

@ -3,4 +3,4 @@
(blockinherit tty_container)
(allow process process ( capability ( audit_write chown dac_override fowner fsetid kill mknod net_bind_service net_raw setfcap setgid setpcap setuid sys_chroot )))
)
)

2
tests/test_virtaccess.podman.cil
View File

@ -3,4 +3,4 @@
(blockinherit virt_container)
(allow process process ( capability ( audit_write chown dac_override fowner fsetid kill mknod net_bind_service net_raw setfcap setgid setpcap setuid sys_chroot )))
)
)

2
tests/test_xaccess.podman.cil
View File

@ -3,4 +3,4 @@
(blockinherit x_container)
(allow process process ( capability ( audit_write chown dac_override fowner fsetid kill mknod net_bind_service net_raw setfcap setgid setpcap setuid sys_chroot )))
)
)