Current File : //proc/self/root/kunden/usr/share/selinux/devel/policy.xml

<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>
<!DOCTYPE policy SYSTEM "policy.dtd">
<policy>
<layer name="admin">
<summary>
	Policy modules for administrative functions, such as package management.
</summary>
<module name="bootloader" filename="policy/modules/admin/bootloader.if">
<summary>Policy for the kernel modules, kernel image, and bootloader.</summary>
<interface name="bootloader_domtrans" lineno="13">
<summary>
Execute bootloader in the bootloader domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="bootloader_exec" lineno="32">
<summary>
Execute bootloader in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bootloader_run" lineno="57">
<summary>
Execute bootloader interactively and do
a domain transition to the bootloader domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="bootloader_read_config" lineno="78">
<summary>
Read the bootloader configuration file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bootloader_rw_config" lineno="98">
<summary>
Read and write the bootloader
configuration file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="bootloader_manage_config" lineno="118">
<summary>
Manage the bootloader
configuration file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="bootloader_rw_tmp_files" lineno="137">
<summary>
Read and write the bootloader
temporary data in /tmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bootloader_create_runtime_file" lineno="157">
<summary>
Read and write the bootloader
temporary data in /tmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bootloader_filetrans_config" lineno="176">
<summary>
Type transition files created in /etc
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="consoletype" filename="policy/modules/admin/consoletype.if">
<summary>
Determine of the console connected to the controlling terminal.
</summary>
<interface name="consoletype_domtrans" lineno="15">
<summary>
Execute consoletype in the consoletype domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="consoletype_run" lineno="40">
<summary>
Execute consoletype in the consoletype domain, and
allow the specified role the consoletype domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="consoletype_exec" lineno="60">
<summary>
Execute consoletype in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="dmesg" filename="policy/modules/admin/dmesg.if">
<summary>Policy for dmesg.</summary>
<interface name="dmesg_domtrans" lineno="13">
<summary>
Execute dmesg in the dmesg domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dmesg_exec" lineno="33">
<summary>
Execute dmesg in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="netutils" filename="policy/modules/admin/netutils.if">
<summary>Network analysis utilities</summary>
<interface name="netutils_domtrans" lineno="13">
<summary>
Execute network utilities in the netutils domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="netutils_run" lineno="39">
<summary>
Execute network utilities in the netutils domain, and
allow the specified role the netutils domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="netutils_exec" lineno="59">
<summary>
Execute network utilities in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="netutils_signal" lineno="78">
<summary>
Send generic signals to network utilities.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="netutils_domtrans_ping" lineno="96">
<summary>
Execute ping in the ping domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="netutils_kill_ping" lineno="115">
<summary>
Send a kill (SIGKILL) signal to ping.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="netutils_signal_ping" lineno="133">
<summary>
Send generic signals to ping.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="netutils_run_ping" lineno="158">
<summary>
Execute ping in the ping domain, and
allow the specified role the ping domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="netutils_run_ping_cond" lineno="185">
<summary>
Conditionally execute ping in the ping domain, and
allow the specified role the ping domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="netutils_exec_ping" lineno="209">
<summary>
Execute ping in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="netutils_domtrans_traceroute" lineno="228">
<summary>
Execute traceroute in the traceroute domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="netutils_run_traceroute" lineno="254">
<summary>
Execute traceroute in the traceroute domain, and
allow the specified role the traceroute domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="netutils_run_traceroute_cond" lineno="281">
<summary>
Conditionally execute traceroute in the traceroute domain, and
allow the specified role the traceroute domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="netutils_exec_traceroute" lineno="305">
<summary>
Execute traceroute in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="selinuxuser_ping" dftval="false">
<desc>
<p>
Allow confined users the ability to execute the ping and traceroute commands.
</p>
</desc>
</tunable>
</module>
<module name="su" filename="policy/modules/admin/su.if">
<summary>Run shells with substitute user and group</summary>
<template name="su_restricted_domain_template" lineno="31">
<summary>
Restricted su domain template.
</summary>
<desc>
<p>
This template creates a derived domain which is allowed
to change the linux user id, to run shells as a different
user.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
</template>
<template name="su_role_template" lineno="159">
<summary>
The role template for the su module.
</summary>
<param name="role_prefix">
<summary>
The prefix of the user role (e.g., user
is the prefix for user_r).
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
<interface name="su_exec" lineno="210">
<summary>
Execute su in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="sudo" filename="policy/modules/admin/sudo.if">
<summary>Execute a command with a substitute user</summary>
<template name="sudo_role_template" lineno="31">
<summary>
The role template for the sudo module.
</summary>
<desc>
<p>
This template creates a derived domain which is allowed
to change the linux user id, to run commands as a different
user.
</p>
</desc>
<param name="role_prefix">
<summary>
The prefix of the user role (e.g., user
is the prefix for user_r).
</summary>
</param>
<param name="user_role">
<summary>
The user role.
</summary>
</param>
<param name="user_domain">
<summary>
The user domain associated with the role.
</summary>
</param>
</template>
<interface name="sudo_sigchld" lineno="136">
<summary>
Send a SIGCHLD signal to the sudo domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sudo_exec" lineno="155">
<summary>
Allow execute sudo in called domain.
This interfaces is added for nova-stack policy.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sudo_manage_db" lineno="173">
<summary>
Allow to manage sudo database in called domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sudo_filetrans_named_content_log" lineno="192">
<summary>
Transition to sudo log named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="usermanage" filename="policy/modules/admin/usermanage.if">
<summary>Policy for managing user accounts.</summary>
<interface name="usermanage_domtrans_chfn" lineno="13">
<summary>
Execute chfn in the chfn domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="usermanage_run_chfn" lineno="38">
<summary>
Execute chfn in the chfn domain, and
allow the specified role the chfn domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="usermanage_domtrans_groupadd" lineno="58">
<summary>
Execute groupadd in the groupadd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="usermanage_access_check_groupadd" lineno="77">
<summary>
Check access to the groupadd executable.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="usermanage_run_groupadd" lineno="103">
<summary>
Execute groupadd in the groupadd domain, and
allow the specified role the groupadd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="usermanage_domtrans_passwd" lineno="123">
<summary>
Execute passwd in the passwd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="usermanage_kill_passwd" lineno="142">
<summary>
Send sigkills to passwd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="usermanage_check_exec_passwd" lineno="160">
<summary>
Check if the passwd binary is executable.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="usermanage_run_passwd" lineno="184">
<summary>
Execute passwd in the passwd domain, and
allow the specified role the passwd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="usermanage_access_check_passwd" lineno="204">
<summary>
Check access to the passwd executable
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="usermanage_domtrans_admin_passwd" lineno="224">
<summary>
Execute password admin functions in
the admin passwd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="usermanage_run_admin_passwd" lineno="251">
<summary>
Execute passwd admin functions in the admin
passwd domain, and allow the specified role
the admin passwd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="usermanage_dontaudit_use_useradd_fds" lineno="271">
<summary>
Do not audit attempts to use useradd fds.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="usermanage_domtrans_useradd" lineno="289">
<summary>
Execute useradd in the useradd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="usermanage_check_exec_useradd" lineno="308">
<summary>
Check if the useradd binaries are executable.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="usermanage_run_useradd" lineno="333">
<summary>
Execute useradd in the useradd domain, and
allow the specified role the useradd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="usermanage_access_check_useradd" lineno="353">
<summary>
Check access to the useradd executable.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="usermanage_read_crack_db" lineno="372">
<summary>
Read the crack database.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
</layer>
<layer name="apps">
<summary>Policy modules for applications</summary>
<module name="seunshare" filename="policy/modules/apps/seunshare.if">
<summary>Filesystem namespacing/polyinstantiation application.</summary>
<interface name="seunshare_domtrans" lineno="13">
<summary>
Execute a domain transition to run seunshare.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="seunshare_run" lineno="37">
<summary>
Execute seunshare in the seunshare domain, and
allow the specified role the seunshare domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="seunshare_role_template" lineno="69">
<summary>
The role template for the seunshare module.
</summary>
<param name="role_prefix">
<summary>
The prefix of the user role (e.g., user
is the prefix for user_r).
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
</module>
</layer>
<layer name="contrib">
<summary>Contributed Reference Policy modules.</summary>
<module name="abrt" filename="policy/modules/contrib/abrt.if">
<summary>ABRT - automated bug-reporting tool</summary>
<interface name="abrt_stub" lineno="13">
<summary>
abrt stub interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="abrt_basic_types_template" lineno="30">
<summary>
Creates types and rules for a basic
ABRT daemon domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="abrt_domtrans" lineno="51">
<summary>
Execute abrt in the abrt domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="abrt_dump_oops_domtrans" lineno="70">
<summary>
Execute abrt_dump_oops in the abrt_dump_oops_t domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="abrt_exec" lineno="89">
<summary>
Execute abrt in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_signull" lineno="108">
<summary>
Send a null signal to abrt.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_read_state" lineno="126">
<summary>
Allow the domain to read abrt state files in /proc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_stream_connect" lineno="145">
<summary>
Connect to abrt over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_dbus_chat" lineno="165">
<summary>
Send and receive messages from
abrt over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_domtrans_helper" lineno="185">
<summary>
Execute abrt-helper in the abrt-helper domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="abrt_run_helper" lineno="210">
<summary>
Execute abrt helper in the abrt_helper domain, and
allow the specified role the abrt_helper domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="abrt_read_cache" lineno="229">
<summary>
Read abrt cache
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_append_cache" lineno="248">
<summary>
Append abrt cache
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_rw_inherited_cache" lineno="267">
<summary>
Read/Write inherited abrt cache
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_manage_cache" lineno="286">
<summary>
Manage abrt cache
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_map_cache" lineno="306">
<summary>
Map abrt cache
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_read_config" lineno="325">
<summary>
Read abrt configuration file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_dontaudit_read_config" lineno="344">
<summary>
Dontaudit read abrt configuration file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_read_log" lineno="364">
<summary>
Read abrt logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_read_pid_files" lineno="383">
<summary>
Read abrt PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_manage_pid_files" lineno="402">
<summary>
Create, read, write, and delete abrt PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_rw_fifo_file" lineno="421">
<summary>
Read and write abrt fifo files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_systemctl" lineno="439">
<summary>
Execute abrt server in the abrt domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="abrt_admin" lineno="470">
<summary>
All of the rules required to administrate
an abrt environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the abrt domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="abrt_domtrans_retrace_worker" lineno="521">
<summary>
Execute abrt-retrace in the abrt-retrace domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="abrt_manage_spool_retrace" lineno="540">
<summary>
Manage abrt retrace server cache
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_read_spool_retrace" lineno="561">
<summary>
Read abrt retrace server cache
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_read_cache_retrace" lineno="582">
<summary>
Read abrt retrace server cache
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_dontaudit_write_sock_file" lineno="602">
<summary>
Do not audit attempts to write abrt sock files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="abrt_filetrans_named_content" lineno="620">
<summary>
Transition to abrt named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="abrt_anon_write" dftval="false">
<desc>
<p>
Allow ABRT to modify public files
used for public file transfer services.
</p>
</desc>
</tunable>
<tunable name="abrt_upload_watch_anon_write" dftval="true">
<desc>
<p>
Determine whether abrt-handle-upload
can modify public files used for public file
transfer services in /var/spool/abrt-upload/.
</p>
</desc>
</tunable>
<tunable name="abrt_handle_event" dftval="false">
<desc>
<p>
Determine whether ABRT can run in
the abrt_handle_event_t domain to
handle ABRT event scripts.
</p>
</desc>
</tunable>
</module>
<module name="accountsd" filename="policy/modules/contrib/accountsd.if">
<summary>AccountsService and daemon for manipulating user account information via D-Bus.</summary>
<interface name="accountsd_domtrans" lineno="14">
<summary>
Execute a domain transition to
run accountsd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="accountsd_dontaudit_rw_fifo_file" lineno="34">
<summary>
Do not audit attempts to read and
write Accounts Daemon fifo files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="accountsd_dbus_chat" lineno="53">
<summary>
Send and receive messages from
accountsd over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="accountsd_search_lib" lineno="73">
<summary>
Search accountsd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="accountsd_watch_lib" lineno="92">
<summary>
Watch accountsd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="accountsd_read_lib_files" lineno="111">
<summary>
Read accountsd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="accountsd_manage_lib_files" lineno="132">
<summary>
Create, read, write, and delete
accountsd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="accountsd_systemctl" lineno="152">
<summary>
All of the rules required to
administrate an accountsd environment.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="accountsd_admin" lineno="177">
<summary>
All of the rules required to administrate
an accountsd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="acct" filename="policy/modules/contrib/acct.if">
<summary>Berkeley process accounting.</summary>
<interface name="acct_domtrans" lineno="14">
<summary>
Transition to the accounting
management domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="acct_exec" lineno="34">
<summary>
Execute accounting management tools
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="acct_exec_data" lineno="54">
<summary>
Execute accounting management data
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="acct_search_data" lineno="73">
<summary>
Search process accounting data.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="acct_manage_data" lineno="92">
<summary>
Create, read, write, and delete
process accounting data.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="acct_dontaudit_list_data" lineno="112">
<summary>
Dontaudit Attempts to list acct_data directory
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="acct_admin" lineno="137">
<summary>
All of the rules required to
administrate an acct environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="afs" filename="policy/modules/contrib/afs.if">
<summary>Andrew Filesystem server.</summary>
<interface name="afs_domtrans" lineno="14">
<summary>
Execute a domain transition to run the
afs client.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="afs_rw_udp_sockets" lineno="33">
<summary>
Read and write afs client UDP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="afs_read_config" lineno="51">
<summary>
Read AFS config data
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="afs_rw_cache" lineno="69">
<summary>
Read and write afs cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="afs_initrc_domtrans" lineno="88">
<summary>
Execute afs server in the afs domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="afs_admin" lineno="113">
<summary>
All of the rules required to
administrate an afs environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="afterburn" filename="policy/modules/contrib/afterburn.if">
<summary>policy for afterburn</summary>
<interface name="afterburn_domtrans" lineno="13">
<summary>
Execute afterburn in the afterburn domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="afterburn_exec" lineno="32">
<summary>
Execute afterburn in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="aiccu" filename="policy/modules/contrib/aiccu.if">
<summary>Automatic IPv6 Connectivity Client Utility.</summary>
<interface name="aiccu_domtrans" lineno="13">
<summary>
Execute a domain transition to run aiccu.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="aiccu_initrc_domtrans" lineno="32">
<summary>
Execute aiccu server in the aiccu domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="aiccu_read_pid_files" lineno="50">
<summary>
Read aiccu PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="aiccu_admin" lineno="76">
<summary>
All of the rules required to
administrate an aiccu environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="aide" filename="policy/modules/contrib/aide.if">
<summary>Aide filesystem integrity checker.</summary>
<interface name="aide_domtrans" lineno="13">
<summary>
Execute aide in the aide domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="aide_run" lineno="39">
<summary>
Execute aide programs in the AIDE
domain and allow the specified role
the AIDE domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="aide_admin" lineno="65">
<summary>
All of the rules required to
administrate an aide environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="aisexec" filename="policy/modules/contrib/aisexec.if">
<summary>Aisexec Cluster Engine.</summary>
<interface name="aisexec_domtrans" lineno="13">
<summary>
Execute a domain transition to run aisexec.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="aisexec_stream_connect" lineno="33">
<summary>
Connect to aisexec over a unix
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="aisexec_read_log" lineno="52">
<summary>
Read aisexec log files content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="aisexecd_admin" lineno="79">
<summary>
All of the rules required to
administrate an aisexec environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="ajaxterm" filename="policy/modules/contrib/ajaxterm.if">
<summary>policy for ajaxterm</summary>
<interface name="ajaxterm_domtrans" lineno="13">
<summary>
Execute a domain transition to run ajaxterm.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ajaxterm_initrc_domtrans" lineno="31">
<summary>
Execute ajaxterm server in the ajaxterm domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ajaxterm_rw_ptys" lineno="49">
<summary>
Read and write the ajaxterm pty type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ajaxterm_admin" lineno="74">
<summary>
All of the rules required to administrate
an ajaxterm environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="alsa" filename="policy/modules/contrib/alsa.if">
<summary>Advanced Linux Sound Architecture utilities.</summary>
<template name="alsa_role" lineno="18">
<summary>
Role access for alsa.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</template>
<interface name="alsa_domtrans" lineno="32">
<summary>
Execute a domain transition to run Alsa.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="alsa_run" lineno="58">
<summary>
Execute a domain transition to run
Alsa, and allow the specified role
the Alsa domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="alsa_rw_semaphores" lineno="77">
<summary>
Read and write Alsa semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="alsa_rw_shared_mem" lineno="95">
<summary>
Read and write Alsa shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="alsa_read_rw_config" lineno="113">
<summary>
Read writable Alsa configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="alsa_manage_rw_config" lineno="138">
<summary>
Manage writable Alsa config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="alsa_manage_home_files" lineno="164">
<summary>
Create, read, write, and delete
alsa home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="alsa_read_home_files" lineno="184">
<summary>
Read Alsa home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="alsa_relabel_home_files" lineno="203">
<summary>
Relabel alsa home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="alsa_read_lib" lineno="222">
<summary>
Read Alsa lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="alsa_filetrans_home_content" lineno="241">
<summary>
Transition to alsa named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="alsa_filetrans_named_content" lineno="259">
<summary>
Transition to alsa named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="alsa_systemctl" lineno="284">
<summary>
Execute alsa server in the alsa domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="alsa_write_lib" lineno="308">
<summary>
Write Alsa lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="amanda" filename="policy/modules/contrib/amanda.if">
<summary>Advanced Maryland Automatic Network Disk Archiver.</summary>
<interface name="amanda_domtrans_recover" lineno="14">
<summary>
Execute a domain transition to run
Amanda recover.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="amanda_run_recover" lineno="41">
<summary>
Execute a domain transition to run
Amanda recover, and allow the specified
role the Amanda recover domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="amanda_search_lib" lineno="60">
<summary>
Search Amanda library directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amanda_dontaudit_read_dumpdates" lineno="79">
<summary>
Do not audit attempts to read /etc/dumpdates.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="amanda_rw_dumpdates_files" lineno="97">
<summary>
Read and write /etc/dumpdates.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amanda_manage_lib" lineno="116">
<summary>
Search Amanda library directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amanda_append_log_files" lineno="135">
<summary>
Read and append amanda log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amanda_search_var_lib" lineno="154">
<summary>
Search Amanda var library directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="amavis" filename="policy/modules/contrib/amavis.if">
<summary>High-performance interface between an email server and content checkers.</summary>
<interface name="amavis_domtrans" lineno="13">
<summary>
Execute a domain transition to run amavis.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="amavis_initrc_domtrans" lineno="32">
<summary>
Execute amavis server in the amavis domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="amavis_read_spool_files" lineno="50">
<summary>
Read amavis spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amavis_manage_spool_files" lineno="71">
<summary>
Create, read, write, and delete
amavis spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amavis_spool_filetrans" lineno="107">
<summary>
Create objects in the amavis spool directories
with a private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
Private file type.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="amavis_search_lib" lineno="126">
<summary>
Search amavis lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amavis_read_lib_files" lineno="145">
<summary>
Read amavis lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amavis_rw_lib_files" lineno="165">
<summary>
Read and write amavis lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amavis_manage_lib_files" lineno="186">
<summary>
Create, read, write, and delete
amavis lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amavis_setattr_pid_files" lineno="205">
<summary>
Set attributes of amavis pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amavis_create_pid_files" lineno="224">
<summary>
Create amavis pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amavis_admin" lineno="251">
<summary>
All of the rules required to
administrate an amavis environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="amavis_use_jit" dftval="false">
<desc>
<p>
Determine whether amavis can
use JIT compiler.
</p>
</desc>
</tunable>
</module>
<module name="amtu" filename="policy/modules/contrib/amtu.if">
<summary>Abstract Machine Test Utility.</summary>
<interface name="amtu_domtrans" lineno="13">
<summary>
Execute a domain transition to run Amtu.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="amtu_run" lineno="39">
<summary>
Execute a domain transition to run
Amtu, and allow the specified role
the Amtu domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="amtu_admin" lineno="65">
<summary>
All of the rules required to
administrate an amtu environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="anaconda" filename="policy/modules/contrib/anaconda.if">
<summary>Anaconda installer.</summary>
<interface name="anaconda_domtrans_install" lineno="13">
<summary>
Execute a domain transition to run install.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="anaconda_run_install" lineno="39">
<summary>
Execute install in the install
domain, and allow the specified
role the install domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="anaconda_exec_preupgrade" lineno="65">
<summary>
Execute preupgrade in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="anaconda_domtrans_preupgrade" lineno="84">
<summary>
Execute a domain transition to run preupgrade.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="anaconda_read_lib_files_preupgrade" lineno="103">
<summary>
Read preupgrade lib files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="anaconda_manage_lib_files_preupgrade" lineno="123">
<summary>
Manage preupgrade lib files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="anaconda_stream_connect" lineno="144">
<summary>
Connect over a unix stream socket
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="anaconda_create_unix_stream_sockets" lineno="163">
<summary>
Create and use a unix stream socket
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="antivirus" filename="policy/modules/contrib/antivirus.if">
<summary>SELinux policy for antivirus programs - amavis, clamd, freshclam and clamscan</summary>
<interface name="antivirus_domain_template" lineno="14">
<summary>
Creates types and rules for a basic
antivirus domain.
</summary>
<param name="domain">
<summary>
Prefix for the domain.
</summary>
</param>
</interface>
<interface name="antivirus_domtrans" lineno="34">
<summary>
Execute a domain transition to run antivirus program.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="antivirus_exec" lineno="52">
<summary>
Execute antivirus program without a transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="antivirus_stream_connect" lineno="70">
<summary>
Connect to run antivirus program.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="antivirus_append_log" lineno="91">
<summary>
Allow the specified domain to append
to antivirus log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="antivirus_read_config" lineno="111">
<summary>
Read antivirus configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="antivirus_search_db" lineno="130">
<summary>
Search antivirus db content directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="antivirus_read_db" lineno="150">
<summary>
Read antivirus db content directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="antivirus_rw_db" lineno="171">
<summary>
Read and write antivirus db content directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="antivirus_manage_db" lineno="191">
<summary>
Manage antivirus db content directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="antivirus_manage_pid" lineno="212">
<summary>
Manage antivirus pid content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="antivirus_read_state_clamd" lineno="231">
<summary>
Read antivirus state files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="antivirus_systemctl" lineno="250">
<summary>
Execute antivirus server in the antivirus domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="antivirus_admin" lineno="282">
<summary>
All of the rules required to administrate
an antivirus programs environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the clamav domain.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="antivirus_can_scan_system" dftval="false">
<desc>
<p>
Allow antivirus programs to read non security files on a system
</p>
</desc>
</tunable>
<tunable name="antivirus_use_jit" dftval="false">
<desc>
<p>
Determine whether antivirus programs can use JIT compiler.
</p>
</desc>
</tunable>
</module>
<module name="apache" filename="policy/modules/contrib/apache.if">
<summary>Apache web server</summary>
<template name="apache_user_content_template" lineno="14">
<summary>
Create a set of derived types for apache
web content.
</summary>
<param name="prefix">
<summary>
The prefix to be used for deriving type names.
</summary>
</param>
</template>
<template name="apache_content_template" lineno="123">
<summary>
Create a set of derived types for apache
web content.
</summary>
<param name="prefix">
<summary>
The prefix to be used for deriving type names.
</summary>
</param>
</template>
<template name="apache_content_alias_template" lineno="234">
<summary>
Create a set of derived types for apache
web content.
</summary>
<param name="prefix">
<summary>
The prefix to be used for deriving new type names.
</summary>
</param>
<param name="oldprefix">
<summary>
The prefix to be used for deriving old type names.
</summary>
</param>
</template>
<interface name="apache_role" lineno="258">
<summary>
Role access for apache
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="apache_read_user_scripts" lineno="327">
<summary>
Read httpd user scripts executables.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_read_user_content" lineno="347">
<summary>
Read user web content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_manage_user_content" lineno="367">
<summary>
Manage user web content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_domtrans" lineno="387">
<summary>
Transition to apache.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="apache_exec" lineno="407">
<summary>
Allow the specified domain to execute apache
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_exec_suexec" lineno="426">
<summary>
Allow the specified domain to execute apache suexec
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_signal" lineno="444">
<summary>
Send a generic signal to apache.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_signull" lineno="462">
<summary>
Send a null signal to apache.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_sigchld" lineno="480">
<summary>
Send a SIGCHLD signal to apache.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_read_state" lineno="498">
<summary>
Allow the domain to read apache state files in /proc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_use_fds" lineno="517">
<summary>
Inherit and use file descriptors from Apache.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_dontaudit_rw_fifo_file" lineno="536">
<summary>
Do not audit attempts to read and write Apache
unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="apache_rw_stream_sockets" lineno="555">
<summary>
Allow attempts to read and write Apache
unix domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="apache_dontaudit_rw_stream_sockets" lineno="574">
<summary>
Do not audit attempts to read and write Apache
unix domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="apache_dontaudit_rw_tcp_sockets" lineno="593">
<summary>
Do not audit attempts to read and write Apache
TCP sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="apache_manage_all_content" lineno="612">
<summary>
Create, read, write, and delete all web content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_setattr_cache_dirs" lineno="637">
<summary>
Allow domain to  set the attributes
of the APACHE cache directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_list_cache" lineno="656">
<summary>
Allow the specified domain to list
Apache cache.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_rw_cache_files" lineno="675">
<summary>
Allow the specified domain to read
and write Apache cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_delete_cache_dirs" lineno="694">
<summary>
Allow the specified domain to delete
Apache cache dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_delete_cache_files" lineno="713">
<summary>
Allow the specified domain to delete
Apache cache.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_search_config" lineno="732">
<summary>
Allow the specified domain to search
apache configuration dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_read_config" lineno="753">
<summary>
Allow the specified domain to read
apache configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_manage_config" lineno="775">
<summary>
Allow the specified domain to manage
apache configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_domtrans_helper" lineno="797">
<summary>
Execute the Apache helper program with
a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_run_helper" lineno="824">
<summary>
Execute the Apache helper program with
a domain transition, and allow the
specified role the Apache helper domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_dontaudit_read_log" lineno="845">
<summary>
dontaudit attempts to read
apache log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_read_log" lineno="866">
<summary>
Allow the specified domain to read
apache log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_append_log" lineno="888">
<summary>
Allow the specified domain to append
to apache log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_create_log_dirs" lineno="909">
<summary>
Allow the specified domain to create
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="apache_write_log" lineno="930">
<summary>
Allow the specified domain to write
to apache log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_dontaudit_append_log" lineno="949">
<summary>
Do not audit attempts to append to the
Apache logs.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="apache_manage_lib" lineno="968">
<summary>
Allow the specified domain to manage
to apache var lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_manage_log" lineno="990">
<summary>
Allow the specified domain to manage
to apache log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_dontaudit_search_modules" lineno="1012">
<summary>
Do not audit attempts to search Apache
module directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="apache_read_modules" lineno="1031">
<summary>
Allow the specified domain to read
the apache module directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_list_modules" lineno="1052">
<summary>
Allow the specified domain to list
the contents of the apache modules
directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_exec_modules" lineno="1072">
<summary>
Allow the specified domain to execute
apache modules.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_domtrans_rotatelogs" lineno="1092">
<summary>
Execute a domain transition to run httpd_rotatelogs.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="apache_exec_rotatelogs" lineno="1110">
<summary>
Execute httpd_rotatelogs in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="apache_exec_sys_script" lineno="1128">
<summary>
Execute httpd system scripts in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="apache_list_sys_content" lineno="1148">
<summary>
Allow the specified domain to list
apache system content files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_manage_sys_content" lineno="1171">
<summary>
Allow the specified domain to manage
apache system content files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_read_sys_content_rw_files" lineno="1194">
<summary>
Allow the specified domain to read
apache system content rw files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_read_inherited_sys_content_rw_files" lineno="1214">
<summary>
Allow the specified domain to read inherited
apache system content rw files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_read_sys_content_rw_dirs" lineno="1236">
<summary>
Allow the specified domain to read
apache system content rw dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_manage_sys_content_rw" lineno="1256">
<summary>
Allow the specified domain to manage
apache system content rw files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_delete_sys_content_rw" lineno="1279">
<summary>
Allow the specified domain to delete
apache system content rw files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_domtrans_sys_script" lineno="1305">
<summary>
Execute all web scripts in the system
script domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="apache_dontaudit_rw_sys_script_stream_sockets" lineno="1332">
<summary>
Do not audit attempts to read and write Apache
system script unix domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="apache_domtrans_all_scripts" lineno="1351">
<summary>
Execute all user scripts in the user
script domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="apache_run_all_scripts" lineno="1377">
<summary>
Execute all user scripts in the user
script domain.  Add user script domains
to the specified role.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_read_squirrelmail_data" lineno="1397">
<summary>
Allow the specified domain to read
apache squirrelmail data.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_append_squirrelmail_data" lineno="1416">
<summary>
Allow the specified domain to append
apache squirrelmail data.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_search_sys_content" lineno="1434">
<summary>
Search apache system content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_read_sys_content" lineno="1452">
<summary>
Read apache system content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_search_sys_scripts" lineno="1472">
<summary>
Search apache system CGI directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_manage_all_user_content" lineno="1491">
<summary>
Create, read, write, and delete all user web content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_search_sys_script_state" lineno="1515">
<summary>
Search system script state directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_read_tmp_dirs" lineno="1534">
<summary>
Allow the specified domain to read
apache tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_read_tmp_files" lineno="1554">
<summary>
Allow the specified domain to read
apache tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_read_tmp_symlinks" lineno="1574">
<summary>
Allow the specified domain to read
apache tmp lnk files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_dontaudit_rw_tmp_files" lineno="1594">
<summary>
Dontaudit attempts to read and write
apache tmp files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="apache_dontaudit_write_tmp_files" lineno="1613">
<summary>
Dontaudit attempts to write
apache tmp files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="apache_cgi_domain" lineno="1646">
<summary>
Execute CGI in the specified domain.
</summary>
<desc>
<p>
Execute CGI in the specified domain.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="domain">
<summary>
Domain run the cgi script in.
</summary>
</param>
<param name="entrypoint">
<summary>
Type of the executable to enter the cgi domain.
</summary>
</param>
</interface>
<interface name="apache_systemctl" lineno="1667">
<summary>
Execute httpd server in the httpd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="apache_admin" lineno="1697">
<summary>
All of the rules required to administrate an apache environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_dontaudit_leaks" lineno="1763">
<summary>
dontaudit read and write an leaked file descriptors
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="apache_filetrans_named_content" lineno="1786">
<summary>
Transition to apache named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_entrypoint" lineno="1822">
<summary>
Allow any httpd_exec_t to be an entrypoint of this domain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_exec_domtrans" lineno="1844">
<summary>
Execute a httpd_exec_t in the specified domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="apache_filetrans_home_content" lineno="1862">
<summary>
Transition to apache home content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_read_pid_files" lineno="1886">
<summary>
Read apache pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_manage_pid_files" lineno="1905">
<summary>
Manage apache pid objects.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_dbus_chat" lineno="1927">
<summary>
Send and receive messages from
httpd over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_delete_tmp" lineno="1948">
<summary>
Delete the httpd tmp.
</summary>
<param name="file_type">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_noatsecure" lineno="1966">
<summary>
Allow httpd noatsecure
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_ioctl_stream_sockets" lineno="1985">
<summary>
Allow the specified domain to ioctl an
httpd with a unix domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_read_semaphores" lineno="2003">
<summary>
Allow the specified domain read httpd semaphores
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="httpd_anon_write" dftval="false">
<desc>
<p>
Allow Apache to modify public files
used for public file transfer services. Directories/Files must
be labeled public_content_rw_t.
</p>
</desc>
</tunable>
<tunable name="httpd_dontaudit_search_dirs" dftval="false">
<desc>
<p>
Dontaudit Apache to search dirs.
</p>
</desc>
</tunable>
<tunable name="httpd_mod_auth_pam" dftval="false">
<desc>
<p>
Allow Apache to use mod_auth_pam
</p>
</desc>
</tunable>
<tunable name="httpd_mod_auth_ntlm_winbind" dftval="false">
<desc>
<p>
Allow Apache to use mod_auth_ntlm_winbind
</p>
</desc>
</tunable>
<tunable name="httpd_execmem" dftval="false">
<desc>
<p>
Allow httpd scripts and modules execmem/execstack
</p>
</desc>
</tunable>
<tunable name="httpd_manage_ipa" dftval="false">
<desc>
<p>
Allow httpd processes to manage IPA content
</p>
</desc>
</tunable>
<tunable name="httpd_run_ipa" dftval="false">
<desc>
<p>
Allow httpd processes to run IPA helper.
</p>
</desc>
</tunable>
<tunable name="httpd_builtin_scripting" dftval="false">
<desc>
<p>
Allow httpd to use built in scripting (usually php)
</p>
</desc>
</tunable>
<tunable name="httpd_can_network_connect" dftval="false">
<desc>
<p>
Allow HTTPD scripts and modules to connect to the network using TCP.
</p>
</desc>
</tunable>
<tunable name="httpd_can_network_connect_cobbler" dftval="false">
<desc>
<p>
Allow HTTPD scripts and modules to connect to cobbler over the network.
</p>
</desc>
</tunable>
<tunable name="httpd_serve_cobbler_files" dftval="false">
<desc>
<p>
Allow HTTPD scripts and modules to server cobbler files.
</p>
</desc>
</tunable>
<tunable name="httpd_graceful_shutdown" dftval="false">
<desc>
<p>
Allow HTTPD to connect to port 80 for graceful shutdown
</p>
</desc>
</tunable>
<tunable name="httpd_can_network_connect_db" dftval="false">
<desc>
<p>
Allow HTTPD scripts and modules to connect to databases over the network.
</p>
</desc>
</tunable>
<tunable name="httpd_can_network_memcache" dftval="false">
<desc>
<p>
Allow httpd to connect to memcache server
</p>
</desc>
</tunable>
<tunable name="httpd_can_network_relay" dftval="false">
<desc>
<p>
Allow httpd to act as a relay
</p>
</desc>
</tunable>
<tunable name="httpd_can_connect_zabbix" dftval="false">
<desc>
<p>
Allow http daemon to connect to zabbix
</p>
</desc>
</tunable>
<tunable name="httpd_can_connect_mythtv" dftval="false">
<desc>
<p>
Allow http daemon to connect to mythtv
</p>
</desc>
</tunable>
<tunable name="httpd_can_check_spam" dftval="false">
<desc>
<p>
Allow http daemon to check spam
</p>
</desc>
</tunable>
<tunable name="httpd_can_sendmail" dftval="false">
<desc>
<p>
Allow http daemon to send mail
</p>
</desc>
</tunable>
<tunable name="httpd_dbus_avahi" dftval="false">
<desc>
<p>
Allow Apache to communicate with avahi service via dbus
</p>
</desc>
</tunable>
<tunable name="httpd_dbus_sssd" dftval="false">
<desc>
<p>
Allow Apache to communicate with sssd service via dbus
</p>
</desc>
</tunable>
<tunable name="httpd_enable_cgi" dftval="false">
<desc>
<p>
Allow httpd cgi support
</p>
</desc>
</tunable>
<tunable name="httpd_enable_ftp_server" dftval="false">
<desc>
<p>
Allow httpd to act as a FTP server by
listening on the ftp port.
</p>
</desc>
</tunable>
<tunable name="httpd_can_connect_ftp" dftval="false">
<desc>
<p>
Allow httpd to act as a FTP client
connecting to the ftp port and ephemeral ports
</p>
</desc>
</tunable>
<tunable name="httpd_can_manage_courier_spool" dftval="false">
<desc>
<p>
Allow httpd to manage the courier spool sock files.
</p>
</desc>
</tunable>
<tunable name="httpd_can_connect_ldap" dftval="false">
<desc>
<p>
Allow httpd to connect to the ldap port
</p>
</desc>
</tunable>
<tunable name="httpd_enable_homedirs" dftval="false">
<desc>
<p>
Allow httpd to read home directories
</p>
</desc>
</tunable>
<tunable name="httpd_read_user_content" dftval="false">
<desc>
<p>
Allow httpd to read user content
</p>
</desc>
</tunable>
<tunable name="httpd_run_stickshift" dftval="false">
<desc>
<p>
Allow Apache to run in stickshift mode, not transition to passenger
</p>
</desc>
</tunable>
<tunable name="httpd_run_preupgrade" dftval="false">
<desc>
<p>
Allow Apache to run preupgrade
</p>
</desc>
</tunable>
<tunable name="httpd_verify_dns" dftval="false">
<desc>
<p>
Allow Apache to query NS records
</p>
</desc>
</tunable>
<tunable name="httpd_setrlimit" dftval="false">
<desc>
<p>
Allow httpd daemon to change its resource limits
</p>
</desc>
</tunable>
<tunable name="httpd_ssi_exec" dftval="false">
<desc>
<p>
Allow HTTPD to run SSI executables in the same domain as system CGI scripts.
</p>
</desc>
</tunable>
<tunable name="httpd_tmp_exec" dftval="false">
<desc>
<p>
Allow Apache to execute tmp content.
</p>
</desc>
</tunable>
<tunable name="httpd_tty_comm" dftval="false">
<desc>
<p>
Unify HTTPD to communicate with the terminal.
Needed for entering the passphrase for certificates at
the terminal.
</p>
</desc>
</tunable>
<tunable name="httpd_unified" dftval="false">
<desc>
<p>
Unify HTTPD handling of all content files.
</p>
</desc>
</tunable>
<tunable name="httpd_use_openstack" dftval="false">
<desc>
<p>
Allow httpd to access openstack ports
</p>
</desc>
</tunable>
<tunable name="httpd_use_cifs" dftval="false">
<desc>
<p>
Allow httpd to access cifs file systems
</p>
</desc>
</tunable>
<tunable name="httpd_use_fusefs" dftval="false">
<desc>
<p>
Allow httpd to access FUSE file systems
</p>
</desc>
</tunable>
<tunable name="httpd_use_gpg" dftval="false">
<desc>
<p>
Allow httpd to run gpg
</p>
</desc>
</tunable>
<tunable name="httpd_use_sasl" dftval="false">
<desc>
<p>
Allow httpd to connect to  sasl
</p>
</desc>
</tunable>
<tunable name="httpd_use_nfs" dftval="false">
<desc>
<p>
Allow httpd to access nfs file systems
</p>
</desc>
</tunable>
<tunable name="httpd_use_opencryptoki" dftval="false">
<desc>
<p>
Allow httpd to use opencryptoki
</p>
</desc>
</tunable>
<tunable name="httpd_sys_script_anon_write" dftval="false">
<desc>
<p>
Allow apache scripts to write to public content, directories/files must be labeled public_rw_content_t.
</p>
</desc>
</tunable>
</module>
<module name="apcupsd" filename="policy/modules/contrib/apcupsd.if">
<summary>APC UPS monitoring daemon.</summary>
<interface name="apcupsd_domtrans" lineno="14">
<summary>
Execute a domain transition to
run apcupsd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="apcupsd_initrc_domtrans" lineno="34">
<summary>
Execute apcupsd server in the
apcupsd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="apcupsd_read_pid_files" lineno="52">
<summary>
Read apcupsd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apcupsd_read_power_files" lineno="71">
<summary>
Read apcupsd power files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apcupsd_read_log" lineno="90">
<summary>
Read apcupsd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apcupsd_append_log" lineno="110">
<summary>
Append apcupsd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apcupsd_cgi_script_domtrans" lineno="131">
<summary>
Execute a domain transition to
run apcupsd_cgi_script.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="apcupsd_systemctl" lineno="154">
<summary>
Execute apcupsd server in the apcupsd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="apcupsd_filetrans_named_content" lineno="179">
<summary>
Create configuration files in /var/lock
with a named file type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apcupsd_admin" lineno="205">
<summary>
All of the rules required to
administrate an apcupsd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="apm" filename="policy/modules/contrib/apm.if">
<summary>Advanced power management.</summary>
<interface name="apm_domtrans_client" lineno="13">
<summary>
Execute apm in the apm domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="apm_run_client" lineno="39">
<summary>
Execute apm in the apm domain
and allow the specified role
the apm domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="apm_use_fds" lineno="58">
<summary>
Use apmd file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apm_write_pipes" lineno="76">
<summary>
Write apmd unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apm_rw_stream_sockets" lineno="95">
<summary>
Read and write to apmd unix
stream sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apm_append_log" lineno="113">
<summary>
Append apmd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apm_stream_connect" lineno="133">
<summary>
Connect to apmd over an unix
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apmd_systemctl" lineno="152">
<summary>
Execute apmd server in the apmd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="apm_admin" lineno="183">
<summary>
All of the rules required to
administrate an apm environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="apt" filename="policy/modules/contrib/apt.if">
<summary>Advanced package tool.</summary>
<interface name="apt_domtrans" lineno="13">
<summary>
Execute apt programs in the apt domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="apt_exec" lineno="32">
<summary>
Execute the apt in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apt_run" lineno="57">
<summary>
Execute apt programs in the apt domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apt_use_fds" lineno="76">
<summary>
Use apt file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apt_dontaudit_use_fds" lineno="95">
<summary>
Do not audit attempts to use
apt file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="apt_read_pipes" lineno="113">
<summary>
Read apt unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apt_rw_pipes" lineno="131">
<summary>
Read and write apt unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apt_use_ptys" lineno="149">
<summary>
Read and write apt ptys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apt_read_cache" lineno="167">
<summary>
Read apt package cache content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apt_read_db" lineno="188">
<summary>
Read apt package database content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apt_manage_db" lineno="210">
<summary>
Create, read, write, and delete
apt package database content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apt_dontaudit_manage_db" lineno="232">
<summary>
Do not audit attempts to create,
read, write, and delete apt
package database content.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
</module>
<module name="arpwatch" filename="policy/modules/contrib/arpwatch.if">
<summary>Ethernet activity monitor.</summary>
<interface name="arpwatch_initrc_domtrans" lineno="14">
<summary>
Execute arpwatch server in the
arpwatch domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="arpwatch_search_data" lineno="32">
<summary>
Search arpwatch data file directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="arpwatch_manage_data_files" lineno="52">
<summary>
Create, read, write, and delete
arpwatch data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="arpwatch_rw_tmp_files" lineno="72">
<summary>
Read and write arpwatch temporary
files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="arpwatch_manage_tmp_files" lineno="92">
<summary>
Create, read, write, and delete
arpwatch temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="arpwatch_dontaudit_rw_packet_sockets" lineno="112">
<summary>
Do not audit attempts to read and
write arpwatch packet sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="arpwatch_systemctl" lineno="130">
<summary>
Execute arpwatch server in the arpwatch domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="arpwatch_admin" lineno="161">
<summary>
All of the rules required to
administrate an arpwatch environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="arpwatch_data_filetrans" lineno="220">
<summary>
Create objects in the arpwatch home directory
with an automatic type transition to a specified type
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="type">
<summary>
The type of the object being created.
</summary>
</param>
<param name="object">
<summary>
The class of the object being created.
</summary>
</param>
<param name="name">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
</module>
<module name="asterisk" filename="policy/modules/contrib/asterisk.if">
<summary>Asterisk IP telephony server.</summary>
<interface name="asterisk_domtrans" lineno="13">
<summary>
Execute asterisk in the asterisk domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="asterisk_exec" lineno="32">
<summary>
Execute asterisk in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="asterisk_stream_connect" lineno="52">
<summary>
Connect to asterisk over a unix domain.
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="asterisk_setattr_logs" lineno="72">
<summary>
Set attributes of asterisk log
files and directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="asterisk_setattr_pid_files" lineno="93">
<summary>
Set attributes of the asterisk
PID content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="asterisk_admin" lineno="120">
<summary>
All of the rules required to
administrate an asterisk environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="authconfig" filename="policy/modules/contrib/authconfig.if">
<summary>policy for authconfig</summary>
<interface name="authconfig_domtrans" lineno="13">
<summary>
Execute TEMPLATE in the authconfig domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="authconfig_search_lib" lineno="32">
<summary>
Search authconfig lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="authconfig_read_lib_files" lineno="51">
<summary>
Read authconfig lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="authconfig_manage_lib_files" lineno="70">
<summary>
Manage authconfig lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="authconfig_manage_lib_dirs" lineno="89">
<summary>
Manage authconfig lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="authconfig_admin" lineno="110">
<summary>
All of the rules required to administrate
an authconfig environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="automount" filename="policy/modules/contrib/automount.if">
<summary>Filesystem automounter service.</summary>
<interface name="automount_domtrans" lineno="13">
<summary>
Execute automount in the automount domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="automount_signal" lineno="32">
<summary>
Send generic signals to automount.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="automount_exec_config" lineno="50">
<summary>
Execute automount in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="automount_read_state" lineno="65">
<summary>
Read automount process state.
</summary>
<param name="domain">
<summary>
Domain to allow access.
</summary>
</param>
</interface>
<interface name="automount_dontaudit_use_fds" lineno="87">
<summary>
Do not audit attempts to use
automount file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="automount_write_pipes" lineno="105">
<summary>
Write to a automount unnamed pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="automount_dontaudit_write_pipes" lineno="125">
<summary>
Do not audit attempts to write
automount unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="automount_search_tmp_dirs" lineno="144">
<summary>
Allow domain to search of automount temporary
directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="automount_dontaudit_getattr_tmp_dirs" lineno="164">
<summary>
Do not audit attempts to get
attributes of automount temporary
directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="automount_systemctl" lineno="182">
<summary>
Execute automount server in the automount domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="automount_admin" lineno="213">
<summary>
All of the rules required to
administrate an automount environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="avahi" filename="policy/modules/contrib/avahi.if">
<summary>mDNS/DNS-SD daemon implementing Apple ZeroConf architecture.</summary>
<interface name="avahi_domtrans" lineno="13">
<summary>
Execute avahi server in the avahi domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="avahi_initrc_domtrans" lineno="33">
<summary>
Execute avahi init scripts in the
init script domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="avahi_signal" lineno="51">
<summary>
Send generic signals to avahi.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="avahi_kill" lineno="69">
<summary>
Send kill signals to avahi.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="avahi_signull" lineno="87">
<summary>
Send null signals to avahi.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="avahi_dbus_chat" lineno="106">
<summary>
Send and receive messages from
avahi over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="avahi_stream_connect" lineno="127">
<summary>
Connect to avahi using a unix
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="avahi_create_pid_dirs" lineno="146">
<summary>
Create avahi pid directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="avahi_setattr_pid_dirs" lineno="165">
<summary>
Set attributes of avahi pid directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="avahi_manage_pid_files" lineno="184">
<summary>
Create, read, and write avahi pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="avahi_dontaudit_search_pid" lineno="204">
<summary>
Do not audit attempts to search
avahi pid directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="avahi_systemctl" lineno="222">
<summary>
Execute avahi server in the avahi domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="avahi_filetrans_pid" lineno="257">
<summary>
Create specified objects in generic
pid directories with the avahi pid file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="avahi_admin" lineno="282">
<summary>
All of the rules required to
administrate an avahi environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="awstats" filename="policy/modules/contrib/awstats.if">
<summary>Log file analyzer for advanced statistics.</summary>
<interface name="awstats_domtrans" lineno="14">
<summary>
Execute the awstats program in
the awstats domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="awstats_rw_pipes" lineno="33">
<summary>
Read and write awstats unnamed pipes. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="awstats_cgi_exec" lineno="47">
<summary>
Execute awstats cgi scripts in the caller domain. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="awstats_purge_apache_log_files" dftval="false">
<desc>
<p>
Determine whether awstats can
purge httpd log files.
</p>
</desc>
</tunable>
</module>
<module name="backup" filename="policy/modules/contrib/backup.if">
<summary>System backup scripts.</summary>
<interface name="backup_domtrans" lineno="13">
<summary>
Execute backup in the backup domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="backup_run" lineno="40">
<summary>
Execute backup in the backup
domain, and allow the specified
role the backup domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="backup_manage_store_files" lineno="60">
<summary>
Create, read, and write backup
store files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="bacula" filename="policy/modules/contrib/bacula.if">
<summary>Cross platform network backup.</summary>
<interface name="bacula_domtrans_admin" lineno="14">
<summary>
Execute bacula admin bacula
admin domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="bacula_run_admin" lineno="41">
<summary>
Execute user interfaces in the
bacula admin domain, and allow the
specified role the bacula admin domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="bacula_admin" lineno="67">
<summary>
All of the rules required to
administrate an bacula environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="bcfg2" filename="policy/modules/contrib/bcfg2.if">
<summary>configuration management suite.</summary>
<interface name="bcfg2_domtrans" lineno="13">
<summary>
Execute bcfg2 in the bcfg2 domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="bcfg2_initrc_domtrans" lineno="32">
<summary>
Execute bcfg2 server in the bcfg2 domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="bcfg2_search_lib" lineno="50">
<summary>
Search bcfg2 lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bcfg2_read_lib_files" lineno="69">
<summary>
Read bcfg2 lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bcfg2_manage_lib_files" lineno="89">
<summary>
Create, read, write, and delete
bcfg2 lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bcfg2_manage_lib_dirs" lineno="109">
<summary>
Create, read, write, and delete
bcfg2 lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bcfg2_systemctl" lineno="128">
<summary>
Execute bcfg2 server in the bcfg2 domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="bcfg2_admin" lineno="161">
<summary>
All of the rules required to
administrate an bcfg2 environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="bind" filename="policy/modules/contrib/bind.if">
<summary>Berkeley Internet name domain DNS server.</summary>
<interface name="bind_initrc_domtrans" lineno="13">
<summary>
Execute bind server in the bind domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="bind_systemctl" lineno="31">
<summary>
Execute bind server in the bind domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="bind_domtrans_ndc" lineno="55">
<summary>
Execute ndc in the ndc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="bind_signal" lineno="74">
<summary>
Send generic signals to bind.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_signull" lineno="92">
<summary>
Send null signals to bind.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_kill" lineno="110">
<summary>
Send kill signals to bind.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_run_ndc" lineno="135">
<summary>
Execute ndc in the ndc domain, and
allow the specified role the ndc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="bind_domtrans" lineno="154">
<summary>
Execute bind in the named domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="bind_read_dnssec_keys" lineno="173">
<summary>
Read dnssec key files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_map_dnssec_keys" lineno="191">
<summary>
Mmap dnssec key files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_read_config" lineno="209">
<summary>
Read bind named configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_write_config" lineno="228">
<summary>
Write bind named configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_manage_config_dirs" lineno="248">
<summary>
Create, read, write, and delete
bind configuration directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_manage_config" lineno="267">
<summary>
Create, read, write, and delete
BIND configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_search_cache" lineno="285">
<summary>
Search bind cache directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_read_cache" lineno="306">
<summary>
Read bind cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_rw_cache" lineno="327">
<summary>
Allow the specified domain to read
and write Bind cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_manage_cache" lineno="347">
<summary>
Create, read, write, and delete
bind cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_read_pid_files" lineno="368">
<summary>
Read bind pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_setattr_pid_dirs" lineno="387">
<summary>
Set attributes of bind pid directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_setattr_zone_dirs" lineno="405">
<summary>
Set attributes of bind zone directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_read_zone" lineno="423">
<summary>
Read bind zone files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_read_log" lineno="442">
<summary>
Read BIND zone files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_manage_zone_dirs" lineno="464">
<summary>
Create, read, write, and delete
bind zone files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_manage_zone" lineno="484">
<summary>
Create, read, write, and delete
bind zone files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_udp_chat_named" lineno="503">
<summary>
Send and receive datagrams to and from named.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_read_state" lineno="517">
<summary>
Allow the domain to read bind state files in /proc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_admin" lineno="543">
<summary>
All of the rules required to
administrate an bind environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="bind_exec" lineno="597">
<summary>
Execute bind in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="named_tcp_bind_http_port" dftval="false">
<desc>
<p>
Determine whether Bind can bind tcp socket to http ports.
</p>
</desc>
</tunable>
<tunable name="named_write_master_zones" dftval="true">
<desc>
<p>
Determine whether Bind can write to master zone files.
Generally this is used for dynamic DNS or zone transfers.
</p>
</desc>
</tunable>
</module>
<module name="bird" filename="policy/modules/contrib/bird.if">
<summary>BIRD Internet Routing Daemon.</summary>
<interface name="bird_admin" lineno="20">
<summary>
All of the rules required to
administrate an bird environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="bitlbee" filename="policy/modules/contrib/bitlbee.if">
<summary>Tunnels instant messaging traffic to a virtual IRC channel.</summary>
<interface name="bitlbee_read_config" lineno="13">
<summary>
Read bitlbee configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bitlbee_admin" lineno="40">
<summary>
All of the rules required to
administrate an bitlbee environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="blkmapd" filename="policy/modules/contrib/blkmapd.if">
<summary>The blkmapd daemon performs device discovery and mapping for pNFS block layout client.</summary>
<interface name="blkmapd_domtrans" lineno="13">
<summary>
Execute blkmapd_exec_t in the blkmapd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="blkmapd_exec" lineno="32">
<summary>
Execute blkmapd in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="blkmapd_initrc_domtrans" lineno="51">
<summary>
Execute blkmapd server in the blkmapd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="blkmapd_read_pid_files" lineno="68">
<summary>
Read blkmapd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="blkmapd_admin" lineno="95">
<summary>
All of the rules required to administrate
an blkmapd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="blueman" filename="policy/modules/contrib/blueman.if">
<summary>Tool to manage Bluetooth devices.</summary>
<interface name="blueman_domtrans" lineno="13">
<summary>
Execute blueman in the blueman domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="blueman_dbus_chat" lineno="33">
<summary>
Send and receive messages from
blueman over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="blueman_search_lib" lineno="54">
<summary>
Search blueman lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="blueman_read_lib_files" lineno="73">
<summary>
Read blueman lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="blueman_manage_lib_files" lineno="93">
<summary>
Create, read, write, and delete
blueman lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="bluetooth" filename="policy/modules/contrib/bluetooth.if">
<summary>Bluetooth tools and system services.</summary>
<interface name="bluetooth_role" lineno="18">
<summary>
Role access for bluetooth.
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="bluetooth_stream_connect" lineno="70">
<summary>
Connect to bluetooth over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bluetooth_domtrans" lineno="97">
<summary>
Execute bluetooth in the bluetooth domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="bluetooth_read_config" lineno="116">
<summary>
Read bluetooth configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bluetooth_dbus_chat" lineno="135">
<summary>
Send and receive messages from
bluetooth over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bluetooth_dontaudit_dbus_chat" lineno="156">
<summary>
dontaudit Send and receive messages from
bluetooth over dbus.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="bluetooth_domtrans_helper" lineno="176">
<summary>
Execute bluetooth_helper in the bluetooth_helper domain.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="bluetooth_run_helper" lineno="202">
<summary>
Execute bluetooth_helper in the bluetooth_helper domain, and
allow the specified role the bluetooth_helper domain.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="terminal">
<summary>
The type of the terminal allow the bluetooth_helper domain to use.
</summary>
</param>
<rolecap/>
</interface>
<interface name="bluetooth_dontaudit_read_helper_state" lineno="217">
<summary>
Do not audit attempts to read
bluetooth process state files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="bluetooth_systemctl" lineno="236">
<summary>
Execute bluetooth server in the bluetooth domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="bluetooth_admin" lineno="267">
<summary>
All of the rules required to
administrate an bluetooth environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="boinc" filename="policy/modules/contrib/boinc.if">
<summary>policy for boinc</summary>
<interface name="boinc_domtrans" lineno="13">
<summary>
Execute a domain transition to run boinc.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="boinc_initrc_domtrans" lineno="31">
<summary>
Execute boinc server in the boinc domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="boinc_dontaudit_getattr_lib" lineno="49">
<summary>
Dontaudit getattr on boinc lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="boinc_search_lib" lineno="67">
<summary>
Search boinc lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="boinc_read_lib_files" lineno="86">
<summary>
Read boinc lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="boinc_manage_lib_files" lineno="106">
<summary>
Create, read, write, and delete
boinc lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="boinc_manage_var_lib" lineno="125">
<summary>
Manage boinc var_lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="boinc_systemctl" lineno="146">
<summary>
Execute boinc server in the boinc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="boinc_admin" lineno="177">
<summary>
All of the rules required to administrate
an boinc environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="boinc_execmem" dftval="true">
<desc>
<p>
Determine whether boinc can execmem/execstack.
</p>
</desc>
</tunable>
</module>
<module name="boltd" filename="policy/modules/contrib/boltd.if">
<summary>policy for boltd</summary>
<interface name="boltd_domtrans" lineno="13">
<summary>
Execute boltd_exec_t in the boltd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="boltd_exec" lineno="32">
<summary>
Execute boltd in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="boltd_search_lib" lineno="51">
<summary>
Search boltd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="boltd_read_lib_files" lineno="70">
<summary>
Read boltd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="boltd_manage_lib_files" lineno="89">
<summary>
Manage boltd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="boltd_manage_lib_dirs" lineno="108">
<summary>
Manage boltd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="boltd_admin" lineno="135">
<summary>
All of the rules required to administrate
an boltd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="boltd_mounton_var_lib" lineno="168">
<summary>
Mounton boltd lib  directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="boltd_mounton_var_run" lineno="187">
<summary>
Mounton boltd var_run  directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="boltd_write_var_run_pipes" lineno="205">
<summary>
Write to boltd named pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="boltd_dbus_chat" lineno="224">
<summary>
Send messages to boltd over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="boothd" filename="policy/modules/contrib/boothd.if">
<summary>policy for boothd</summary>
<interface name="boothd_domtrans" lineno="13">
<summary>
Execute boothd_exec_t in the boothd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="boothd_exec" lineno="32">
<summary>
Execute boothd in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="bootupd" filename="policy/modules/contrib/bootupd.if">
<summary>policy for bootupd</summary>
<interface name="bootupd_domtrans" lineno="13">
<summary>
Execute bootupd_exec_t in the bootupd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="bootupd_exec" lineno="32">
<summary>
Execute bootupd in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="brctl" filename="policy/modules/contrib/brctl.if">
<summary>Utilities for configuring the Linux ethernet bridge.</summary>
<interface name="brctl_domtrans" lineno="13">
<summary>
Execute a domain transition to run brctl.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="brctl_run" lineno="38">
<summary>
Execute brctl in the brctl domain, and
allow the specified role the brctl domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
</module>
<module name="brltty" filename="policy/modules/contrib/brltty.if">
<summary>brltty is refreshable braille display driver for Linux/Unix</summary>
<interface name="brltty_domtrans" lineno="13">
<summary>
Execute brltty in the brltty domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="brltty_systemctl" lineno="31">
<summary>
Execute brltty server in the brltty domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="brltty_admin" lineno="59">
<summary>
All of the rules required to administrate
an brltty environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="bugzilla" filename="policy/modules/contrib/bugzilla.if">
<summary>Bugtracker.</summary>
<interface name="bugzilla_search_content" lineno="13">
<summary>
Search bugzilla directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bugzilla_dontaudit_rw_stream_sockets" lineno="33">
<summary>
Do not audit attempts to read and
write bugzilla script unix domain
stream sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="bugzilla_admin" lineno="52">
<summary>
All of the rules required to
administrate an bugzilla environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="bumblebee" filename="policy/modules/contrib/bumblebee.if">
<summary>policy for bumblebee</summary>
<interface name="bumblebee_domtrans" lineno="13">
<summary>
Execute bumblebee in the bumblebee domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="bumblebee_read_pid_files" lineno="32">
<summary>
Read bumblebee PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bumblebee_systemctl" lineno="51">
<summary>
Execute bumblebee server in the bumblebee domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="bumblebee_stream_connect" lineno="76">
<summary>
Connect to bumblebee over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bumblebee_admin" lineno="97">
<summary>
All of the rules required to administrate
an bumblebee environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="cachefilesd" filename="policy/modules/contrib/cachefilesd.if">
<summary>policy for cachefilesd</summary>
<interface name="cachefilesd_domtrans" lineno="29">
<summary>
Execute a domain transition to run cachefilesd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="calamaris" filename="policy/modules/contrib/calamaris.if">
<summary>Squid log analysis.</summary>
<interface name="calamaris_domtrans" lineno="14">
<summary>
Execute the calamaris in
the calamaris domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="calamaris_run" lineno="40">
<summary>
Execute calamaris in the
calamaris domain, and allow the
specified role the calamaris domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="calamaris_read_www_files" lineno="59">
<summary>
Read calamaris www files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="calamaris_admin" lineno="86">
<summary>
All of the rules required to
administrate an calamaris environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="callweaver" filename="policy/modules/contrib/callweaver.if">
<summary>PBX software.</summary>
<interface name="callweaver_exec" lineno="13">
<summary>
Execute callweaver in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="callweaver_stream_connect" lineno="33">
<summary>
Connect to callweaver over a
unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="callweaver_admin" lineno="59">
<summary>
All of the rules required to
administrate an callweaver environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="canna" filename="policy/modules/contrib/canna.if">
<summary>Kana-kanji conversion server.</summary>
<interface name="canna_stream_connect" lineno="14">
<summary>
Connect to Canna using a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="canna_admin" lineno="40">
<summary>
All of the rules required to
administrate an canna environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="ccs" filename="policy/modules/contrib/ccs.if">
<summary>Cluster Configuration System.</summary>
<interface name="ccs_domtrans" lineno="13">
<summary>
Execute a domain transition to run ccs.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ccs_stream_connect" lineno="32">
<summary>
Connect to ccs over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ccs_read_config" lineno="51">
<summary>
Read cluster configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ccs_manage_config" lineno="71">
<summary>
Create, read, write, and delete
cluster configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ccs_admin" lineno="98">
<summary>
All of the rules required to
administrate an ccs environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="cdrecord" filename="policy/modules/contrib/cdrecord.if">
<summary>Record audio or data Compact Discs from a master.</summary>
<interface name="cdrecord_role" lineno="18">
<summary>
Role access for cdrecord.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<tunable name="cdrecord_read_content" dftval="false">
<desc>
<p>
Determine whether cdrecord can read
various content. nfs, samba, removable
devices, user temp and untrusted
content files
</p>
</desc>
</tunable>
</module>
<module name="certmaster" filename="policy/modules/contrib/certmaster.if">
<summary>Remote certificate distribution framework.</summary>
<interface name="certmaster_domtrans" lineno="13">
<summary>
Execute a domain transition to run certmaster.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="certmaster_exec" lineno="32">
<summary>
Execute certmaster in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="certmaster_read_log" lineno="51">
<summary>
read certmaster logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="certmaster_append_log" lineno="70">
<summary>
Append certmaster log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="certmaster_manage_log" lineno="90">
<summary>
Create, read, write, and delete
certmaster log content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="certmaster_admin" lineno="117">
<summary>
All of the rules required to
administrate an certmaster environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="certmonger" filename="policy/modules/contrib/certmonger.if">
<summary>Certificate status monitor and PKI enrollment client.</summary>
<interface name="certmonger_domtrans" lineno="13">
<summary>
Execute a domain transition to run certmonger.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="certmonger_dbus_chat" lineno="33">
<summary>
Send and receive messages from
certmonger over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="certmonger_initrc_domtrans" lineno="54">
<summary>
Execute certmonger server in
the certmonger domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="certmonger_read_pid_files" lineno="72">
<summary>
Read certmonger PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="certmonger_search_lib" lineno="91">
<summary>
Search certmonger lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="certmonger_read_lib_files" lineno="110">
<summary>
Read certmonger lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="certmonger_manage_lib_files" lineno="130">
<summary>
Create, read, write, and delete
certmonger lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="certmonger_admin" lineno="156">
<summary>
All of the rules required to
administrate an certmonger environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="certwatch" filename="policy/modules/contrib/certwatch.if">
<summary>Digital Certificate Tracking.</summary>
<interface name="certwatch_domtrans" lineno="13">
<summary>
Domain transition to certwatch.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="certwatch_run" lineno="41">
<summary>
Execute certwatch in the certwatch
domain, and allow the specified role
the certwatch domain.
backchannel.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="certwatach_run" lineno="74">
<summary>
Execute certwatch in the certwatch domain, and
allow the specified role the certwatch domain,
and use the caller's terminal. Has a sigchld
backchannel.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="terminal">
<summary>
The type of the terminal allow the certwatch domain to use.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="cfengine" filename="policy/modules/contrib/cfengine.if">
<summary>System administration tool for networks.</summary>
<template name="cfengine_domain_template" lineno="13">
<summary>
The template to define a cfengine domain.
</summary>
<param name="domain_prefix">
<summary>
Domain prefix to be used.
</summary>
</param>
</template>
<interface name="cfengine_search_lib_files" lineno="49">
<summary>
Search cfengine lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cfengine_read_lib_files" lineno="67">
<summary>
Read cfengine lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cfengine_dontaudit_write_log_files" lineno="87">
<summary>
Do not audit attempts to write
cfengine log files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="cfengine_append_inherited_log" lineno="105">
<summary>
Allow the specified domain to append cfengine's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cfengine_dontaudit_write_log" lineno="124">
<summary>
Dontaudit the specified domain to write cfengine's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cfengine_admin" lineno="149">
<summary>
All of the rules required to
administrate an cfengine environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="cgroup" filename="policy/modules/contrib/cgroup.if">
<summary>libcg is a library that abstracts the control group file system in Linux.</summary>
<interface name="cgroup_domtrans_cgclear" lineno="14">
<summary>
Execute a domain transition to run
CG Clear.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cgroup_domtrans_cgconfig" lineno="34">
<summary>
Execute a domain transition to run
CG config parser.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cgroup_initrc_domtrans_cgconfig" lineno="54">
<summary>
Execute a domain transition to run
CG config parser.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cgroup_domtrans_cgred" lineno="73">
<summary>
Execute a domain transition to run
CG rules engine daemon.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cgroup_initrc_domtrans_cgred" lineno="94">
<summary>
Execute a domain transition to run
CG rules engine daemon.
domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cgroup_run_cgclear" lineno="121">
<summary>
Execute a domain transition to
run CG Clear and allow the
specified role the CG Clear
domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="cgroup_stream_connect_cgred" lineno="141">
<summary>
Connect to CG rules engine daemon
over unix stream sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cgroup_admin" lineno="167">
<summary>
All of the rules required to administrate
an cgroup environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="chrome" filename="policy/modules/contrib/chrome.if">
<summary>policy for chrome</summary>
<interface name="chrome_domtrans_sandbox" lineno="13">
<summary>
Execute a domain transition to run chrome_sandbox.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="chrome_run_sandbox" lineno="44">
<summary>
Execute chrome_sandbox in the chrome_sandbox domain, and
allow the specified role the chrome_sandbox domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the chrome_sandbox domain.
</summary>
</param>
</interface>
<interface name="chrome_role_notrans" lineno="70">
<summary>
Role access for chrome sandbox
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="chrome_role" lineno="111">
<summary>
Role access for chrome sandbox
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="chrome_dontaudit_sandbox_leaks" lineno="126">
<summary>
Dontaudit read/write to a chrome_sandbox leaks
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="chrome_filetrans_home_content" lineno="146">
<summary>
Create chrome directory in the user home directory
with an correct label.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="chronyd" filename="policy/modules/contrib/chronyd.if">
<summary>Chrony NTP background daemon.</summary>
<interface name="chronyd_domtrans" lineno="13">
<summary>
Execute chronyd in the chronyd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="chronyd_initrc_domtrans" lineno="33">
<summary>
Execute chronyd server in the
chronyd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="chronyd_exec" lineno="51">
<summary>
Execute chronyd in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="chronyd_signal" lineno="70">
<summary>
Send generic signals to chronyd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="chronyd_read_log" lineno="88">
<summary>
Read chronyd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="chronyd_rw_shm" lineno="107">
<summary>
Read and write chronyd shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="chronyd_read_keys" lineno="129">
<summary>
Read chronyd keys files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="chronyd_append_keys" lineno="147">
<summary>
Append chronyd keys files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="chronyd_systemctl" lineno="165">
<summary>
Execute chronyd server in the chronyd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="chronyd_stream_connect" lineno="190">
<summary>
Connect to chronyd using a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="chronyd_dgram_send" lineno="210">
<summary>
Send to chronyd using a unix domain
datagram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="chronyd_manage_pid" lineno="229">
<summary>
Manage pid files used by chronyd
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="chronyd_manage_pid_files" lineno="249">
<summary>
Manage pid files used by chronyd
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="chronyd_pid_filetrans" lineno="269">
<summary>
Create objects in /var/run
with chronyd runtime private file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="chronyd_admin" lineno="295">
<summary>
All of the rules required to
administrate an chronyd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="chronyd_service_status" lineno="343">
<summary>
Get chronyd service status
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="chronyd_domtrans_chronyc" lineno="361">
<summary>
Execute chronyc in the chronyc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="chronyd_run_chronyc" lineno="384">
<summary>
Execute chronyc in the chronyc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
</module>
<module name="cinder" filename="policy/modules/contrib/cinder.if">
<summary>openstack-cinder</summary>
<interface name="cinder_manage_lib_files" lineno="13">
<summary>
Manage cinder lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="cinder_domain_template" lineno="33">
<summary>
Creates types and rules for a basic
openstack-cinder systemd daemon domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
</module>
<module name="cipe" filename="policy/modules/contrib/cipe.if">
<summary>Encrypted tunnel daemon.</summary>
<interface name="cipe_admin" lineno="20">
<summary>
All of the rules required to
administrate an cipe environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="clamav" filename="policy/modules/contrib/clamav.if">
<summary>ClamAV Virus Scanner</summary>
<interface name="clamav_domtrans" lineno="13">
<summary>
Execute a domain transition to run clamd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="clamav_stream_connect" lineno="31">
<summary>
Connect to run clamd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clamav_append_log" lineno="51">
<summary>
Allow the specified domain to append
to clamav log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clamav_read_config" lineno="71">
<summary>
Read clamav configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clamav_search_lib" lineno="90">
<summary>
Search clamav libraries directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clamav_domtrans_clamscan" lineno="109">
<summary>
Execute a domain transition to run clamscan.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="clamav_exec_clamscan" lineno="127">
<summary>
Execute clamscan without a transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clamav_manage_clamd_pid" lineno="145">
<summary>
Manage clamd pid content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clamav_read_state_clamd" lineno="164">
<summary>
Read clamd state files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clamd_systemctl" lineno="183">
<summary>
Execute clamd server in the clamd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="clamav_admin" lineno="215">
<summary>
All of the rules required to administrate
an clamav environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the clamav domain.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="clamav_read_user_content_files_clamscan" dftval="false">
<desc>
<p>
Determine whether clamscan can
read user content files.
</p>
</desc>
</tunable>
<tunable name="clamav_read_all_non_security_files_clamscan" dftval="false">
<desc>
<p>
Determine whether clamscan can read
all non-security files.
</p>
</desc>
</tunable>
<tunable name="clamd_use_jit" dftval="false">
<desc>
<p>
Determine whether clamd can use JIT compiler.
</p>
</desc>
</tunable>
</module>
<module name="clockspeed" filename="policy/modules/contrib/clockspeed.if">
<summary>Clock speed measurement and manipulation.</summary>
<interface name="clockspeed_domtrans_cli" lineno="14">
<summary>
Execute clockspeed utilities in
the clockspeed_cli domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="clockspeed_run_cli" lineno="41">
<summary>
Execute clockspeed utilities in the
clockspeed cli domain, and allow the
specified role the clockspeed cli domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="clogd" filename="policy/modules/contrib/clogd.if">
<summary>Clustered Mirror Log Server.</summary>
<interface name="clogd_domtrans" lineno="13">
<summary>
Execute a domain transition to run clogd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="clogd_stream_connect" lineno="33">
<summary>
Connect to clogd over a unix domain
stream socket.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clogd_rw_semaphores" lineno="47">
<summary>
Read and write clogd semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clogd_rw_shm" lineno="65">
<summary>
Read and write clogd shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="cloudform" filename="policy/modules/contrib/cloudform.if">
<summary>cloudform policy</summary>
<template name="cloudform_domain_template" lineno="14">
<summary>
Creates types and rules for a basic
cloudform daemon domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="cloudform_init_domtrans" lineno="36">
<summary>
Execute a domain transition to run cloud_init.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cloudform_rw_pipes" lineno="54">
<summary>
Read and write unnamed cloud-init pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cloudform_init_dgram_send" lineno="72">
<summary>
Send a message to cloud-init over a datagram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cloudform_init_write_tmp" lineno="90">
<summary>
Write to cloud-init temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cloudform_exec_mongod" lineno="109">
<summary>
Execute mongod in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cloudform_read_lib_files" lineno="127">
<summary>
Allow read to cloud lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cloudform_read_lib_lnk_files" lineno="146">
<summary>
Allow read to cloud lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cloudform_dontaudit_write_cloud_log" lineno="165">
<summary>
Execute mongod in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="cmirrord" filename="policy/modules/contrib/cmirrord.if">
<summary>Cluster mirror log daemon.</summary>
<interface name="cmirrord_domtrans" lineno="14">
<summary>
Execute a domain transition to
run cmirrord.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cmirrord_initrc_domtrans" lineno="34">
<summary>
Execute cmirrord server in the
cmirrord domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cmirrord_read_pid_files" lineno="52">
<summary>
Read cmirrord PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cmirrord_rw_shm" lineno="71">
<summary>
Read and write cmirrord shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cmirrord_admin" lineno="102">
<summary>
All of the rules required to
administrate an cmirrord environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="cobbler" filename="policy/modules/contrib/cobbler.if">
<summary>Cobbler installation server.</summary>
<interface name="cobblerd_domtrans" lineno="13">
<summary>
Execute a domain transition to run cobblerd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cobblerd_initrc_domtrans" lineno="33">
<summary>
Execute cobblerd init scripts in
the init script domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cobbler_list_config" lineno="53">
<summary>
Read cobbler configuration dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cobbler_read_config" lineno="73">
<summary>
Read cobbler configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cobbler_dontaudit_rw_log" lineno="93">
<summary>
Do not audit attempts to read and write
cobbler log files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="cobbler_search_lib" lineno="111">
<summary>
Search cobbler lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cobbler_read_lib_files" lineno="130">
<summary>
Read cobbler lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cobbler_manage_lib_files" lineno="151">
<summary>
Create, read, write, and delete
cobbler lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cobblerd_admin" lineno="179">
<summary>
All of the rules required to
administrate an cobbler environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="cobbler_admin" lineno="201">
<summary>
All of the rules required to
administrate an cobbler environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="cobbler_anon_write" dftval="false">
<desc>
<p>
Determine whether Cobbler can modify
public files used for public file
transfer services.
