Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

selinux-policy-devel-40.13.12-2.el10 RPM for noarch

From CentOS Stream 10 AppStream for x86_64

Name: selinux-policy-devel Distribution: CentOS
Version: 40.13.12 Vendor: CentOS
Release: 2.el10 Build date: Tue Oct 29 20:56:29 2024
Group: Unspecified Build host: x86-05.stream.rdu2.redhat.com
Size: 14679128 Source RPM: selinux-policy-40.13.12-2.el10.src.rpm
Packager: builder@centos.org
Url: https://github.com/fedora-selinux/selinux-policy
Summary: SELinux policy development files
SELinux policy development package.
This package contains:
- interfaces, macros, and patterns for policy development
- a policy example
- the macro-expander utility
and some additional files.

Provides

Requires

License

GPL-2.0-or-later

Changelog

* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 40.13.12-2
  - Bump release for October 2024 mass rebuild:
    Resolves: RHEL-64018
* Thu Oct 24 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.12-1
  - Dontaudit subscription manager setfscreate and read file contexts
  Resolves: RHEL-58009
  - Allow the sysadm user use the secretmem API
  Resolves: RHEL-40953
  - Allow sudodomain list files in /var
  Resolves: RHEL-58068
  - Allow gnome-remote-desktop watch /etc directory
  Resolves: RHEL-35877
  - Allow journalctl connect to systemd-userdbd over a unix socket
  Resolves: RHEL-58072
  - systemd: allow sys_admin capability for systemd_notify_t
  Resolves: RHEL-58072
  - Allow some confined users send to lldpad over a unix dgram socket
  Resolves: RHEL-61634
  - Allow lldpad send to sysadm_t over a unix dgram socket
  Resolves: RHEL-61634
  - Allow lldpd connect to systemd-machined over a unix socket
  Resolves: RHEL-61634
* Wed Oct 23 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.11-1
  - Allow ping_t read network sysctls
  Resolves: RHEL-54299
  - Label /usr/lib/node_modules/npm/bin with bin_t
  Resolves: RHEL-56350
  - Label /run/sssd with sssd_var_run_t
  Resolves: RHEL-57065
  - Allow virtqemud read virtd_t files
  Resolves: RHEL-57713
  - Allow wdmd read hardware state information
  Resolves: RHEL-57982
  - Allow wdmd list the contents of the sysfs directories
  Resolves: RHEL-57982
  - Label /etc/sysctl.d and /run/sysctl.d with system_conf_t
  Resolves: RHEL-58380
  - Allow dirsrv read network sysctls
  Resolves: RHEL-58381
  - Allow lldpad create and use netlink_generic_socket
  Resolves: RHEL-61634
  - Allow unconfined_t execute kmod in the kmod domain
  Resolves: RHEL-61755
  - Confine the pcm service
  Resolves: RHEL-52838
  - Allow iio-sensor-proxy the bpf capability
  Resolves: RHEL-62355
  - Confine iio-sensor-proxy
  Resolves: RHEL-62355
* Wed Oct 16 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.10-1
  - Confine gnome-remote-desktop
  Resolves: RHEL-35877
  - Allow virtqemud get attributes of a tmpfs filesystem
  Resolves: RHEL-40855
  - Allow virtqemud get attributes of cifs files
  Resolves: RHEL-40855
  - Allow virtqemud get attributes of filesystems with extended attributes
  Resolves: RHEL-39668
  - Allow virtqemud get attributes of NFS filesystems
  Resolves: RHEL-40855
  - Add support for secretmem anon inode
  Resolves: RHEL-40953
  - Allow systemd-sleep read raw disk data
  Resolves: RHEL-49600
  - Allow systemd-hwdb send messages to kernel unix datagram sockets
  Resolves: RHEL-50810
  - Label /run/modprobe.d with modules_conf_t
  Resolves: RHEL-54591
  - Allow setsebool_t relabel selinux data files
  Resolves: RHEL-55412
  - Don't audit crontab_domain write attempts to user home
  Resolves: RHEL-56349
  - Differentiate between staff and sysadm when executing crontab with sudo
  Resolves: RHEL-56349
  - Add crontab_admin_domtrans interface
  Resolves: RHEL-56349
  - Add crontab_domtrans interface
  Resolves: RHEL-56349
  - Allow boothd connect to kernel over a unix socket
  Resolves: RHEL-58060
  - Fix label of pseudoterminals created from sudodomain
  Resolves: RHEL-58068
  - systemd: allow systemd_notify_t to send data to kernel_t datagram sockets
  Resolves: RHEL-58072
  - Allow rsyslog read systemd-logind session files
  Resolves: RHEL-40961
  - Label /dev/mmcblk0rpmb character device with removable_device_t
  Resolves: RHEL-55265
  - Label /dev/hfi1_[0-9]+ devices
  Resolves: RHEL-62836
  - Label /dev/papr-sysparm and /dev/papr-vpd
  Resolves: RHEL-56908
  - Support SGX devices
  Resolves: RHEL-62354
  - Suppress semodule's stderr
  Resolves: RHEL-59192
* Mon Aug 26 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.9-1
  - Allow virtqemud relabelfrom also for file and sock_file
  Resolves: RHEL-49763
  - Allow virtqemud relabel user tmp files and socket files
  Resolves: RHEL-49763
  - Update virtqemud policy for libguestfs usage
  Resolves: RHEL-49763
  - Label /run/libvirt/qemu/channel with virtqemud_var_run_t
  Resolves: RHEL-47274
* Tue Aug 13 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.8-1
  - Add virt_create_log() and virt_write_log() interfaces
  Resolves: RHEL-47274
  - Update libvirt policy
  Resolves: RHEL-45464
  Resolves: RHEL-49763
  - Allow svirt_tcg_t map svirt_image_t files
  Resolves: RHEL-47274
  - Allow svirt_tcg_t read vm sysctls
  Resolves: RHEL-47274
  - Additional updates stalld policy for bpf usage
  Resolves: RHEL-50356
* Thu Aug 08 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.7-1
  - Add the swtpm.if interface file for interactions with other domains
  Resolves: RHEL-47274
  - Allow virtproxyd create and use its private tmp files
  Resolves: RHEL-40499
  - Allow virtproxyd read network state
  Resolves: RHEL-40499
  - Allow virtqemud domain transition on swtpm execution
  Resolves: RHEL-47274
  Resolves: RHEL-49763
  - Allow virtqemud relabel virt_var_run_t directories
  Resolves: RHEL-47274
  Resolves: RHEL-45464
  Resolves: RHEL-49763
  - Allow virtqemud domain transition on passt execution
  Resolves: RHEL-45464
  - Allow virt_driver_domain create and use log files in /var/log
  Resolves: RHEL-40239
  - Allow virt_driver_domain connect to systemd-userdbd over a unix socket
  Resolves: RHEL-44932
  Resolves: RHEL-44898
  - Update stalld policy for bpf usage
  Resolves: RHEL-50356
  - Allow boothd connect to systemd-userdbd over a unix socket
  Resolves: RHEL-45907
  - Allow linuxptp configure phc2sys and chronyd over a unix domain socket
  Resolves: RHEL-46011
  - Allow systemd-machined manage runtime sockets
  Resolves: RHEL-49567
  - Allow ip command write to ipsec's logs
  Resolves: RHEL-41222
  - Allow init_t nnp domain transition to firewalld_t
  Resolves: RHEL-52481
  - Update qatlib policy for v24.02 with new features
  Resolves: RHEL-50377
  - Allow postfix_domain map postfix_etc_t files
  Resolves: RHEL-46327
* Thu Jul 25 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.6-1
  - Allow virtnodedevd run udev with a domain transition
  Resolves: RHEL-39890
  - Allow virtnodedev_t create and use virtnodedev_lock_t
  Resolves: RHEL-39890
  - Allow svirt attach_queue to a virtqemud tun_socket
  Resolves: RHEL-44312
  - Label /run/systemd/machine with systemd_machined_var_run_t
  Resolves: RHEL-49567
  - Allow to create and delete socket files created by rhsm.service
* Tue Jul 16 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.5-1
  - Allow to create and delete socket files created by rhsm.service
  Resolves: RHEL-40857
  - Allow svirt read virtqemud fifo files
  Resolves: RHEL-40350
  - Allow virt_dbus_t connect to virtqemud_t over a unix stream socket
  Resolves: RHEL-37822
  - Allow virtqemud read virt-dbus process state
  Resolves: RHEL-37822
  - Allow virtqemud run ssh client with a transition
  Resolves: RHEL-43215
  - Allow virtnetworkd exec shell when virt_hooks_unconfined is on
  Resolves: RHEL-41168
  - Allow NetworkManager the sys_ptrace capability in user namespace
  Resolves: RHEL-46717
  - Update keyutils policy
  Resolves: RHEL-38920
  - Allow ip the setexec permission
  Resolves: RHEL-41182
* Fri Jun 28 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.4-1
  - Confine libvirt-dbus
  Resolves: RHEL-37822
  - Allow sssd create and use io_uring
  Resolves: RHEL-43448
  - Allow virtqemud the kill capability in user namespace
  Resolves: RHEL-44996
  - Allow login_userdomain execute systemd-tmpfiles in the caller domain
  Resolves: RHEL-44191
  - Allow virtqemud read vm sysctls
  Resolves: RHEL-40938
  - Allow svirt_t read vm sysctls
  Resolves: RHEL-40938
  - Allow rshim get options of the netlink class for KOBJECT_UEVENT family
  Resolves: RHEL-40859
  - Allow systemd-hostnamed read the vsock device
  Resolves: RHEL-45309
  - Allow systemd (PID 1) manage systemd conf files
  Resolves: RHEL-45304
  - Allow journald read systemd config files and directories
  Resolves: RHEL-45304
  - Allow systemd_domain read systemd_conf_t dirs