</p>
</desc>
</tunable>
<tunable name="cobbler_can_network_connect" dftval="false">
<desc>
<p>
Determine whether Cobbler can connect
to the network using TCP.
</p>
</desc>
</tunable>
<tunable name="cobbler_use_cifs" dftval="false">
<desc>
<p>
Determine whether Cobbler can access
cifs file systems.
</p>
</desc>
</tunable>
<tunable name="cobbler_use_nfs" dftval="false">
<desc>
<p>
Determine whether Cobbler can access
nfs file systems.
</p>
</desc>
</tunable>
</module>
<module name="collectd" filename="policy/modules/contrib/collectd.if">
<summary>Statistics collection daemon for filling RRD files.</summary>
<interface name="collectd_domtrans" lineno="13">
<summary>
Transition to collectd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="collectd_initrc_domtrans" lineno="32">
<summary>
Execute collectd server in the collectd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="collectd_search_lib" lineno="50">
<summary>
Search collectd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="collectd_read_lib_files" lineno="69">
<summary>
Read collectd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="collectd_manage_lib_files" lineno="88">
<summary>
Manage collectd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="collectd_manage_lib_dirs" lineno="107">
<summary>
Manage collectd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="collectd_manage_rw_content" lineno="126">
<summary>
Manage collectd httpd rw content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="collectd_systemctl" lineno="146">
<summary>
Execute collectd server in the collectd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="collectd_admin" lineno="177">
<summary>
All of the rules required to administrate
an collectd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="collectd_tcp_network_connect" dftval="false">
<desc>
<p>
Determine whether collectd can connect
to the network using TCP.
</p>
</desc>
</tunable>
</module>
<module name="colord" filename="policy/modules/contrib/colord.if">
<summary>GNOME color manager</summary>
<interface name="colord_domtrans" lineno="13">
<summary>
Execute a domain transition to run colord.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="colord_dbus_chat" lineno="32">
<summary>
Send and receive messages from
colord over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="colord_read_lib_files" lineno="53">
<summary>
Read colord lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="colord_systemctl" lineno="72">
<summary>
Execute colord server in the colord domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<tunable name="colord_use_nfs" dftval="false">
<desc>
<p>
Determine whether Colord can access
nfs file systems.
</p>
</desc>
</tunable>
</module>
<module name="comsat" filename="policy/modules/contrib/comsat.if">
<summary>Comsat, a biff server.</summary>
</module>
<module name="condor" filename="policy/modules/contrib/condor.if">
<summary>policy for condor</summary>
<template name="condor_domain_template" lineno="14">
<summary>
Creates types and rules for a basic
condor init daemon domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="condor_domtrans_master" lineno="53">
<summary>
Transition to condor.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="condor_startd_ranged_domtrans_to" lineno="84">
<summary>
Allows to start userland processes
by transitioning to the specified domain,
with a range transition.
</summary>
<param name="domain">
<summary>
The process type entered by condor_startd.
</summary>
</param>
<param name="entrypoint">
<summary>
The executable type for the entrypoint.
</summary>
</param>
<param name="range">
<summary>
Range for the domain.
</summary>
</param>
</interface>
<interface name="condor_startd_domtrans_to" lineno="113">
<summary>
Allows to start userlandprocesses
by transitioning to the specified domain.
</summary>
<param name="domain">
<summary>
The process type entered by condor_startd.
</summary>
</param>
<param name="entrypoint">
<summary>
The executable type for the entrypoint.
</summary>
</param>
</interface>
<interface name="condor_read_log" lineno="132">
<summary>
Read condor's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="condor_append_log" lineno="151">
<summary>
Append to condor log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="condor_manage_log" lineno="170">
<summary>
Manage condor log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="condor_search_lib" lineno="191">
<summary>
Search condor lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="condor_read_lib_files" lineno="210">
<summary>
Read condor lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="condor_rw_lib_files" lineno="229">
<summary>
Read and write condor lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="condor_manage_lib_files" lineno="248">
<summary>
Manage condor lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="condor_manage_lib_dirs" lineno="267">
<summary>
Manage condor lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="condor_read_pid_files" lineno="286">
<summary>
Read condor PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="condor_systemctl" lineno="305">
<summary>
Execute condor server in the condor domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="condor_rw_tcp_sockets_startd" lineno="330">
<summary>
Read and write condor_startd server TCP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="condor_rw_tcp_sockets_schedd" lineno="348">
<summary>
Read and write condor_schedd server TCP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="condor_admin" lineno="372">
<summary>
All of the rules required to administrate
an condor environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="condor_tcp_network_connect" dftval="false">
<desc>
<p>
Determine whether Condor can connect
to the network using TCP.
</p>
</desc>
</tunable>
</module>
<module name="conman" filename="policy/modules/contrib/conman.if">
<summary>Conman is a program for connecting to remote consoles being managed by conmand</summary>
<interface name="conman_domtrans" lineno="13">
<summary>
Execute conman in the conman domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="conman_read_log" lineno="32">
<summary>
Read conman's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="conman_append_log" lineno="51">
<summary>
Append to conman log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="conman_manage_log" lineno="70">
<summary>
Manage conman log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="conman_systemctl" lineno="90">
<summary>
Execute conman server in the conman domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="conman_admin" lineno="118">
<summary>
All of the rules required to administrate
an conman environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="conman_can_network" dftval="false">
<desc>
<p>
Determine whether conman can
connect to all TCP ports
</p>
</desc>
</tunable>
<tunable name="conman_use_nfs" dftval="false">
<desc>
<p>
Allow conman to manage nfs files
</p>
</desc>
</tunable>
</module>
<module name="conntrackd" filename="policy/modules/contrib/conntrackd.if">
<summary>Conntrackd connection tracking service</summary>
<interface name="conntrackd_read_config" lineno="14">
<summary>
Read the configuration files for conntrackd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="conntrackd_stream_connect" lineno="35">
<summary>
Connect to conntrackd over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="conntrackd_systemctl" lineno="54">
<summary>
Execute conntrackd services in the conntrackd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="conntrackd_admin" lineno="85">
<summary>
All of the rules required to administrate
an conntrackd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the conntrackd domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="consolekit" filename="policy/modules/contrib/consolekit.if">
<summary>Framework for facilitating multiple user sessions on desktops.</summary>
<interface name="consolekit_domtrans" lineno="13">
<summary>
Execute a domain transition to run consolekit.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="consolekit_dontaudit_dbus_chat" lineno="33">
<summary>
dontaudit Send and receive messages from
consolekit over dbus.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="consolekit_dbus_chat" lineno="54">
<summary>
Send and receive messages from
consolekit over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="consolekit_dontaudit_read_log" lineno="74">
<summary>
Dontaudit attempts to read consolekit log files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="consolekit_read_log" lineno="92">
<summary>
Read consolekit log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="consolekit_manage_log" lineno="112">
<summary>
Create, read, write, and delete
consolekit log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="consolekit_read_pid_files" lineno="131">
<summary>
Read consolekit PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="consolekit_list_pid_files" lineno="151">
<summary>
List consolekit PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="consolekit_read_state" lineno="170">
<summary>
Allow the domain to read consolekit state files in /proc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="consolekit_systemctl" lineno="189">
<summary>
Execute consolekit server in the consolekit domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="container" filename="policy/modules/contrib/container.if">
<summary>The open-source application container engine.</summary>
<interface name="container_runtime_domtrans" lineno="13">
<summary>
Execute container in the container domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="container_runtime_run" lineno="40">
<summary>
Execute container runtime in the container runtime domain
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="container_runtime_exec" lineno="62">
<summary>
Execute container in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="container_read_state" lineno="81">
<summary>
Read the process state of container runtime
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="container_search_lib" lineno="99">
<summary>
Search container lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="container_exec_lib" lineno="118">
<summary>
Execute container lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="container_read_lib_files" lineno="137">
<summary>
Read container lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="container_read_share_files" lineno="156">
<summary>
Read container share files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="container_runtime_read_tmpfs_files" lineno="177">
<summary>
Read container runtime tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="container_manage_share_files" lineno="198">
<summary>
Manage container share files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="container_manage_share_dirs" lineno="219">
<summary>
Manage container share dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="container_exec_share_files" lineno="239">
<summary>
Allow the specified domain to execute container shared files
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="container_manage_config_files" lineno="257">
<summary>
Manage container config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="container_manage_lib_files" lineno="279">
<summary>
Manage container lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="container_manage_files" lineno="299">
<summary>
Manage container files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="container_manage_dirs" lineno="318">
<summary>
Manage container directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="container_manage_lib_dirs" lineno="336">
<summary>
Manage container lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="container_lib_filetrans" lineno="372">
<summary>
Create objects in a container var lib directory
with an automatic type transition to
a specified private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to create.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="container_read_pid_files" lineno="390">
<summary>
Read container PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="container_systemctl" lineno="409">
<summary>
Execute container server in the container domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="container_rw_sem" lineno="434">
<summary>
Read and write container shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="container_append_file" lineno="453">
<summary>
Allow the specified domain to append
to container files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="container_use_ptys" lineno="471">
<summary>
Read and write the container pty type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="container_filetrans_named_content" lineno="489">
<summary>
Allow domain to create container content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="container_stream_connect" lineno="593">
<summary>
Connect to container over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="container_spc_stream_connect" lineno="614">
<summary>
Connect to SPC containers over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="container_admin" lineno="634">
<summary>
All of the rules required to administrate
an container environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="container_auth_domtrans" lineno="684">
<summary>
Execute container_auth_exec_t in the container_auth domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="container_auth_exec" lineno="703">
<summary>
Execute container_auth in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="container_auth_stream_connect" lineno="722">
<summary>
Connect to container_auth over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="container_runtime_typebounds" lineno="741">
<summary>
container domain typebounds calling domain.
</summary>
<param name="domain">
<summary>
Domain to be typebound.
</summary>
</param>
</interface>
<interface name="container_runtime_entrypoint" lineno="760">
<summary>
Allow any container_runtime_exec_t to be an entrypoint of this domain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="docker_exec_lib" lineno="767">
<summary>
Summary is missing!
</summary>
<param name="?">
<summary>
Parameter descriptions are missing!
</summary>
</param>
</interface>
<interface name="docker_read_share_files" lineno="771">
<summary>
Summary is missing!
</summary>
<param name="?">
<summary>
Parameter descriptions are missing!
</summary>
</param>
</interface>
<interface name="docker_exec_share_files" lineno="775">
<summary>
Summary is missing!
</summary>
<param name="?">
<summary>
Parameter descriptions are missing!
</summary>
</param>
</interface>
<interface name="docker_manage_lib_files" lineno="779">
<summary>
Summary is missing!
</summary>
<param name="?">
<summary>
Parameter descriptions are missing!
</summary>
</param>
</interface>
<interface name="docker_manage_lib_dirs" lineno="784">
<summary>
Summary is missing!
</summary>
<param name="?">
<summary>
Parameter descriptions are missing!
</summary>
</param>
</interface>
<interface name="docker_lib_filetrans" lineno="788">
<summary>
Summary is missing!
</summary>
<param name="?">
<summary>
Parameter descriptions are missing!
</summary>
</param>
</interface>
<interface name="docker_read_pid_files" lineno="792">
<summary>
Summary is missing!
</summary>
<param name="?">
<summary>
Parameter descriptions are missing!
</summary>
</param>
</interface>
<interface name="docker_systemctl" lineno="796">
<summary>
Summary is missing!
</summary>
<param name="?">
<summary>
Parameter descriptions are missing!
</summary>
</param>
</interface>
<interface name="docker_use_ptys" lineno="800">
<summary>
Summary is missing!
</summary>
<param name="?">
<summary>
Parameter descriptions are missing!
</summary>
</param>
</interface>
<interface name="docker_stream_connect" lineno="804">
<summary>
Summary is missing!
</summary>
<param name="?">
<summary>
Parameter descriptions are missing!
</summary>
</param>
</interface>
<interface name="docker_spc_stream_connect" lineno="808">
<summary>
Summary is missing!
</summary>
<param name="?">
<summary>
Parameter descriptions are missing!
</summary>
</param>
</interface>
<interface name="container_spc_read_state" lineno="822">
<summary>
Read the process state of spc containers
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="container_runtime_domain_template" lineno="841">
<summary>
Creates types and rules for a basic
container runtime process domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<template name="container_domain_template" lineno="884">
<summary>
Creates types and rules for a basic
container process domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
<param name="prefix">
<summary>
Prefix for the file type.
</summary>
</param>
</template>
<template name="container_manage_files_template" lineno="916">
<summary>
Manage container files template
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
<param name="prefix">
<summary>
Prefix for the file type.
</summary>
</param>
</template>
<interface name="container_spc_rw_pipes" lineno="959">
<summary>
Read and write a spc_t unnamed pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="container_kubelet_domtrans" lineno="977">
<summary>
Execute container in the container domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="container_kubelet_run" lineno="1002">
<summary>
Execute kubelet_exec_t in the kubelet_t domain
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="container_kubelet_stream_connect" lineno="1021">
<summary>
Connect to kubelet over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="container_file" lineno="1040">
<summary>
Create a file type used for container files.
</summary>
<param name="script_file">
<summary>
Type to be used for an container file.
</summary>
</param>
</interface>
<tunable name="container_connect_any" dftval="false">
<desc>
<p>
Determine whether container can
connect to all TCP ports.
</p>
</desc>
</tunable>
<tunable name="container_read_certs" dftval="false">
<desc>
<p>
Allow all container domains to read cert files and directories
</p>
</desc>
</tunable>
<tunable name="sshd_launch_containers" dftval="false">
<desc>
<p>
Determine whether sshd can launch container engines
</p>
</desc>
</tunable>
<tunable name="container_use_devices" dftval="false">
<desc>
<p>
Allow containers to use any device volume mounted into container
</p>
</desc>
</tunable>
<tunable name="container_use_xserver_devices" dftval="false">
<desc>
<p>
Allow containers to use any xserver device volume mounted into container, mostly used for GPU acceleration
</p>
</desc>
</tunable>
<tunable name="container_use_dri_devices" dftval="true">
<desc>
<p>
Allow containers to use any dri device volume mounted into container
</p>
</desc>
</tunable>
<tunable name="container_manage_cgroup" dftval="false">
<desc>
<p>
Allow sandbox containers to manage cgroup (systemd)
</p>
</desc>
</tunable>
<tunable name="container_use_cephfs" dftval="false">
<desc>
<p>
Determine whether container can
use ceph file system
</p>
</desc>
</tunable>
<tunable name="container_use_ecryptfs" dftval="false">
<desc>
<p>
Determine whether container can
use ecrypt file system
</p>
</desc>
</tunable>
</module>
<module name="coreos_installer" filename="policy/modules/contrib/coreos_installer.if">
<summary>policy for coreos_installer</summary>
<interface name="coreos_installer_domtrans" lineno="13">
<summary>
Execute coreos_installer_exec_t in the coreos_installer domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="coreos_installer_exec" lineno="32">
<summary>
Execute coreos_installer in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="corosync" filename="policy/modules/contrib/corosync.if">
<summary>Corosync Cluster Engine.</summary>
<interface name="corosync_domtrans" lineno="13">
<summary>
Execute a domain transition to run corosync.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="corosync_initrc_domtrans" lineno="33">
<summary>
Execute corosync init scripts in
the init script domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="corosync_exec" lineno="51">
<summary>
Execute corosync in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corosync_read_log" lineno="70">
<summary>
Read corosync log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corosync_setattr_log" lineno="90">
<summary>
Setattr corosync log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corosync_stream_connect" lineno="110">
<summary>
Connect to corosync over a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corosync_rw_tmpfs" lineno="131">
<summary>
Allow the specified domain to read/write corosync's tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corosync_systemctl" lineno="150">
<summary>
Execute corosync server in the corosync domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="corosyncd_admin" lineno="181">
<summary>
All of the rules required to
administrate an corosync environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="corosync_admin" lineno="203">
<summary>
All of the rules required to
administrate an corosync environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="couchdb" filename="policy/modules/contrib/couchdb.if">
<summary>Document database server.</summary>
<interface name="couchdb_read_log_files" lineno="13">
<summary>
Allow to read couchdb log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="couchdb_read_lib_files" lineno="32">
<summary>
Allow to read couchdb lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="couchdb_manage_lib_files" lineno="52">
<summary>
All of the rules required to
administrate an couchdb environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="couchdb_manage_lib_dirs" lineno="71">
<summary>
Manage couchdb lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="couchdb_read_conf_files" lineno="90">
<summary>
Allow to read couchdb conf files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="couchdb_read_pid_files" lineno="109">
<summary>
Read couchdb PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="couchdb_search_pid_dirs" lineno="128">
<summary>
Search couchdb PID dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="couchdb_manage_files" lineno="147">
<summary>
Allow domain to manage couchdb content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="couchdb_systemctl" lineno="171">
<summary>
Execute couchdb server in the couchdb domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="couchdb_admin" lineno="204">
<summary>
All of the rules required to administrate
an couchdb environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="courier" filename="policy/modules/contrib/courier.if">
<summary>Courier IMAP and POP3 email servers</summary>
<template name="courier_domain_template" lineno="13">
<summary>
Template for creating courier server processes.
</summary>
<param name="prefix">
<summary>
Prefix name of the server process.
</summary>
</param>
</template>
<interface name="courier_domtrans_authdaemon" lineno="58">
<summary>
Execute the courier authentication daemon with
a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="courier_stream_connect_authdaemon" lineno="76">
<summary>
Connect to courier-authdaemon over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="courier_domtrans_pop" lineno="96">
<summary>
Execute the courier POP3 and IMAP server with
a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="courier_read_config" lineno="114">
<summary>
Read courier config files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="courier_manage_spool_dirs" lineno="134">
<summary>
Create, read, write, and delete courier
spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="courier_manage_spool_files" lineno="154">
<summary>
Create, read, write, and delete courier
spool files.
</summary>
<param name="domains">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="courier_manage_spool_sockets" lineno="173">
<summary>
Manage named socket in a courier spool directory.
</summary>
<param name="domains">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="courier_read_spool" lineno="192">
<summary>
Read courier spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="courier_rw_spool_pipes" lineno="211">
<summary>
Read and write to courier spool pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="cpucontrol" filename="policy/modules/contrib/cpucontrol.if">
<summary>Services for loading CPU microcode and CPU frequency scaling.</summary>
<interface name="cpucontrol_stub" lineno="13">
<summary>
CPUcontrol stub interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="cpufreqselector" filename="policy/modules/contrib/cpufreqselector.if">
<summary>Command-line CPU frequency settings.</summary>
<interface name="cpufreqselector_dbus_chat" lineno="14">
<summary>
Send and receive messages from
cpufreq-selector over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="cpuplug" filename="policy/modules/contrib/cpuplug.if">
<summary>cpuplugd - Linux on System z CPU and memory hotplug daemon</summary>
<interface name="cpuplug_domtrans" lineno="13">
<summary>
Execute cpuplug in the cpuplug domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="cron" filename="policy/modules/contrib/cron.if">
<summary>Periodic execution of scheduled commands.</summary>
<template name="cron_common_crontab_template" lineno="14">
<summary>
The common rules for a crontab domain.
</summary>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
</template>
<interface name="cron_role" lineno="59">
<summary>
Role access for cron
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<rolecap/>
</interface>
<interface name="cron_unconfined_role" lineno="155">
<summary>
Role access for unconfined cronjobs
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<rolecap/>
</interface>
<interface name="cron_admin_role" lineno="238">
<summary>
Role access for cron
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<rolecap/>
</interface>
<interface name="cron_system_entry" lineno="332">
<summary>
Make the specified program domain accessable
from the system cron jobs.
</summary>
<param name="domain">
<summary>
The type of the process to transition to.
</summary>
</param>
<param name="entrypoint">
<summary>
The type of the file used as an entrypoint to this domain.
</summary>
</param>
</interface>
<interface name="cron_domtrans" lineno="356">
<summary>
Execute cron in the cron system domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cron_exec" lineno="374">
<summary>
Execute crond_exec_t
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_initrc_domtrans" lineno="392">
<summary>
Execute crond server in the crond domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cron_systemctl" lineno="410">
<summary>
Execute crond server in the crond domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cron_use_fds" lineno="435">
<summary>
Inherit and use a file descriptor
from the cron daemon.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_sigchld" lineno="453">
<summary>
Send a SIGCHLD signal to the cron daemon.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_signal" lineno="471">
<summary>
Send a generic signal to cron daemon.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_read_pipes" lineno="489">
<summary>
Read a cron daemon unnamed pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_read_state_crond" lineno="507">
<summary>
Read crond state files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_dbus_chat_crond" lineno="528">
<summary>
Send and receive messages from
crond over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_dbus_chat_system_job" lineno="549">
<summary>
Send and receive messages from
the cron system domain over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_dontaudit_write_pipes" lineno="569">
<summary>
Do not audit attempts to write cron daemon unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="cron_rw_pipes" lineno="587">
<summary>
Read and write a cron daemon unnamed pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_dontaudit_setattr_pipes" lineno="605">
<summary>
Do not audit attempts to setattr cron daemon unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="cron_rw_inherited_user_spool_files" lineno="623">
<summary>
Read and write inherited user spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_rw_inherited_spool_files" lineno="641">
<summary>
Read and write inherited spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_rw_tcp_sockets" lineno="659">
<summary>
Read, and write cron daemon TCP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_dontaudit_rw_tcp_sockets" lineno="677">
<summary>
Dontaudit Read, and write cron daemon TCP sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="cron_search_spool" lineno="695">
<summary>
Search the directory containing user cron tables.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_manage_system_spool" lineno="714">
<summary>
Search the directory containing user cron tables.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_manage_pid_files" lineno="733">
<summary>
Manage pid files used by cron
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_read_pid_files" lineno="752">
<summary>
Read pid files used by cron
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_anacron_domtrans_system_job" lineno="771">
<summary>
Execute anacron in the cron system domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cron_signull_system_job" lineno="789">
<summary>
Send a null signal to cron system job.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_use_system_job_fds" lineno="808">
<summary>
Inherit and use a file descriptor
from system cron jobs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_write_system_job_pipes" lineno="826">
<summary>
Write a system cron job unnamed pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_rw_system_job_pipes" lineno="844">
<summary>
Read and write a system cron job unnamed pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_rw_system_job_stream_sockets" lineno="862">
<summary>
Allow read/write unix stream sockets from the system cron jobs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_read_system_job_tmp_files" lineno="880">
<summary>
Read temporary files from the system cron jobs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_dontaudit_append_system_job_tmp_files" lineno="903">
<summary>
Do not audit attempts to append temporary
files from the system cron jobs.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="cron_dontaudit_write_system_job_tmp_files" lineno="922">
<summary>
Do not audit attempts to write temporary
files from the system cron jobs.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="cron_dgram_send" lineno="943">
<summary>
Send to system_cronjob over a unix domain
datagram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_read_system_job_lib_files" lineno="961">
<summary>
Read temporary files from the system cron jobs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_manage_system_job_lib_files" lineno="980">
<summary>
Manage files from the system cron jobs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_manage_log_files" lineno="1000">
<summary>
Create, read, write and delete
cron log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_generic_log_filetrans_log" lineno="1031">
<summary>
Create specified objects in generic
log directories with the cron log file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="cron_generic_log_filetrans_log_insights" lineno="1060">
<summary>
Create specified objects in generic
log directories with the cron log file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="cron_system_spool_entrypoint" lineno="1079">
<summary>
Allow system_cron_spool_t to be an entrypoint of this domain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="crontab_domtrans" lineno="1096">
<summary>
Execute crontab in the crontab domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="crontab_admin_domtrans" lineno="1114">
<summary>
Execute crontab in the admin crontab domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<tunable name="cron_can_relabel" dftval="false">
<desc>
<p>
Allow system cron jobs to relabel filesystem
for restoring file contexts.
</p>
</desc>
</tunable>
<tunable name="cron_userdomain_transition" dftval="true">
<desc>
<p>
Determine whether crond can execute jobs
in the user domain as opposed to the
the generic cronjob domain.
</p>
</desc>
</tunable>
<tunable name="cron_system_cronjob_use_shares" dftval="false">
<desc>
<p>
Allow system cronjob to be executed on
on NFS, CIFS or FUSE filesystem.
</p>
</desc>
</tunable>
<tunable name="fcron_crond" dftval="false">
<desc>
<p>
Enable extra rules in the cron domain
to support fcron.
</p>
</desc>
</tunable>
</module>
<module name="ctdb" filename="policy/modules/contrib/ctdb.if">
<summary>policy for ctdbd</summary>
<interface name="ctdbd_domtrans" lineno="13">
<summary>
Transition to ctdbd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ctdbd_initrc_domtrans" lineno="32">
<summary>
Execute ctdbd server in the ctdbd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ctdbd_signal" lineno="50">
<summary>
Allow domain to signal ctdbd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ctdbd_sigchld" lineno="67">
<summary>
Allow domain to sigchld ctdbd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ctdbd_read_log" lineno="85">
<summary>
Read ctdbd's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ctdbd_append_log" lineno="104">
<summary>
Append to ctdbd log files.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ctdbd_manage_log" lineno="123">
<summary>
Manage ctdbd log files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="ctdbd_search_lib" lineno="144">
<summary>
Search ctdbd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ctdbd_read_lib_files" lineno="163">
<summary>
Read ctdbd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ctdbd_manage_lib_files" lineno="182">
<summary>
Manage ctdbd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ctdbd_manage_lib_dirs" lineno="202">
<summary>
Manage ctdbd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ctdbd_read_pid_files" lineno="221">
<summary>
Read ctdbd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ctdbd_stream_connect" lineno="240">
<summary>
Connect to ctdbd over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ctdbd_admin" lineno="267">
<summary>
All of the rules required to administrate
an ctdbd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="cups" filename="policy/modules/contrib/cups.if">
<summary>Common UNIX printing system.</summary>
<interface name="cups_backend" lineno="19">
<summary>
Create a domain which can be
started by cupsd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
</interface>
<interface name="cups_domtrans" lineno="46">
<summary>
Execute cups in the cups domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cups_stream_connect" lineno="66">
<summary>
Connect to cupsd over an unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cups_tcp_connect" lineno="86">
<summary>
Connect to cups over TCP.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cups_dbus_chat" lineno="101">
<summary>
Send and receive messages from
cups over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cups_read_pid_files" lineno="121">
<summary>
Read cups PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cups_domtrans_config" lineno="141">
<summary>
Execute cups_config in the
cups config domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cups_signal_config" lineno="161">
<summary>
Send generic signals to the cups
configuration daemon.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cups_dbus_chat_config" lineno="180">
<summary>
Send and receive messages from
cupsd_config over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cups_read_config" lineno="201">
<summary>
Read cups configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="cups_read_rw_config" lineno="224">
<summary>
Read cups-writable configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="cups_read_log" lineno="244">
<summary>
Read cups log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="cups_append_log" lineno="263">
<summary>
Append cups log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cups_write_log" lineno="282">
<summary>
Write cups log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cups_stream_connect_ptal" lineno="302">
<summary>
Connect to ptal over an unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cupsd_systemctl" lineno="321">
<summary>
Execute cupsd server in the cupsd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cups_read_state" lineno="345">
<summary>
Read the process state (/proc/pid) of cupsd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cups_admin" lineno="372">
<summary>
All of the rules required to
administrate an cups environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="cups_filetrans_named_content" lineno="424">
<summary>
Transition to cups named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="cups_execmem" dftval="false">
<desc>
<p>
Allow cups execmem/execstack
</p>
</desc>
</tunable>
</module>
<module name="cvs" filename="policy/modules/contrib/cvs.if">
<summary>Concurrent versions system.</summary>
<interface name="cvs_dontaudit_list_data" lineno="13">
<summary>
Dontaudit Attempts to list the CVS data and metadata.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="cvs_read_data" lineno="31">
<summary>
Read CVS data and metadata content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cvs_exec" lineno="51">
<summary>
Execute cvs in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cvs_filetrans_home_content" lineno="70">
<summary>
Transition to cvs named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cvs_admin" lineno="95">
<summary>
All of the rules required to
administrate an cvs environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="cvs_read_shadow" dftval="false">
<desc>
<p>
Determine whether cvs can read shadow
password files.
</p>
</desc>
</tunable>
</module>
<module name="cyphesis" filename="policy/modules/contrib/cyphesis.if">
<summary>Cyphesis WorldForge game server.</summary>
<interface name="cyphesis_domtrans" lineno="13">
<summary>
Execute a domain transition to run cyphesis.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cyphesis_admin" lineno="39">
<summary>
All of the rules required to
administrate an cyphesis environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="cyrus" filename="policy/modules/contrib/cyrus.if">
<summary>Cyrus is an IMAP service intended to be run on sealed servers.</summary>
<interface name="cyrus_manage_data" lineno="14">
<summary>
Create, read, write, and delete
cyrus data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cyrus_write_data" lineno="33">
<summary>
Allow write cyrus data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cyrus_stream_connect" lineno="53">
<summary>
Connect to Cyrus using a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cyrus_runtime_stream_connect" lineno="76">
<summary>
Connect to Cyrus using a unix
domain stream socket in the runtime filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cyrus_admin" lineno="102">
<summary>
All of the rules required to
administrate an cyrus environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="daemontools" filename="policy/modules/contrib/daemontools.if">
<summary>Collection of tools for managing UNIX services.</summary>
<interface name="daemontools_ipc_domain" lineno="14">
<summary>
An ipc channel between the
supervised domain and svc_start_t.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="daemontools_service_domain" lineno="41">
<summary>
Create a domain which can be
started by daemontools.
</summary>
<param name="domain">
<summary>
Type to be used as a domain.
</summary>
</param>
<param name="entrypoint">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
</interface>
<interface name="daemontools_domtrans_start" lineno="64">
<summary>
Execute svc start in the svc
start domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="daemonstools_run_start" lineno="91">
<summary>
Execute svc start in the svc
start domain, and allow the
specified role the svc start domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="daemontools_domtrans_run" lineno="110">
<summary>
Execute avc run in the svc run domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="daemontools_sigchld_run" lineno="130">
<summary>
Send child terminated signals
to svc run.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="daemontools_domtrans_multilog" lineno="149">
<summary>
Execute avc multilog in the svc
multilog domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="daemontools_search_svc_dir" lineno="168">
<summary>
Search svc svc directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="daemontools_read_svc" lineno="188">
<summary>
Read svc avc files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="daemontools_manage_svc" lineno="210">
<summary>
Create, read, write and delete
svc svc content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="dante" filename="policy/modules/contrib/dante.if">
<summary>Dante msproxy and socks4/5 proxy server.</summary>
<interface name="dante_admin" lineno="20">
<summary>
All of the rules required to
administrate an dante environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="dbadm" filename="policy/modules/contrib/dbadm.if">
<summary>Database administrator role.</summary>
<interface name="dbadm_role_change" lineno="14">
<summary>
Change to the database administrator role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dbadm_role_change_to" lineno="44">
<summary>
Change from the database administrator role.
</summary>
<desc>
<p>
Change from the database administrator role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="dbadm_manage_user_files" dftval="false">
<desc>
<p>
Determine whether dbadm can manage
generic user files.
</p>
</desc>
</tunable>
<tunable name="dbadm_read_user_files" dftval="false">
<desc>
<p>
Determine whether dbadm can read
generic user files.
</p>
</desc>
</tunable>
</module>
<module name="dbskk" filename="policy/modules/contrib/dbskk.if">
<summary>Dictionary server for the SKK Japanese input method system.</summary>
</module>
<module name="dbus" filename="policy/modules/contrib/dbus.if">
<summary>Desktop messaging bus</summary>
<interface name="dbus_stub" lineno="13">
<summary>
DBUS stub interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="dbus_exec_dbusd" lineno="30">
<summary>
Execute dbus-daemon in the caller domain.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<template name="dbus_role_template" lineno="58">
<summary>
Role access for dbus
</summary>
<param name="role_prefix">
<summary>
The prefix of the user role (e.g., user
is the prefix for user_r).
</summary>
</param>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</template>
<interface name="dbus_system_bus_client" lineno="153">
<summary>
Template for creating connections to
the system DBUS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_session_client" lineno="199">
<summary>
Creating connections to specified
DBUS sessions.
</summary>
<param name="role_prefix">
<summary>
The prefix of the user role (e.g., user
is the prefix for user_r).
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_session_bus_client" lineno="221">
<summary>
Template for creating connections to
a user DBUS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_send_session_bus" lineno="248">
<summary>
Send a message the session DBUS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_read_config" lineno="267">
<summary>
Read dbus configuration.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_watch_config" lineno="286">
<summary>
Watch dbus configuration.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_read_lib_files" lineno="304">
<summary>
Read system dbus lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_manage_lib_files" lineno="325">
<summary>
Create, read, write, and delete
system dbus lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_connect_session_bus" lineno="345">
<summary>
Connect to the system DBUS
for service (acquire_svc).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_session_domain" lineno="376">
<summary>
Allow a application domain to be started
by the session dbus.
</summary>
<param name="domain_prefix">
<summary>
User domain prefix to be used.
</summary>
</param>
<param name="domain">
<summary>
Type to be used as a domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an
entry point to this domain.
</summary>
</param>
</interface>
<interface name="dbus_connect_system_bus" lineno="398">
<summary>
Connect to the system DBUS
for service (acquire_svc).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_send_system_bus" lineno="417">
<summary>
Send a message on the system DBUS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_system_bus_unconfined" lineno="436">
<summary>
Allow unconfined access to the system DBUS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_system_domain" lineno="461">
<summary>
Create a domain for processes
which can be started by the system dbus
</summary>
<param name="domain">
<summary>
Type to be used as a domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
</interface>
<interface name="dbus_use_system_bus_fds" lineno="489">
<summary>
Use and inherit system DBUS file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_unconfined" lineno="507">
<summary>
Allow unconfined access to the system DBUS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_delete_pid_files" lineno="525">
<summary>
Delete all dbus pid files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_read_pid_files" lineno="544">
<summary>
Read all dbus pid files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_read_pid_sock_files" lineno="564">
<summary>
Read all dbus pid files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_write_pid_sock_files" lineno="584">
<summary>
Allow domain to write the dbus pid sock_file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_watch_pid_sock_files" lineno="602">
<summary>
Watch system dbus pid socket files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_watch_pid_dirs" lineno="621">
<summary>
Watch system dbus pid directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_watch_pid_dir_path" lineno="640">
<summary>
Watch system dbusd pid directory and all its parents
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_rw_tmp_sock_files" lineno="661">
<summary>
Read and write system dbus tmp socket files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_dontaudit_stream_connect_session_bus" lineno="681">
<summary>
Do not audit attempts to connect to
session bus types with a unix
stream socket.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dbus_stream_connect_session_bus" lineno="701">
<summary>
Allow attempts to connect to
session bus types with a unix
stream socket.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dbus_chat_session_bus" lineno="720">
<summary>
Do not audit attempts to send dbus
messages to session bus types.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dbus_dontaudit_chat_session_bus" lineno="741">
<summary>
Do not audit attempts to send dbus
messages to session bus types.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dbus_dontaudit_chat_system_bus" lineno="761">
<summary>
Do not audit attempts to send dbus
messages to system bus types.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dbus_stream_connect_system_dbusd" lineno="784">
<summary>
Allow attempts to connect to
session bus types with a unix
stream socket.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dbus_dontaudit_stream_connect_system_dbusd" lineno="805">
<summary>
Do not audit attempts to connect to
session bus types with a unix
stream socket.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dbus_chat_system_bus" lineno="827">
<summary>
Allow attempts to send dbus
messages to system bus types.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dbus_filetrans_named_content_system" lineno="847">
<summary>
Transition to dbus named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_acquire_svc_system_dbusd" lineno="865">
<summary>
Allow attempts to send dbus
messages to system dbusd type.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dbus_signal" lineno="884">
<summary>
Allow signal the system dbusd type.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dbus_manage_session_tmp_dirs" lineno="902">
<summary>
Manage session_dbusd tmp dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_write_session_tmp_sock_files" lineno="920">
<summary>
Write to session_dbusd tmp socket files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_delete_session_tmp_sock_files" lineno="938">
<summary>
Delete session_dbusd tmp socket files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_create_session_tmp_sock_files" lineno="956">
<summary>
Create session_dbusd tmp socket files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_systemctl" lineno="974">
<summary>
Allow systemctl dbus services
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="dcc" filename="policy/modules/contrib/dcc.if">
<summary>Distributed checksum clearinghouse spam filtering.</summary>
<interface name="dcc_domtrans_cdcc" lineno="13">
<summary>
Execute cdcc in the cdcc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dcc_run_cdcc" lineno="40">
<summary>
Execute cdcc in the cdcc domain, and
allow the specified role the
cdcc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dcc_domtrans_client" lineno="60">
<summary>
Execute dcc client in the dcc
client domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dcc_signal_client" lineno="79">
<summary>
Send generic signals to dcc client.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dcc_run_client" lineno="105">
<summary>
Execute dcc client in the dcc
client domain, and allow the
specified role the dcc client domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dcc_domtrans_dbclean" lineno="124">
<summary>
Execute dbclean in the dcc dbclean domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dcc_run_dbclean" lineno="151">
<summary>
Execute dbclean in the dcc dbclean
domain, and allow the specified
role the dcc dbclean domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dcc_stream_connect_dccifd" lineno="171">
<summary>
Connect to dccifd over a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="ddclient" filename="policy/modules/contrib/ddclient.if">
<summary>Update dynamic IP address at DynDNS.org.</summary>
<interface name="ddclient_domtrans" lineno="13">
<summary>
Execute ddclient in the ddclient domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ddclient_run" lineno="40">
<summary>
Execute ddclient in the ddclient
domain, and allow the specified
role the ddclient domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ddclient_admin" lineno="66">
<summary>
All of the rules required to
administrate an ddclient environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ddclient_getattr_pid_files" lineno="114">
<summary>
Get the attributes of ddclient PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="ddcprobe" filename="policy/modules/contrib/ddcprobe.if">
<summary>ddcprobe retrieves monitor and graphics card information.</summary>
<interface name="ddcprobe_domtrans" lineno="13">
<summary>
Execute ddcprobe in the ddcprobe domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ddcprobe_run" lineno="40">
<summary>
Execute ddcprobe in the ddcprobe
domain, and allow the specified
role the ddcprobe domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="denyhosts" filename="policy/modules/contrib/denyhosts.if">
<summary>SSH dictionary attack mitigation.</summary>
<interface name="denyhosts_domtrans" lineno="13">
<summary>
Execute a domain transition to run denyhosts.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="denyhosts_initrc_domtrans" lineno="33">
<summary>
Execute denyhost server in the
denyhost domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="denyhosts_admin" lineno="58">
<summary>
All of the rules required to
administrate an denyhosts environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="devicekit" filename="policy/modules/contrib/devicekit.if">
<summary>Devicekit modular hardware abstraction layer</summary>
<interface name="devicekit_domtrans" lineno="13">
<summary>
Execute a domain transition to run devicekit.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="devicekit_domtrans_disk" lineno="31">
<summary>
Execute a domain transition to run devicekit_disk.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="devicekit_dgram_send" lineno="50">
<summary>
Send to devicekit over a unix domain
datagram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_dbus_chat" lineno="69">
<summary>
Send and receive messages from
devicekit over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_dbus_chat_disk" lineno="90">
<summary>
Send and receive messages from
devicekit disk over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_use_fds_disk" lineno="110">
<summary>
Use file descriptors for devicekit_disk.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_dontaudit_dbus_chat_disk" lineno="129">
<summary>
Dontaudit Send and receive messages from
devicekit disk over dbus.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="devicekit_rw_semaphores_disk" lineno="149">
<summary>
Read and write devicekit disk semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_signal_power" lineno="167">
<summary>
Send signal devicekit power
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_dbus_chat_power" lineno="186">
<summary>
Send and receive messages from
devicekit power over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_use_fds_power" lineno="207">
<summary>
Use and inherit devicekit power
file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_append_inherited_log_files" lineno="225">
<summary>
Append inherited devicekit log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_read_log_files" lineno="246">
<summary>
Allow read devicekit log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_dontaudit_rw_log" lineno="266">
<summary>
Do not audit attempts to write the devicekit
log files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="devicekit_read_state_power" lineno="284">
<summary>
Allow the domain to read devicekit_power state files in /proc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_read_pid_files" lineno="303">
<summary>
Read devicekit PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_dontaudit_read_pid_files" lineno="323">
<summary>
Do not audit attempts to read
devicekit PID files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="devicekit_manage_pid_files" lineno="342">
<summary>
Manage devicekit PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_relabel_log_files" lineno="363">
<summary>
Relabel devicekit LOG files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_manage_log_files" lineno="382">
<summary>
Manage devicekit LOG files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_admin" lineno="405">
<summary>
All of the rules required to administrate
an devicekit environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="devicekit_filetrans_named_content" lineno="445">
<summary>
Transition to devicekit named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_mounton_var_lib" lineno="466">
<summary>
Mounton devicekit lib directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="dhcp" filename="policy/modules/contrib/dhcp.if">
<summary>Dynamic host configuration protocol server.</summary>
<interface name="dhcpd_domtrans" lineno="13">
<summary>
Execute a domain transition to run dhcpd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dhcpd_setattr_state_files" lineno="33">
<summary>
Set attributes of dhcpd server
state files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dhcpd_initrc_domtrans" lineno="53">
<summary>
Execute dhcp server in the dhcp domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dhcpd_systemctl" lineno="71">
<summary>
Execute dhcpd server in the dhcpd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dhcpd_admin" lineno="103">
<summary>
All of the rules required to
administrate an dhcpd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="dhcpd_use_ldap" dftval="false">
<desc>
<p>
Determine whether DHCP daemon
can use LDAP backends.
</p>
</desc>
</tunable>
</module>
<module name="dictd" filename="policy/modules/contrib/dictd.if">
<summary>Dictionary daemon.</summary>
<interface name="dictd_tcp_connect" lineno="14">
<summary>
Use dictionary services by connecting
over TCP.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dictd_admin" lineno="35">
<summary>
All of the rules required to
administrate an dictd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="dirmngr" filename="policy/modules/contrib/dirmngr.if">
<summary>Server for managing and downloading certificate revocation lists.</summary>
<interface name="dirmngr_admin" lineno="20">
<summary>
All of the rules required to
administrate an dirmngr environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="dirsrv-admin" filename="policy/modules/contrib/dirsrv-admin.if">
<summary>Administration Server for Directory Server, dirsrv-admin.</summary>
<interface name="dirsrvadmin_run_exec" lineno="13">
<summary>
Exec dirsrv-admin programs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrvadmin_run_script_exec" lineno="32">
<summary>
Exec cgi programs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrvadmin_read_config" lineno="51">
<summary>
Manage dirsrv-adminserver configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrvadmin_manage_config" lineno="69">
<summary>
Manage dirsrv-adminserver configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrvadmin_read_tmp" lineno="88">
<summary>
Read dirsrv-adminserver tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrvadmin_manage_tmp" lineno="106">
<summary>
Manage dirsrv-adminserver tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrvadmin_systemctl" lineno="125">
<summary>
Execute dirsrv-admin server in the dirsrv-admin domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dirsrvadmin_domtrans_unconfined_script_t" lineno="149">
<summary>
Execute admin cgi programs in caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="dirsrv" filename="policy/modules/contrib/dirsrv.if">
<summary>policy for dirsrv</summary>
<interface name="dirsrv_domtrans" lineno="13">
<summary>
Execute a domain transition to run dirsrv.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dirsrv_run" lineno="37">
<summary>
Execute dirsrv in the dirsrv domain, and
allow the specified role the dirsrv domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="dirsrv_signal" lineno="56">
<summary>
Allow caller to signal dirsrv.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrv_signull" lineno="75">
<summary>
Send a null signal to dirsrv.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrv_systemctl" lineno="93">
<summary>
Execute dirsrv server in the dirsrv domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dirsrv_getattr_unit_files" lineno="117">
<summary>
Allow domain to getattr dirsrv unit files.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dirsrv_manage_log" lineno="135">
<summary>
Allow a domain to manage dirsrv logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrv_manage_var_lib" lineno="155">
<summary>
Allow a domain to manage dirsrv /var/lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrv_stream_connect" lineno="173">
<summary>
Connect to dirsrv over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrv_manage_var_run" lineno="192">
<summary>
Allow a domain to manage dirsrv /var/run files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrv_pid_filetrans" lineno="211">
<summary>
Allow a domain to create dirsrv pid directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrv_read_var_run" lineno="229">
<summary>
Allow a domain to read dirsrv /var/run files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrv_manage_config" lineno="247">
<summary>
Manage dirsrv configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrv_read_share" lineno="266">
<summary>
Read dirsrv share files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrv_noatsecure" lineno="286">
<summary>
Allow dirsrv noatsecure
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrv_dontaudit_list_tmpfs_dirs" lineno="304">
<summary>
Do not audit attempts to list dirsrv tmpfs directories
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
</module>
<module name="distcc" filename="policy/modules/contrib/distcc.if">
<summary>Distributed compiler daemon.</summary>
<interface name="distcc_admin" lineno="20">
<summary>
All of the rules required to
administrate an distcc environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="djbdns" filename="policy/modules/contrib/djbdns.if">
<summary>Small and secure DNS daemon.</summary>
<template name="djbdns_daemontools_domain_template" lineno="13">
<summary>
The template to define a djbdns domain.
</summary>
<param name="domain_prefix">
<summary>
Domain prefix to be used.
</summary>
</param>
</template>
<interface name="djbdns_search_tinydns_keys" lineno="71">
<summary>
Search djbdns-tinydns key ring.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="djbdns_link_tinydns_keys" lineno="89">
<summary>
Link djbdns-tinydns key ring.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="dkim" filename="policy/modules/contrib/dkim.if">
<summary>DomainKeys Identified Mail milter.</summary>
<interface name="dkim_admin" lineno="20">
<summary>
All of the rules required to
administrate an dkim environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="dmidecode" filename="policy/modules/contrib/dmidecode.if">
<summary>Decode DMI data for x86/ia64 bioses.</summary>
<interface name="dmidecode_domtrans" lineno="13">
<summary>
Execute dmidecode in the dmidecode domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dmidecode_exec" lineno="32">
<summary>
Execute dmidecode in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dmidecode_run" lineno="59">
<summary>
Execute dmidecode in the dmidecode
domain, and allow the specified
role the dmidecode domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="dnsmasq" filename="policy/modules/contrib/dnsmasq.if">
<summary>DNS forwarder and DHCP server.</summary>
<interface name="dnsmasq_domtrans" lineno="13">
<summary>
Execute dnsmasq server in the dnsmasq domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dnsmasq_exec" lineno="32">
<summary>
Execute dnsmasq server in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dnsmasq_rw_inherited_pipes" lineno="50">
<summary>
Allow read/write dnsmasq pipes
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_initrc_domtrans" lineno="70">
<summary>
Execute the dnsmasq init script in
the init script domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dnsmasq_systemctl" lineno="88">
<summary>
Execute dnsmasq server in the dnsmasq domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dnsmasq_sigchld" lineno="113">
<summary>
Send sigchld to dnsmasq.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_signal" lineno="132">
<summary>
Send generic signals to dnsmasq.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_signull" lineno="151">
<summary>
Send null signals to dnsmasq.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_kill" lineno="170">
<summary>
Send kill signals to dnsmasq.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_read_config" lineno="188">
<summary>
Read dnsmasq config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_write_config" lineno="207">
<summary>
Write dnsmasq config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_delete_pid_files" lineno="226">
<summary>
Delete dnsmasq pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_manage_pid_files" lineno="247">
<summary>
Create, read, write, and delete
dnsmasq pid files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_read_pid_files" lineno="266">
<summary>
Read dnsmasq pid files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_create_pid_dirs" lineno="285">
<summary>
Create dnsmasq pid directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_read_state" lineno="304">
<summary>
Create dnsmasq pid directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_filetrans_named_content_fromdir" lineno="326">
<summary>
Transition to dnsmasq named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the directory for the object to be created.
</summary>
</param>
</interface>
<interface name="dnsmasq_filetrans_named_content" lineno="345">
<summary>
Transition to dnsmasq named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_admin" lineno="375">
<summary>
All of the rules required to
administrate an dnsmasq environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dnsmasq_dbus_chat" lineno="420">
<summary>
Send and receive messages from
dnsmasq over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="dnsmasq_use_ipset" dftval="false">
<desc>
<p>
Allow the dnsmasq to creating and using netlink_sockets.
</p>
</desc>
</tunable>
</module>
<module name="dnssec" filename="policy/modules/contrib/dnssec.if">
<summary>policy for dnssec_trigger</summary>
<interface name="dnssec_trigger_domtrans" lineno="13">
<summary>
Transition to dnssec_trigger.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dnssec_trigger_read_pid_files" lineno="31">
<summary>
Read dnssec_trigger PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnssec_trigger_manage_pid_files" lineno="50">
<summary>
Manage dnssec_trigger PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnssec_trigger_signull" lineno="73">
<summary>
Send signull to dnssec_trigger.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnssec_trigger_sigkill" lineno="92">
<summary>
Send sigkill to dnssec_trigger.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnssec_trigger_admin" lineno="111">
<summary>
All of the rules required to administrate
an dnssec_trigger environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="dovecot" filename="policy/modules/contrib/dovecot.if">
<summary>Dovecot POP and IMAP mail server</summary>
<template name="dovecot_basic_types_template" lineno="14">
<summary>
Creates types and rules for a basic
dovecot daemon domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="dovecot_stream_connect" lineno="35">
<summary>
Connect to dovecot unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dovecot_stream_connect_auth" lineno="55">
<summary>
Connect to dovecot auth unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dovecot_domtrans_deliver" lineno="74">
<summary>
Execute dovecot_deliver in the dovecot_deliver domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dovecot_manage_spool" lineno="92">
<summary>
Create, read, write, and delete the dovecot spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dovecot_dontaudit_unlink_lib_files" lineno="112">
<summary>
Do not audit attempts to delete dovecot lib files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dovecot_write_inherited_tmp_files" lineno="131">
<summary>
Allow attempts to write inherited
dovecot tmp files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dovecot_read_config" lineno="149">
<summary>
Read dovecot configuration file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dovecot_admin" lineno="176">
<summary>
All of the rules required to administrate
an dovecot environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the dovecot domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dovecot_read_certs" lineno="233">
<summary>
Read dovecot SSL certificates
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="dpkg" filename="policy/modules/contrib/dpkg.if">
<summary>Debian package manager.</summary>
<interface name="dpkg_domtrans" lineno="13">
<summary>
Execute dpkg programs in the dpkg domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dpkg_exec" lineno="32">
<summary>
Execute the dkpg in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dpkg_domtrans_script" lineno="52">
<summary>
Execute dpkg_script programs in
the dpkg_script domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dpkg_run" lineno="79">
<summary>
Execute dpkg programs in the dpkg domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dpkg_use_fds" lineno="98">
<summary>
Inherit and use file descriptors from dpkg.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dpkg_read_pipes" lineno="116">
<summary>
Read from unnamed dpkg pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dpkg_rw_pipes" lineno="134">
<summary>
Read and write unnamed dpkg pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dpkg_use_script_fds" lineno="153">
<summary>
Inherit and use file descriptors
from dpkg scripts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dpkg_read_db" lineno="171">
<summary>
Read dpkg package database content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dpkg_manage_db" lineno="193">
<summary>
Create, read, write, and delete
dpkg package database content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dpkg_dontaudit_manage_db" lineno="215">
<summary>
Do not audit attempts to create,
read, write, and delete dpkg
package database content.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dpkg_lock_db" lineno="236">
<summary>
Create, read, write, and delete
dpkg lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="drbd" filename="policy/modules/contrib/drbd.if">
<summary>Mirrors a block device over the network to another machine.</summary>
<interface name="drbd_domtrans" lineno="13">
<summary>
Execute a domain transition to run drbd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="drbd_search_lib" lineno="31">
<summary>
Search drbd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="drbd_read_lib_files" lineno="50">
<summary>
Read drbd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="drbd_manage_lib_files" lineno="70">
<summary>
Create, read, write, and delete
drbd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="drbd_manage_lib_dirs" lineno="89">
<summary>
Manage drbd lib dirs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="drbd_admin" lineno="115">
<summary>
All of the rules required to administrate
an drbd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
</module>
<module name="dspam" filename="policy/modules/contrib/dspam.if">
<summary>policy for dspam</summary>
<interface name="dspam_domtrans" lineno="14">
<summary>
Execute a domain transition to run dspam.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dspam_initrc_domtrans" lineno="33">
<summary>
Execute dspam server in the dspam domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="dspam_read_log" lineno="52">
<summary>
Allow the specified domain to read dspam's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dspam_append_log" lineno="72">
<summary>
Allow the specified domain to append
dspam log files.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dspam_manage_log" lineno="91">
<summary>
Allow domain to manage dspam log files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dspam_search_lib" lineno="112">
<summary>
Search dspam lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dspam_read_lib_files" lineno="131">
<summary>
Read dspam lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dspam_manage_lib_files" lineno="151">
<summary>
Create, read, write, and delete
dspam lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dspam_manage_lib_dirs" lineno="170">
<summary>
Manage dspam lib dirs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dspam_read_pid_files" lineno="190">
<summary>
Read dspam PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dspam_stream_connect" lineno="209">
<summary>
Connect to DSPAM using a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dspam_admin" lineno="237">
<summary>
All of the rules required to administrate
an dspam environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="entropyd" filename="policy/modules/contrib/entropyd.if">
<summary>Generate entropy from audio input.</summary>
<interface name="entropyd_admin" lineno="20">
<summary>
All of the rules required to
administrate an entropyd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="entropyd_use_audio" dftval="true">
<desc>
<p>
Determine whether entropyd can use
audio devices as the source for
the entropy feeds.
</p>
</desc>
</tunable>
</module>
<module name="evolution" filename="policy/modules/contrib/evolution.if">
<summary>Evolution email client.</summary>
<interface name="evolution_role" lineno="18">
<summary>
Role access for evolution.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="evolution_home_filetrans" lineno="99">
<summary>
Create objects in the evolution home
directories with a private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
Private file type.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="evolution_stream_connect" lineno="119">
<summary>
Connect to evolution using a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="evolution_dbus_chat" lineno="140">
<summary>
Send and receive messages from
evolution over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="evolution_alarm_dbus_chat" lineno="161">
<summary>
Send and receive messages from
evolution_alarm over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="exim" filename="policy/modules/contrib/exim.if">
<summary>Mail transfer agent.</summary>
<interface name="exim_domtrans" lineno="13">
<summary>
Execute a domain transition to run exim.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="exim_run" lineno="38">
<summary>
Execute the mailman program in the mailman domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to allow the mailman domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="exim_initrc_domtrans" lineno="57">
<summary>
Execute exim in the exim domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="exim_dontaudit_read_tmp_files" lineno="76">
<summary>
Do not audit attempts to read,
exim tmp files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="exim_read_tmp_files" lineno="94">
<summary>
Allow domain to read, exim tmp files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="exim_read_pid_files" lineno="113">
<summary>
Read exim PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="exim_read_log" lineno="133">
<summary>
Allow the specified domain to read exim's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="exim_append_log" lineno="153">
<summary>
Allow the specified domain to append
exim log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="exim_manage_log" lineno="173">
<summary>
Allow the specified domain to manage exim's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="exim_manage_spool_dirs" lineno="193">
<summary>
Create, read, write, and delete
exim spool dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="exim_read_spool_files" lineno="212">
<summary>
Read exim spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="exim_manage_spool_files" lineno="233">
<summary>
Create, read, write, and delete
exim spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="exim_read_var_lib_files" lineno="252">
<summary>
Read exim var lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="exim_manage_var_lib_files" lineno="271">
<summary>
Create, read, and write exim var lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="exim_admin" lineno="296">
<summary>
All of the rules required to
administrate an exim environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<tunable name="exim_can_connect_db" dftval="false">
<desc>
<p>
Determine whether exim can connect to
databases.
</p>
</desc>
</tunable>
<tunable name="exim_read_user_files" dftval="false">
<desc>
<p>
Determine whether exim can read generic
user content files.
</p>
</desc>
</tunable>
<tunable name="exim_manage_user_files" dftval="false">
<desc>
<p>
Determine whether exim can create,
read, write, and delete generic user
content files.
</p>
</desc>
</tunable>
</module>
<module name="fail2ban" filename="policy/modules/contrib/fail2ban.if">
<summary>Update firewall filtering to ban IP addresses with too many password failures.</summary>
<interface name="fail2ban_domtrans" lineno="13">
<summary>
Execute a domain transition to run fail2ban.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="fail2ban_domtrans_client" lineno="33">
<summary>
Execute the fail2ban client in
the fail2ban client domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="fail2ban_run_client" lineno="60">
<summary>
Execute fail2ban client in the
fail2ban client domain, and allow
the specified role the fail2ban
client domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="fail2ban_stream_connect" lineno="80">
<summary>
Connect to fail2ban over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fail2ban_rw_inherited_tmp_files" lineno="99">
<summary>
Read and write inherited temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fail2ban_rw_stream_sockets" lineno="118">
<summary>
Read and write to an fail2ba unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fail2ban_dontaudit_use_fds" lineno="137">
<summary>
Do not audit attempts to use
fail2ban file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fail2ban_dontaudit_rw_stream_sockets" lineno="156">
<summary>
Do not audit attempts to read and
write fail2ban unix stream sockets
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fail2ban_read_lib_files" lineno="174">
<summary>
Read fail2ban lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fail2ban_read_log" lineno="194">
<summary>
Allow the specified domain to read fail2ban's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fail2ban_append_log" lineno="215">
<summary>
Allow the specified domain to append
fail2ban log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fail2ban_read_pid_files" lineno="235">
<summary>
Read fail2ban PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fail2ban_dontaudit_leaks" lineno="254">
<summary>
dontaudit read and write an leaked file descriptors
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fail2ban_admin" lineno="281">
<summary>
All of the rules required to administrate
an fail2ban environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the fail2ban domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="fcoe" filename="policy/modules/contrib/fcoe.if">
<summary>Fibre Channel over Ethernet utilities.</summary>
<interface name="fcoe_dgram_send_fcoemon" lineno="13">
<summary>
Send to fcoemon with a unix dgram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fcoe_admin" lineno="39">
<summary>
All of the rules required to
administrate an fcoemon environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="fdo" filename="policy/modules/contrib/fdo.if">
<summary>policy for fdo</summary>
<interface name="fdo_domtrans" lineno="13">
<summary>
Execute fdo_exec_t in the fdo domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="fdo_exec" lineno="32">
<summary>
Execute fdo in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="fedoratp" filename="policy/modules/contrib/fedoratp.if">
<summary>Policy for fedora-third-party</summary>
<interface name="fedoratp_domtrans" lineno="13">
<summary>
Execute fedoratp programs in the fedoratp domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="fetchmail" filename="policy/modules/contrib/fetchmail.if">
<summary>Remote-mail retrieval and forwarding utility.</summary>
<interface name="fetchmail_admin" lineno="20">
<summary>
All of the rules required to
administrate an fetchmail environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="finger" filename="policy/modules/contrib/finger.if">
<summary>Finger user information service.</summary>
<interface name="finger_domtrans" lineno="13">
<summary>
Execute fingerd in the fingerd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="finger_tcp_connect" lineno="32">
<summary>
Connect to fingerd with a tcp socket.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="firewalld" filename="policy/modules/contrib/firewalld.if">
<summary>Service daemon with a D-BUS interface that provides a dynamic managed firewall.</summary>
<interface name="firewalld_read_config" lineno="13">
<summary>
Read firewalld config
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="firewalld_initrc_domtrans" lineno="32">
<summary>
Execute firewalld server in the firewalld domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="firewalld_systemctl" lineno="50">
<summary>
Execute firewalld server in the firewalld domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="firewalld_dbus_chat" lineno="75">
<summary>
Send and receive messages from
firewalld over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="firewalld_dontaudit_write_tmp_files" lineno="96">
<summary>
Dontaudit attempts to write
firewalld tmp files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="firewalld_read_pid_files" lineno="114">
<summary>
Read firewalld PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="firewalld_dontaudit_leaks" lineno="133">
<summary>
Dontaudit read and write leaked firewalld file descriptors
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="firewalld_admin" lineno="158">
<summary>
All of the rules required to administrate
an firewalld environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="firewallgui" filename="policy/modules/contrib/firewallgui.if">
<summary>system-config-firewall dbus system service.</summary>
<interface name="firewallgui_dbus_chat" lineno="14">
<summary>
Send and receive messages from
firewallgui over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="firewallgui_dontaudit_rw_pipes" lineno="35">
<summary>
Do not audit attempts to read and
write firewallgui unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
</module>
<module name="firstboot" filename="policy/modules/contrib/firstboot.if">
<summary>
Final system configuration run during the first boot
after installation of Red Hat/Fedora systems.
</summary>
<interface name="firstboot_domtrans" lineno="16">
<summary>
Execute firstboot in the firstboot domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="firstboot_run" lineno="40">
<summary>
Execute firstboot in the firstboot domain, and
allow the specified role the firstboot domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="firstboot_use_fds" lineno="59">
<summary>
Inherit and use a file descriptor from firstboot.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="firstboot_dontaudit_use_fds" lineno="78">
<summary>
Do not audit attempts to inherit a
file descriptor from firstboot.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="firstboot_dontaudit_leaks" lineno="96">
<summary>
dontaudit read and write an leaked file descriptors
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="firstboot_write_pipes" lineno="115">
<summary>
Write to a firstboot unnamed pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="firstboot_rw_pipes" lineno="134">
<summary>
Read and Write to a firstboot unnamed pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="firstboot_dontaudit_rw_pipes" lineno="152">
<summary>
Do not audit attemps to read and write to a firstboot unnamed pipe.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="firstboot_dontaudit_rw_stream_sockets" lineno="171">
<summary>
Do not audit attemps to read and write to a firstboot
unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
</module>
<module name="fprintd" filename="policy/modules/contrib/fprintd.if">
<summary>DBus fingerprint reader service.</summary>
<interface name="fprintd_domtrans" lineno="13">
<summary>
Execute a domain transition to run fprintd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="fprintd_exec" lineno="32">
<summary>
Execute fprintd in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fprintd_dbus_chat" lineno="52">
<summary>
Send and receive messages from
fprintd over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fprintd_mounton_var_lib" lineno="72">
<summary>
Mounton fprintd lib directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fprintd_read_var_lib_dir" lineno="90">
<summary>
Read fprintd lib directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fprintd_setattr_var_lib_dir" lineno="108">
<summary>
Setattr fprintd lib directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="freeipmi" filename="policy/modules/contrib/freeipmi.if">
<summary>Remote-Console (out-of-band) and System Management Software (in-band) based on Intelligent Platform Management Interface specification</summary>
<template name="freeipmi_domain_template" lineno="14">
<summary>
Creates types and rules for a basic
freeipmi init daemon domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="freeipmi_stream_connect" lineno="63">
<summary>
Connect to cluster domains over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="freqset" filename="policy/modules/contrib/freqset.if">
<summary>policy for freqset</summary>
<interface name="freqset_domtrans" lineno="13">
<summary>
Execute TEMPLATE in the freqset domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="freqset_run" lineno="38">
<summary>
Execute freqset in the freqset domain, and
allow the specified role the freqset domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the freqset domain.
</summary>
</param>
</interface>
<interface name="freqset_role" lineno="63">
<summary>
Role access for freqset
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
</module>
<module name="ftp" filename="policy/modules/contrib/ftp.if">
<summary>File transfer protocol service.</summary>
<interface name="ftp_domtrans" lineno="13">
<summary>
Execute a domain transition to run ftpd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ftp_initrc_domtrans" lineno="33">
<summary>
Execute ftpd server in the ftpd domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="ftp_systemctl" lineno="51">
<summary>
Execute ftpd server in the ftpd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ftp_dyntrans_anon_sftpd" lineno="75">
<summary>
Execute a dyntransition to run anon sftpd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ftp_tcp_connect" lineno="93">
<summary>
Connect to over ftpd over TCP.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ftp_read_config" lineno="107">
<summary>
Read ftpd configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ftp_check_exec" lineno="126">
<summary>
Execute FTP daemon entry point programs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ftp_read_log" lineno="145">
<summary>
Read ftpd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ftp_domtrans_ftpdctl" lineno="164">
<summary>
Execute the ftpdctl in the ftpdctl domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ftp_run_ftpdctl" lineno="191">
<summary>
Execute the ftpdctl in the ftpdctl
domain, and allow the specified
role the ftpctl domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ftp_dyntrans_sftpd" lineno="210">
<summary>
Execute a dyntransition to run sftpd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ftp_admin" lineno="235">
<summary>
All of the rules required to
administrate an ftp environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="ftpd_anon_write" dftval="false">
<desc>
<p>
Determine whether ftpd can modify
public files used for public file
transfer services. Directories/Files must
be labeled public_content_rw_t.
</p>
</desc>
</tunable>
<tunable name="ftpd_full_access" dftval="false">
<desc>
<p>
Determine whether ftpd can login to
local users and can read and write
all files on the system, governed by DAC.
</p>
</desc>
</tunable>
<tunable name="ftpd_use_cifs" dftval="false">
<desc>
<p>
Determine whether ftpd can use CIFS
used for public file transfer services.
</p>
</desc>
</tunable>
<tunable name="ftpd_use_fusefs" dftval="false">
<desc>
<p>
Allow ftpd to use ntfs/fusefs volumes.
</p>
</desc>
</tunable>
<tunable name="ftpd_use_nfs" dftval="false">
<desc>
<p>
Determine whether ftpd can use NFS
used for public file transfer services.
</p>
</desc>
</tunable>
<tunable name="ftpd_connect_db" dftval="false">
<desc>
<p>
Determine whether ftpd can connect to
databases over the TCP network.
</p>
</desc>
</tunable>
<tunable name="ftpd_use_passive_mode" dftval="false">
<desc>
<p>
Determine whether ftpd can bind to all
unreserved ports for passive mode.
</p>
</desc>
</tunable>
<tunable name="ftpd_connect_all_unreserved" dftval="false">
<desc>
<p>
Determine whether ftpd can connect to
all unreserved ports.
</p>
</desc>
</tunable>
</module>
<module name="fwupd" filename="policy/modules/contrib/fwupd.if">
<summary>fwupd is a daemon to allow session software to update device firmware</summary>
<interface name="fwupd_domtrans" lineno="13">
<summary>
Execute fwupd_exec_t in the fwupd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="fwupd_exec" lineno="32">
<summary>
Execute fwupd in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fwupd_read_state" lineno="51">
<summary>
Read fwupd process state files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fwupd_search_cache" lineno="69">
<summary>
Search fwupd cache directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fwupd_delete_cache_files" lineno="89">
<summary>
Allow the specified domain to delete
fwupd cache.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fwupd_read_cache_files" lineno="108">
<summary>
Read fwupd cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fwupd_manage_cache_files" lineno="128">
<summary>
Create, read, write, and delete
fwupd cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fwupd_manage_cache_dirs" lineno="147">
<summary>
Manage fwupd cache dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fwupd_search_lib" lineno="167">
<summary>
Search fwupd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fwupd_read_lib_files" lineno="186">
<summary>
Read fwupd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fwupd_manage_lib_files" lineno="205">
<summary>
Manage fwupd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fwupd_manage_lib_dirs" lineno="224">
<summary>
Manage fwupd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fwupd_systemctl" lineno="243">
<summary>
Execute fwupd server in the fwupd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="fwupd_admin" lineno="269">
<summary>
All of the rules required to administrate
an fwupd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fwupd_dbus_chat" lineno="310">
<summary>
Send and receive messages from
fwupd over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="games" filename="policy/modules/contrib/games.if">
<summary>Various games.</summary>
<interface name="games_role" lineno="18">
<summary>
Role access for games.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="games_rw_data" lineno="53">
<summary>
Read and write games data files.
games data.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="games_manage_data_files" lineno="73">
<summary>
Manage games data files.
games data.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="gatekeeper" filename="policy/modules/contrib/gatekeeper.if">
<summary>OpenH.323 Voice-Over-IP Gatekeeper.</summary>
<interface name="gatekeeper_admin" lineno="20">
<summary>
All of the rules required to
administrate an gatekeeper environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="gdomap" filename="policy/modules/contrib/gdomap.if">
<summary>GNUstep distributed object mapper.</summary>
<interface name="gdomap_read_config" lineno="13">
<summary>
Read gdomap configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gdomap_admin" lineno="39">
<summary>
All of the rules required to
administrate an gdomap environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="geoclue" filename="policy/modules/contrib/geoclue.if">
<summary>Geoclue is a D-Bus service that provides location information</summary>
<interface name="geoclue_domtrans" lineno="13">
<summary>
Execute geoclue in the geoclue domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="geoclue_search_lib" lineno="32">
<summary>
Search geoclue lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="geoclue_read_lib_files" lineno="51">
<summary>
Read geoclue lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="geoclue_manage_lib_files" lineno="70">
<summary>
Manage geoclue lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="geoclue_manage_lib_dirs" lineno="89">
<summary>
Manage geoclue lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="geoclue_dbus_chat" lineno="109">
<summary>
Send and receive messages from
geoclue over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="geoclue_admin" lineno="132">
<summary>
All of the rules required to administrate
an geoclue environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="git" filename="policy/modules/contrib/git.if">
<summary>GIT revision control system.</summary>
<template name="git_role" lineno="18">
<summary>
Role access for Git session.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</template>
<interface name="git_read_generic_sys_content_files" lineno="63">
<summary>
Read generic system content files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="git_filetrans_user_content" lineno="99">
<summary>
Create Git user content with a
named file transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="git_cgi_enable_homedirs" dftval="false">
<desc>
<p>
Determine whether Git CGI
can search home directories.
</p>
</desc>
</tunable>
<tunable name="git_cgi_use_cifs" dftval="false">
<desc>
<p>
Determine whether Git CGI
can access cifs file systems.
</p>
</desc>
</tunable>
<tunable name="git_cgi_use_nfs" dftval="false">
<desc>
<p>
Determine whether Git CGI
can access nfs file systems.
</p>
</desc>
</tunable>
<tunable name="git_session_bind_all_unreserved_ports" dftval="false">
<desc>
<p>
Determine whether Git session daemon
can bind TCP sockets to all
unreserved ports.
</p>
</desc>
</tunable>
<tunable name="git_session_users" dftval="false">
<desc>
<p>
Determine whether calling user domains
can execute Git daemon in the
git_session_t domain.
</p>
</desc>
</tunable>
<tunable name="git_system_enable_homedirs" dftval="false">
<desc>
<p>
Determine whether Git system daemon
can search home directories.
</p>
</desc>
</tunable>
<tunable name="git_system_use_cifs" dftval="false">
<desc>
<p>
Determine whether Git system daemon
can access cifs file systems.
</p>
</desc>
</tunable>
<tunable name="git_system_use_nfs" dftval="false">
<desc>
<p>
Determine whether Git system daemon
can access nfs file systems.
</p>
</desc>
</tunable>
</module>
<module name="gitosis" filename="policy/modules/contrib/gitosis.if">
<summary>Tools for managing and hosting git repositories.</summary>
<interface name="gitosis_domtrans" lineno="13">
<summary>
Execute a domain transition to run gitosis.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="gitosis_run" lineno="39">
<summary>
Execute gitosis-serve in the
gitosis domain, and allow the
specified role the gitosis domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="gitosis_read_lib_files" lineno="58">
<summary>
Read gitosis lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gitosis_mmap_lib_files" lineno="79">
<summary>
Mmap gitosis lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gitosis_manage_lib_files" lineno="98">
<summary>
Create, read, write, and delete
gitosis lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="gitosis_can_sendmail" dftval="false">
<desc>
<p>
Determine whether Gitosis can send mail.
</p>
</desc>
</tunable>
</module>
<module name="glance" filename="policy/modules/contrib/glance.if">
<summary>OpenStack image registry and delivery service.</summary>
<template name="glance_basic_types_template" lineno="14">
<summary>
Creates types and rules for a basic
glance daemon domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="glance_domtrans_registry" lineno="47">
<summary>
Execute a domain transition to
run glance registry.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="glance_domtrans_api" lineno="67">
<summary>
Execute a domain transition to
run glance api.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="glance_read_log" lineno="87">
<summary>
Read glance log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="glance_append_log" lineno="106">
<summary>
Append glance log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="glance_manage_log" lineno="126">
<summary>
Create, read, write, and delete
glance log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="glance_search_lib" lineno="147">
<summary>
Search glance lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="glance_read_lib_files" lineno="166">
<summary>
Read glance lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="glance_manage_lib_files" lineno="186">
<summary>
Create, read, write, and delete
glance lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="glance_manage_lib_dirs" lineno="206">
<summary>
Create, read, write, and delete
glance lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="glance_read_pid_files" lineno="225">
<summary>
Read glance pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="glance_manage_pid_files" lineno="245">
<summary>
Create, read, write, and delete
glance pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="glance_admin" lineno="271">
<summary>
All of the rules required to
administrate an glance environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="glance_api_can_network" dftval="false">
<desc>
<p>
Determine whether glance-api can
connect to all TCP ports
</p>
</desc>
</tunable>
<tunable name="glance_use_fusefs" dftval="false">
<desc>
<p>
Allow glance domain to manage fuse files
</p>
</desc>
</tunable>
<tunable name="glance_use_execmem" dftval="false">
<desc>
<p>
Allow glance domain to use executable memory and executable stack
</p>
</desc>
</tunable>
</module>
<module name="gnome" filename="policy/modules/contrib/gnome.if">
<summary>GNU network object model environment (GNOME)</summary>
<interface name="gnome_role" lineno="18">
<summary>
Role access for gnome.  (Deprecated)
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="gnome_role_gkeyringd" lineno="42">
<summary>
The role template for the gnome-keyring-daemon.