  Resolves: RHEL-45304
  - Label systemd configuration files with systemd_conf_t
  Resolves: RHEL-45304
  - Allow dhcpcd the kill capability
  Resolves: RHEL-43417
  - Add support for libvirt hooks
  Resolves: RHEL-41168
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 40.13.3-2
  - Bump release for June 2024 mass rebuild
* Tue Jun 18 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.3-1
  - Allow virtqemud manage nfs files when virt_use_nfs boolean is on
  Resolves: RHEL-40205
  - Allow virt_driver_domain read files labeled unconfined_t
  Resolves: RHEL-40262
  - Allow virt_driver_domain dbus chat with policykit
  Resolves: RHEL-40346
  - Escape "interface" as a file name in a virt filetrans pattern
  Resolves: RHEL-34769
  - Allow setroubleshootd get attributes of all sysctls
  Resolves: RHEL-40923
  - Allow qemu-ga read vm sysctls
  Resolves: RHEL-40829
  - Allow sbd to trace processes in user namespace
  Resolves: RHEL-39989
  - Allow request-key execute scripts
  Resolves: RHEL-38920
  - Update policy for haproxyd
  Resolves: RHEL-40877
* Fri Jun 07 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.2-1
  - Allow all domains read and write z90crypt device
  Resolves: RHEL-28539
  - Allow dhcpc read /run/netns files
  Resolves: RHEL-39510
  - Allow bootupd search efivarfs dirs
  Resolves: RHEL-39514
* Fri May 17 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.1-1
  - Allow logwatch read logind sessions files
  Resolves: RHEL-30441
  - Allow sulogin relabel tty1
  Resolves: RHEL-30440
  - Dontaudit sulogin the checkpoint_restore capability
  Resolves: RHEL-30440
  - Allow postfix smtpd map aliases file
  Resolves: RHEL-35544
  - Ensure dbus communication is allowed bidirectionally
  Resolves: RHEL-35783
  - Allow various services read and write z90crypt device
  Resolves: RHEL-28539
  - Allow dhcpcd use unix_stream_socket
  Resolves: RHEL-33081
  - Allow xdm_t to watch and watch_reads mount_var_run_t
  Resolves: RHEL-36073
  - Allow plymouthd log during shutdown
  Resolves: RHEL-30455
  - Update rpm configuration for the /var/run equivalency change
  Resolves: RHEL-36094
* Mon Feb 12 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13-1
  - Only allow confined user domains to login locally without unconfined_login
  - Add userdom_spec_domtrans_confined_admin_users interface
  - Only allow admindomain to execute shell via ssh with ssh_sysadm_login
  - Add userdom_spec_domtrans_admin_users interface
  - Move ssh dyntrans to unconfined inside unconfined_login tunable policy
  - Update ssh_role_template() for user ssh-agent type
  - Allow init to inherit system DBus file descriptors
  - Allow init to inherit fds from syslogd
  - Allow any domain to inherit fds from rpm-ostree
  - Update afterburn policy
  - Allow init_t nnp domain transition to abrtd_t
* Tue Feb 06 2024 Zdenek Pytela <zpytela@redhat.com> - 40.12-1
  - Rename all /var/lock file context entries to /run/lock
  - Rename all /var/run file context entries to /run
  - Invert the "/var/run = /run" equivalency
* Mon Feb 05 2024 Zdenek Pytela <zpytela@redhat.com> - 40.11-1
  - Replace init domtrans rule for confined users to allow exec init
  - Update dbus_role_template() to allow user service status
  - Allow polkit status all systemd services
  - Allow setroubleshootd create and use inherited io_uring
  - Allow load_policy read and write generic ptys
  - Allow gpg manage rpm cache
  - Allow login_userdomain name_bind to howl and xmsg udp ports
  - Allow rules for confined users logged in plasma
  - Label /dev/iommu with iommu_device_t
  - Remove duplicate file context entries in /run
  - Dontaudit getty and plymouth the checkpoint_restore capability
  - Allow su domains write login records
  - Revert "Allow su domains write login records"
  - Allow login_userdomain delete session dbusd tmp socket files
  - Allow unix dgram sendto between exim processes
  - Allow su domains write login records
  - Allow smbd_t to watch user_home_dir_t if samba_enable_home_dirs is on
* Wed Jan 24 2024 Zdenek Pytela <zpytela@redhat.com> - 40.10-1
  - Allow chronyd-restricted read chronyd key files
  - Allow conntrackd_t to use bpf capability2
  - Allow systemd-networkd manage its runtime socket files
  - Allow init_t nnp domain transition to colord_t
  - Allow polkit status systemd services
  - nova: Fix duplicate declarations
  - Allow httpd work with PrivateTmp
  - Add interfaces for watching and reading ifconfig_var_run_t
  - Allow collectd read raw fixed disk device
  - Allow collectd read udev pid files
  - Set correct label on /etc/pki/pki-tomcat/kra
  - Allow systemd domains watch system dbus pid socket files
  - Allow certmonger read network sysctls
  - Allow mdadm list stratisd data directories
  - Allow syslog to run unconfined scripts conditionally
  - Allow syslogd_t nnp_transition to syslogd_unconfined_script_t
  - Allow qatlib set attributes of vfio device files
* Tue Jan 09 2024 Zdenek Pytela <zpytela@redhat.com> - 40.9-1
  - Allow systemd-sleep set attributes of efivarfs files
  - Allow samba-dcerpcd read public files
  - Allow spamd_update_t the sys_ptrace capability in user namespace
  - Allow bluetooth devices work with alsa
  - Allow alsa get attributes filesystems with extended attributes
* Tue Jan 02 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 40.8-2
  - Limit %selinux_requires to version, not release
* Thu Dec 21 2023 Zdenek Pytela <zpytela@redhat.com> - 40.8-1
  - Allow hypervkvp_t write access to NetworkManager_etc_rw_t
  - Add interface for write-only access to NetworkManager rw conf
  - Allow systemd-sleep send a message to syslog over a unix dgram socket
  - Allow init create and use netlink netfilter socket
  - Allow qatlib load kernel modules
  - Allow qatlib run lspci
  - Allow qatlib manage its private runtime socket files
  - Allow qatlib read/write vfio devices
  - Label /etc/redis.conf with redis_conf_t
  - Remove the lockdown-class rules from the policy
  - Allow init read all non-security socket files
  - Replace redundant dnsmasq pattern macros
  - Remove unneeded symlink perms in dnsmasq.if
  - Add additions to dnsmasq interface
  - Allow nvme_stas_t create and use netlink kobject uevent socket
  - Allow collectd connect to statsd port
  - Allow keepalived_t to use sys_ptrace of cap_userns
  - Allow dovecot_auth_t connect to postgresql using UNIX socket
* Wed Dec 13 2023 Zdenek Pytela <zpytela@redhat.com> - 40.7-1
  - Make named_zone_t and named_var_run_t a part of the mountpoint attribute
  - Allow sysadm execute traceroute in sysadm_t domain using sudo
  - Allow sysadm execute tcpdump in sysadm_t domain using sudo
  - Allow opafm search nfs directories
  - Add support for syslogd unconfined scripts
  - Allow gpsd use /dev/gnss devices
  - Allow gpg read rpm cache
  - Allow virtqemud additional permissions
  - Allow virtqemud manage its private lock files
  - Allow virtqemud use the io_uring api
  - Allow ddclient send e-mail notifications
  - Allow postfix_master_t map postfix data files
  - Allow init create and use vsock sockets
  - Allow thumb_t append to init unix domain stream sockets
  - Label /dev/vas with vas_device_t
  - Change domain_kernel_load_modules boolean to true
  - Create interface selinux_watch_config and add it to SELinux users
* Tue Nov 28 2023 Zdenek Pytela <zpytela@redhat.com> - 40.6-1
  - Add afterburn to modules-targeted-contrib.conf
  - Update cifs interfaces to include fs_search_auto_mountpoints()
  - Allow sudodomain read var auth files
  - Allow spamd_update_t read hardware state information
  - Allow virtnetworkd domain transition on tc command execution
  - Allow sendmail MTA connect to sendmail LDA
  - Allow auditd read all domains process state
  - Allow rsync read network sysctls
  - Add dhcpcd bpf capability to run bpf programs
  - Dontaudit systemd-hwdb dac_override capability
  - Allow systemd-sleep create efivarfs files
* Tue Nov 14 2023 Zdenek Pytela <zpytela@redhat.com> - 40.5-1
  - Allow map xserver_tmpfs_t files when xserver_clients_write_xshm is on
  - Allow graphical applications work in Wayland
  - Allow kdump work with PrivateTmp
  - Allow dovecot-auth work with PrivateTmp
  - Allow nfsd get attributes of all filesystems
  - Allow unconfined_domain_type use io_uring cmd on domain
  - ci: Only run Rawhide revdeps tests on the rawhide branch
  - Label /var/run/auditd.state as auditd_var_run_t
  - Allow fido-device-onboard (FDO) read the crack database
  - Allow ip an explicit domain transition to other domains
  - Label /usr/libexec/selinux/selinux-autorelabel with semanage_exec_t
  - Allow  winbind_rpcd_t processes access when samba_export_all_* is on
  - Enable NetworkManager and dhclient to use initramfs-configured DHCP connection
  - Allow ntp to bind and connect to ntske port.