</summary>
<param name="user_prefix">
<summary>
The user prefix.
</summary>
</param>
<param name="user_role">
<summary>
The user role.
</summary>
</param>
<param name="user_domain">
<summary>
The user domain associated with the role.
</summary>
</param>
</interface>
<template name="gnome_role_template" lineno="67">
<summary>
The role template for gnome.
</summary>
<param name="role_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
<interface name="gnome_run_gkeyringd" lineno="196">
<summary>
Allow domain to run gkeyring in the $1_gkeyringd_t domain.
</summary>
<param name="user_prefix">
<summary>
The user prefix.
</summary>
</param>
<param name="user_role">
<summary>
The user role.
</summary>
</param>
<param name="user_domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_stream_connect_gconf" lineno="215">
<summary>
gconf connection template.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_stream_connect_gkeyringd" lineno="234">
<summary>
Connect to gkeyringd with a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_domtrans_gconfd" lineno="258">
<summary>
Run gconfd in gconfd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_dontaudit_read_config" lineno="276">
<summary>
Dontaudit read gnome homedir content (.config)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="gnome_dontaudit_search_config" lineno="295">
<summary>
Dontaudit search gnome homedir content (.config)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="gnome_dontaudit_append_config_files" lineno="313">
<summary>
Dontaudit write gnome homedir content (.config)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="gnome_dontaudit_write_config_files" lineno="332">
<summary>
Dontaudit write gnome homedir content (.config)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="gnome_manage_config" lineno="350">
<summary>
manage gnome homedir content (.config)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_signal_all" lineno="372">
<summary>
Send general signals to all gconf domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_cache_filetrans" lineno="407">
<summary>
Create objects in a Gnome cache home directory
with an automatic type transition to
a specified private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to create.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="gnome_config_filetrans" lineno="443">
<summary>
Create objects in a Gnome cache home directory
with an automatic type transition to
a specified private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to create.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="gnome_read_generic_cache_files" lineno="462">
<summary>
Read generic cache home files (.cache)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_create_generic_cache_dir" lineno="481">
<summary>
Create generic cache home dir (.cache)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_setattr_cache_home_dir" lineno="500">
<summary>
Set attributes of cache home dir (.cache)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_manage_cache_home_dir" lineno="519">
<summary>
Manage cache home dir (.cache)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_dontaudit_manage_cache_home_dir" lineno="538">
<summary>
Dontaudit Manage cache home dir (.cache)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="gnome_append_generic_cache_files" lineno="556">
<summary>
append to generic cache home files (.cache)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_write_generic_cache_files" lineno="575">
<summary>
write to generic cache home files (.cache)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_manage_generic_cache_files" lineno="594">
<summary>
write to generic cache home files (.cache)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_map_generic_cache_files" lineno="613">
<summary>
Map generic cache home files (.cache)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_delete_generic_cache_files" lineno="631">
<summary>
Delete to generic cache home files (.cache)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_manage_generic_cache_sockets" lineno="650">
<summary>
Manage a sock_file in the generic cache home files (.cache)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_dontaudit_rw_generic_cache_files" lineno="669">
<summary>
Dontaudit read/write to generic cache home files (.cache)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="gnome_read_config" lineno="687">
<summary>
read gnome homedir content (.config)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_data_filetrans" lineno="725">
<summary>
Create objects in a Gnome gconf home directory
with an automatic type transition to
a specified private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to create.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="gnome_read_generic_data_home_files" lineno="744">
<summary>
Read generic data home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_map_generic_data_home_files" lineno="763">
<summary>
Read generic data home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_read_generic_data_home_dirs" lineno="782">
<summary>
Read generic data home dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_watch_generic_data_home_dirs" lineno="800">
<summary>
Watch generic data home dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_manage_data" lineno="818">
<summary>
Manage gconf data home files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_read_home_icc_data_content" lineno="840">
<summary>
Read icc data home content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_read_inherited_home_icc_data_files" lineno="863">
<summary>
Read inherited icc data home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_admin_home_gconf_filetrans" lineno="891">
<summary>
Create gconf_home_t objects in the /root directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="gnome_dontaudit_read_inherited_gconf_config_files" lineno="910">
<summary>
Do not audit attempts to read
inherited gconf config files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="gnome_read_gconf_config" lineno="928">
<summary>
read gconf config files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_manage_gconf_config" lineno="948">
<summary>
Manage gconf config files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_exec_gconf" lineno="968">
<summary>
Execute gconf programs in
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_exec_keyringd" lineno="986">
<summary>
Execute gnome keyringd in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_search_gconf_data_dir" lineno="1005">
<summary>
Search gconf home data dirs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_read_gconf_home_files" lineno="1026">
<summary>
Read gconf home files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_search_gkeyringd_tmp_dirs" lineno="1051">
<summary>
Search gkeyringd temporary directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_list_gkeyringd_tmp_dirs" lineno="1070">
<summary>
List gkeyringd temporary directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_delete_gkeyringd_tmp_content" lineno="1089">
<summary>
Delete gkeyringd temporary
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_manage_gkeyringd_tmp_dirs" lineno="1110">
<summary>
Manage gkeyringd temporary directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_search_gconf" lineno="1129">
<summary>
search gconf homedir (.local)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_setattr_config_dirs" lineno="1148">
<summary>
Set attributes of Gnome config dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_manage_generic_home_files" lineno="1167">
<summary>
Manage generic gnome home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_manage_generic_home_dirs" lineno="1186">
<summary>
Manage generic gnome home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_append_gconf_home_files" lineno="1205">
<summary>
Append gconf home files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_manage_gconf_home_files" lineno="1223">
<summary>
manage gconf home files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_stream_connect" lineno="1247">
<summary>
Connect to gnome over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</interface>
<interface name="gnome_list_home_config" lineno="1266">
<summary>
list gnome homedir content (.config)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_setattr_home_config" lineno="1284">
<summary>
Set attributes of gnome homedir content (.config)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_read_home_config" lineno="1303">
<summary>
read gnome homedir content (.config)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_append_home_config" lineno="1322">
<summary>
append gnome homedir content (.config)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_delete_home_config" lineno="1340">
<summary>
delete gnome homedir content (.config)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_create_home_config_dirs" lineno="1359">
<summary>
Create gnome homedir content (.config)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_setattr_home_config_dirs" lineno="1377">
<summary>
setattr gnome homedir content (.config)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_manage_home_config" lineno="1395">
<summary>
manage gnome homedir content (.config)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_delete_home_config_dirs" lineno="1415">
<summary>
delete gnome homedir content (.config)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_manage_home_config_dirs" lineno="1433">
<summary>
manage gnome homedir content (.config)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_watch_home_config_dirs" lineno="1451">
<summary>
Watch gnome homedir content directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_watch_home_config_files" lineno="1469">
<summary>
Watch gnome homedir content files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_manage_gstreamer_home_files" lineno="1487">
<summary>
manage gstreamer home content files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_exec_gstreamer_home_files" lineno="1507">
<summary>
Allow to execute gstreamer home content files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_exec_config_home_files" lineno="1525">
<summary>
Allow to execute config home content files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_filetrans_gstreamer_home_content" lineno="1543">
<summary>
file name transition gstreamer home content files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_manage_gstreamer_home_dirs" lineno="1578">
<summary>
manage gstreamer home content files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_rw_inherited_config" lineno="1596">
<summary>
Read/Write all inherited gnome home config
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_dontaudit_rw_inherited_config" lineno="1614">
<summary>
Dontaudit Read/Write all inherited gnome home config
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="gnome_dbus_chat_gconfdefault" lineno="1633">
<summary>
Send and receive messages from
gconf system service over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_dbus_chat_gkeyringd" lineno="1654">
<summary>
Send and receive messages from
gkeyringd over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_signull_gkeyringd" lineno="1674">
<summary>
Send signull signal to gkeyringd processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_read_gkeyringd_state" lineno="1692">
<summary>
Allow the domain to read gkeyringd state files in /proc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_home_dir_filetrans" lineno="1711">
<summary>
Create directories in user home directories
with the gnome home file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_access_check_usr_config" lineno="1731">
<summary>
Check whether sendmail executable
files are executable.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_read_usr_config" lineno="1749">
<summary>
Allow read kde config content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_manage_usr_config" lineno="1770">
<summary>
Allow manage kde config content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_transition_gkeyringd" lineno="1791">
<summary>
Execute gnome-keyring in the user gkeyring domain
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="gnome_filetrans_home_content" lineno="1813">
<summary>
Create gnome content in the user home directory
with an correct label.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_filetrans_config_home_content" lineno="1859">
<summary>
Create gnome dconf dir in the user home directory
with an correct label.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_filetrans_cert_home_content" lineno="1877">
<summary>
File name transition for generic home content files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_filetrans_fontconfig_home_content" lineno="1896">
<summary>
Create fontconfig directories in the .config and .cache subdirectories
of the user home directory with correct label.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_filetrans_admin_home_content" lineno="1916">
<summary>
Create gnome directory in the /root directory
with an correct label.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_command_domtrans_gkeyringd" lineno="1977">
<summary>
Execute gnome-keyring executable
in the specified domain.
</summary>
<desc>
<p>
Execute a gnome-keyring executable
in the specified domain.  This allows
the specified domain to execute any file
on these filesystems in the specified
domain.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
<p>
This interface was added to handle
the ssh-agent policy.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="gnome_exec_atspi" lineno="1997">
<summary>
Execute gnome-atspi services in the caller domain
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="gnome_atspi_domtrans" lineno="2015">
<summary>
Execute gnome-atspi services in the gnome-atspi domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="gnomeclock" filename="policy/modules/contrib/gnomeclock.if">
<summary>Gnome clock handler for setting the time.</summary>
<interface name="gnomeclock_domtrans" lineno="13">
<summary>
Execute a domain transition to run gnomeclock.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="gnomeclock_run" lineno="37">
<summary>
Execute gnomeclock in the gnomeclock domain, and
allow the specified role the gnomeclock domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="gnomeclock_dbus_chat" lineno="57">
<summary>
Send and receive messages from
gnomeclock over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnomeclock_dontaudit_dbus_chat" lineno="78">
<summary>
Do not audit send and receive messages from
gnomeclock over dbus.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
</module>
<module name="gpg" filename="policy/modules/contrib/gpg.if">
<summary>Policy for GNU Privacy Guard and related programs.</summary>
<interface name="gpg_role" lineno="18">
<summary>
Role access for gpg
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="gpg_domtrans" lineno="85">
<summary>
Transition to a user gpg domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="gpg_exec" lineno="103">
<summary>
Execute gpg in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpg_domtrans_web" lineno="122">
<summary>
Transition to a gpg web domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpg_entry_type" lineno="141">
<summary>
Make gpg an entrypoint for
the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which cifs_t is an entrypoint.
</summary>
</param>
</interface>
<interface name="gpg_signal" lineno="159">
<summary>
Send generic signals to user gpg processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpg_rw_agent_pipes" lineno="177">
<summary>
Read and write GPG agent pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpg_pinentry_dbus_chat" lineno="197">
<summary>
Send messages to and from GPG
Pinentry over DBUS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpg_list_user_secrets" lineno="217">
<summary>
List Gnu Privacy Guard user secrets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpg_manage_home_content" lineno="236">
<summary>
Allow to manage gpg named home content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpg_manage_admin_home_content" lineno="256">
<summary>
Allow to manage gpg named admin home content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpg_filetrans_home_content" lineno="276">
<summary>
Transition to gpg named home content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpg_filetrans_admin_home_content" lineno="294">
<summary>
Transition to gpg named admin home content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpg_agent_stream_connect" lineno="312">
<summary>
Connected to gpg_agent_t unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpg_noatsecure" lineno="330">
<summary>
Connected to gpg_agent_t unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="gpg_web_anon_write" dftval="false">
<desc>
<p>
Allow gpg web domain to modify public files
used for public file transfer services.
</p>
</desc>
</tunable>
</module>
<module name="gpm" filename="policy/modules/contrib/gpm.if">
<summary>General Purpose Mouse driver.</summary>
<interface name="gpm_stream_connect" lineno="14">
<summary>
Connect to GPM over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpm_getattr_gpmctl" lineno="34">
<summary>
Get attributes of gpm control
channel named sock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpm_dontaudit_getattr_gpmctl" lineno="55">
<summary>
Do not audit attempts to get
attributes of gpm control channel
named sock files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="gpm_setattr_gpmctl" lineno="74">
<summary>
Set attributes of gpm control
channel named sock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpm_admin" lineno="100">
<summary>
All of the rules required to
administrate an gpm environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="gpsd" filename="policy/modules/contrib/gpsd.if">
<summary>gpsd monitor daemon.</summary>
<interface name="gpsd_domtrans" lineno="13">
<summary>
Execute a domain transition to run gpsd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="gpsd_run" lineno="38">
<summary>
Execute gpsd in the gpsd domain, and
allow the specified role the gpsd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="gpsd_rw_shm" lineno="57">
<summary>
Read and write gpsd shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpsd_admin" lineno="87">
<summary>
All of the rules required to
administrate an gpsd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="gssproxy" filename="policy/modules/contrib/gssproxy.if">
<summary>policy for gssproxy</summary>
<interface name="gssproxy_domtrans" lineno="13">
<summary>
Execute TEMPLATE in the gssproxy domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="gssproxy_search_lib" lineno="32">
<summary>
Search gssproxy lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gssproxy_read_lib_files" lineno="51">
<summary>
Read gssproxy lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gssproxy_manage_lib_files" lineno="70">
<summary>
Manage gssproxy lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gssproxy_manage_lib_dirs" lineno="89">
<summary>
Manage gssproxy lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gssproxy_read_pid_files" lineno="108">
<summary>
Read gssproxy PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gssproxy_systemctl" lineno="127">
<summary>
Execute gssproxy server in the gssproxy domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="gssproxy_stream_connect" lineno="152">
<summary>
Connect to gssproxy over an unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gssproxy_admin" lineno="174">
<summary>
All of the rules required to administrate
an gssproxy environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="gssproxy_noatsecure" lineno="210">
<summary>
Read and write to svirt_image devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="hadoop" filename="policy/modules/contrib/hadoop.if">
<summary>Software for reliable, scalable, distributed computing.</summary>
<template name="hadoop_domain_template" lineno="13">
<summary>
The template to define a hadoop domain.
</summary>
<param name="domain_prefix">
<summary>
Domain prefix to be used.
</summary>
</param>
</template>
<interface name="hadoop_role" lineno="107">
<summary>
Role access for hadoop.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="hadoop_domtrans" lineno="139">
<summary>
Execute hadoop in the
hadoop domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="hadoop_recvfrom" lineno="158">
<summary>
Receive from hadoop peer.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hadoop_domtrans_zookeeper_client" lineno="177">
<summary>
Execute zookeeper client in the
zookeeper client domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="hadoop_recvfrom_zookeeper_client" lineno="196">
<summary>
Receive from zookeeper peer.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hadoop_domtrans_zookeeper_server" lineno="215">
<summary>
Execute zookeeper server in the
zookeeper server domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="hadoop_recvfrom_zookeeper_server" lineno="234">
<summary>
Receive from zookeeper server peer.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hadoop_initrc_domtrans_zookeeper_server" lineno="253">
<summary>
Execute zookeeper server in the
zookeeper domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="hadoop_recvfrom_datanode" lineno="271">
<summary>
Receive from datanode peer.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hadoop_read_config" lineno="289">
<summary>
Read hadoop configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hadoop_exec_config" lineno="308">
<summary>
Execute hadoop configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hadoop_recvfrom_jobtracker" lineno="327">
<summary>
Receive from jobtracker peer.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hadoop_match_lan_spd" lineno="345">
<summary>
Match hadoop lan association.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hadoop_recvfrom_namenode" lineno="363">
<summary>
Receive from namenode peer.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hadoop_recvfrom_secondarynamenode" lineno="381">
<summary>
Receive from secondary namenode peer.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hadoop_recvfrom_tasktracker" lineno="399">
<summary>
Receive from tasktracker peer.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hadoop_admin" lineno="424">
<summary>
All of the rules required to
administrate an hadoop environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="hddtemp" filename="policy/modules/contrib/hddtemp.if">
<summary>Hard disk temperature tool running as a daemon.</summary>
<interface name="hddtemp_domtrans" lineno="13">
<summary>
Execute a domain transition to run hddtemp.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="hddtemp_run" lineno="38">
<summary>
Execute hddtemp in the hddtemp domain, and
allow the specified role the hddtemp domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="hddtemp_exec" lineno="58">
<summary>
Execute hddtemp in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hddtemp_admin" lineno="84">
<summary>
All of the rules required to
administrate an hddtemp environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="hostapd" filename="policy/modules/contrib/hostapd.if">
<summary>policy for hostapd</summary>
<interface name="hostapd_domtrans" lineno="13">
<summary>
Execute TEMPLATE in the hostapd domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="hostapd_systemctl" lineno="31">
<summary>
Execute hostapd server in the hostapd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="hostapd_read_pid_files" lineno="56">
<summary>
Read hostapd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hostapd_admin" lineno="77">
<summary>
All of the rules required to administrate
an hostapd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="howl" filename="policy/modules/contrib/howl.if">
<summary>Port of Apple Rendezvous multicast DNS.</summary>
<interface name="howl_signal" lineno="13">
<summary>
Send generic signals to howl.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="howl_admin" lineno="38">
<summary>
All of the rules required to
administrate an howl environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="hsqldb" filename="policy/modules/contrib/hsqldb.if">
<summary>Hsqldb is transactional database engine with in-memory and disk-based tables, supporting embedded and server modes.</summary>
<interface name="hsqldb_domtrans" lineno="13">
<summary>
Execute hsqldb_exec_t in the hsqldb domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="hsqldb_exec" lineno="32">
<summary>
Execute hsqldb in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hsqldb_dontaudit_read_tmp_files" lineno="52">
<summary>
Do not audit attempts to read,
hsqldb tmp files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="hsqldb_read_tmp_files" lineno="70">
<summary>
Read hsqldb tmp files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hsqldb_manage_tmp" lineno="89">
<summary>
Manage hsqldb tmp files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hsqldb_search_lib" lineno="110">
<summary>
Search hsqldb lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hsqldb_read_lib_files" lineno="129">
<summary>
Read hsqldb lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hsqldb_manage_lib_files" lineno="148">
<summary>
Manage hsqldb lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hsqldb_manage_lib_dirs" lineno="167">
<summary>
Manage hsqldb lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hsqldb_systemctl" lineno="186">
<summary>
Execute hsqldb server in the hsqldb domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="hsqldb_admin" lineno="212">
<summary>
All of the rules required to administrate
an hsqldb environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="hwloc" filename="policy/modules/contrib/hwloc.if">
<summary>Dump topology and locality information from hardware tables.</summary>
<interface name="hwloc_domtrans_dhwd" lineno="13">
<summary>
Execute hwloc dhwd in the hwloc dhwd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="hwloc_run_dhwd" lineno="38">
<summary>
Execute hwloc dhwd in the hwloc dhwd domain, and
allow the specified role the hwloc dhwd domain,
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="hwloc_exec_dhwd" lineno="57">
<summary>
Execute hwloc dhwd in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hwloc_read_runtime_files" lineno="75">
<summary>
Read hwloc runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hwloc_admin" lineno="96">
<summary>
All of the rules required to
administrate an hwloc environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="hypervkvp" filename="policy/modules/contrib/hypervkvp.if">
<summary>policy for hypervkvp</summary>
<interface name="hypervkvp_domtrans" lineno="13">
<summary>
Execute TEMPLATE in the hypervkvp domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="hypervkvp_search_lib" lineno="32">
<summary>
Search hypervkvp lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hypervkvp_read_lib_files" lineno="51">
<summary>
Read hypervkvp lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hypervkvp_manage_lib_files" lineno="72">
<summary>
Create, read, write, and delete
hypervkvp lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hypervkvp_systemctl" lineno="91">
<summary>
Execute hypervkvp server in the hypervkvp domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="hypervkvp_admin" lineno="116">
<summary>
All of the rules required to administrate
an hypervkvp environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="i18n_input" filename="policy/modules/contrib/i18n_input.if">
<summary>IIIMF htt server.</summary>
<interface name="i18n_use" lineno="13">
<summary>
Use i18n_input over a TCP connection.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="i18n_input_admin" lineno="34">
<summary>
All of the rules required to
administrate an i18n input environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="ibacm" filename="policy/modules/contrib/ibacm.if">
<summary>policy for ibacm</summary>
<interface name="ibacm_domtrans" lineno="13">
<summary>
Execute ibacm_exec_t in the ibacm domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ibacm_exec" lineno="32">
<summary>
Execute ibacm in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ibacm_read_log" lineno="51">
<summary>
Read ibacm's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ibacm_append_log" lineno="70">
<summary>
Append to ibacm log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ibacm_manage_log" lineno="89">
<summary>
Manage ibacm log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ibacm_read_pid_files" lineno="109">
<summary>
Read ibacm PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ibacm_admin" lineno="137">
<summary>
All of the rules required to administrate
an ibacm environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ibacm_create_netlink_rdma_socket" lineno="172">
<summary>
Allow caller to create netlink rdma socket for ibacm
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="ica" filename="policy/modules/contrib/ica.if">
<summary>policy for ica</summary>
<interface name="ica_read_map_tmpfs_files" lineno="13">
<summary>
Read and map ica tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ica_rw_map_tmpfs_files" lineno="32">
<summary>
Read, write, and map ica tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ica_filetrans_named_content" lineno="51">
<summary>
Transition to ica named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="icecast" filename="policy/modules/contrib/icecast.if">
<summary>ShoutCast compatible streaming media server.</summary>
<interface name="icecast_domtrans" lineno="13">
<summary>
Execute a domain transition to run icecast.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="icecast_signal" lineno="32">
<summary>
Send generic signals to icecast.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="icecast_initrc_domtrans" lineno="50">
<summary>
Execute icecast server in the icecast domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="icecast_read_pid_files" lineno="68">
<summary>
Read icecast pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="icecast_manage_pid_files" lineno="88">
<summary>
Create, read, write, and delete
icecast pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="icecast_read_log" lineno="108">
<summary>
Read icecast log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="icecast_append_log" lineno="127">
<summary>
Append icecast log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="icecast_manage_log" lineno="147">
<summary>
Create, read, write, and delete
icecast log files.
</summary>
<param name="domain">
<summary>
Domain allow access.
</summary>
</param>
</interface>
<interface name="icecast_admin" lineno="173">
<summary>
All of the rules required to
administrate an icecast environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="icecast_use_any_tcp_ports" dftval="false">
<desc>
<p>
Determine whether icecast can listen
on and connect to any TCP port.
</p>
</desc>
</tunable>
</module>
<module name="ifplugd" filename="policy/modules/contrib/ifplugd.if">
<summary>Bring up/down ethernet interfaces based on cable detection.</summary>
<interface name="ifplugd_domtrans" lineno="13">
<summary>
Execute a domain transition to run ifplugd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ifplugd_signal" lineno="32">
<summary>
Send generic signals to ifplugd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ifplugd_read_config" lineno="50">
<summary>
Read ifplugd configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ifplugd_manage_config" lineno="70">
<summary>
Create, read, write, and delete
ifplugd configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ifplugd_read_pid_files" lineno="90">
<summary>
Read ifplugd pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ifplugd_admin" lineno="116">
<summary>
All of the rules required to
administrate an ifplugd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="iiosensorproxy" filename="policy/modules/contrib/iiosensorproxy.if">
<summary>IIO sensors to D-Bus proxy</summary>
</module>
<module name="imaze" filename="policy/modules/contrib/imaze.if">
<summary>iMaze game server.</summary>
</module>
<module name="inetd" filename="policy/modules/contrib/inetd.if">
<summary>Internet services daemon.</summary>
<interface name="inetd_core_service_domain" lineno="27">
<summary>
Define the specified domain as a inetd service.
</summary>
<desc>
<p>
Define the specified domain as a inetd service.  The
inetd_service_domain(), inetd_tcp_service_domain(),
or inetd_udp_service_domain() interfaces should be used
instead of this interface, as this interface only provides
the common rules to these three interfaces.
</p>
</desc>
<param name="domain">
<summary>
The type associated with the inetd service process.
</summary>
</param>
<param name="entrypoint">
<summary>
The type associated with the process program.
</summary>
</param>
</interface>
<interface name="inetd_tcp_service_domain" lineno="63">
<summary>
Define the specified domain as a TCP inetd service.
</summary>
<param name="domain">
<summary>
The type associated with the inetd service process.
</summary>
</param>
<param name="entrypoint">
<summary>
The type associated with the process program.
</summary>
</param>
</interface>
<interface name="inetd_udp_service_domain" lineno="89">
<summary>
Define the specified domain as a UDP inetd service.
</summary>
<param name="domain">
<summary>
The type associated with the inetd service process.
</summary>
</param>
<param name="entrypoint">
<summary>
The type associated with the process program.
</summary>
</param>
</interface>
<interface name="inetd_service_domain" lineno="114">
<summary>
Define the specified domain as a TCP and UDP inetd service.
</summary>
<param name="domain">
<summary>
The type associated with the inetd service process.
</summary>
</param>
<param name="entrypoint">
<summary>
The type associated with the process program.
</summary>
</param>
</interface>
<interface name="inetd_use_fds" lineno="139">
<summary>
Inherit and use inetd file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inetd_tcp_connect" lineno="157">
<summary>
Connect to the inetd service using a TCP connection.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inetd_domtrans_child" lineno="172">
<summary>
Run inetd child process in the
inet child domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="inetd_udp_send" lineno="191">
<summary>
Send UDP network traffic to inetd.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inetd_rw_tcp_sockets" lineno="205">
<summary>
Read and write inetd TCP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="inn" filename="policy/modules/contrib/inn.if">
<summary>Internet News NNTP server.</summary>
<interface name="inn_exec" lineno="13">
<summary>
Execute innd in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inn_exec_config" lineno="32">
<summary>
Execute inn configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inn_manage_log" lineno="52">
<summary>
Create, read, write, and delete
innd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inn_generic_log_filetrans_innd_log" lineno="81">
<summary>
Create specified objects in generic
log directories with the innd log file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="inn_manage_pid" lineno="100">
<summary>
Create, read, write, and delete
innd pid content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inn_read_config" lineno="122">
<summary>
Read innd configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inn_read_news_lib" lineno="143">
<summary>
Read innd news library content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inn_write_inherited_news_lib" lineno="163">
<summary>
Write innd inherited news library content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inn_read_news_spool" lineno="181">
<summary>
Read innd news spool content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inn_dgram_send" lineno="202">
<summary>
Send to a innd unix dgram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inn_domtrans" lineno="221">
<summary>
Execute innd in the innd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="inn_admin" lineno="247">
<summary>
All of the rules required to
administrate an inn environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="insights_client" filename="policy/modules/contrib/insights_client.if">
<summary>policy for insights_client</summary>
<interface name="insights_client_domtrans" lineno="13">
<summary>
Execute insights_client_exec_t in the insights_client domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="insights_client_exec" lineno="32">
<summary>
Execute insights_client in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="insights_client_rw_pipes" lineno="51">
<summary>
Read and write a insights_client unnamed pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="insights_search_config" lineno="70">
<summary>
Allow the specified domain to search
insights configuration dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="insights_client_filetrans_named_content" lineno="89">
<summary>
Transition to insights_client named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="insights_client_filetrans_tmp" lineno="123">
<summary>
Transition to insights_client named content in /tmp
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="insights_client_filetrans_run" lineno="142">
<summary>
Transition to insights_client named content in /var/run
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="insights_client_read_config" lineno="160">
<summary>
Read insights_client config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="insights_client_read_lib_files" lineno="180">
<summary>
Read insights_client lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="insights_client_manage_lib_dirs" lineno="200">
<summary>
Manage insights_client lib directories..
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="insights_client_watch_lib_dirs" lineno="219">
<summary>
Watch insights_client lib directories..
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="insights_client_manage_lib_files" lineno="238">
<summary>
Manage insights_client lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="insights_client_write_lib_sock_files" lineno="258">
<summary>
Write to insights_client lib socket files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="insights_client_manage_lib_sock_files" lineno="277">
<summary>
Manage insights_client lib socket files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="insights_client_read_tmp" lineno="296">
<summary>
Read insights_client temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="insights_client_write_tmp" lineno="315">
<summary>
Write/append insights_client temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="iodine" filename="policy/modules/contrib/iodine.if">
<summary>IP over DNS tunneling daemon.</summary>
<interface name="iodined_domtrans" lineno="13">
<summary>
Execute NetworkManager with a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="iodined_systemctl" lineno="32">
<summary>
Execute iodined server in the iodined domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="iodined_admin" lineno="64">
<summary>
All of the rules required to
administrate an iodined environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="iodine_admin" lineno="86">
<summary>
All of the rules required to
administrate an iodined environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="iotop" filename="policy/modules/contrib/iotop.if">
<summary>Simple top-like I/O monitor</summary>
<interface name="iotop_domtrans" lineno="13">
<summary>
Allow execution of iotop in the iotop domain from the target domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition to iotop.
</summary>
</param>
</interface>
<interface name="iotop_run" lineno="38">
<summary>
Execute iotop in the iotop domain, and
allow the specified role to access the iotop domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition
</summary>
</param>
<param name="role">
<summary>
The role to be allowed into the iotop domain.
</summary>
</param>
</interface>
</module>
<module name="ipmievd" filename="policy/modules/contrib/ipmievd.if">
<summary>IPMI event daemon for sending events to syslog.</summary>
<interface name="ipmievd_domtrans" lineno="13">
<summary>
Execute ipmievd_exec_t in the ipmievd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ipmievd_exec" lineno="32">
<summary>
Execute ipmievd in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipmievd_read_pid_files" lineno="51">
<summary>
Read ipmievd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipmievd_systemctl" lineno="70">
<summary>
Execute ipmievd server in the ipmievd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ipmievd_admin" lineno="95">
<summary>
All of the rules required to administrate
an ipmievd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="irc" filename="policy/modules/contrib/irc.if">
<summary>IRC client policy.</summary>
<interface name="irc_role" lineno="18">
<summary>
Role access for IRC.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="irc_filetrans_home_content" lineno="71">
<summary>
Transition to alsa named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="irc_use_any_tcp_ports" dftval="false">
<desc>
<p>
Determine whether irc clients can
listen on and connect to any
unreserved TCP ports.
</p>
</desc>
</tunable>
<tunable name="irssi_use_full_network" dftval="false">
<desc>
<p>
Allow the Irssi IRC Client to connect to any port,
and to bind to any unreserved port.
</p>
</desc>
</tunable>
</module>
<module name="ircd" filename="policy/modules/contrib/ircd.if">
<summary>IRC servers.</summary>
<interface name="ircd_admin" lineno="20">
<summary>
All of the rules required to
administrate an ircd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="irqbalance" filename="policy/modules/contrib/irqbalance.if">
<summary>IRQ balancing daemon.</summary>
<interface name="irqbalance_admin" lineno="20">
<summary>
All of the rules required to
administrate an irqbalance environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="irqbalance_run_unconfined" dftval="false">
<desc>
<p>
Allow irqbalance to run unconfined scripts
</p>
</desc>
</tunable>
</module>
<module name="iscsi" filename="policy/modules/contrib/iscsi.if">
<summary>Establish connections to iSCSI devices.</summary>
<interface name="iscsid_domtrans" lineno="13">
<summary>
Execute a domain transition to run iscsid.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="iscsid_run" lineno="38">
<summary>
Execute iscsid programs in the iscsid domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to allow the iscsid domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="iscsi_manage_lock" lineno="58">
<summary>
Create, read, write, and delete
iscsid lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="iscsi_manage_semaphores" lineno="79">
<summary>
Create, read, write, and delete
iscsid sempaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="iscsi_stream_connect" lineno="98">
<summary>
Connect to iscsid using a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="iscsi_read_lib_files" lineno="117">
<summary>
Read iscsid lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="iscsi_filetrans_named_content" lineno="137">
<summary>
Transition to iscsi named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="iscsi_systemctl" lineno="155">
<summary>
Execute iscsi server in the iscsi domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="iscsi_admin" lineno="181">
<summary>
All of the rules required to
administrate an iscsi environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="iscsi_read_pid_files" lineno="222">
<summary>
Read iscsi PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="iscsi_service_status" lineno="241">
<summary>
Get iscsi service status
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="iscsi_service_reload" lineno="259">
<summary>
Reload iscsi service
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
</module>
<module name="isns" filename="policy/modules/contrib/isns.if">
<summary>Internet Storage Name Service.</summary>
<interface name="isnsd_admin" lineno="20">
<summary>
All of the rules required to
administrate an isnsd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="jabber" filename="policy/modules/contrib/jabber.if">
<summary>Jabber instant messaging server</summary>
<template name="jabber_domain_template" lineno="14">
<summary>
Creates types and rules for a basic
jabber init daemon domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="jabber_domtrans_jabberd" lineno="45">
<summary>
Execute a domain transition to run jabberd services
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="jabber_domtrans_jabberd_router" lineno="63">
<summary>
Execute a domain transition to run jabberd router service
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="jabberd_read_lib_files" lineno="81">
<summary>
Read jabberd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="jabberd_dontaudit_read_lib_files" lineno="100">
<summary>
Dontaudit inherited read jabberd lib files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="jabberd_manage_lib_files" lineno="119">
<summary>
Create, read, write, and delete
jabberd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="jabber_admin" lineno="145">
<summary>
All of the rules required to administrate
an jabber environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the jabber domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="java" filename="policy/modules/contrib/java.if">
<summary>Java virtual machine</summary>
<interface name="java_role" lineno="18">
<summary>
Role access for java.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<template name="java_role_template" lineno="81">
<summary>
The role template for the java module.
</summary>
<desc>
<p>
This template creates a derived domains which are used
for java applications.
</p>
</desc>
<param name="role_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
<template name="java_domtrans" lineno="139">
<summary>
Execute the java program in the java domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</template>
<interface name="java_run" lineno="164">
<summary>
Execute java in the java domain, and
allow the specified role the java domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="java_domtrans_unconfined" lineno="184">
<summary>
Execute the java program in the
unconfined java domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="java_run_unconfined" lineno="210">
<summary>
Execute the java program in the
unconfined java domain and allow the
specified role the java domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="java_exec" lineno="230">
<summary>
Execute the java program in
the callers domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="java_manage_generic_home_content" lineno="250">
<summary>
Create, read, write, and delete
generic java home content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="java_home_filetrans_java_home" lineno="282">
<summary>
Create specified objects in user home
directories with the generic java
home type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<tunable name="java_execstack" dftval="false">
<desc>
<p>
Determine whether java can make
its stack executable.
</p>
</desc>
</tunable>
</module>
<module name="jetty" filename="policy/modules/contrib/jetty.if">
<summary>Jetty - HTTP server and Servlet container</summary>
<interface name="jetty_domtrans" lineno="13">
<summary>
Execute jetty_exec_t in the jetty domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="jetty_exec" lineno="32">
<summary>
Execute jetty in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="jetty_search_cache" lineno="51">
<summary>
Search jetty cache directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="jetty_read_cache_files" lineno="70">
<summary>
Read jetty cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="jetty_manage_cache_files" lineno="90">
<summary>
Create, read, write, and delete
jetty cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="jetty_manage_cache_dirs" lineno="109">
<summary>
Manage jetty cache dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="jetty_read_log" lineno="129">
<summary>
Read jetty's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="jetty_append_log" lineno="148">
<summary>
Append to jetty log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="jetty_manage_log" lineno="167">
<summary>
Manage jetty log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="jetty_dontaudit_read_tmp_files" lineno="189">
<summary>
Do not audit attempts to read,
jetty tmp files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="jetty_read_tmp_files" lineno="207">
<summary>
Read jetty tmp files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="jetty_manage_tmp" lineno="226">
<summary>
Manage jetty tmp files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="jetty_search_lib" lineno="247">
<summary>
Search jetty lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="jetty_read_lib_files" lineno="266">
<summary>
Read jetty lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="jetty_manage_lib_files" lineno="285">
<summary>
Manage jetty lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="jetty_manage_lib_dirs" lineno="304">
<summary>
Manage jetty lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="jetty_read_pid_files" lineno="323">
<summary>
Read jetty PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="jetty_systemctl" lineno="342">
<summary>
Execute jetty server in the jetty domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="jetty_admin" lineno="374">
<summary>
All of the rules required to administrate
an jetty environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="jockey" filename="policy/modules/contrib/jockey.if">
<summary>policy for jockey</summary>
<interface name="jockey_domtrans" lineno="13">
<summary>
Transition to jockey.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="jockey_search_cache" lineno="32">
<summary>
Search jockey cache directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="jockey_read_cache_files" lineno="51">
<summary>
Read jockey cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="jockey_manage_cache_files" lineno="71">
<summary>
Create, read, write, and delete
jockey cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="jockey_manage_cache_dirs" lineno="90">
<summary>
Manage jockey cache dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="jockey_admin" lineno="110">
<summary>
All of the rules required to administrate
an jockey environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="journalctl" filename="policy/modules/contrib/journalctl.if">
<summary>policy for journalctl</summary>
<interface name="journalctl_domtrans" lineno="13">
<summary>
Execute TEMPLATE in the journalctl domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="journalctl_exec" lineno="32">
<summary>
Execute journalctl in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="journalctl_run" lineno="58">
<summary>
Execute journalctl in the journalctl domain, and
allow the specified role the journalctl domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the journalctl domain.
</summary>
</param>
</interface>
<interface name="journalctl_role" lineno="83">
<summary>
Role access for journalctl
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
</module>
<module name="kdump" filename="policy/modules/contrib/kdump.if">
<summary>Kernel crash dumping mechanism</summary>
<interface name="kdump_domtrans" lineno="13">
<summary>
Execute kdump in the kdump domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="kdumpctl_domtrans" lineno="32">
<summary>
Execute kdumpctl in the kdumpctl domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="kdump_initrc_domtrans" lineno="52">
<summary>
Execute kdump in the kdump domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="kdump_systemctl" lineno="70">
<summary>
Execute kdump server in the kdump domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="kdump_read_config" lineno="95">
<summary>
Read kdump configuration file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kdump_read_crash" lineno="114">
<summary>
Read kdump crash files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kdump_manage_crash" lineno="134">
<summary>
Read kdump crash files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kdump_dontaudit_read_config" lineno="154">
<summary>
Dontaudit read kdump configuration file.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kdump_manage_config" lineno="172">
<summary>
Manage kdump configuration file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kdump_rw_lock" lineno="191">
<summary>
Read and write kdump lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kdump_rw_inherited_kdumpctl_tmp_pipes" lineno="210">
<summary>
Read/write inherited kdump /var/tmp named pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kdump_manage_kdumpctl_tmp_files" lineno="229">
<summary>
Manage kdump /var/tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kdump_filetrans_named_content" lineno="252">
<summary>
Transition content labels to kdump named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kdump_admin" lineno="277">
<summary>
All of the rules required to administrate
an kdump environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the kdump domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kdump_dontaudit_inherited_kdumpctl_tmp_pipes" lineno="317">
<summary>
Dontaudit Read/write inherited kdump /var/tmp named pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
<interface name="kdump_manage_lib_files" lineno="336">
<summary>
Manage kdump lib files
</summary>
<param name="domain">
<summary>
Domain to allow access
</summary>
</param>
</interface>
<interface name="kdump_dgram_send_kdumpctl" lineno="354">
<summary>
Send to kdumpctl over a unix dgram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="kdumpgui" filename="policy/modules/contrib/kdumpgui.if">
<summary>system-config-kdump GUI</summary>
<interface name="kdumpgui_dbus_chat" lineno="14">
<summary>
Send and receive messages from
kdumpgui over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="kdumpgui_run_bootloader" dftval="false">
<desc>
<p>
Allow s-c-kdump to run bootloader in bootloader_t.
</p>
</desc>
</tunable>
</module>
<module name="keepalived" filename="policy/modules/contrib/keepalived.if">
<summary> keepalived - load-balancing and high-availability service</summary>
<interface name="keepalived_domtrans" lineno="13">
<summary>
Execute keepalived in the keepalived domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="keepalived_systemctl" lineno="31">
<summary>
Execute keepalived server in the keepalived domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="keepalived_admin" lineno="59">
<summary>
All of the rules required to administrate
an keepalived environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="keepalived_connect_any" dftval="false">
<desc>
<p>
Determine whether keepalived can
connect to all TCP ports.
</p>
</desc>
</tunable>
</module>
<module name="kerberos" filename="policy/modules/contrib/kerberos.if">
<summary>MIT Kerberos admin and KDC</summary>
<desc>
<p>
This policy supports:
</p>
<p>
Servers:
<ul>
<li>kadmind</li>
<li>krb5kdc</li>
</ul>
</p>
<p>
Clients:
<ul>
<li>kinit</li>
<li>kdestroy</li>
<li>klist</li>
<li>ksu (incomplete)</li>
</ul>
</p>
</desc>
<interface name="kerberos_exec_kadmind" lineno="34">
<summary>
Execute kadmind in the current domain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kerberos_domtrans_kpropd" lineno="52">
<summary>
Execute a domain transition to run kpropd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="kerberos_use" lineno="70">
<summary>
Use kerberos services
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kerberos_read_config" lineno="136">
<summary>
Read the kerberos configuration file (/etc/krb5.conf).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kerberos_dontaudit_write_config" lineno="157">
<summary>
Do not audit attempts to write the kerberos
configuration file (/etc/krb5.conf).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kerberos_rw_config" lineno="176">
<summary>
Read and write the kerberos configuration file (/etc/krb5.conf).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kerberos_read_keytab" lineno="196">
<summary>
Read the kerberos key table.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kerberos_rw_keytab" lineno="216">
<summary>
Read/Write the kerberos key table.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kerberos_etc_filetrans_keytab" lineno="241">
<summary>
Create keytab file in /etc
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<template name="kerberos_keytab_template" lineno="266">
<summary>
Create a derived type for kerberos keytab
</summary>
<param name="prefix">
<summary>
The prefix to be used for deriving type names.
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</template>
<interface name="kerberos_read_kdc_config" lineno="283">
<summary>
Read the kerberos kdc configuration file (/etc/krb5kdc.conf).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kerberos_manage_kdc_config" lineno="303">
<summary>
Manage the kerberos kdc configuration file (/etc/krb5kdc.conf).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kerberos_read_host_rcache" lineno="323">
<summary>
Read the kerberos kdc configuration file (/etc/krb5kdc.conf).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kerberos_rw_host_rcache" lineno="340">
<summary>
Read/Write the kerberos host rcache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kerberos_manage_host_rcache" lineno="360">
<summary>
Read the kerberos kdc configuration file (/etc/krb5kdc.conf).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kerberos_admin" lineno="400">
<summary>
All of the rules required to administrate
an kerberos environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the kerberos domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kerberos_tmp_filetrans_host_rcache" lineno="466">
<summary>
Type transition files created in /tmp
to the krb5_host_rcache type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="kerberos_tmp_filetrans_kadmin" lineno="491">
<summary>
Type transition files created in /tmp
to the kadmind_tmp type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="kerberos_read_home_content" lineno="510">
<summary>
read kerberos homedir content (.k5login)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kerberos_manage_kdc_var_lib" lineno="531">
<summary>
Manage the kerberos kdc /var/lib files
and directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kerberos_filetrans_admin_home_content" lineno="552">
<summary>
create kerberos content in the  in the /root directory
with an correct label.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kerberos_filetrans_home_content" lineno="572">
<summary>
Transition to kerberos named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kerberos_filetrans_named_content" lineno="592">
<summary>
Transition to kerberos named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kerberos_write_kadmind_tmp_files" lineno="630">
<summary>
Write to temporary kadmind files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="kerberos_enabled" dftval="false">
<desc>
<p>
Allow confined applications to run with kerberos.
</p>
</desc>
</tunable>
</module>
<module name="kerneloops" filename="policy/modules/contrib/kerneloops.if">
<summary>Service for reporting kernel oopses to kerneloops.org.</summary>
<interface name="kerneloops_domtrans" lineno="13">
<summary>
Execute a domain transition to run kerneloops.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="kerneloops_dbus_chat" lineno="33">
<summary>
Send and receive messages from
kerneloops over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kerneloops_dontaudit_dbus_chat" lineno="55">
<summary>
Do not audit attempts to Send and
receive messages from kerneloops
over dbus.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kerneloops_manage_tmp_files" lineno="76">
<summary>
Create, read, write, and delete
kerneloops temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kerneloops_admin" lineno="102">
<summary>
All of the rules required to
administrate an kerneloops environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="keyboardd" filename="policy/modules/contrib/keyboardd.if">
<summary>policy for system-setup-keyboard daemon</summary>
<interface name="keyboardd_domtrans" lineno="13">
<summary>
Execute a domain transition to run keyboard setup daemon.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="keyboardd_read_pipes" lineno="32">
<summary>
Allow attempts to read  to
keyboardd unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="keystone" filename="policy/modules/contrib/keystone.if">
<summary>policy for keystone</summary>
<interface name="keystone_domtrans" lineno="13">
<summary>
Transition to keystone.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="keystone_read_log" lineno="32">
<summary>
Read keystone's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="keystone_append_log" lineno="51">
<summary>
Append to keystone log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="keystone_manage_log" lineno="70">
<summary>
Manage keystone log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="keystone_search_lib" lineno="91">
<summary>
Search keystone lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="keystone_read_lib_files" lineno="110">
<summary>
Read keystone lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="keystone_manage_lib_files" lineno="129">
<summary>
Manage keystone lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="keystone_manage_lib_dirs" lineno="148">
<summary>
Manage keystone lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="keystone_systemctl" lineno="167">
<summary>
Execute keystone server in the keystone domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="keystone_admin" lineno="194">
<summary>
All of the rules required to administrate
an keystone environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="kismet" filename="policy/modules/contrib/kismet.if">
<summary>IEEE 802.11 wireless LAN sniffer.</summary>
<template name="kismet_role" lineno="18">
<summary>
Role access for kismet.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</template>
<interface name="kismet_domtrans" lineno="51">
<summary>
Execute a domain transition to run kismet.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="kismet_run" lineno="76">
<summary>
Execute kismet in the kismet domain, and
allow the specified role the kismet domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="kismet_read_pid_files" lineno="95">
<summary>
Read kismet pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kismet_manage_pid_files" lineno="115">
<summary>
Create, read, write, and delete
kismet pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kismet_search_lib" lineno="134">
<summary>
Search kismet lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kismet_read_lib_files" lineno="153">
<summary>
Read kismet lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kismet_manage_lib_files" lineno="174">
<summary>
Create, read, write, and delete
kismet lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kismet_manage_lib" lineno="194">
<summary>
Create, read, write, and delete
kismet lib content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kismet_read_log" lineno="216">
<summary>
Read kismet log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kismet_append_log" lineno="235">
<summary>
Append kismet log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kismet_manage_log" lineno="255">
<summary>
Create, read, write, and delete
kismet log content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kismet_admin" lineno="283">
<summary>
All of the rules required to
administrate an kismet environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="kmscon" filename="policy/modules/contrib/kmscon.if">
<summary>Terminal emulator for Linux graphical console</summary>
<interface name="kmscon_systemctl" lineno="13">
<summary>
Execute kmscon in the kmscon domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="kpatch" filename="policy/modules/contrib/kpatch.if">
<summary>Policy for kpatch</summary>
<interface name="kpatch_domtrans" lineno="13">
<summary>
Transition to kpatch.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="kpatch_nnp_domtrans" lineno="33">
<summary>
NNP Transition to kpatch.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="kpatch_read_lib_files" lineno="52">
<summary>
Read kpatch lib files
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="kpatch_run" lineno="78">
<summary>
Execute kpatch in the kpatch domain, and
allow the specified role the kpatch domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the kpatch domain.
</summary>
</param>
</interface>
</module>
<module name="ksmtuned" filename="policy/modules/contrib/ksmtuned.if">
<summary>Kernel Samepage Merging Tuning Daemon.</summary>
<interface name="ksmtuned_domtrans" lineno="13">
<summary>
Execute a domain transition to run ksmtuned.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ksmtuned_initrc_domtrans" lineno="33">
<summary>
Execute ksmtuned server in
the ksmtuned domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ksmtuned_systemctl" lineno="51">
<summary>
Execute ksmtuned server in the ksmtunedd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ksmtuned_admin" lineno="77">
<summary>
All of the rules required to
administrate an ksmtuned environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="ksmtuned_use_nfs" dftval="false">
<desc>
<p>
Allow ksmtuned to use nfs file systems
</p>
</desc>
</tunable>
<tunable name="ksmtuned_use_cifs" dftval="false">
<desc>
<p>
Allow ksmtuned to use cifs/Samba file systems
</p>
</desc>
</tunable>
</module>
<module name="ktalk" filename="policy/modules/contrib/ktalk.if">
<summary>talk-server - daemon programs for the Internet talk </summary>
<interface name="ktalk_domtrans" lineno="13">
<summary>
Execute TEMPLATE in the ktalkd domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ktalk_systemctl" lineno="31">
<summary>
Execute ktalkd server in the ktalkd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ktalk_admin" lineno="59">
<summary>
All of the rules required to administrate
an ktalkd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="l2tp" filename="policy/modules/contrib/l2tp.if">
<summary>Layer 2 Tunneling Protocol daemons.</summary>
<interface name="l2tpd_domtrans" lineno="13">
<summary>
Transition to l2tpd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="l2tpd_initrc_domtrans" lineno="32">
<summary>
Execute l2tpd server in the l2tpd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="l2tpd_dgram_send" lineno="50">
<summary>
Send to l2tpd via a unix dgram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="l2tpd_rw_socket" lineno="69">
<summary>
Read and write l2tpd sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="l2tpd_read_pid_files" lineno="87">
<summary>
Read l2tpd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="l2tpd_stream_connect" lineno="107">
<summary>
Connect to l2tpd over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="l2tpd_rw_pipes" lineno="127">
<summary>
Read and write l2tpd unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="l2tpd_signal" lineno="145">
<summary>
Allow send a signal to l2tpd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="l2tpd_signull" lineno="163">
<summary>
Allow send signull to l2tpd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="l2tpd_sigkill" lineno="181">
<summary>
Allow send sigkill to l2tpd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="l2tpd_dbus_chat" lineno="200">
<summary>
Send and receive messages from
l2tpd over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="l2tpd_admin" lineno="227">
<summary>
All of the rules required to administrate
an l2tpd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="l2tpd_rw_pppox_sockets" lineno="266">
<summary>
Read and write to l2tpd unix
sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="ldap" filename="policy/modules/contrib/ldap.if">
<summary>OpenLDAP directory server</summary>
<interface name="ldap_domtrans" lineno="13">
<summary>
Execute OpenLDAP in the ldap domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ldap_initrc_domtrans" lineno="31">
<summary>
Execute OpenLDAP server in the ldap domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ldap_systemctl" lineno="49">
<summary>
Execute slapd server in the slapd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ldap_list_db" lineno="74">
<summary>
Read the contents of the OpenLDAP
database directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ldap_read_db_files" lineno="93">
<summary>
Read the contents of the OpenLDAP
database files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ldap_read_config" lineno="112">
<summary>
Read the OpenLDAP configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ldap_read_certs" lineno="132">
<summary>
Read the OpenLDAP cert files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ldap_use" lineno="153">
<summary>
Use LDAP over TCP connection.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ldap_stream_connect" lineno="167">
<summary>
Connect to slapd over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ldap_admin" lineno="193">
<summary>
All of the rules required to administrate
an ldap environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the ldap domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ldap_read_tmpfs_files" lineno="243">
<summary>
Read slapd tmpfs files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="lightsquid" filename="policy/modules/contrib/lightsquid.if">
<summary>Log analyzer for squid proxy.</summary>
<interface name="lightsquid_domtrans" lineno="14">
<summary>
Execute the lightsquid program in
the lightsquid domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="lightsquid_run" lineno="40">
<summary>
Execute lightsquid in the
lightsquid domain, and allow the
specified role the lightsquid domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="lightsquid_admin" lineno="66">
<summary>
All of the rules required to
administrate an lightsquid environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="likewise" filename="policy/modules/contrib/likewise.if">
<summary>Likewise Active Directory support for UNIX.</summary>
<desc>
<p>
Likewise Open is a free, open source application that joins Linux, Unix,
and Mac machines to Microsoft Active Directory to securely authenticate
users with their domain credentials.
</p>
</desc>
<template name="likewise_domain_template" lineno="26">
<summary>
The template to define a likewise domain.
</summary>
<desc>
<p>
This template creates a domain to be used for
a new likewise daemon.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The type of daemon to be used.
</summary>
</param>
</template>
<interface name="likewise_stream_connect_lsassd" lineno="92">
<summary>
Connect to lsassd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="linuxptp" filename="policy/modules/contrib/linuxptp.if">
<summary>implementation of the Precision Time Protocol (PTP) according to IEEE standard 1588 for Linux.</summary>
<interface name="linuxptp_domtrans_phc2sys" lineno="13">
<summary>
Execute domain in the phc2sys domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="linuxptp_domtrans_ptp4l" lineno="32">
<summary>
Execute domain in the phc2sys domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="timemaster_stream_connect" lineno="51">
<summary>
Connect to timemaster using a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="timemaster_read_pid_files" lineno="70">
<summary>
Read timemaster conf files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="timemaster_manage_pid_sock_files" lineno="88">
<summary>
Manage timemaster pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="timemaster_rw_shm" lineno="106">
<summary>
Read and write timemaster shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ptp4l_rw_shm" lineno="128">
<summary>
Read and write ptp4l_t shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="phc2sys_rw_shm" lineno="150">
<summary>
Read and write phc2sys_t shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="timemaster_service_status" lineno="172">
<summary>
Get timemaster services status
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="lircd" filename="policy/modules/contrib/lircd.if">
<summary>Linux infared remote control daemon.</summary>
<interface name="lircd_domtrans" lineno="13">
<summary>
Execute a domain transition to run lircd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="lircd_stream_connect" lineno="33">
<summary>
Connect to lircd over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lircd_read_config" lineno="52">
<summary>
Read lircd etc files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lircd_admin" lineno="78">
<summary>
All of the rules required to
administrate a lircd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="livecd" filename="policy/modules/contrib/livecd.if">
<summary>Tool for building alternate livecd for different os and policy versions.</summary>
<interface name="livecd_domtrans" lineno="13">
<summary>
Execute a domain transition to run livecd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="livecd_run" lineno="39">
<summary>
Execute livecd in the livecd
domain, and allow the specified
role the livecd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="livecd_dontaudit_leaks" lineno="65">
<summary>
Dontaudit read/write to a livecd leaks
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="livecd_read_tmp_files" lineno="83">
<summary>
Read livecd temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="livecd_rw_tmp_files" lineno="102">
<summary>
Read and write livecd temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="livecd_rw_semaphores" lineno="121">
<summary>
Read and write livecd semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="lldpad" filename="policy/modules/contrib/lldpad.if">
<summary>Intel LLDP Agent.</summary>
<interface name="lldpad_domtrans" lineno="13">
<summary>
Transition to lldpad.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="lldpad_dgram_send" lineno="32">
<summary>
Send to lldpad with a unix dgram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lldpad_admin" lineno="58">
<summary>
All of the rules required to
administrate an lldpad environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="lldpad_relabel_tmpfs" lineno="93">
<summary>
Allow relabel lldpad_tmpfs_t
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="loadkeys" filename="policy/modules/contrib/loadkeys.if">
<summary>Load keyboard mappings.</summary>
<interface name="loadkeys_domtrans" lineno="14">
<summary>
Execute the loadkeys program in
the loadkeys domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="loadkeys_run" lineno="41">
<summary>
Execute the loadkeys program in
the loadkeys domain, and allow the
specified role the loadkeys domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="loadkeys_exec" lineno="60">
<summary>
Execute the loadkeys in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="lockdev" filename="policy/modules/contrib/lockdev.if">
<summary>Library for locking devices.</summary>
<interface name="lockdev_manage_files" lineno="14">
<summary>
Create, read, write, and delete
lockdev lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lockdev_role" lineno="38">
<summary>
Role access for lockdev.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
</module>
<module name="logrotate" filename="policy/modules/contrib/logrotate.if">
<summary>Rotate and archive system logs</summary>
<interface name="logrotate_domtrans" lineno="13">
<summary>
Execute logrotate in the logrotate domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="logrotate_run" lineno="39">
<summary>
Execute logrotate in the logrotate domain, and
allow the specified role the logrotate domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logrotate_exec" lineno="58">
<summary>
Execute logrotate in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logrotate_use_fds" lineno="77">
<summary>
Inherit and use logrotate file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logrotate_dontaudit_use_fds" lineno="95">
<summary>
Do not audit attempts to inherit logrotate file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="logrotate_read_tmp_files" lineno="113">
<summary>
Read a logrotate temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="logrotate_use_nfs" dftval="false">
<desc>
<p>
Allow logrotate to manage nfs files
</p>
</desc>
</tunable>
<tunable name="logrotate_use_cifs" dftval="false">
<desc>
<p>
Allow logrotate to manage cifs files
</p>
</desc>
</tunable>
<tunable name="logrotate_use_fusefs" dftval="false">
<desc>
<p>
Allow logrotate domain to manage fuse files
</p>
</desc>
</tunable>
<tunable name="logrotate_read_inside_containers" dftval="false">
<desc>
<p>
Allow logrotate to read logs inside
</p>
</desc>
</tunable>
</module>
<module name="logwatch" filename="policy/modules/contrib/logwatch.if">
<summary>System log analyzer and reporter.</summary>
<interface name="logwatch_read_tmp_files" lineno="13">
<summary>
Read logwatch temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logwatch_search_cache_dir" lineno="32">
<summary>
Search logwatch cache directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logwatch_dontaudit_leaks" lineno="51">
<summary>
Dontaudit read and write an leaked file descriptors
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="logwatch_manage_cache" lineno="70">
<summary>
Create, read, write, and delete
svirt cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="logwatch_can_network_connect_mail" dftval="false">
<desc>
<p>
Determine whether logwatch can connect
to mail over the network.
</p>
</desc>
</tunable>
</module>
<module name="lpd" filename="policy/modules/contrib/lpd.if">
<summary>Line printer daemon</summary>
<interface name="lpd_role" lineno="19">
<summary>
Role access for lpd
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
<rolecap/>
</interface>
<interface name="lpd_domtrans_checkpc" lineno="63">
<summary>
Execute lpd in the lpd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="lpd_run_checkpc" lineno="88">
<summary>
Execute amrecover in the lpd domain, and
allow the specified role the lpd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="lpd_list_spool" lineno="107">
<summary>
List the contents of the printer spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lpd_read_spool" lineno="126">
<summary>
Read the printer spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lpd_manage_spool" lineno="145">
<summary>
Create, read, write, and delete printer spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lpd_relabel_spool" lineno="168">
<summary>
Relabel from and to the spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lpd_read_config" lineno="188">
<summary>
List the contents of the printer spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="lpd_domtrans_lpr" lineno="207">
<summary>
Transition to a user lpr domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="lpd_run_lpr" lineno="232">
<summary>
Execute lpr in the lpr domain, and
allow the specified role the lpr domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="lpd_exec_lpr" lineno="252">
<summary>
Allow the specified domain to execute lpr
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="use_lpd_server" dftval="false">
<desc>
<p>
Determine whether to support lpd server.
</p>
</desc>
</tunable>
</module>
<module name="lsm" filename="policy/modules/contrib/lsm.if">
<summary>libStorageMgmt  plug-in  daemon </summary>
<interface name="lsmd_domtrans" lineno="13">
<summary>
Execute TEMPLATE in the lsmd domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="lsmd_read_pid_files" lineno="31">
<summary>
Read lsmd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lsmd_systemctl" lineno="50">
<summary>
Execute lsmd server in the lsmd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="lsmd_admin" lineno="78">
<summary>
All of the rules required to administrate
an lsmd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="lsmd_plugin_connect_any" dftval="false">
<desc>
<p>
Determine whether lsmd_plugin can
connect to all TCP ports.
</p>
</desc>
</tunable>
</module>
<module name="lttng-tools" filename="policy/modules/contrib/lttng-tools.if">
<summary>LTTng 2.x central tracing registry session daemon.</summary>
<interface name="lttng_sessiond_domtrans" lineno="13">
<summary>
Execute lttng_sessiond_exec_t in the lttng_sessiond domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="lttng_sessiond_exec" lineno="32">
<summary>
Execute lttng_sessiond in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lttng_sessiond_systemctl" lineno="51">
<summary>
Execute lttng_sessiond server in the lttng_sessiond domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="lttng_sessiond_admin" lineno="76">
<summary>
All of the rules required to administrate
an lttng_sessiond environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lttng_read_shm" lineno="109">
<summary>
Read and write lttng-tools shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="mailman" filename="policy/modules/contrib/mailman.if">
<summary>Mailman is for managing electronic mail discussion and e-newsletter lists</summary>
<template name="mailman_domain_template" lineno="19">
<summary>
The template to define a mailmain domain.
</summary>
<desc>
<p>
This template creates a domain to be used for
a new mailman daemon.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The type of daemon to be used eg, cgi would give mailman_cgi_
</summary>
</param>
</template>
<interface name="mailman_domtrans" lineno="80">
<summary>
Execute mailman in the mailman domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mailman_run" lineno="104">
<summary>
Execute the mailman program in the mailman domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to allow the mailman domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mailman_domtrans_cgi" lineno="124">
<summary>
Execute mailman CGI scripts in the
mailman CGI domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mailman_exec" lineno="142">
<summary>
Execute mailman in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowd access.
</summary>
</param>
</interface>
<interface name="mailman_signal_cgi" lineno="160">
<summary>
Send generic signals to the mailman cgi domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_signull_cgi" lineno="178">
<summary>
Send null signals to the mailman cgi domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_search_data" lineno="196">
<summary>
Allow domain to search data directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_read_data_files" lineno="214">
<summary>
Allow domain to to read mailman data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_manage_data_files" lineno="235">
<summary>
Allow domain to to create mailman data files
and write the directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_list_data" lineno="254">
<summary>
List the contents of mailman data directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_read_data_symlinks" lineno="272">
<summary>
Allow read acces to mailman data symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_read_log" lineno="290">
<summary>
Read mailman logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_append_log" lineno="308">
<summary>
Append to mailman logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_manage_log" lineno="327">
<summary>
Create, read, write, and delete
mailman logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_read_archive" lineno="346">
<summary>
Allow domain to read mailman archive files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_domtrans_queue" lineno="366">
<summary>
Execute mailman_queue in the mailman_queue domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<tunable name="mailman_use_fusefs" dftval="false">
<desc>
<p>
Allow mailman to access FUSE file systems
</p>
</desc>
</tunable>
</module>
<module name="mailscanner" filename="policy/modules/contrib/mailscanner.if">
<summary>E-mail security and anti-spam package for e-mail gateway systems.</summary>
<interface name="mailscanner_initrc_domtrans" lineno="14">
<summary>
Execute a domain transition to run
MailScanner.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mailscanner_admin" lineno="39">
<summary>
All of the rules required to administrate
an mailscanner environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="man2html" filename="policy/modules/contrib/man2html.if">
<summary>A Unix manpage-to-HTML converter.</summary>
<interface name="man2html_script_domtrans" lineno="13">
<summary>
Transition to man2html_script.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="man2html_search_content" lineno="32">
<summary>
Search man2html_script content directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="man2html_read_content_files" lineno="52">
<summary>
Read man2html cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="man2html_manage_content_files" lineno="75">
<summary>
Create, read, write, and delete
man2html content files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="man2html_manage_content_dirs" lineno="97">
<summary>
Create, read, write, and delete
man2html content dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="man2html_admin" lineno="119">
<summary>
All of the rules required to administrate
an man2html environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="mandb" filename="policy/modules/contrib/mandb.if">
<summary>policy for mandb</summary>
<interface name="mandb_domtrans" lineno="13">
<summary>
Transition to mandb.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mandb_search_cache" lineno="32">
<summary>
Search mandb cache directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mandb_read_cache_files" lineno="51">
<summary>
Read mandb cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mandb_map_cache_files" lineno="70">
<summary>
Mmap mandb cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mandb_relabel_cache" lineno="88">
<summary>
Relabel mandb cache files/directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mandb_setattr_cache_dirs" lineno="107">
<summary>
Set attributes on mandb cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mandb_delete_cache" lineno="126">
<summary>
Delete mandb cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mandb_manage_cache_files" lineno="149">
<summary>
Create, read, write, and delete
mandb cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mandb_manage_cache_dirs" lineno="168">
<summary>
Manage mandb cache dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mandb_filetrans_named_home_content" lineno="189">
<summary>
Create configuration files in user
home directories with a named file
type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mandb_admin" lineno="208">
<summary>
All of the rules required to administrate
an mandb environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="mcelog" filename="policy/modules/contrib/mcelog.if">
<summary>Linux hardware error daemon.</summary>
<interface name="mcelog_domtrans" lineno="13">
<summary>
Execute a domain transition to run mcelog.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mcelog_read_log" lineno="32">
<summary>
Read mcelog logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mcelog_admin" lineno="58">
<summary>
All of the rules required to
administrate an mcelog environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="mcelog_client" dftval="false">
<desc>
<p>
Determine whether mcelog supports
client mode.
</p>
</desc>
</tunable>
<tunable name="mcelog_exec_scripts" dftval="true">
<desc>
<p>
Determine whether mcelog can execute scripts.
</p>
</desc>
</tunable>
<tunable name="mcelog_foreground" dftval="false">
<desc>
<p>
Determine whether mcelog can use all
the user ttys.
</p>
</desc>
</tunable>
<tunable name="mcelog_server" dftval="false">
<desc>
<p>
Determine whether mcelog supports
server mode.
</p>
</desc>
</tunable>
</module>
<module name="mediawiki" filename="policy/modules/contrib/mediawiki.if">
<summary>Mediawiki policy</summary>
<interface name="mediawiki_read_tmp_files" lineno="14">
<summary>
Allow the specified domain to read
mediawiki tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mediawiki_delete_tmp_files" lineno="34">
<summary>
Delete mediawiki tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="memcached" filename="policy/modules/contrib/memcached.if">
<summary>high-performance memory object caching system</summary>
<interface name="memcached_domtrans" lineno="13">
<summary>
Execute a domain transition to run memcached.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="memcached_read_pid_files" lineno="32">
<summary>
Read memcached PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="memcached_manage_pid_files" lineno="51">
<summary>
Manage memcached PID files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="memcached_stream_connect" lineno="70">
<summary>
Connect to memcached over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="memcached_admin" lineno="96">
<summary>
All of the rules required to administrate
an memcached environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the memcached domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="milter" filename="policy/modules/contrib/milter.if">
<summary>Milter mail filters</summary>
<template name="milter_template" lineno="14">
<summary>
Create a set of derived types for various
mail filter applications using the milter interface.
</summary>
<param name="milter_name">
<summary>
The name to be used for deriving type names.
</summary>
</param>
</template>
<interface name="milter_stream_connect_all" lineno="48">
<summary>
MTA communication with milter sockets
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="milter_getattr_all_sockets" lineno="68">
<summary>
Allow getattr of milter sockets
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="milter_setattr_all_dirs" lineno="87">
<summary>
Allow setattr of milter dirs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="milter_manage_spamass_state" lineno="105">
<summary>
Manage spamassassin milter state
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="milter_delete_dkim_pid_files" lineno="126">
<summary>
Delete dkim-milter PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="minidlna" filename="policy/modules/contrib/minidlna.if">
<summary>MiniDLNA lightweight DLNA/UPnP media server</summary>
<interface name="minidlna_admin" lineno="20">
<summary>
All of the rules required to
administrate an minidlna environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="minidlna_initrc_domtrans" lineno="58">
<summary>
Execute minidlna init scripts in
the initrc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<tunable name="minidlna_read_generic_user_content" dftval="false">
<desc>
<p>
Determine whether minidlna can read generic user content.
</p>
</desc>
</tunable>
</module>
<module name="minissdpd" filename="policy/modules/contrib/minissdpd.if">
<summary>Daemon used by MiniUPnPc to speed up device discoveries.</summary>
<interface name="minissdpd_read_config" lineno="13">
<summary>
Read minissdpd configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="minissdpd_admin" lineno="39">
<summary>
All of the rules required to
administrate an minissdpd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="mip6d" filename="policy/modules/contrib/mip6d.if">
<summary>Mobile IPv6 and NEMO Basic Support implementation</summary>
<interface name="mip6d_domtrans" lineno="13">
<summary>
Execute TEMPLATE in the mip6d domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mip6d_systemctl" lineno="31">
<summary>
Execute mip6d server in the mip6d domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mip6d_admin" lineno="59">
<summary>
All of the rules required to administrate
an mip6d environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="mirrormanager" filename="policy/modules/contrib/mirrormanager.if">
<summary>policy for mirrormanager</summary>
<interface name="mirrormanager_domtrans" lineno="13">
<summary>
Execute mirrormanager in the mirrormanager domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mirrormanager_read_log" lineno="33">
<summary>
Read mirrormanager's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mirrormanager_append_log" lineno="52">
<summary>
Append to mirrormanager log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mirrormanager_manage_log" lineno="71">
<summary>
Manage mirrormanager log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mirrormanager_search_lib" lineno="92">
<summary>
Search mirrormanager lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mirrormanager_read_lib_files" lineno="111">
<summary>
Read mirrormanager lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mirrormanager_manage_lib_files" lineno="131">
<summary>
Manage mirrormanager lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mirrormanager_manage_lib_dirs" lineno="150">
<summary>
Manage mirrormanager lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mirrormanager_read_pid_files" lineno="169">
<summary>
Read mirrormanager PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mirrormanager_manage_pid_files" lineno="188">
<summary>
Manage mirrormanager PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mirrormanager_manage_pid_sock_files" lineno="207">
<summary>
Manage mirrormanager PID sock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mirrormanager_admin" lineno="227">
<summary>
All of the rules required to administrate
an mirrormanager environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="mock" filename="policy/modules/contrib/mock.if">
<summary>policy for mock</summary>
<interface name="mock_domtrans" lineno="13">
<summary>
Execute a domain transition to run mock.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mock_search_lib" lineno="31">
<summary>
Search mock lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mock_read_lib_files" lineno="50">
<summary>
Read mock lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mock_getattr_lib" lineno="71">
<summary>
Getattr on mock lib file,dir,sock_file ...
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mock_manage_lib_files" lineno="90">
<summary>
Create, read, write, and delete
mock lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mock_manage_lib_dirs" lineno="109">
<summary>
Manage mock lib dirs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mock_manage_lib_symlinks" lineno="128">
<summary>
Manage mock lib symlinks.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mock_manage_lib_chr_files" lineno="147">
<summary>
Manage mock lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mock_dontaudit_write_lib_chr_files" lineno="166">
<summary>
Manage mock lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mock_dontaudit_leaks" lineno="184">
<summary>
Dontaudit read and write an leaked file descriptors
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="mock_run" lineno="209">
<summary>
Execute mock in the mock domain, and
allow the specified role the mock domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the mock domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mock_role" lineno="238">
<summary>
Role access for mock
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
<rolecap/>
</interface>
<interface name="mock_signal" lineno="269">
<summary>
Send a generic signal to mock.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mock_admin" lineno="288">
<summary>
All of the rules required to administrate
an mock environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="mock_enable_homedirs" dftval="false">
<desc>
<p>
Allow mock to read files in home directories.
</p>
</desc>
</tunable>
</module>
<module name="modemmanager" filename="policy/modules/contrib/modemmanager.if">
<summary>Provides a DBus interface to communicate with mobile broadband (GSM, CDMA, UMTS, ...) cards.</summary>
<interface name="modemmanager_domtrans" lineno="13">
<summary>
Execute a domain transition to run modemmanager.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="modemmanager_systemctl" lineno="32">
<summary>
Execute modemmanager server in the modemmanager domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modemmanager_dbus_chat" lineno="58">
<summary>
Send and receive messages from
modemmanager over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modemmanager_admin" lineno="80">
<summary>
All of the rules required to administrate
an modemmanager environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="mojomojo" filename="policy/modules/contrib/mojomojo.if">
<summary>MojoMojo Wiki.</summary>
<interface name="mojomojo_admin" lineno="19">
<summary>
All of the rules required to
administrate an mojomojo environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
</module>
<module name="mon_statd" filename="policy/modules/contrib/mon_statd.if">
<summary>policy for mon_statd</summary>
<interface name="mon_statd_domtrans" lineno="13">
<summary>
Execute mon_statd in the mon_statd domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mon_procd_domtrans" lineno="32">
<summary>
Execute mon_procd in the mon_procd domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="mongodb" filename="policy/modules/contrib/mongodb.if">
<summary>Scalable, high-performance, open source NoSQL database.</summary>
<interface name="mongodb_admin" lineno="20">
<summary>
All of the rules required to
administrate an mongodb environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="mono" filename="policy/modules/contrib/mono.if">
<summary>Run .NET server and client applications on Linux.</summary>
<template name="mono_role_template" lineno="30">
<summary>
The role template for the mono module.
</summary>
<desc>
<p>
This template creates a derived domains which are used
for mono applications.
</p>
</desc>
<param name="role_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
<interface name="mono_domtrans" lineno="80">
<summary>
Execute mono in the mono domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mono_run" lineno="105">
<summary>
Execute mono in the mono domain, and
allow the specified role the mono domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="mono_exec" lineno="124">
<summary>
Execute mono in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mono_rw_shm" lineno="143">
<summary>
Read and write mono shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="monop" filename="policy/modules/contrib/monop.if">
<summary>Monopoly daemon.</summary>
<interface name="monop_admin" lineno="20">
<summary>
All of the rules required to
administrate an monop environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="motion" filename="policy/modules/contrib/motion.if">
<summary>Detect motion using a video4linux device</summary>
<interface name="motion_domtrans" lineno="13">
<summary>
Execute motion in the motion domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="motion_read_log" lineno="32">
<summary>
Read motion's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="motion_append_log" lineno="51">
<summary>
Append to motion log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="motion_manage_log" lineno="70">
<summary>
Manage motion log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="motion_manage_pid" lineno="91">
<summary>
Manage motion pid files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="motion_manage_data" lineno="110">
<summary>
Manage motion data files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="motion_systemctl" lineno="129">
<summary>
Execute motion server in the motion domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="motion_manage_all_files" lineno="154">
<summary>
Manage all motion files.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="motion_admin" lineno="173">
<summary>
All of the rules required to administrate
an motion environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="mozilla" filename="policy/modules/contrib/mozilla.if">
<summary>Policy for Mozilla and related web browsers</summary>
<interface name="mozilla_role" lineno="18">
<summary>
Role access for mozilla
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="mozilla_read_user_home_files" lineno="76">
<summary>
Read mozilla home directory content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_write_user_home_files" lineno="97">
<summary>
Write mozilla home directory content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_dontaudit_rw_user_home_files" lineno="116">
<summary>
Dontaudit attempts to read/write mozilla home directory content
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="mozilla_dontaudit_manage_user_home_files" lineno="134">
<summary>
Dontaudit attempts to write mozilla home directory content
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="mozilla_exec_user_home_files" lineno="153">
<summary>
Execute mozilla home directory content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_execmod_user_home_files" lineno="171">
<summary>
Execmod mozilla home directory content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_domtrans" lineno="189">
<summary>
Run mozilla in the mozilla domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mozilla_domtrans_spec" lineno="212">
<summary>
Execute a mozilla_exec_t in the specified domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="mozilla_domtrans_plugin" lineno="231">
<summary>
Execute a domain transition to run mozilla_plugin.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_nnp_domtrans_plugin" lineno="280">
<summary>
Allow caller to transition to mozilla_plugin_t with NoNewPrivileges
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_run_plugin" lineno="304">
<summary>
Execute mozilla_plugin in the mozilla_plugin domain, and
allow the specified role the mozilla_plugin domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the mozilla_plugin domain.
</summary>
</param>
</interface>
<interface name="mozilla_role_plugin" lineno="334">
<summary>
Execute qemu unconfined programs in the role.
</summary>
<param name="role">
<summary>
The role to allow the mozilla_plugin domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mozilla_dbus_chat" lineno="354">
<summary>
Send and receive messages from
mozilla over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_rw_tcp_sockets" lineno="374">
<summary>
read/write mozilla per user tcp_socket
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_plugin_read_tmpfs_files" lineno="392">
<summary>
Read mozilla_plugin tmpfs files
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="mozilla_plugin_rw_tmpfs_files" lineno="410">
<summary>
Read/Write mozilla_plugin tmpfs files
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="mozilla_plugin_delete_tmpfs_files" lineno="428">
<summary>
Delete mozilla_plugin tmpfs files
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="mozilla_plugin_dontaudit_rw_sem" lineno="446">
<summary>
Dontaudit generict ipc read/write to a mozilla_plugin
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="mozilla_plugin_rw_sem" lineno="464">
<summary>
Allow generict ipc read/write to a mozilla_plugin
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="mozilla_plugin_dontaudit_leaks" lineno="482">
<summary>
Dontaudit read/write to a mozilla_plugin leaks
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="mozilla_plugin_dontaudit_rw_tmp_files" lineno="500">
<summary>
Dontaudit read/write to a mozilla_plugin tmp files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="mozilla_plugin_rw_tmp_files" lineno="518">
<summary>
Allow read/write to a mozilla_plugin tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_plugin_manage_rw_files" lineno="537">
<summary>
Create, read, write, and delete
mozilla_plugin rw files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_plugin_read_rw_files" lineno="556">
<summary>
read mozilla_plugin rw files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_filetrans_home_content" lineno="575">
<summary>
Create mozilla content in the user home directory
with an correct label.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_plugin_read_state" lineno="622">
<summary>
Allow the domain to read mozilla_plugin state files in /proc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="mozilla_plugin_can_network_connect" dftval="true">
<desc>
<p>
Allow mozilla plugin domain to connect to the network using TCP.
</p>
</desc>
</tunable>
<tunable name="mozilla_plugin_bind_unreserved_ports" dftval="false">
<desc>
<p>
Allow mozilla plugin domain to bind unreserved tcp/udp ports.
</p>
</desc>
</tunable>
<tunable name="mozilla_plugin_use_spice" dftval="false">
<desc>
<p>
Allow mozilla plugin to support spice protocols.
</p>
</desc>
</tunable>
<tunable name="mozilla_plugin_use_gps" dftval="false">
<desc>
<p>
Allow mozilla plugin to support GPS.
</p>
</desc>
</tunable>
<tunable name="mozilla_plugin_use_bluejeans" dftval="false">
<desc>
<p>
Allow mozilla plugin to use Bluejeans.
</p>
</desc>
</tunable>
<tunable name="mozilla_read_content" dftval="false">
<desc>
<p>
Allow confined web browsers to read home directory content
</p>
</desc>
</tunable>
</module>
<module name="mpd" filename="policy/modules/contrib/mpd.if">
<summary>Music Player Daemon.</summary>
<template name="mpd_role" lineno="18">
<summary>
Role access for mpd.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</template>
<interface name="mpd_domtrans" lineno="32">
<summary>
Execute a domain transition to run mpd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mpd_initrc_domtrans" lineno="51">
<summary>
Execute mpd server in the mpd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mpd_read_data_files" lineno="69">
<summary>
Read mpd data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mpd_manage_data_files" lineno="89">
<summary>
Create, read, write, and delete
mpd data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mpd_manage_user_data_content" lineno="109">
<summary>
Create, read, write, and delete
mpd user data content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mpd_relabel_user_data_content" lineno="130">
<summary>
Relabel mpd user data content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mpd_home_filetrans_user_data" lineno="162">
<summary>
Create objects in user home
directories with the mpd user data type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="mpd_read_tmpfs_files" lineno="180">
<summary>
Read mpd tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mpd_manage_tmpfs_files" lineno="200">
<summary>
Create, read, write, and delete
mpd tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mpd_search_lib" lineno="220">
<summary>
Search mpd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mpd_read_lib_files" lineno="239">
<summary>
Read mpd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mpd_manage_lib_files" lineno="259">
<summary>
Create, read, write, and delete
mpd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mpd_var_lib_filetrans" lineno="294">
<summary>
Create specified objects in mpd
lib directories with a private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="mpd_manage_lib_dirs" lineno="314">
<summary>
Create, read, write, and delete
mpd lib dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mpd_stream_connect" lineno="333">
<summary>
Connect to mpd over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mpd_admin" lineno="359">
<summary>
All of the rules required to
administrate an mpd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="mpd_enable_homedirs" dftval="false">
<desc>
<p>
Determine whether mpd can traverse
user home directories.
</p>
</desc>
</tunable>
<tunable name="mpd_use_cifs" dftval="false">
<desc>
<p>
Determine whether mpd can use
cifs file systems.
</p>
</desc>
</tunable>
<tunable name="mpd_use_nfs" dftval="false">
<desc>
<p>
Determine whether mpd can use
nfs file systems.
</p>
</desc>
</tunable>
</module>
<module name="mplayer" filename="policy/modules/contrib/mplayer.if">
<summary>Mplayer media player and encoder.</summary>
<interface name="mplayer_role" lineno="18">
<summary>
Role access for mplayer
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="mplayer_domtrans" lineno="65">
<summary>
Run mplayer in mplayer domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mplayer_exec" lineno="85">
<summary>
Execute mplayer in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mplayer_read_user_home_files" lineno="104">
<summary>
Read mplayer user home content files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mplayer_manage_generic_home_content" lineno="124">
<summary>
Create, read, write, and delete
generic mplayer home content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mplayer_home_filetrans_mplayer_home" lineno="157">
<summary>
Create specified objects in user home
directories with the generic mplayer
home type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="mplayer_filetrans_home_content" lineno="177">
<summary>
Create specified objects in user home
directories with the generic mplayer
home type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="mplayer_execstack" dftval="false">
<desc>
<p>
Determine whether mplayer can make
its stack executable.
</p>
</desc>
</tunable>
</module>
<module name="mptcpd" filename="policy/modules/contrib/mptcpd.if">
<summary>policy for mptcpd</summary>
<interface name="mptcpd_domtrans" lineno="13">
<summary>
Execute mptcpd_exec_t in the mptcpd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mptcpd_exec" lineno="32">
<summary>
Execute mptcpd in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="mrtg" filename="policy/modules/contrib/mrtg.if">
<summary>Network traffic graphing.</summary>
<interface name="mrtg_read_lib_files" lineno="13">
<summary>
Read mrtg lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mrtg_append_create_logs" lineno="32">
<summary>
Create and append mrtg log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mrtg_admin" lineno="59">
<summary>
All of the rules required to
administrate an mrtg environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="mta" filename="policy/modules/contrib/mta.if">
<summary>Policy common to all email tranfer agents.</summary>
<interface name="mta_stub" lineno="13">
<summary>
MTA stub interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="mta_base_mail_template" lineno="42">
<summary>
Basic mail transfer agent domain template.
</summary>
<desc>
<p>
This template creates a derived domain which is
a email transfer agent, which sends mail on
behalf of the user.
</p>
<p>
This is the basic types and rules, common
to the system agent and user agents.
</p>
</desc>
<param name="domain_prefix">
<summary>
The prefix of the domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<rolecap/>
</template>
<interface name="mta_role" lineno="92">
<summary>
Role access for mta
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="mta_mailserver" lineno="134">
<summary>
Make the specified domain usable for a mail server.
</summary>
<param name="type">
<summary>
Type to be used as a mail server domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
</interface>
<interface name="mta_agent_executable" lineno="153">
<summary>
Make the specified type a MTA executable file.
</summary>
<param name="type">
<summary>
Type to be used as a mail client.
</summary>
</param>
</interface>
<interface name="mta_dontaudit_leaks_system_mail" lineno="173">
<summary>
Dontaudit read and write an leaked file descriptors
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="mta_system_content" lineno="192">
<summary>
Make the specified type by a system MTA.
</summary>
<param name="type">
<summary>
Type to be used as a mail client.
</summary>
</param>
</interface>
<interface name="mta_sendmail_mailserver" lineno="225">
<summary>
Modified mailserver interface for
sendmail daemon use.
</summary>
<desc>
<p>
A modified MTA mail server interface for
the sendmail program.  It's design does
not fit well with policy, and using the
regular interface causes a type_transition
conflict if direct running of init scripts
is enabled.
</p>
<p>
This interface should most likely only be used
by the sendmail policy.
</p>
</desc>
<param name="domain">
<summary>
The type to be used for the mail server.
</summary>
</param>
</interface>
<interface name="mta_mailserver_sender" lineno="246">
<summary>
Make a type a mailserver type used
for sending mail.
</summary>
<param name="domain">
<summary>
Mail server domain type used for sending mail.
</summary>
</param>
</interface>
<interface name="mta_mailserver_delivery" lineno="265">
<summary>
Make a type a mailserver type used
for delivering mail to local users.
</summary>
<param name="domain">
<summary>
Mail server domain type used for delivering mail.
</summary>
</param>
</interface>
<interface name="mta_mailserver_user_agent" lineno="294">
<summary>
Make a type a mailserver type used
for sending mail on behalf of local
users to the local mail spool.
</summary>
<param name="domain">
<summary>
Mail server domain type used for sending local mail.
</summary>
</param>
</interface>
<interface name="mta_send_mail" lineno="318">
<summary>
Send mail from the system.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mta_sendmail_domtrans" lineno="360">
<summary>
Execute send mail in a specified domain.
</summary>
<desc>
<p>
Execute send mail in a specified domain.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="source_domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
Domain to transition to.
</summary>
</param>
</interface>
<interface name="mta_signal_system_mail" lineno="387">
<summary>
Send system mail client a signal
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_role_access_system_mail" lineno="405">
<summary>
Allow role to access system_mail_t.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="mta_signal_user_agent" lineno="423">
<summary>
Send all user mail client a signal
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_kill_user_agent" lineno="441">
<summary>
Send all user mail client a kill signal
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_kill_system_mail" lineno="459">
<summary>
Send system mail client a kill signal
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_sendmail_exec" lineno="477">
<summary>
Execute sendmail in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_sendmail_access_check" lineno="496">
<summary>
Check whether sendmail executable
files are executable.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_read_config" lineno="516">
<summary>
Read mail server configuration.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mta_write_config" lineno="538">
<summary>
write mail server configuration.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mta_manage_config" lineno="557">
<summary>
Manage mail server configuration.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mta_read_aliases" lineno="575">
<summary>
Read mail address aliases.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_map_aliases" lineno="595">
<summary>
Mmap mail address aliases.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_manage_aliases" lineno="613">
<summary>
Create, read, write, and delete mail address aliases.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_etc_filetrans_aliases" lineno="640">
<summary>
Type transition files created in /etc
to the mail address aliases type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="mta_rw_aliases" lineno="659">
<summary>
Read and write mail aliases.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mta_dontaudit_rw_delivery_tcp_sockets" lineno="679">
<summary>
Do not audit attempts to read and write TCP
sockets of mail delivery domains.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="mta_rw_delivery_tcp_sockets" lineno="698">
<summary>
Allow attempts to read and write TCP
sockets of mail delivery domains.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="mta_tcp_connect_all_mailservers" lineno="716">
<summary>
Connect to all mail servers over TCP.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_dontaudit_read_spool_symlinks" lineno="731">
<summary>
Do not audit attempts to read a symlink
in the mail spool.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="mta_getattr_spool" lineno="749">
<summary>
Get the attributes of mail spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_dontaudit_getattr_spool_files" lineno="771">
<summary>
Do not audit attempts to get the attributes
of mail spool files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="mta_spool_filetrans" lineno="808">
<summary>
Create private objects in the
mail spool directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="mta_read_spool" lineno="827">
<summary>
Read the mail spool.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_rw_spool" lineno="846">
<summary>
Read and write the mail spool.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_append_spool" lineno="868">
<summary>
Create, read, and write the mail spool.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_delete_spool" lineno="890">
<summary>
Delete from the mail spool.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_manage_spool" lineno="909">
<summary>
Create, read, write, and delete mail spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_search_queue" lineno="931">
<summary>
Search mail queue dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_list_queue" lineno="950">
<summary>
List the mail queue.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_read_queue" lineno="969">
<summary>
Read the mail queue.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_dontaudit_rw_queue" lineno="989">
<summary>
Do not audit attempts to read and
write the mail queue.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="mta_manage_queue" lineno="1009">
<summary>
Create, read, write, and delete
mail queue files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_spool_filetrans_queue" lineno="1045">
<summary>
Create private objects in the
mqueue spool directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="mta_read_sendmail_bin" lineno="1065">
<summary>
Read sendmail binary.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_rw_user_mail_stream_sockets" lineno="1084">
<summary>
Read and write unix domain stream sockets
of user mail domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_filetrans_aliases" lineno="1108">
<summary>
Type transition files created in calling dir
to the mail address aliases type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="domain">
<summary>
Directory to transition on.
</summary>
</param>
</interface>
<interface name="mta_append_home" lineno="1126">
<summary>
ALlow domain to append mail content in the homedir
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_read_home" lineno="1149">
<summary>
ALlow domain to read mail content in the homedir
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_mmap_home_rw" lineno="1172">
<summary>
ALlow domain to mmap mail content in the homedir
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_read_home_rw" lineno="1190">
<summary>
ALlow domain to read mail content in the homedir
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_manage_home_rw" lineno="1215">
<summary>
Allow domain to manage mail content in the homedir
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_filetrans_admin_home_content" lineno="1244">
<summary>
create mail content in the  in the /root directory
with an correct label.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_filetrans_home_content" lineno="1270">
<summary>
Transition to mta named home content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_filetrans_named_content" lineno="1296">
<summary>
Transition to mta named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="munin" filename="policy/modules/contrib/munin.if">
<summary>Munin network-wide load graphing (formerly LRRD)</summary>
<template name="munin_plugin_template" lineno="14">
<summary>
Create a set of derived types for various
munin plugins,
</summary>
<param name="prefix">
<summary>
The name to be used for deriving type names.
</summary>
</param>
</template>
<interface name="munin_stream_connect" lineno="62">
<summary>
Connect to munin over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="munin_read_config" lineno="82">
<summary>
Read munin configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="munin_read_var_lib_files" lineno="103">
<summary>
Read munin library files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="munin_manage_var_lib_files" lineno="123">
<summary>
Manage munin library files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="munin_append_var_lib_files" lineno="143">
<summary>
Append munin library files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="munin_dontaudit_leaks" lineno="163">
<summary>
dontaudit read and write an leaked file descriptors
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="munin_append_log" lineno="182">
<summary>
Append to the munin log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="munin_search_lib" lineno="202">
<summary>
Search munin library directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="munin_dontaudit_search_lib" lineno="222">
<summary>
Do not audit attempts to search
munin library directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="munin_admin" lineno="247">
<summary>
All of the rules required to administrate
an munin environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the munin domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="mysql" filename="policy/modules/contrib/mysql.if">
<summary>Policy for MySQL</summary>
<interface name="mysql_domtrans" lineno="13">
<summary>
Execute MySQL in the mysql domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mysql_exec" lineno="31">
<summary>
Execute MySQL in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_signal" lineno="49">
<summary>
Send a generic signal to MySQL.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_signull" lineno="67">
<summary>
Send a null signal to mysql.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_tcp_connect" lineno="85">
<summary>
Allow the specified domain to connect to postgresql with a tcp socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_stream_connect" lineno="107">
<summary>
Connect to MySQL using a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mysql_read_config" lineno="128">
<summary>
Read MySQL configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mysql_search_db" lineno="151">
<summary>
Search the directories that contain MySQL
database storage.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_list_db" lineno="171">
<summary>
List the directories that contain MySQL
database storage.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_rw_db_dirs" lineno="190">
<summary>
Read and write to the MySQL database directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_manage_db_dirs" lineno="209">
<summary>
Create, read, write, and delete MySQL database directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_append_db_files" lineno="228">
<summary>
Append to the MySQL database directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_read_db_lnk_files" lineno="246">
<summary>
Read and write to the MySQL database directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_rw_db_files" lineno="265">
<summary>
Read and write to the MySQL database directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_manage_db_files" lineno="284">
<summary>
Create, read, write, and delete MySQL database files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_rw_db_sockets" lineno="304">
<summary>
Read and write to the MySQL database
named socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_append_log" lineno="324">
<summary>
Allow the specified domain to append to MySQL log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_dontaudit_append_log" lineno="344">
<summary>
Do not audit attempts to append to the MySQL logs.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="mysql_read_log" lineno="363">
<summary>
Allow the specified domain to read MySQL log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mysql_dontaudit_read_log" lineno="385">
<summary>
dontaudit attempts to read MySQL log files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mysql_write_log" lineno="404">
<summary>
Write to the MySQL log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_dontaudit_write_log" lineno="424">
<summary>
dontaudit attempts to write to the MySQL log files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mysql_dontaudit_rw_db" lineno="443">
<summary>
dontaudit attempts to read/write to the MySQL db files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mysql_domtrans_mysql_safe" lineno="461">
<summary>
Execute MySQL safe script in the mysql safe domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mysql_safe_exec" lineno="479">
<summary>
Execute MySQL_safe in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_read_pid_files" lineno="497">
<summary>
Read MySQL PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_search_pid_files" lineno="517">
<summary>
Search MySQL PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>

</interface>
<interface name="mysql_systemctl" lineno="535">
<summary>
Execute mysqld server in the mysqld domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mysql_read_home_content" lineno="559">
<summary>
read mysqld homedir content (.k5login)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_filetrans_named_content" lineno="578">
<summary>
Transition to mysqld named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_admin" lineno="606">
<summary>
All of the rules required to administrate an mysql environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the mysql domain.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="mysql_connect_any" dftval="false">
<desc>
<p>
Allow mysqld to connect to all ports
</p>
</desc>
</tunable>
<tunable name="mysql_connect_http" dftval="false">
<desc>
<p>
Allow mysqld to connect to http port
</p>
</desc>
</tunable>
</module>
<module name="mythtv" filename="policy/modules/contrib/mythtv.if">
<summary>policy for mythtv_script</summary>
<interface name="mythtv_script_domtrans" lineno="13">
<summary>
Execute TEMPLATE in the mythtv_script domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mythtv_read_lib" lineno="32">
<summary>
read mythtv libs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mythtv_manage_lib" lineno="52">
<summary>
Create, read, write, and delete
mythtv lib content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mythtv_read_log" lineno="72">
<summary>
read mythtv logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mythtv_append_log" lineno="91">
<summary>
Append mythtv log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mythtv_manage_log" lineno="111">
<summary>
Create, read, write, and delete
mythtv log content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mythtv_admin" lineno="133">
<summary>
All of the rules required to
administrate an mythtv environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="naemon" filename="policy/modules/contrib/naemon.if">
<summary>New monitoring suite that aims to be faster and more stable, while giving you a clearer view of the state of your network.</summary>
<interface name="naemon_domtrans" lineno="13">
<summary>
Execute naemon in the naemon domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="naemon_initrc_domtrans" lineno="32">
<summary>
Execute naemon server in the naemon domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="naemon_search_cache" lineno="50">
<summary>
Search naemon cache directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="naemon_read_cache_files" lineno="69">
<summary>
Read naemon cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="naemon_manage_cache_files" lineno="89">
<summary>
Create, read, write, and delete
naemon cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="naemon_manage_cache_dirs" lineno="108">
<summary>
Manage naemon cache dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="naemon_read_log" lineno="128">
<summary>
Read naemon's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="naemon_append_log" lineno="147">
<summary>
Append to naemon log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="naemon_manage_log" lineno="166">
<summary>
Manage naemon log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="naemon_search_lib" lineno="187">
<summary>
Search naemon lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="naemon_read_lib_files" lineno="206">
<summary>
Read naemon lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="naemon_manage_lib_files" lineno="225">
<summary>
Manage naemon lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="naemon_manage_lib_dirs" lineno="244">
<summary>
Manage naemon lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="naemon_admin" lineno="271">
<summary>
All of the rules required to administrate
an naemon environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="nagios" filename="policy/modules/contrib/nagios.if">
<summary>Net Saint / NAGIOS - network monitoring server</summary>
<template name="nagios_plugin_template" lineno="14">
<summary>
Create a set of derived types for various
nagios plugins,
</summary>
<param name="plugins_group_name">
<summary>
The name to be used for deriving type names.
</summary>
</param>
</template>
<interface name="nagios_domtrans_unconfined_plugins" lineno="46">
<summary>
Execute the nagios unconfined plugins with
a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nagios_dontaudit_rw_pipes" lineno="66">
<summary>
Do not audit attempts to read or write nagios
unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="nagios_read_config" lineno="86">
<summary>
Allow the specified domain to read
nagios configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="nagios_read_lib" lineno="105">
<summary>
Read nagios lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nagios_read_log" lineno="125">
<summary>
Read nagios logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nagios_dontaudit_rw_log" lineno="144">
<summary>
Do not audit attempts to read or write nagios logs.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="nagios_search_spool" lineno="162">
<summary>
Search nagios spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nagios_append_spool" lineno="181">
<summary>
Append nagios spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nagios_read_tmp_files" lineno="201">
<summary>
Allow the specified domain to read
nagios temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nagios_rw_inerited_tmp_files" lineno="221">
<summary>
Allow the specified domain to read
nagios temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nagios_domtrans_nrpe" lineno="241">
<summary>
Execute the nagios NRPE with
a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="nagios_dontaudit_write_pipes_nrpe" lineno="259">
<summary>
Do not audit attempts to write nrpe daemon unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nagios_admin" lineno="284">
<summary>
All of the rules required to administrate
an nagios environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the nagios domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="nagios_unconfined_signull" lineno="330">
<summary>
Send a null signal to nagios_unconfined_plugin.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="nagios_run_sudo" dftval="false">
<desc>
<p>
Allow nagios/nrpe to call sudo from NRPE utils scripts.
</p>
</desc>
</tunable>
<tunable name="nagios_run_pnp4nagios" dftval="false">
<desc>
<p>
Allow nagios run in conjunction with PNP4Nagios.
</p>
</desc>
</tunable>
<tunable name="nagios_use_nfs" dftval="false">
<desc>
<p>
Determine whether Nagios, NRPE can
access nfs file systems.
</p>
</desc>
</tunable>
</module>
<module name="namespace" filename="policy/modules/contrib/namespace.if">
<summary>policy for namespace</summary>
<interface name="namespace_init_domtrans" lineno="13">
<summary>
Execute a domain transition to run namespace_init.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="namespace_init_run" lineno="38">
<summary>
Execute namespace_init in the namespace_init domain, and
allow the specified role the namespace_init domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the namespace_init domain.
</summary>
</param>
</interface>
</module>
<module name="ncftool" filename="policy/modules/contrib/ncftool.if">
<summary>Cross-platform network configuration library.</summary>
<interface name="ncftool_domtrans" lineno="13">
<summary>
Execute a domain transition to run ncftool.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ncftool_run" lineno="39">
<summary>
Execute ncftool in the ncftool
domain, and allow the specified
role the ncftool domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
</module>
<module name="nessus" filename="policy/modules/contrib/nessus.if">
<summary>Network scanning daemon.</summary>
<interface name="nessus_tcp_connect" lineno="13">
<summary>
Connect to nessus over a TCP socket  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nessus_admin" lineno="34">
<summary>
All of the rules required to
administrate an nessus environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="networkmanager" filename="policy/modules/contrib/networkmanager.if">
<summary>Manager for dynamically switching between networks.</summary>
<interface name="networkmanager_rw_udp_sockets" lineno="14">
<summary>
Read and write NetworkManager UDP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_rw_packet_sockets" lineno="33">
<summary>
Read and write NetworkManager packet sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_attach_tun_iface" lineno="51">
<summary>
Allow caller to relabel tun_socket
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_rw_routing_sockets" lineno="72">
<summary>
Read and write NetworkManager netlink
routing sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_read_pipes" lineno="90">
<summary>
Read networkmanager unnamed pipes
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_domtrans" lineno="108">
<summary>
Execute NetworkManager with a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="networkmanager_initrc_domtrans" lineno="127">
<summary>
Execute NetworkManager scripts with an automatic domain transition to initrc.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="networkmanager_systemctl" lineno="145">
<summary>
Execute NetworkManager server in the NetworkManager domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="networkmanager_dbus_chat" lineno="170">
<summary>
Send and receive messages from
NetworkManager over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_read_state" lineno="190">
<summary>
Read metworkmanager process state files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_dontaudit_dbus_chat" lineno="212">
<summary>
Do not audit attempts to send and
receive messages from NetworkManager
over dbus.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="networkmanager_signal" lineno="232">
<summary>
Send a generic signal to NetworkManager
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_manage_lib_files" lineno="251">
<summary>
Create, read, and write
networkmanager library files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_read_lib_files" lineno="271">
<summary>
Read networkmanager lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_write_rw_conf" lineno="292">
<summary>
Write NetworkManager rw conf files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_read_conf" lineno="313">
<summary>
Read NetworkManager conf files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_read_pid_files" lineno="334">
<summary>
Read NetworkManager PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_manage_pid_files" lineno="354">
<summary>
Manage NetworkManager PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_manage_pid_sock_files" lineno="374">
<summary>
Manage NetworkManager PID sock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_watch_pid_dirs" lineno="393">
<summary>
Watch NetworkManager PID directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_pid_filetrans" lineno="428">
<summary>
Create objects in /etc with a private
type using a type_transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file_type">
<summary>
Private file type.
</summary>
</param>
<param name="class">
<summary>
Object classes to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="networkmanager_stream_connect" lineno="447">
<summary>
Connect to networkmanager over
a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_delete_pid_files" lineno="466">
<summary>
Delete NetworkManager PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_run" lineno="492">
<summary>
Execute NetworkManager in the NetworkManager domain, and
allow the specified role the NetworkManager domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="networkmanager_append_log" lineno="512">
<summary>
Allow the specified domain to append
to Network Manager log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_manage_lib" lineno="535">
<summary>
Allow the specified domain to manage
to Network Manager lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="NetworkManager_read_state" lineno="555">
<summary>
Read the process state (/proc/pid) of NetworkManager.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_dgram_send" lineno="575">
<summary>
Send to NetworkManager with a unix dgram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_sigchld" lineno="595">
<summary>
Send sigchld to networkmanager.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_signull" lineno="614">
<summary>
Send signull to networkmanager.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_sigkill" lineno="633">
<summary>
Send sigkill to networkmanager.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_filetrans_named_content" lineno="651">
<summary>
Transition to networkmanager named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="networkmanager_dispatcher_plugin_template" lineno="695">
<summary>
Create a set of derived types for various
NetworkManager-dispatcher plugins
</summary>
<param name="prefix">
<summary>
The name to be used for deriving type names.
</summary>
</param>
</template>
</module>
<module name="ninfod" filename="policy/modules/contrib/ninfod.if">
<summary>Respond to IPv6 Node Information Queries</summary>
<interface name="ninfod_domtrans" lineno="13">
<summary>
Execute ninfod in the ninfod domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ninfod_systemctl" lineno="31">
<summary>
Execute ninfod server in the ninfod domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ninfod_admin" lineno="59">
<summary>
All of the rules required to administrate
an ninfod environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="nis" filename="policy/modules/contrib/nis.if">
<summary>Policy for NIS (YP) servers and clients</summary>
<interface name="nis_use_ypbind_uncond" lineno="26">
<summary>
Use the ypbind service to access NIS services
unconditionally.
</summary>
<desc>
<p>
Use the ypbind service to access NIS services
unconditionally.
</p>
<p>
This interface was added because of apache and
spamassassin, to fix a nested conditionals problem.
When that support is added, this should be removed,
and the regular	interface should be used.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nis_use_ypbind" lineno="84">
<summary>
Use the ypbind service to access NIS services.
</summary>
<desc>
<p>
Allow the specified domain to use the ypbind service
to access Network Information Service (NIS) services.
Information that can be retreived from NIS includes
usernames, passwords, home directories, and groups.
If the network is configured to have a single sign-on
using NIS, it is likely that any program that does
authentication will need this access.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
<rolecap/>
</interface>
<interface name="nis_authenticate" lineno="101">
<summary>
Use the nis to authenticate passwords
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="nis_domtrans_ypbind" lineno="119">
<summary>
Execute ypbind in the ypbind domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="nis_exec_ypbind" lineno="138">
<summary>
Execute ypbind in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="nis_run_ypbind" lineno="163">
<summary>
Execute ypbind in the ypbind domain, and
allow the specified role the ypbind domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="nis_signal_ypbind" lineno="182">
<summary>
Send generic signals to ypbind.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nis_list_var_yp" lineno="200">
<summary>
List the contents of the NIS data directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nis_udp_send_ypbind" lineno="219">
<summary>
Send UDP network traffic to NIS clients.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nis_tcp_connect_ypbind" lineno="233">
<summary>
Connect to ypbind over TCP.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nis_read_ypbind_pid" lineno="247">
<summary>
Read ypbind pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nis_delete_ypbind_pid" lineno="266">
<summary>
Delete ypbind pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nis_read_ypserv_config" lineno="285">
<summary>
Read ypserv configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nis_domtrans_ypxfr" lineno="304">
<summary>
Execute ypxfr in the ypxfr domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="nis_initrc_domtrans" lineno="324">
<summary>
Execute nis server in the nis domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="nis_initrc_domtrans_ypbind" lineno="342">
<summary>
Execute nis server in the nis domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="nis_systemctl_ypbind" lineno="360">
<summary>
Execute ypbind server in the ypbind domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="nis_systemctl" lineno="384">
<summary>
Execute ypbind server in the ypbind domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="nis_admin" lineno="418">
<summary>
All of the rules required to administrate
an nis environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="nova" filename="policy/modules/contrib/nova.if">
<summary>openstack-nova</summary>
<interface name="nova_manage_lib_files" lineno="13">
<summary>
Manage nova lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="nova_domain_template" lineno="33">
<summary>
Creates types and rules for a basic
openstack-nova systemd daemon domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
</module>
<module name="nscd" filename="policy/modules/contrib/nscd.if">
<summary>Name service cache daemon</summary>
<interface name="nscd_signal" lineno="13">
<summary>
Send generic signals to NSCD.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nscd_kill" lineno="31">
<summary>
Send NSCD the kill signal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nscd_signull" lineno="49">
<summary>
Send signulls to NSCD.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nscd_domtrans" lineno="67">
<summary>
Execute NSCD in the nscd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="nscd_exec" lineno="87">
<summary>
Allow the specified domain to execute nscd
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nscd_socket_use" lineno="106">
<summary>
Use NSCD services by connecting using
a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nscd_use" lineno="135">
<summary>
Use nscd services
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nscd_dontaudit_write_sock_file" lineno="152">
<summary>
Do not audit attempts to write nscd sock files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="nscd_shm_use" lineno="174">
<summary>
Use NSCD services by mapping the database from
an inherited NSCD file descriptor.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nscd_dontaudit_search_pid" lineno="209">
<summary>
Do not audit attempts to search the NSCD pid directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="nscd_dontaudit_read_pid" lineno="227">
<summary>
Do not audit attempts to read the NSCD pid directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="nscd_read_pid" lineno="245">
<summary>
Read NSCD pid file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nscd_unconfined" lineno="264">
<summary>
Unconfined access to NSCD services.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nscd_run" lineno="290">
<summary>
Execute nscd in the nscd domain, and
allow the specified role the nscd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="nscd_initrc_domtrans" lineno="309">
<summary>
Execute the nscd server init script.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="nscd_systemctl" lineno="327">
<summary>
Execute nscd server in the nscd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="nscd_shutdown" lineno="351">
<summary>
Allow the specified domain shut down nscd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="nscd_admin" lineno="377">
<summary>
All of the rules required to administrate
an nscd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the nscd domain.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="nscd_use_shm" dftval="false">
<desc>
<p>
Allow confined applications to use nscd shared memory.
</p>
</desc>
</tunable>
</module>
<module name="nsd" filename="policy/modules/contrib/nsd.if">
<summary>Authoritative only name server</summary>
<interface name="nsd_read_pid" lineno="13">
<summary>
Read NSD pid file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nsd_udp_chat" lineno="32">
<summary>
Send and receive datagrams from NSD.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nsd_tcp_connect" lineno="46">
<summary>
Connect to NSD over a TCP socket  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="nslcd" filename="policy/modules/contrib/nslcd.if">
<summary>nslcd - local LDAP name service daemon.</summary>
<interface name="nslcd_domtrans" lineno="13">
<summary>
Execute a domain transition to run nslcd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="nslcd_initrc_domtrans" lineno="31">
<summary>
Execute nslcd server in the nslcd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="nslcd_read_pid_files" lineno="49">
<summary>
Read nslcd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nslcd_dontaudit_write_ock_file" lineno="68">
<summary>
Dontaudit write to nslcd over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nslcd_stream_connect" lineno="86">
<summary>
Connect to nslcd over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nslcd_dontaudit_write_sock_file" lineno="105">
<summary>
Do not audit attempts to write nslcd sock files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="nslcd_admin" lineno="131">
<summary>
All of the rules required to administrate
an nslcd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="ntop" filename="policy/modules/contrib/ntop.if">
<summary>A network traffic probe similar to the UNIX top command.</summary>
<interface name="ntop_admin" lineno="20">
<summary>
All of the rules required to
administrate an ntop environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="ntp" filename="policy/modules/contrib/ntp.if">
<summary>Network time protocol daemon</summary>
<interface name="ntp_stub" lineno="13">
<summary>
NTP stub interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ntp_domtrans" lineno="29">
<summary>
Execute ntp server in the ntpd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ntp_exec" lineno="48">
<summary>
Execute ntp server in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ntp_run" lineno="74">
<summary>
Execute ntp in the ntp domain, and
allow the specified role the ntp domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ntp_domtrans_ntpdate" lineno="93">
<summary>
Execute ntp server in the ntpd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ntp_initrc_domtrans" lineno="112">
<summary>
Execute ntp server in the ntpd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ntp_read_unit_file" lineno="130">
<summary>
Allow domain to read ntpd systemd unit files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ntp_systemctl" lineno="149">
<summary>
Execute ntpd server in the ntpd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ntp_signal" lineno="173">
<summary>
Send a generic signal to ntpd
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ntp_read_drift_files" lineno="191">
<summary>
Read ntp drift files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ntp_rw_shm" lineno="210">
<summary>
Read and write ntpd shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ntp_read_state" lineno="232">
<summary>
Allow the domain to read ntpd state files in /proc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ntp_admin" lineno="258">
<summary>
All of the rules required to administrate
an ntp environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the ntp domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ntp_filetrans_named_content" lineno="309">
<summary>
Transition content labels to ntp named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ntp_manage_log" lineno="331">
<summary>
Create, read, write, and delete
ntp log content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="numad" filename="policy/modules/contrib/numad.if">
<summary>policy for numad</summary>
<interface name="numad_domtrans" lineno="13">
<summary>
Transition to numad.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="numad_systemctl" lineno="31">
<summary>
Execute numad server in the numad domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="numad_dbus_chat" lineno="57">
<summary>
Send and receive messages from
numad over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="numad_admin" lineno="78">
<summary>
All of the rules required to administrate
an numad environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="nut" filename="policy/modules/contrib/nut.if">
<summary>nut - Network UPS Tools </summary>
<template name="nut_domain_template" lineno="14">
<summary>
Creates types and rules for a basic
Network UPS Tools systemd daemon domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="nut_systemctl" lineno="48">
<summary>
Execute swift server in the swift domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="nvme_stas" filename="policy/modules/contrib/nvme_stas.if">
<summary>policy for nvme_stas</summary>
<interface name="nvme_stas_domtrans" lineno="13">
<summary>
Execute nvme_stas_exec_t in the nvme_stas domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="nvme_stas_exec" lineno="32">
<summary>
Execute nvme_stas in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nvme_stas_dbus_chat" lineno="52">
<summary>
Send and receive messages from
nvme_stas over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="nx" filename="policy/modules/contrib/nx.if">
<summary>NX remote desktop.</summary>
<interface name="nx_spec_domtrans_server" lineno="13">
<summary>
Transition to nx server.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="nx_read_home_files" lineno="32">
<summary>
Read nx home directory content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nx_search_var_lib" lineno="53">
<summary>
Search nx lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nx_var_lib_filetrans" lineno="88">
<summary>
Create specified objects in nx lib
directories with a private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="nx_filetrans_named_content" lineno="106">
<summary>
Transition to nx named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="oav" filename="policy/modules/contrib/oav.if">
<summary>Open AntiVirus scannerdaemon and signature update.</summary>
<interface name="oav_domtrans_update" lineno="13">
<summary>
Execute oav_update in the oav_update domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="oav_run_update" lineno="40">
<summary>
Execute oav_update in the oav update
domain, and allow the specified role
the oav_update domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="obex" filename="policy/modules/contrib/obex.if">
<summary>D-Bus service providing high-level OBEX client and server side functionality.</summary>
<interface name="obex_domtrans" lineno="13">
<summary>
Transition to obex.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="obex_dbus_chat" lineno="33">
<summary>
Send and receive messages from
obex over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="obex_role" lineno="64">
<summary>
Role access for obex domains
that executes via dbus-session
</summary>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
<param name="domain_prefix">
<summary>
User domain prefix to be used.
</summary>
</param>
</template>
</module>
<module name="oddjob" filename="policy/modules/contrib/oddjob.if">
<summary>
Oddjob provides a mechanism by which unprivileged applications can
request that specified privileged operations be performed on their
behalf.
</summary>
<interface name="oddjob_domtrans" lineno="17">
<summary>
Execute a domain transition to run oddjob.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="oddjob_dontaudit_rw_fifo_file" lineno="36">
<summary>
Do not audit attempts to read and write
oddjob fifo file.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="oddjob_system_entry" lineno="60">
<summary>
Make the specified program domain accessable
from the oddjob.
</summary>
<param name="domain">
<summary>
The type of the process to transition to.
</summary>
</param>
<param name="entrypoint">
<summary>
The type of the file used as an entrypoint to this domain.
</summary>
</param>
</interface>
<interface name="oddjob_dbus_chat" lineno="80">
<summary>
Send and receive messages from
oddjob over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="oddjob_sigchld" lineno="100">
<summary>
Send a SIGCHLD signal to oddjob.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="oddjob_domtrans_mkhomedir" lineno="118">
<summary>
Execute a domain transition to run oddjob_mkhomedir.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="oddjob_run_mkhomedir" lineno="142">
<summary>
Execute the oddjob_mkhomedir program in the oddjob_mkhomedir domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="oddjob_run" lineno="167">
<summary>
Execute the oddjob program in the oddjob domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="oddjob_systemctl" lineno="186">
<summary>
Execute oddjob in the oddjob domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="oddjob_ranged_domain" lineno="221">
<summary>
Create a domain which can be started by init,
with a range transition.
</summary>
<param name="domain">
<summary>
Type to be used as a domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
<param name="range">
<summary>
Range for the domain.
</summary>
</param>
</interface>
<interface name="oddjob_mkhomedir_entrypoint" lineno="249">
<summary>
Allow any oddjob_mkhomedir_exec_t to be an entrypoint of this domain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="oident" filename="policy/modules/contrib/oident.if">
<summary>An ident daemon with IP masq/NAT support and the ability to specify responses.</summary>
<interface name="oident_role" lineno="18">
<summary>
Role access for oident.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="oident_read_user_content" lineno="32">
<summary>
Read oidentd user home content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="oident_manage_user_content" lineno="52">
<summary>
Create, read, write, and delete
oidentd user home content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="oident_relabel_user_content" lineno="71">
<summary>
Relabel oidentd user home content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="oident_home_filetrans_oidentd_home" lineno="101">
<summary>
Create objects in user home
directories with the oidentd home type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="oident_admin" lineno="126">
<summary>
All of the rules required to
administrate an oident environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="opafm" filename="policy/modules/contrib/opafm.if">
<summary>Policy for opafm</summary>
</module>
<module name="openca" filename="policy/modules/contrib/openca.if">
<summary>Open Certificate Authority.</summary>
<interface name="openca_domtrans" lineno="14">
<summary>
Execute the openca with
a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="openca_signal" lineno="34">
<summary>
Send generic signals to openca.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openca_sigstop" lineno="52">
<summary>
Send stop signals to openca.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openca_kill" lineno="70">
<summary>
Send kill signals to openca.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="openct" filename="policy/modules/contrib/openct.if">
<summary>Service for handling smart card readers.</summary>
<interface name="openct_signull" lineno="13">
<summary>
Send null signals to openct.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openct_exec" lineno="31">
<summary>
Execute openct in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openct_domtrans" lineno="50">
<summary>
Execute a domain transition to run openct.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="openct_read_pid_files" lineno="69">
<summary>
Read openct pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openct_stream_connect" lineno="89">
<summary>
Connect to openct over an unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openct_admin" lineno="115">
<summary>
All of the rules required to
administrate an openct environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="opendnssec" filename="policy/modules/contrib/opendnssec.if">
<summary>policy for opendnssec</summary>
<interface name="opendnssec_domtrans" lineno="13">
<summary>
Execute opendnssec_exec_t in the opendnssec domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="opendnssec_exec" lineno="32">
<summary>
Execute opendnssec in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="opendnssec_read_config" lineno="52">
<summary>
Read the opendnssec configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="opendnssec_manage_config" lineno="73">
<summary>
Read the opendnssec configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="opendnssec_manage_var_files" lineno="94">
<summary>
Allow the specified domain to
read and write opendnssec /var files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="opendnssec_read_pid_files" lineno="114">
<summary>
Read opendnssec PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="opendnssec_systemctl" lineno="133">
<summary>
Execute opendnssec server in the opendnssec domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="opendnssec_admin" lineno="165">
<summary>
All of the rules required to administrate
an opendnssec environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="opendnssec_filetrans_etc_content" lineno="201">
<summary>
Transition to quota named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="opendnssec_stream_connect" lineno="220">
<summary>
Connect to opendnssec over an unix
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="openfortivpn" filename="policy/modules/contrib/openfortivpn.if">
<summary>Fortinet compatible SSL VPN daemons.</summary>
<interface name="openfortivpn_domtrans" lineno="13">
<summary>
Transition to openfortivpn.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="openfortivpn_signal" lineno="32">
<summary>
Allow send a signal to openfortivpn.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openfortivpn_signull" lineno="50">
<summary>
Allow send signull to openfortivpn.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openfortivpn_sigkill" lineno="68">
<summary>
Allow send sigkill to openfortivpn.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openfortivpn_dbus_chat" lineno="87">
<summary>
Send and receive messages from
openfortivpn over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openfortivpn_use_ptys" lineno="107">
<summary>
Read from and write to the openfortivpn devpts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="openfortivpn_can_network_connect" dftval="true">
<desc>
<p>
Determine whether openfortivpn can
connect to the TCP network.
</p>
</desc>
</tunable>
</module>
<module name="openhpid" filename="policy/modules/contrib/openhpid.if">
<summary>policy for openhpid</summary>
<interface name="openhpid_domtrans" lineno="14">
<summary>
Transition to openhpid.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="openhpid_initrc_domtrans" lineno="34">
<summary>
Execute openhpid server in the openhpid domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openhpid_search_lib" lineno="53">
<summary>
Search openhpid lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openhpid_read_lib_files" lineno="72">
<summary>
Read openhpid lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openhpid_manage_lib_files" lineno="91">
<summary>
Manage openhpid lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openhpid_manage_lib_dirs" lineno="110">
<summary>
Manage openhpid lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openhpid_admin" lineno="137">
<summary>
All of the rules required to administrate
an openhpid environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="openshift-origin" filename="policy/modules/contrib/openshift-origin.if">
<summary></summary>
</module>
<module name="openshift" filename="policy/modules/contrib/openshift.if">
<summary> policy for openshift </summary>
<interface name="openshift_initrc_domtrans" lineno="13">
<summary>
Execute openshift server in the openshift domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="openshift_initrc_run" lineno="37">
<summary>
Execute openshift server in the openshift domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
Role access to this domain.
</summary>
</param>
</interface>
<interface name="openshift_initrc_signull" lineno="57">
<summary>
Send a null signal to openshift init scripts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_initrc_signal" lineno="75">
<summary>
Send a signal to openshift init scripts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_search_cache" lineno="93">
<summary>
Search openshift cache directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_read_cache_files" lineno="107">
<summary>
Read openshift cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_manage_cache_files" lineno="122">
<summary>
Create, read, write, and delete
openshift cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_manage_cache_dirs" lineno="137">
<summary>
Create, read, write, and delete
openshift cache dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_read_log" lineno="153">
<summary>
Allow the specified domain to read openshift's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="openshift_append_log" lineno="173">
<summary>
Allow the specified domain to append
openshift log files.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="openshift_manage_log" lineno="192">
<summary>
Allow domain to manage openshift log files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="openshift_search_lib" lineno="213">
<summary>
Search openshift lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_getattr_lib" lineno="233">
<summary>
Getattr openshift lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_read_lib_files" lineno="252">
<summary>
Read openshift lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_append_lib_files" lineno="272">
<summary>
Read openshift lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_manage_lib_files" lineno="292">
<summary>
Create, read, write, and delete
openshift lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_manage_lib_dirs" lineno="313">
<summary>
Create, read, write, and delete
openshift lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_manage_content" lineno="332">
<summary>
Manage openshift lib content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_relabelfrom_lib" lineno="354">
<summary>
Relabel openshift library files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_lib_filetrans" lineno="390">
<summary>
Create private objects in the
mail lib directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="openshift_read_pid_files" lineno="409">
<summary>
Read openshift PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_admin" lineno="435">
<summary>
All of the rules required to administrate
an openshift environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<template name="openshift_service_domain_template" lineno="477">
<summary>
Make the specified type usable as a openshift domain.
</summary>
<param name="openshiftdomain_prefix">
<summary>
The prefix of the domain (e.g., openshift
is the prefix for openshift_t).
</summary>
</param>
</template>
<interface name="openshift_net_type" lineno="523">
<summary>
Make the specified type usable as a openshift domain.
</summary>
<param name="type">
<summary>
Type to be used as a openshift domain type.
</summary>
</param>
</interface>
<interface name="openshift_rw_inherited_content" lineno="541">
<summary>
Read and write inherited openshift files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_manage_tmp_files" lineno="559">
<summary>
Manage openshift tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_manage_tmp_sockets" lineno="577">
<summary>
Manage openshift tmp sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_mounton_tmp" lineno="595">
<summary>
Mounton openshift tmp directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_dontaudit_rw_inherited_fifo_files" lineno="613">
<summary>
Dontaudit Read and write inherited script fifo files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_transition" lineno="634">
<summary>
Allow calling app to transition to an openshift domain
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<rolecap/>
</interface>
<interface name="openshift_dyntransition" lineno="658">
<summary>
Allow calling app to transition to an openshift domain
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<rolecap/>
</interface>
<interface name="openshift_run" lineno="688">
<summary>
Execute openshift in the openshift domain, and
allow the specified role the openshift domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<tunable name="openshift_use_nfs" dftval="false">
<desc>
<p>
Allow openshift to access nfs file systems without labels
</p>
</desc>
</tunable>
</module>
<module name="opensm" filename="policy/modules/contrib/opensm.if">
<summary>Opensm is an InfiniBand compliant Subnet Manager and Administration, and runs on top of OpenIB</summary>
<interface name="opensm_domtrans" lineno="13">
<summary>
Execute opensm in the opensm domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="opensm_search_cache" lineno="32">
<summary>
Search opensm cache directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="opensm_read_cache_files" lineno="51">
<summary>
Read opensm cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="opensm_manage_cache_files" lineno="71">
<summary>
Create, read, write, and delete
opensm cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="opensm_manage_cache_dirs" lineno="90">
<summary>
Manage opensm cache dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="opensm_read_log" lineno="109">
<summary>
Read opensm's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="opensm_append_log" lineno="128">
<summary>
Append to opensm log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="opensm_manage_log" lineno="147">
<summary>
Manage opensm log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="opensm_systemctl" lineno="167">
<summary>
Execute opensm server in the opensm domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="opensm_admin" lineno="195">
<summary>
All of the rules required to administrate
an opensm environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="openvpn" filename="policy/modules/contrib/openvpn.if">
<summary>full-featured SSL VPN solution.</summary>
<interface name="openvpn_domtrans" lineno="14">
<summary>
Execute openvpn clients in the
openvpn domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="openvpn_exec" lineno="34">
<summary>
Execute openvpn clients in the
caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="openvpn_run" lineno="60">
<summary>
Execute openvpn clients in the
openvpn domain, and allow the
specified role the openvpn domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="openvpn_kill" lineno="79">
<summary>
Send kill signals to openvpn.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openvpn_signal" lineno="97">
<summary>
Send generic signals to openvpn.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openvpn_signull" lineno="115">
<summary>
Send null signals to openvpn.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openvpn_read_config" lineno="134">
<summary>
Read openvpn configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="openvpn_stream_connect" lineno="156">
<summary>
Connect to openvpn over
a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openvpn_search_lib" lineno="175">
<summary>
Search openvpn lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openvpn_noatsecure" lineno="194">
<summary>
Read and write to sopenvpn_image devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openvpn_admin" lineno="219">
<summary>
All of the rules required to
administrate an openvpn environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="openvpn_run_unconfined" dftval="false">
<desc>
<p>
Allow openvpn to run unconfined scripts
</p>
</desc>
</tunable>
<tunable name="openvpn_enable_homedirs" dftval="false">
<desc>
<p>
Determine whether openvpn can
read generic user home content files.
</p>
</desc>
</tunable>
<tunable name="openvpn_can_network_connect" dftval="true">
<desc>
<p>
Determine whether openvpn can
connect to the TCP network.
</p>
</desc>
</tunable>
</module>
<module name="openvswitch" filename="policy/modules/contrib/openvswitch.if">
<summary>policy for openvswitch</summary>
<interface name="openvswitch_domtrans" lineno="13">
<summary>
Execute TEMPLATE in the openvswitch domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="openvswitch_read_log" lineno="32">
<summary>
Read openvswitch's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="openvswitch_append_log" lineno="51">
<summary>
Append to openvswitch log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openvswitch_manage_log" lineno="70">
<summary>
Manage openvswitch log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openvswitch_search_lib" lineno="91">
<summary>
Search openvswitch lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openvswitch_read_lib_files" lineno="110">
<summary>
Read openvswitch lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openvswitch_manage_lib_files" lineno="129">
<summary>
Manage openvswitch lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openvswitch_manage_lib_dirs" lineno="148">
<summary>
Manage openvswitch lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openvswitch_read_pid_files" lineno="167">
<summary>
Read openvswitch PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openvswitch_stream_connect" lineno="187">
<summary>
Allow stream connect to openvswitch.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openvswitch_systemctl" lineno="206">
<summary>
Execute openvswitch server in the openvswitch domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="openvswitch_admin" lineno="233">
<summary>
All of the rules required to administrate
an openvswitch environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="openwsman" filename="policy/modules/contrib/openwsman.if">
<summary>WS-Management Server</summary>
<interface name="openwsman_domtrans" lineno="13">
<summary>
Execute openwsman in the openwsman domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="openwsman_systemctl" lineno="31">
<summary>
Execute openwsman server in the openwsman domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="openwsman_admin" lineno="59">
<summary>
All of the rules required to administrate
an openwsman environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="oracleasm" filename="policy/modules/contrib/oracleasm.if">
<summary>policy for oracleasm</summary>
<interface name="oracleasm_domtrans" lineno="13">
<summary>
Transition to oracleasm.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="oracleasm_initrc_domtrans" lineno="33">
<summary>
Execute oracleasm server in the oracleasm domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="oracleasm_admin" lineno="59">
<summary>
All of the rules required to administrate
an oracleasm environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="osad" filename="policy/modules/contrib/osad.if">
<summary>Client-side service written in Python that responds to pings and runs rhn_check when told to by osa-dispatcher. </summary>
<interface name="osad_domtrans" lineno="13">
<summary>
Execute osad in the osad domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="osad_initrc_domtrans" lineno="32">
<summary>
Execute osad server in the osad domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="osad_read_log" lineno="50">
<summary>
Read osad's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="osad_append_log" lineno="69">
<summary>
Append to osad log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="osad_manage_log" lineno="88">
<summary>
Manage osad log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="osad_read_pid_files" lineno="108">
<summary>
Read osad PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="osad_admin" lineno="135">
<summary>
All of the rules required to administrate
an osad environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="pacemaker" filename="policy/modules/contrib/pacemaker.if">
<summary>>A scalable high-availability cluster resource manager.</summary>
<interface name="pacemaker_domtrans" lineno="13">
<summary>
Transition to pacemaker.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="pacemaker_initrc_domtrans" lineno="32">
<summary>
Execute pacemaker server in the pacemaker domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pacemaker_search_lib" lineno="50">
<summary>
Search pacemaker lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pacemaker_read_lib_files" lineno="69">
<summary>
Read pacemaker lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pacemaker_manage_lib_files" lineno="88">
<summary>
Manage pacemaker lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pacemaker_manage_lib_dirs" lineno="107">
<summary>
Manage pacemaker lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pacemaker_read_pid_files" lineno="126">
<summary>
Read pacemaker PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pacemaker_systemctl" lineno="145">
<summary>
Execute pacemaker server in the pacemaker domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="pacemaker_admin" lineno="178">
<summary>
All of the rules required to administrate
an pacemaker environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="pacemaker_use_execmem" dftval="false">
<desc>
<p>
Allow pacemaker memcheck-amd64- to use executable memory
</p>
</desc>
</tunable>
</module>
<module name="pads" filename="policy/modules/contrib/pads.if">
<summary>Passive Asset Detection System.</summary>
<interface name="pads_admin" lineno="20">
<summary>
All of the rules required to
administrate an pads environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="passenger" filename="policy/modules/contrib/passenger.if">
<summary>Ruby on rails deployment for Apache and Nginx servers.</summary>
<interface name="passenger_domtrans" lineno="13">
<summary>
Execute passenger in the passenger domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="passenger_exec" lineno="32">
<summary>
Execute passenger in the current domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="passenger_getattr_log_files" lineno="50">
<summary>
Getattr passenger log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="passenger_read_lib_files" lineno="68">
<summary>
Read passenger lib files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="passenger_manage_lib_files" lineno="88">
<summary>
Manage passenger lib files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="passenger_manage_pid_content" lineno="109">
<summary>
Manage passenger var_run content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="passenger_stream_connect" lineno="131">
<summary>
Connect to passenger unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="passenger_manage_tmp_files" lineno="154">
<summary>
Allow to manage passenger tmp files/dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="passenger_kill" lineno="174">
<summary>
Send kill signals to passenger.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="pcmcia" filename="policy/modules/contrib/pcmcia.if">
<summary>PCMCIA card management services.</summary>
<interface name="pcmcia_stub" lineno="13">
<summary>
PCMCIA stub interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pcmcia_domtrans_cardmgr" lineno="29">
<summary>
Execute cardmgr in the cardmgr domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="pcmcia_use_cardmgr_fds" lineno="48">
<summary>
Inherit and use cardmgr file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pcmcia_domtrans_cardctl" lineno="66">
<summary>
Execute cardctl in the cardmgr domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="pcmcia_run_cardctl" lineno="93">
<summary>
Execute cardctl in the cardmgr
domain, and allow the specified
role the cardmgr domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="pcmcia_read_pid" lineno="112">
<summary>
Read cardmgr pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pcmcia_manage_pid" lineno="132">
<summary>
Create, read, write, and delete
cardmgr pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pcmcia_manage_pid_chr_files" lineno="152">
<summary>
Create, read, write, and delete
cardmgr runtime character nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="pcp" filename="policy/modules/contrib/pcp.if">
<summary>The  pcp  command summarizes the status of a Performance Co-Pilot (PCP) installation</summary>
<template name="pcp_domain_template" lineno="14">
<summary>
Creates types and rules for a basic
pcp daemon domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="pcp_read_lib_files" lineno="43">
<summary>
Allow domain to read pcp lib files
</summary>
<param name="domain">
<summary>
Prefix for the domain.
</summary>
</param>
</interface>
<interface name="pcp_admin" lineno="63">
<summary>
All of the rules required to administrate
an pcp environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="pcp_pmie_exec" lineno="106">
<summary>
Allow the specified domain to execute pcp_pmie
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="pcp_pmlogger_exec" lineno="126">
<summary>
Allow the specified domain to execute pcp_pmlogger
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="pcp_filetrans_named_content" lineno="145">
<summary>
Transition to pcp named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pcp_write_pid_sock_file" lineno="162">
<summary>
Allow the specified domain to write to pcp sock file
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="pcp_bind_all_unreserved_ports" dftval="false">
<desc>
<p>
Allow pcp to bind to all unreserved_ports
</p>
</desc>
</tunable>
<tunable name="pcp_read_generic_logs" dftval="false">
<desc>
<p>
Allow pcp to read generic logs
</p>
</desc>
</tunable>
</module>
<module name="pcscd" filename="policy/modules/contrib/pcscd.if">
<summary>PCSC smart card service.</summary>
<interface name="pcscd_domtrans" lineno="13">
<summary>
Execute a domain transition to run pcscd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="pcscd_read_pub_files" lineno="34">
<summary>
Read pcscd pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pcscd_read_pid_files" lineno="49">
<summary>
Read pcscd pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pcscd_manage_pub_files" lineno="69">
<summary>
Create, read, write, and delete
pcscd pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pcscd_manage_pub_pipes" lineno="84">
<summary>
Create, read, write, and delete
pcscd pid fifo files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pcscd_signull" lineno="98">
<summary>
Send signulls to pcscd processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pcscd_stream_connect" lineno="117">
<summary>
Connect to pcscd over an unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pcscd_admin" lineno="143">
<summary>
All of the rules required to
administrate an pcscd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="pdns" filename="policy/modules/contrib/pdns.if">
<summary>PowerDNS DNS server.</summary>
<interface name="pdns_domtrans" lineno="13">
<summary>
Execute pdns in the pdns domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="pdns_domtrans_pdns_control" lineno="31">
<summary>
Execute pdns_control in the pdns_control domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="pdns_read_config" lineno="52">
<summary>
Allow the specified domain to read
pdns configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="pdns_stream_connect" lineno="74">
<summary>
Connect to pdns over an unix
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="pdns_can_network_connect_db" dftval="false">
<desc>
<p>
Allow PowerDNS to connect to databases over the network.
</p>
</desc>
</tunable>
</module>
<module name="pegasus" filename="policy/modules/contrib/pegasus.if">
<summary>The Open Group Pegasus CIM/WBEM Server.</summary>
<template name="pegasus_openlmi_domain_template" lineno="14">
<summary>
Creates types and rules for a basic
openlmi init daemon domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="pegasus_stream_connect" lineno="51">
<summary>
Connect to pegasus over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="perdition" filename="policy/modules/contrib/perdition.if">
<summary>Perdition POP and IMAP proxy.</summary>
<interface name="perdition_tcp_connect" lineno="13">
<summary>
Connect to perdition over a TCP socket  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="perdition_admin" lineno="34">
<summary>
All of the rules required to
administrate an perdition environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="pesign" filename="policy/modules/contrib/pesign.if">
<summary>pesign utility for signing UEFI binaries as well as other associated tools</summary>
<interface name="pesign_domtrans" lineno="13">
<summary>
Execute TEMPLATE in the pesign domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="pesign_read_pid_files" lineno="31">
<summary>
Read pesign PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pesign_systemctl" lineno="50">
<summary>
Execute pesign server in the pesign domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="pesign_admin" lineno="78">
<summary>
All of the rules required to administrate
an pesign environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="pingd" filename="policy/modules/contrib/pingd.if">
<summary>Pingd of the Whatsup cluster node up/down detection utility.</summary>
<interface name="pingd_domtrans" lineno="13">
<summary>
Execute a domain transition to run pingd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="pingd_read_config" lineno="32">
<summary>
Read pingd etc configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pingd_manage_config" lineno="52">
<summary>
Create, read, write, and delete
pingd etc configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pingd_admin" lineno="79">
<summary>
All of the rules required to
administrate an pingd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="piranha" filename="policy/modules/contrib/piranha.if">
<summary>policy for piranha</summary>
<template name="piranha_domain_template" lineno="14">
<summary>
Creates types and rules for a basic
cluster init daemon domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="piranha_domtrans_fos" lineno="66">
<summary>
Execute a domain transition to run fos.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="piranha_domtrans_lvs" lineno="84">
<summary>
Execute a domain transition to run lvsd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="piranha_domtrans_pulse" lineno="102">
<summary>
Execute a domain transition to run pulse.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="piranha_pulse_initrc_domtrans" lineno="120">
<summary>
Execute pulse server in the pulse domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="piranha_read_log" lineno="139">
<summary>
Allow the specified domain to read piranha's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="piranha_append_log" lineno="159">
<summary>
Allow the specified domain to append
piranha log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="piranha_manage_log" lineno="178">
<summary>
Allow domain to manage piranha log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="piranha_lvs_can_network_connect" dftval="false">
<desc>
<p>
Allow piranha-lvs domain to connect to the network using TCP.
</p>
</desc>
</tunable>
</module>
<module name="pkcs" filename="policy/modules/contrib/pkcs.if">
<summary>Implementations of the Cryptoki specification.</summary>
<interface name="pkcs_read_lock" lineno="13">
<summary>
Read pkcs lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pkcs_manage_lock" lineno="34">
<summary>
Create, read, write, and delete
pkcs lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pkcs_rw_shm" lineno="55">
<summary>
Read and write pkcs Shared
memory segments.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pkcs_destroy_shm" lineno="73">
<summary>
Destroy pkcsslotd sysv shared memory segments.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pkcs_stream_connect" lineno="92">
<summary>
Connect to pkcs using a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pkcs_manage_var_lib" lineno="110">
<summary>
Manage pkcs var_lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pkcs_getattr_exec_files" lineno="129">
<summary>
Get attributes of pkcs executable files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pkcs_domtrans" lineno="147">
<summary>
Transition to pkcs_slotd
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pkcs_tmpfs_named_filetrans" lineno="167">
<summary>
Create specific objects in the tmpfs directories
with a private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pkcs_delete_tmpfs_files" lineno="192">
<summary>
Delete pkcs files in the tmpfs directories
with a private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pkcs_use_opencryptoki" lineno="210">
<summary>
Use opencryptoki services
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pkcs_admin_slotd" lineno="249">
<summary>
All of the rules required to
administrate an pkcs slotd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="pkcs11proxyd" filename="policy/modules/contrib/pkcs11proxyd.if">
<summary>pkcs11proxyd-softhsm-ctl - manage the isolated PKCS #11 daemon with softhsm</summary>
<interface name="pkcs11proxyd_domtrans" lineno="13">
<summary>
Execute pkcs11proxyd_exec_t in the pkcs11proxyd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="pkcs11proxyd_exec" lineno="32">
<summary>
Execute pkcs11proxyd in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pkcs11proxyd_search_lib" lineno="51">
<summary>
Search pkcs11proxyd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pkcs11proxyd_read_lib_files" lineno="70">
<summary>
Read pkcs11proxyd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pkcs11proxyd_manage_lib_files" lineno="89">
<summary>
Manage pkcs11proxyd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pkcs11proxyd_manage_lib_dirs" lineno="108">
<summary>
Manage pkcs11proxyd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pkcs11proxyd_admin" lineno="135">
<summary>
All of the rules required to administrate
an pkcs11proxyd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="pkcs11proxyd_stream_connect" lineno="167">
<summary>
Connect to pkcs11proxyd over an unix
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="pki" filename="policy/modules/contrib/pki.if">
<summary>policy for pki</summary>
<interface name="pki_rw_tomcat_cert" lineno="13">
<summary>
Allow read and write pki cert files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pki_manage_tomcat_cert" lineno="34">
<summary>
Allow read and write pki cert files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pki_manage_tomcat_etc_rw" lineno="55">
<summary>
Allow read and write pki cert files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pki_read_tomcat_cert" lineno="74">
<summary>
Allow domain to read pki cert files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="pki_apache_template" lineno="94">
<summary>
Create a set of derived types for apache
web content.
</summary>
<param name="prefix">
<summary>
The prefix to be used for deriving type names.
</summary>
</param>
</template>
<interface name="pki_apache_domain_signal" lineno="188">
<summary>
Send a null signal to pki apache domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pki_apache_domain_signull" lineno="206">
<summary>
Send a null signal to pki apache domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pki_manage_apache_run" lineno="224">
<summary>
Allow domain to read pki apache subsystem pid files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pki_manage_apache_lib" lineno="243">
<summary>
Allow domain to manage pki apache subsystem lib files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pki_search_log_dirs" lineno="263">
<summary>
Dontaudit domain to write pki log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pki_dontaudit_write_log" lineno="282">
<summary>
Dontaudit domain to write pki log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pki_manage_apache_log_files" lineno="300">
<summary>
Allow domain to manage pki apache subsystem log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pki_manage_apache_config_files" lineno="319">
<summary>
Allow domain to manage pki apache subsystem config files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pki_read_tomcat_lib_files" lineno="338">
<summary>
Allow domain to read pki tomcat lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pki_manage_tomcat_lib" lineno="358">
<summary>
Allow domain to manage pki tomcat lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pki_manage_tomcat_log" lineno="378">
<summary>
Allow domain to manage pki tomcat lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pki_read_tomcat_lib_dirs" lineno="397">
<summary>
Allow domain to read pki tomcat lib dirs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pki_read_common_files" lineno="415">
<summary>
Allow read pki_common_t files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pki_exec_common_files" lineno="433">
<summary>
Allow execute pki_common_t files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pki_manage_common_files" lineno="451">
<summary>
Allow read pki_common_t files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pki_stream_connect" lineno="471">
<summary>
Connect to pki over an unix
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pki_tomcat_systemctl" lineno="490">
<summary>
Execute pki in the pkit_tomcat_t domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="pki_manage_tomcat_pid" lineno="515">
<summary>
Create, read, write, and delete
pki tomcat pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="plymouthd" filename="policy/modules/contrib/plymouthd.if">
<summary>Plymouth graphical boot</summary>
<interface name="plymouthd_domtrans" lineno="13">
<summary>
Execute a domain transition to run plymouthd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="plymouthd_exec" lineno="31">
<summary>
Execute the plymoth daemon in the current domain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_stream_connect" lineno="50">
<summary>
Allow domain to Stream socket connect
to Plymouth daemon.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_exec_plymouth" lineno="68">
<summary>
Execute the plymoth command in the current domain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_domtrans_plymouth" lineno="86">
<summary>
Execute a domain transition to run plymouthd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="plymouthd_search_spool" lineno="104">
<summary>
Search plymouthd spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_read_spool_files" lineno="123">
<summary>
Read plymouthd spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_manage_spool_files" lineno="143">
<summary>
Create, read, write, and delete
plymouthd spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_search_lib" lineno="162">
<summary>
Search plymouthd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_read_lib_files" lineno="181">
<summary>
Read plymouthd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_manage_lib_files" lineno="201">
<summary>
Create, read, write, and delete
plymouthd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_read_pid_files" lineno="220">
<summary>
Read plymouthd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_read_log" lineno="240">
<summary>
Allow the specified domain to read
to plymouthd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_create_log" lineno="259">
<summary>
Allow the specified domain to create plymouthd's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_manage_log" lineno="279">
<summary>
Allow the specified domain to manage
to plymouthd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_filetrans_named_content" lineno="300">
<summary>
Allow domain to create boot.log
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_admin" lineno="320">
<summary>
All of the rules required to administrate
an plymouthd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="podsleuth" filename="policy/modules/contrib/podsleuth.if">
<summary>Podsleuth is a tool to get information about an Apple (TM) iPod (TM).</summary>
<interface name="podsleuth_domtrans" lineno="13">
<summary>
Execute a domain transition to run podsleuth.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="podsleuth_run" lineno="39">
<summary>
Execute podsleuth in the podsleuth
domain, and allow the specified role
the podsleuth domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
</module>
<module name="policykit" filename="policy/modules/contrib/policykit.if">
<summary>Policy framework for controlling privileges for system-wide services.</summary>
<interface name="policykit_dbus_chat" lineno="14">
<summary>
Send and receive messages from
policykit over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="policykit_dbus_chat_auth" lineno="37">
<summary>
Send and receive messages from
policykit over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="policykit_domtrans_auth" lineno="59">
<summary>
Execute a domain transition to run polkit_auth.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="policykit_run_auth" lineno="84">
<summary>
Execute a policy_auth in the policy_auth domain, and
allow the specified role the policy_auth domain,
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="policykit_domtrans_grant" lineno="106">
<summary>
Execute a domain transition to run polkit_grant.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="policykit_run_grant" lineno="131">
<summary>
Execute a policy_grant in the policy_grant domain, and
allow the specified role the policy_grant domain,
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="policykit_read_reload" lineno="154">
<summary>
read policykit reload files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="policykit_rw_reload" lineno="173">
<summary>
rw policykit reload files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="policykit_domtrans_resolve" lineno="192">
<summary>
Execute a domain transition to run polkit_resolve.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="policykit_search_lib" lineno="212">
<summary>
Search policykit lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="policykit_read_lib" lineno="231">
<summary>
read policykit lib files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="policykit_role" lineno="260">
<summary>
The per role template for the policykit module.
</summary>
<param name="user_role">
<summary>
Role allowed access
</summary>
</param>
<param name="user_domain">
<summary>
User domain for the role
</summary>
</param>
</template>
<interface name="policykit_signal_auth" lineno="278">
<summary>
Send generic signal to policy_auth
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="polipo" filename="policy/modules/contrib/polipo.if">
<summary>Caching web proxy.</summary>
<template name="polipo_role" lineno="18">
<summary>
Role access for polipo session.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</template>
<interface name="polipo_named_filetrans_config_home_files" lineno="60">
<summary>
Create configuration files in user
home directories with a named file
type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="polipo_named_filetrans_cache_home_dirs" lineno="80">
<summary>
Create cache directories in user
home directories with a named file
type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="polipo_named_filetrans_admin_config_home_files" lineno="100">
<summary>
Create configuration files in admin
home directories with a named file
type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="polipo_named_filetrans_admin_cache_home_dirs" lineno="120">
<summary>
Create cache directories in admin
home directories with a named file
type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="polipo_named_filetrans_log_files" lineno="139">
<summary>
Create log files with a named file
type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="polipo_systemctl" lineno="157">
<summary>
Execute polipo server in the polipo domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="polipo_admin" lineno="187">
<summary>
Administrate an polipo environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="polipo_use_cifs" dftval="false">
<desc>
<p>
Determine whether polipo can
access cifs file systems.
</p>
</desc>
</tunable>
<tunable name="polipo_use_nfs" dftval="false">
<desc>
<p>
Determine whether Polipo can
access nfs file systems.
</p>
</desc>
</tunable>
<tunable name="polipo_session_bind_all_unreserved_ports" dftval="false">
<desc>
<p>
Determine whether Polipo session daemon
can bind tcp sockets to all unreserved ports.
</p>
</desc>
</tunable>
<tunable name="polipo_session_users" dftval="false">
<desc>
<p>
Determine whether calling user domains
can execute Polipo daemon in the
polipo_session_t domain.