  - Allow system_mail_t manage exim spool files and dirs
  - Dontaudit keepalived setattr on keepalived_unconfined_script_exec_t
  - Label /run/pcsd.socket with cluster_var_run_t
  - ci: Run cockpit tests in PRs
* Thu Oct 19 2023 Zdenek Pytela <zpytela@redhat.com> - 40.4-1
  - Add map_read map_write to kernel_prog_run_bpf
  - Allow systemd-fstab-generator read all symlinks
  - Allow systemd-fstab-generator the dac_override capability
  - Allow rpcbind read network sysctls
  - Support using systemd containers
  - Allow sysadm_t to connect to iscsid using a unix domain stream socket
  - Add policy for coreos installer
  - Add coreos_installer to modules-targeted-contrib.conf
* Tue Oct 17 2023 Zdenek Pytela <zpytela@redhat.com> - 40.3-1
  - Add policy for nvme-stas
  - Confine systemd fstab,sysv,rc-local
  - Label /etc/aliases.lmdb with etc_aliases_t
  - Create policy for afterburn
  - Add nvme_stas to modules-targeted-contrib.conf
  - Add plans/tests.fmf
* Tue Oct 10 2023 Zdenek Pytela <zpytela@redhat.com> - 40.2-1
  - Add the virt_supplementary module to modules-targeted-contrib.conf
  - Make new virt drivers permissive
  - Split virt policy, introduce virt_supplementary module
  - Allow apcupsd cgi scripts read /sys
  - Merge pull request #1893 from WOnder93/more-early-boot-overlay-fixes
  - Allow kernel_t to manage and relabel all files
  - Add missing optional_policy() to files_relabel_all_files()
* Tue Oct 03 2023 Zdenek Pytela <zpytela@redhat.com> - 40.1-1
  - Allow named and ndc use the io_uring api
  - Deprecate common_anon_inode_perms usage
  - Improve default file context(None) of /var/lib/authselect/backups
  - Allow udev_t to search all directories with a filesystem type
  - Implement proper anon_inode support
  - Allow targetd write to the syslog pid sock_file
  - Add ipa_pki_retrieve_key_exec() interface
  - Allow kdumpctl_t to list all directories with a filesystem type
  - Allow udev additional permissions
  - Allow udev load kernel module
  - Allow sysadm_t to mmap modules_object_t files
  - Add the unconfined_read_files() and unconfined_list_dirs() interfaces
  - Set default file context of HOME_DIR/tmp/.* to <<none>>
  - Allow kernel_generic_helper_t to execute mount(1)
* Fri Sep 29 2023 Zdenek Pytela <zpytela@redhat.com> - 38.29-1
  - Allow sssd send SIGKILL to passkey_child running in ipa_otpd_t
  - Allow systemd-localed create Xserver config dirs
  - Allow sssd read symlinks in /etc/sssd
  - Label /dev/gnss[0-9] with gnss_device_t
  - Allow systemd-sleep read/write efivarfs variables
  - ci: Fix version number of packit generated srpms
  - Dontaudit rhsmcertd write memory device
  - Allow ssh_agent_type create a sockfile in /run/user/USERID
  - Set default file context of /var/lib/authselect/backups to <<none>>
  - Allow prosody read network sysctls
  - Allow cupsd_t to use bpf capability
* Fri Sep 15 2023 Zdenek Pytela <zpytela@redhat.com> - 38.28-1
  - Allow sssd domain transition on passkey_child execution conditionally
  - Allow login_userdomain watch lnk_files in /usr
  - Allow login_userdomain watch video4linux devices
  - Change systemd-network-generator transition to include class file
  - Revert "Change file transition for systemd-network-generator"
  - Allow nm-dispatcher winbind plugin read/write samba var files
  - Allow systemd-networkd write to cgroup files
  - Allow kdump create and use its memfd: objects
* Thu Aug 31 2023 Zdenek Pytela <zpytela@redhat.com> - 38.27-1
  - Allow fedora-third-party get generic filesystem attributes
  - Allow sssd use usb devices conditionally
  - Update policy for qatlib
  - Allow ssh_agent_type manage generic cache home files
* Thu Aug 24 2023 Zdenek Pytela <zpytela@redhat.com> - 38.26-1
  - Change file transition for systemd-network-generator
  - Additional support for gnome-initial-setup
  - Update gnome-initial-setup policy for geoclue
  - Allow openconnect vpn open vhost net device
  - Allow cifs.upcall to connect to SSSD also through the /var/run socket
  - Grant cifs.upcall more required capabilities
  - Allow xenstored map xenfs files
  - Update policy for fdo
  - Allow keepalived watch var_run dirs
  - Allow svirt to rw /dev/udmabuf
  - Allow qatlib  to modify hardware state information.
  - Allow key.dns_resolve connect to avahi over a unix stream socket
  - Allow key.dns_resolve create and use unix datagram socket
  - Use quay.io as the container image source for CI
* Fri Aug 11 2023 Zdenek Pytela <zpytela@redhat.com> - 38.25-1
  - ci: Move srpm/rpm build to packit
  - .copr: Avoid subshell and changing directory
  - Allow gpsd, oddjob and oddjob_mkhomedir_t write user_tty_device_t chr_file
  - Label /usr/libexec/openssh/ssh-pkcs11-helper with ssh_agent_exec_t
  - Make insights_client_t an unconfined domain
  - Allow insights-client manage user temporary files
  - Allow insights-client create all rpm logs with a correct label
  - Allow insights-client manage generic logs
  - Allow cloud_init create dhclient var files and init_t manage net_conf_t
  - Allow insights-client read and write cluster tmpfs files
  - Allow ipsec read nsfs files
  - Make tuned work with mls policy
  - Remove nsplugin_role from mozilla.if
  - allow mon_procd_t self:cap_userns sys_ptrace
  - Allow pdns name_bind and name_connect all ports
  - Set the MLS range of fsdaemon_t to s0 - mls_systemhigh
  - ci: Move to actions/checkout@v3 version
  - .copr: Replace chown call with standard workflow safe.directory setting
  - .copr: Enable `set -u` for robustness
  - .copr: Simplify root directory variable
* Fri Aug 04 2023 Zdenek Pytela <zpytela@redhat.com> - 38.24-1
  - Allow rhsmcertd dbus chat with policykit
  - Allow polkitd execute pkla-check-authorization with nnp transition
  - Allow user_u and staff_u get attributes of non-security dirs
  - Allow unconfined user filetrans chrome_sandbox_home_t
  - Allow svnserve execute postdrop with a transition
  - Do not make postfix_postdrop_t type an MTA executable file
  - Allow samba-dcerpc service manage samba tmp files
  - Add use_nfs_home_dirs boolean for mozilla_plugin
  - Fix labeling for no-stub-resolv.conf
* Wed Aug 02 2023 Zdenek Pytela <zpytela@redhat.com> - 38.23-1
  - Revert "Allow winbind-rpcd use its private tmp files"
  - Allow upsmon execute upsmon via a helper script
  - Allow openconnect vpn read/write inherited vhost net device
  - Allow winbind-rpcd use its private tmp files
  - Update samba-dcerpc policy for printing
  - Allow gpsd,oddjob,oddjob_mkhomedir rw user domain pty
  - Allow nscd watch system db dirs
  - Allow qatlib to read sssd public files
  - Allow fedora-third-party read /sys and proc
  - Allow systemd-gpt-generator mount a tmpfs filesystem
  - Allow journald write to cgroup files
  - Allow rpc.mountd read network sysctls
  - Allow blueman read the contents of the sysfs filesystem
  - Allow logrotate_t to map generic files in /etc
  - Boolean: Allow virt_qemu_ga create ssh directory
* Tue Jul 25 2023 Zdenek Pytela <zpytela@redhat.com> - 38.22-1
  - Allow systemd-network-generator send system log messages
  - Dontaudit the execute permission on sock_file globally
  - Allow fsadm_t the file mounton permission
  - Allow named and ndc the io_uring sqpoll permission
  - Allow sssd io_uring sqpoll permission
  - Fix location for /run/nsd
  - Allow qemu-ga get fixed disk devices attributes
  - Update bitlbee policy
  - Label /usr/sbin/sos with sosreport_exec_t
  - Update policy for the sblim-sfcb service
  - Add the files_getattr_non_auth_dirs() interface
  - Fix the CI to work with DNF5
* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 38.21-2
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jul 13 2023 Zdenek Pytela <zpytela@redhat.com> - 38.21-1
  - Make systemd_tmpfiles_t MLS trusted for lowering the level of files
  - Revert "Allow insights client map cache_home_t"
  - Allow nfsidmapd connect to systemd-machined over a unix socket
  - Allow snapperd connect to kernel over a unix domain stream socket
  - Allow virt_qemu_ga_t create .ssh dir with correct label
  - Allow targetd read network sysctls
  - Set the abrt_handle_event boolean to on
  - Permit kernel_t to change the user identity in object contexts
  - Allow insights client map cache_home_t
  - Label /usr/sbin/mariadbd with mysqld_exec_t
  - Trim changelog so that it starts at F37 time
  - Define equivalency for /run/systemd/generator.early
* Thu Jun 29 2023 Zdenek Pytela <zpytela@redhat.com> - 38.20-1
  - Allow httpd tcp connect to redis port conditionally
  - Label only /usr/sbin/ripd and ripngd with zebra_exec_t
  - Dontaudit aide the execmem permission
  - Remove permissive from fdo
  - Allow sa-update manage spamc home files
  - Allow sa-update connect to systemlog services
  - Label /usr/lib/systemd/system/mimedefang.service with antivirus_unit_file_t
  - Allow nsd_crond_t write nsd_var_run_t & connectto nsd_t
  - Allow bootupd search EFI directory
* Tue Jun 27 2023 Zdenek Pytela <zpytela@redhat.com> - 38.19-1
  - Change init_audit_control default value to true
  - Allow nfsidmapd connect to systemd-userdbd with a unix socket
  - Add the qatlib  module
  - Add the fdo module
  - Add the bootupd module
  - Set default ports for keylime policy
  - Create policy for qatlib
  - Add policy for FIDO Device Onboard
  - Add policy for bootupd
  - Add the qatlib module
  - Add the fdo module
  - Add the bootupd module
* Sun Jun 25 2023 Zdenek Pytela <zpytela@redhat.com> - 38.18-1
  - Add support for kafs-dns requested by keyutils
  - Allow insights-client execmem
  - Add support for chronyd-restricted
  - Add init_explicit_domain() interface
  - Allow fsadm_t to get attributes of cgroup filesystems
  - Add list_dir_perms to kerberos_read_keytab
  - Label /var/run/tmpfiles.d/static-nodes.conf with kmod_var_run_t
  - Allow sendmail manage its runtime files
  - Allow keyutils_dns_resolver_exec_t be an entrypoint
  - Allow collectd_t read network state symlinks
  - Revert "Allow collectd_t read proc_net link files"
  - Allow nfsd_t to list exports_t dirs
  - Allow cupsd dbus chat with xdm
  - Allow haproxy read hardware state information
  - Add the kafs module
* Thu Jun 15 2023 Zdenek Pytela <zpytela@redhat.com> - 38.17-1
  - Label /dev/userfaultfd with userfaultfd_t
  - Allow blueman send general signals to unprivileged user domains
  - Allow dkim-milter domain transition to sendmail
  - Label /usr/sbin/cifs.idmap with cifs_helper_exec_t
  - Allow cifs-helper read sssd kerberos configuration files
  - Allow rpm_t sys_admin capability
  - Allow dovecot_deliver_t create/map dovecot_spool_t dir/file
  - Allow collectd_t read proc_net link files
  - Allow insights-client getsession process permission
  - Allow insights-client work with pipe and socket tmp files
  - Allow insights-client map generic log files
  - Update cyrus_stream_connect() to use sockets in /run
  - Allow keyutils-dns-resolver read/view kernel key ring
  - Label /var/log/kdump.log with kdump_log_t
* Fri Jun 09 2023 Zdenek Pytela <zpytela@redhat.com> - 38.16-1
  - Add support for the systemd-pstore service
  - Allow kdumpctl_t to execmem
  - Update sendmail policy module for opensmtpd
  - Allow nagios-mail-plugin exec postfix master
  - Allow subscription-manager execute ip
  - Allow ssh client connect with a user dbus instance
  - Add support for ksshaskpass
  - Allow rhsmcertd file transition in /run also for socket files
  - Allow keyutils_dns_resolver_t execute keyutils_dns_resolver_exec_t
  - Allow plymouthd read/write X server miscellaneous devices
  - Allow systemd-sleep read udev pid files
  - Allow exim read network sysctls
  - Allow sendmail request load module
  - Allow named map its conf files
  - Allow squid map its cache files
  - Allow NetworkManager_dispatcher_dhclient_t to execute shells without a domain transition
* Tue May 30 2023 Zdenek Pytela <zpytela@redhat.com> - 38.15-1
  - Update policy for systemd-sleep
  - Remove permissive domain for rshim_t
  - Remove permissive domain for mptcpd_t
  - Allow systemd-bootchartd the sys_ptrace userns capability
  - Allow sysadm_t read nsfs files
  - Allow sysadm_t run kernel bpf programs
  - Update ssh_role_template for ssh-agent
  - Update ssh_role_template to allow read/write unallocated ttys
  - Add the booth module to modules.conf
  - Allow firewalld rw ica_tmpfs_t files
* Fri May 26 2023 Zdenek Pytela <zpytela@redhat.com> - 38.14-1
  - Remove permissive domain for cifs_helper_t
  - Update the cifs-helper policy
  - Replace cifsutils_helper_domtrans() with keyutils_request_domtrans_to()
  - Update pkcsslotd policy for sandboxing
  - Allow abrt_t read kernel persistent storage files
  - Dontaudit targetd search httpd config dirs
  - Allow init_t nnp domain transition to policykit_t
  - Allow rpcd_lsad setcap and use generic ptys
  - Allow samba-dcerpcd connect to systemd_machined over a unix socket
  - Allow wireguard to rw network sysctls
  - Add policy for boothd
  - Allow kernel to manage its own BPF objects
  - Label /usr/lib/systemd/system/proftpd.* & vsftpd.* with ftpd_unit_file_t
* Mon May 22 2023 Zdenek Pytela <zpytela@redhat.com> - 38.13-1
  - Add initial policy for cifs-helper
  - Label key.dns_resolver with keyutils_dns_resolver_exec_t
  - Allow unconfined_service_t to create .gnupg labeled as gpg_secret_t
  - Allow some systemd services write to cgroup files
  - Allow NetworkManager_dispatcher_dhclient_t to read the DHCP configuration files
  - Allow systemd resolved to bind to arbitrary nodes
  - Allow plymouthd_t bpf capability to run bpf programs
  - Allow cupsd to create samba_var_t files
  - Allow rhsmcert request the kernel to load a module
  - Allow virsh name_connect virt_port_t
  - Allow certmonger manage cluster library files
  - Allow plymouthd read init process state
  - Add chromium_sandbox_t setcap capability
  - Allow snmpd read raw disk data
  - Allow samba-rpcd work with passwords
  - Allow unconfined service inherit signal state from init
  - Allow cloud-init manage gpg admin home content
  - Allow cluster_t dbus chat with various services
  - Allow nfsidmapd work with systemd-userdbd and sssd
  - Allow unconfined_domain_type use IORING_OP_URING_CMD on all device nodes
  - Allow plymouthd map dri and framebuffer devices
  - Allow rpmdb_migrate execute rpmdb
  - Allow logrotate dbus chat with systemd-hostnamed
  - Allow icecast connect to kernel using a unix stream socket
  - Allow lldpad connect to systemd-userdbd over a unix socket
  - Allow journalctl open user domain ptys and ttys
  - Allow keepalived to manage its tmp files
  - Allow ftpd read network sysctls
  - Label /run/bgpd with zebra_var_run_t
  - Allow gssproxy read network sysctls
  - Add the cifsutils module
* Tue Apr 25 2023 Zdenek Pytela <zpytela@redhat.com> - 38.12-1
  - Allow telnetd read network sysctls
  - Allow munin system plugin read generic SSL certificates
  - Allow munin system plugin create and use netlink generic socket
  - Allow login_userdomain create user namespaces
  - Allow request-key to send syslog messages
  - Allow request-key to read/view any key
  - Add fs_delete_pstore_files() interface
  - Allow insights-client work with teamdctl
  - Allow insights-client read unconfined service semaphores
  - Allow insights-client get quotas of all filesystems
  - Add fs_read_pstore_files() interface
  - Allow generic kernel helper to read inherited kernel pipes
* Fri Apr 14 2023 Zdenek Pytela <zpytela@redhat.com> - 38.11-1
  - Allow dovecot-deliver write to the main process runtime fifo files
  - Allow dmidecode write to cloud-init tmp files
  - Allow chronyd send a message to cloud-init over a datagram socket
  - Allow cloud-init domain transition to insights-client domain
  - Allow mongodb read filesystem sysctls
  - Allow mongodb read network sysctls
  - Allow accounts-daemon read generic systemd unit lnk files
  - Allow blueman watch generic device dirs
  - Allow nm-dispatcher tlp plugin create tlp dirs
  - Allow systemd-coredump mounton /usr
  - Allow rabbitmq to read network sysctls
* Tue Apr 04 2023 Zdenek Pytela <zpytela@redhat.com> - 38.10-1
  - Allow certmonger dbus chat with the cron system domain
  - Allow geoclue read network sysctls
  - Allow geoclue watch the /etc directory
  - Allow logwatch_mail_t read network sysctls
  - Allow insights-client read all sysctls
  - Allow passt manage qemu pid sock files
* Fri Mar 24 2023 Zdenek Pytela <zpytela@redhat.com> - 38.9-1
  - Allow sssd read accountsd fifo files
  - Add support for the passt_t domain
  - Allow virtd_t and svirt_t work with passt
  - Add new interfaces in the virt module
  - Add passt interfaces defined conditionally
  - Allow tshark the setsched capability
  - Allow poweroff create connections to system dbus
  - Allow wg load kernel modules, search debugfs dir
  - Boolean: allow qemu-ga manage ssh home directory
  - Label smtpd with sendmail_exec_t
  - Label msmtp and msmtpd with sendmail_exec_t
  - Allow dovecot to map files in /var/spool/dovecot
* Fri Mar 03 2023 Zdenek Pytela <zpytela@redhat.com> - 38.8-1
  - Confine gnome-initial-setup
  - Allow qemu-guest-agent create and use vsock socket
  - Allow login_pgm setcap permission
  - Allow chronyc read network sysctls
  - Enhancement of the /usr/sbin/request-key helper policy
  - Fix opencryptoki file names in /dev/shm
  - Allow system_cronjob_t transition to rpm_script_t
  - Revert "Allow system_cronjob_t domtrans to rpm_script_t"
  - Add tunable to allow squid bind snmp port
  - Allow staff_t getattr init pid chr & blk files and read krb5
  - Allow firewalld to rw z90crypt device
  - Allow httpd work with tokens in /dev/shm
  - Allow svirt to map svirt_image_t char files
  - Allow sysadm_t run initrc_t script and sysadm_r role access
  - Allow insights-client manage fsadm pid files
* Wed Feb 08 2023 Zdenek Pytela <zpytela@redhat.com> - 38.7-1
  - Allowing snapper to create snapshots of /home/ subvolume/partition
  - Add boolean qemu-ga to run unconfined script
  - Label systemd-journald feature LogNamespace
  - Add none file context for polyinstantiated tmp dirs
  - Allow certmonger read the contents of the sysfs filesystem
  - Add journalctl the sys_resource capability
  - Allow nm-dispatcher plugins read generic files in /proc
  - Add initial policy for the /usr/sbin/request-key helper
  - Additional support for rpmdb_migrate
  - Add the keyutils module
* Mon Jan 30 2023 Zdenek Pytela <zpytela@redhat.com> - 38.6-1
  - Boolean: allow qemu-ga read ssh home directory
  - Allow kernel_t to read/write all sockets
  - Allow kernel_t to UNIX-stream connect to all domains
  - Allow systemd-resolved send a datagram to journald
  - Allow kernel_t to manage and have "execute" access to all files
  - Fix the files_manage_all_files() interface
  - Allow rshim bpf cap2 and read sssd public files
  - Allow insights-client work with su and lpstat
  - Allow insights-client tcp connect to all ports
  - Allow nm-cloud-setup dispatcher plugin restart nm services
  - Allow unconfined user filetransition for sudo log files
  - Allow modemmanager create hardware state information files
  - Allow ModemManager all permissions for netlink route socket
  - Allow wg to send msg to kernel, write to syslog and dbus connections
  - Allow hostname_t to read network sysctls.