</p>
</desc>
</tunable>
<tunable name="polipo_connect_all_unreserved" dftval="false">
<desc>
<p>
Allow polipo to connect to all ports > 1023
</p>
</desc>
</tunable>
</module>
<module name="portage" filename="policy/modules/contrib/portage.if">
<summary>Package Management System.</summary>
<interface name="portage_domtrans" lineno="13">
<summary>
Execute emerge in the portage domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="portage_run" lineno="40">
<summary>
Execute emerge in the portage domain,
and allow the specified role the
portage domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="portage_compile_domain" lineno="65">
<summary>
Template for portage sandbox.
</summary>
<desc>
<p>
Template for portage sandbox.  Portage
does all compiling in the sandbox.
</p>
</desc>
<param name="domain">
<summary>
Domain Allowed Access
</summary>
</param>
</interface>
<interface name="portage_domtrans_fetch" lineno="218">
<summary>
Execute tree management functions
(fetching, layman, ...) in the
portage fetch domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="portage_run_fetch" lineno="247">
<summary>
Execute tree management functions
(fetching, layman, ...) in the
portage fetch domain, and allow
the specified role the portage
fetch domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="portage_domtrans_gcc_config" lineno="266">
<summary>
Execute gcc-config in the gcc config domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="portage_run_gcc_config" lineno="293">
<summary>
Execute gcc-config in the gcc config
domain, and allow the specified role
the gcc_config domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="portage_dontaudit_use_fds" lineno="313">
<summary>
Do not audit attempts to use
portage file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="portage_dontaudit_search_tmp" lineno="332">
<summary>
Do not audit attempts to search the
portage temporary directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="portage_dontaudit_rw_tmp_files" lineno="351">
<summary>
Do not audit attempts to read and write
the portage temporary files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<tunable name="portage_use_nfs" dftval="false">
<desc>
<p>
Determine whether portage can
use nfs filesystems.
</p>
</desc>
</tunable>
</module>
<module name="portmap" filename="policy/modules/contrib/portmap.if">
<summary>RPC port mapping service.</summary>
<interface name="portmap_domtrans_helper" lineno="13">
<summary>
Execute portmap helper in the helper domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="portmap_run_helper" lineno="40">
<summary>
Execute portmap helper in the helper
domain, and allow the specified role
the helper domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="portmap_udp_send" lineno="59">
<summary>
Send UDP network traffic to portmap.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="portmap_udp_chat" lineno="73">
<summary>
Send and receive UDP network traffic from portmap.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="portmap_tcp_connect" lineno="87">
<summary>
Connect to portmap over a TCP socket  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="portmap_admin" lineno="108">
<summary>
All of the rules required to
administrate an portmap environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="portreserve" filename="policy/modules/contrib/portreserve.if">
<summary>Reserve well-known ports in the RPC port range.</summary>
<interface name="portreserve_domtrans" lineno="13">
<summary>
Execute a domain transition to run portreserve.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="portreserve_read_config" lineno="33">
<summary>
Read portreserve configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="portreserve_manage_config" lineno="55">
<summary>
Create, read, write, and delete
portreserve configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="portreserve_initrc_domtrans" lineno="77">
<summary>
Execute portreserve init scripts in
the init script domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="portreserve_admin" lineno="102">
<summary>
All of the rules required to
administrate an portreserve environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="portslave" filename="policy/modules/contrib/portslave.if">
<summary>Portslave terminal server software.</summary>
<interface name="portslave_domtrans" lineno="13">
<summary>
Execute portslave with a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="postfix" filename="policy/modules/contrib/postfix.if">
<summary>Postfix email server</summary>
<interface name="postfix_stub" lineno="13">
<summary>
Postfix stub interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="postfix_domain_template" lineno="30">
<summary>
Creates types and rules for a basic
postfix process domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<template name="postfix_server_domain_template" lineno="60">
<summary>
Creates a postfix server process domain.
</summary>
<param name="prefix">
<summary>
Prefix of the domain.
</summary>
</param>
</template>
<template name="postfix_user_domain_template" lineno="101">
<summary>
Creates a process domain for programs
that are ran by users.
</summary>
<param name="prefix">
<summary>
Prefix of the domain.
</summary>
</param>
</template>
<interface name="postfix_read_config" lineno="130">
<summary>
Read postfix configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="postfix_config_filetrans" lineno="167">
<summary>
Create files with the specified type in
the postfix configuration directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="postfix_dontaudit_rw_local_tcp_sockets" lineno="188">
<summary>
Do not audit attempts to read and
write postfix local delivery
TCP sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="postfix_rw_local_pipes" lineno="207">
<summary>
Allow read/write postfix local pipes
TCP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_rw_public_pipes" lineno="226">
<summary>
Allow read/write postfix public pipes
TCP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_read_local_state" lineno="244">
<summary>
Allow domain to read postfix local process state
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_read_master_state" lineno="263">
<summary>
Allow domain to read postfix master process state
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_use_fds_master" lineno="283">
<summary>
Use postfix master process file
file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_dontaudit_use_fds" lineno="303">
<summary>
Do not audit attempts to use
postfix master process file
file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="postfix_domtrans_map" lineno="321">
<summary>
Execute postfix_map in the postfix_map domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="postfix_run_map" lineno="346">
<summary>
Execute postfix_map in the postfix_map domain, and
allow the specified role the postfix_map domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="postfix_domtrans_master" lineno="366">
<summary>
Execute the master postfix program in the
postfix_master domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="postfix_initrc_domtrans" lineno="386">
<summary>
Execute the master postfix in the postfix master domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_exec_master" lineno="405">
<summary>
Execute the master postfix program in the
caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_stream_connect_master" lineno="423">
<summary>
Connect to postfix master process using a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_rw_inherited_master_pipes" lineno="441">
<summary>
Allow read/write postfix master pipes
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_domtrans_postdrop" lineno="460">
<summary>
Execute the master postdrop in the
postfix_postdrop domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="postfix_domtrans_postqueue" lineno="479">
<summary>
Execute the master postqueue in the
postfix_postqueue domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="postfix_run_postqueue" lineno="505">
<summary>
Execute the master postqueue in the
postfix_postdrop domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the iptables domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="postfix_domtrans_postgqueue" lineno="525">
<summary>
Execute postfix_postgqueue in the postfix_postgqueue domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="postfix_run_postgqueue" lineno="550">
<summary>
Execute postfix_postgqueue in the postfix_postgqueue domain, and
allow the specified role the postfix_postgqueue domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="postfix_exec_postqueue" lineno="570">
<summary>
Execute the master postqueue in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_create_private_sockets" lineno="588">
<summary>
Create a named socket in a postfix private directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_manage_private_sockets" lineno="607">
<summary>
manage named socket in a postfix private directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_domtrans_smtp" lineno="627">
<summary>
Execute the master postfix program in the
postfix_master domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="postfix_getattr_spool_files" lineno="645">
<summary>
Getattr postfix mail spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_search_spool" lineno="664">
<summary>
Search postfix mail spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_list_spool" lineno="683">
<summary>
List postfix mail spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_read_spool_files" lineno="702">
<summary>
Read postfix mail spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_manage_spool_files" lineno="721">
<summary>
Create, read, write, and delete postfix mail spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_rw_spool_maildrop_files" lineno="740">
<summary>
Read, write, and delete postfix maildrop spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_manage_spool_maildrop_files" lineno="759">
<summary>
Create, read, write, and delete postfix maildrop spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_domtrans_user_mail_handler" lineno="780">
<summary>
Execute postfix user mail programs
in their respective domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_admin" lineno="805">
<summary>
All of the rules required to administrate
an postfix environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="postfix_run_postdrop" lineno="893">
<summary>
Execute the master postdrop in the
postfix_postdrop domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the iptables domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="postfix_exec" lineno="915">
<summary>
Execute postfix exec in the users domain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_filetrans_named_content" lineno="933">
<summary>
Transition to postfix named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="postfix_local_write_mail_spool" dftval="true">
<desc>
<p>
Allow postfix_local domain full write access to mail_spool directories
</p>
</desc>
</tunable>
</module>
<module name="postfixpolicyd" filename="policy/modules/contrib/postfixpolicyd.if">
<summary>Postfix policy server.</summary>
<interface name="postfixpolicyd_admin" lineno="20">
<summary>
All of the rules required to administrate
an postfixpolicyd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="postgrey" filename="policy/modules/contrib/postgrey.if">
<summary>Postfix grey-listing server.</summary>
<interface name="postgrey_stream_connect" lineno="14">
<summary>
Connect to postgrey using a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postgrey_search_spool" lineno="34">
<summary>
Search spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postgrey_admin" lineno="60">
<summary>
All of the rules required to
administrate an postgrey environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="powerprofiles" filename="policy/modules/contrib/powerprofiles.if">
<summary>Power profiles handling over D-Bus</summary>
</module>
<module name="ppp" filename="policy/modules/contrib/ppp.if">
<summary>Point to Point Protocol daemon creates links in ppp networks</summary>
<interface name="ppp_manage_home_files" lineno="14">
<summary>
Create, read, write, and delete
ppp home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_read_home_files" lineno="33">
<summary>
Read ppp user home content files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_relabel_home_files" lineno="53">
<summary>
Relabel ppp home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_home_filetrans_ppp_home" lineno="83">
<summary>
Create objects in user home
directories with the ppp home type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="ppp_use_fds" lineno="101">
<summary>
Inherit and use ppp file discriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_dontaudit_use_fds" lineno="120">
<summary>
Do not audit attempts to inherit
and use PPP file discriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="ppp_sigchld" lineno="138">
<summary>
Send a SIGCHLD signal to PPP.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_kill" lineno="157">
<summary>
Send ppp a kill signal
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_signal" lineno="175">
<summary>
Send a generic signal to PPP.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_signull" lineno="193">
<summary>
Send a generic signull to PPP.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_domtrans" lineno="211">
<summary>
Execute domain in the ppp domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ppp_run_cond" lineno="236">
<summary>
Conditionally execute ppp daemon on behalf of a user or staff type.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to allow the ppp domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ppp_run" lineno="264">
<summary>
Unconditionally execute ppp daemon on behalf of a user or staff type.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to allow the ppp domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ppp_exec" lineno="283">
<summary>
Execute domain in the ppp caller.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_read_config" lineno="302">
<summary>
Read ppp configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_read_rw_config" lineno="321">
<summary>
Read PPP-writable configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_read_secrets" lineno="341">
<summary>
Read PPP secrets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_read_pid_files" lineno="361">
<summary>
Read PPP pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_manage_pid_files" lineno="380">
<summary>
Create, read, write, and delete PPP pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_pid_filetrans" lineno="399">
<summary>
Create, read, write, and delete PPP pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_initrc_domtrans" lineno="417">
<summary>
Execute ppp server in the ntpd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ppp_systemctl" lineno="435">
<summary>
Execute pppd server in the pppd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ppp_filetrans_named_content" lineno="460">
<summary>
Transition to ppp named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_admin" lineno="485">
<summary>
All of the rules required to administrate
an ppp environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="pppd_can_insmod" dftval="false">
<desc>
<p>
Allow pppd to load kernel modules for certain modems
</p>
</desc>
</tunable>
<tunable name="pppd_for_user" dftval="false">
<desc>
<p>
Allow pppd to be run for a regular user
</p>
</desc>
</tunable>
</module>
<module name="prelink" filename="policy/modules/contrib/prelink.if">
<summary>Prelink ELF shared library mappings.</summary>
<interface name="prelink_domtrans" lineno="13">
<summary>
Execute the prelink program in the prelink domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="prelink_exec" lineno="37">
<summary>
Execute the prelink program in the current domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prelink_run" lineno="62">
<summary>
Execute the prelink program in the prelink domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to allow the prelink domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="prelink_object_file" lineno="82">
<summary>
Make the specified file type prelinkable.
</summary>
<param name="file_type">
<summary>
File type to be prelinked.
</summary>
</param>
</interface>
<interface name="prelink_read_cache" lineno="100">
<summary>
Read the prelink cache.
</summary>
<param name="file_type">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prelink_delete_cache" lineno="119">
<summary>
Delete the prelink cache.
</summary>
<param name="file_type">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prelink_manage_log" lineno="139">
<summary>
Create, read, write, and delete
prelink log files.
</summary>
<param name="file_type">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prelink_manage_lib" lineno="159">
<summary>
Create, read, write, and delete
prelink var_lib files.
</summary>
<param name="file_type">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prelink_relabelfrom_lib" lineno="178">
<summary>
Relabel from files in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prelink_relabel_lib" lineno="197">
<summary>
Relabel from files in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prelink_filetrans_named_content" lineno="216">
<summary>
Transition to prelink named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="prelude" filename="policy/modules/contrib/prelude.if">
<summary>Prelude hybrid intrusion detection system</summary>
<interface name="prelude_domtrans" lineno="13">
<summary>
Execute a domain transition to run prelude.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="prelude_domtrans_audisp" lineno="31">
<summary>
Execute a domain transition to run prelude_audisp.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="prelude_signal_audisp" lineno="49">
<summary>
Signal the prelude_audisp domain.
</summary>
<param name="domain">
<summary>
Domain allowed acccess.
</summary>
</param>
</interface>
<interface name="prelude_read_spool" lineno="67">
<summary>
Read the prelude spool files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prelude_manage_spool" lineno="86">
<summary>
Manage to prelude-manager spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prelude_admin" lineno="113">
<summary>
All of the rules required to administrate
an prelude environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="privoxy" filename="policy/modules/contrib/privoxy.if">
<summary>Privacy enhancing web proxy.</summary>
<interface name="privoxy_admin" lineno="20">
<summary>
All of the rules required to
administrate an privoxy environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="privoxy_connect_any" dftval="false">
<desc>
<p>
Determine whether privoxy can
connect to all tcp ports.
</p>
</desc>
</tunable>
</module>
<module name="procmail" filename="policy/modules/contrib/procmail.if">
<summary>Procmail mail delivery agent</summary>
<interface name="procmail_domtrans" lineno="13">
<summary>
Execute procmail with a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="procmail_exec" lineno="35">
<summary>
Execute procmail in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="procmail_read_tmp_files" lineno="55">
<summary>
Read procmail tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="procmail_rw_tmp_files" lineno="74">
<summary>
Read/write procmail tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="procmail_read_home_files" lineno="93">
<summary>
Read procmail home directory content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="prosody" filename="policy/modules/contrib/prosody.if">
<summary>policy for prosody</summary>
<interface name="prosody_domtrans" lineno="13">
<summary>
Execute TEMPLATE in the prosody domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="prosody_search_lib" lineno="32">
<summary>
Search prosody lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prosody_read_lib_files" lineno="51">
<summary>
Read prosody lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prosody_manage_lib_files" lineno="70">
<summary>
Manage prosody lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prosody_manage_lib_dirs" lineno="89">
<summary>
Manage prosody lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prosody_read_pid_files" lineno="108">
<summary>
Read prosody PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prosody_systemctl" lineno="127">
<summary>
Execute prosody server in the prosody domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="prosody_run" lineno="159">
<summary>
Execute prosody in the prosody domain, and
allow the specified role the prosody domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the prosody domain.
</summary>
</param>
</interface>
<interface name="prosody_stream_connect" lineno="180">
<summary>
Connect to prosody with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prosody_role" lineno="204">
<summary>
Role access for prosody
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="prosody_admin" lineno="230">
<summary>
All of the rules required to administrate
an prosody environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="prosody_bind_http_port" dftval="false">
<desc>
<p>
Permit to prosody to bind apache port.
Need to be activated to use BOSH.
</p>
</desc>
</tunable>
</module>
<module name="psad" filename="policy/modules/contrib/psad.if">
<summary>Intrusion Detection and Log Analysis with iptables.</summary>
<interface name="psad_domtrans" lineno="13">
<summary>
Execute a domain transition to run psad.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="psad_signal" lineno="32">
<summary>
Send generic signals to psad.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="psad_signull" lineno="50">
<summary>
Send null signals to psad.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="psad_read_config" lineno="68">
<summary>
Read psad configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="psad_manage_config" lineno="90">
<summary>
Create, read, write, and delete
psad configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="psad_read_pid_files" lineno="110">
<summary>
Read psad pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="psad_rw_pid_files" lineno="129">
<summary>
Read and write psad PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="psad_read_log" lineno="149">
<summary>
Read psad log content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="psad_append_log" lineno="170">
<summary>
Append psad log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="psad_write_log" lineno="190">
<summary>
Allow the specified domain to write to psad's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="psad_setattr_log" lineno="209">
<summary>
Allow the specified domain to setattr to psad's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="psad_rw_fifo_file" lineno="228">
<summary>
Read and write psad fifo files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="psad_setattr_fifo_file" lineno="247">
<summary>
Allow setattr to psad fifo files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="psad_search_lib_files" lineno="267">
<summary>
Allow search to psad lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="psad_rw_tmp_files" lineno="286">
<summary>
Read and write psad temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="psad_admin" lineno="312">
<summary>
All of the rules required to
administrate an psad environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="ptchown" filename="policy/modules/contrib/ptchown.if">
<summary>helper function for grantpt(3), changes ownship and permissions of pseudotty.</summary>
<interface name="ptchown_domtrans" lineno="13">
<summary>
Execute a domain transition to run ptchown.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ptchown_exec" lineno="32">
<summary>
Execute ptchown in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ptchown_run" lineno="58">
<summary>
Execute ptchown in the ptchown
domain, and allow the specified
role the ptchown domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
</module>
<module name="publicfile" filename="policy/modules/contrib/publicfile.if">
<summary>publicfile supplies files to the public through HTTP and FTP.</summary>
</module>
<module name="pulseaudio" filename="policy/modules/contrib/pulseaudio.if">
<summary>Pulseaudio network sound server.</summary>
<interface name="pulseaudio_role" lineno="18">
<summary>
Role access for pulseaudio
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="pulseaudio_domtrans" lineno="59">
<summary>
Execute a domain transition to run pulseaudio.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="pulseaudio_run" lineno="87">
<summary>
Execute pulseaudio in the pulseaudio domain, and
allow the specified role the pulseaudio domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_exec" lineno="106">
<summary>
Execute a pulseaudio in the current domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_dontaudit_exec" lineno="124">
<summary>
Do not audit to execute a pulseaudio.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="pulseaudio_signull" lineno="143">
<summary>
Send signull signal to pulseaudio
processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_stream_connect" lineno="162">
<summary>
Connect to pulseaudio over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_dbus_chat" lineno="187">
<summary>
Send and receive messages from
pulseaudio over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_setattr_home_dir" lineno="207">
<summary>
Set the attributes of the pulseaudio homedir.
</summary>
<param name="user_domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_read_home_files" lineno="225">
<summary>
Read pulseaudio homedir files.
</summary>
<param name="user_domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_rw_home_files" lineno="245">
<summary>
Read and write Pulse Audio files.
</summary>
<param name="user_domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_manage_home_dirs" lineno="266">
<summary>
Create, read, write, and delete pulseaudio
home directories.
</summary>
<param name="user_domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_manage_home_files" lineno="286">
<summary>
Create, read, write, and delete pulseaudio
home directory files.
</summary>
<param name="user_domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_manage_home_symlinks" lineno="308">
<summary>
Create, read, write, and delete pulseaudio
home directory symlinks.
</summary>
<param name="user_domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_filetrans_home_content" lineno="328">
<summary>
Create pulseaudio content in the user home directory
with an correct label.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_filetrans_admin_home_content" lineno="352">
<summary>
Create pulseaudio content in the admin home directory
with an correct label.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_tmpfs_content" lineno="373">
<summary>
Make the specified tmpfs file type
pulseaudio tmpfs content.
</summary>
<param name="file_type">
<summary>
File type to make pulseaudio tmpfs content.
</summary>
</param>
</interface>
<interface name="pulseaudio_read_state" lineno="391">
<summary>
Allow the domain to read pulseaudio state files in /proc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="puppet" filename="policy/modules/contrib/puppet.if">
<summary>Puppet client daemon</summary>
<desc>
<p>
Puppet is a configuration management system written in Ruby.
The client daemon is responsible for periodically requesting the
desired system state from the server and ensuring the state of
the client system matches.
</p>
</desc>
<interface name="puppet_domtrans_master" lineno="22">
<summary>
Execute puppet_master in the puppet_master
domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="puppet_domtrans" lineno="42">
<summary>
Execute puppet in the puppet
domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="puppet_domtrans_puppetca" lineno="62">
<summary>
Execute puppetca in the puppetca
domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="puppet_run" lineno="89">
<summary>
Execute puppet in the puppet
domain and allow the specified
role the puppetca domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="puppet_run_puppetca" lineno="116">
<summary>
Execute puppetca in the puppetca
domain and allow the specified
role the puppetca domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="puppet_rw_tmp" lineno="139">
<summary>
Read / Write to Puppet temp files.  Puppet uses
some system binaries (groupadd, etc) that run in
a non-puppet domain and redirects output into temp
files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="puppet_read_lib" lineno="158">
<summary>
Read Puppet lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="puppet_manage_lib" lineno="177">
<summary>
Manage Puppet lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="puppet_search_log" lineno="196">
<summary>
Allow the specified domain to search puppet's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="puppet_read_log" lineno="215">
<summary>
Allow the specified domain to read puppet's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="puppet_create_log" lineno="234">
<summary>
Allow the specified domain to create puppet's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="puppet_append_log" lineno="253">
<summary>
Allow the specified domain to append puppet's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="puppet_manage_log" lineno="272">
<summary>
Allow the specified domain to manage puppet's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="puppet_read_config" lineno="291">
<summary>
Allow the specified domain to read puppet's config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="puppet_search_pid" lineno="312">
<summary>
Allow the specified domain to search puppet's pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="puppetagent_manage_all_files" dftval="false">
<desc>
<p>
Allow Puppet client to manage all file
types.
</p>
</desc>
</tunable>
<tunable name="puppetmaster_use_db" dftval="false">
<desc>
<p>
Allow Puppet master to use connect to MySQL and PostgreSQL database
</p>
</desc>
</tunable>
</module>
<module name="pwauth" filename="policy/modules/contrib/pwauth.if">
<summary>policy for pwauth</summary>
<interface name="pwauth_domtrans" lineno="13">
<summary>
Transition to pwauth.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="pwauth_run" lineno="38">
<summary>
Execute pwauth in the pwauth domain, and
allow the specified role the pwauth domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the pwauth domain.
</summary>
</param>
</interface>
<interface name="pwauth_role" lineno="62">
<summary>
Role access for pwauth
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
</module>
<module name="pxe" filename="policy/modules/contrib/pxe.if">
<summary>Server for the PXE network boot protocol.</summary>
<interface name="pxe_admin" lineno="20">
<summary>
All of the rules required to
administrate an pxe environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="pyzor" filename="policy/modules/contrib/pyzor.if">
<summary>Pyzor is a distributed, collaborative spam detection and filtering network.</summary>
<interface name="pyzor_role" lineno="19">
<summary>
Role access for pyzor
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
<rolecap/>
</interface>
<interface name="pyzor_signal" lineno="48">
<summary>
Send generic signals to pyzor
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pyzor_domtrans" lineno="66">
<summary>
Execute pyzor with a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="pyzor_exec" lineno="86">
<summary>
Execute pyzor in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pyzor_admin" lineno="113">
<summary>
All of the rules required to administrate
an pyzor environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the pyzor domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="qatlib" filename="policy/modules/contrib/qatlib.if">
<summary>policy for qatlib</summary>
<interface name="qatlib_domtrans" lineno="13">
<summary>
Execute qatlib_exec_t in the qatlib domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="qatlib_exec" lineno="32">
<summary>
Execute qatlib in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="qemu" filename="policy/modules/contrib/qemu.if">
<summary>QEMU machine emulator and virtualizer</summary>
<template name="qemu_domain_template" lineno="14">
<summary>
Creates types and rules for a basic
qemu process domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="qemu_domtrans" lineno="112">
<summary>
Execute a domain transition to run qemu.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="qemu_exec" lineno="130">
<summary>
Execute a qemu in the callers domain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qemu_run" lineno="154">
<summary>
Execute qemu in the qemu domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to allow the qemu domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="qemu_read_state" lineno="175">
<summary>
Allow the domain to read state files in /proc.
</summary>
<param name="domain">
<summary>
Domain to allow access.
</summary>
</param>
</interface>
<interface name="qemu_setsched" lineno="193">
<summary>
Set the schedule on qemu.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qemu_signal" lineno="211">
<summary>
Send a signal to qemu.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qemu_kill" lineno="229">
<summary>
Send a sigill to qemu
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qemu_spec_domtrans" lineno="264">
<summary>
Execute qemu_exec_t
in the specified domain but do not
do it automatically. This is an explicit
transition, requiring the caller to use setexeccon().
</summary>
<desc>
<p>
Execute qemu_exec_t
in the specified domain.  This allows
the specified domain to qemu programs
on these filesystems in the specified
domain.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="qemu_unconfined_role" lineno="289">
<summary>
Execute qemu unconfined programs in the role.
</summary>
<param name="role">
<summary>
The role to allow the qemu unconfined domain.
</summary>
</param>
</interface>
<interface name="qemu_manage_tmp_dirs" lineno="308">
<summary>
Manage qemu temporary dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qemu_manage_tmp_files" lineno="326">
<summary>
Manage qemu temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qemu_entry_type" lineno="345">
<summary>
Make qemu_exec_t an entrypoint for
the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which qemu_exec_t is an entrypoint.
</summary>
</param>
</interface>
<interface name="qemu_getattr_exec" lineno="363">
<summary>
Getattr on qemu executable.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<tunable name="qemu_full_network" dftval="false">
<desc>
<p>
Allow qemu to connect fully to the network
</p>
</desc>
</tunable>
<tunable name="qemu_use_cifs" dftval="true">
<desc>
<p>
Allow qemu to use cifs/Samba file systems
</p>
</desc>
</tunable>
<tunable name="qemu_use_comm" dftval="false">
<desc>
<p>
Allow qemu to use serial/parallel communication ports
</p>
</desc>
</tunable>
<tunable name="qemu_use_nfs" dftval="true">
<desc>
<p>
Allow qemu to use nfs file systems
</p>
</desc>
</tunable>
<tunable name="qemu_use_usb" dftval="true">
<desc>
<p>
Allow qemu to use usb devices
</p>
</desc>
</tunable>
</module>
<module name="qmail" filename="policy/modules/contrib/qmail.if">
<summary>Qmail Mail Server</summary>
<template name="qmail_child_domain_template" lineno="18">
<summary>
Template for qmail parent/sub-domain pairs
</summary>
<param name="child_prefix">
<summary>
The prefix of the child domain
</summary>
</param>
<param name="parent_domain">
<summary>
The name of the parent domain.
</summary>
</param>
</template>
<interface name="qmail_domtrans_inject" lineno="59">
<summary>
Transition to qmail_inject_t
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="qmail_domtrans_queue" lineno="84">
<summary>
Transition to qmail_queue_t
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="qmail_read_config" lineno="110">
<summary>
Read qmail configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="qmail_smtpd_service_domain" lineno="142">
<summary>
Define the specified domain as a qmail-smtp service.
Needed by antivirus/antispam filters.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="entrypoint">
<summary>
The type associated with the process program.
</summary>
</param>
</interface>
<interface name="qmail_manage_spool_dirs" lineno="161">
<summary>
Create, read, write, and delete qmail
spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qmail_manage_spool_files" lineno="180">
<summary>
Create, read, write, and delete qmail
spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qmail_rw_spool_pipes" lineno="198">
<summary>
Read and write to qmail spool pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
</module>
<module name="qpid" filename="policy/modules/contrib/qpid.if">
<summary>policy for qpidd</summary>
<interface name="qpidd_domtrans" lineno="13">
<summary>
Execute a domain transition to run qpidd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="qpidd_initrc_domtrans" lineno="31">
<summary>
Execute qpidd server in the qpidd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qpidd_read_pid_files" lineno="49">
<summary>
Read qpidd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qpidd_manage_var_run" lineno="68">
<summary>
Manage qpidd var_run files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qpidd_search_lib" lineno="89">
<summary>
Search qpidd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qpidd_read_lib_files" lineno="108">
<summary>
Read qpidd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qpidd_manage_lib_files" lineno="128">
<summary>
Create, read, write, and delete
qpidd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qpidd_manage_var_lib" lineno="147">
<summary>
Manage qpidd var_lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qpidd_rw_semaphores" lineno="168">
<summary>
Allow read and write access to qpidd semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qpidd_rw_shm" lineno="186">
<summary>
Read and write to qpidd shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qpidd_admin" lineno="214">
<summary>
All of the rules required to
administrate an qpidd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="quantum" filename="policy/modules/contrib/quantum.if">
<summary>Virtual network service for Openstack.</summary>
<interface name="neutron_domtrans" lineno="13">
<summary>
Transition to neutron.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="neutron_rw_inherited_pipes" lineno="32">
<summary>
Allow read/write neutron pipes
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="neutron_sigchld" lineno="51">
<summary>
Send sigchld to neutron.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="neutron_read_log" lineno="70">
<summary>
Read neutron's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="neutron_append_log" lineno="89">
<summary>
Append to neutron log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="neutron_manage_log" lineno="108">
<summary>
Manage neutron log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="neutron_search_lib" lineno="129">
<summary>
Search neutron lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="neutron_read_lib_files" lineno="148">
<summary>
Read neutron lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="neutron_manage_lib_files" lineno="167">
<summary>
Manage neutron lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="neutron_manage_lib_dirs" lineno="187">
<summary>
Manage neutron lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="neutron_rw_fifo_file" lineno="206">
<summary>
Read and write neutron fifo files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="neutron_stream_connect" lineno="225">
<summary>
Connect to neutron over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="neutron_systemctl" lineno="245">
<summary>
Execute neutron server in the neutron domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="neutron_read_state" lineno="270">
<summary>
Read neutron process state files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="neutron_admin" lineno="291">
<summary>
All of the rules required to administrate
an neutron environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="neutron_can_network" dftval="false">
<desc>
<p>
Determine whether neutron can
connect to all TCP ports
</p>
</desc>
</tunable>
</module>
<module name="quota" filename="policy/modules/contrib/quota.if">
<summary>File system quota management</summary>
<interface name="quota_domtrans" lineno="13">
<summary>
Execute quota management tools in the quota domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="quota_run" lineno="39">
<summary>
Execute quota management tools in the quota domain, and
allow the specified role the quota domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="quota_read_db" lineno="58">
<summary>
Alow to read of filesystem quota data files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="quota_dontaudit_getattr_db" lineno="77">
<summary>
Do not audit attempts to get the attributes
of filesystem quota data files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="quota_manage_db" lineno="96">
<summary>
Create, read, write, and delete quota
db files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="quota_manage_flags" lineno="115">
<summary>
Create, read, write, and delete quota
flag files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="quota_filetrans_named_content" lineno="134">
<summary>
Transition to quota named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="quota_domtrans_nld" lineno="171">
<summary>
Transition to quota_nld.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="rabbitmq" filename="policy/modules/contrib/rabbitmq.if">
<summary>AMQP server written in Erlang.</summary>
<interface name="rabbitmq_domtrans" lineno="13">
<summary>
Execute rabbitmq in the rabbitmq domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rabbitmq_admin" lineno="39">
<summary>
All of the rules required to
administrate an rabbitmq environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="radius" filename="policy/modules/contrib/radius.if">
<summary>RADIUS authentication and accounting server.</summary>
<interface name="radius_use" lineno="13">
<summary>
Use radius over a UDP connection.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="radiusd_systemctl" lineno="27">
<summary>
Execute radiusd server in the radiusd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="radius_admin" lineno="58">
<summary>
All of the rules required to
administrate an radius environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="radius_use_jit" dftval="false">
<desc>
<p>
Determine whether radius can use JIT compiler.
</p>
</desc>
</tunable>
</module>
<module name="radvd" filename="policy/modules/contrib/radvd.if">
<summary>IPv6 router advertisement daemon.</summary>
<interface name="radvd_read_pid_files" lineno="13">
<summary>
Read radvd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="radvd_admin" lineno="39">
<summary>
All of the rules required to
administrate an radvd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="raid" filename="policy/modules/contrib/raid.if">
<summary>RAID array management tools</summary>
<interface name="raid_domtrans_mdadm" lineno="13">
<summary>
Execute software raid tools in the mdadm domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="raid_run_mdadm" lineno="39">
<summary>
Execute a domain transition to mdadm_t for the
specified role, allowing it to use the mdadm_t
domain
</summary>
<param name="role">
<summary>
Role allowed to access mdadm_t domain
</summary>
</param>
<param name="domain">
<summary>
Domain allowed to transition to mdadm_t
</summary>
</param>
</interface>
<interface name="mdadm_systemctl" lineno="58">
<summary>
Execute mdadm server in the mdadm domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="raid_read_mdadm_pid" lineno="82">
<summary>
read the mdadm pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="raid_manage_mdadm_pid" lineno="108">
<summary>
Create, read, write, and delete the mdadm pid files.
</summary>
<desc>
<p>
Create, read, write, and delete the mdadm pid files.
</p>
<p>
Added for use in the init module.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="raid_access_check_mdadm" lineno="129">
<summary>
Check access to the mdadm executable.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="raid_read_conf_files" lineno="149">
<summary>
Read mdadm config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="raid_manage_conf_files" lineno="167">
<summary>
Manage mdadm config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="raid_filetrans_named_content" lineno="185">
<summary>
Transition to mdadm named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="raid_relabel_mdadm_var_run_content" lineno="205">
<summary>
Relabel from mdadm_var_run_t sock file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="raid_stream_connect" lineno="224">
<summary>
Connect to raid with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="rasdaemon" filename="policy/modules/contrib/rasdaemon.if">
<summary>The rasdaemon program is a daemon with monitors the RAS trace events from /sys/kernel/debug/tracing</summary>
<interface name="rasdaemon_domtrans" lineno="13">
<summary>
Execute TEMPLATE in the rasdaemon domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rasdaemon_search_lib" lineno="32">
<summary>
Search rasdaemon lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rasdaemon_read_lib_files" lineno="51">
<summary>
Read rasdaemon lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rasdaemon_manage_lib_files" lineno="70">
<summary>
Manage rasdaemon lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rasdaemon_manage_lib_dirs" lineno="89">
<summary>
Manage rasdaemon lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rasdaemon_systemctl" lineno="108">
<summary>
Execute rasdaemon server in the rasdaemon domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rasdaemon_admin" lineno="136">
<summary>
All of the rules required to administrate
an rasdaemon environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="razor" filename="policy/modules/contrib/razor.if">
<summary>A distributed, collaborative, spam detection and filtering network.</summary>
<desc>
<p>
A distributed, collaborative, spam detection and filtering network.
</p>
<p>
This policy will work with either the ATrpms provided config
file in /etc/razor, or with the default of dumping everything into
$HOME/.razor.
</p>
</desc>
<template name="razor_common_domain_template" lineno="25">
<summary>
Template to create types and rules common to
all razor domains.
</summary>
<param name="prefix">
<summary>
The prefix of the domain (e.g., user
is the prefix for user_t).
</summary>
</param>
</template>
<interface name="razor_role" lineno="122">
<summary>
Role access for razor
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
<rolecap/>
</interface>
<interface name="razor_domtrans" lineno="157">
<summary>
Execute razor in the system razor domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="razor_manage_user_home_files" lineno="176">
<summary>
Create, read, write, and delete razor files
in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="razor_read_lib_files" lineno="196">
<summary>
read razor lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="rdisc" filename="policy/modules/contrib/rdisc.if">
<summary>Network router discovery daemon.</summary>
<interface name="rdisc_exec" lineno="13">
<summary>
Execute rdisc in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rdisc_systemctl" lineno="32">
<summary>
Execute rdisc server in the rdisc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rdisc_admin" lineno="59">
<summary>
All of the rules required to administrate
an rdisc environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="readahead" filename="policy/modules/contrib/readahead.if">
<summary>Read files into page cache for improved performance.</summary>
<interface name="readahead_domtrans" lineno="14">
<summary>
Execute a domain transition
to run readahead.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="readahead_manage_pid_files" lineno="33">
<summary>
Manage readahead var_run files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="realmd" filename="policy/modules/contrib/realmd.if">
<summary>dbus system service which manages discovery and enrollment in realms and domains like Active Directory or IPA</summary>
<interface name="realmd_domtrans" lineno="13">
<summary>
Execute realmd in the realmd_t domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="realmd_dbus_chat" lineno="33">
<summary>
Send and receive messages from
realmd over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="realmd_search_cache" lineno="53">
<summary>
Search realmd cache directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="realmd_read_cache_files" lineno="72">
<summary>
Read realmd cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="realmd_manage_cache_files" lineno="92">
<summary>
Create, read, write, and delete
realmd cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="realmd_manage_cache_dirs" lineno="111">
<summary>
Manage realmd cache dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="realmd_read_tmp_files" lineno="131">
<summary>
Read realmd tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="realmd_read_var_lib" lineno="150">
<summary>
Read realmd library files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="realmd_dgram_send" lineno="171">
<summary>
Send to realmd  over a unix domain
datagram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="redis" filename="policy/modules/contrib/redis.if">
<summary>Advanced key-value store</summary>
<interface name="redis_domtrans" lineno="13">
<summary>
Execute redis server in the redis domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="redis_initrc_domtrans" lineno="32">
<summary>
Execute redis server in the redis domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="redis_read_log" lineno="50">
<summary>
Read redis's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="redis_append_log" lineno="69">
<summary>
Append to redis log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="redis_manage_log" lineno="88">
<summary>
Manage redis log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="redis_search_lib" lineno="109">
<summary>
Search redis lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="redis_read_lib_files" lineno="128">
<summary>
Read redis lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="redis_manage_lib_files" lineno="147">
<summary>
Manage redis lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="redis_manage_lib_dirs" lineno="166">
<summary>
Manage redis lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="redis_read_pid_files" lineno="185">
<summary>
Read redis PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="redis_stream_connect" lineno="204">
<summary>
Connect to redis over an unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="redis_systemctl" lineno="223">
<summary>
Execute redis server in the redis domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="redis_admin" lineno="255">
<summary>
All of the rules required to administrate
an redis environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="redis_enable_notify" dftval="false">
<desc>
<p>
Allow Redis to run redis-sentinal notification scripts.
</p>
</desc>
</tunable>
</module>
<module name="remotelogin" filename="policy/modules/contrib/remotelogin.if">
<summary>Policy for rshd, rlogind, and telnetd.</summary>
<interface name="remotelogin_domtrans" lineno="13">
<summary>
Domain transition to the remote login domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="remotelogin_signal" lineno="31">
<summary>
allow Domain to signal remote login domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="remotelogin_signull" lineno="49">
<summary>
allow Domain to signal remote login domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="resmgr" filename="policy/modules/contrib/resmgr.if">
<summary>Resource management daemon.</summary>
<interface name="resmgr_stream_connect" lineno="14">
<summary>
Connect to resmgrd over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="resmgr_admin" lineno="40">
<summary>
All of the rules required to
administrate an resmgr environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="rgmanager" filename="policy/modules/contrib/rgmanager.if">
<summary>rgmanager - Resource Group Manager</summary>
<interface name="rgmanager_domtrans" lineno="13">
<summary>
Execute a domain transition to run rgmanager.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rgmanager_stream_connect" lineno="32">
<summary>
Connect to rgmanager over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rgmanager_manage_pid_files" lineno="51">
<summary>
Manage rgmanager pid files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rgmanager_manage_tmp_files" lineno="70">
<summary>
Allow manage rgmanager tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rgmanager_manage_tmpfs_files" lineno="89">
<summary>
Allow manage rgmanager tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rgmanager_rw_semaphores" lineno="108">
<summary>
Allow read and write access to rgmanager semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rgmanager_admin" lineno="133">
<summary>
All of the rules required to administrate
an rgmanager environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the rgmanager domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="rgmanager_manage_files" lineno="173">
<summary>
Allow the specified domain to manage rgmanager's lib/run files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rgmanager_execute_lib" lineno="196">
<summary>
Allow the specified domain to execute rgmanager's lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rgmanager_search_lib" lineno="216">
<summary>
Allow the specified domain to search rgmanager's lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="rgmanager_can_network_connect" dftval="false">
<desc>
<p>
Allow rgmanager domain to connect to the network using TCP.
</p>
</desc>
</tunable>
</module>
<module name="rhcd" filename="policy/modules/contrib/rhcd.if">
<summary>policy for rhcd</summary>
<interface name="rhcd_domtrans" lineno="13">
<summary>
Execute rhcd_exec_t in the rhcd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rhcd_exec" lineno="32">
<summary>
Execute rhcd in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcd_read_fifo_files" lineno="51">
<summary>
Read rhcd fifo files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcd_write_fifo_files" lineno="69">
<summary>
Write/append rhcd fifo files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcd_dgram_send" lineno="87">
<summary>
Send a message to rhcd over a datagram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="rhcs" filename="policy/modules/contrib/rhcs.if">
<summary>RHCS - Red Hat Cluster Suite</summary>
<template name="rhcs_domain_template" lineno="14">
<summary>
Creates types and rules for a basic
rhcs init daemon domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="rhcs_domtrans_dlm_controld" lineno="71">
<summary>
Execute a domain transition to run dlm_controld.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rhcs_stream_connect_dlm_controld" lineno="91">
<summary>
Connect to dlm_controld over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_stream_connect_haproxy" lineno="111">
<summary>
Connect to haproxy over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_signull_haproxy" lineno="130">
<summary>
Send a null signal to haproxy.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_rw_dlm_controld_semaphores" lineno="148">
<summary>
Allow read and write access to dlm_controld semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_domtrans_fenced" lineno="169">
<summary>
Execute a domain transition to run fenced.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rhcs_getattr_fenced" lineno="188">
<summary>
Allow a domain to getattr on fenced executable.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rhcs_rw_fenced_semaphores" lineno="206">
<summary>
Allow read and write access to fenced semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_read_fenced_pid_files" lineno="227">
<summary>
Read fenced PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_stream_connect_fenced" lineno="246">
<summary>
Connect to fenced over a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_dbus_chat_fenced" lineno="266">
<summary>
Send and receive messages from
fenced over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_domtrans_haproxy" lineno="286">
<summary>
Execute a domain transition to run fenced.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rhcs_domtrans_gfs_controld" lineno="305">
<summary>
Execute a domain transition to run gfs_controld.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rhcs_rw_gfs_controld_semaphores" lineno="324">
<summary>
Allow read and write access to gfs_controld semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_rw_gfs_controld_shm" lineno="345">
<summary>
Read and write to gfs_controld_t shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_stream_connect_gfs_controld" lineno="366">
<summary>
Connect to gfs_controld_t over a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_domtrans_groupd" lineno="385">
<summary>
Execute a domain transition to run groupd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rhcs_stream_connect_groupd" lineno="405">
<summary>
Connect to groupd over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_rw_groupd_semaphores" lineno="424">
<summary>
Allow read and write access to groupd semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_rw_groupd_shm" lineno="445">
<summary>
Read and write to group shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_rw_cluster_shm" lineno="466">
<summary>
Read and write to group shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_rw_cluster_semaphores" lineno="487">
<summary>
Read and write access to cluster domains semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_stream_connect_cluster" lineno="506">
<summary>
Connect to cluster domains over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_stream_connect_cluster_to" lineno="531">
<summary>
Connect to cluster domains over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_signull_cluster" lineno="551">
<summary>
Send a null signal to cluster.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_domtrans_qdiskd" lineno="569">
<summary>
Execute a domain transition to run qdiskd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rhcs_read_qdiskd_tmpfs_files" lineno="588">
<summary>
Allow domain to read qdiskd tmpfs files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_read_cluster_lib_files" lineno="607">
<summary>
Allow domain to read cluster lib files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_manage_cluster_lib_files" lineno="626">
<summary>
Allow domain to manage cluster lib files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_relabel_cluster_lib_files" lineno="645">
<summary>
Allow domain to relabel cluster lib files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_domtrans_cluster" lineno="665">
<summary>
Execute a domain transition to run cluster administrative domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rhcs_initrc_domtrans_cluster" lineno="685">
<summary>
Execute cluster init scripts in
the init script domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rhcs_exec_cluster" lineno="703">
<summary>
Execute cluster in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_read_log_cluster" lineno="722">
<summary>
Read cluster log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_create_log_cluster" lineno="742">
<summary>
Allow the specified domain to create cluster log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_setattr_log_cluster" lineno="761">
<summary>
Setattr cluster log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_rw_inherited_cluster_tmp_files" lineno="779">
<summary>
Allow the specified domain to read/write inherited cluster's tmpf files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_manage_cluster_tmp_files" lineno="797">
<summary>
Allow manage cluster tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_rw_cluster_tmpfs" lineno="816">
<summary>
Allow the specified domain to read/write cluster's tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_manage_cluster_tmpfs_files" lineno="836">
<summary>
Allow manage cluster tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_read_cluster_pid_files" lineno="855">
<summary>
Allow read cluster pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_manage_cluster_pid_files" lineno="875">
<summary>
Allow manage cluster pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_systemctl_cluster" lineno="894">
<summary>
Execute cluster server in the cluster domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rhcs_dbus_chat_cluster" lineno="919">
<summary>
Send and receive messages from
a cluster service over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_admin_cluster" lineno="948">
<summary>
All of the rules required to administrate
an cluster environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the rgmanager domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="rhcs_start_haproxy_services" lineno="993">
<summary>
Start haproxy unit files domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rhcs_named_filetrans_log_dir" lineno="1013">
<summary>
Create log files with a named file
type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="fenced_can_network_connect" dftval="false">
<desc>
<p>
Determine whether fenced can
connect to the TCP network.
</p>
</desc>
</tunable>
<tunable name="fenced_can_ssh" dftval="false">
<desc>
<p>
Determine whether fenced can use ssh.
</p>
</desc>
</tunable>
<tunable name="cluster_can_network_connect" dftval="false">
<desc>
<p>
Allow cluster administrative domains to connect to the network using TCP.
</p>
</desc>
</tunable>
<tunable name="cluster_manage_all_files" dftval="false">
<desc>
<p>
Allow cluster administrative domains to manage all files on a system.
</p>
</desc>
</tunable>
<tunable name="cluster_use_execmem" dftval="false">
<desc>
<p>
Allow cluster administrative cluster domains memcheck-amd64- to use executable memory
</p>
</desc>
</tunable>
<tunable name="haproxy_connect_any" dftval="false">
<desc>
<p>
Determine whether haproxy can
connect to all TCP ports.
</p>
</desc>
</tunable>
</module>
<module name="rhev" filename="policy/modules/contrib/rhev.if">
<summary>rhev polic module contains policies for rhev apps</summary>
<interface name="rhev_domtrans_agentd" lineno="13">
<summary>
Execute rhev-agentd in the rhev_agentd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhev_read_pid_files_agentd" lineno="31">
<summary>
Read rhev-agentd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhev_stream_connect_agentd" lineno="51">
<summary>
Connect to rhev_agentd over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhev_sigchld_agentd" lineno="70">
<summary>
Send sigchld to rhev-agentd
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
</module>
<module name="rhgb" filename="policy/modules/contrib/rhgb.if">
<summary> Red Hat Graphical Boot </summary>
<interface name="rhgb_stub" lineno="13">
<summary>
RHGB stub interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
N/A
</summary>
</param>
</interface>
<interface name="rhgb_use_fds" lineno="29">
<summary>
Use a rhgb file descriptor.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhgb_getpgid" lineno="47">
<summary>
Get the process group of rhgb.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhgb_signal" lineno="65">
<summary>
Send a signal to rhgb.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhgb_rw_stream_sockets" lineno="83">
<summary>
Read and write to unix stream sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhgb_dontaudit_rw_stream_sockets" lineno="102">
<summary>
Do not audit attempts to read and write
rhgb unix domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="rhgb_stream_connect" lineno="120">
<summary>
Connected to rhgb unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhgb_rw_shm" lineno="138">
<summary>
Read and write to rhgb shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhgb_use_ptys" lineno="156">
<summary>
Read from and write to the rhgb devpts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhgb_dontaudit_use_ptys" lineno="174">
<summary>
dontaudit Read from and write to the rhgb devpts.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="rhgb_rw_tmpfs_files" lineno="192">
<summary>
Read and write to rhgb temporary file system.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="rhnsd" filename="policy/modules/contrib/rhnsd.if">
<summary>policy for rhnsd</summary>
<interface name="rhnsd_domtrans" lineno="13">
<summary>
Transition to rhnsd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rhnsd_initrc_domtrans" lineno="32">
<summary>
Execute rhnsd server in the rhnsd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhnsd_systemctl" lineno="50">
<summary>
Execute rhnsd server in the rhnsd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rhnsd_manage_config" lineno="76">
<summary>
Allow the specified domain to manage
rhnsd configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhnsd_read_config" lineno="97">
<summary>
Allow the specified domain to manage
rhnsd configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhnsd_search_conf" lineno="116">
<summary>
Allow the specified domain search rhnsd configuration directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhnsd_admin" lineno="142">
<summary>
All of the rules required to administrate
an rhnsd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="rhsmcertd" filename="policy/modules/contrib/rhsmcertd.if">
<summary>Subscription Management Certificate Daemon policy</summary>
<interface name="rhsmcertd_domtrans" lineno="13">
<summary>
Transition to rhsmcertd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rhsmcertd_initrc_domtrans" lineno="32">
<summary>
Execute rhsmcertd server in the rhsmcertd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_read_config_files" lineno="50">
<summary>
Read rhsmcertd's config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_manage_config_files" lineno="70">
<summary>
Manage rhsmcertd's config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_read_log" lineno="90">
<summary>
Read rhsmcertd's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="rhsmcertd_append_log" lineno="109">
<summary>
Append to rhsmcertd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_manage_log" lineno="128">
<summary>
Manage rhsmcertd log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_search_lib" lineno="149">
<summary>
Search rhsmcertd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_read_lib_files" lineno="168">
<summary>
Read rhsmcertd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_manage_lib_files" lineno="187">
<summary>
Manage rhsmcertd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_manage_lib_dirs" lineno="206">
<summary>
Manage rhsmcertd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cloud_what_read_cache_files" lineno="225">
<summary>
Read cloud-what cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cloud_what_manage_cache_files" lineno="244">
<summary>
Manage cloud-what cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cloud_what_manage_cache_dirs" lineno="263">
<summary>
Manage cloud-what cache directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_read_pid_files" lineno="282">
<summary>
Read rhsmcertd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_manage_pid_files" lineno="301">
<summary>
Read rhsmcertd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_rw_inherited_lock_files" lineno="320">
<summary>
Read/wirte inherited lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_rw_lock_files" lineno="339">
<summary>
Read/wirte lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_stream_connect" lineno="359">
<summary>
Connect to rhsmcertd over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_dbus_chat" lineno="379">
<summary>
Send and receive messages from
rhsmcertd over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_dontaudit_dbus_chat" lineno="400">
<summary>
Dontaudit Send and receive messages from
rhsmcertd over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_admin" lineno="428">
<summary>
All of the rules required to administrate
an rhsmcertd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="ricci" filename="policy/modules/contrib/ricci.if">
<summary>Ricci cluster management agent</summary>
<interface name="ricci_domtrans" lineno="13">
<summary>
Execute a domain transition to run ricci.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ricci_initrc_domtrans" lineno="31">
<summary>
Execute ricci server in the ricci domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ricci_domtrans_modcluster" lineno="49">
<summary>
Execute a domain transition to run ricci_modcluster.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ricci_dontaudit_use_modcluster_fds" lineno="68">
<summary>
Do not audit attempts to use
ricci_modcluster file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="ricci_dontaudit_rw_modcluster_pipes" lineno="87">
<summary>
Do not audit attempts to read write
ricci_modcluster unamed pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="ricci_stream_connect_modclusterd" lineno="105">
<summary>
Connect to ricci_modclusterd over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ricci_rw_modclusterd_tmpfs_files" lineno="124">
<summary>
Read and write to ricci_modcluserd temporary file system.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ricci_domtrans_modlog" lineno="143">
<summary>
Execute a domain transition to run ricci_modlog.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ricci_domtrans_modrpm" lineno="161">
<summary>
Execute a domain transition to run ricci_modrpm.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ricci_domtrans_modservice" lineno="179">
<summary>
Execute a domain transition to run ricci_modservice.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ricci_domtrans_modstorage" lineno="197">
<summary>
Execute a domain transition to run ricci_modstorage.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ricci_manage_lib_files" lineno="215">
<summary>
Allow the specified domain to manage ricci's lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ricci_admin" lineno="242">
<summary>
All of the rules required to administrate
an ricci environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="rkhunter" filename="policy/modules/contrib/rkhunter.if">
<summary> policy for rkhunter </summary>
<interface name="rkhunter_append_lib_files" lineno="13">
<summary>
Append rkhunter lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rkhunter_manage_lib_files" lineno="32">
<summary>
Manage rkhunter lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="rkt" filename="policy/modules/contrib/rkt.if">
<summary>CLI for running app containers</summary>
<interface name="rkt_domtrans" lineno="13">
<summary>
Execute rkt_exec_t in the rkt domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rkt_exec" lineno="32">
<summary>
Execute rkt in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rkt_search_lib" lineno="51">
<summary>
Search rkt lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rkt_read_lib_files" lineno="70">
<summary>
Read rkt lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rkt_manage_lib_files" lineno="89">
<summary>
Manage rkt lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rkt_manage_lib_dirs" lineno="108">
<summary>
Manage rkt lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rkt_systemctl" lineno="127">
<summary>
Execute rkt server in the rkt domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rkt_admin" lineno="153">
<summary>
All of the rules required to administrate
an rkt environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="rlogin" filename="policy/modules/contrib/rlogin.if">
<summary>Remote login daemon.</summary>
<interface name="rlogin_domtrans" lineno="13">
<summary>
Execute rlogind in the rlogin domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rlogin_read_home_content" lineno="32">
<summary>
Read rlogin user home content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rlogin_manage_rlogind_home_files" lineno="54">
<summary>
Create, read, write, and delete
rlogind home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rlogin_relabel_rlogind_home_files" lineno="73">
<summary>
Relabel rlogind home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rlogin_home_filetrans_logind_home" lineno="103">
<summary>
Create objects in user home
directories with the rlogind home type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="rlogin_manage_rlogind_tmp_content" lineno="122">
<summary>
Create, read, write, and delete
rlogind temporary content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rlogin_relabel_rlogind_tmp_content" lineno="142">
<summary>
Relabel rlogind temporary content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="rngd" filename="policy/modules/contrib/rngd.if">
<summary>Check and feed random data from hardware device to kernel random device.</summary>
<interface name="rng_systemctl_rngd" lineno="13">
<summary>
Execute rngd in the rngd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rng_admin" lineno="43">
<summary>
All of the rules required to
administrate an rng environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="rngd_execmem" dftval="false">
<desc>
<p>
Allow rngd_t domain to use executable memory
</p>
</desc>
</tunable>
</module>
<module name="rolekit" filename="policy/modules/contrib/rolekit.if">
<summary>Daemon for Linux systems providing a stable D-BUS interface to manage the deployment of Server Roles. </summary>
<interface name="rolekit_domtrans" lineno="13">
<summary>
Execute rolekit in the rolekit domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rolekit_systemctl" lineno="32">
<summary>
Execute rolekit server in the rolekit domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rolekit_manage_keys" lineno="56">
<summary>
Manage rolekit kernel keyrings.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rolekit_dbus_chat" lineno="76">
<summary>
Send and receive messages from
policykit over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rolekit_admin" lineno="100">
<summary>
All of the rules required to administrate
an rolekit environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="rolekit_dgram_send" lineno="132">
<summary>
Send to rolekit with a unix dgram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="roundup" filename="policy/modules/contrib/roundup.if">
<summary>Roundup Issue Tracking System.</summary>
<interface name="roundup_admin" lineno="20">
<summary>
All of the rules required to
administrate an roundup environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="rpc" filename="policy/modules/contrib/rpc.if">
<summary>Remote Procedure Call Daemon for managment of network based process communication</summary>
<interface name="rpc_stub" lineno="13">
<summary>
RPC stub interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="rpc_domain_template" lineno="35">
<summary>
The template to define a rpc domain.
</summary>
<desc>
<p>
This template creates a domain to be used for
a new rpc daemon.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The type of daemon to be used.
</summary>
</param>
</template>
<interface name="rpc_udp_send" lineno="76">
<summary>
Send UDP network traffic to rpc and recieve UDP traffic from rpc.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpc_dontaudit_getattr_exports" lineno="91">
<summary>
Do not audit attempts to get the attributes
of the NFS export file.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="rpc_read_exports" lineno="109">
<summary>
Allow read access to exports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpc_write_exports" lineno="127">
<summary>
Allow write access to exports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpc_manage_exports" lineno="145">
<summary>
Manage nfs file exports
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpc_watch_exports" lineno="163">
<summary>
Watch nfs file exports
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpc_domtrans_nfsd" lineno="182">
<summary>
Execute domain in nfsd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rpc_initrc_domtrans_nfsd" lineno="200">
<summary>
Execute domain in nfsd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rpc_systemctl_nfsd" lineno="218">
<summary>
Execute nfsd server in the nfsd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rpc_kill_rpcd" lineno="242">
<summary>
Send kill signals to rpcd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpc_domtrans_rpcd" lineno="260">
<summary>
Execute domain in rpcd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rpc_run_rpcd" lineno="286">
<summary>
Execute rpcd in the rcpd domain, and
allow the specified role the rpcd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="rpc_initrc_domtrans_rpcd" lineno="305">
<summary>
Execute domain in rpcd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rpc_systemctl_rpcd" lineno="323">
<summary>
Execute rpcd server in the rpcd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rpc_udp_rw_nfs_sockets" lineno="347">
<summary>
Allow domain to read and write to an NFS UDP socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpc_udp_send_nfs" lineno="365">
<summary>
Send UDP traffic to NFSd.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpc_search_nfs_state_data" lineno="379">
<summary>
Search NFS state data in /var/lib/nfs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpc_list_nfs_state_data" lineno="398">
<summary>
List NFS state data in /var/lib/nfs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpc_manage_nfs_state_data_dir" lineno="417">
<summary>
Manage NFS state data in /var/lib/nfs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpc_read_nfs_state_data" lineno="436">
<summary>
Read NFS state data in /var/lib/nfs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpc_manage_nfs_state_data" lineno="456">
<summary>
Manage NFS state data in /var/lib/nfs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpc_domtrans_gssd" lineno="477">
<summary>
Execute domain in gssd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rpc_rw_gssd_keys" lineno="495">
<summary>
Write keys for all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpc_filetrans_var_lib_nfs_content" lineno="513">
<summary>
Transition to alsa named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpc_admin" lineno="538">
<summary>
All of the rules required to
administrate an rpc environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="rpc_read_gssd_state" lineno="582">
<summary>
Read gssd process state files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpc_gssd_noatsecure" lineno="600">
<summary>
Read and write to svirt_image devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpc_dbus_chat_nfsd" lineno="619">
<summary>
Send and receive messages from
ganesha over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="gssd_read_tmp" dftval="true">
<desc>
<p>
Allow gssd to list tmp directories and read the kerberos credential cache.
</p>
</desc>
</tunable>
<tunable name="nfsd_anon_write" dftval="false">
<desc>
<p>
Allow nfs servers to modify public files
used for public file transfer services.  Files/Directories must be
labeled public_content_rw_t.
</p>
</desc>
</tunable>
<tunable name="rpcd_use_fusefs" dftval="false">
<desc>
<p>
Allow rpcd_t  to manage fuse files
</p>
</desc>
</tunable>
</module>
<module name="rpcbind" filename="policy/modules/contrib/rpcbind.if">
<summary>Universal Addresses to RPC Program Number Mapper</summary>
<interface name="rpcbind_domtrans" lineno="13">
<summary>
Execute a domain transition to run rpcbind.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rpcbind_stream_connect" lineno="31">
<summary>
Connect to rpcbindd over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpcbind_read_pid_files" lineno="50">
<summary>
Read rpcbind PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpcbind_search_lib" lineno="69">
<summary>
Search rpcbind lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpcbind_read_lib_files" lineno="88">
<summary>
Read rpcbind lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpcbind_manage_lib_files" lineno="108">
<summary>
Create, read, write, and delete
rpcbind lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpcbind_signull" lineno="127">
<summary>
Send a null signal to rpcbind.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpcbind_filetrans_named_content" lineno="145">
<summary>
Transition to rpcbind named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpcbind_relabel_sock_file" lineno="163">
<summary>
Relabel from rpcbind sock file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpcbind_admin" lineno="188">
<summary>
All of the rules required to administrate
an rpcbind environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the rpcbind domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="rpm" filename="policy/modules/contrib/rpm.if">
<summary>Policy for the RPM package manager.</summary>
<interface name="rpm_domtrans" lineno="13">
<summary>
Execute rpm programs in the rpm domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rpm_debuginfo_domtrans" lineno="35">
<summary>
Execute debuginfo_install programs in the rpm domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rpm_domtrans_script" lineno="55">
<summary>
Execute rpm_script programs in the rpm_script domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rpm_run" lineno="83">
<summary>
Execute RPM programs in the RPM domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to allow the RPM domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="rpm_exec" lineno="107">
<summary>
Execute the rpm client in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpmdb_domtrans_rpmdb" lineno="126">
<summary>
Execute rpmdb in the rpmdb domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rpmdb_run_rpmdb" lineno="151">
<summary>
Execute rpmdb in the rpmdb domain,
and allow the specified role the rpmdb domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="rpm_dontaudit_exec" lineno="170">
<summary>
Do not audit to execute a rpm.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="rpm_sigkill" lineno="188">
<summary>
Send a kill signal to rpm.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_signull" lineno="206">
<summary>
Send a null signal to rpm.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_script_signal" lineno="224">
<summary>
Send a signals to rpm.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_use_fds" lineno="242">
<summary>
Inherit and use file descriptors from RPM.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_read_pipes" lineno="260">
<summary>
Read from an unnamed RPM pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_rw_pipes" lineno="278">
<summary>
Read and write an unnamed RPM pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_rw_script_inherited_pipes" lineno="296">
<summary>
Read and write an unnamed RPM script pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_dontaudit_leaks" lineno="314">
<summary>
dontaudit read and write an leaked file descriptors
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="rpm_dbus_chat" lineno="351">
<summary>
Send and receive messages from
rpm over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_dontaudit_dbus_chat" lineno="372">
<summary>
Do not audit attempts to send and
receive messages from rpm over dbus.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="rpm_script_dbus_chat" lineno="393">
<summary>
Send and receive messages from
rpm_script over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_stream_connect" lineno="413">
<summary>
Connect to rpm unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_search_log" lineno="431">
<summary>
Search RPM log directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_append_log" lineno="451">
<summary>
Allow the specified domain to append
to rpm log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_read_log" lineno="469">
<summary>
Create, read, write, and delete the RPM log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_manage_log" lineno="487">
<summary>
Create, read, write, and delete the RPM log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_named_filetrans" lineno="506">
<summary>
Create rpm logs with an correct label.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_hawkey_named_filetrans" lineno="536">
<summary>
Create rpm hawkey logs with an correct label.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_use_script_fds" lineno="555">
<summary>
Inherit and use file descriptors from RPM scripts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_manage_script_tmp_files" lineno="574">
<summary>
Create, read, write, and delete RPM
script temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_append_tmp_files" lineno="596">
<summary>
Allow the specified domain to append
to rpm tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_manage_tmp_files" lineno="615">
<summary>
Create, read, write, and delete RPM
temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_read_tmp_files" lineno="636">
<summary>
Read rpm temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_read_script_tmp_files" lineno="656">
<summary>
Read RPM script temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_read_cache" lineno="676">
<summary>
Read the RPM cache.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_manage_cache" lineno="697">
<summary>
Create, read, write, and delete the RPM package database.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_read_db" lineno="718">
<summary>
Read the RPM package database.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_setattr_db_files" lineno="741">
<summary>
Set the attributes of RPM package database.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_delete_db" lineno="760">
<summary>
Delete the RPM package database.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_manage_db" lineno="779">
<summary>
Create, read, write, and delete the RPM package database.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_dontaudit_read_db" lineno="800">
<summary>
Do not audit attempts to create, read,the RPM package database.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="rpm_dontaudit_manage_db" lineno="821">
<summary>
Do not audit attempts to create, read,
write, and delete the RPM package database.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="rpm_read_pid_files" lineno="842">
<summary>
Read rpm pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_manage_pid_files" lineno="861">
<summary>
Create, read, write, and delete rpm pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_pid_filetrans" lineno="880">
<summary>
Create files in /var/run with the rpm pid file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_inherited_fifo" lineno="898">
<summary>
Send a null signal to rpm.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_entry_type" lineno="918">
<summary>
Make rpm_exec_t an entry point for
the specified domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_transition_script" lineno="941">
<summary>
Allow application to transition to rpm_script domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="rpm_admin" lineno="975">
<summary>
All of the rules required to
administrate an rpm environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="rpm_script_ioctl_stream_sockets" lineno="1027">
<summary>
Allow the specified domain to ioctl rpm_script_t
with a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_script_rw_stream_sockets" lineno="1046">
<summary>
Allow the specified domain read and write to rpm_script_t
over a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="rrdcached" filename="policy/modules/contrib/rrdcached.if">
<summary>rrdcached - Daemon that receives updates to existing RRD files, accumulates them and writes the updates to the RRD file.</summary>
<interface name="rrdcached_domtrans" lineno="13">
<summary>
Execute rrdcached_exec_t in the rrdcached domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rrdcached_exec" lineno="32">
<summary>
Execute rrdcached in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rrdcached_read_pid_files" lineno="50">
<summary>
Read rrdcached PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rrdcached_admin" lineno="77">
<summary>
All of the rules required to administrate
an rrdcached environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="rshd" filename="policy/modules/contrib/rshd.if">
<summary>Remote shell service.</summary>
<interface name="rshd_domtrans" lineno="13">
<summary>
Domain transition to rshd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="rshim" filename="policy/modules/contrib/rshim.if">
<summary>policy for rshim</summary>
<interface name="rshim_domtrans" lineno="13">
<summary>
Execute rshim_exec_t in the rshim domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rshim_exec" lineno="32">
<summary>
Execute rshim in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="rssh" filename="policy/modules/contrib/rssh.if">
<summary>Restricted (scp/sftp) only shell.</summary>
<interface name="rssh_role" lineno="18">
<summary>
Role access for rssh.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="rssh_spec_domtrans" lineno="46">
<summary>
Execute rssh in the rssh domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rssh_exec" lineno="66">
<summary>
Execute the rssh program
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rssh_domtrans_chroot_helper" lineno="86">
<summary>
Execute a domain transition to
run rssh chroot helper.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rssh_read_ro_content" lineno="105">
<summary>
Read users rssh read-only content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="rsync" filename="policy/modules/contrib/rsync.if">
<summary>Fast incremental file transfer for synchronization</summary>
<interface name="rsync_stub" lineno="13">
<summary>
Sendmail stub interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rsync_entry_type" lineno="30">
<summary>
Make rsync an entry point for
the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which init scripts are an entrypoint.
</summary>
</param>
</interface>
<interface name="rsync_entry_spec_domtrans" lineno="63">
<summary>
Execute a rsync in a specified domain.
</summary>
<desc>
<p>
Execute a rsync in a specified domain.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="source_domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
Domain to transition to.
</summary>
</param>
</interface>
<interface name="rsync_entry_domtrans" lineno="96">
<summary>
Execute a rsync in a specified domain.
</summary>
<desc>
<p>
Execute a rsync in a specified domain.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="source_domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
Domain to transition to.
</summary>
</param>
</interface>
<interface name="rsync_exec" lineno="115">
<summary>
Execute rsync in the caller domain domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="rsync_ioctl_stream_sockets" lineno="133">
<summary>
Allow the specified domain to ioctl an
rsync with a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rsync_read_config" lineno="151">
<summary>
Read rsync config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rsync_read_data" lineno="170">
<summary>
Read rsync data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rsync_rw_unix_stream_sockets" lineno="188">
<summary>
Read and write rsync unix_stream_sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rsync_write_config" lineno="206">
<summary>
Write to rsync config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rsync_manage_config" lineno="225">
<summary>
Manage rsync config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rsync_etc_filetrans_config" lineno="255">
<summary>
Create objects in etc directories
with rsync etc type.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="rsync_filetrans_named_content" lineno="273">
<summary>
Transition to rsync named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="rsync_client" dftval="false">
<desc>
<p>
Allow rsync to run as a client
</p>
</desc>
</tunable>
<tunable name="rsync_export_all_ro" dftval="false">
<desc>
<p>
Allow rsync to export any files/directories read only.
</p>
</desc>
</tunable>
<tunable name="rsync_anon_write" dftval="false">
<desc>
<p>
Allow rsync to modify public files
used for public file transfer services.  Files/Directories must be
labeled public_content_rw_t.
</p>
</desc>
</tunable>
<tunable name="rsync_full_access" dftval="false">
<desc>
<p>
Allow rsync server to manage all files/directories on the system.
</p>
</desc>
</tunable>
<tunable name="rsync_sys_admin" dftval="false">
<desc>
<p>
Allow rsync sys_admin capability.
This capability is required to restore files
with extended attributes in the "trusted" namespace.
</p>
</desc>
</tunable>
</module>
<module name="rtas" filename="policy/modules/contrib/rtas.if">
<summary>Platform diagnostics report firmware events.</summary>
<interface name="rtas_errd_domtrans" lineno="13">
<summary>
Execute rtas_errd in the rtas_errd domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rtas_errd_read_log" lineno="33">
<summary>
Read rtas_errd's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="rtas_errd_append_log" lineno="52">
<summary>
Append to rtas_errd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rtas_errd_manage_log" lineno="71">
<summary>
Manage rtas_errd log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rtas_errd_read_lock" lineno="93">
<summary>
Read rtas_errd's lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="rtas_errd_rw_lock" lineno="113">
<summary>
Read and Write rtas_errd's lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="rtas_errd_dontaudit_write_lock" lineno="132">
<summary>
Dontaudit attempts to write to rtas_errd's lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="rtas_errd_read_pid_files" lineno="150">
<summary>
Read rtas_errd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rtas_errd_systemctl" lineno="169">
<summary>
Execute rtas_errd server in the rtas_errd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rtas_errd_admin" lineno="196">
<summary>
All of the rules required to administrate
an rtas_errd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="rtkit" filename="policy/modules/contrib/rtkit.if">
<summary>Realtime scheduling for user processes.</summary>
<interface name="rtkit_daemon_domtrans" lineno="13">
<summary>
Execute a domain transition to run rtkit_daemon.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rtkit_daemon_dbus_chat" lineno="32">
<summary>
Send and receive messages from
rtkit_daemon over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rtkit_daemon_dontaudit_dbus_chat" lineno="53">
<summary>
Do not audit send and receive messages from
rtkit_daemon over dbus.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="rtkit_scheduled" lineno="74">
<summary>
Allow rtkit to control scheduling for your process
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="rwho" filename="policy/modules/contrib/rwho.if">
<summary>Who is logged in on other machines?</summary>
<interface name="rwho_domtrans" lineno="13">
<summary>
Execute a domain transition to run rwho.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rwho_search_log" lineno="32">
<summary>
Search rwho log directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rwho_read_log_files" lineno="51">
<summary>
Read rwho log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rwho_search_spool" lineno="71">
<summary>
Search rwho spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rwho_read_spool_files" lineno="90">
<summary>
Read rwho spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rwho_manage_spool_files" lineno="110">
<summary>
Create, read, write, and delete
rwho spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rwho_admin" lineno="136">
<summary>
All of the rules required to
administrate an rwho environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="samba" filename="policy/modules/contrib/samba.if">
<summary>
SMB and CIFS client/server programs for UNIX and
name  Service  Switch  daemon for resolving names
from Windows NT servers.
</summary>
<interface name="samba_domtrans_nmbd" lineno="17">
<summary>
Execute nmbd net in the nmbd_t domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="samba_signal_nmbd" lineno="36">
<summary>
Allow domain to signal samba
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_search_pid" lineno="53">
<summary>
Search the samba pid directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="samba_stream_connect_nmbd" lineno="72">
<summary>
Connect to nmbd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_initrc_domtrans" lineno="91">
<summary>
Execute samba server in the samba domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="samba_systemctl" lineno="109">
<summary>
Execute samba server in the samba domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="samba_service_status" lineno="133">
<summary>
Get samba services status
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="samba_domtrans_net" lineno="151">
<summary>
Execute samba net in the samba_net domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="samba_domtrans_unconfined_net" lineno="170">
<summary>
Execute samba net in the samba_unconfined_net domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="samba_exec_net" lineno="189">
<summary>
Execute samba net in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="samba_run_net" lineno="215">
<summary>
Execute samba net in the samba_net domain, and
allow the specified role the samba_net domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="samba_role_notrans" lineno="235">
<summary>
The role for the samba module.
</summary>
<param name="role">
<summary>
The role to be allowed the samba_net domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="samba_run_unconfined_net" lineno="260">
<summary>
Execute samba net in the samba_unconfined_net domain, and
allow the specified role the samba_unconfined_net domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the samba_unconfined_net domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="samba_domtrans_smbmount" lineno="279">
<summary>
Execute smbmount in the smbmount domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="samba_run_smbmount" lineno="305">
<summary>
Execute smbmount interactively and do
a domain transition to the smbmount domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="samba_read_config" lineno="326">
<summary>
Allow the specified domain to read
samba configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="samba_rw_config" lineno="348">
<summary>
Allow the specified domain to read
and write samba configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="samba_manage_config" lineno="369">
<summary>
Allow the specified domain to read
and write samba configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="samba_read_log" lineno="390">
<summary>
Allow the specified domain to read samba's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="samba_append_log" lineno="411">
<summary>
Allow the specified domain to append to samba's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="samba_exec_log" lineno="431">
<summary>
Execute samba log in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_read_secrets" lineno="450">
<summary>
Allow the specified domain to read samba's secrets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_read_share_files" lineno="469">
<summary>
Allow the specified domain to read samba's shares
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_search_var" lineno="489">
<summary>
Allow the specified domain to search
samba /var directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_read_var_files" lineno="510">
<summary>
Allow the specified domain to
read samba /var files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_dontaudit_write_var_files" lineno="531">
<summary>
Do not audit attempts to write samba
/var files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="samba_create_var_files" lineno="550">
<summary>
Allow the specified domain to
create samba /var files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_rw_var_files" lineno="569">
<summary>
Allow the specified domain to
read and write samba /var files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_manage_var_files" lineno="591">
<summary>
Allow the specified domain to
read and write samba /var files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_manage_var_dirs" lineno="615">
<summary>
Allow the specified domain to
read and write samba /var directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_manage_var_sock_files" lineno="635">
<summary>
Manage samba var sock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_domtrans_smbcontrol" lineno="654">
<summary>
Execute a domain transition to run smbcontrol.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="samba_run_smbcontrol" lineno="679">
<summary>
Execute smbcontrol in the smbcontrol domain, and
allow the specified role the smbcontrol domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="samba_domtrans_smbd" lineno="698">
<summary>
Execute smbd in the smbd_t domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="samba_setattr_samba_share_dirs" lineno="717">
<summary>
Set attributes of samba_share directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_signal_smbd" lineno="735">
<summary>
Allow domain to signal samba
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_signull_smbd" lineno="752">
<summary>
Allow domain to signull samba
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_dontaudit_use_fds" lineno="769">
<summary>
Do not audit attempts to use file descriptors from samba.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="samba_write_smbmount_tcp_sockets" lineno="787">
<summary>
Allow the specified domain to write to smbmount tcp sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_rw_smbmount_tcp_sockets" lineno="805">
<summary>
Allow the specified domain to read and write to smbmount tcp sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_getattr_winbind" lineno="823">
<summary>
Allow to getattr on winbind binary.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="samba_domtrans_winbind_helper" lineno="841">
<summary>
Execute winbind_helper in the winbind_helper domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="samba_run_winbind_helper" lineno="867">
<summary>
Execute winbind_helper in the winbind_helper domain, and
allow the specified role the winbind_helper domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="samba_read_winbind_pid" lineno="886">
<summary>
Allow the specified domain to read the winbind pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_manage_winbind_pid" lineno="905">
<summary>
Manage winbind  PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_signull_winbind" lineno="926">
<summary>
Allow domain to signull winbind
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_signull_unconfined_net" lineno="943">
<summary>
Allow domain to signull samba_unconfined_net
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_stream_connect_winbind" lineno="960">
<summary>
Connect to winbind.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="samba_helper_template" lineno="993">
<summary>
Create a set of derived types for apache
web content.
</summary>
<param name="prefix">
<summary>
The prefix to be used for deriving type names.
</summary>
</param>
</template>
<interface name="samba_admin" lineno="1030">
<summary>
All of the rules required to administrate
an samba environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the samba domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="samba_domtrans_winbind_rpcd" lineno="1113">
<summary>
Execute winbind rpcd in the winbind_rpcd_t domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="samba_exec_bgqd" lineno="1132">
<summary>
Execute samba-bgqd in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed accesss.
</summary>
</param>
</interface>
<tunable name="smbd_anon_write" dftval="false">
<desc>
<p>
Allow samba to modify public files used for public file
transfer services.  Files/Directories must be labeled
public_content_rw_t.
</p>
</desc>
</tunable>
<tunable name="samba_create_home_dirs" dftval="false">
<desc>
<p>
Allow samba to create new home directories (e.g. via PAM)
</p>
</desc>
</tunable>
<tunable name="samba_domain_controller" dftval="false">
<desc>
<p>
Allow samba to act as the domain controller, add users,
groups and change passwords.

</p>
</desc>
</tunable>
<tunable name="samba_portmapper" dftval="false">
<desc>
<p>
Allow samba to act as a portmapper

</p>
</desc>
</tunable>
<tunable name="samba_enable_home_dirs" dftval="false">
<desc>
<p>
Allow samba and winbind-rpcd to share users home directories.
</p>
</desc>
</tunable>
<tunable name="samba_export_all_ro" dftval="false">
<desc>
<p>
Allow samba to share any file/directory read only.
</p>
</desc>
</tunable>
<tunable name="samba_export_all_rw" dftval="false">
<desc>
<p>
Allow samba to share any file/directory read/write.
</p>
</desc>
</tunable>
<tunable name="samba_run_unconfined" dftval="false">
<desc>
<p>
Allow samba to run unconfined scripts
</p>
</desc>
</tunable>
<tunable name="samba_share_nfs" dftval="false">
<desc>
<p>
Allow samba to export NFS volumes.
</p>
</desc>
</tunable>
<tunable name="samba_share_fusefs" dftval="false">
<desc>
<p>
Allow samba to export ntfs/fusefs volumes.
</p>
</desc>
</tunable>
<tunable name="samba_load_libgfapi" dftval="false">
<desc>
<p>
Allow smbd to load libgfapi from gluster.
</p>
</desc>
</tunable>
</module>
<module name="sambagui" filename="policy/modules/contrib/sambagui.if">
<summary>system-config-samba dbus service.</summary>
</module>
<module name="samhain" filename="policy/modules/contrib/samhain.if">
<summary>Check file integrity.</summary>
<template name="samhain_service_template" lineno="13">
<summary>
The template to define a samhain domain.
</summary>
<param name="domain_prefix">
<summary>
Domain prefix to be used.
</summary>
</param>
</template>
<interface name="samhain_domtrans" lineno="40">
<summary>
Execute samhain in the samhain domain
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="samhain_run" lineno="84">
<summary>
Execute samhain in the samhain
domain with the clearance security
level and allow the specifiled role
the samhain domain.
</summary>
<desc>
<p>
Execute samhain in the samhain
domain with the clearance security
level and allow the specifiled role
the samhain domain.
</p>
<p>
The range_transition rule used in
this interface requires that the
calling domain should have the
clearance security level otherwise
the MLS constraint for process
transition would fail.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed to access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="samhain_manage_config_files" lineno="109">
<summary>
Create, read, write, and delete
samhain configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samhain_manage_db_files" lineno="129">
<summary>
Create, read, write, and delete
samhain database files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samhain_manage_init_script_files" lineno="149">
<summary>
Create, read, write, and delete
samhain init script files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samhain_manage_log_files" lineno="169">
<summary>
Create, read, write, and delete
samhain log and log.lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samhain_manage_pid_files" lineno="189">
<summary>
Create, read, write, and delete
samhain pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samhain_admin" lineno="215">
<summary>
All of the rules required to
administrate the samhain environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="sandbox" filename="policy/modules/contrib/sandbox.if">
<summary>policy for sandbox</summary>
<interface name="sandbox_transition" lineno="19">
<summary>
Execute sandbox in the sandbox domain, and
allow the specified role the sandbox domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the sandbox domain.
</summary>
</param>
</interface>
<interface name="sandbox_dyntransition" lineno="49">
<summary>
Execute sandbox in the sandbox domain, and
allow the specified role the sandbox domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<template name="sandbox_domain_template" lineno="68">
<summary>
Creates types and rules for a basic
sandbox process domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
</module>
<module name="sandboxX" filename="policy/modules/contrib/sandboxX.if">
<summary>policy for sandboxX </summary>
<interface name="sandbox_x_transition" lineno="19">
<summary>
Execute sandbox in the sandbox domain, and
allow the specified role the sandbox domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the sandbox domain.
</summary>
</param>
</interface>
<template name="sandbox_x_domain_template" lineno="77">
<summary>
Creates types and rules for a basic
sandbox process domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="sandbox_rw_xserver_tmpfs_files" lineno="153">
<summary>
allow domain to read,
write sandbox_xserver tmp files
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="sandbox_read_tmpfs_files" lineno="172">
<summary>
allow domain to read
sandbox tmpfs files
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="sandbox_manage_tmpfs_files" lineno="191">
<summary>
allow domain to manage
sandbox tmpfs files
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="sandbox_delete_files" lineno="209">
<summary>
Delete sandbox files
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="sandbox_manage_content" lineno="227">
<summary>
Manage sandbox content
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="sandbox_delete_lnk_files" lineno="250">
<summary>
Delete sandbox symbolic links
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="sandbox_delete_pipes" lineno="268">
<summary>
Delete sandbox fifo files
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="sandbox_delete_sock_files" lineno="286">
<summary>
Delete sandbox sock files
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="sandbox_setattr_dirs" lineno="305">
<summary>
Allow domain to  set the attributes
of the sandbox directory.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="sandbox_delete_dirs" lineno="323">
<summary>
Delete sandbox directories
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="sandbox_list" lineno="341">
<summary>
allow domain to list sandbox dirs
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="sandbox_use_ptys" lineno="359">
<summary>
Read and write a sandbox domain pty.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sandbox_exec_file" lineno="377">
<summary>
Allow domain to execute sandbox_file_t in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sandbox_dontaudit_mounton" lineno="395">
<summary>
Allow domain to execute sandbox_file_t in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="sanlock" filename="policy/modules/contrib/sanlock.if">
<summary>Sanlock - lock manager built on shared storage.</summary>
<interface name="sanlock_domtrans" lineno="14">
<summary>
Execute a domain transition to run sanlock.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sanlock_initrc_domtrans" lineno="33">
<summary>
Execute sanlock server in the sanlock domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="sanlock_manage_pid_files" lineno="51">
<summary>
Create, read, write, and delete sanlock PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sanlock_stream_connect" lineno="70">
<summary>
Connect to sanlock over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sanlock_systemctl" lineno="89">
<summary>
Execute virt server in the virt domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sanlock_admin" lineno="120">
<summary>
All of the rules required to administrate
an sanlock environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sanlock_domtrans_sanlk_resetd" lineno="153">
<summary>
Execute sanlk_resetd_exec_t in the sanlk_resetd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sanlock_exec_sanlk_resetd" lineno="172">
<summary>
Execute sanlk_resetd in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sanlock_systemctl_sanlk_resetd" lineno="191">
<summary>
Execute sanlk_resetd server in the sanlk_resetd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sanlock_admin_sanlk_resetd" lineno="216">
<summary>
All of the rules required to administrate
an sanlk_resetd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sanlock_read_state" lineno="251">
<summary>
Read sanlock process state files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="sanlock_use_nfs" dftval="false">
<desc>
<p>
Allow sanlock to manage nfs files
</p>
</desc>
</tunable>
<tunable name="sanlock_use_samba" dftval="false">
<desc>
<p>
Allow sanlock to manage cifs files
</p>
</desc>
</tunable>
<tunable name="sanlock_use_fusefs" dftval="false">
<desc>
<p>
Allow sanlock to read/write fuse files
</p>
</desc>
</tunable>
<tunable name="sanlock_enable_home_dirs" dftval="false">
<desc>
<p>
Allow sanlock to read/write user home directories.
</p>
</desc>
</tunable>
</module>
<module name="sap" filename="policy/modules/contrib/sap.if">
<summary>SAP policy</summary>
<interface name="sap_exec" lineno="13">
<summary>
Execute sap in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sap_unconfined_domtrans" lineno="32">
<summary>
Execute sap in sap unconfined domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="sasl" filename="policy/modules/contrib/sasl.if">
<summary>SASL authentication server</summary>
<interface name="sasl_connect" lineno="13">
<summary>
Connect to SASL.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sasl_admin" lineno="39">
<summary>
All of the rules required to administrate
an sasl environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="saslauthd_read_shadow" dftval="false">
<desc>
<p>
Allow sasl to read shadow
</p>
</desc>
</tunable>
</module>
<module name="sbd" filename="policy/modules/contrib/sbd.if">
<summary>policy for sbd</summary>
<interface name="sbd_domtrans" lineno="13">
<summary>
Execute sbd_exec_t in the sbd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sbd_exec" lineno="32">
<summary>
Execute sbd in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sbd_read_pid_files" lineno="50">
<summary>
Read sbd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sbd_systemctl" lineno="69">
<summary>
Execute sbd server in the sbd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sbd_admin" lineno="101">
<summary>
All of the rules required to administrate
an sbd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="sblim" filename="policy/modules/contrib/sblim.if">
<summary> Standards Based Linux Instrumentation for Manageability. </summary>
<template name="sblim_domain_template" lineno="14">
<summary>
Creates types and rules for a basic
sblim daemon domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="sblim_domtrans_gatherd" lineno="41">
<summary>
Transition to gatherd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sblim_read_pid_files" lineno="60">
<summary>
Read gatherd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sblim_filetrans_named_content" lineno="79">
<summary>
Transition to sblim named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sblim_stream_connect_sfcbd" lineno="97">
<summary>
Connect to sblim_sfcb over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sblim_getattr_exec_sfcbd" lineno="118">
<summary>
Getattr on sblim executable.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sblim_stream_connect_sfcb" lineno="137">
<summary>
Connect to sblim_sfcb over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sblim_rw_semaphores_sfcbd" lineno="156">
<summary>
Allow read and write access to sblim semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sblim_admin" lineno="177">
<summary>
All of the rules required to administrate
an gatherd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="screen" filename="policy/modules/contrib/screen.if">
<summary>GNU terminal multiplexer</summary>
<template name="screen_role_template" lineno="24">
<summary>
The role template for the screen module.
</summary>
<param name="role_prefix">
<summary>
The prefix of the user role (e.g., user
is the prefix for user_r).
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
<template name="screen_admin_role_template" lineno="123">
<summary>
The admin role template for the screen module
</summary>
<param name="role_prefix">
<summary>
The prefix of the user role (e.g., user
is the prefix for user_r).
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
<interface name="screen_exec" lineno="142">
<summary>
Execute the rssh program
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="screen_sigchld" lineno="160">
<summary>
Send a SIGCHLD signal to the screen domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="screen_allow_session_sharing" dftval="false">
<desc>
<p>
Determine whether screen can
use fsetid/setuid/setgid capability.
</p>
</desc>
</tunable>
</module>
<module name="sectoolm" filename="policy/modules/contrib/sectoolm.if">
<summary>Sectool security audit tool</summary>
</module>
<module name="sendmail" filename="policy/modules/contrib/sendmail.if">
<summary>Policy for sendmail.</summary>
<interface name="sendmail_stub" lineno="13">
<summary>
Sendmail stub interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sendmail_rw_pipes" lineno="30">
<summary>
Allow attempts to read and write to
sendmail unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sendmail_domtrans" lineno="48">
<summary>
Domain transition to sendmail.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sendmail_initrc_domtrans" lineno="66">
<summary>
Execute sendmail in the sendmail domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sendmail_run" lineno="90">
<summary>
Execute the sendmail program in the sendmail domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to allow the sendmail domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sendmail_signal" lineno="109">
<summary>
Send generic signals to sendmail.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sendmail_domtrans_unconfined" lineno="127">
<summary>
Execute sendmail in the sendmail_unconfined domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sendmail_run_unconfined" lineno="155">
<summary>
Execute sendmail in the unconfined
sendmail domain, and allow the
specified role the unconfined
sendmail domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sendmail_rw_tcp_sockets" lineno="174">
<summary>
Read and write sendmail TCP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sendmail_dontaudit_rw_tcp_sockets" lineno="193">
<summary>
Do not audit attempts to read and write
sendmail TCP sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="sendmail_rw_unix_stream_sockets" lineno="211">
<summary>
Read and write sendmail unix_stream_sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sendmail_dontaudit_rw_unix_stream_sockets" lineno="230">
<summary>
Do not audit attempts to read and write
sendmail unix_stream_sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="sendmail_read_log" lineno="249">
<summary>
Read sendmail logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sendmail_manage_log" lineno="269">
<summary>
Create, read, write, and delete sendmail logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sendmail_create_log" lineno="288">
<summary>
Create sendmail logs with the correct type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sendmail_log_filetrans_sendmail_log" lineno="313">
<summary>
Create specified objects in generic
log directories sendmail log file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="sendmail_manage_tmp_files" lineno="331">
<summary>
Manage sendmail tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sendmail_setattr_pid_files" lineno="350">
<summary>
Set the attributes of sendmail pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sendmail_admin" lineno="376">
<summary>
All of the rules required to administrate
an sendmail environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="sensord" filename="policy/modules/contrib/sensord.if">
<summary>Sensor information logging daemon</summary>
<interface name="sensord_domtrans" lineno="13">
<summary>
Execute sensord in the sensord domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sensord_systemctl" lineno="31">
<summary>
Execute sensord server in the sensord domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sensord_admin" lineno="58">
<summary>
All of the rules required to administrate
an sensord environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="setroubleshoot" filename="policy/modules/contrib/setroubleshoot.if">
<summary>SELinux troubleshooting service</summary>
<interface name="setroubleshoot_stream_connect" lineno="13">
<summary>
Connect to setroubleshootd over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="setroubleshoot_dontaudit_stream_connect" lineno="34">
<summary>
Dontaudit attempts to connect to setroubleshootd
over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="setroubleshoot_signull" lineno="53">
<summary>
Send null signals to setroubleshoot.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="setroubleshoot_dbus_chat" lineno="72">
<summary>
Send and receive messages from
setroubleshoot over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="setroubleshoot_dontaudit_dbus_chat" lineno="93">
<summary>
Do not audit send and receive messages from
setroubleshoot over dbus.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="setroubleshoot_dbus_chat_fixit" lineno="114">
<summary>
Send and receive messages from
setroubleshoot fixit over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="setroubleshoot_fixit_dontaudit_leaks" lineno="134">
<summary>
Dontaudit read/write to a setroubleshoot leaked sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="setroubleshoot_admin" lineno="155">
<summary>
All of the rules required to administrate
an setroubleshoot environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="sge" filename="policy/modules/contrib/sge.if">
<summary>Policy for gridengine MPI jobs</summary>
<template name="sge_basic_types_template" lineno="14">
<summary>
Creates types and rules for a basic
sge domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="sge_rw_tcp_sockets" lineno="35">
<summary>
read/write sge_shepherd per tcp_socket
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="sge_use_nfs" dftval="false">
<desc>
<p>
Allow sge to access nfs file systems.
</p>
</desc>
</tunable>
<tunable name="sge_domain_can_network_connect" dftval="false">
<desc>
<p>
Allow sge to connect to the network using any TCP port
</p>
</desc>
</tunable>
</module>
<module name="shorewall" filename="policy/modules/contrib/shorewall.if">
<summary>Shoreline Firewall high-level tool for configuring netfilter</summary>
<interface name="shorewall_domtrans" lineno="13">
<summary>
Execute a domain transition to run shorewall.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="shorewall_lib_domtrans" lineno="31">
<summary>
Execute a domain transition to run shorewall.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="shorewall_read_config" lineno="49">
<summary>
Read shorewall etc configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="shorewall_read_lib_files" lineno="68">
<summary>
Read shorewall /var/lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="shorewall_rw_lib_files" lineno="88">
<summary>
Read and write shorewall /var/lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="shorewall_read_tmp_files" lineno="108">
<summary>
Read shorewall tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="shorewall_admin" lineno="134">
<summary>
All of the rules required to administrate
an shorewall environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the syslog domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="shutdown" filename="policy/modules/contrib/shutdown.if">
<summary>System shutdown command</summary>
<interface name="shutdown_domtrans" lineno="13">
<summary>
Execute a domain transition to run shutdown.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="shutdown_run" lineno="53">
<summary>
Execute shutdown in the shutdown domain, and
allow the specified role the shutdown domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="shutdown_role" lineno="78">
<summary>
Role access for shutdown
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="shutdown_send_sigchld" lineno="99">
<summary>
Recieve sigchld from shutdown
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="shutdown_dbus_chat" lineno="118">
<summary>
Send and receive messages from
shutdown over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="shutdown_getattr_exec_files" lineno="138">
<summary>
Get attributes of shutdown executable.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="slocate" filename="policy/modules/contrib/slocate.if">
<summary>Update database for mlocate.</summary>
<interface name="slocate_create_append_log" lineno="13">
<summary>
Create the locate log with append mode.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="locate_read_lib_files" lineno="27">
<summary>
Read locate lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="slpd" filename="policy/modules/contrib/slpd.if">
<summary>OpenSLP server daemon to dynamically register services.</summary>
<interface name="slpd_domtrans" lineno="13">
<summary>
Transition to slpd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="slpd_initrc_domtrans" lineno="32">
<summary>
Execute slpd server in the slpd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="slpd_admin" lineno="57">
<summary>
All of the rules required to
administrate an slpd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="slrnpull" filename="policy/modules/contrib/slrnpull.if">
<summary>Service for downloading news feeds the slrn newsreader.</summary>
<interface name="slrnpull_search_spool" lineno="13">
<summary>
Search slrnpull spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="slrnpull_manage_spool" lineno="33">
<summary>
Create, read, write, and delete
slrnpull spool content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="smartmon" filename="policy/modules/contrib/smartmon.if">
<summary>Smart disk monitoring daemon.</summary>
<interface name="smartmon_read_tmp_files" lineno="13">
<summary>
Read smartmon temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smartmon_admin" lineno="39">
<summary>
All of the rules required to
administrate an smartmon environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="smartmon_3ware" dftval="false">
<desc>
<p>
Determine whether smartmon can support
devices on 3ware controllers.
</p>
</desc>
</tunable>
</module>
<module name="smokeping" filename="policy/modules/contrib/smokeping.if">
<summary>Smokeping network latency measurement.</summary>
<interface name="smokeping_domtrans" lineno="13">
<summary>
Execute a domain transition to run smokeping.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="smokeping_initrc_domtrans" lineno="33">
<summary>
Execute smokeping init scripts in
the initrc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="smokeping_read_pid_files" lineno="51">
<summary>
Read smokeping pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smokeping_manage_pid_files" lineno="71">
<summary>
Create, read, write, and delete
smokeping pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smokeping_getattr_lib_files" lineno="90">
<summary>
Get attributes of smokeping lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smokeping_read_lib_files" lineno="109">
<summary>
Read smokeping lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smokeping_manage_lib_files" lineno="129">
<summary>
Create, read, write, and delete
smokeping lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smokeping_admin" lineno="155">
<summary>
All of the rules required to
administrate a smokeping environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="smoltclient" filename="policy/modules/contrib/smoltclient.if">
<summary>The Fedora hardware profiler client.</summary>
</module>
<module name="smsd" filename="policy/modules/contrib/smsd.if">
<summary>The SMS Server Tools are made to send and receive short messages through GSM modems. It supports easy file interfaces and it can run external programs for automatic actions.</summary>
<interface name="smsd_domtrans" lineno="13">
<summary>
Execute smsd in the smsd domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="smsd_initrc_domtrans" lineno="32">
<summary>
Execute smsd server in the smsd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smsd_read_log" lineno="50">
<summary>
Read smsd's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smsd_append_log" lineno="69">
<summary>
Append to smsd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smsd_manage_log" lineno="88">
<summary>
Manage smsd log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smsd_read_pid_files" lineno="108">
<summary>
Read smsd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smsd_search_spool" lineno="127">
<summary>
Search smsd spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smsd_read_spool_files" lineno="146">
<summary>
Read smsd spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smsd_manage_spool_files" lineno="165">
<summary>
Manage smsd spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smsd_manage_spool_dirs" lineno="184">
<summary>
Manage smsd spool dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smsd_admin" lineno="210">
<summary>
All of the rules required to administrate
an smsd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="smstools" filename="policy/modules/contrib/smstools.if">
<summary> Tools to send and receive short messages through GSM modems or mobile phones.</summary>
<interface name="smsd_search_lib" lineno="13">
<summary>
Search smsd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smsd_read_lib_files" lineno="32">
<summary>
Read smsd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smsd_manage_lib_files" lineno="51">
<summary>
Manage smsd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smsd_manage_lib_dirs" lineno="70">
<summary>
Manage smsd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smstools_admin" lineno="96">
<summary>
All of the rules required to
administrate an smstools environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="snapper" filename="policy/modules/contrib/snapper.if">
<summary>policy for snapperd</summary>
<interface name="snapper_domtrans" lineno="13">
<summary>
Execute TEMPLATE in the snapperd domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="snapper_dbus_chat" lineno="33">
<summary>
Send and receive messages from
snapperd over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="snapper_read_inherited_pipe" lineno="53">
<summary>
Allow a domain to read inherited snapper pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="snapper_relabel_snapshots" lineno="71">
<summary>
Allow a domain to relabel snapshots to snapperd_data_t
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="snapper_filetrans_named_content" lineno="90">
<summary>
Allow domain to create .smapshot
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="snmp" filename="policy/modules/contrib/snmp.if">
<summary>Simple network management protocol services.</summary>
<interface name="snmp_signull" lineno="13">
<summary>
Send null signals to snmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="snmp_stream_connect" lineno="32">
<summary>
Connect to snmpd with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="snmp_tcp_connect" lineno="51">
<summary>
Connect to snmp over the TCP network.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="snmp_udp_chat" lineno="72">
<summary>
Send and receive UDP traffic to SNMP  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="snmp_read_snmp_var_lib_files" lineno="86">
<summary>
Read snmpd lib content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="snmp_read_snmp_var_lib_dirs" lineno="107">
<summary>
Read snmpd libraries directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="snmp_manage_var_lib_dirs" lineno="126">
<summary>
Manage snmpd libraries directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="snmp_manage_var_lib_files" lineno="144">
<summary>
Manage snmpd libraries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="snmp_manage_var_lib_sock_files" lineno="164">
<summary>
Manage snmpd libraries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="snmp_dontaudit_manage_snmp_var_lib_files" lineno="185">
<summary>
Do not audit attempts to manage
snmpd lib content.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="snmp_dontaudit_read_snmp_var_lib_files" lineno="206">
<summary>
Do not audit attempts to read
snmpd lib content.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="snmp_dontaudit_write_snmp_var_lib_files" lineno="227">
<summary>
Do not audit attempts to write
snmpd lib files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="snmp_admin" lineno="252">
<summary>
All of the rules required to
administrate an snmp environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="snort" filename="policy/modules/contrib/snort.if">
<summary>Snort network intrusion detection system.</summary>
<interface name="snort_domtrans" lineno="13">
<summary>
Execute a domain transition to run snort.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="snort_admin" lineno="39">
<summary>
All of the rules required to
administrate an snort environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="sosreport" filename="policy/modules/contrib/sosreport.if">
<summary>Generate debugging information for system.</summary>
<interface name="sosreport_domtrans" lineno="13">
<summary>
Execute a domain transition to run sosreport.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sosreport_run" lineno="39">
<summary>
Execute sosreport in the sosreport
domain, and allow the specified
role the sosreport domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="sosreport_role" lineno="63">
<summary>
Role access for sosreport.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="sosreport_read_tmp_files" lineno="84">
<summary>
Read sosreport temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sosreport_append_tmp_files" lineno="103">
<summary>
Append sosreport temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sosreport_delete_tmp_files" lineno="122">
<summary>
Delete sosreport temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sosreport_signull" lineno="141">
<summary>
Send a null signal to sosreport.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sosreport_dbus_chat" lineno="160">
<summary>
Send and receive messages from
sosreport over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sosreport_dgram_send" lineno="180">
<summary>
Send a message to sosreport over the datagram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="soundserver" filename="policy/modules/contrib/soundserver.if">
<summary>sound server for network audio server programs, nasd, yiff, etc</summary>
<interface name="soundserver_tcp_connect" lineno="13">
<summary>
Connect to the sound server over a TCP socket  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="soundserver_admin" lineno="34">
<summary>
All of the rules required to
administrate an soundd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="spamassassin" filename="policy/modules/contrib/spamassassin.if">
<summary>Filter used for removing unsolicited email.</summary>
<interface name="spamassassin_role" lineno="19">
<summary>
Role access for spamassassin
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
<rolecap/>
</interface>
<interface name="spamassassin_exec" lineno="57">
<summary>
Execute the standalone spamassassin
program in the caller directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_signal_spamd" lineno="75">
<summary>
Singnal the spam assassin daemon
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_exec_spamd" lineno="94">
<summary>
Execute the spamassassin daemon
program in the caller directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_domtrans_client" lineno="112">
<summary>
Execute spamassassin client in the spamassassin client domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="spamassassin_kill_client" lineno="131">
<summary>
Send kill signal to spamassassin client
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_manage_home_client" lineno="149">
<summary>
Manage spamc home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_read_home_client" lineno="170">
<summary>
Read spamc home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_exec_client" lineno="192">
<summary>
Execute the spamassassin client
program in the caller directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_domtrans_local_client" lineno="210">
<summary>
Execute spamassassin standalone client in the user spamassassin domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="spamassassin_read_lib_files" lineno="228">
<summary>
read spamd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_manage_lib_files" lineno="250">
<summary>
Create, read, write, and delete
spamd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_read_spamd_tmp_files" lineno="269">
<summary>
Read temporary spamd file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_dontaudit_getattr_spamd_tmp_sockets" lineno="289">
<summary>
Do not audit attempts to get attributes of temporary
spamd sockets/
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="spamd_stream_connect" lineno="307">
<summary>
Connect to run spamd.
</summary>
<param name="domain">
<summary>
Domain allowed to connect.
</summary>
</param>
</interface>
<interface name="spamassassin_read_pid_files" lineno="326">
<summary>
Read spamd pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_filetrans_home_content" lineno="345">
<summary>
Transition to spamassassin named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_filetrans_admin_home_content" lineno="366">
<summary>
Transition to spamassassin named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_spamd_admin" lineno="394">
<summary>
All of the rules required to administrate
an spamassassin environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the spamassassin domain.
</summary>
</param>
</interface>
<interface name="spamassassin_systemctl" lineno="438">
<summary>
Execute spamassassin server in the spamassassin domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<tunable name="spamassassin_can_network" dftval="false">
<desc>
<p>
Allow user spamassassin clients to use the network.
</p>
</desc>
</tunable>
<tunable name="spamd_enable_home_dirs" dftval="true">
<desc>
<p>
Allow spamd to read/write user home directories.
</p>
</desc>
</tunable>
<tunable name="spamd_update_can_network" dftval="false">
<desc>
<p>
Allow spamd_update to connect to all ports.
</p>
</desc>
</tunable>
</module>
<module name="speech-dispatcher" filename="policy/modules/contrib/speech-dispatcher.if">
<summary>speech-dispatcher - server process managing speech requests in Speech Dispatcher</summary>
<interface name="speech_dispatcher_domtrans" lineno="13">
<summary>
Execute speech-dispatcher in the speech_dispatcher domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="speech_dispatcher_read_log" lineno="32">
<summary>
Read speech-dispatcher's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="speech_dispatcher_append_log" lineno="51">
<summary>
Append to speech-dispatcher log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="speech_dispatcher_manage_log" lineno="70">
<summary>
Manage speech-dispatcher log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="speech_dispatcher_systemctl" lineno="90">
<summary>
Execute speech-dispatcher server in the speech_dispatcher domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="speech_dispatcher_admin" lineno="118">
<summary>
All of the rules required to administrate
an speech-dispatcher environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="squid" filename="policy/modules/contrib/squid.if">
<summary>Squid caching http proxy server.</summary>
<interface name="squid_domtrans" lineno="13">
<summary>
Execute squid in the squid domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="squid_exec" lineno="32">
<summary>
Execute squid in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="squid_signal" lineno="51">
<summary>
Send generic signals to squid.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="squid_rw_stream_sockets" lineno="70">
<summary>
Read and write squid unix
domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="squid_dontaudit_search_cache" lineno="89">
<summary>
Do not audit attempts to search
squid cache directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="squid_read_config" lineno="108">
<summary>
Read squid configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="squid_read_log" lineno="128">
<summary>
Read squid log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="squid_append_log" lineno="147">
<summary>
Append squid log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="squid_manage_logs" lineno="168">
<summary>
Create, read, write, and delete
squid log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="squid_use" lineno="187">
<summary>
Use squid services by connecting over TCP.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="squid_admin" lineno="208">
<summary>
All of the rules required to
administrate an squid environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="squid_connect_any" dftval="false">
<desc>
<p>
Determine whether squid can
connect to all TCP ports.
</p>
</desc>
</tunable>
<tunable name="squid_use_tproxy" dftval="false">
<desc>
<p>
Determine whether squid can run
as a transparent proxy.
</p>
</desc>
</tunable>
<tunable name="squid_bind_snmp_port" dftval="false">
<desc>
<p>
Determine whether squid should
have access to snmp port.
</p>
</desc>
</tunable>
</module>
<module name="sslh" filename="policy/modules/contrib/sslh.if">
<summary>policy for sslh</summary>
<interface name="sslh_domtrans" lineno="13">
<summary>
Execute sslh in the sslh domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sslh_systemctl" lineno="32">
<summary>
Execute tor server in the tor domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sslh_read_config" lineno="57">
<summary>
Permit the reading of sslh config files
</summary>
<param name="domain">
<summary>
Domain allowed to access.
</summary>
</param>
</interface>
<interface name="sslh_write_config" lineno="78">
<summary>
Permit the creation and writing of sslh config files
</summary>
<param name="domain">
<summary>
Domain allowed to configure.
</summary>
</param>
</interface>
<interface name="sslh_admin" lineno="107">
<summary>
All of the rules required to
administrate an sslh environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="sslh_can_connect_any_port" dftval="false">
<desc>
<p>
Determine whether sslh can connect
to any tcp port or if it is restricted
to the standard http, openvpn and jabber ports.
</p>
</desc>
</tunable>
<tunable name="sslh_can_bind_any_port" dftval="false">
<desc>
<p>
Determine whether sslh can listen
on any tcp port or if it is restricted
to the standard http.
</p>
</desc>
</tunable>
</module>
<module name="sssd" filename="policy/modules/contrib/sssd.if">
<summary>System Security Services Daemon</summary>
<interface name="sssd_getattr_exec" lineno="13">
<summary>
Allow a domain to getattr on sssd binary.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sssd_domtrans" lineno="31">
<summary>
Execute a domain transition to run sssd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sssd_initrc_domtrans" lineno="49">
<summary>
Execute sssd server in the sssd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sssd_systemctl" lineno="67">
<summary>
Execute sssd server in the sssd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sssd_read_config" lineno="91">
<summary>
Read sssd configuration.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_write_config" lineno="111">
<summary>
Write sssd configuration.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_create_config" lineno="130">
<summary>
Write sssd configuration.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_manage_config" lineno="149">
<summary>
Manage sssd configuration.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_read_public_files" lineno="168">
<summary>
Read sssd public files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_delete_public_files" lineno="189">
<summary>
Delete sssd public files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_dontaudit_read_public_files" lineno="208">
<summary>
Dontaudit read sssd public files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_manage_public_files" lineno="226">
<summary>
Manage sssd public files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_read_pid_files" lineno="245">
<summary>
Read sssd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_manage_pids" lineno="264">
<summary>
Manage sssd var_run files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_search_lib" lineno="284">
<summary>
Search sssd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_dontaudit_search_lib" lineno="303">
<summary>
Do not audit attempts to search sssd lib directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="sssd_dontaudit_read_lib" lineno="321">
<summary>
Do not audit attempts to read sssd lib files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="sssd_read_lib_files" lineno="339">
<summary>
Read sssd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_manage_lib_files" lineno="360">
<summary>
Create, read, write, and delete
sssd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_dbus_chat" lineno="382">
<summary>
Send and receive messages from
sssd over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_stream_connect" lineno="402">
<summary>
Connect to sssd over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_dontaudit_stream_connect" lineno="421">
<summary>
Dontaudit attempts to connect to sssd over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_run_sssd" lineno="447">
<summary>
Execute sssd in the sssd domain, and
allow the specified role the sssd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sssd_run_stream_connect" lineno="467">
<summary>
Connect to sssd over a unix stream socket in /var/run.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_dontaudit_run_stream_connect" lineno="486">
<summary>
Dontaudit attempts to connect to sssd over a unix stream socket in /var/run.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_manage_keys" lineno="505">
<summary>
Manage keys for all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_rw_inherited_pipes" lineno="525">
<summary>
Allow attempts to read and write to
sssd pipes
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_signal" lineno="543">
<summary>
Allow caller to signal sssd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_signull" lineno="561">
<summary>
Allow caller to signull sssd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_filetrans_named_content" lineno="579">
<summary>
Transition to sssd named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_admin" lineno="614">
<summary>
All of the rules required to administrate
an sssd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the sssd domain.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="sssd_access_kernel_keys" dftval="false">
<desc>
<p>
Allow sssd read, view, and write access to kernel keys with kernel_t type
</p>
</desc>
</tunable>
<tunable name="sssd_connect_all_unreserved_ports" dftval="false">
<desc>
<p>
Allow sssd connect to all unreserved ports
</p>
</desc>
</tunable>
<tunable name="sssd_use_usb" dftval="false">
<desc>
<p>
Allow sssd use usb devices
</p>
</desc>
</tunable>
</module>
<module name="stalld" filename="policy/modules/contrib/stalld.if">
<summary>policy for stalld</summary>
<interface name="stalld_domtrans" lineno="13">
<summary>
Execute stalld_exec_t in the stalld domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="stalld_exec" lineno="32">
<summary>
Execute stalld in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="stalld_read_pid_files" lineno="51">
<summary>
Read stalld PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="stalld_admin" lineno="77">
<summary>
All of the rules required to administrate
an stalld environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="stapserver" filename="policy/modules/contrib/stapserver.if">
<summary> Instrumentation System Server </summary>
<interface name="stapserver_domtrans" lineno="13">
<summary>
Execute stapserver in the stapserver domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="stapserver_read_log" lineno="32">
<summary>
Read stapserver's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="stapserver_append_log" lineno="51">
<summary>
Append to stapserver log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="stapserver_manage_log" lineno="70">
<summary>
Manage stapserver log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="stapserver_read_pid_files" lineno="90">
<summary>
Read stapserver PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="stapserver_manage_lib" lineno="109">
<summary>
Manage stapserver lib files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="stapserver_admin" lineno="130">
<summary>
All of the rules required to administrate
an stapserver environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="stratisd" filename="policy/modules/contrib/stratisd.if">
<summary>Daemon to create and monitor storage pools</summary>
<interface name="stratisd_dbus_chat" lineno="14">
<summary>
Send and receive messages from
stratisd over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="stratisd_domtrans" lineno="34">
<summary>
Execute stratisd_exec_t in the stratisd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="stratisd_exec" lineno="53">
<summary>
Execute stratisd in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="stratisd_read_pid_files" lineno="72">
<summary>
Read stratisd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="stratisd_admin" lineno="98">
<summary>
All of the rules required to administrate
an stratisd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="stratisd_data_read_lnk_files" lineno="129">
<summary>
Read stratisd data symlinks
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="stratisd_data_list_dirs" lineno="147">
<summary>
Read stratisd data directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="stunnel" filename="policy/modules/contrib/stunnel.if">
<summary>SSL Tunneling Proxy.</summary>
<interface name="stunnel_service_domain" lineno="18">
<summary>
Define the specified domain as a stunnel inetd service.
</summary>
<param name="domain">
<summary>
The type associated with the stunnel inetd service process.
</summary>
</param>
<param name="entrypoint">
<summary>
The type associated with the process program.
</summary>
</param>
</interface>
<interface name="stunnel_read_config" lineno="37">
<summary>
Read stunnel configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="svnserve" filename="policy/modules/contrib/svnserve.if">
<summary>policy for svnserve</summary>
<interface name="svnserve_domtrans" lineno="14">
<summary>
Transition to svnserve.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="svnserve_initrc_domtrans" lineno="34">
<summary>
Execute svnserve server in the svnserve domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="svnserve_systemctl" lineno="52">
<summary>
Execute svnserve server in the svnserve domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="svnserve_read_pid_files" lineno="76">
<summary>
Read svnserve PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="svnserve_admin" lineno="97">
<summary>
All of the rules required to administrate
an svnserve environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="swift" filename="policy/modules/contrib/swift.if">
<summary>policy for swift</summary>
<interface name="swift_domtrans" lineno="13">
<summary>
Execute TEMPLATE in the swift domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="swift_read_pid_files" lineno="32">
<summary>
Read swift PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="swift_manage_data_files" lineno="51">
<summary>
Manage swift data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="swift_manage_lock" lineno="71">
<summary>
Read and write swift lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="swift_filetrans_named_lock" lineno="90">
<summary>
Transition content labels to swift named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="swift_systemctl" lineno="108">
<summary>
Execute swift server in the swift domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="swift_admin" lineno="135">
<summary>
All of the rules required to administrate
an swift environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="swift_can_network" dftval="false">
<desc>
<p>
Determine whether swift can
connect to all TCP ports
</p>
</desc>
</tunable>
</module>
<module name="switcheroo" filename="policy/modules/contrib/switcheroo.if">
<summary>switcheroo: D-Bus service to check dual GPU availability</summary>
</module>
<module name="sxid" filename="policy/modules/contrib/sxid.if">
<summary>SUID/SGID program monitoring.</summary>
<interface name="sxid_read_log" lineno="14">
<summary>
Read sxid log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="sysstat" filename="policy/modules/contrib/sysstat.if">
<summary>Reports on various system states.</summary>
<interface name="sysstat_manage_log" lineno="15">
<summary>
Create, read, write, and delete
sysstat log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sysstat_admin" lineno="41">
<summary>
All of the rules required to
administrate an sysstat environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sysstat_domtrans" lineno="68">
<summary>
Execute sysstat_exec_t in the sysstat domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="tangd" filename="policy/modules/contrib/tangd.if">
<summary>policy for tangd</summary>
<interface name="tangd_domtrans" lineno="13">
<summary>
Execute tangd_exec_t in the tangd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tangd_exec" lineno="32">
<summary>
Execute tangd in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tangd_read_db_files" lineno="52">
<summary>
Read the contents of the tangd
database files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="targetd" filename="policy/modules/contrib/targetd.if">
<summary> Targetd  is  a service to allow the remote configuration of block device volumes and file systems within dedicated pools </summary>
<interface name="targetd_domtrans" lineno="13">
<summary>
Execute targetd_exec_t in the targetd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="targetd_exec" lineno="32">
<summary>
Execute targetd in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="targetd_search_conf" lineno="51">
<summary>
Search targetd conf directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="targetd_read_conf_files" lineno="70">
<summary>
Read targetd conf files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="targetd_manage_conf_files" lineno="90">
<summary>
Manage targetd conf files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="targetd_systemctl" lineno="109">
<summary>
Execute targetd server in the targetd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="targetd_admin" lineno="141">
<summary>
All of the rules required to administrate
an targetd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="targetcli_filetrans_admin_home_content" lineno="177">
<summary>
Transition to targetcli named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="tcpd" filename="policy/modules/contrib/tcpd.if">
<summary>TCP daemon.</summary>
<interface name="tcpd_domtrans" lineno="13">
<summary>
Execute tcpd in the tcpd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tcpd_wrapped_domain" lineno="38">
<summary>
Create a domain for services that
utilize tcp wrappers.
</summary>
<param name="domain">
<summary>
Type to be used as a domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
</interface>
<interface name="tcpd_rw_tcp_sockets" lineno="58">
<summary>
Read and write tcpd server TCP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="tcsd" filename="policy/modules/contrib/tcsd.if">
<summary>TSS Core Services daemon.</summary>
<interface name="tcsd_domtrans" lineno="13">
<summary>
Execute a domain transition to run tcsd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tcsd_initrc_domtrans" lineno="33">
<summary>
Execute tcsd init scripts in the
initrc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tcsd_search_lib" lineno="51">
<summary>
Search tcsd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tcsd_manage_lib_dirs" lineno="71">
<summary>
Create, read, write, and delete
tcsd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tcsd_read_lib_files" lineno="90">
<summary>
Read tcsd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tcsd_manage_lib_files" lineno="110">
<summary>
Create, read, write, and delete
tcsd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tcsd_admin" lineno="136">
<summary>
All of the rules required to
administrate an tcsd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="telepathy" filename="policy/modules/contrib/telepathy.if">
<summary>Telepathy communications framework.</summary>
<template name="telepathy_domain_template" lineno="14">
<summary>
Creates basic types for telepathy
domain
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<template name="telepathy_role" lineno="54">
<summary>
Role access for telepathy domains
that executes via dbus-session
</summary>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
<param name="domain_prefix">
<summary>
User domain prefix to be used.
</summary>
</param>
</template>
<interface name="telepathy_gabble_stream_connect" lineno="99">
<summary>
Stream connect to Telepathy Gabble
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="telepathy_gabble_stream_connect_to" lineno="123">
<summary>
Allow Telepathy Gabble to stream connect to a domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="telepathy_gabble_dbus_chat" lineno="142">
<summary>
Send DBus messages to and from
Telepathy Gabble.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="telepathy_mission_control_read_state" lineno="162">
<summary>
Read telepathy mission control state.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="telepathy_msn_stream_connect" lineno="181">
<summary>
Stream connect to telepathy MSN managers
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="telepathy_salut_stream_connect" lineno="200">
<summary>
Stream connect to Telepathy Salut
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="telepathy_dbus_chat" lineno="220">
<summary>
Send DBus messages to and from
all Telepathy domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="telepathy_command_domtrans" lineno="260">
<summary>
Execute telepathy executable
in the specified domain.
</summary>
<desc>
<p>
Execute a telepathy executable
in the specified domain.  This allows
the specified domain to execute any file
on these filesystems in the specified
domain.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="telepathy_filetrans_home_content" lineno="287">
<summary>
Create telepathy content in the user home directory
with an correct label.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="telepathy_exec" lineno="329">
<summary>
Execute telepathy in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="telepathy_tcp_connect_generic_network_ports" dftval="false">
<desc>
<p>
Allow the Telepathy connection managers
to connect to any generic TCP port.
</p>
</desc>
</tunable>
<tunable name="telepathy_connect_all_ports" dftval="false">
<desc>
<p>
Allow the Telepathy connection managers
to connect to any network port.
</p>
</desc>
</tunable>
</module>
<module name="telnet" filename="policy/modules/contrib/telnet.if">
<summary>Telnet daemon.</summary>
<interface name="telnet_use_ptys" lineno="13">
<summary>
Read and write telnetd pty devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="tftp" filename="policy/modules/contrib/tftp.if">
<summary>Trivial file transfer protocol daemon</summary>
<interface name="tftp_read_content" lineno="13">
<summary>
Read tftp content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tftp_search_rw_content" lineno="38">
<summary>
Search tftp /var/lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tftp_read_rw_content" lineno="57">
<summary>
Allow read tftp /var/lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tftp_write_rw_content" lineno="76">
<summary>
Allow write tftp /var/lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tftp_manage_rw_content" lineno="95">
<summary>
Manage tftp /var/lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tftp_delete_content_dirs" lineno="115">
<summary>
Manage tftp /var/lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tftp_read_config" lineno="134">
<summary>
Read tftp config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tftp_manage_config" lineno="152">
<summary>
Manage tftp config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tftp_filetrans_tftpdir" lineno="182">
<summary>
Create objects in tftpdir directories
with specified types.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file_type">
<summary>
Private file type.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
</interface>
<interface name="tftp_filetrans_named_content" lineno="201">
<summary>
Transition to tftp named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tftp_admin" lineno="221">
<summary>
All of the rules required to administrate
an tftp environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="tftp_anon_write" dftval="false">
<desc>
<p>
Allow tftp to modify public files
used for public file transfer services.
</p>
</desc>
</tunable>
<tunable name="tftp_home_dir" dftval="false">
<desc>
<p>
Allow tftp to read and write files in the user home directories
</p>
</desc>
</tunable>
</module>
<module name="tgtd" filename="policy/modules/contrib/tgtd.if">
<summary>Linux Target Framework Daemon.</summary>
<interface name="tgtd_rw_semaphores" lineno="13">
<summary>
Read and write tgtd semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tgtd_manage_semaphores" lineno="32">
<summary>
Create, read, write, and delete
tgtd sempaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tgtd_stream_connect" lineno="51">
<summary>
Connect to tgtd with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tgtd_admin" lineno="77">
<summary>
All of the rules required to
administrate an tgtd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="thin" filename="policy/modules/contrib/thin.if">
<summary>thin policy</summary>
<template name="thin_domain_template" lineno="14">
<summary>
Creates types and rules for a basic
thin daemon domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="thin_exec" lineno="38">
<summary>
Execute mongod in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="thin_stream_connect" lineno="57">
<summary>
Connect to thin over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="thumb" filename="policy/modules/contrib/thumb.if">
<summary>policy for thumb</summary>
<interface name="thumb_domtrans" lineno="13">
<summary>
Transition to thumb.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="thumb_nnp_domtrans" lineno="33">
<summary>
NNP Transition to thumb.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="thumb_run" lineno="58">
<summary>
Execute thumb in the thumb domain, and
allow the specified role the thumb domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the thumb domain.
</summary>
</param>
</interface>
<interface name="thumb_role" lineno="92">
<summary>
Role access for thumb
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="thumb_dbus_chat" lineno="118">
<summary>
Send and receive messages from
thumb over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="thumb_filetrans_home_content" lineno="140">
<summary>
Create thumb content in the user home directory
with an correct label.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="thunderbird" filename="policy/modules/contrib/thunderbird.if">
<summary>Thunderbird email client.</summary>
<interface name="thunderbird_role" lineno="18">
<summary>
Role access for thunderbird.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="thunderbird_domtrans" lineno="52">
<summary>
Execute thunderbird in the thunderbird domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="timedatex" filename="policy/modules/contrib/timedatex.if">
<summary>timedatex - D-Bus service for system clock and RTC settings</summary>
<interface name="timedatex_domtrans" lineno="13">
<summary>
Execute timedatex_exec_t in the timedatex domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="timedatex_dbus_chat" lineno="33">
<summary>
Send and receive messages from
timedatex over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="timedatex_exec" lineno="53">
<summary>
Execute timedatex in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="timidity" filename="policy/modules/contrib/timidity.if">
<summary>MIDI to WAV converter and player configured as a service.</summary>
</module>
<module name="tlp" filename="policy/modules/contrib/tlp.if">
<summary>policy for tlp</summary>
<interface name="tlp_domtrans" lineno="13">
<summary>
Execute tlp_exec_t in the tlp domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tlp_exec" lineno="32">
<summary>
Execute tlp in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tlp_filetrans_named_content" lineno="51">
<summary>
Transition to tlp named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tlp_search_conf" lineno="69">
<summary>
Search tlp conf directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tlp_read_conf_files" lineno="88">
<summary>
Read tlp conf files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tlp_manage_conf_files" lineno="108">
<summary>
Manage tlp conf files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tlp_systemctl" lineno="127">
<summary>
Execute tlp server in the tlp domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tlp_manage_pid_files" lineno="151">
<summary>
Read all dbus pid files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tlp_admin" lineno="177">
<summary>
All of the rules required to administrate
an tlp environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="tmpreaper" filename="policy/modules/contrib/tmpreaper.if">
<summary>Manage temporary directory sizes and file ages.</summary>
<interface name="tmpreaper_exec" lineno="13">
<summary>
Execute tmpreaper in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="tmpreaper_use_nfs" dftval="false">
<desc>
<p>
Determine whether tmpreaper can use
nfs file systems.
</p>
</desc>
</tunable>
<tunable name="tmpreaper_use_cifs" dftval="false">
<desc>
<p>
Determine whether tmpreaper can use
cifs file systems.
</p>
</desc>
</tunable>
<tunable name="tmpreaper_use_samba" dftval="false">
<desc>
<p>
Determine whether tmpreaper can use samba_share files
</p>
</desc>
</tunable>
</module>
<module name="tomcat" filename="policy/modules/contrib/tomcat.if">
<summary>policy for tomcat</summary>
<template name="tomcat_domain_template" lineno="14">
<summary>
Creates types and rules for a basic
tomcat daemon domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="tomcat_domtrans" lineno="88">
<summary>
Transition to tomcat.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tomcat_search_cache" lineno="107">
<summary>
Search tomcat cache directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tomcat_read_cache_files" lineno="126">
<summary>
Read tomcat cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tomcat_manage_cache_files" lineno="146">
<summary>
Create, read, write, and delete
tomcat cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tomcat_manage_cache_dirs" lineno="165">
<summary>
Manage tomcat cache dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tomcat_read_log" lineno="185">
<summary>
Read tomcat's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="tomcat_append_log" lineno="204">
<summary>
Append to tomcat log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tomcat_manage_log" lineno="223">
<summary>
Manage tomcat log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tomcat_search_lib" lineno="244">
<summary>
Search tomcat lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tomcat_read_lib_files" lineno="263">
<summary>
Read tomcat lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tomcat_manage_lib_files" lineno="282">
<summary>
Manage tomcat lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tomcat_manage_lib_dirs" lineno="301">
<summary>
Manage tomcat lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tomcat_read_pid_files" lineno="320">
<summary>
Read tomcat PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tomcat_systemctl" lineno="339">
<summary>
Execute tomcat server in the tomcat domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tomcat_admin" lineno="366">
<summary>
All of the rules required to administrate
an tomcat environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="tomcat_read_rpm_db" dftval="false">
<desc>
<p>
Allow tomcat to read rpm database.
</p>
</desc>
</tunable>
<tunable name="tomcat_use_execmem" dftval="false">
<desc>
<p>
Allow tomcat to use executable memory and executable stack
</p>
</desc>
</tunable>
<tunable name="tomcat_can_network_connect_db" dftval="false">
<desc>
<p>
Allow tomcat to connect to databases over the network.
</p>
</desc>
</tunable>
</module>
<module name="tor" filename="policy/modules/contrib/tor.if">
<summary>The onion router.</summary>
<interface name="tor_domtrans" lineno="13">
<summary>
Execute a domain transition to run tor.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tor_systemctl" lineno="32">
<summary>
Execute tor server in the tor domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tor_admin" lineno="63">
<summary>
All of the rules required to
administrate an tor environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="tor_bind_all_unreserved_ports" dftval="false">
<desc>
<p>
Determine whether tor can bind
tcp and udp sockets to all unreserved ports.
</p>
</desc>
</tunable>
<tunable name="tor_can_network_relay" dftval="false">
<desc>
<p>
Allow tor to act as a relay
</p>
</desc>
</tunable>
<tunable name="tor_can_onion_services" dftval="false">
<desc>
<p>
Allow tor to run onion services
</p>
</desc>
</tunable>
</module>
<module name="transproxy" filename="policy/modules/contrib/transproxy.if">
<summary>Portable Transparent Proxy Solution.</summary>
<interface name="transproxy_admin" lineno="20">
<summary>
All of the rules required to
administrate an transproxy environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="tripwire" filename="policy/modules/contrib/tripwire.if">
<summary>File integrity checker.</summary>
<interface name="tripwire_domtrans_tripwire" lineno="13">
<summary>
Execute tripwire in the tripwire domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tripwire_run_tripwire" lineno="40">
<summary>
Execute tripwire in the tripwire
domain, and allow the specified
role the tripwire domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="tripwire_domtrans_twadmin" lineno="59">
<summary>
Execute twadmin in the twadmin domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tripwire_run_twadmin" lineno="86">
<summary>
Execute twadmin in the twadmin
domain, and allow the specified
role the twadmin domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="tripwire_domtrans_twprint" lineno="105">
<summary>
Execute twprint in the twprint domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tripwire_run_twprint" lineno="132">
<summary>
Execute twprint in the twprint
domain, and allow the specified
role the twprint domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="tripwire_domtrans_siggen" lineno="151">
<summary>
Execute siggen in the siggen domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tripwire_run_siggen" lineno="178">
<summary>
Execute siggen in the siggen domain,
and allow the specified role
the siggen domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="tuned" filename="policy/modules/contrib/tuned.if">
<summary>Dynamic adaptive system tuning daemon.</summary>
<interface name="tuned_domtrans" lineno="13">
<summary>
Execute a domain transition to run tuned.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tuned_exec" lineno="32">
<summary>
Execute tuned in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tuned_read_etc_files" lineno="51">
<summary>
Read tuned etc files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tuned_read_pid_files" lineno="70">
<summary>
Read tuned pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tuned_manage_pid_files" lineno="90">
<summary>
Create, read, write, and delete
tuned pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tuned_initrc_domtrans" lineno="110">
<summary>
Execute tuned init scripts in
the initrc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tuned_admin" lineno="135">
<summary>
All of the rules required to
administrate an tuned environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="tuned_dbus_chat" lineno="173">
<summary>
Send and receive messages from tuned over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access,
</summary>
</param>
</interface>
</module>
<module name="tvtime" filename="policy/modules/contrib/tvtime.if">
<summary>High quality television application.</summary>
<interface name="tvtime_filetrans_home_content" lineno="13">
<summary>
Transition to alsa named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tvtime_role" lineno="36">
<summary>
Role access for tvtime
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
</module>
<module name="tzdata" filename="policy/modules/contrib/tzdata.if">
<summary>Time zone updater.</summary>
<interface name="tzdata_domtrans" lineno="13">
<summary>
Execute a domain transition to run tzdata.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tzdata_run" lineno="40">
<summary>
Execute tzdata in the tzdata domain,
and allow the specified role
the tzdata domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="ucspitcp" filename="policy/modules/contrib/ucspitcp.if">
<summary>UNIX Client-Server Program Interface for TCP.</summary>
<interface name="ucspitcp_service_domain" lineno="18">
<summary>
Define a specified domain as a ucspitcp service.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="entrypoint">
<summary>
The type associated with the process program.
</summary>
</param>
</interface>
</module>
<module name="ulogd" filename="policy/modules/contrib/ulogd.if">
<summary>Iptables/netfilter userspace logging daemon.</summary>
<interface name="ulogd_domtrans" lineno="13">
<summary>
Execute a domain transition to run ulogd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ulogd_read_config" lineno="33">
<summary>
Read ulogd configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ulogd_read_log" lineno="53">
<summary>
Read ulogd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ulogd_search_log" lineno="73">
<summary>
Search ulogd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ulogd_append_log" lineno="93">
<summary>
Append to ulogd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ulogd_admin" lineno="120">
<summary>
All of the rules required to
administrate an ulogd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="uml" filename="policy/modules/contrib/uml.if">
<summary>User mode linux tools and services.</summary>
<interface name="uml_role" lineno="18">
<summary>
Role access for uml.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="uml_setattr_util_sockets" lineno="55">
<summary>
Set attributes of uml pid sock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="uml_manage_util_files" lineno="74">
<summary>
Create, read, write, and delete
uml pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="updfstab" filename="policy/modules/contrib/updfstab.if">
<summary>Red Hat utility to change fstab.</summary>
<interface name="updfstab_domtrans" lineno="13">
<summary>
Execute updfstab in the updfstab domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="uptime" filename="policy/modules/contrib/uptime.if">
<summary>Daemon to record and keep track of system up times.</summary>
<interface name="uptime_admin" lineno="20">
<summary>
All of the rules required to
administrate an uptime environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="usbmodules" filename="policy/modules/contrib/usbmodules.if">
<summary>List kernel modules of USB devices.</summary>
<interface name="usbmodules_domtrans" lineno="13">
<summary>
Execute usbmodules in the usbmodules domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="usbmodules_run" lineno="40">
<summary>
Execute usbmodules in the usbmodules
domain, and allow the specified
role the usbmodules domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="usbmuxd" filename="policy/modules/contrib/usbmuxd.if">
<summary>USB multiplexing daemon for communicating with Apple iPod Touch and iPhone.</summary>
<interface name="usbmuxd_domtrans" lineno="13">
<summary>
Execute a domain transition to run usbmuxd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="usbmuxd_stream_connect" lineno="33">
<summary>
Connect to usbmuxd with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="usbmuxd_systemctl" lineno="52">
<summary>
Execute usbmuxd server in the usbmuxd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="usbmuxd_admin" lineno="83">
<summary>
All of the rules required to administrate
an usbmuxd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the usbmuxd domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="userhelper" filename="policy/modules/contrib/userhelper.if">
<summary>SELinux utility to run a shell with a new role</summary>
<template name="userhelper_role_template" lineno="24">
<summary>
The role template for the userhelper module.
</summary>
<param name="userrole_prefix">
<summary>
The prefix of the user role (e.g., user
is the prefix for user_r).
</summary>
</param>
<param name="user_role">
<summary>
The user role.
</summary>
</param>
<param name="user_domain">
<summary>
The user domain associated with the role.
</summary>
</param>
</template>
<interface name="userhelper_search_config" lineno="169">
<summary>
Search the userhelper configuration directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userhelper_dontaudit_search_config" lineno="188">
<summary>
Do not audit attempts to search
the userhelper configuration directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userhelper_dontaudit_write_config" lineno="207">
<summary>
Do not audit attempts to write
the userhelper configuration files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userhelper_use_fd" lineno="225">
<summary>
Allow domain to use userhelper file descriptor.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userhelper_sigchld" lineno="243">
<summary>
Allow domain to send sigchld to userhelper.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userhelper_exec" lineno="261">
<summary>
Execute the userhelper program in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="userhelper_console_role_template" lineno="296">
<summary>
The role template for the consolehelper module.
</summary>
<desc>
<p>
This template creates a derived domains which are used
for consolehelper applications.
</p>
</desc>
<param name="role_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
<interface name="userhelper_exec_consolehelper" lineno="354">
<summary>
Execute the consolehelper program
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="usernetctl" filename="policy/modules/contrib/usernetctl.if">
<summary>User network interface configuration helper.</summary>
<interface name="usernetctl_domtrans" lineno="13">
<summary>
Execute usernetctl in the usernetctl domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="usernetctl_run" lineno="40">
<summary>
Execute usernetctl in the usernetctl
domain, and allow the specified role
the usernetctl domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="uucp" filename="policy/modules/contrib/uucp.if">
<summary>Unix to Unix Copy.</summary>
<interface name="uucp_domtrans" lineno="13">
<summary>
Execute uucico in the uucpd_t domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="uucp_append_log" lineno="32">
<summary>
Append uucp log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="uucp_manage_spool" lineno="53">
<summary>
Create, read, write, and delete
uucp spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="uucp_domtrans_uux" lineno="74">
<summary>
Execute uux in the uux_t domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="uucp_admin" lineno="95">
<summary>
All of the rules required to
administrate an uucp environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="uuidd" filename="policy/modules/contrib/uuidd.if">
<summary>UUID generation daemon.</summary>
<interface name="uuidd_domtrans" lineno="13">
<summary>
Execute uuidd in the uuidd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="uuidd_initrc_domtrans" lineno="33">
<summary>
Execute uuidd init scripts in
the initrc domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="uuidd_search_lib" lineno="51">
<summary>
Search uuidd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="uuidd_read_lib_files" lineno="70">
<summary>
Read uuidd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="uuidd_manage_lib_files" lineno="90">
<summary>
Create, read, write, and delete
uuidd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="uuidd_manage_lib_dirs" lineno="110">
<summary>
Create, read, write, and delete
uuidd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="uuidd_read_pid_files" lineno="129">
<summary>
Read uuidd pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="uuidd_stream_connect_manager" lineno="149">
<summary>
Connect to uuidd with an unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="uuidd_admin" lineno="176">
<summary>
All of the rules required to
administrate an uuidd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="uwimap" filename="policy/modules/contrib/uwimap.if">
<summary>University of Washington IMAP toolkit POP3 and IMAP mail server.</summary>
<interface name="uwimap_domtrans" lineno="13">
<summary>
Execute imapd in the imapd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="varnishd" filename="policy/modules/contrib/varnishd.if">
<summary>Varnishd http accelerator daemon.</summary>
<interface name="varnishd_domtrans" lineno="13">
<summary>
Execute varnishd in the varnishd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="varnishd_exec" lineno="32">
<summary>
Execute varnishd in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="varnishd_read_config" lineno="51">
<summary>
Read varnishd configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="varnishd_read_lib_files" lineno="70">
<summary>
Read varnish lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="varnishd_read_log" lineno="90">
<summary>
Read varnish log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="varnishd_append_log" lineno="109">
<summary>
Append varnish log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="varnishd_manage_log" lineno="129">
<summary>
Create, read, write, and delete
varnish log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="varnishd_admin_varnishlog" lineno="155">
<summary>
All of the rules required to
administrate an varnishlog environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="varnishd_admin" lineno="197">
<summary>
All of the rules required to
administrate an varnishd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="varnishd_connect_any" dftval="false">
<desc>
<p>
Determine whether varnishd can
use the full TCP network.
</p>
</desc>
</tunable>
</module>
<module name="vbetool" filename="policy/modules/contrib/vbetool.if">
<summary>run real-mode video BIOS code to alter hardware state.</summary>
<interface name="vbetool_domtrans" lineno="13">
<summary>
Execute vbetool in the vbetool domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="vbetool_run" lineno="39">
<summary>
Execute vbetool in the vbetool
domain, and allow the specified
role the vbetool domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<tunable name="vbetool_mmap_zero_ignore" dftval="false">
<desc>
<p>
Determine whether attempts by
vbetool to mmap low regions should
be silently blocked.
</p>
</desc>
</tunable>
</module>
<module name="vdagent" filename="policy/modules/contrib/vdagent.if">
<summary>Spice agent for Linux.</summary>
<interface name="vdagent_domtrans" lineno="13">
<summary>
Execute a domain transition to run vdagent.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vdagent_getattr_exec_files" lineno="32">
<summary>
Get attributes of vdagent executable files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vdagent_getattr_log" lineno="50">
<summary>
Get attributes of vdagent log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vdagent_read_pid_files" lineno="69">
<summary>
Read vdagent pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vdagent_stream_connect" lineno="89">
<summary>
Connect to vdagent with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vdagent_admin" lineno="114">
<summary>
All of the rules required to
administrate an vdagent environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
</module>
<module name="vhostmd" filename="policy/modules/contrib/vhostmd.if">
<summary>Virtual host metrics daemon.</summary>
<interface name="vhostmd_domtrans" lineno="13">
<summary>
Execute a domain transition to run vhostmd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="vhostmd_initrc_domtrans" lineno="33">
<summary>
Execute vhostmd init scripts in
the initrc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="vhostmd_read_tmpfs_files" lineno="51">
<summary>
Read vhostmd tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vhostmd_dontaudit_read_tmpfs_files" lineno="71">
<summary>
Do not audit attempts to read
vhostmd tmpfs files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="vhostmd_rw_tmpfs_files" lineno="89">
<summary>
Read and write vhostmd tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vhostmd_manage_tmpfs_files" lineno="109">
<summary>
Create, read, write, and delete
vhostmd tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vhostmd_read_pid_files" lineno="128">
<summary>
Read vhostmd pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vhostmd_manage_pid_files" lineno="148">
<summary>
Create, read, write, and delete
vhostmd pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vhostmd_stream_connect" lineno="168">
<summary>
Connect to vhostmd with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vhostmd_dontaudit_rw_stream_connect" lineno="188">
<summary>
Do not audit attempts to read and
write vhostmd unix domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="vhostmd_admin" lineno="213">
<summary>
All of the rules required to
administrate an vhostmd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="virt" filename="policy/modules/contrib/virt.if">
<summary>Libvirt virtualization API</summary>
<interface name="virt_stub_lxc" lineno="13">
<summary>
virtd_lxc_t stub interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_stub_svirt_sandbox_domain" lineno="29">
<summary>
svirt_sandbox_domain attribute stub interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_stub_container_image" lineno="45">
<summary>
container_file_t stub interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_stub_svirt_sandbox_file" lineno="51">
<summary>
Summary is missing!
</summary>
<param name="?">
<summary>
Parameter descriptions are missing!
</summary>
</param>
</interface>
<template name="virt_domain_template" lineno="69">
<summary>
Creates types and rules for a basic
qemu process domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="virt_image" lineno="112">
<summary>
Make the specified type usable as a virt image
</summary>
<param name="type">
<summary>
Type to be used as a virtual image
</summary>
</param>
</interface>
<interface name="virt_getattr_exec" lineno="134">
<summary>
Getattr on virt executable.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="virt_domtrans" lineno="152">
<summary>
Execute a domain transition to run virt.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="virt_exec" lineno="170">
<summary>
Execute virtd in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_domtrans_bridgehelper" lineno="187">
<summary>
Transition to virt_bridgehelper.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="virt_prog_run_bpf" lineno="205">
<summary>
Allow caller domain to run bpftool.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_stream_connect" lineno="224">
<summary>
Connect to virt over a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_stream_connect_svirt" lineno="243">
<summary>
Connect to svirt process over a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_rw_stream_sockets_svirt" lineno="263">
<summary>
Read and write to apmd unix
stream sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_attach_tun_iface" lineno="281">
<summary>
Allow domain to attach to virt TUN devices
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_attach_sandbox_tun_iface" lineno="300">
<summary>
Allow domain to attach to virt sandbox TUN devices
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_read_config" lineno="319">
<summary>
Read virt config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_manage_config" lineno="340">
<summary>
manage virt config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_getattr_content" lineno="361">
<summary>
Allow domain to manage virt image files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_read_content" lineno="379">
<summary>
Allow domain to manage virt image files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_write_content" lineno="417">
<summary>
Allow domain to write virt image files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_read_pid_symlinks" lineno="435">
<summary>
Read virt PID symlinks files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_read_pid_files" lineno="454">
<summary>
Read virt PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_manage_pid_dirs" lineno="474">
<summary>
Manage virt pid directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_manage_pid_files" lineno="496">
<summary>
Manage virt pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_pid_filetrans" lineno="534">
<summary>
Create objects in the pid directory
with a private type with a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file">
<summary>
Type to which the created node will be transitioned.
</summary>
</param>
<param name="class">
<summary>
Object class(es) (single or set including {}) for which this
the transition will occur.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="virt_search_lib" lineno="552">
<summary>
Search virt lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_read_lib_files" lineno="571">
<summary>
Read virt lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_dontaudit_read_lib_files" lineno="592">
<summary>
Dontaudit inherited read virt lib files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="virt_manage_lib_files" lineno="611">
<summary>
Create, read, write, and delete
virt lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_read_log" lineno="631">
<summary>
Allow the specified domain to read virt's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="virt_append_log" lineno="651">
<summary>
Allow the specified domain to append
virt log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_manage_log" lineno="670">
<summary>
Allow domain to manage virt log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_getattr_images" lineno="690">
<summary>
Allow domain to getattr virt image direcories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_search_images" lineno="709">
<summary>
Allow domain to search virt image direcories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_read_images" lineno="728">
<summary>
Allow domain to read virt image files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_read_blk_images" lineno="765">
<summary>
Allow domain to read virt blk image files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_rw_chr_files" lineno="783">
<summary>
Allow domain to read/write virt image chr files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_manage_cache" lineno="802">
<summary>
Create, read, write, and delete
svirt cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_manage_images" lineno="823">
<summary>
Allow domain to manage virt image files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_manage_default_image_type" lineno="848">
<summary>
Allow domain to manage virt image files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_systemctl" lineno="870">
<summary>
Execute virt server in the virt domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="virt_ptrace" lineno="894">
<summary>
Ptrace the svirt domain
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="virt_exec_sandbox_files" lineno="912">
<summary>
Execute Sandbox Files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_sandbox_entrypoint" lineno="931">
<summary>
Allow any svirt_file_type to be an entrypoint of this domain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="virt_list_sandbox_dirs" lineno="948">
<summary>
List Sandbox Dirs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_read_sandbox_files" lineno="966">
<summary>
Read Sandbox Files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_manage_sandbox_files" lineno="986">
<summary>
Manage Sandbox Files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_getattr_sandbox_filesystem" lineno="1009">
<summary>
Getattr Sandbox File systems
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_relabel_sandbox_filesystem" lineno="1027">
<summary>
Relabel Sandbox File systems
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_mounton_sandbox_file" lineno="1045">
<summary>
Mounton Sandbox Files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_stream_connect_sandbox" lineno="1063">
<summary>
Connect to virt over a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_transition_svirt" lineno="1091">
<summary>
Execute qemu in the svirt domain, and
allow the specified role the svirt domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the sandbox domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="virt_dontaudit_write_pipes" lineno="1125">
<summary>
Do not audit attempts to write virt daemon unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="virt_kill_svirt" lineno="1144">
<summary>
Send a sigkill to virtual machines
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_kill" lineno="1162">
<summary>
Send a sigkill to virtd daemon.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_signal" lineno="1180">
<summary>
Send a signal to virtd daemon.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_signull" lineno="1198">
<summary>
Send null signal to virtd daemon.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_signal_svirt" lineno="1216">
<summary>
Send a signal to virtual machines
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_signal_sandbox" lineno="1234">
<summary>
Send a signal to sandbox domains
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_manage_home_files" lineno="1252">
<summary>
Manage virt home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_read_tmpfs_files" lineno="1272">
<summary>
allow domain to read
virt tmpfs files
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="virt_manage_tmpfs_files" lineno="1291">
<summary>
allow domain to manage
virt tmpfs files
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="virt_filetrans_home_content" lineno="1310">
<summary>
Create .virt directory in the user home directory
with an correct label.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_dontaudit_read_chr_dev" lineno="1340">
<summary>
Dontaudit attempts to Read virt_image_type devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="virt_sandbox_domain_template" lineno="1359">
<summary>
Creates types and rules for a basic
virt_lxc process domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<template name="virt_sandbox_domain" lineno="1391">
<summary>
Make the specified type usable as a lxc domain
</summary>
<param name="type">
<summary>
Type to be used as a lxc domain
</summary>
</param>
</template>
<template name="virt_sandbox_net_domain" lineno="1409">
<summary>
Make the specified type usable as a lxc network domain
</summary>
<param name="type">
<summary>
Type to be used as a lxc network domain
</summary>
</param>
</template>
<interface name="virt_exec_qemu" lineno="1428">
<summary>
Execute a qemu_exec_t in the callers domain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_filetrans_named_content" lineno="1446">
<summary>
Transition to virt named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_transition_svirt_sandbox" lineno="1474">
<summary>
Execute qemu in the svirt domain, and
allow the specified role the svirt domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the sandbox domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="virt_sandbox_read_state" lineno="1499">
<summary>
Read the process state of virt sandbox containers
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_rw_svirt_dev" lineno="1517">
<summary>
Read and write to svirt_image devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_rw_svirt_image" lineno="1535">
<summary>
Read and write to svirt_image files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_rlimitinh" lineno="1553">
<summary>
Read and write to svirt_image devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_noatsecure" lineno="1571">
<summary>
Read and write to svirt_image devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_admin" lineno="1596">
<summary>
All of the rules required to administrate
an virt environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="virt_default_capabilities" lineno="1641">
<summary>
Getattr on virt executable.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="virt_dbus_chat" lineno="1661">
<summary>
Send and receive messages from
virt over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_sandbox_domtrans" lineno="1697">
<summary>
Execute a file in a sandbox directory
in the specified domain.