  - Dontaudit ftpd the execmem permission
  - Allow svirt request the kernel to load a module
  - Allow icecast rename its log files
  - Allow upsd to send signal to itself
  - Allow wireguard to create udp sockets and read net_conf
  - Use '
  %setup       -q
  
  
  ' instead of '%setup'
  - Pass -p 1 to '
  %setup       -q
  
  
  '
* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 38.5-2
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Jan 13 2023 Zdenek Pytela <zpytela@redhat.com> - 38.5-1
  - Allow insights client work with gluster and pcp
  - Add insights additional capabilities
  - Add interfaces in domain, files, and unconfined modules
  - Label fwupdoffline and fwupd-detect-cet with fwupd_exec_t
  - Allow sudodomain use sudo.log as a logfile
  - Allow pdns server map its library files and bind to unreserved ports
  - Allow sysadm_t read/write ipmi devices
  - Allow prosody manage its runtime socket files
  - Allow kernel threads manage kernel keys
  - Allow systemd-userdbd the sys_resource capability
  - Allow systemd-journal list cgroup directories
  - Allow apcupsd dbus chat with systemd-logind
  - Allow nut_domain manage also files and sock_files in /var/run
  - Allow winbind-rpcd make a TCP connection to the ldap port
  - Label /usr/lib/rpm/rpmdb_migrate with rpmdb_exec_t
  - Allow tlp read generic SSL certificates
  - Allow systemd-resolved watch tmpfs directories
  - Revert "Allow systemd-resolved watch tmpfs directories"
* Mon Dec 19 2022 Zdenek Pytela <zpytela@redhat.com> - 38.4-1
  - Allow NetworkManager and wpa_supplicant the bpf capability
  - Allow systemd-rfkill the bpf capability
  - Allow winbind-rpcd manage samba_share_t files and dirs
  - Label /var/lib/httpd/md(/.*)? with httpd_sys_rw_content_t
  - Allow gpsd the sys_ptrace userns capability
  - Introduce gpsd_tmp_t for sockfiles managed by gpsd_t
  - Allow load_policy_t write to unallocated ttys
  - Allow ndc read hardware state information
  - Allow system mail service read inherited certmonger runtime files
  - Add lpr_roles  to system_r roles
  - Revert "Allow insights-client run lpr and allow the proper role"
  - Allow stalld to read /sys/kernel/security/lockdown file
  - Allow keepalived to set resource limits
  - Add policy for mptcpd
  - Add policy for rshim
  - Allow admin users to create user namespaces
  - Allow journalctl relabel with var_log_t and syslogd_var_run_t files
  - Do not run restorecon /etc/NetworkManager/dispatcher.d in targeted
  - Trim changelog so that it starts at F35 time
  - Add mptcpd and rshim modules
* Wed Dec 14 2022 Zdenek Pytela <zpytela@redhat.com> - 38.3-1
  - Allow insights-client dbus chat with various services
  - Allow insights-client tcp connect to various ports
  - Allow insights-client run lpr and allow the proper role
  - Allow insights-client work with pcp and manage user config files
  - Allow redis get user names
  - Allow kernel threads to use fds from all domains
  - Allow systemd-modules-load load kernel modules
  - Allow login_userdomain watch systemd-passwd pid dirs
  - Allow insights-client dbus chat with abrt
  - Grant kernel_t certain permissions in the system class
  - Allow systemd-resolved watch tmpfs directories
  - Allow systemd-timedated watch init runtime dir
  - Make `bootc` be `install_exec_t`
  - Allow systemd-coredump create user_namespace
  - Allow syslog the setpcap capability
  - donaudit virtlogd and dnsmasq execmem
* Tue Dec 06 2022 Zdenek Pytela <zpytela@redhat.com> - 38.2-1
  - Don't make kernel_t an unconfined domain
  - Don't allow kernel_t to execute bin_t/usr_t binaries without a transition
  - Allow kernel_t to execute systemctl to do a poweroff/reboot
  - Grant basic permissions to the domain created by systemd_systemctl_domain()
  - Allow kernel_t to request module loading
  - Allow kernel_t to do compute_create
  - Allow kernel_t to manage perf events
  - Grant almost all capabilities to kernel_t
  - Allow kernel_t to fully manage all devices
  - Revert "In domain_transition_pattern there is no permission allowing caller domain to execu_no_trans on entrypoint, this patch fixing this issue"
  - Allow pulseaudio to write to session_dbusd tmp socket files
  - Allow systemd and unconfined_domain_type create user_namespace
  - Add the user_namespace security class
  - Reuse tmpfs_t also for the ramfs filesystem
  - Label udf tools with fsadm_exec_t
  - Allow networkmanager_dispatcher_plugin work with nscd
  - Watch_sb all file type directories.
  - Allow spamc read hardware state information files
  - Allow sysadm read ipmi devices
  - Allow insights client communicate with cupsd, mysqld, openvswitch, redis
  - Allow insights client read raw memory devices
  - Allow the spamd_update_t domain get generic filesystem attributes
  - Dontaudit systemd-gpt-generator the sys_admin capability
  - Allow ipsec_t only read tpm devices
  - Allow cups-pdf connect to the system log service
  - Allow postfix/smtpd read kerberos key table
  - Allow syslogd read network sysctls
  - Allow cdcc mmap dcc-client-map files
  - Add watch and watch_sb dosfs interface
* Mon Nov 21 2022 Zdenek Pytela <zpytela@redhat.com> - 38.1-1
  - Revert "Allow sysadm_t read raw memory devices"
  - Allow systemd-socket-proxyd get attributes of cgroup filesystems
  - Allow rpc.gssd read network sysctls
  - Allow winbind-rpcd get attributes of device and pty filesystems
  - Allow insights-client domain transition on semanage execution
  - Allow insights-client create gluster log dir with a transition
  - Allow insights-client manage generic locks
  - Allow insights-client unix_read all domain semaphores
  - Add domain_unix_read_all_semaphores() interface
  - Allow winbind-rpcd use the terminal multiplexor
  - Allow mrtg send mails
  - Allow systemd-hostnamed dbus chat with init scripts
  - Allow sssd dbus chat with system cronjobs
  - Add interface to watch all filesystems
  - Add watch_sb interfaces
  - Add watch interfaces
  - Allow dhcpd bpf capability to run bpf programs
  - Allow netutils and traceroute bpf capability to run bpf programs
  - Allow pkcs_slotd_t bpf capability to run bpf programs
  - Allow xdm bpf capability to run bpf programs
  - Allow pcscd bpf capability to run bpf programs
  - Allow lldpad bpf capability to run bpf programs
  - Allow keepalived bpf capability to run bpf programs
  - Allow ipsec bpf capability to run bpf programs
  - Allow fprintd bpf capability to run bpf programs
  - Allow systemd-socket-proxyd get filesystems attributes
  - Allow dirsrv_snmp_t to manage dirsrv_config_t & dirsrv_var_run_t files
* Mon Oct 31 2022 Zdenek Pytela <zpytela@redhat.com> - 37.14-1
  - Allow rotatelogs read httpd_log_t symlinks
  - Add winbind-rpcd to samba_enable_home_dirs boolean
  - Allow system cronjobs dbus chat with setroubleshoot
  - Allow setroubleshootd read device sysctls
  - Allow virt_domain read device sysctls
  - Allow rhcd compute selinux access vector
  - Allow insights-client manage samba var dirs
  - Label ports 10161-10162 tcp/udp with snmp
  - Allow aide to connect to systemd_machined with a unix socket.
  - Allow samba-dcerpcd use NSCD services over a unix stream socket
  - Allow vlock search the contents of the /dev/pts directory
  - Allow insights-client send null signal to rpm and system cronjob
  - Label port 15354/tcp and 15354/udp with opendnssec
  - Allow ftpd map ftpd_var_run files
  - Allow targetclid to manage tmp files
  - Allow insights-client connect to postgresql with a unix socket
  - Allow insights-client domtrans on unix_chkpwd execution
  - Add file context entries for insights-client and rhc
  - Allow pulseaudio create gnome content (~/.config)
  - Allow login_userdomain dbus chat with rhsmcertd
  - Allow sbd the sys_ptrace capability
  - Allow ptp4l_t name_bind ptp_event_port_t

Files

/usr/bin/macro-expander
/usr/share/selinux/devel
/usr/share/selinux/devel/Makefile
/usr/share/selinux/devel/example.fc
/usr/share/selinux/devel/example.if
/usr/share/selinux/devel/example.te
/usr/share/selinux/devel/html
/usr/share/selinux/devel/html/index.html
/usr/share/selinux/devel/html/style.css
/usr/share/selinux/devel/include
/usr/share/selinux/devel/include/Makefile
/usr/share/selinux/devel/include/admin
/usr/share/selinux/devel/include/admin.xml
/usr/share/selinux/devel/include/admin/bootloader.if
/usr/share/selinux/devel/include/admin/consoletype.if
/usr/share/selinux/devel/include/admin/dmesg.if
/usr/share/selinux/devel/include/admin/netutils.if
/usr/share/selinux/devel/include/admin/su.if
/usr/share/selinux/devel/include/admin/sudo.if
/usr/share/selinux/devel/include/admin/usermanage.if
/usr/share/selinux/devel/include/apps
/usr/share/selinux/devel/include/apps.xml
/usr/share/selinux/devel/include/apps/seunshare.if
/usr/share/selinux/devel/include/build.conf
/usr/share/selinux/devel/include/contrib
/usr/share/selinux/devel/include/contrib.xml
/usr/share/selinux/devel/include/contrib/abrt.if
/usr/share/selinux/devel/include/contrib/accountsd.if
/usr/share/selinux/devel/include/contrib/acct.if
/usr/share/selinux/devel/include/contrib/afs.if
/usr/share/selinux/devel/include/contrib/afterburn.if
/usr/share/selinux/devel/include/contrib/aiccu.if
/usr/share/selinux/devel/include/contrib/aide.if
/usr/share/selinux/devel/include/contrib/aisexec.if
/usr/share/selinux/devel/include/contrib/ajaxterm.if
/usr/share/selinux/devel/include/contrib/alsa.if
/usr/share/selinux/devel/include/contrib/amanda.if
/usr/share/selinux/devel/include/contrib/amavis.if
/usr/share/selinux/devel/include/contrib/amtu.if
/usr/share/selinux/devel/include/contrib/anaconda.if
/usr/share/selinux/devel/include/contrib/antivirus.if
/usr/share/selinux/devel/include/contrib/apache.if
/usr/share/selinux/devel/include/contrib/apcupsd.if
/usr/share/selinux/devel/include/contrib/apm.if
/usr/share/selinux/devel/include/contrib/apt.if
/usr/share/selinux/devel/include/contrib/arpwatch.if
/usr/share/selinux/devel/include/contrib/asterisk.if
/usr/share/selinux/devel/include/contrib/authconfig.if
/usr/share/selinux/devel/include/contrib/automount.if
/usr/share/selinux/devel/include/contrib/avahi.if
/usr/share/selinux/devel/include/contrib/awstats.if
/usr/share/selinux/devel/include/contrib/backup.if
/usr/share/selinux/devel/include/contrib/bacula.if
/usr/share/selinux/devel/include/contrib/bcfg2.if
/usr/share/selinux/devel/include/contrib/bind.if
/usr/share/selinux/devel/include/contrib/bird.if
/usr/share/selinux/devel/include/contrib/bitlbee.if
/usr/share/selinux/devel/include/contrib/blkmapd.if
/usr/share/selinux/devel/include/contrib/blueman.if
/usr/share/selinux/devel/include/contrib/bluetooth.if
/usr/share/selinux/devel/include/contrib/boinc.if
/usr/share/selinux/devel/include/contrib/boltd.if
/usr/share/selinux/devel/include/contrib/boothd.if
/usr/share/selinux/devel/include/contrib/bootupd.if
/usr/share/selinux/devel/include/contrib/brctl.if
/usr/share/selinux/devel/include/contrib/brltty.if
/usr/share/selinux/devel/include/contrib/bugzilla.if
/usr/share/selinux/devel/include/contrib/bumblebee.if
/usr/share/selinux/devel/include/contrib/cachefilesd.if
/usr/share/selinux/devel/include/contrib/calamaris.if
/usr/share/selinux/devel/include/contrib/callweaver.if
/usr/share/selinux/devel/include/contrib/canna.if
/usr/share/selinux/devel/include/contrib/ccs.if
/usr/share/selinux/devel/include/contrib/cdrecord.if
/usr/share/selinux/devel/include/contrib/certmaster.if
/usr/share/selinux/devel/include/contrib/certmonger.if
/usr/share/selinux/devel/include/contrib/certwatch.if
/usr/share/selinux/devel/include/contrib/cfengine.if
/usr/share/selinux/devel/include/contrib/cgroup.if
/usr/share/selinux/devel/include/contrib/chrome.if
/usr/share/selinux/devel/include/contrib/chronyd.if
/usr/share/selinux/devel/include/contrib/cifsutils.if
/usr/share/selinux/devel/include/contrib/cinder.if
/usr/share/selinux/devel/include/contrib/cipe.if
/usr/share/selinux/devel/include/contrib/clamav.if
/usr/share/selinux/devel/include/contrib/clockspeed.if
/usr/share/selinux/devel/include/contrib/clogd.if
/usr/share/selinux/devel/include/contrib/cloudform.if
/usr/share/selinux/devel/include/contrib/cmirrord.if
/usr/share/selinux/devel/include/contrib/cobbler.if
/usr/share/selinux/devel/include/contrib/cockpit.if
/usr/share/selinux/devel/include/contrib/collectd.if
/usr/share/selinux/devel/include/contrib/colord.if
/usr/share/selinux/devel/include/contrib/comsat.if
/usr/share/selinux/devel/include/contrib/condor.if
/usr/share/selinux/devel/include/contrib/conman.if
/usr/share/selinux/devel/include/contrib/conntrackd.if
/usr/share/selinux/devel/include/contrib/consolekit.if
/usr/share/selinux/devel/include/contrib/coreos_installer.if
/usr/share/selinux/devel/include/contrib/corosync.if
/usr/share/selinux/devel/include/contrib/couchdb.if
/usr/share/selinux/devel/include/contrib/courier.if
/usr/share/selinux/devel/include/contrib/cpucontrol.if
/usr/share/selinux/devel/include/contrib/cpufreqselector.if
/usr/share/selinux/devel/include/contrib/cpuplug.if
/usr/share/selinux/devel/include/contrib/cron.if
/usr/share/selinux/devel/include/contrib/ctdb.if
/usr/share/selinux/devel/include/contrib/cups.if
/usr/share/selinux/devel/include/contrib/cvs.if
/usr/share/selinux/devel/include/contrib/cyphesis.if
/usr/share/selinux/devel/include/contrib/cyrus.if
/usr/share/selinux/devel/include/contrib/daemontools.if
/usr/share/selinux/devel/include/contrib/dante.if
/usr/share/selinux/devel/include/contrib/dbadm.if
/usr/share/selinux/devel/include/contrib/dbskk.if
/usr/share/selinux/devel/include/contrib/dbus.if
/usr/share/selinux/devel/include/contrib/dcc.if
/usr/share/selinux/devel/include/contrib/ddclient.if
/usr/share/selinux/devel/include/contrib/ddcprobe.if
/usr/share/selinux/devel/include/contrib/denyhosts.if
/usr/share/selinux/devel/include/contrib/devicekit.if
/usr/share/selinux/devel/include/contrib/dhcp.if
/usr/share/selinux/devel/include/contrib/dictd.if
/usr/share/selinux/devel/include/contrib/dirmngr.if
/usr/share/selinux/devel/include/contrib/dirsrv-admin.if
/usr/share/selinux/devel/include/contrib/dirsrv.if
/usr/share/selinux/devel/include/contrib/distcc.if
/usr/share/selinux/devel/include/contrib/djbdns.if
/usr/share/selinux/devel/include/contrib/dkim.if
/usr/share/selinux/devel/include/contrib/dmidecode.if
/usr/share/selinux/devel/include/contrib/dnsmasq.if
/usr/share/selinux/devel/include/contrib/dnssec.if
/usr/share/selinux/devel/include/contrib/dovecot.if
/usr/share/selinux/devel/include/contrib/dpkg.if
/usr/share/selinux/devel/include/contrib/drbd.if
/usr/share/selinux/devel/include/contrib/dspam.if
/usr/share/selinux/devel/include/contrib/entropyd.if
/usr/share/selinux/devel/include/contrib/evolution.if
/usr/share/selinux/devel/include/contrib/exim.if
/usr/share/selinux/devel/include/contrib/fail2ban.if
/usr/share/selinux/devel/include/contrib/fcoe.if
/usr/share/selinux/devel/include/contrib/fdo.if
/usr/share/selinux/devel/include/contrib/fedoratp.if
/usr/share/selinux/devel/include/contrib/fetchmail.if
/usr/share/selinux/devel/include/contrib/finger.if
/usr/share/selinux/devel/include/contrib/firewalld.if
/usr/share/selinux/devel/include/contrib/firewallgui.if
/usr/share/selinux/devel/include/contrib/firstboot.if
/usr/share/selinux/devel/include/contrib/fprintd.if
/usr/share/selinux/devel/include/contrib/freeipmi.if
/usr/share/selinux/devel/include/contrib/freqset.if
/usr/share/selinux/devel/include/contrib/ftp.if
/usr/share/selinux/devel/include/contrib/fwupd.if
/usr/share/selinux/devel/include/contrib/games.if
/usr/share/selinux/devel/include/contrib/gatekeeper.if
/usr/share/selinux/devel/include/contrib/gdomap.if
/usr/share/selinux/devel/include/contrib/geoclue.if
/usr/share/selinux/devel/include/contrib/git.if
/usr/share/selinux/devel/include/contrib/gitosis.if
/usr/share/selinux/devel/include/contrib/glance.if
/usr/share/selinux/devel/include/contrib/glusterd.if
/usr/share/selinux/devel/include/contrib/gnome.if
/usr/share/selinux/devel/include/contrib/gnome_remote_desktop.if
/usr/share/selinux/devel/include/contrib/gnomeclock.if
/usr/share/selinux/devel/include/contrib/gpg.if
/usr/share/selinux/devel/include/contrib/gpm.if
/usr/share/selinux/devel/include/contrib/gpsd.if
/usr/share/selinux/devel/include/contrib/gssproxy.if
/usr/share/selinux/devel/include/contrib/hadoop.if
/usr/share/selinux/devel/include/contrib/hddtemp.if
/usr/share/selinux/devel/include/contrib/hostapd.if
/usr/share/selinux/devel/include/contrib/howl.if
/usr/share/selinux/devel/include/contrib/hsqldb.if
/usr/share/selinux/devel/include/contrib/hwloc.if
/usr/share/selinux/devel/include/contrib/hypervkvp.if
/usr/share/selinux/devel/include/contrib/i18n_input.if
/usr/share/selinux/devel/include/contrib/ibacm.if
/usr/share/selinux/devel/include/contrib/ica.if
/usr/share/selinux/devel/include/contrib/icecast.if
/usr/share/selinux/devel/include/contrib/ifplugd.if
/usr/share/selinux/devel/include/contrib/iiosensorproxy.if
/usr/share/selinux/devel/include/contrib/imaze.if
/usr/share/selinux/devel/include/contrib/inetd.if
/usr/share/selinux/devel/include/contrib/inn.if
/usr/share/selinux/devel/include/contrib/insights_client.if
/usr/share/selinux/devel/include/contrib/iodine.if
/usr/share/selinux/devel/include/contrib/iotop.if
/usr/share/selinux/devel/include/contrib/ipa.if
/usr/share/selinux/devel/include/contrib/ipmievd.if
/usr/share/selinux/devel/include/contrib/irc.if
/usr/share/selinux/devel/include/contrib/ircd.if
/usr/share/selinux/devel/include/contrib/irqbalance.if
/usr/share/selinux/devel/include/contrib/iscsi.if
/usr/share/selinux/devel/include/contrib/isns.if
/usr/share/selinux/devel/include/contrib/jabber.if
/usr/share/selinux/devel/include/contrib/java.if
/usr/share/selinux/devel/include/contrib/jetty.if
/usr/share/selinux/devel/include/contrib/jockey.if
/usr/share/selinux/devel/include/contrib/journalctl.if
/usr/share/selinux/devel/include/contrib/kafs.if
/usr/share/selinux/devel/include/contrib/kdump.if
/usr/share/selinux/devel/include/contrib/kdumpgui.if
/usr/share/selinux/devel/include/contrib/keepalived.if
/usr/share/selinux/devel/include/contrib/kerberos.if
/usr/share/selinux/devel/include/contrib/kerneloops.if
/usr/share/selinux/devel/include/contrib/keyboardd.if
/usr/share/selinux/devel/include/contrib/keystone.if