</summary>
<desc>
<p>
Execute a file in a sandbox directory
in the specified domain.  This allows
the specified domain to execute any file
on these filesystems in the specified
domain.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="virt_dontaudit_read_state" lineno="1715">
<summary>
Dontaudit read the process state (/proc/pid) of libvirt
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_dgram_send" lineno="1735">
<summary>
Send to libvirt with a unix dgram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_svirt_write_tmp" lineno="1754">
<summary>
Write svirt tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_svirt_manage_tmp" lineno="1772">
<summary>
Manage svirt tmp files,dirs and sockfiles.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_read_qemu_pid_files" lineno="1792">
<summary>
Read qemu PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_write_qemu_pid_files" lineno="1812">
<summary>
Write qemu PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_create_qemu_pid_files" lineno="1831">
<summary>
Create qemu PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_manage_qemu_pid_sock_files" lineno="1850">
<summary>
Manage qemu PID socket files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="virt_use_comm" dftval="false">
<desc>
<p>
Allow confined virtual guests to use serial/parallel communication ports
</p>
</desc>
</tunable>
<tunable name="virt_transition_userdomain" dftval="false">
<desc>
<p>
Allow virtual processes to run as userdomains
</p>
</desc>
</tunable>
<tunable name="virt_use_execmem" dftval="false">
<desc>
<p>
Allow confined virtual guests to use executable memory and executable stack
</p>
</desc>
</tunable>
<tunable name="virt_use_fusefs" dftval="false">
<desc>
<p>
Allow confined virtual guests to read fuse files
</p>
</desc>
</tunable>
<tunable name="virt_use_glusterd" dftval="false">
<desc>
<p>
Allow confined virtual guests to use glusterd
</p>
</desc>
</tunable>
<tunable name="virt_sandbox_share_apache_content" dftval="false">
<desc>
<p>
Allow sandbox containers to share apache content
</p>
</desc>
</tunable>
<tunable name="virt_sandbox_use_fusefs" dftval="false">
<desc>
<p>
Allow sandbox containers manage fuse files
</p>
</desc>
</tunable>
<tunable name="virt_use_nfs" dftval="false">
<desc>
<p>
Allow confined virtual guests to manage nfs files
</p>
</desc>
</tunable>
<tunable name="virt_use_samba" dftval="false">
<desc>
<p>
Allow confined virtual guests to manage cifs files
</p>
</desc>
</tunable>
<tunable name="virt_use_sanlock" dftval="false">
<desc>
<p>
Allow confined virtual guests to interact with the sanlock
</p>
</desc>
</tunable>
<tunable name="virt_use_rawip" dftval="false">
<desc>
<p>
Allow confined virtual guests to interact with rawip sockets
</p>
</desc>
</tunable>
<tunable name="virt_use_xserver" dftval="false">
<desc>
<p>
Allow confined virtual guests to interact with the xserver
</p>
</desc>
</tunable>
<tunable name="virt_use_usb" dftval="true">
<desc>
<p>
Allow confined virtual guests to use usb devices
</p>
</desc>
</tunable>
<tunable name="virt_use_pcscd" dftval="false">
<desc>
<p>
Allow confined virtual guests to use smartcards
</p>
</desc>
</tunable>
<tunable name="virt_use_pulseaudio" dftval="false">
<desc>
<p>
Allow confined virtual guests to use pulseaudio
</p>
</desc>
</tunable>
<tunable name="virt_sandbox_use_audit" dftval="true">
<desc>
<p>
Allow sandbox containers to send audit messages
</p>
</desc>
</tunable>
<tunable name="virt_sandbox_use_netlink" dftval="false">
<desc>
<p>
Allow sandbox containers to use netlink system calls
</p>
</desc>
</tunable>
<tunable name="virt_sandbox_use_sys_admin" dftval="false">
<desc>
<p>
Allow sandbox containers to use sys_admin system calls, for example mount
</p>
</desc>
</tunable>
<tunable name="virt_sandbox_use_mknod" dftval="false">
<desc>
<p>
Allow sandbox containers to use mknod system calls
</p>
</desc>
</tunable>
<tunable name="virt_sandbox_use_all_caps" dftval="true">
<desc>
<p>
Allow sandbox containers to use all capabilities
</p>
</desc>
</tunable>
<tunable name="virt_read_qemu_ga_data" dftval="false">
<desc>
<p>
Allow qemu-ga to read qemu-ga date.
</p>
</desc>
</tunable>
<tunable name="virt_rw_qemu_ga_data" dftval="false">
<desc>
<p>
Allow qemu-ga to manage qemu-ga date.
</p>
</desc>
</tunable>
<tunable name="virt_lockd_blk_devs" dftval="false">
<desc>
<p>
Allow virtlockd read and lock block devices.
</p>
</desc>
</tunable>
<tunable name="virt_qemu_ga_read_nonsecurity_files" dftval="false">
<desc>
<p>
Allow qemu-ga read all non-security file types.
</p>
</desc>
</tunable>
<tunable name="virt_qemu_ga_manage_ssh" dftval="false">
<desc>
<p>
Allow qemu-ga read ssh home directory content.
</p>
</desc>
</tunable>
<tunable name="virt_qemu_ga_run_unconfined" dftval="false">
<desc>
<p>
Allow qemu-ga to run unconfined scripts
</p>
</desc>
</tunable>
</module>
<module name="vlock" filename="policy/modules/contrib/vlock.if">
<summary>Lock one or more sessions on the Linux console.</summary>
<interface name="vlock_domtrans" lineno="13">
<summary>
Execute vlock in the vlock domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="vlock_run" lineno="40">
<summary>
Execute vlock in the vlock domain,
and allow the specified role
the vlock domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed to access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="vmtools" filename="policy/modules/contrib/vmtools.if">
<summary>VMware Tools daemon</summary>
<interface name="vmtools_domtrans" lineno="13">
<summary>
Execute vmtools in the vmtools domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="vmtools_domtrans_helper" lineno="32">
<summary>
Execute vmtools in the vmtools domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="vmtools_run_helper" lineno="56">
<summary>
Execute vmtools helpers in the vmtools_heler domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the mozilla_plugin domain.
</summary>
</param>
</interface>
<interface name="vmtools_systemctl" lineno="75">
<summary>
Execute vmtools server in the vmtools domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="vmtools_admin" lineno="103">
<summary>
All of the rules required to administrate
an vmtools environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="vmtools_unconfined_dbus_chat" lineno="136">
<summary>
Send and receive messages from
vmtools_unconfined over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="vmware" filename="policy/modules/contrib/vmware.if">
<summary>VMWare Workstation virtual machines.</summary>
<interface name="vmware_role" lineno="18">
<summary>
Role access for vmware.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="vmware_exec_host" lineno="54">
<summary>
Execute vmware host executables
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vmware_read_system_config" lineno="73">
<summary>
Read vmware system configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vmware_append_system_config" lineno="92">
<summary>
Append vmware system configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vmware_append_log" lineno="111">
<summary>
Append vmware log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vmware_filetrans_content" lineno="130">
<summary>
Transition to vmware content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vmware_manage_log" lineno="148">
<summary>
Manage vmware log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="vnstatd" filename="policy/modules/contrib/vnstatd.if">
<summary>Console network traffic monitor.</summary>
<interface name="vnstatd_domtrans_vnstat" lineno="13">
<summary>
Execute a domain transition to run vnstat.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="vnstatd_run_vnstat" lineno="39">
<summary>
Execute vnstat in the vnstat domain,
and allow the specified role
the vnstat domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="vnstatd_domtrans" lineno="58">
<summary>
Execute a domain transition to run vnstatd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="vnstatd_search_lib" lineno="77">
<summary>
Search vnstatd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vnstatd_manage_lib_dirs" lineno="97">
<summary>
Create, read, write, and delete
vnstatd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vnstatd_read_lib_files" lineno="116">
<summary>
Read vnstatd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vnstatd_manage_lib_files" lineno="136">
<summary>
Create, read, write, and delete
vnstatd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vnstatd_admin" lineno="161">
<summary>
All of the rules required to
administrate an vnstatd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
</module>
<module name="vpn" filename="policy/modules/contrib/vpn.if">
<summary>Virtual Private Networking client</summary>
<interface name="vpn_domtrans" lineno="13">
<summary>
Execute VPN clients in the vpnc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="vpn_run" lineno="38">
<summary>
Execute VPN clients in the vpnc domain, and
allow the specified role the vpnc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="vpn_kill" lineno="58">
<summary>
Send VPN clients the kill signal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vpn_signal" lineno="76">
<summary>
Send generic signals to VPN clients.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vpn_signull" lineno="94">
<summary>
Send signull to VPN clients.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vpn_dbus_chat" lineno="113">
<summary>
Send and receive messages from
Vpnc over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vpnc_manage_pid_dirs" lineno="133">
<summary>
Read vpnc PID dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vpnc_read_pid_files" lineno="152">
<summary>
Read vpnc PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vpnc_manage_pid_files" lineno="171">
<summary>
Read vpnc PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vpnc_manage_pid" lineno="190">
<summary>
Read vpnc PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vpn_relabelfrom_tun_socket" lineno="210">
<summary>
Relabelfrom from vpnc socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="w3c" filename="policy/modules/contrib/w3c.if">
<summary>W3C Markup Validator.</summary>
</module>
<module name="watchdog" filename="policy/modules/contrib/watchdog.if">
<summary>Software watchdog.</summary>
<interface name="watchdog_admin" lineno="20">
<summary>
All of the rules required to
administrate an watchdog environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="watchdog_unconfined_exec_read_lnk_files" lineno="51">
<summary>
Allow read watchdog_unconfined_t lnk files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="wdmd" filename="policy/modules/contrib/wdmd.if">
<summary>watchdog multiplexing daemon</summary>
<interface name="wdmd_domtrans" lineno="13">
<summary>
Execute a domain transition to run wdmd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="wdmd_initrc_domtrans" lineno="32">
<summary>
Execute wdmd server in the wdmd domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="wdmd_admin" lineno="57">
<summary>
All of the rules required to administrate
an wdmd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="wdmd_manage_pid_files" lineno="86">
<summary>
Create, read, write, and delete wdmd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="wdmd_stream_connect" lineno="105">
<summary>
Connect to wdmd over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="wdmd_rw_tmpfs" lineno="125">
<summary>
Allow the specified domain to read/write wdmd's tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="webadm" filename="policy/modules/contrib/webadm.if">
<summary>Web administrator role.</summary>
<interface name="webadm_role_change" lineno="14">
<summary>
Change to the web administrator role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="webadm_role_change_to" lineno="44">
<summary>
Change from the web administrator role.
</summary>
<desc>
<p>
Change from the web administrator role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="webadm_manage_user_files" dftval="false">
<desc>
<p>
Determine whether webadm can
manage generic user files.
</p>
</desc>
</tunable>
<tunable name="webadm_read_user_files" dftval="false">
<desc>
<p>
Determine whether webadm can
read generic user files.
</p>
</desc>
</tunable>
</module>
<module name="webalizer" filename="policy/modules/contrib/webalizer.if">
<summary>Web server log analysis.</summary>
<interface name="webalizer_domtrans" lineno="13">
<summary>
Execute webalizer in the webalizer domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="webalizer_run" lineno="40">
<summary>
Execute webalizer in the webalizer
domain, and allow the specified
role the webalizer domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="wine" filename="policy/modules/contrib/wine.if">
<summary>Wine Is Not an Emulator.  Run Windows programs in Linux.</summary>
<template name="wine_role" lineno="24">
<summary>
The per role template for the wine module.
</summary>
<desc>
<p>
This template creates a derived domains which are used
for wine applications.
</p>
</desc>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
<template name="wine_role_template" lineno="85">
<summary>
The role template for the wine module.
</summary>
<desc>
<p>
This template creates a derived domains which are used
for wine applications.
</p>
</desc>
<param name="role_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
<interface name="wine_domtrans" lineno="122">
<summary>
Execute the wine program in the wine domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="wine_run" lineno="147">
<summary>
Execute wine in the wine domain, and
allow the specified role the wine domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="wine_rw_shm" lineno="167">
<summary>
Read and write wine Shared
memory segments.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="wine_filetrans_named_content" lineno="185">
<summary>
Transition to wine named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="wine_mmap_zero_ignore" dftval="false">
<desc>
<p>
Determine whether attempts by
wine to mmap low regions should
be silently blocked.
</p>
</desc>
</tunable>
</module>
<module name="wireguard" filename="policy/modules/contrib/wireguard.if">
<summary>policy for wireguard</summary>
<interface name="wireguard_domtrans" lineno="13">
<summary>
Execute wireguard_exec_t in the wireguard domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="wireguard_exec" lineno="32">
<summary>
Execute wireguard in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="wireguard_read_fifo_files" lineno="51">
<summary>
Read wireguard fifo files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
</module>
<module name="wireshark" filename="policy/modules/contrib/wireshark.if">
<summary>Wireshark packet capture tool.</summary>
<interface name="wireshark_role" lineno="18">
<summary>
Role access for wireshark.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="wireshark_domtrans" lineno="50">
<summary>
Execute wireshark in wireshark domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="wireshark_rw_shm" lineno="70">
<summary>
Read and write wireshark Shared
memory segments.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="wm" filename="policy/modules/contrib/wm.if">
<summary>X Window Managers</summary>
<template name="wm_role_template" lineno="30">
<summary>
The role template for the wm module.
</summary>
<desc>
<p>
This template creates a derived domains which are used
for window manager applications.
</p>
</desc>
<param name="role_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
<interface name="wm_exec" lineno="91">
<summary>
Execute the wm program in the wm domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="xen" filename="policy/modules/contrib/xen.if">
<summary>Xen hypervisor</summary>
<interface name="xen_domtrans" lineno="13">
<summary>
Execute a domain transition to run xend.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="xen_exec" lineno="32">
<summary>
Allow the specified domain to execute xend
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xen_use_fds" lineno="50">
<summary>
Inherit and use xen file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xen_dontaudit_use_fds" lineno="69">
<summary>
Do not audit attempts to inherit
xen file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="xen_read_pid_files_xenstored" lineno="87">
<summary>
Read xend pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xen_read_lib_files" lineno="107">
<summary>
Read xend lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xen_read_image_files" lineno="126">
<summary>
Read xend image files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xen_manage_image_dirs" lineno="148">
<summary>
Allow the specified domain to read/write
xend image files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xen_rw_image_files" lineno="168">
<summary>
Allow the specified domain to read/write
xend image files.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="xen_append_log" lineno="189">
<summary>
Allow the specified domain to append
xend log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xen_manage_log" lineno="210">
<summary>
Create, read, write, and delete the
xend log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xen_dontaudit_rw_unix_stream_sockets" lineno="232">
<summary>
Do not audit attempts to read and write
Xen unix domain stream sockets.  These
are leaked file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="xen_stream_connect_xenstore" lineno="250">
<summary>
Connect to xenstored over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xen_stream_connect" lineno="269">
<summary>
Connect to xend over a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xen_domtrans_xm" lineno="291">
<summary>
Execute a domain transition to run xm.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="xen_stream_connect_xm" lineno="310">
<summary>
Connect to xm over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="xend_run_blktap" dftval="true">
<desc>
<p>
Allow xend to run blktapctrl/tapdisk.
Not required if using dedicated logical volumes for disk images.
</p>
</desc>
</tunable>
<tunable name="xend_run_qemu" dftval="true">
<desc>
<p>
Allow xend to run qemu-dm.
Not required if using paravirt and no vfb.
</p>
</desc>
</tunable>
<tunable name="xen_use_nfs" dftval="false">
<desc>
<p>
Allow xen to manage nfs files
</p>
</desc>
</tunable>
</module>
<module name="xfs" filename="policy/modules/contrib/xfs.if">
<summary>X Windows Font Server.</summary>
<interface name="xfs_read_sockets" lineno="13">
<summary>
Read xfs temporary sock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xfs_stream_connect" lineno="33">
<summary>
Connect to xfs with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xfs_exec" lineno="52">
<summary>
Execute xfs in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xfs_admin" lineno="78">
<summary>
All of the rules required to
administrate an xfs environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="xscreensaver" filename="policy/modules/contrib/xscreensaver.if">
<summary>Modular screen saver and locker for X11.</summary>
<interface name="xscreensaver_role" lineno="18">
<summary>
Role access for xscreensaver.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
</module>
<module name="zabbix" filename="policy/modules/contrib/zabbix.if">
<summary>Distributed infrastructure monitoring</summary>
<interface name="zabbix_domtrans" lineno="13">
<summary>
Execute a domain transition to run zabbix.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="zabbix_script_domtrans" lineno="31">
<summary>
Execute a domain transition to run zabbix_script.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="zabbix_tcp_connect" lineno="49">
<summary>
Allow connectivity to the zabbix server
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zabbix_read_log" lineno="71">
<summary>
Allow the specified domain to read zabbix's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="zabbix_read_tmp" lineno="91">
<summary>
Allow the specified domain to read zabbix's tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="zabbix_append_log" lineno="111">
<summary>
Allow the specified domain to append
zabbix log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zabbix_read_pid_files" lineno="130">
<summary>
Read zabbix PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zabbix_agent_tcp_connect" lineno="149">
<summary>
Allow connectivity to a zabbix agent
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zabbix_admin" lineno="177">
<summary>
All of the rules required to administrate
an zabbix environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the zabbix domain.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="zabbix_can_network" dftval="false">
<desc>
<p>
Determine whether zabbix can
connect to all TCP ports
</p>
</desc>
</tunable>
<tunable name="zabbix_run_sudo" dftval="false">
<desc>
<p>
Allow Zabbix to run su/sudo.
</p>
</desc>
</tunable>
</module>
<module name="zarafa" filename="policy/modules/contrib/zarafa.if">
<summary>Zarafa collaboration platform.</summary>
<template name="zarafa_domain_template" lineno="14">
<summary>
Creates types and rules for a basic
zararfa init daemon domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="zarafa_search_config" lineno="64">
<summary>
Allow the specified domain to search
zarafa configuration dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zarafa_domtrans_deliver" lineno="83">
<summary>
Execute a domain transition to run zarafa_deliver.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="zarafa_domtrans_server" lineno="101">
<summary>
Execute a domain transition to run zarafa_server.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="zarafa_stream_connect_server" lineno="119">
<summary>
Connect to zarafa-server unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zarafa_manage_lib_files" lineno="139">
<summary>
Allow the specified domain to manage
zarafa /var/lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="zarafa_setrlimit" dftval="false">
<desc>
<p>
Allow zarafa domains to setrlimit/sys_resource.
</p>
</desc>
</tunable>
</module>
<module name="zebra" filename="policy/modules/contrib/zebra.if">
<summary>Zebra border gateway protocol network routing service</summary>
<interface name="zebra_read_config" lineno="14">
<summary>
Read the configuration files for zebra.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="zebra_stream_connect" lineno="35">
<summary>
Connect to zebra over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zebra_systemctl" lineno="54">
<summary>
Execute zebra services in the zebra domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="zebra_admin" lineno="85">
<summary>
All of the rules required to administrate
an zebra environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the zebra domain.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="zebra_write_config" dftval="false">
<desc>
<p>
Allow zebra daemon to write it configuration files
</p>
</desc>
</tunable>
</module>
<module name="zoneminder" filename="policy/modules/contrib/zoneminder.if">
<summary>policy for zoneminder</summary>
<interface name="zoneminder_domtrans" lineno="13">
<summary>
Transition to zoneminder.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="zoneminder_exec" lineno="33">
<summary>
Allow the specified domain to execute zoneminder
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="zoneminder_initrc_domtrans" lineno="53">
<summary>
Execute zoneminder server in the zoneminder domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zoneminder_read_log" lineno="73">
<summary>
Read zoneminder's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="zoneminder_append_log" lineno="92">
<summary>
Append to zoneminder log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zoneminder_manage_log" lineno="111">
<summary>
Manage zoneminder log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zoneminder_search_lib" lineno="132">
<summary>
Search zoneminder lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zoneminder_read_lib_files" lineno="151">
<summary>
Read zoneminder lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zoneminder_manage_lib_files" lineno="170">
<summary>
Manage zoneminder lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zoneminder_manage_lib_dirs" lineno="189">
<summary>
Manage zoneminder lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zoneminder_manage_lib_sock_files" lineno="208">
<summary>
Manage zoneminder sock_files files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zoneminder_search_spool" lineno="226">
<summary>
Search zoneminder spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zoneminder_read_spool_files" lineno="245">
<summary>
Read zoneminder spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zoneminder_manage_spool_files" lineno="264">
<summary>
Manage zoneminder spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zoneminder_manage_spool_dirs" lineno="283">
<summary>
Manage zoneminder spool dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zoneminder_stream_connect" lineno="302">
<summary>
Connect to zoneminder over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zoneminder_rw_tmpfs_files" lineno="321">
<summary>
Read/write zonerimender tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zoneminder_admin" lineno="347">
<summary>
All of the rules required to administrate
an zoneminder environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="zoneminder_run_sudo" dftval="false">
<desc>
<p>
Allow ZoneMinder to run su/sudo.
</p>
</desc>
</tunable>
<tunable name="zoneminder_anon_write" dftval="false">
<desc>
<p>
Allow ZoneMinder to modify public files
used for public file transfer services.
</p>
</desc>
</tunable>
</module>
<module name="zosremote" filename="policy/modules/contrib/zosremote.if">
<summary>z/OS Remote-services Audit dispatcher plugin.</summary>
<interface name="zosremote_domtrans" lineno="13">
<summary>
Execute a domain transition to run audispd-zos-remote.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="zosremote_run" lineno="40">
<summary>
Execute zos remote in the zos remote
domain, and allow the specified role
the zos remote domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
</layer>
<layer name="kernel">
<summary>Policy modules for kernel resources.</summary>
<module name="corecommands" filename="policy/modules/kernel/corecommands.if">
<summary>
Core policy for shells, and generic programs
in /bin, /sbin, /usr/bin, and /usr/sbin.
</summary>
<required val="true">
Contains the base bin and sbin directory types
which need to be searched for the kernel to
run init.
</required>
<interface name="corecmd_stub_bin" lineno="21">
<summary>
corecmd stub bin_t interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="corecmd_executable_file" lineno="39">
<summary>
Make the specified type usable for files
that are exectuables, such as binary programs.
This does not include shared libraries.
</summary>
<param name="type">
<summary>
Type to be used for files.
</summary>
</param>
</interface>
<interface name="corecmd_bin_alias" lineno="69">
<summary>
Create a aliased type to generic bin files.  (Deprecated)
</summary>
<desc>
<p>
Create a aliased type to generic bin files.  (Deprecated)
</p>
<p>
This is added to support targeted policy.  Its
use should be limited.  It has no effect
on the strict policy.
</p>
</desc>
<param name="domain">
<summary>
Alias type for bin_t.
</summary>
</param>
</interface>
<interface name="corecmd_bin_entry_type" lineno="84">
<summary>
Make general progams in bin an entrypoint for
the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which bin_t is an entrypoint.
</summary>
</param>
</interface>
<interface name="corecmd_sbin_entry_type" lineno="105">
<summary>
Make general progams in sbin an entrypoint for
the specified domain.  (Deprecated)
</summary>
<param name="domain">
<summary>
The domain for which sbin programs are an entrypoint.
</summary>
</param>
</interface>
<interface name="corecmd_shell_entry_type" lineno="120">
<summary>
Make the shell an entrypoint for the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which the shell is an entrypoint.
</summary>
</param>
</interface>
<interface name="corecmd_search_bin" lineno="138">
<summary>
Search the contents of bin directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_dontaudit_search_bin" lineno="157">
<summary>
Do not audit attempts to search the contents of bin directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corecmd_list_bin" lineno="175">
<summary>
List the contents of bin directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_dontaudit_write_bin_dirs" lineno="194">
<summary>
Do not audit attempts to write bin directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corecmd_watch_bin_dirs" lineno="212">
<summary>
Watch bin directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_getattr_bin_files" lineno="230">
<summary>
Get the attributes of files in bin directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_dontaudit_getattr_bin_files" lineno="248">
<summary>
Get the attributes of files in bin directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corecmd_read_bin_files" lineno="267">
<summary>
Read files in bin directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_dontaudit_write_bin_files" lineno="286">
<summary>
Do not audit attempts to write bin files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corecmd_dontaudit_access_check_bin" lineno="304">
<summary>
Do not audit attempts to access check bin files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corecmd_read_bin_symlinks" lineno="322">
<summary>
Read symbolic links in bin directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_read_bin_pipes" lineno="340">
<summary>
Read pipes in bin directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_read_bin_sockets" lineno="359">
<summary>
Read named sockets in bin directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_exec_bin" lineno="399">
<summary>
Execute generic programs in bin directories,
in the caller domain.
</summary>
<desc>
<p>
Allow the specified domain to execute generic programs
in system bin directories (/bin, /sbin, /usr/bin,
/usr/sbin) a without domain transition.
</p>
<p>
Typically, this interface should be used when the domain
executes general system progams within the privileges
of the source domain.  Some examples of these programs
are ls, cp, sed, python, and tar. This does not include
shells, such as bash.
</p>
<p>
Related interface:
</p>
<ul>
<li>corecmd_exec_shell()</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_manage_bin_files" lineno="423">
<summary>
Create, read, write, and delete bin files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_relabel_bin_files" lineno="442">
<summary>
Relabel to and from the bin type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_mmap_bin_files" lineno="460">
<summary>
Mmap a bin file as executable.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_bin_spec_domtrans" lineno="505">
<summary>
Execute a file in a bin directory
in the specified domain but do not
do it automatically. This is an explicit
transition, requiring the caller to use setexeccon().
</summary>
<desc>
<p>
Execute a file in a bin directory
in the specified domain.  This allows
the specified domain to execute any file
on these filesystems in the specified
domain.  This is not suggested.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
<p>
This interface was added to handle
the userhelper policy.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="corecmd_bin_domtrans" lineno="552">
<summary>
Execute a file in a bin directory
in the specified domain.
</summary>
<desc>
<p>
Execute a file in a bin directory
in the specified domain.  This allows
the specified domain to execute any file
on these filesystems in the specified
domain.  This is not suggested.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
<p>
This interface was added to handle
the ssh-agent policy.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="corecmd_search_sbin" lineno="573">
<summary>
Search the contents of sbin directories.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_dontaudit_search_sbin" lineno="589">
<summary>
Do not audit attempts to search
sbin directories.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corecmd_list_sbin" lineno="604">
<summary>
List the contents of sbin directories.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_dontaudit_write_sbin_dirs" lineno="620">
<summary>
Do not audit attempts to write
sbin directories.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corecmd_getattr_sbin_files" lineno="635">
<summary>
Get the attributes of sbin files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_dontaudit_getattr_sbin_files" lineno="651">
<summary>
Do not audit attempts to get the attibutes
of sbin files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corecmd_read_sbin_files" lineno="666">
<summary>
Read files in sbin directories.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_read_sbin_symlinks" lineno="681">
<summary>
Read symbolic links in sbin directories.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_read_sbin_pipes" lineno="696">
<summary>
Read named pipes in sbin directories.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_read_sbin_sockets" lineno="711">
<summary>
Read named sockets in sbin directories.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_exec_sbin" lineno="727">
<summary>
Execute generic programs in sbin directories,
in the caller domain.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_manage_sbin_files" lineno="743">
<summary>
Create, read, write, and delete sbin files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_relabel_sbin_files" lineno="759">
<summary>
Relabel to and from the sbin type.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_mmap_sbin_files" lineno="775">
<summary>
Mmap a sbin file as executable.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_sbin_domtrans" lineno="814">
<summary>
Execute a file in a sbin directory
in the specified domain.  (Deprecated)
</summary>
<desc>
<p>
Execute a file in a sbin directory
in the specified domain.  This allows
the specified domain to execute any file
on these filesystems in the specified
domain.  This is not suggested.  (Deprecated)
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
<p>
This interface was added to handle
the ssh-agent policy.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="corecmd_sbin_spec_domtrans" lineno="855">
<summary>
Execute a file in a sbin directory
in the specified domain but do not
do it automatically. This is an explicit
transition, requiring the caller to use setexeccon().  (Deprecated)
</summary>
<desc>
<p>
Execute a file in a sbin directory
in the specified domain.  This allows
the specified domain to execute any file
on these filesystems in the specified
domain.  This is not suggested.  (Deprecated)
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
<p>
This interface was added to handle
the userhelper policy.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="corecmd_check_exec_shell" lineno="870">
<summary>
Check if a shell is executable (DAC-wise).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_exec_shell" lineno="908">
<summary>
Execute shells in the caller domain.
</summary>
<desc>
<p>
Allow the specified domain to execute shells without
a domain transition.
</p>
<p>
Typically, this interface should be used when the domain
executes shells within the privileges
of the source domain.  Some examples of these programs
are bash, tcsh, and zsh.
</p>
<p>
Related interface:
</p>
<ul>
<li>corecmd_exec_bin()</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_exec_ls" lineno="929">
<summary>
Execute ls in the caller domain.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_shell_spec_domtrans" lineno="963">
<summary>
Execute a shell in the target domain.  This
is an explicit transition, requiring the
caller to use setexeccon().
</summary>
<desc>
<p>
Execute a shell in the target domain.  This
is an explicit transition, requiring the
caller to use setexeccon().
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the shell process.
</summary>
</param>
</interface>
<interface name="corecmd_shell_domtrans" lineno="998">
<summary>
Execute a shell in the specified domain.
</summary>
<desc>
<p>
Execute a shell in the specified domain.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the shell process.
</summary>
</param>
</interface>
<interface name="corecmd_exec_chroot" lineno="1017">
<summary>
Execute chroot in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_dontaudit_access_all_executables" lineno="1038">
<summary>
Do not audit attempts to access check executable files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corecmd_getattr_all_executables" lineno="1057">
<summary>
Get the attributes of all executable files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="corecmd_exec_all_executables" lineno="1078">
<summary>
Execute all executable files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="corecmd_dontaudit_exec_all_executables" lineno="1099">
<summary>
Do not audit attempts to execute all executables.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corecmd_manage_all_executables" lineno="1118">
<summary>
Create, read, write, and all executable files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="corecmd_relabel_all_executables" lineno="1140">
<summary>
Relabel to and from the bin type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="corecmd_mmap_all_executables" lineno="1159">
<summary>
Mmap all executables as executable.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_read_all_executables" lineno="1179">
<summary>
Read all executable files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="corecmd_entrypoint_all_executables" lineno="1198">
<summary>
Read all executable files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="corecmd_bin_filetrans" lineno="1231">
<summary>
Create objects in the /bin directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file_type">
<summary>
The type of the object to be created
</summary>
</param>
<param name="object_class">
<summary>
The object class.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
</module>
<module name="corenetwork" filename="policy/modules/kernel/corenetwork.if">
<summary>Policy controlling access to network objects</summary>
<required val="true">
Contains the initial SIDs for network objects.
</required>
<interface name="corenet_port" lineno="29">
<summary>
Define type to be a network port type
</summary>
<desc>
<p>
Define type to be a network port type
</p>
<p>
This is for supporting third party modules and its
use is not allowed in upstream reference policy.
</p>
</desc>
<param name="domain">
<summary>
Type to be used for network ports.
</summary>
</param>
</interface>
<interface name="corenet_reserved_port" lineno="56">
<summary>
Define network type to be a reserved port (lt 1024)
</summary>
<desc>
<p>
Define network type to be a reserved port (lt 1024)
</p>
<p>
This is for supporting third party modules and its
use is not allowed in upstream reference policy.
</p>
</desc>
<param name="domain">
<summary>
Type to be used for network ports.
</summary>
</param>
</interface>
<interface name="corenet_rpc_port" lineno="84">
<summary>
Define network type to be a rpc port ( 512 lt PORT lt 1024)
</summary>
<desc>
<p>
Define network type to be a rpc port ( 512 lt PORT lt 1024)
</p>
<p>
This is for supporting third party modules and its
use is not allowed in upstream reference policy.
</p>
</desc>
<param name="domain">
<summary>
Type to be used for network ports.
</summary>
</param>
</interface>
<interface name="corenet_node" lineno="112">
<summary>
Define type to be a network node type
</summary>
<desc>
<p>
Define type to be a network node type
</p>
<p>
This is for supporting third party modules and its
use is not allowed in upstream reference policy.
</p>
</desc>
<param name="domain">
<summary>
Type to be used for network nodes.
</summary>
</param>
</interface>
<interface name="corenet_packet" lineno="139">
<summary>
Define type to be a network packet type
</summary>
<desc>
<p>
Define type to be a network packet type
</p>
<p>
This is for supporting third party modules and its
use is not allowed in upstream reference policy.
</p>
</desc>
<param name="domain">
<summary>
Type to be used for a network packet.
</summary>
</param>
</interface>
<interface name="corenet_client_packet" lineno="166">
<summary>
Define type to be a network client packet type
</summary>
<desc>
<p>
Define type to be a network client packet type
</p>
<p>
This is for supporting third party modules and its
use is not allowed in upstream reference policy.
</p>
</desc>
<param name="domain">
<summary>
Type to be used for a network client packet.
</summary>
</param>
</interface>
<interface name="corenet_server_packet" lineno="193">
<summary>
Define type to be a network server packet type
</summary>
<desc>
<p>
Define type to be a network server packet type
</p>
<p>
This is for supporting third party modules and its
use is not allowed in upstream reference policy.
</p>
</desc>
<param name="domain">
<summary>
Type to be used for a network server packet.
</summary>
</param>
</interface>
<interface name="corenet_spd_type" lineno="212">
<summary>
Make the specified type usable
for labeled ipsec.
</summary>
<param name="domain">
<summary>
Type to be used for labeled ipsec.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_generic_if" lineno="258">
<summary>
Send and receive TCP network traffic on generic interfaces.
</summary>
<desc>
<p>
Allow the specified domain to send and receive TCP network
traffic on generic network interfaces.
</p>
<p>
Related interface:
</p>
<ul>
<li>corenet_all_recvfrom_unlabeled()</li>
<li>corenet_tcp_sendrecv_generic_node()</li>
<li>corenet_tcp_sendrecv_all_ports()</li>
<li>corenet_tcp_connect_all_ports()</li>
</ul>
<p>
Example client being able to connect to all ports over
generic nodes, without labeled networking:
</p>
<p>
allow myclient_t self:tcp_socket create_stream_socket_perms;
corenet_tcp_sendrecv_generic_if(myclient_t)
corenet_tcp_sendrecv_generic_node(myclient_t)
corenet_tcp_sendrecv_all_ports(myclient_t)
corenet_tcp_connect_all_ports(myclient_t)
corenet_all_recvfrom_unlabeled(myclient_t)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_generic_if" lineno="276">
<summary>
Send UDP network traffic on generic interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_send_generic_if" lineno="295">
<summary>
Dontaudit attempts to send UDP network traffic
on generic interfaces.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_udp_receive_generic_if" lineno="313">
<summary>
Receive UDP network traffic on generic interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_receive_generic_if" lineno="332">
<summary>
Do not audit attempts to receive UDP network
traffic on generic interfaces.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_udp_sendrecv_generic_if" lineno="376">
<summary>
Send and receive UDP network traffic on generic interfaces.
</summary>
<desc>
<p>
Allow the specified domain to send and receive UDP network
traffic on generic network interfaces.
</p>
<p>
Related interface:
</p>
<ul>
<li>corenet_all_recvfrom_unlabeled()</li>
<li>corenet_udp_sendrecv_generic_node()</li>
<li>corenet_udp_sendrecv_all_ports()</li>
</ul>
<p>
Example client being able to send to all ports over
generic nodes, without labeled networking:
</p>
<p>
allow myclient_t self:udp_socket create_socket_perms;
corenet_udp_sendrecv_generic_if(myclient_t)
corenet_udp_sendrecv_generic_node(myclient_t)
corenet_udp_sendrecv_all_ports(myclient_t)
corenet_all_recvfrom_unlabeled(myclient_t)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_generic_if" lineno="392">
<summary>
Do not audit attempts to send and receive UDP network
traffic on generic interfaces.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_raw_send_generic_if" lineno="407">
<summary>
Send raw IP packets on generic interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_raw_receive_generic_if" lineno="425">
<summary>
Receive raw IP packets on generic interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_raw_sendrecv_generic_if" lineno="443">
<summary>
Send and receive raw IP packets on generic interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_out_generic_if" lineno="459">
<summary>
Allow outgoing network traffic on the generic interfaces.
</summary>
<param name="domain">
<summary>
The peer label of the outgoing network traffic.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_in_generic_if" lineno="478">
<summary>
Allow incoming traffic on the generic interfaces.
</summary>
<param name="domain">
<summary>
The peer label of the incoming network traffic.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_inout_generic_if" lineno="497">
<summary>
Allow incoming and outgoing network traffic on the generic interfaces.
</summary>
<param name="domain">
<summary>
The peer label of the network traffic.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_tcp_sendrecv_all_if" lineno="512">
<summary>
Send and receive TCP network traffic on all interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_send_all_if" lineno="530">
<summary>
Send UDP network traffic on all interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_receive_all_if" lineno="548">
<summary>
Receive UDP network traffic on all interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_sendrecv_all_if" lineno="566">
<summary>
Send and receive UDP network traffic on all interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_raw_send_all_if" lineno="581">
<summary>
Send raw IP packets on all interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sctp_sendrecv_generic_node" lineno="599">
<summary>
Send and receive SCTP network traffic on generic nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_raw_receive_all_if" lineno="617">
<summary>
Receive raw IP packets on all interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_raw_sendrecv_all_if" lineno="635">
<summary>
Send and receive raw IP packets on all interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dccp_sendrecv_generic_node" lineno="650">
<summary>
Send and receive DCCP network traffic on generic nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_generic_node" lineno="696">
<summary>
Send and receive TCP network traffic on generic nodes.
</summary>
<desc>
<p>
Allow the specified domain to send and receive TCP network
traffic to/from generic network nodes (hostnames/networks).
</p>
<p>
Related interface:
</p>
<ul>
<li>corenet_all_recvfrom_unlabeled()</li>
<li>corenet_tcp_sendrecv_generic_if()</li>
<li>corenet_tcp_sendrecv_all_ports()</li>
<li>corenet_tcp_connect_all_ports()</li>
</ul>
<p>
Example client being able to connect to all ports over
generic nodes, without labeled networking:
</p>
<p>
allow myclient_t self:tcp_socket create_stream_socket_perms;
corenet_tcp_sendrecv_generic_if(myclient_t)
corenet_tcp_sendrecv_generic_node(myclient_t)
corenet_tcp_sendrecv_all_ports(myclient_t)
corenet_tcp_connect_all_ports(myclient_t)
corenet_all_recvfrom_unlabeled(myclient_t)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_generic_node" lineno="714">
<summary>
Send UDP network traffic on generic nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_receive_generic_node" lineno="732">
<summary>
Receive UDP network traffic on generic nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_sendrecv_generic_node" lineno="776">
<summary>
Send and receive UDP network traffic on generic nodes.
</summary>
<desc>
<p>
Allow the specified domain to send and receive UDP network
traffic to/from generic network nodes (hostnames/networks).
</p>
<p>
Related interface:
</p>
<ul>
<li>corenet_all_recvfrom_unlabeled()</li>
<li>corenet_udp_sendrecv_generic_if()</li>
<li>corenet_udp_sendrecv_all_ports()</li>
</ul>
<p>
Example client being able to send to all ports over
generic nodes, without labeled networking:
</p>
<p>
allow myclient_t self:udp_socket create_socket_perms;
corenet_udp_sendrecv_generic_if(myclient_t)
corenet_udp_sendrecv_generic_node(myclient_t)
corenet_udp_sendrecv_all_ports(myclient_t)
corenet_all_recvfrom_unlabeled(myclient_t)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_raw_send_generic_node" lineno="791">
<summary>
Send raw IP packets on generic nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_raw_receive_generic_node" lineno="809">
<summary>
Receive raw IP packets on generic nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_raw_sendrecv_generic_node" lineno="827">
<summary>
Send and receive raw IP packets on generic nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dccp_bind_generic_node" lineno="842">
<summary>
Bind DCCP sockets to generic nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sctp_bind_generic_node" lineno="860">
<summary>
Bind SCTP sockets to generic nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_icmp_bind_generic_node" lineno="878">
<summary>
Bind ICMP sockets to generic nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_bind_generic_node" lineno="911">
<summary>
Bind TCP sockets to generic nodes.
</summary>
<desc>
<p>
Bind TCP sockets to generic nodes.  This is
necessary for binding a socket so it
can be used for servers to listen
for incoming connections.
</p>
<p>
Related interface:
</p>
<ul>
<li>corenet_udp_bind_generic_node()</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="1"/>
</interface>
<interface name="corenet_udp_bind_generic_node" lineno="944">
<summary>
Bind UDP sockets to generic nodes.
</summary>
<desc>
<p>
Bind UDP sockets to generic nodes.  This is
necessary for binding a socket so it
can be used for servers to listen
for incoming connections.
</p>
<p>
Related interface:
</p>
<ul>
<li>corenet_tcp_bind_generic_node()</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="1"/>
</interface>
<interface name="corenet_dontaudit_tcp_bind_generic_node" lineno="963">
<summary>
Dontaudit attempts to bind TCP sockets to generic nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="read" weight="1"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_generic_node" lineno="982">
<summary>
Dontaudit attempts to bind UDP sockets to generic nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="read" weight="1"/>
</interface>
<interface name="corenet_raw_bind_generic_node" lineno="1001">
<summary>
Bind raw sockets to genric nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_out_generic_node" lineno="1020">
<summary>
Allow outgoing network traffic to generic nodes.
</summary>
<param name="domain">
<summary>
The peer label of the outgoing network traffic.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_in_generic_node" lineno="1039">
<summary>
Allow incoming network traffic from generic nodes.
</summary>
<param name="domain">
<summary>
The peer label of the incoming network traffic.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_inout_generic_node" lineno="1058">
<summary>
Allow incoming and outgoing network traffic with generic nodes.
</summary>
<param name="domain">
<summary>
The peer label of the network traffic.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dccp_sendrecv_all_nodes" lineno="1073">
<summary>
Send and receive DCCP network traffic on all nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_all_nodes" lineno="1091">
<summary>
Send and receive TCP network traffic on all nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_send_all_nodes" lineno="1109">
<summary>
Send UDP network traffic on all nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_send_all_nodes" lineno="1128">
<summary>
Do not audit attempts to send UDP network
traffic on any nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_sctp_sendrecv_all_nodes" lineno="1146">
<summary>
Send and receive SCTP network traffic on all nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_receive_all_nodes" lineno="1164">
<summary>
Receive UDP network traffic on all nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_receive_all_nodes" lineno="1183">
<summary>
Do not audit attempts to receive UDP
network traffic on all nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_udp_sendrecv_all_nodes" lineno="1201">
<summary>
Send and receive UDP network traffic on all nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_all_nodes" lineno="1217">
<summary>
Do not audit attempts to send and receive UDP
network traffic on any nodes nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_raw_send_all_nodes" lineno="1232">
<summary>
Send raw IP packets on all nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_raw_receive_all_nodes" lineno="1250">
<summary>
Receive raw IP packets on all nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_raw_sendrecv_all_nodes" lineno="1268">
<summary>
Send and receive raw IP packets on all nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dccp_bind_all_nodes" lineno="1283">
<summary>
Bind DCCP sockets to all nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_bind_all_nodes" lineno="1301">
<summary>
Bind TCP sockets to all nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_bind_all_nodes" lineno="1319">
<summary>
Bind UDP sockets to all nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_raw_bind_all_nodes" lineno="1338">
<summary>
Bind raw sockets to all nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dccp_sendrecv_generic_port" lineno="1356">
<summary>
Send and receive DCCP network traffic on generic ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_generic_port" lineno="1374">
<summary>
Send and receive TCP network traffic on generic ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_dccp_sendrecv_generic_port" lineno="1394">
<summary>
Do not audit attempts to send and
receive DCCP network traffic on
generic ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_sctp_bind_all_nodes" lineno="1412">
<summary>
Bind SCTP sockets to all nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_sendrecv_generic_port" lineno="1431">
<summary>
Do not audit send and receive TCP network traffic on generic ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_send_generic_port" lineno="1449">
<summary>
Send UDP network traffic on generic ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_receive_generic_port" lineno="1467">
<summary>
Receive UDP network traffic on generic ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_sendrecv_generic_port" lineno="1485">
<summary>
Send and receive UDP network traffic on generic ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dccp_bind_generic_port" lineno="1500">
<summary>
Bind DCCP sockets to generic ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_bind_generic_port" lineno="1520">
<summary>
Bind TCP sockets to generic ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_dccp_bind_generic_port" lineno="1541">
<summary>
Do not audit attempts to bind DCCP
sockets to generic ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_bind_generic_port" lineno="1559">
<summary>
Do not audit bind TCP sockets to generic ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_udp_bind_generic_port" lineno="1577">
<summary>
Bind UDP sockets to generic ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dccp_connect_generic_port" lineno="1597">
<summary>
Connect DCCP sockets to generic ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_connect_generic_port" lineno="1615">
<summary>
Connect TCP sockets to generic ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dccp_sendrecv_all_ports" lineno="1633">
<summary>
Send and receive DCCP network traffic on all ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_all_ports" lineno="1677">
<summary>
Send and receive TCP network traffic on all ports.
</summary>
<desc>
<p>
Send and receive TCP network traffic on all ports.
Related interfaces:
</p>
<ul>
<li>corenet_all_recvfrom_unlabeled()</li>
<li>corenet_tcp_sendrecv_generic_if()</li>
<li>corenet_tcp_sendrecv_generic_node()</li>
<li>corenet_tcp_connect_all_ports()</li>
<li>corenet_tcp_bind_all_ports()</li>
</ul>
<p>
Example client being able to connect to all ports over
generic nodes, without labeled networking:
</p>
<p>
allow myclient_t self:tcp_socket create_stream_socket_perms;
corenet_tcp_sendrecv_generic_if(myclient_t)
corenet_tcp_sendrecv_generic_node(myclient_t)
corenet_tcp_sendrecv_all_ports(myclient_t)
corenet_tcp_connect_all_ports(myclient_t)
corenet_all_recvfrom_unlabeled(myclient_t)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_all_ports" lineno="1695">
<summary>
Send UDP network traffic on all ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_rawip_bind_unreserved_port" lineno="1713">
<summary>
Bind rawip sockets to unreserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sctp_bind_generic_port" lineno="1731">
<summary>
Bind SCTP sockets to generic ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_sctp_bind_generic_port" lineno="1752">
<summary>
Do not audit attempts to bind SCTP
sockets to generic ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_sctp_bind_all_ports" lineno="1770">
<summary>
Do not audit attepts to bind SCTP sockets to any ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_sctp_connect_all_ports" lineno="1789">
<summary>
Do not audit attempts to connect SCTP sockets
to all ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_sctp_connect_all_unreserved_ports" lineno="1807">
<summary>
Connect SCTP sockets to all ports > 1024.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sctp_connect_all_ports" lineno="1825">
<summary>
Connect SCTP sockets to all ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sctp_bind_all_reserved_ports" lineno="1843">
<summary>
Bind SCTP sockets to all reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_receive_all_ports" lineno="1862">
<summary>
Receive UDP network traffic on all ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_sendrecv_all_ports" lineno="1904">
<summary>
Send and receive UDP network traffic on all ports.
</summary>
<desc>
<p>
Send and receive UDP network traffic on all ports.
Related interfaces:
</p>
<ul>
<li>corenet_all_recvfrom_unlabeled()</li>
<li>corenet_udp_sendrecv_generic_if()</li>
<li>corenet_udp_sendrecv_generic_node()</li>
<li>corenet_udp_bind_all_ports()</li>
</ul>
<p>
Example client being able to send to all ports over
generic nodes, without labeled networking:
</p>
<p>
allow myclient_t self:udp_socket create_socket_perms;
corenet_udp_sendrecv_generic_if(myclient_t)
corenet_udp_sendrecv_generic_node(myclient_t)
corenet_udp_sendrecv_all_ports(myclient_t)
corenet_all_recvfrom_unlabeled(myclient_t)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dccp_bind_all_ports" lineno="1919">
<summary>
Bind DCCP sockets to all ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_bind_all_ports" lineno="1938">
<summary>
Bind TCP sockets to all ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_dccp_bind_all_ports" lineno="1957">
<summary>
Do not audit attepts to bind DCCP sockets to any ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_bind_all_ports" lineno="1975">
<summary>
Do not audit attepts to bind TCP sockets to any ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_udp_bind_all_ports" lineno="1993">
<summary>
Bind UDP sockets to all ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sctp_connect_generic_port" lineno="2012">
<summary>
Connect SCTP sockets to generic ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_bind_all_ports" lineno="2030">
<summary>
Do not audit attepts to bind UDP sockets to any ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dccp_connect_all_ports" lineno="2048">
<summary>
Connect DCCP sockets to all ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_connect_all_ports" lineno="2094">
<summary>
Connect TCP sockets to all ports.
</summary>
<desc>
<p>
Connect TCP sockets to all ports
</p>
<p>
Related interfaces:
</p>
<ul>
<li>corenet_all_recvfrom_unlabeled()</li>
<li>corenet_tcp_sendrecv_generic_if()</li>
<li>corenet_tcp_sendrecv_generic_node()</li>
<li>corenet_tcp_sendrecv_all_ports()</li>
<li>corenet_tcp_bind_all_ports()</li>
</ul>
<p>
Example client being able to connect to all ports over
generic nodes, without labeled networking:
</p>
<p>
allow myclient_t self:tcp_socket create_stream_socket_perms;
corenet_tcp_sendrecv_generic_if(myclient_t)
corenet_tcp_sendrecv_generic_node(myclient_t)
corenet_tcp_sendrecv_all_ports(myclient_t)
corenet_tcp_connect_all_ports(myclient_t)
corenet_all_recvfrom_unlabeled(myclient_t)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="1"/>
</interface>
<interface name="corenet_dontaudit_dccp_connect_all_ports" lineno="2113">
<summary>
Do not audit attempts to connect DCCP sockets
to all ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_all_ports" lineno="2132">
<summary>
Do not audit attempts to connect TCP sockets
to all ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dccp_sendrecv_reserved_port" lineno="2150">
<summary>
Send and receive DCCP network traffic on generic reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_reserved_port" lineno="2168">
<summary>
Send and receive TCP network traffic on generic reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_send_reserved_port" lineno="2186">
<summary>
Send UDP network traffic on generic reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_receive_reserved_port" lineno="2204">
<summary>
Receive UDP network traffic on generic reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_sendrecv_reserved_port" lineno="2222">
<summary>
Send and receive UDP network traffic on generic reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dccp_bind_reserved_port" lineno="2237">
<summary>
Bind DCCP sockets to generic reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_bind_reserved_port" lineno="2256">
<summary>
Bind TCP sockets to generic reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sctp_bind_all_ports" lineno="2275">
<summary>
Bind SCTP sockets to all ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_bind_reserved_port" lineno="2294">
<summary>
Bind UDP sockets to generic reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dccp_connect_reserved_port" lineno="2313">
<summary>
Connect DCCP sockets to generic reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_connect_reserved_port" lineno="2331">
<summary>
Connect TCP sockets to generic reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dccp_sendrecv_all_reserved_ports" lineno="2349">
<summary>
Send and receive DCCP network traffic on all reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_all_reserved_ports" lineno="2367">
<summary>
Send and receive TCP network traffic on all reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_send_all_reserved_ports" lineno="2385">
<summary>
Send UDP network traffic on all reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_receive_all_reserved_ports" lineno="2403">
<summary>
Receive UDP network traffic on all reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_sendrecv_all_reserved_ports" lineno="2421">
<summary>
Send and receive UDP network traffic on all reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dccp_bind_all_reserved_ports" lineno="2436">
<summary>
Bind DCCP sockets to all reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_bind_all_reserved_ports" lineno="2455">
<summary>
Bind TCP sockets to all reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_dccp_bind_all_reserved_ports" lineno="2474">
<summary>
Do not audit attempts to bind DCCP sockets to all reserved ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_bind_all_reserved_ports" lineno="2492">
<summary>
Do not audit attempts to bind TCP sockets to all reserved ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_udp_bind_all_reserved_ports" lineno="2510">
<summary>
Bind UDP sockets to all reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_bind_all_reserved_ports" lineno="2529">
<summary>
Do not audit attempts to bind UDP sockets to all reserved ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dccp_bind_all_unreserved_ports" lineno="2547">
<summary>
Bind DCCP sockets to all ports > 1024.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_bind_all_unreserved_ports" lineno="2565">
<summary>
Bind TCP sockets to all ports > 1024.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_bind_unreserved_ports" lineno="2583">
<summary>
Bind TCP sockets to all ports > 1024.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_bind_all_unreserved_ports" lineno="2601">
<summary>
Bind UDP sockets to all ports > 1024.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_bind_all_ephemeral_ports" lineno="2619">
<summary>
Bind TCP sockets to all ports > 32768.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_bind_all_ephemeral_ports" lineno="2637">
<summary>
Bind UDP sockets to all ports > 32768.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dccp_connect_all_reserved_ports" lineno="2655">
<summary>
Connect DCCP sockets to reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_connect_all_reserved_ports" lineno="2673">
<summary>
Connect TCP sockets to reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dccp_connect_all_unreserved_ports" lineno="2691">
<summary>
Connect DCCP sockets to all ports > 1024.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_connect_unreserved_ports" lineno="2709">
<summary>
Connect TCP sockets to ports > 1024.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_connect_all_unreserved_ports" lineno="2727">
<summary>
Connect TCP sockets to all ports > 1024.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_connect_all_ephemeral_ports" lineno="2745">
<summary>
Connect TCP sockets to all ports > 32768.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_dccp_connect_all_reserved_ports" lineno="2764">
<summary>
Do not audit attempts to connect DCCP sockets
all reserved ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_all_reserved_ports" lineno="2783">
<summary>
Do not audit attempts to connect TCP sockets
all reserved ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dccp_connect_all_rpc_ports" lineno="2801">
<summary>
Connect DCCP sockets to rpc ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_connect_all_rpc_ports" lineno="2819">
<summary>
Connect TCP sockets to rpc ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_dccp_connect_all_rpc_ports" lineno="2838">
<summary>
Do not audit attempts to connect DCCP sockets
all rpc ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_all_rpc_ports" lineno="2857">
<summary>
Do not audit attempts to connect TCP sockets
all rpc ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_sctp_bind_reserved_port" lineno="2875">
<summary>
Read and write the TUN/TAP virtual network device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_rw_tun_tap_dev" lineno="2893">
<summary>
</summary>
<param name="domain">
<summary>
The domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_relabel_tun_tap_dev" lineno="2912">
<summary>
Relabel to and from the TUN/TAP virtual network device.
</summary>
<param name="domain">
<summary>
The domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_rw_inherited_tun_tap_dev" lineno="2930">
<summary>
Read and write inherited TUN/TAP virtual network device.
</summary>
<param name="domain">
<summary>
The domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sctp_connect_reserved_port" lineno="2948">
<summary>
Connect SCTP sockets to generic reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_rw_tun_tap_dev" lineno="2967">
<summary>
Do not audit attempts to read or write the TUN/TAP
virtual network device.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_getattr_ppp_dev" lineno="2985">
<summary>
Getattr the point-to-point device.
</summary>
<param name="domain">
<summary>
The domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_rw_ppp_dev" lineno="3003">
<summary>
Read and write the point-to-point device.
</summary>
<param name="domain">
<summary>
The domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dccp_bind_all_rpc_ports" lineno="3022">
<summary>
Bind DCCP sockets to all RPC ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_bind_all_rpc_ports" lineno="3041">
<summary>
Bind TCP sockets to all RPC ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_dccp_bind_all_rpc_ports" lineno="3060">
<summary>
Do not audit attempts to bind DCCP sockets to all RPC ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_bind_all_rpc_ports" lineno="3078">
<summary>
Do not audit attempts to bind TCP sockets to all RPC ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_udp_bind_all_rpc_ports" lineno="3096">
<summary>
Bind UDP sockets to all RPC ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_bind_all_rpc_ports" lineno="3115">
<summary>
Do not audit attempts to bind UDP sockets to all RPC ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_non_ipsec_sendrecv" lineno="3146">
<summary>
Send and receive messages on a
non-encrypted (no IPSEC) network
session.
</summary>
<desc>
<p>
Send and receive messages on a
non-encrypted (no IPSEC) network
session.  (Deprecated)
</p>
<p>
The corenet_all_recvfrom_unlabeled() interface should be used instead
of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_non_ipsec_sendrecv" lineno="3174">
<summary>
Do not audit attempts to send and receive
messages on a non-encrypted (no IPSEC) network
session.
</summary>
<desc>
<p>
Do not audit attempts to send and receive
messages on a non-encrypted (no IPSEC) network
session.
</p>
<p>
The corenet_dontaudit_all_recvfrom_unlabeled() interface should be
used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_tcp_recv_netlabel" lineno="3189">
<summary>
Receive TCP packets from a NetLabel connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dccp_recvfrom_netlabel" lineno="3204">
<summary>
Receive DCCP packets from a NetLabel connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_recvfrom_netlabel" lineno="3223">
<summary>
Receive TCP packets from a NetLabel connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dccp_recvfrom_unlabeled" lineno="3242">
<summary>
Receive DCCP packets from an unlabled connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_sctp_bind_all_reserved_ports" lineno="3267">
<summary>
Do not audit attempts to bind SCTP sockets to all reserved ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_recv_netlabel" lineno="3286">
<summary>
Do not audit attempts to receive TCP packets from a NetLabel
connection.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_dccp_recvfrom_netlabel" lineno="3302">
<summary>
Do not audit attempts to receive DCCP packets from a NetLabel
connection.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_recvfrom_netlabel" lineno="3322">
<summary>
Do not audit attempts to receive TCP packets from a NetLabel
connection.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_dccp_recvfrom_unlabeled" lineno="3342">
<summary>
Do not audit attempts to receive DCCP packets from an unlabeled
connection.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_recvfrom_unlabeled" lineno="3363">
<summary>
Do not audit attempts to receive TCP packets from an unlabeled
connection.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_udp_recv_netlabel" lineno="3383">
<summary>
Receive UDP packets from a NetLabel connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_recvfrom_netlabel" lineno="3398">
<summary>
Receive UDP packets from a NetLabel connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_recvfrom_unlabeled" lineno="3417">
<summary>
Receive UDP packets from an unlabeled connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sctp_bind_all_unreserved_ports" lineno="3437">
<summary>
Bind SCTP sockets to all ports > 1024.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_recv_netlabel" lineno="3456">
<summary>
Do not audit attempts to receive UDP packets from a NetLabel
connection.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_recvfrom_netlabel" lineno="3472">
<summary>
Do not audit attempts to receive UDP packets from a NetLabel
connection.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_recvfrom_unlabeled" lineno="3492">
<summary>
Do not audit attempts to receive UDP packets from an unlabeled
connection.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_raw_recv_netlabel" lineno="3512">
<summary>
Receive Raw IP packets from a NetLabel connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_raw_recvfrom_netlabel" lineno="3527">
<summary>
Receive Raw IP packets from a NetLabel connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_raw_recvfrom_unlabeled" lineno="3546">
<summary>
Receive Raw IP packets from an unlabeled connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_raw_recv_netlabel" lineno="3567">
<summary>
Do not audit attempts to receive Raw IP packets from a NetLabel
connection.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_raw_recvfrom_netlabel" lineno="3583">
<summary>
Do not audit attempts to receive Raw IP packets from a NetLabel
connection.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_sctp_connect_all_reserved_ports" lineno="3602">
<summary>
Connect SCTP sockets to reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_raw_recvfrom_unlabeled" lineno="3621">
<summary>
Do not audit attempts to receive Raw IP packets from an unlabeled
connection.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_all_recvfrom_unlabeled" lineno="3653">
<summary>
Receive packets from an unlabeled connection.
</summary>
<desc>
<p>
Allow the specified domain to receive packets from an
unlabeled connection.  On machines that do not utilize
labeled networking, this will be required on all
networking domains.  On machines tha do utilize
labeled networking, this will be required for any
networking domain that is allowed to receive
network traffic that does not have a label.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_all_recvfrom_netlabel" lineno="3681">
<summary>
Receive packets from a NetLabel connection.
</summary>
<desc>
<p>
Allow the specified domain to receive NetLabel
network traffic, which utilizes the Commercial IP
Security Option (CIPSO) to set the MLS level
of the network packets.  This is required for
all networking domains that receive NetLabel
network traffic.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_enable_unlabeled_packets" lineno="3705">
<summary>
Enable unlabeled net packets
</summary>
<desc>
<p>
Allow unlabeled_packet_t to be used by all domains that use the network
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_all_recvfrom_unlabeled" lineno="3723">
<summary>
Do not audit attempts to receive packets from an unlabeled connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_sctp_connect_all_reserved_ports" lineno="3747">
<summary>
Do not audit attempts to connect SCTP sockets
all reserved ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_all_recvfrom_netlabel" lineno="3766">
<summary>
Do not audit attempts to receive packets from a NetLabel
connection.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dccp_recvfrom_labeled" lineno="3790">
<summary>
Rules for receiving labeled DCCP packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="peer_domain">
<summary>
Peer domain.
</summary>
</param>
</interface>
<interface name="corenet_tcp_recvfrom_labeled" lineno="3826">
<summary>
Rules for receiving labeled TCP packets.
</summary>
<desc>
<p>
Rules for receiving labeled TCP packets.
</p>
<p>
Due to the nature of TCP, this is bidirectional.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="peer_domain">
<summary>
Peer domain.
</summary>
</param>
</interface>
<interface name="corenet_udp_recvfrom_labeled" lineno="3854">
<summary>
Rules for receiving labeled UDP packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="peer_domain">
<summary>
Peer domain.
</summary>
</param>
</interface>
<interface name="corenet_raw_recvfrom_labeled" lineno="3879">
<summary>
Rules for receiving labeled raw IP packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="peer_domain">
<summary>
Peer domain.
</summary>
</param>
</interface>
<interface name="corenet_all_recvfrom_labeled" lineno="3913">
<summary>
Rules for receiving labeled packets via TCP, UDP and raw IP.
</summary>
<desc>
<p>
Rules for receiving labeled packets via TCP, UDP and raw IP.
</p>
<p>
Due to the nature of TCP, the rules (for TCP
networking only) are bidirectional.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="peer_domain">
<summary>
Peer domain.
</summary>
</param>
</interface>
<interface name="corenet_setcontext_all_spds" lineno="3931">
<summary>
Make the specified type usable
for labeled ipsec.
</summary>
<param name="domain">
<summary>
Type to be used for labeled ipsec.
</summary>
</param>
</interface>
<interface name="corenet_send_generic_client_packets" lineno="3949">
<summary>
Send generic client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_receive_generic_client_packets" lineno="3967">
<summary>
Receive generic client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sendrecv_generic_client_packets" lineno="3985">
<summary>
Send and receive generic client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_relabelto_generic_client_packets" lineno="4000">
<summary>
Relabel packets to the generic client packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_generic_server_packets" lineno="4018">
<summary>
Send generic server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_receive_generic_server_packets" lineno="4036">
<summary>
Receive generic server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sendrecv_generic_server_packets" lineno="4054">
<summary>
Send and receive generic server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_relabelto_generic_server_packets" lineno="4069">
<summary>
Relabel packets to the generic server packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sendrecv_unlabeled_packets" lineno="4094">
<summary>
Send and receive unlabeled packets.
</summary>
<desc>
<p>
Send and receive unlabeled packets.
These packets do not match any netfilter
SECMARK rules.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_all_client_packets" lineno="4108">
<summary>
Send all client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_receive_all_client_packets" lineno="4126">
<summary>
Receive all client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sendrecv_all_client_packets" lineno="4144">
<summary>
Send and receive all client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_relabelto_all_client_packets" lineno="4159">
<summary>
Relabel packets to any client packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_all_server_packets" lineno="4177">
<summary>
Send all server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sctp_recvfrom_netlabel" lineno="4195">
<summary>
Receive SCTP packets from a NetLabel connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_receive_all_server_packets" lineno="4213">
<summary>
Receive all server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sendrecv_all_server_packets" lineno="4231">
<summary>
Send and receive all server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_relabelto_all_server_packets" lineno="4246">
<summary>
Relabel packets to any server packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sctp_recvfrom_unlabeled" lineno="4264">
<summary>
Receive SCTP packets from an unlabled connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_all_packets" lineno="4285">
<summary>
Send all packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_receive_all_packets" lineno="4303">
<summary>
Receive all packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sendrecv_all_packets" lineno="4321">
<summary>
Send and receive all packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_relabelto_all_packets" lineno="4336">
<summary>
Relabel packets to any packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_unconfined" lineno="4354">
<summary>
Unconfined access to network objects.
</summary>
<param name="domain">
<summary>
The domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_bind_all_defined_ports" lineno="4372">
<summary>
Dontaudit bind tcp sockets to defined ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_filetrans_all_named_dev" lineno="4389">
<summary>
Create all network named devices with the correct label
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_ib_pkey" lineno="4448">
<summary>
Define type to be an infiniband pkey type
</summary>
<desc>
<p>
Define type to be an infiniband pkey type
</p>
<p>
This is for supporting third party modules and its
use is not allowed in upstream reference policy.
</p>
</desc>
<param name="domain">
<summary>
Type to be used for infiniband pkeys.
</summary>
</param>
</interface>
<interface name="corenet_ib_access_unlabeled_pkeys" lineno="4466">
<summary>
Access unlabeled infiniband pkeys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_ib_access_all_pkeys" lineno="4480">
<summary>
Access all labeled infiniband pkeys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_ib_endport" lineno="4507">
<summary>
Define type to be an infiniband endport
</summary>
<desc>
<p>
Define type to be an infiniband endport
</p>
<p>
This is for supporting third party modules and its
use is not allowed in upstream reference policy.
</p>
</desc>
<param name="domain">
<summary>
Type to be used for infiniband endports.
</summary>
</param>
</interface>
<interface name="corenet_ib_manage_subnet_all_endports" lineno="4525">
<summary>
Manage subnets on all labeled Infiniband endports
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sctp_recvfrom_labeled" lineno="4548">
<summary>
Rules for receiving labeled SCTP packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="peer_domain">
<summary>
Peer domain.