/usr/share/selinux/devel/include/contrib/keyutils.if
/usr/share/selinux/devel/include/contrib/kismet.if
/usr/share/selinux/devel/include/contrib/kmscon.if
/usr/share/selinux/devel/include/contrib/kpatch.if
/usr/share/selinux/devel/include/contrib/ksmtuned.if
/usr/share/selinux/devel/include/contrib/ktalk.if
/usr/share/selinux/devel/include/contrib/l2tp.if
/usr/share/selinux/devel/include/contrib/ldap.if
/usr/share/selinux/devel/include/contrib/lightsquid.if
/usr/share/selinux/devel/include/contrib/likewise.if
/usr/share/selinux/devel/include/contrib/linuxptp.if
/usr/share/selinux/devel/include/contrib/lircd.if
/usr/share/selinux/devel/include/contrib/livecd.if
/usr/share/selinux/devel/include/contrib/lldpad.if
/usr/share/selinux/devel/include/contrib/loadkeys.if
/usr/share/selinux/devel/include/contrib/lockdev.if
/usr/share/selinux/devel/include/contrib/logrotate.if
/usr/share/selinux/devel/include/contrib/logwatch.if
/usr/share/selinux/devel/include/contrib/lpd.if
/usr/share/selinux/devel/include/contrib/lsm.if
/usr/share/selinux/devel/include/contrib/lttng-tools.if
/usr/share/selinux/devel/include/contrib/mailman.if
/usr/share/selinux/devel/include/contrib/mailscanner.if
/usr/share/selinux/devel/include/contrib/man2html.if
/usr/share/selinux/devel/include/contrib/mandb.if
/usr/share/selinux/devel/include/contrib/mcelog.if
/usr/share/selinux/devel/include/contrib/mediawiki.if
/usr/share/selinux/devel/include/contrib/memcached.if
/usr/share/selinux/devel/include/contrib/milter.if
/usr/share/selinux/devel/include/contrib/minidlna.if
/usr/share/selinux/devel/include/contrib/minissdpd.if
/usr/share/selinux/devel/include/contrib/mip6d.if
/usr/share/selinux/devel/include/contrib/mirrormanager.if
/usr/share/selinux/devel/include/contrib/mock.if
/usr/share/selinux/devel/include/contrib/modemmanager.if
/usr/share/selinux/devel/include/contrib/mojomojo.if
/usr/share/selinux/devel/include/contrib/mon_statd.if
/usr/share/selinux/devel/include/contrib/mongodb.if
/usr/share/selinux/devel/include/contrib/mono.if
/usr/share/selinux/devel/include/contrib/monop.if
/usr/share/selinux/devel/include/contrib/motion.if
/usr/share/selinux/devel/include/contrib/mozilla.if
/usr/share/selinux/devel/include/contrib/mpd.if
/usr/share/selinux/devel/include/contrib/mplayer.if
/usr/share/selinux/devel/include/contrib/mptcpd.if
/usr/share/selinux/devel/include/contrib/mrtg.if
/usr/share/selinux/devel/include/contrib/mta.if
/usr/share/selinux/devel/include/contrib/munin.if
/usr/share/selinux/devel/include/contrib/mysql.if
/usr/share/selinux/devel/include/contrib/mythtv.if
/usr/share/selinux/devel/include/contrib/naemon.if
/usr/share/selinux/devel/include/contrib/nagios.if
/usr/share/selinux/devel/include/contrib/namespace.if
/usr/share/selinux/devel/include/contrib/ncftool.if
/usr/share/selinux/devel/include/contrib/nessus.if
/usr/share/selinux/devel/include/contrib/networkmanager.if
/usr/share/selinux/devel/include/contrib/ninfod.if
/usr/share/selinux/devel/include/contrib/nis.if
/usr/share/selinux/devel/include/contrib/nova.if
/usr/share/selinux/devel/include/contrib/nscd.if
/usr/share/selinux/devel/include/contrib/nsd.if
/usr/share/selinux/devel/include/contrib/nslcd.if
/usr/share/selinux/devel/include/contrib/ntop.if
/usr/share/selinux/devel/include/contrib/ntp.if
/usr/share/selinux/devel/include/contrib/numad.if
/usr/share/selinux/devel/include/contrib/nut.if
/usr/share/selinux/devel/include/contrib/nvme_stas.if
/usr/share/selinux/devel/include/contrib/nx.if
/usr/share/selinux/devel/include/contrib/oav.if
/usr/share/selinux/devel/include/contrib/obex.if
/usr/share/selinux/devel/include/contrib/oddjob.if
/usr/share/selinux/devel/include/contrib/oident.if
/usr/share/selinux/devel/include/contrib/opafm.if
/usr/share/selinux/devel/include/contrib/openca.if
/usr/share/selinux/devel/include/contrib/openct.if
/usr/share/selinux/devel/include/contrib/opendnssec.if
/usr/share/selinux/devel/include/contrib/openfortivpn.if
/usr/share/selinux/devel/include/contrib/openhpid.if
/usr/share/selinux/devel/include/contrib/openshift-origin.if
/usr/share/selinux/devel/include/contrib/openshift.if
/usr/share/selinux/devel/include/contrib/opensm.if
/usr/share/selinux/devel/include/contrib/openvpn.if
/usr/share/selinux/devel/include/contrib/openvswitch.if
/usr/share/selinux/devel/include/contrib/openwsman.if
/usr/share/selinux/devel/include/contrib/oracleasm.if
/usr/share/selinux/devel/include/contrib/osad.if
/usr/share/selinux/devel/include/contrib/pacemaker.if
/usr/share/selinux/devel/include/contrib/pads.if
/usr/share/selinux/devel/include/contrib/passenger.if
/usr/share/selinux/devel/include/contrib/passt.if
/usr/share/selinux/devel/include/contrib/pcm.if
/usr/share/selinux/devel/include/contrib/pcmcia.if
/usr/share/selinux/devel/include/contrib/pcp.if
/usr/share/selinux/devel/include/contrib/pcscd.if
/usr/share/selinux/devel/include/contrib/pdns.if
/usr/share/selinux/devel/include/contrib/pegasus.if
/usr/share/selinux/devel/include/contrib/perdition.if
/usr/share/selinux/devel/include/contrib/pesign.if
/usr/share/selinux/devel/include/contrib/pingd.if
/usr/share/selinux/devel/include/contrib/piranha.if
/usr/share/selinux/devel/include/contrib/pkcs.if
/usr/share/selinux/devel/include/contrib/pkcs11proxyd.if
/usr/share/selinux/devel/include/contrib/pki.if
/usr/share/selinux/devel/include/contrib/plymouthd.if
/usr/share/selinux/devel/include/contrib/podsleuth.if
/usr/share/selinux/devel/include/contrib/policykit.if
/usr/share/selinux/devel/include/contrib/polipo.if
/usr/share/selinux/devel/include/contrib/portage.if
/usr/share/selinux/devel/include/contrib/portmap.if
/usr/share/selinux/devel/include/contrib/portreserve.if
/usr/share/selinux/devel/include/contrib/portslave.if
/usr/share/selinux/devel/include/contrib/postfix.if
/usr/share/selinux/devel/include/contrib/postfixpolicyd.if
/usr/share/selinux/devel/include/contrib/postgrey.if
/usr/share/selinux/devel/include/contrib/ppp.if
/usr/share/selinux/devel/include/contrib/prelink.if
/usr/share/selinux/devel/include/contrib/prelude.if
/usr/share/selinux/devel/include/contrib/privoxy.if
/usr/share/selinux/devel/include/contrib/procmail.if
/usr/share/selinux/devel/include/contrib/prosody.if
/usr/share/selinux/devel/include/contrib/psad.if
/usr/share/selinux/devel/include/contrib/ptchown.if
/usr/share/selinux/devel/include/contrib/publicfile.if
/usr/share/selinux/devel/include/contrib/pulseaudio.if
/usr/share/selinux/devel/include/contrib/puppet.if
/usr/share/selinux/devel/include/contrib/pwauth.if
/usr/share/selinux/devel/include/contrib/pxe.if
/usr/share/selinux/devel/include/contrib/pyzor.if
/usr/share/selinux/devel/include/contrib/qatlib.if
/usr/share/selinux/devel/include/contrib/qemu.if
/usr/share/selinux/devel/include/contrib/qmail.if
/usr/share/selinux/devel/include/contrib/qpid.if
/usr/share/selinux/devel/include/contrib/quantum.if
/usr/share/selinux/devel/include/contrib/quota.if
/usr/share/selinux/devel/include/contrib/rabbitmq.if
/usr/share/selinux/devel/include/contrib/radius.if
/usr/share/selinux/devel/include/contrib/radvd.if
/usr/share/selinux/devel/include/contrib/raid.if
/usr/share/selinux/devel/include/contrib/rasdaemon.if
/usr/share/selinux/devel/include/contrib/razor.if
/usr/share/selinux/devel/include/contrib/rdisc.if
/usr/share/selinux/devel/include/contrib/readahead.if
/usr/share/selinux/devel/include/contrib/realmd.if
/usr/share/selinux/devel/include/contrib/redis.if
/usr/share/selinux/devel/include/contrib/remotelogin.if
/usr/share/selinux/devel/include/contrib/resmgr.if
/usr/share/selinux/devel/include/contrib/rgmanager.if
/usr/share/selinux/devel/include/contrib/rhcd.if
/usr/share/selinux/devel/include/contrib/rhcs.if
/usr/share/selinux/devel/include/contrib/rhev.if
/usr/share/selinux/devel/include/contrib/rhgb.if
/usr/share/selinux/devel/include/contrib/rhnsd.if
/usr/share/selinux/devel/include/contrib/rhsmcertd.if
/usr/share/selinux/devel/include/contrib/ricci.if
/usr/share/selinux/devel/include/contrib/rkhunter.if
/usr/share/selinux/devel/include/contrib/rkt.if
/usr/share/selinux/devel/include/contrib/rlogin.if
/usr/share/selinux/devel/include/contrib/rngd.if
/usr/share/selinux/devel/include/contrib/rolekit.if
/usr/share/selinux/devel/include/contrib/roundup.if
/usr/share/selinux/devel/include/contrib/rpc.if
/usr/share/selinux/devel/include/contrib/rpcbind.if
/usr/share/selinux/devel/include/contrib/rpm.if
/usr/share/selinux/devel/include/contrib/rrdcached.if
/usr/share/selinux/devel/include/contrib/rshd.if
/usr/share/selinux/devel/include/contrib/rshim.if
/usr/share/selinux/devel/include/contrib/rssh.if
/usr/share/selinux/devel/include/contrib/rsync.if
/usr/share/selinux/devel/include/contrib/rtas.if
/usr/share/selinux/devel/include/contrib/rtkit.if
/usr/share/selinux/devel/include/contrib/rwho.if
/usr/share/selinux/devel/include/contrib/samba.if
/usr/share/selinux/devel/include/contrib/sambagui.if
/usr/share/selinux/devel/include/contrib/samhain.if
/usr/share/selinux/devel/include/contrib/sandbox.if
/usr/share/selinux/devel/include/contrib/sandboxX.if
/usr/share/selinux/devel/include/contrib/sanlock.if
/usr/share/selinux/devel/include/contrib/sasl.if
/usr/share/selinux/devel/include/contrib/sbd.if
/usr/share/selinux/devel/include/contrib/sblim.if
/usr/share/selinux/devel/include/contrib/screen.if
/usr/share/selinux/devel/include/contrib/sectoolm.if
/usr/share/selinux/devel/include/contrib/sendmail.if
/usr/share/selinux/devel/include/contrib/sensord.if
/usr/share/selinux/devel/include/contrib/setroubleshoot.if
/usr/share/selinux/devel/include/contrib/sge.if
/usr/share/selinux/devel/include/contrib/shorewall.if
/usr/share/selinux/devel/include/contrib/shutdown.if
/usr/share/selinux/devel/include/contrib/slocate.if
/usr/share/selinux/devel/include/contrib/slpd.if
/usr/share/selinux/devel/include/contrib/slrnpull.if
/usr/share/selinux/devel/include/contrib/smartmon.if
/usr/share/selinux/devel/include/contrib/smokeping.if
/usr/share/selinux/devel/include/contrib/smoltclient.if
/usr/share/selinux/devel/include/contrib/smsd.if
/usr/share/selinux/devel/include/contrib/smstools.if
/usr/share/selinux/devel/include/contrib/snapper.if
/usr/share/selinux/devel/include/contrib/snmp.if
/usr/share/selinux/devel/include/contrib/snort.if
/usr/share/selinux/devel/include/contrib/sosreport.if
/usr/share/selinux/devel/include/contrib/soundserver.if
/usr/share/selinux/devel/include/contrib/spamassassin.if
/usr/share/selinux/devel/include/contrib/speech-dispatcher.if
/usr/share/selinux/devel/include/contrib/squid.if
/usr/share/selinux/devel/include/contrib/sslh.if
/usr/share/selinux/devel/include/contrib/sssd.if
/usr/share/selinux/devel/include/contrib/stalld.if
/usr/share/selinux/devel/include/contrib/stapserver.if
/usr/share/selinux/devel/include/contrib/stratisd.if
/usr/share/selinux/devel/include/contrib/stunnel.if
/usr/share/selinux/devel/include/contrib/svnserve.if
/usr/share/selinux/devel/include/contrib/swift.if
/usr/share/selinux/devel/include/contrib/swtpm.if
/usr/share/selinux/devel/include/contrib/sxid.if
/usr/share/selinux/devel/include/contrib/sysstat.if
/usr/share/selinux/devel/include/contrib/tangd.if
/usr/share/selinux/devel/include/contrib/targetd.if
/usr/share/selinux/devel/include/contrib/tcpd.if
/usr/share/selinux/devel/include/contrib/tcsd.if
/usr/share/selinux/devel/include/contrib/telepathy.if
/usr/share/selinux/devel/include/contrib/telnet.if
/usr/share/selinux/devel/include/contrib/tftp.if
/usr/share/selinux/devel/include/contrib/tgtd.if
/usr/share/selinux/devel/include/contrib/thin.if
/usr/share/selinux/devel/include/contrib/thumb.if
/usr/share/selinux/devel/include/contrib/thunderbird.if
/usr/share/selinux/devel/include/contrib/timedatex.if
/usr/share/selinux/devel/include/contrib/timidity.if
/usr/share/selinux/devel/include/contrib/tlp.if
/usr/share/selinux/devel/include/contrib/tmpreaper.if
/usr/share/selinux/devel/include/contrib/tomcat.if
/usr/share/selinux/devel/include/contrib/tor.if
/usr/share/selinux/devel/include/contrib/transproxy.if
/usr/share/selinux/devel/include/contrib/tripwire.if
/usr/share/selinux/devel/include/contrib/tuned.if
/usr/share/selinux/devel/include/contrib/tvtime.if
/usr/share/selinux/devel/include/contrib/tzdata.if
/usr/share/selinux/devel/include/contrib/ucspitcp.if
/usr/share/selinux/devel/include/contrib/ulogd.if
/usr/share/selinux/devel/include/contrib/uml.if
/usr/share/selinux/devel/include/contrib/updfstab.if
/usr/share/selinux/devel/include/contrib/uptime.if
/usr/share/selinux/devel/include/contrib/usbmodules.if
/usr/share/selinux/devel/include/contrib/usbmuxd.if
/usr/share/selinux/devel/include/contrib/userhelper.if
/usr/share/selinux/devel/include/contrib/usernetctl.if
/usr/share/selinux/devel/include/contrib/uucp.if
/usr/share/selinux/devel/include/contrib/uuidd.if
/usr/share/selinux/devel/include/contrib/uwimap.if
/usr/share/selinux/devel/include/contrib/varnishd.if
/usr/share/selinux/devel/include/contrib/vbetool.if
/usr/share/selinux/devel/include/contrib/vdagent.if
/usr/share/selinux/devel/include/contrib/vhostmd.if
/usr/share/selinux/devel/include/contrib/virt.if
/usr/share/selinux/devel/include/contrib/virt_supplementary.if
/usr/share/selinux/devel/include/contrib/vlock.if
/usr/share/selinux/devel/include/contrib/vmtools.if
/usr/share/selinux/devel/include/contrib/vmware.if
/usr/share/selinux/devel/include/contrib/vnstatd.if
/usr/share/selinux/devel/include/contrib/vpn.if
/usr/share/selinux/devel/include/contrib/w3c.if
/usr/share/selinux/devel/include/contrib/watchdog.if
/usr/share/selinux/devel/include/contrib/wdmd.if
/usr/share/selinux/devel/include/contrib/webadm.if
/usr/share/selinux/devel/include/contrib/webalizer.if
/usr/share/selinux/devel/include/contrib/wine.if
/usr/share/selinux/devel/include/contrib/wireguard.if
/usr/share/selinux/devel/include/contrib/wireshark.if
/usr/share/selinux/devel/include/contrib/wm.if
/usr/share/selinux/devel/include/contrib/xen.if
/usr/share/selinux/devel/include/contrib/xfs.if
/usr/share/selinux/devel/include/contrib/xscreensaver.if
/usr/share/selinux/devel/include/contrib/zabbix.if
/usr/share/selinux/devel/include/contrib/zarafa.if
/usr/share/selinux/devel/include/contrib/zebra.if
/usr/share/selinux/devel/include/contrib/zoneminder.if
/usr/share/selinux/devel/include/contrib/zosremote.if
/usr/share/selinux/devel/include/global_booleans.xml
/usr/share/selinux/devel/include/global_tunables.xml
/usr/share/selinux/devel/include/kernel
/usr/share/selinux/devel/include/kernel.xml
/usr/share/selinux/devel/include/kernel/corecommands.if
/usr/share/selinux/devel/include/kernel/corenetwork.if
/usr/share/selinux/devel/include/kernel/devices.if
/usr/share/selinux/devel/include/kernel/domain.if
/usr/share/selinux/devel/include/kernel/files.if
/usr/share/selinux/devel/include/kernel/filesystem.if
/usr/share/selinux/devel/include/kernel/kernel.if
/usr/share/selinux/devel/include/kernel/mcs.if
/usr/share/selinux/devel/include/kernel/mls.if
/usr/share/selinux/devel/include/kernel/selinux.if
/usr/share/selinux/devel/include/kernel/storage.if
/usr/share/selinux/devel/include/kernel/terminal.if
/usr/share/selinux/devel/include/kernel/ubac.if
/usr/share/selinux/devel/include/kernel/unlabelednet.if
/usr/share/selinux/devel/include/roles
/usr/share/selinux/devel/include/roles.xml
/usr/share/selinux/devel/include/roles/auditadm.if
/usr/share/selinux/devel/include/roles/guest.if
/usr/share/selinux/devel/include/roles/logadm.if
/usr/share/selinux/devel/include/roles/secadm.if
/usr/share/selinux/devel/include/roles/staff.if
/usr/share/selinux/devel/include/roles/sysadm.if
/usr/share/selinux/devel/include/roles/sysadm_secadm.if
/usr/share/selinux/devel/include/roles/unconfineduser.if
/usr/share/selinux/devel/include/roles/unprivuser.if
/usr/share/selinux/devel/include/roles/xguest.if
/usr/share/selinux/devel/include/services
/usr/share/selinux/devel/include/services.xml
/usr/share/selinux/devel/include/services/postgresql.if
/usr/share/selinux/devel/include/services/ssh.if
/usr/share/selinux/devel/include/services/xserver.if
/usr/share/selinux/devel/include/support
/usr/share/selinux/devel/include/support/all_perms.spt
/usr/share/selinux/devel/include/support/divert.m4
/usr/share/selinux/devel/include/support/file_patterns.spt
/usr/share/selinux/devel/include/support/ipc_patterns.spt
/usr/share/selinux/devel/include/support/loadable_module.spt
/usr/share/selinux/devel/include/support/misc_macros.spt
/usr/share/selinux/devel/include/support/misc_patterns.spt
/usr/share/selinux/devel/include/support/mls_mcs_macros.spt
/usr/share/selinux/devel/include/support/obj_perm_sets.spt
/usr/share/selinux/devel/include/support/policy.dtd
/usr/share/selinux/devel/include/support/segenxml.py
/usr/share/selinux/devel/include/support/undivert.m4
/usr/share/selinux/devel/include/system
/usr/share/selinux/devel/include/system.xml
/usr/share/selinux/devel/include/system/application.if
/usr/share/selinux/devel/include/system/authlogin.if
/usr/share/selinux/devel/include/system/clock.if
/usr/share/selinux/devel/include/system/fstools.if
/usr/share/selinux/devel/include/system/getty.if
/usr/share/selinux/devel/include/system/hostname.if
/usr/share/selinux/devel/include/system/init.if
/usr/share/selinux/devel/include/system/ipsec.if
/usr/share/selinux/devel/include/system/iptables.if
/usr/share/selinux/devel/include/system/libraries.if
/usr/share/selinux/devel/include/system/locallogin.if
/usr/share/selinux/devel/include/system/logging.if
/usr/share/selinux/devel/include/system/lvm.if
/usr/share/selinux/devel/include/system/miscfiles.if
/usr/share/selinux/devel/include/system/modutils.if
/usr/share/selinux/devel/include/system/mount.if
/usr/share/selinux/devel/include/system/netlabel.if
/usr/share/selinux/devel/include/system/selinuxutil.if
/usr/share/selinux/devel/include/system/setrans.if
/usr/share/selinux/devel/include/system/sysnetwork.if
/usr/share/selinux/devel/include/system/systemd.if
/usr/share/selinux/devel/include/system/udev.if
/usr/share/selinux/devel/include/system/unconfined.if
/usr/share/selinux/devel/include/system/userdomain.if
/usr/share/selinux/devel/policy.dtd
/usr/share/selinux/devel/policy.xml
/var/lib/sepolgen/interface_info


Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Nov 15 08:31:45 2024