</summary>
</param>
</interface>
<interface name="corenet_ib_manage_subnet_unlabeled_endports" lineno="4571">
<summary>
Manage subnet on all unlabeled Infiniband endports
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_afs_bos_port" lineno="4587">
<summary>
Send and receive TCP traffic on the afs_bos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_afs_bos_port" lineno="4606">
<summary>
Send UDP traffic on the afs_bos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_afs_bos_port" lineno="4625">
<summary>
Do not audit attempts to send UDP traffic on the afs_bos port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_afs_bos_port" lineno="4644">
<summary>
Receive UDP traffic on the afs_bos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_afs_bos_port" lineno="4663">
<summary>
Do not audit attempts to receive UDP traffic on the afs_bos port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_afs_bos_port" lineno="4682">
<summary>
Send and receive UDP traffic on the afs_bos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_afs_bos_port" lineno="4699">
<summary>
Do not audit attempts to send and receive
UDP traffic on the afs_bos port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_afs_bos_port" lineno="4715">
<summary>
Bind TCP sockets to the afs_bos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_afs_bos_port" lineno="4735">
<summary>
Bind UDP sockets to the afs_bos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_afs_bos_port" lineno="4755">
<summary>
Do not audit attempts to sbind to afs_bos port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_afs_bos_port" lineno="4774">
<summary>
Make a TCP connection to the afs_bos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_afs_bos_port" lineno="4791">
<summary>
Do not audit attempts to make a TCP connection to afs_bos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_bos_client_packets" lineno="4811">
<summary>
Send afs_bos_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_bos_client_packets" lineno="4830">
<summary>
Do not audit attempts to send afs_bos_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_bos_client_packets" lineno="4849">
<summary>
Receive afs_bos_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_bos_client_packets" lineno="4868">
<summary>
Do not audit attempts to receive afs_bos_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_bos_client_packets" lineno="4887">
<summary>
Send and receive afs_bos_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_bos_client_packets" lineno="4903">
<summary>
Do not audit attempts to send and receive afs_bos_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_bos_client_packets" lineno="4918">
<summary>
Relabel packets to afs_bos_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_bos_server_packets" lineno="4938">
<summary>
Send afs_bos_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_bos_server_packets" lineno="4957">
<summary>
Do not audit attempts to send afs_bos_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_bos_server_packets" lineno="4976">
<summary>
Receive afs_bos_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_bos_server_packets" lineno="4995">
<summary>
Do not audit attempts to receive afs_bos_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_bos_server_packets" lineno="5014">
<summary>
Send and receive afs_bos_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_bos_server_packets" lineno="5030">
<summary>
Do not audit attempts to send and receive afs_bos_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_bos_server_packets" lineno="5045">
<summary>
Relabel packets to afs_bos_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_afs_fs_port" lineno="5067">
<summary>
Send and receive TCP traffic on the afs_fs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_afs_fs_port" lineno="5086">
<summary>
Send UDP traffic on the afs_fs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_afs_fs_port" lineno="5105">
<summary>
Do not audit attempts to send UDP traffic on the afs_fs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_afs_fs_port" lineno="5124">
<summary>
Receive UDP traffic on the afs_fs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_afs_fs_port" lineno="5143">
<summary>
Do not audit attempts to receive UDP traffic on the afs_fs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_afs_fs_port" lineno="5162">
<summary>
Send and receive UDP traffic on the afs_fs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_afs_fs_port" lineno="5179">
<summary>
Do not audit attempts to send and receive
UDP traffic on the afs_fs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_afs_fs_port" lineno="5195">
<summary>
Bind TCP sockets to the afs_fs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_afs_fs_port" lineno="5215">
<summary>
Bind UDP sockets to the afs_fs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_afs_fs_port" lineno="5235">
<summary>
Do not audit attempts to sbind to afs_fs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_afs_fs_port" lineno="5254">
<summary>
Make a TCP connection to the afs_fs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_afs_fs_port" lineno="5271">
<summary>
Do not audit attempts to make a TCP connection to afs_fs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_fs_client_packets" lineno="5291">
<summary>
Send afs_fs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_fs_client_packets" lineno="5310">
<summary>
Do not audit attempts to send afs_fs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_fs_client_packets" lineno="5329">
<summary>
Receive afs_fs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_fs_client_packets" lineno="5348">
<summary>
Do not audit attempts to receive afs_fs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_fs_client_packets" lineno="5367">
<summary>
Send and receive afs_fs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_fs_client_packets" lineno="5383">
<summary>
Do not audit attempts to send and receive afs_fs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_fs_client_packets" lineno="5398">
<summary>
Relabel packets to afs_fs_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_fs_server_packets" lineno="5418">
<summary>
Send afs_fs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_fs_server_packets" lineno="5437">
<summary>
Do not audit attempts to send afs_fs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_fs_server_packets" lineno="5456">
<summary>
Receive afs_fs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_fs_server_packets" lineno="5475">
<summary>
Do not audit attempts to receive afs_fs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_fs_server_packets" lineno="5494">
<summary>
Send and receive afs_fs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_fs_server_packets" lineno="5510">
<summary>
Do not audit attempts to send and receive afs_fs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_fs_server_packets" lineno="5525">
<summary>
Relabel packets to afs_fs_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_afs_ka_port" lineno="5547">
<summary>
Send and receive TCP traffic on the afs_ka port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_afs_ka_port" lineno="5566">
<summary>
Send UDP traffic on the afs_ka port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_afs_ka_port" lineno="5585">
<summary>
Do not audit attempts to send UDP traffic on the afs_ka port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_afs_ka_port" lineno="5604">
<summary>
Receive UDP traffic on the afs_ka port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_afs_ka_port" lineno="5623">
<summary>
Do not audit attempts to receive UDP traffic on the afs_ka port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_afs_ka_port" lineno="5642">
<summary>
Send and receive UDP traffic on the afs_ka port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_afs_ka_port" lineno="5659">
<summary>
Do not audit attempts to send and receive
UDP traffic on the afs_ka port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_afs_ka_port" lineno="5675">
<summary>
Bind TCP sockets to the afs_ka port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_afs_ka_port" lineno="5695">
<summary>
Bind UDP sockets to the afs_ka port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_afs_ka_port" lineno="5715">
<summary>
Do not audit attempts to sbind to afs_ka port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_afs_ka_port" lineno="5734">
<summary>
Make a TCP connection to the afs_ka port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_afs_ka_port" lineno="5751">
<summary>
Do not audit attempts to make a TCP connection to afs_ka port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_ka_client_packets" lineno="5771">
<summary>
Send afs_ka_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_ka_client_packets" lineno="5790">
<summary>
Do not audit attempts to send afs_ka_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_ka_client_packets" lineno="5809">
<summary>
Receive afs_ka_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_ka_client_packets" lineno="5828">
<summary>
Do not audit attempts to receive afs_ka_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_ka_client_packets" lineno="5847">
<summary>
Send and receive afs_ka_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_ka_client_packets" lineno="5863">
<summary>
Do not audit attempts to send and receive afs_ka_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_ka_client_packets" lineno="5878">
<summary>
Relabel packets to afs_ka_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_ka_server_packets" lineno="5898">
<summary>
Send afs_ka_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_ka_server_packets" lineno="5917">
<summary>
Do not audit attempts to send afs_ka_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_ka_server_packets" lineno="5936">
<summary>
Receive afs_ka_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_ka_server_packets" lineno="5955">
<summary>
Do not audit attempts to receive afs_ka_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_ka_server_packets" lineno="5974">
<summary>
Send and receive afs_ka_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_ka_server_packets" lineno="5990">
<summary>
Do not audit attempts to send and receive afs_ka_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_ka_server_packets" lineno="6005">
<summary>
Relabel packets to afs_ka_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_afs_pt_port" lineno="6027">
<summary>
Send and receive TCP traffic on the afs_pt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_afs_pt_port" lineno="6046">
<summary>
Send UDP traffic on the afs_pt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_afs_pt_port" lineno="6065">
<summary>
Do not audit attempts to send UDP traffic on the afs_pt port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_afs_pt_port" lineno="6084">
<summary>
Receive UDP traffic on the afs_pt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_afs_pt_port" lineno="6103">
<summary>
Do not audit attempts to receive UDP traffic on the afs_pt port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_afs_pt_port" lineno="6122">
<summary>
Send and receive UDP traffic on the afs_pt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_afs_pt_port" lineno="6139">
<summary>
Do not audit attempts to send and receive
UDP traffic on the afs_pt port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_afs_pt_port" lineno="6155">
<summary>
Bind TCP sockets to the afs_pt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_afs_pt_port" lineno="6175">
<summary>
Bind UDP sockets to the afs_pt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_afs_pt_port" lineno="6195">
<summary>
Do not audit attempts to sbind to afs_pt port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_afs_pt_port" lineno="6214">
<summary>
Make a TCP connection to the afs_pt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_afs_pt_port" lineno="6231">
<summary>
Do not audit attempts to make a TCP connection to afs_pt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_pt_client_packets" lineno="6251">
<summary>
Send afs_pt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_pt_client_packets" lineno="6270">
<summary>
Do not audit attempts to send afs_pt_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_pt_client_packets" lineno="6289">
<summary>
Receive afs_pt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_pt_client_packets" lineno="6308">
<summary>
Do not audit attempts to receive afs_pt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_pt_client_packets" lineno="6327">
<summary>
Send and receive afs_pt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_pt_client_packets" lineno="6343">
<summary>
Do not audit attempts to send and receive afs_pt_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_pt_client_packets" lineno="6358">
<summary>
Relabel packets to afs_pt_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_pt_server_packets" lineno="6378">
<summary>
Send afs_pt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_pt_server_packets" lineno="6397">
<summary>
Do not audit attempts to send afs_pt_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_pt_server_packets" lineno="6416">
<summary>
Receive afs_pt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_pt_server_packets" lineno="6435">
<summary>
Do not audit attempts to receive afs_pt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_pt_server_packets" lineno="6454">
<summary>
Send and receive afs_pt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_pt_server_packets" lineno="6470">
<summary>
Do not audit attempts to send and receive afs_pt_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_pt_server_packets" lineno="6485">
<summary>
Relabel packets to afs_pt_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_afs_vl_port" lineno="6507">
<summary>
Send and receive TCP traffic on the afs_vl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_afs_vl_port" lineno="6526">
<summary>
Send UDP traffic on the afs_vl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_afs_vl_port" lineno="6545">
<summary>
Do not audit attempts to send UDP traffic on the afs_vl port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_afs_vl_port" lineno="6564">
<summary>
Receive UDP traffic on the afs_vl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_afs_vl_port" lineno="6583">
<summary>
Do not audit attempts to receive UDP traffic on the afs_vl port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_afs_vl_port" lineno="6602">
<summary>
Send and receive UDP traffic on the afs_vl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_afs_vl_port" lineno="6619">
<summary>
Do not audit attempts to send and receive
UDP traffic on the afs_vl port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_afs_vl_port" lineno="6635">
<summary>
Bind TCP sockets to the afs_vl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_afs_vl_port" lineno="6655">
<summary>
Bind UDP sockets to the afs_vl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_afs_vl_port" lineno="6675">
<summary>
Do not audit attempts to sbind to afs_vl port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_afs_vl_port" lineno="6694">
<summary>
Make a TCP connection to the afs_vl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_afs_vl_port" lineno="6711">
<summary>
Do not audit attempts to make a TCP connection to afs_vl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_vl_client_packets" lineno="6731">
<summary>
Send afs_vl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_vl_client_packets" lineno="6750">
<summary>
Do not audit attempts to send afs_vl_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_vl_client_packets" lineno="6769">
<summary>
Receive afs_vl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_vl_client_packets" lineno="6788">
<summary>
Do not audit attempts to receive afs_vl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_vl_client_packets" lineno="6807">
<summary>
Send and receive afs_vl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_vl_client_packets" lineno="6823">
<summary>
Do not audit attempts to send and receive afs_vl_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_vl_client_packets" lineno="6838">
<summary>
Relabel packets to afs_vl_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_vl_server_packets" lineno="6858">
<summary>
Send afs_vl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_vl_server_packets" lineno="6877">
<summary>
Do not audit attempts to send afs_vl_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_vl_server_packets" lineno="6896">
<summary>
Receive afs_vl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_vl_server_packets" lineno="6915">
<summary>
Do not audit attempts to receive afs_vl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_vl_server_packets" lineno="6934">
<summary>
Send and receive afs_vl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_vl_server_packets" lineno="6950">
<summary>
Do not audit attempts to send and receive afs_vl_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_vl_server_packets" lineno="6965">
<summary>
Relabel packets to afs_vl_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_afs3_callback_port" lineno="6987">
<summary>
Send and receive TCP traffic on the afs3_callback port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_afs3_callback_port" lineno="7006">
<summary>
Send UDP traffic on the afs3_callback port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_afs3_callback_port" lineno="7025">
<summary>
Do not audit attempts to send UDP traffic on the afs3_callback port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_afs3_callback_port" lineno="7044">
<summary>
Receive UDP traffic on the afs3_callback port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_afs3_callback_port" lineno="7063">
<summary>
Do not audit attempts to receive UDP traffic on the afs3_callback port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_afs3_callback_port" lineno="7082">
<summary>
Send and receive UDP traffic on the afs3_callback port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_afs3_callback_port" lineno="7099">
<summary>
Do not audit attempts to send and receive
UDP traffic on the afs3_callback port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_afs3_callback_port" lineno="7115">
<summary>
Bind TCP sockets to the afs3_callback port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_afs3_callback_port" lineno="7135">
<summary>
Bind UDP sockets to the afs3_callback port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_afs3_callback_port" lineno="7155">
<summary>
Do not audit attempts to sbind to afs3_callback port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_afs3_callback_port" lineno="7174">
<summary>
Make a TCP connection to the afs3_callback port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_afs3_callback_port" lineno="7191">
<summary>
Do not audit attempts to make a TCP connection to afs3_callback port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs3_callback_client_packets" lineno="7211">
<summary>
Send afs3_callback_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs3_callback_client_packets" lineno="7230">
<summary>
Do not audit attempts to send afs3_callback_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs3_callback_client_packets" lineno="7249">
<summary>
Receive afs3_callback_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs3_callback_client_packets" lineno="7268">
<summary>
Do not audit attempts to receive afs3_callback_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs3_callback_client_packets" lineno="7287">
<summary>
Send and receive afs3_callback_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs3_callback_client_packets" lineno="7303">
<summary>
Do not audit attempts to send and receive afs3_callback_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs3_callback_client_packets" lineno="7318">
<summary>
Relabel packets to afs3_callback_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs3_callback_server_packets" lineno="7338">
<summary>
Send afs3_callback_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs3_callback_server_packets" lineno="7357">
<summary>
Do not audit attempts to send afs3_callback_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs3_callback_server_packets" lineno="7376">
<summary>
Receive afs3_callback_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs3_callback_server_packets" lineno="7395">
<summary>
Do not audit attempts to receive afs3_callback_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs3_callback_server_packets" lineno="7414">
<summary>
Send and receive afs3_callback_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs3_callback_server_packets" lineno="7430">
<summary>
Do not audit attempts to send and receive afs3_callback_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs3_callback_server_packets" lineno="7445">
<summary>
Relabel packets to afs3_callback_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_agentx_port" lineno="7467">
<summary>
Send and receive TCP traffic on the agentx port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_agentx_port" lineno="7486">
<summary>
Send UDP traffic on the agentx port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_agentx_port" lineno="7505">
<summary>
Do not audit attempts to send UDP traffic on the agentx port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_agentx_port" lineno="7524">
<summary>
Receive UDP traffic on the agentx port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_agentx_port" lineno="7543">
<summary>
Do not audit attempts to receive UDP traffic on the agentx port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_agentx_port" lineno="7562">
<summary>
Send and receive UDP traffic on the agentx port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_agentx_port" lineno="7579">
<summary>
Do not audit attempts to send and receive
UDP traffic on the agentx port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_agentx_port" lineno="7595">
<summary>
Bind TCP sockets to the agentx port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_agentx_port" lineno="7615">
<summary>
Bind UDP sockets to the agentx port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_agentx_port" lineno="7635">
<summary>
Do not audit attempts to sbind to agentx port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_agentx_port" lineno="7654">
<summary>
Make a TCP connection to the agentx port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_agentx_port" lineno="7671">
<summary>
Do not audit attempts to make a TCP connection to agentx port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_agentx_client_packets" lineno="7691">
<summary>
Send agentx_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_agentx_client_packets" lineno="7710">
<summary>
Do not audit attempts to send agentx_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_agentx_client_packets" lineno="7729">
<summary>
Receive agentx_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_agentx_client_packets" lineno="7748">
<summary>
Do not audit attempts to receive agentx_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_agentx_client_packets" lineno="7767">
<summary>
Send and receive agentx_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_agentx_client_packets" lineno="7783">
<summary>
Do not audit attempts to send and receive agentx_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_agentx_client_packets" lineno="7798">
<summary>
Relabel packets to agentx_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_agentx_server_packets" lineno="7818">
<summary>
Send agentx_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_agentx_server_packets" lineno="7837">
<summary>
Do not audit attempts to send agentx_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_agentx_server_packets" lineno="7856">
<summary>
Receive agentx_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_agentx_server_packets" lineno="7875">
<summary>
Do not audit attempts to receive agentx_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_agentx_server_packets" lineno="7894">
<summary>
Send and receive agentx_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_agentx_server_packets" lineno="7910">
<summary>
Do not audit attempts to send and receive agentx_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_agentx_server_packets" lineno="7925">
<summary>
Relabel packets to agentx_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_amanda_port" lineno="7947">
<summary>
Send and receive TCP traffic on the amanda port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_amanda_port" lineno="7966">
<summary>
Send UDP traffic on the amanda port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_amanda_port" lineno="7985">
<summary>
Do not audit attempts to send UDP traffic on the amanda port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_amanda_port" lineno="8004">
<summary>
Receive UDP traffic on the amanda port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_amanda_port" lineno="8023">
<summary>
Do not audit attempts to receive UDP traffic on the amanda port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_amanda_port" lineno="8042">
<summary>
Send and receive UDP traffic on the amanda port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_amanda_port" lineno="8059">
<summary>
Do not audit attempts to send and receive
UDP traffic on the amanda port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_amanda_port" lineno="8075">
<summary>
Bind TCP sockets to the amanda port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_amanda_port" lineno="8095">
<summary>
Bind UDP sockets to the amanda port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_amanda_port" lineno="8115">
<summary>
Do not audit attempts to sbind to amanda port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_amanda_port" lineno="8134">
<summary>
Make a TCP connection to the amanda port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_amanda_port" lineno="8151">
<summary>
Do not audit attempts to make a TCP connection to amanda port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_amanda_client_packets" lineno="8171">
<summary>
Send amanda_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_amanda_client_packets" lineno="8190">
<summary>
Do not audit attempts to send amanda_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_amanda_client_packets" lineno="8209">
<summary>
Receive amanda_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_amanda_client_packets" lineno="8228">
<summary>
Do not audit attempts to receive amanda_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_amanda_client_packets" lineno="8247">
<summary>
Send and receive amanda_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_amanda_client_packets" lineno="8263">
<summary>
Do not audit attempts to send and receive amanda_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_amanda_client_packets" lineno="8278">
<summary>
Relabel packets to amanda_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_amanda_server_packets" lineno="8298">
<summary>
Send amanda_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_amanda_server_packets" lineno="8317">
<summary>
Do not audit attempts to send amanda_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_amanda_server_packets" lineno="8336">
<summary>
Receive amanda_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_amanda_server_packets" lineno="8355">
<summary>
Do not audit attempts to receive amanda_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_amanda_server_packets" lineno="8374">
<summary>
Send and receive amanda_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_amanda_server_packets" lineno="8390">
<summary>
Do not audit attempts to send and receive amanda_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_amanda_server_packets" lineno="8405">
<summary>
Relabel packets to amanda_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_amavisd_recv_port" lineno="8427">
<summary>
Send and receive TCP traffic on the amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_amavisd_recv_port" lineno="8446">
<summary>
Send UDP traffic on the amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_amavisd_recv_port" lineno="8465">
<summary>
Do not audit attempts to send UDP traffic on the amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_amavisd_recv_port" lineno="8484">
<summary>
Receive UDP traffic on the amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_amavisd_recv_port" lineno="8503">
<summary>
Do not audit attempts to receive UDP traffic on the amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_amavisd_recv_port" lineno="8522">
<summary>
Send and receive UDP traffic on the amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_amavisd_recv_port" lineno="8539">
<summary>
Do not audit attempts to send and receive
UDP traffic on the amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_amavisd_recv_port" lineno="8555">
<summary>
Bind TCP sockets to the amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_amavisd_recv_port" lineno="8575">
<summary>
Bind UDP sockets to the amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_amavisd_recv_port" lineno="8595">
<summary>
Do not audit attempts to sbind to amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_amavisd_recv_port" lineno="8614">
<summary>
Make a TCP connection to the amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_amavisd_recv_port" lineno="8631">
<summary>
Do not audit attempts to make a TCP connection to amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_amavisd_recv_client_packets" lineno="8651">
<summary>
Send amavisd_recv_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_amavisd_recv_client_packets" lineno="8670">
<summary>
Do not audit attempts to send amavisd_recv_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_amavisd_recv_client_packets" lineno="8689">
<summary>
Receive amavisd_recv_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_amavisd_recv_client_packets" lineno="8708">
<summary>
Do not audit attempts to receive amavisd_recv_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_amavisd_recv_client_packets" lineno="8727">
<summary>
Send and receive amavisd_recv_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_amavisd_recv_client_packets" lineno="8743">
<summary>
Do not audit attempts to send and receive amavisd_recv_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_amavisd_recv_client_packets" lineno="8758">
<summary>
Relabel packets to amavisd_recv_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_amavisd_recv_server_packets" lineno="8778">
<summary>
Send amavisd_recv_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_amavisd_recv_server_packets" lineno="8797">
<summary>
Do not audit attempts to send amavisd_recv_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_amavisd_recv_server_packets" lineno="8816">
<summary>
Receive amavisd_recv_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_amavisd_recv_server_packets" lineno="8835">
<summary>
Do not audit attempts to receive amavisd_recv_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_amavisd_recv_server_packets" lineno="8854">
<summary>
Send and receive amavisd_recv_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_amavisd_recv_server_packets" lineno="8870">
<summary>
Do not audit attempts to send and receive amavisd_recv_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_amavisd_recv_server_packets" lineno="8885">
<summary>
Relabel packets to amavisd_recv_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_amavisd_send_port" lineno="8907">
<summary>
Send and receive TCP traffic on the amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_amavisd_send_port" lineno="8926">
<summary>
Send UDP traffic on the amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_amavisd_send_port" lineno="8945">
<summary>
Do not audit attempts to send UDP traffic on the amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_amavisd_send_port" lineno="8964">
<summary>
Receive UDP traffic on the amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_amavisd_send_port" lineno="8983">
<summary>
Do not audit attempts to receive UDP traffic on the amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_amavisd_send_port" lineno="9002">
<summary>
Send and receive UDP traffic on the amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_amavisd_send_port" lineno="9019">
<summary>
Do not audit attempts to send and receive
UDP traffic on the amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_amavisd_send_port" lineno="9035">
<summary>
Bind TCP sockets to the amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_amavisd_send_port" lineno="9055">
<summary>
Bind UDP sockets to the amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_amavisd_send_port" lineno="9075">
<summary>
Do not audit attempts to sbind to amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_amavisd_send_port" lineno="9094">
<summary>
Make a TCP connection to the amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_amavisd_send_port" lineno="9111">
<summary>
Do not audit attempts to make a TCP connection to amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_amavisd_send_client_packets" lineno="9131">
<summary>
Send amavisd_send_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_amavisd_send_client_packets" lineno="9150">
<summary>
Do not audit attempts to send amavisd_send_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_amavisd_send_client_packets" lineno="9169">
<summary>
Receive amavisd_send_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_amavisd_send_client_packets" lineno="9188">
<summary>
Do not audit attempts to receive amavisd_send_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_amavisd_send_client_packets" lineno="9207">
<summary>
Send and receive amavisd_send_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_amavisd_send_client_packets" lineno="9223">
<summary>
Do not audit attempts to send and receive amavisd_send_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_amavisd_send_client_packets" lineno="9238">
<summary>
Relabel packets to amavisd_send_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_amavisd_send_server_packets" lineno="9258">
<summary>
Send amavisd_send_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_amavisd_send_server_packets" lineno="9277">
<summary>
Do not audit attempts to send amavisd_send_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_amavisd_send_server_packets" lineno="9296">
<summary>
Receive amavisd_send_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_amavisd_send_server_packets" lineno="9315">
<summary>
Do not audit attempts to receive amavisd_send_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_amavisd_send_server_packets" lineno="9334">
<summary>
Send and receive amavisd_send_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_amavisd_send_server_packets" lineno="9350">
<summary>
Do not audit attempts to send and receive amavisd_send_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_amavisd_send_server_packets" lineno="9365">
<summary>
Relabel packets to amavisd_send_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_amqp_port" lineno="9387">
<summary>
Send and receive TCP traffic on the amqp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_amqp_port" lineno="9406">
<summary>
Send UDP traffic on the amqp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_amqp_port" lineno="9425">
<summary>
Do not audit attempts to send UDP traffic on the amqp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_amqp_port" lineno="9444">
<summary>
Receive UDP traffic on the amqp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_amqp_port" lineno="9463">
<summary>
Do not audit attempts to receive UDP traffic on the amqp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_amqp_port" lineno="9482">
<summary>
Send and receive UDP traffic on the amqp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_amqp_port" lineno="9499">
<summary>
Do not audit attempts to send and receive
UDP traffic on the amqp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_amqp_port" lineno="9515">
<summary>
Bind TCP sockets to the amqp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_amqp_port" lineno="9535">
<summary>
Bind UDP sockets to the amqp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_amqp_port" lineno="9555">
<summary>
Do not audit attempts to sbind to amqp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_amqp_port" lineno="9574">
<summary>
Make a TCP connection to the amqp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_amqp_port" lineno="9591">
<summary>
Do not audit attempts to make a TCP connection to amqp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_amqp_client_packets" lineno="9611">
<summary>
Send amqp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_amqp_client_packets" lineno="9630">
<summary>
Do not audit attempts to send amqp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_amqp_client_packets" lineno="9649">
<summary>
Receive amqp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_amqp_client_packets" lineno="9668">
<summary>
Do not audit attempts to receive amqp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_amqp_client_packets" lineno="9687">
<summary>
Send and receive amqp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_amqp_client_packets" lineno="9703">
<summary>
Do not audit attempts to send and receive amqp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_amqp_client_packets" lineno="9718">
<summary>
Relabel packets to amqp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_amqp_server_packets" lineno="9738">
<summary>
Send amqp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_amqp_server_packets" lineno="9757">
<summary>
Do not audit attempts to send amqp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_amqp_server_packets" lineno="9776">
<summary>
Receive amqp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_amqp_server_packets" lineno="9795">
<summary>
Do not audit attempts to receive amqp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_amqp_server_packets" lineno="9814">
<summary>
Send and receive amqp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_amqp_server_packets" lineno="9830">
<summary>
Do not audit attempts to send and receive amqp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_amqp_server_packets" lineno="9845">
<summary>
Relabel packets to amqp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_aol_port" lineno="9867">
<summary>
Send and receive TCP traffic on the aol port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_aol_port" lineno="9886">
<summary>
Send UDP traffic on the aol port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_aol_port" lineno="9905">
<summary>
Do not audit attempts to send UDP traffic on the aol port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_aol_port" lineno="9924">
<summary>
Receive UDP traffic on the aol port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_aol_port" lineno="9943">
<summary>
Do not audit attempts to receive UDP traffic on the aol port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_aol_port" lineno="9962">
<summary>
Send and receive UDP traffic on the aol port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_aol_port" lineno="9979">
<summary>
Do not audit attempts to send and receive
UDP traffic on the aol port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_aol_port" lineno="9995">
<summary>
Bind TCP sockets to the aol port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_aol_port" lineno="10015">
<summary>
Bind UDP sockets to the aol port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_aol_port" lineno="10035">
<summary>
Do not audit attempts to sbind to aol port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_aol_port" lineno="10054">
<summary>
Make a TCP connection to the aol port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_aol_port" lineno="10071">
<summary>
Do not audit attempts to make a TCP connection to aol port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_aol_client_packets" lineno="10091">
<summary>
Send aol_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_aol_client_packets" lineno="10110">
<summary>
Do not audit attempts to send aol_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_aol_client_packets" lineno="10129">
<summary>
Receive aol_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_aol_client_packets" lineno="10148">
<summary>
Do not audit attempts to receive aol_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_aol_client_packets" lineno="10167">
<summary>
Send and receive aol_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_aol_client_packets" lineno="10183">
<summary>
Do not audit attempts to send and receive aol_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_aol_client_packets" lineno="10198">
<summary>
Relabel packets to aol_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_aol_server_packets" lineno="10218">
<summary>
Send aol_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_aol_server_packets" lineno="10237">
<summary>
Do not audit attempts to send aol_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_aol_server_packets" lineno="10256">
<summary>
Receive aol_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_aol_server_packets" lineno="10275">
<summary>
Do not audit attempts to receive aol_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_aol_server_packets" lineno="10294">
<summary>
Send and receive aol_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_aol_server_packets" lineno="10310">
<summary>
Do not audit attempts to send and receive aol_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_aol_server_packets" lineno="10325">
<summary>
Relabel packets to aol_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_apc_port" lineno="10347">
<summary>
Send and receive TCP traffic on the apc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_apc_port" lineno="10366">
<summary>
Send UDP traffic on the apc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_apc_port" lineno="10385">
<summary>
Do not audit attempts to send UDP traffic on the apc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_apc_port" lineno="10404">
<summary>
Receive UDP traffic on the apc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_apc_port" lineno="10423">
<summary>
Do not audit attempts to receive UDP traffic on the apc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_apc_port" lineno="10442">
<summary>
Send and receive UDP traffic on the apc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_apc_port" lineno="10459">
<summary>
Do not audit attempts to send and receive
UDP traffic on the apc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_apc_port" lineno="10475">
<summary>
Bind TCP sockets to the apc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_apc_port" lineno="10495">
<summary>
Bind UDP sockets to the apc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_apc_port" lineno="10515">
<summary>
Do not audit attempts to sbind to apc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_apc_port" lineno="10534">
<summary>
Make a TCP connection to the apc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_apc_port" lineno="10551">
<summary>
Do not audit attempts to make a TCP connection to apc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_apc_client_packets" lineno="10571">
<summary>
Send apc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_apc_client_packets" lineno="10590">
<summary>
Do not audit attempts to send apc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_apc_client_packets" lineno="10609">
<summary>
Receive apc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_apc_client_packets" lineno="10628">
<summary>
Do not audit attempts to receive apc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_apc_client_packets" lineno="10647">
<summary>
Send and receive apc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_apc_client_packets" lineno="10663">
<summary>
Do not audit attempts to send and receive apc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_apc_client_packets" lineno="10678">
<summary>
Relabel packets to apc_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_apc_server_packets" lineno="10698">
<summary>
Send apc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_apc_server_packets" lineno="10717">
<summary>
Do not audit attempts to send apc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_apc_server_packets" lineno="10736">
<summary>
Receive apc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_apc_server_packets" lineno="10755">
<summary>
Do not audit attempts to receive apc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_apc_server_packets" lineno="10774">
<summary>
Send and receive apc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_apc_server_packets" lineno="10790">
<summary>
Do not audit attempts to send and receive apc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_apc_server_packets" lineno="10805">
<summary>
Relabel packets to apc_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_apcupsd_port" lineno="10827">
<summary>
Send and receive TCP traffic on the apcupsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_apcupsd_port" lineno="10846">
<summary>
Send UDP traffic on the apcupsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_apcupsd_port" lineno="10865">
<summary>
Do not audit attempts to send UDP traffic on the apcupsd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_apcupsd_port" lineno="10884">
<summary>
Receive UDP traffic on the apcupsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_apcupsd_port" lineno="10903">
<summary>
Do not audit attempts to receive UDP traffic on the apcupsd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_apcupsd_port" lineno="10922">
<summary>
Send and receive UDP traffic on the apcupsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_apcupsd_port" lineno="10939">
<summary>
Do not audit attempts to send and receive
UDP traffic on the apcupsd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_apcupsd_port" lineno="10955">
<summary>
Bind TCP sockets to the apcupsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_apcupsd_port" lineno="10975">
<summary>
Bind UDP sockets to the apcupsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_apcupsd_port" lineno="10995">
<summary>
Do not audit attempts to sbind to apcupsd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_apcupsd_port" lineno="11014">
<summary>
Make a TCP connection to the apcupsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_apcupsd_port" lineno="11031">
<summary>
Do not audit attempts to make a TCP connection to apcupsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_apcupsd_client_packets" lineno="11051">
<summary>
Send apcupsd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_apcupsd_client_packets" lineno="11070">
<summary>
Do not audit attempts to send apcupsd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_apcupsd_client_packets" lineno="11089">
<summary>
Receive apcupsd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_apcupsd_client_packets" lineno="11108">
<summary>
Do not audit attempts to receive apcupsd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_apcupsd_client_packets" lineno="11127">
<summary>
Send and receive apcupsd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_apcupsd_client_packets" lineno="11143">
<summary>
Do not audit attempts to send and receive apcupsd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_apcupsd_client_packets" lineno="11158">
<summary>
Relabel packets to apcupsd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_apcupsd_server_packets" lineno="11178">
<summary>
Send apcupsd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_apcupsd_server_packets" lineno="11197">
<summary>
Do not audit attempts to send apcupsd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_apcupsd_server_packets" lineno="11216">
<summary>
Receive apcupsd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_apcupsd_server_packets" lineno="11235">
<summary>
Do not audit attempts to receive apcupsd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_apcupsd_server_packets" lineno="11254">
<summary>
Send and receive apcupsd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_apcupsd_server_packets" lineno="11270">
<summary>
Do not audit attempts to send and receive apcupsd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_apcupsd_server_packets" lineno="11285">
<summary>
Relabel packets to apcupsd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_apertus_ldp_port" lineno="11307">
<summary>
Send and receive TCP traffic on the apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_apertus_ldp_port" lineno="11326">
<summary>
Send UDP traffic on the apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_apertus_ldp_port" lineno="11345">
<summary>
Do not audit attempts to send UDP traffic on the apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_apertus_ldp_port" lineno="11364">
<summary>
Receive UDP traffic on the apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_apertus_ldp_port" lineno="11383">
<summary>
Do not audit attempts to receive UDP traffic on the apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_apertus_ldp_port" lineno="11402">
<summary>
Send and receive UDP traffic on the apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_apertus_ldp_port" lineno="11419">
<summary>
Do not audit attempts to send and receive
UDP traffic on the apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_apertus_ldp_port" lineno="11435">
<summary>
Bind TCP sockets to the apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_apertus_ldp_port" lineno="11455">
<summary>
Bind UDP sockets to the apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_apertus_ldp_port" lineno="11475">
<summary>
Do not audit attempts to sbind to apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_apertus_ldp_port" lineno="11494">
<summary>
Make a TCP connection to the apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_apertus_ldp_port" lineno="11511">
<summary>
Do not audit attempts to make a TCP connection to apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_apertus_ldp_client_packets" lineno="11531">
<summary>
Send apertus_ldp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_apertus_ldp_client_packets" lineno="11550">
<summary>
Do not audit attempts to send apertus_ldp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_apertus_ldp_client_packets" lineno="11569">
<summary>
Receive apertus_ldp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_apertus_ldp_client_packets" lineno="11588">
<summary>
Do not audit attempts to receive apertus_ldp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_apertus_ldp_client_packets" lineno="11607">
<summary>
Send and receive apertus_ldp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_apertus_ldp_client_packets" lineno="11623">
<summary>
Do not audit attempts to send and receive apertus_ldp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_apertus_ldp_client_packets" lineno="11638">
<summary>
Relabel packets to apertus_ldp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_apertus_ldp_server_packets" lineno="11658">
<summary>
Send apertus_ldp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_apertus_ldp_server_packets" lineno="11677">
<summary>
Do not audit attempts to send apertus_ldp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_apertus_ldp_server_packets" lineno="11696">
<summary>
Receive apertus_ldp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_apertus_ldp_server_packets" lineno="11715">
<summary>
Do not audit attempts to receive apertus_ldp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_apertus_ldp_server_packets" lineno="11734">
<summary>
Send and receive apertus_ldp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_apertus_ldp_server_packets" lineno="11750">
<summary>
Do not audit attempts to send and receive apertus_ldp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_apertus_ldp_server_packets" lineno="11765">
<summary>
Relabel packets to apertus_ldp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_appswitch_emp_port" lineno="11787">
<summary>
Send and receive TCP traffic on the appswitch_emp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_appswitch_emp_port" lineno="11806">
<summary>
Send UDP traffic on the appswitch_emp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_appswitch_emp_port" lineno="11825">
<summary>
Do not audit attempts to send UDP traffic on the appswitch_emp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_appswitch_emp_port" lineno="11844">
<summary>
Receive UDP traffic on the appswitch_emp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_appswitch_emp_port" lineno="11863">
<summary>
Do not audit attempts to receive UDP traffic on the appswitch_emp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_appswitch_emp_port" lineno="11882">
<summary>
Send and receive UDP traffic on the appswitch_emp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_appswitch_emp_port" lineno="11899">
<summary>
Do not audit attempts to send and receive
UDP traffic on the appswitch_emp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_appswitch_emp_port" lineno="11915">
<summary>
Bind TCP sockets to the appswitch_emp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_appswitch_emp_port" lineno="11935">
<summary>
Bind UDP sockets to the appswitch_emp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_appswitch_emp_port" lineno="11955">
<summary>
Do not audit attempts to sbind to appswitch_emp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_appswitch_emp_port" lineno="11974">
<summary>
Make a TCP connection to the appswitch_emp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_appswitch_emp_port" lineno="11991">
<summary>
Do not audit attempts to make a TCP connection to appswitch_emp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_appswitch_emp_client_packets" lineno="12011">
<summary>
Send appswitch_emp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_appswitch_emp_client_packets" lineno="12030">
<summary>
Do not audit attempts to send appswitch_emp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_appswitch_emp_client_packets" lineno="12049">
<summary>
Receive appswitch_emp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_appswitch_emp_client_packets" lineno="12068">
<summary>
Do not audit attempts to receive appswitch_emp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_appswitch_emp_client_packets" lineno="12087">
<summary>
Send and receive appswitch_emp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_appswitch_emp_client_packets" lineno="12103">
<summary>
Do not audit attempts to send and receive appswitch_emp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_appswitch_emp_client_packets" lineno="12118">
<summary>
Relabel packets to appswitch_emp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_appswitch_emp_server_packets" lineno="12138">
<summary>
Send appswitch_emp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_appswitch_emp_server_packets" lineno="12157">
<summary>
Do not audit attempts to send appswitch_emp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_appswitch_emp_server_packets" lineno="12176">
<summary>
Receive appswitch_emp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_appswitch_emp_server_packets" lineno="12195">
<summary>
Do not audit attempts to receive appswitch_emp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_appswitch_emp_server_packets" lineno="12214">
<summary>
Send and receive appswitch_emp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_appswitch_emp_server_packets" lineno="12230">
<summary>
Do not audit attempts to send and receive appswitch_emp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_appswitch_emp_server_packets" lineno="12245">
<summary>
Relabel packets to appswitch_emp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_asterisk_port" lineno="12267">
<summary>
Send and receive TCP traffic on the asterisk port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_asterisk_port" lineno="12286">
<summary>
Send UDP traffic on the asterisk port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_asterisk_port" lineno="12305">
<summary>
Do not audit attempts to send UDP traffic on the asterisk port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_asterisk_port" lineno="12324">
<summary>
Receive UDP traffic on the asterisk port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_asterisk_port" lineno="12343">
<summary>
Do not audit attempts to receive UDP traffic on the asterisk port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_asterisk_port" lineno="12362">
<summary>
Send and receive UDP traffic on the asterisk port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_asterisk_port" lineno="12379">
<summary>
Do not audit attempts to send and receive
UDP traffic on the asterisk port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_asterisk_port" lineno="12395">
<summary>
Bind TCP sockets to the asterisk port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_asterisk_port" lineno="12415">
<summary>
Bind UDP sockets to the asterisk port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_asterisk_port" lineno="12435">
<summary>
Do not audit attempts to sbind to asterisk port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_asterisk_port" lineno="12454">
<summary>
Make a TCP connection to the asterisk port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_asterisk_port" lineno="12471">
<summary>
Do not audit attempts to make a TCP connection to asterisk port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_asterisk_client_packets" lineno="12491">
<summary>
Send asterisk_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_asterisk_client_packets" lineno="12510">
<summary>
Do not audit attempts to send asterisk_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_asterisk_client_packets" lineno="12529">
<summary>
Receive asterisk_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_asterisk_client_packets" lineno="12548">
<summary>
Do not audit attempts to receive asterisk_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_asterisk_client_packets" lineno="12567">
<summary>
Send and receive asterisk_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_asterisk_client_packets" lineno="12583">
<summary>
Do not audit attempts to send and receive asterisk_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_asterisk_client_packets" lineno="12598">
<summary>
Relabel packets to asterisk_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_asterisk_server_packets" lineno="12618">
<summary>
Send asterisk_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_asterisk_server_packets" lineno="12637">
<summary>
Do not audit attempts to send asterisk_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_asterisk_server_packets" lineno="12656">
<summary>
Receive asterisk_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_asterisk_server_packets" lineno="12675">
<summary>
Do not audit attempts to receive asterisk_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_asterisk_server_packets" lineno="12694">
<summary>
Send and receive asterisk_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_asterisk_server_packets" lineno="12710">
<summary>
Do not audit attempts to send and receive asterisk_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_asterisk_server_packets" lineno="12725">
<summary>
Relabel packets to asterisk_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_audit_port" lineno="12747">
<summary>
Send and receive TCP traffic on the audit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_audit_port" lineno="12766">
<summary>
Send UDP traffic on the audit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_audit_port" lineno="12785">
<summary>
Do not audit attempts to send UDP traffic on the audit port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_audit_port" lineno="12804">
<summary>
Receive UDP traffic on the audit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_audit_port" lineno="12823">
<summary>
Do not audit attempts to receive UDP traffic on the audit port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_audit_port" lineno="12842">
<summary>
Send and receive UDP traffic on the audit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_audit_port" lineno="12859">
<summary>
Do not audit attempts to send and receive
UDP traffic on the audit port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_audit_port" lineno="12875">
<summary>
Bind TCP sockets to the audit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_audit_port" lineno="12895">
<summary>
Bind UDP sockets to the audit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_audit_port" lineno="12915">
<summary>
Do not audit attempts to sbind to audit port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_audit_port" lineno="12934">
<summary>
Make a TCP connection to the audit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_audit_port" lineno="12951">
<summary>
Do not audit attempts to make a TCP connection to audit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_audit_client_packets" lineno="12971">
<summary>
Send audit_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_audit_client_packets" lineno="12990">
<summary>
Do not audit attempts to send audit_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_audit_client_packets" lineno="13009">
<summary>
Receive audit_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_audit_client_packets" lineno="13028">
<summary>
Do not audit attempts to receive audit_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_audit_client_packets" lineno="13047">
<summary>
Send and receive audit_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_audit_client_packets" lineno="13063">
<summary>
Do not audit attempts to send and receive audit_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_audit_client_packets" lineno="13078">
<summary>
Relabel packets to audit_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_audit_server_packets" lineno="13098">
<summary>
Send audit_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_audit_server_packets" lineno="13117">
<summary>
Do not audit attempts to send audit_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_audit_server_packets" lineno="13136">
<summary>
Receive audit_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_audit_server_packets" lineno="13155">
<summary>
Do not audit attempts to receive audit_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_audit_server_packets" lineno="13174">
<summary>
Send and receive audit_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_audit_server_packets" lineno="13190">
<summary>
Do not audit attempts to send and receive audit_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_audit_server_packets" lineno="13205">
<summary>
Relabel packets to audit_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_auth_port" lineno="13227">
<summary>
Send and receive TCP traffic on the auth port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_auth_port" lineno="13246">
<summary>
Send UDP traffic on the auth port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_auth_port" lineno="13265">
<summary>
Do not audit attempts to send UDP traffic on the auth port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_auth_port" lineno="13284">
<summary>
Receive UDP traffic on the auth port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_auth_port" lineno="13303">
<summary>
Do not audit attempts to receive UDP traffic on the auth port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_auth_port" lineno="13322">
<summary>
Send and receive UDP traffic on the auth port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_auth_port" lineno="13339">
<summary>
Do not audit attempts to send and receive
UDP traffic on the auth port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_auth_port" lineno="13355">
<summary>
Bind TCP sockets to the auth port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_auth_port" lineno="13375">
<summary>
Bind UDP sockets to the auth port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_auth_port" lineno="13395">
<summary>
Do not audit attempts to sbind to auth port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_auth_port" lineno="13414">
<summary>
Make a TCP connection to the auth port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_auth_port" lineno="13431">
<summary>
Do not audit attempts to make a TCP connection to auth port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_auth_client_packets" lineno="13451">
<summary>
Send auth_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_auth_client_packets" lineno="13470">
<summary>
Do not audit attempts to send auth_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_auth_client_packets" lineno="13489">
<summary>
Receive auth_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_auth_client_packets" lineno="13508">
<summary>
Do not audit attempts to receive auth_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_auth_client_packets" lineno="13527">
<summary>
Send and receive auth_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_auth_client_packets" lineno="13543">
<summary>
Do not audit attempts to send and receive auth_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_auth_client_packets" lineno="13558">
<summary>
Relabel packets to auth_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_auth_server_packets" lineno="13578">
<summary>
Send auth_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_auth_server_packets" lineno="13597">
<summary>
Do not audit attempts to send auth_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_auth_server_packets" lineno="13616">
<summary>
Receive auth_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_auth_server_packets" lineno="13635">
<summary>
Do not audit attempts to receive auth_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_auth_server_packets" lineno="13654">
<summary>
Send and receive auth_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_auth_server_packets" lineno="13670">
<summary>
Do not audit attempts to send and receive auth_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_auth_server_packets" lineno="13685">
<summary>
Relabel packets to auth_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_bacula_port" lineno="13707">
<summary>
Send and receive TCP traffic on the bacula port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_bacula_port" lineno="13726">
<summary>
Send UDP traffic on the bacula port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_bacula_port" lineno="13745">
<summary>
Do not audit attempts to send UDP traffic on the bacula port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_bacula_port" lineno="13764">
<summary>
Receive UDP traffic on the bacula port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_bacula_port" lineno="13783">
<summary>
Do not audit attempts to receive UDP traffic on the bacula port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_bacula_port" lineno="13802">
<summary>
Send and receive UDP traffic on the bacula port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_bacula_port" lineno="13819">
<summary>
Do not audit attempts to send and receive
UDP traffic on the bacula port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_bacula_port" lineno="13835">
<summary>
Bind TCP sockets to the bacula port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_bacula_port" lineno="13855">
<summary>
Bind UDP sockets to the bacula port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_bacula_port" lineno="13875">
<summary>
Do not audit attempts to sbind to bacula port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_bacula_port" lineno="13894">
<summary>
Make a TCP connection to the bacula port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_bacula_port" lineno="13911">
<summary>
Do not audit attempts to make a TCP connection to bacula port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_bacula_client_packets" lineno="13931">
<summary>
Send bacula_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_bacula_client_packets" lineno="13950">
<summary>
Do not audit attempts to send bacula_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_bacula_client_packets" lineno="13969">
<summary>
Receive bacula_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_bacula_client_packets" lineno="13988">
<summary>
Do not audit attempts to receive bacula_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_bacula_client_packets" lineno="14007">
<summary>
Send and receive bacula_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_bacula_client_packets" lineno="14023">
<summary>
Do not audit attempts to send and receive bacula_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_bacula_client_packets" lineno="14038">
<summary>
Relabel packets to bacula_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_bacula_server_packets" lineno="14058">
<summary>
Send bacula_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_bacula_server_packets" lineno="14077">
<summary>
Do not audit attempts to send bacula_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_bacula_server_packets" lineno="14096">
<summary>
Receive bacula_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_bacula_server_packets" lineno="14115">
<summary>
Do not audit attempts to receive bacula_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_bacula_server_packets" lineno="14134">
<summary>
Send and receive bacula_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_bacula_server_packets" lineno="14150">
<summary>
Do not audit attempts to send and receive bacula_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_bacula_server_packets" lineno="14165">
<summary>
Relabel packets to bacula_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_babel_port" lineno="14187">
<summary>
Send and receive TCP traffic on the babel port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_babel_port" lineno="14206">
<summary>
Send UDP traffic on the babel port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_babel_port" lineno="14225">
<summary>
Do not audit attempts to send UDP traffic on the babel port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_babel_port" lineno="14244">
<summary>
Receive UDP traffic on the babel port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_babel_port" lineno="14263">
<summary>
Do not audit attempts to receive UDP traffic on the babel port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_babel_port" lineno="14282">
<summary>
Send and receive UDP traffic on the babel port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_babel_port" lineno="14299">
<summary>
Do not audit attempts to send and receive
UDP traffic on the babel port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_babel_port" lineno="14315">
<summary>
Bind TCP sockets to the babel port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_babel_port" lineno="14335">
<summary>
Bind UDP sockets to the babel port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_babel_port" lineno="14355">
<summary>
Do not audit attempts to sbind to babel port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_babel_port" lineno="14374">
<summary>
Make a TCP connection to the babel port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_babel_port" lineno="14391">
<summary>
Do not audit attempts to make a TCP connection to babel port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_babel_client_packets" lineno="14411">
<summary>
Send babel_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_babel_client_packets" lineno="14430">
<summary>
Do not audit attempts to send babel_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_babel_client_packets" lineno="14449">
<summary>
Receive babel_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_babel_client_packets" lineno="14468">
<summary>
Do not audit attempts to receive babel_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_babel_client_packets" lineno="14487">
<summary>
Send and receive babel_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_babel_client_packets" lineno="14503">
<summary>
Do not audit attempts to send and receive babel_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_babel_client_packets" lineno="14518">
<summary>
Relabel packets to babel_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_babel_server_packets" lineno="14538">
<summary>
Send babel_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_babel_server_packets" lineno="14557">
<summary>
Do not audit attempts to send babel_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_babel_server_packets" lineno="14576">
<summary>
Receive babel_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_babel_server_packets" lineno="14595">
<summary>
Do not audit attempts to receive babel_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_babel_server_packets" lineno="14614">
<summary>
Send and receive babel_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_babel_server_packets" lineno="14630">
<summary>
Do not audit attempts to send and receive babel_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_babel_server_packets" lineno="14645">
<summary>
Relabel packets to babel_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_bctp_port" lineno="14667">
<summary>
Send and receive TCP traffic on the bctp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_bctp_port" lineno="14686">
<summary>
Send UDP traffic on the bctp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_bctp_port" lineno="14705">
<summary>
Do not audit attempts to send UDP traffic on the bctp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_bctp_port" lineno="14724">
<summary>
Receive UDP traffic on the bctp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_bctp_port" lineno="14743">
<summary>
Do not audit attempts to receive UDP traffic on the bctp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_bctp_port" lineno="14762">
<summary>
Send and receive UDP traffic on the bctp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_bctp_port" lineno="14779">
<summary>
Do not audit attempts to send and receive
UDP traffic on the bctp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_bctp_port" lineno="14795">
<summary>
Bind TCP sockets to the bctp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_bctp_port" lineno="14815">
<summary>
Bind UDP sockets to the bctp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_bctp_port" lineno="14835">
<summary>
Do not audit attempts to sbind to bctp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_bctp_port" lineno="14854">
<summary>
Make a TCP connection to the bctp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_bctp_port" lineno="14871">
<summary>
Do not audit attempts to make a TCP connection to bctp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_bctp_client_packets" lineno="14891">
<summary>
Send bctp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_bctp_client_packets" lineno="14910">
<summary>
Do not audit attempts to send bctp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_bctp_client_packets" lineno="14929">
<summary>
Receive bctp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_bctp_client_packets" lineno="14948">
<summary>
Do not audit attempts to receive bctp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_bctp_client_packets" lineno="14967">
<summary>
Send and receive bctp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_bctp_client_packets" lineno="14983">
<summary>
Do not audit attempts to send and receive bctp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_bctp_client_packets" lineno="14998">
<summary>
Relabel packets to bctp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_bctp_server_packets" lineno="15018">
<summary>
Send bctp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_bctp_server_packets" lineno="15037">
<summary>
Do not audit attempts to send bctp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_bctp_server_packets" lineno="15056">
<summary>
Receive bctp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_bctp_server_packets" lineno="15075">
<summary>
Do not audit attempts to receive bctp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_bctp_server_packets" lineno="15094">
<summary>
Send and receive bctp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_bctp_server_packets" lineno="15110">
<summary>
Do not audit attempts to send and receive bctp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_bctp_server_packets" lineno="15125">
<summary>
Relabel packets to bctp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_bfd_control_port" lineno="15147">
<summary>
Send and receive TCP traffic on the bfd_control port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_bfd_control_port" lineno="15166">
<summary>
Send UDP traffic on the bfd_control port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_bfd_control_port" lineno="15185">
<summary>
Do not audit attempts to send UDP traffic on the bfd_control port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_bfd_control_port" lineno="15204">
<summary>
Receive UDP traffic on the bfd_control port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_bfd_control_port" lineno="15223">
<summary>
Do not audit attempts to receive UDP traffic on the bfd_control port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_bfd_control_port" lineno="15242">
<summary>
Send and receive UDP traffic on the bfd_control port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_bfd_control_port" lineno="15259">
<summary>
Do not audit attempts to send and receive
UDP traffic on the bfd_control port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_bfd_control_port" lineno="15275">
<summary>
Bind TCP sockets to the bfd_control port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_bfd_control_port" lineno="15295">
<summary>
Bind UDP sockets to the bfd_control port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_bfd_control_port" lineno="15315">
<summary>
Do not audit attempts to sbind to bfd_control port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_bfd_control_port" lineno="15334">
<summary>
Make a TCP connection to the bfd_control port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_bfd_control_port" lineno="15351">
<summary>
Do not audit attempts to make a TCP connection to bfd_control port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_bfd_control_client_packets" lineno="15371">
<summary>
Send bfd_control_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_bfd_control_client_packets" lineno="15390">
<summary>
Do not audit attempts to send bfd_control_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_bfd_control_client_packets" lineno="15409">
<summary>
Receive bfd_control_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_bfd_control_client_packets" lineno="15428">
<summary>
Do not audit attempts to receive bfd_control_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_bfd_control_client_packets" lineno="15447">
<summary>
Send and receive bfd_control_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_bfd_control_client_packets" lineno="15463">
<summary>
Do not audit attempts to send and receive bfd_control_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_bfd_control_client_packets" lineno="15478">
<summary>
Relabel packets to bfd_control_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_bfd_control_server_packets" lineno="15498">
<summary>
Send bfd_control_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_bfd_control_server_packets" lineno="15517">
<summary>
Do not audit attempts to send bfd_control_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_bfd_control_server_packets" lineno="15536">
<summary>
Receive bfd_control_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_bfd_control_server_packets" lineno="15555">
<summary>
Do not audit attempts to receive bfd_control_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_bfd_control_server_packets" lineno="15574">
<summary>
Send and receive bfd_control_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_bfd_control_server_packets" lineno="15590">
<summary>
Do not audit attempts to send and receive bfd_control_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_bfd_control_server_packets" lineno="15605">
<summary>
Relabel packets to bfd_control_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_bfd_echo_port" lineno="15627">
<summary>
Send and receive TCP traffic on the bfd_echo port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_bfd_echo_port" lineno="15646">
<summary>
Send UDP traffic on the bfd_echo port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_bfd_echo_port" lineno="15665">
<summary>
Do not audit attempts to send UDP traffic on the bfd_echo port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_bfd_echo_port" lineno="15684">
<summary>
Receive UDP traffic on the bfd_echo port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_bfd_echo_port" lineno="15703">
<summary>
Do not audit attempts to receive UDP traffic on the bfd_echo port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_bfd_echo_port" lineno="15722">
<summary>
Send and receive UDP traffic on the bfd_echo port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_bfd_echo_port" lineno="15739">
<summary>
Do not audit attempts to send and receive
UDP traffic on the bfd_echo port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_bfd_echo_port" lineno="15755">
<summary>
Bind TCP sockets to the bfd_echo port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_bfd_echo_port" lineno="15775">
<summary>
Bind UDP sockets to the bfd_echo port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_bfd_echo_port" lineno="15795">
<summary>
Do not audit attempts to sbind to bfd_echo port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_bfd_echo_port" lineno="15814">
<summary>
Make a TCP connection to the bfd_echo port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_bfd_echo_port" lineno="15831">
<summary>
Do not audit attempts to make a TCP connection to bfd_echo port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_bfd_echo_client_packets" lineno="15851">
<summary>
Send bfd_echo_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_bfd_echo_client_packets" lineno="15870">
<summary>
Do not audit attempts to send bfd_echo_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_bfd_echo_client_packets" lineno="15889">
<summary>
Receive bfd_echo_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_bfd_echo_client_packets" lineno="15908">
<summary>
Do not audit attempts to receive bfd_echo_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_bfd_echo_client_packets" lineno="15927">
<summary>
Send and receive bfd_echo_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_bfd_echo_client_packets" lineno="15943">
<summary>
Do not audit attempts to send and receive bfd_echo_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_bfd_echo_client_packets" lineno="15958">
<summary>
Relabel packets to bfd_echo_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_bfd_echo_server_packets" lineno="15978">
<summary>
Send bfd_echo_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_bfd_echo_server_packets" lineno="15997">
<summary>
Do not audit attempts to send bfd_echo_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_bfd_echo_server_packets" lineno="16016">
<summary>
Receive bfd_echo_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_bfd_echo_server_packets" lineno="16035">
<summary>
Do not audit attempts to receive bfd_echo_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_bfd_echo_server_packets" lineno="16054">
<summary>
Send and receive bfd_echo_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_bfd_echo_server_packets" lineno="16070">
<summary>
Do not audit attempts to send and receive bfd_echo_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_bfd_echo_server_packets" lineno="16085">
<summary>
Relabel packets to bfd_echo_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_bfd_multi_port" lineno="16107">
<summary>
Send and receive TCP traffic on the bfd_multi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_bfd_multi_port" lineno="16126">
<summary>
Send UDP traffic on the bfd_multi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_bfd_multi_port" lineno="16145">
<summary>
Do not audit attempts to send UDP traffic on the bfd_multi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_bfd_multi_port" lineno="16164">
<summary>
Receive UDP traffic on the bfd_multi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_bfd_multi_port" lineno="16183">
<summary>
Do not audit attempts to receive UDP traffic on the bfd_multi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_bfd_multi_port" lineno="16202">
<summary>
Send and receive UDP traffic on the bfd_multi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_bfd_multi_port" lineno="16219">
<summary>
Do not audit attempts to send and receive
UDP traffic on the bfd_multi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_bfd_multi_port" lineno="16235">
<summary>
Bind TCP sockets to the bfd_multi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_bfd_multi_port" lineno="16255">
<summary>
Bind UDP sockets to the bfd_multi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_bfd_multi_port" lineno="16275">
<summary>
Do not audit attempts to sbind to bfd_multi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_bfd_multi_port" lineno="16294">
<summary>
Make a TCP connection to the bfd_multi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_bfd_multi_port" lineno="16311">
<summary>
Do not audit attempts to make a TCP connection to bfd_multi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_bfd_multi_client_packets" lineno="16331">
<summary>
Send bfd_multi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_bfd_multi_client_packets" lineno="16350">
<summary>
Do not audit attempts to send bfd_multi_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_bfd_multi_client_packets" lineno="16369">
<summary>
Receive bfd_multi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_bfd_multi_client_packets" lineno="16388">
<summary>
Do not audit attempts to receive bfd_multi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_bfd_multi_client_packets" lineno="16407">
<summary>
Send and receive bfd_multi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_bfd_multi_client_packets" lineno="16423">
<summary>
Do not audit attempts to send and receive bfd_multi_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_bfd_multi_client_packets" lineno="16438">
<summary>
Relabel packets to bfd_multi_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_bfd_multi_server_packets" lineno="16458">
<summary>
Send bfd_multi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_bfd_multi_server_packets" lineno="16477">
<summary>
Do not audit attempts to send bfd_multi_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_bfd_multi_server_packets" lineno="16496">
<summary>
Receive bfd_multi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_bfd_multi_server_packets" lineno="16515">
<summary>
Do not audit attempts to receive bfd_multi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_bfd_multi_server_packets" lineno="16534">
<summary>
Send and receive bfd_multi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_bfd_multi_server_packets" lineno="16550">
<summary>
Do not audit attempts to send and receive bfd_multi_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_bfd_multi_server_packets" lineno="16565">
<summary>
Relabel packets to bfd_multi_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_bgp_port" lineno="16587">
<summary>
Send and receive TCP traffic on the bgp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_bgp_port" lineno="16606">
<summary>
Send UDP traffic on the bgp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_bgp_port" lineno="16625">
<summary>
Do not audit attempts to send UDP traffic on the bgp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_bgp_port" lineno="16644">
<summary>
Receive UDP traffic on the bgp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_bgp_port" lineno="16663">
<summary>
Do not audit attempts to receive UDP traffic on the bgp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_bgp_port" lineno="16682">
<summary>
Send and receive UDP traffic on the bgp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_bgp_port" lineno="16699">
<summary>
Do not audit attempts to send and receive
UDP traffic on the bgp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_bgp_port" lineno="16715">
<summary>
Bind TCP sockets to the bgp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_bgp_port" lineno="16735">
<summary>
Bind UDP sockets to the bgp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_bgp_port" lineno="16755">
<summary>
Do not audit attempts to sbind to bgp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_bgp_port" lineno="16774">
<summary>
Make a TCP connection to the bgp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_bgp_port" lineno="16791">
<summary>
Do not audit attempts to make a TCP connection to bgp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_bgp_client_packets" lineno="16811">
<summary>
Send bgp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_bgp_client_packets" lineno="16830">
<summary>
Do not audit attempts to send bgp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_bgp_client_packets" lineno="16849">
<summary>
Receive bgp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_bgp_client_packets" lineno="16868">
<summary>
Do not audit attempts to receive bgp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_bgp_client_packets" lineno="16887">
<summary>
Send and receive bgp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_bgp_client_packets" lineno="16903">
<summary>
Do not audit attempts to send and receive bgp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_bgp_client_packets" lineno="16918">
<summary>
Relabel packets to bgp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_bgp_server_packets" lineno="16938">
<summary>
Send bgp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_bgp_server_packets" lineno="16957">
<summary>
Do not audit attempts to send bgp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_bgp_server_packets" lineno="16976">
<summary>
Receive bgp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_bgp_server_packets" lineno="16995">
<summary>
Do not audit attempts to receive bgp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_bgp_server_packets" lineno="17014">
<summary>
Send and receive bgp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_bgp_server_packets" lineno="17030">
<summary>
Do not audit attempts to send and receive bgp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_bgp_server_packets" lineno="17045">
<summary>
Relabel packets to bgp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_boinc_port" lineno="17067">
<summary>
Send and receive TCP traffic on the boinc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_boinc_port" lineno="17086">
<summary>
Send UDP traffic on the boinc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_boinc_port" lineno="17105">
<summary>
Do not audit attempts to send UDP traffic on the boinc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_boinc_port" lineno="17124">
<summary>
Receive UDP traffic on the boinc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_boinc_port" lineno="17143">
<summary>
Do not audit attempts to receive UDP traffic on the boinc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_boinc_port" lineno="17162">
<summary>
Send and receive UDP traffic on the boinc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_boinc_port" lineno="17179">
<summary>
Do not audit attempts to send and receive
UDP traffic on the boinc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_boinc_port" lineno="17195">
<summary>
Bind TCP sockets to the boinc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_boinc_port" lineno="17215">
<summary>
Bind UDP sockets to the boinc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_boinc_port" lineno="17235">
<summary>
Do not audit attempts to sbind to boinc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_boinc_port" lineno="17254">
<summary>
Make a TCP connection to the boinc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_boinc_port" lineno="17271">
<summary>
Do not audit attempts to make a TCP connection to boinc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_boinc_client_packets" lineno="17291">
<summary>
Send boinc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_boinc_client_packets" lineno="17310">
<summary>
Do not audit attempts to send boinc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_boinc_client_packets" lineno="17329">
<summary>
Receive boinc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_boinc_client_packets" lineno="17348">
<summary>
Do not audit attempts to receive boinc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_boinc_client_packets" lineno="17367">
<summary>
Send and receive boinc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_boinc_client_packets" lineno="17383">
<summary>
Do not audit attempts to send and receive boinc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_boinc_client_packets" lineno="17398">
<summary>
Relabel packets to boinc_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_boinc_server_packets" lineno="17418">
<summary>
Send boinc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_boinc_server_packets" lineno="17437">
<summary>
Do not audit attempts to send boinc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_boinc_server_packets" lineno="17456">
<summary>
Receive boinc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_boinc_server_packets" lineno="17475">
<summary>
Do not audit attempts to receive boinc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_boinc_server_packets" lineno="17494">
<summary>
Send and receive boinc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_boinc_server_packets" lineno="17510">
<summary>
Do not audit attempts to send and receive boinc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_boinc_server_packets" lineno="17525">
<summary>
Relabel packets to boinc_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_boinc_client_port" lineno="17547">
<summary>
Send and receive TCP traffic on the boinc_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_boinc_client_port" lineno="17566">
<summary>
Send UDP traffic on the boinc_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_boinc_client_port" lineno="17585">
<summary>
Do not audit attempts to send UDP traffic on the boinc_client port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_boinc_client_port" lineno="17604">
<summary>
Receive UDP traffic on the boinc_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_boinc_client_port" lineno="17623">
<summary>
Do not audit attempts to receive UDP traffic on the boinc_client port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_boinc_client_port" lineno="17642">
<summary>
Send and receive UDP traffic on the boinc_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_boinc_client_port" lineno="17659">
<summary>
Do not audit attempts to send and receive
UDP traffic on the boinc_client port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_boinc_client_port" lineno="17675">
<summary>
Bind TCP sockets to the boinc_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_boinc_client_port" lineno="17695">
<summary>
Bind UDP sockets to the boinc_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_boinc_client_port" lineno="17715">
<summary>
Do not audit attempts to sbind to boinc_client port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_boinc_client_port" lineno="17734">
<summary>
Make a TCP connection to the boinc_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_boinc_client_port" lineno="17751">
<summary>
Do not audit attempts to make a TCP connection to boinc_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_boinc_client_client_packets" lineno="17771">
<summary>
Send boinc_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_boinc_client_client_packets" lineno="17790">
<summary>
Do not audit attempts to send boinc_client_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_boinc_client_client_packets" lineno="17809">
<summary>
Receive boinc_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_boinc_client_client_packets" lineno="17828">
<summary>
Do not audit attempts to receive boinc_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_boinc_client_client_packets" lineno="17847">
<summary>
Send and receive boinc_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_boinc_client_client_packets" lineno="17863">
<summary>
Do not audit attempts to send and receive boinc_client_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_boinc_client_client_packets" lineno="17878">
<summary>
Relabel packets to boinc_client_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_boinc_client_server_packets" lineno="17898">
<summary>
Send boinc_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_boinc_client_server_packets" lineno="17917">
<summary>
Do not audit attempts to send boinc_client_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_boinc_client_server_packets" lineno="17936">
<summary>
Receive boinc_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_boinc_client_server_packets" lineno="17955">
<summary>
Do not audit attempts to receive boinc_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_boinc_client_server_packets" lineno="17974">
<summary>
Send and receive boinc_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_boinc_client_server_packets" lineno="17990">
<summary>
Do not audit attempts to send and receive boinc_client_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_boinc_client_server_packets" lineno="18005">
<summary>
Relabel packets to boinc_client_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_boothd_port" lineno="18027">
<summary>
Send and receive TCP traffic on the boothd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_boothd_port" lineno="18046">
<summary>
Send UDP traffic on the boothd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_boothd_port" lineno="18065">
<summary>
Do not audit attempts to send UDP traffic on the boothd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_boothd_port" lineno="18084">
<summary>
Receive UDP traffic on the boothd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_boothd_port" lineno="18103">
<summary>
Do not audit attempts to receive UDP traffic on the boothd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_boothd_port" lineno="18122">
<summary>
Send and receive UDP traffic on the boothd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_boothd_port" lineno="18139">
<summary>
Do not audit attempts to send and receive
UDP traffic on the boothd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_boothd_port" lineno="18155">
<summary>
Bind TCP sockets to the boothd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_boothd_port" lineno="18175">
<summary>
Bind UDP sockets to the boothd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_boothd_port" lineno="18195">
<summary>
Do not audit attempts to sbind to boothd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_boothd_port" lineno="18214">
<summary>
Make a TCP connection to the boothd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_boothd_port" lineno="18231">
<summary>
Do not audit attempts to make a TCP connection to boothd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_boothd_client_packets" lineno="18251">
<summary>
Send boothd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_boothd_client_packets" lineno="18270">
<summary>
Do not audit attempts to send boothd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_boothd_client_packets" lineno="18289">
<summary>
Receive boothd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_boothd_client_packets" lineno="18308">
<summary>
Do not audit attempts to receive boothd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_boothd_client_packets" lineno="18327">
<summary>
Send and receive boothd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_boothd_client_packets" lineno="18343">
<summary>
Do not audit attempts to send and receive boothd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_boothd_client_packets" lineno="18358">
<summary>
Relabel packets to boothd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_boothd_server_packets" lineno="18378">
<summary>
Send boothd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_boothd_server_packets" lineno="18397">
<summary>
Do not audit attempts to send boothd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_boothd_server_packets" lineno="18416">
<summary>
Receive boothd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_boothd_server_packets" lineno="18435">
<summary>
Do not audit attempts to receive boothd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_boothd_server_packets" lineno="18454">
<summary>
Send and receive boothd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_boothd_server_packets" lineno="18470">
<summary>
Do not audit attempts to send and receive boothd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_boothd_server_packets" lineno="18485">
<summary>
Relabel packets to boothd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_brlp_port" lineno="18507">
<summary>
Send and receive TCP traffic on the brlp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_brlp_port" lineno="18526">
<summary>
Send UDP traffic on the brlp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_brlp_port" lineno="18545">
<summary>
Do not audit attempts to send UDP traffic on the brlp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_brlp_port" lineno="18564">
<summary>
Receive UDP traffic on the brlp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_brlp_port" lineno="18583">
<summary>
Do not audit attempts to receive UDP traffic on the brlp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_brlp_port" lineno="18602">
<summary>
Send and receive UDP traffic on the brlp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_brlp_port" lineno="18619">
<summary>
Do not audit attempts to send and receive
UDP traffic on the brlp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_brlp_port" lineno="18635">
<summary>
Bind TCP sockets to the brlp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_brlp_port" lineno="18655">
<summary>
Bind UDP sockets to the brlp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_brlp_port" lineno="18675">
<summary>
Do not audit attempts to sbind to brlp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_brlp_port" lineno="18694">
<summary>
Make a TCP connection to the brlp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_brlp_port" lineno="18711">
<summary>
Do not audit attempts to make a TCP connection to brlp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_brlp_client_packets" lineno="18731">
<summary>
Send brlp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_brlp_client_packets" lineno="18750">
<summary>
Do not audit attempts to send brlp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_brlp_client_packets" lineno="18769">
<summary>
Receive brlp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_brlp_client_packets" lineno="18788">
<summary>
Do not audit attempts to receive brlp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_brlp_client_packets" lineno="18807">
<summary>
Send and receive brlp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_brlp_client_packets" lineno="18823">
<summary>
Do not audit attempts to send and receive brlp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_brlp_client_packets" lineno="18838">
<summary>
Relabel packets to brlp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_brlp_server_packets" lineno="18858">
<summary>
Send brlp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_brlp_server_packets" lineno="18877">
<summary>
Do not audit attempts to send brlp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_brlp_server_packets" lineno="18896">
<summary>
Receive brlp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_brlp_server_packets" lineno="18915">
<summary>
Do not audit attempts to receive brlp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_brlp_server_packets" lineno="18934">
<summary>
Send and receive brlp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_brlp_server_packets" lineno="18950">
<summary>
Do not audit attempts to send and receive brlp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_brlp_server_packets" lineno="18965">
<summary>
Relabel packets to brlp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_biff_port" lineno="18987">
<summary>
Send and receive TCP traffic on the biff port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_biff_port" lineno="19006">
<summary>
Send UDP traffic on the biff port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_biff_port" lineno="19025">
<summary>
Do not audit attempts to send UDP traffic on the biff port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_biff_port" lineno="19044">
<summary>
Receive UDP traffic on the biff port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_biff_port" lineno="19063">
<summary>
Do not audit attempts to receive UDP traffic on the biff port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_biff_port" lineno="19082">
<summary>
Send and receive UDP traffic on the biff port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_biff_port" lineno="19099">
<summary>
Do not audit attempts to send and receive
UDP traffic on the biff port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_biff_port" lineno="19115">
<summary>
Bind TCP sockets to the biff port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_biff_port" lineno="19135">
<summary>
Bind UDP sockets to the biff port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_biff_port" lineno="19155">
<summary>
Do not audit attempts to sbind to biff port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_biff_port" lineno="19174">
<summary>
Make a TCP connection to the biff port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_biff_port" lineno="19191">
<summary>
Do not audit attempts to make a TCP connection to biff port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_biff_client_packets" lineno="19211">
<summary>
Send biff_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_biff_client_packets" lineno="19230">
<summary>
Do not audit attempts to send biff_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_biff_client_packets" lineno="19249">
<summary>
Receive biff_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_biff_client_packets" lineno="19268">
<summary>
Do not audit attempts to receive biff_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_biff_client_packets" lineno="19287">
<summary>
Send and receive biff_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_biff_client_packets" lineno="19303">
<summary>
Do not audit attempts to send and receive biff_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_biff_client_packets" lineno="19318">
<summary>
Relabel packets to biff_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_biff_server_packets" lineno="19338">
<summary>
Send biff_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_biff_server_packets" lineno="19357">
<summary>
Do not audit attempts to send biff_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_biff_server_packets" lineno="19376">
<summary>
Receive biff_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_biff_server_packets" lineno="19395">
<summary>
Do not audit attempts to receive biff_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_biff_server_packets" lineno="19414">
<summary>
Send and receive biff_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_biff_server_packets" lineno="19430">
<summary>
Do not audit attempts to send and receive biff_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_biff_server_packets" lineno="19445">
<summary>
Relabel packets to biff_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_certmaster_port" lineno="19467">
<summary>
Send and receive TCP traffic on the certmaster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_certmaster_port" lineno="19486">
<summary>
Send UDP traffic on the certmaster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_certmaster_port" lineno="19505">
<summary>
Do not audit attempts to send UDP traffic on the certmaster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_certmaster_port" lineno="19524">
<summary>
Receive UDP traffic on the certmaster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_certmaster_port" lineno="19543">
<summary>
Do not audit attempts to receive UDP traffic on the certmaster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_certmaster_port" lineno="19562">
<summary>
Send and receive UDP traffic on the certmaster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_certmaster_port" lineno="19579">
<summary>
Do not audit attempts to send and receive
UDP traffic on the certmaster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_certmaster_port" lineno="19595">
<summary>
Bind TCP sockets to the certmaster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_certmaster_port" lineno="19615">
<summary>
Bind UDP sockets to the certmaster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_certmaster_port" lineno="19635">
<summary>
Do not audit attempts to sbind to certmaster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_certmaster_port" lineno="19654">
<summary>
Make a TCP connection to the certmaster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_certmaster_port" lineno="19671">
<summary>
Do not audit attempts to make a TCP connection to certmaster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_certmaster_client_packets" lineno="19691">
<summary>
Send certmaster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_certmaster_client_packets" lineno="19710">
<summary>
Do not audit attempts to send certmaster_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_certmaster_client_packets" lineno="19729">
<summary>
Receive certmaster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_certmaster_client_packets" lineno="19748">
<summary>
Do not audit attempts to receive certmaster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_certmaster_client_packets" lineno="19767">
<summary>
Send and receive certmaster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_certmaster_client_packets" lineno="19783">
<summary>
Do not audit attempts to send and receive certmaster_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_certmaster_client_packets" lineno="19798">
<summary>
Relabel packets to certmaster_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_certmaster_server_packets" lineno="19818">
<summary>
Send certmaster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_certmaster_server_packets" lineno="19837">
<summary>
Do not audit attempts to send certmaster_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_certmaster_server_packets" lineno="19856">
<summary>
Receive certmaster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_certmaster_server_packets" lineno="19875">
<summary>
Do not audit attempts to receive certmaster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_certmaster_server_packets" lineno="19894">
<summary>
Send and receive certmaster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_certmaster_server_packets" lineno="19910">
<summary>
Do not audit attempts to send and receive certmaster_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_certmaster_server_packets" lineno="19925">
<summary>
Relabel packets to certmaster_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_collectd_port" lineno="19947">
<summary>
Send and receive TCP traffic on the collectd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_collectd_port" lineno="19966">
<summary>
Send UDP traffic on the collectd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_collectd_port" lineno="19985">
<summary>
Do not audit attempts to send UDP traffic on the collectd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_collectd_port" lineno="20004">
<summary>
Receive UDP traffic on the collectd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_collectd_port" lineno="20023">
<summary>
Do not audit attempts to receive UDP traffic on the collectd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_collectd_port" lineno="20042">
<summary>
Send and receive UDP traffic on the collectd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_collectd_port" lineno="20059">
<summary>
Do not audit attempts to send and receive
UDP traffic on the collectd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_collectd_port" lineno="20075">
<summary>
Bind TCP sockets to the collectd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_collectd_port" lineno="20095">
<summary>
Bind UDP sockets to the collectd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_collectd_port" lineno="20115">
<summary>
Do not audit attempts to sbind to collectd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_collectd_port" lineno="20134">
<summary>
Make a TCP connection to the collectd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_collectd_port" lineno="20151">
<summary>
Do not audit attempts to make a TCP connection to collectd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_collectd_client_packets" lineno="20171">
<summary>
Send collectd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_collectd_client_packets" lineno="20190">
<summary>
Do not audit attempts to send collectd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_collectd_client_packets" lineno="20209">
<summary>
Receive collectd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_collectd_client_packets" lineno="20228">
<summary>
Do not audit attempts to receive collectd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_collectd_client_packets" lineno="20247">
<summary>
Send and receive collectd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_collectd_client_packets" lineno="20263">
<summary>
Do not audit attempts to send and receive collectd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_collectd_client_packets" lineno="20278">
<summary>
Relabel packets to collectd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_collectd_server_packets" lineno="20298">
<summary>
Send collectd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_collectd_server_packets" lineno="20317">
<summary>
Do not audit attempts to send collectd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_collectd_server_packets" lineno="20336">
<summary>
Receive collectd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_collectd_server_packets" lineno="20355">
<summary>
Do not audit attempts to receive collectd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_collectd_server_packets" lineno="20374">
<summary>
Send and receive collectd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_collectd_server_packets" lineno="20390">
<summary>
Do not audit attempts to send and receive collectd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_collectd_server_packets" lineno="20405">
<summary>
Relabel packets to collectd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_chronyd_port" lineno="20427">
<summary>
Send and receive TCP traffic on the chronyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_chronyd_port" lineno="20446">
<summary>
Send UDP traffic on the chronyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_chronyd_port" lineno="20465">
<summary>
Do not audit attempts to send UDP traffic on the chronyd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_chronyd_port" lineno="20484">
<summary>
Receive UDP traffic on the chronyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_chronyd_port" lineno="20503">
<summary>
Do not audit attempts to receive UDP traffic on the chronyd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_chronyd_port" lineno="20522">
<summary>
Send and receive UDP traffic on the chronyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_chronyd_port" lineno="20539">
<summary>
Do not audit attempts to send and receive
UDP traffic on the chronyd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_chronyd_port" lineno="20555">
<summary>
Bind TCP sockets to the chronyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_chronyd_port" lineno="20575">
<summary>
Bind UDP sockets to the chronyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_chronyd_port" lineno="20595">
<summary>
Do not audit attempts to sbind to chronyd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_chronyd_port" lineno="20614">
<summary>
Make a TCP connection to the chronyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_chronyd_port" lineno="20631">
<summary>
Do not audit attempts to make a TCP connection to chronyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_chronyd_client_packets" lineno="20651">
<summary>
Send chronyd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_chronyd_client_packets" lineno="20670">
<summary>
Do not audit attempts to send chronyd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_chronyd_client_packets" lineno="20689">
<summary>
Receive chronyd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_chronyd_client_packets" lineno="20708">
<summary>
Do not audit attempts to receive chronyd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_chronyd_client_packets" lineno="20727">
<summary>
Send and receive chronyd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_chronyd_client_packets" lineno="20743">
<summary>
Do not audit attempts to send and receive chronyd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_chronyd_client_packets" lineno="20758">
<summary>
Relabel packets to chronyd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_chronyd_server_packets" lineno="20778">
<summary>
Send chronyd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_chronyd_server_packets" lineno="20797">
<summary>
Do not audit attempts to send chronyd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_chronyd_server_packets" lineno="20816">
<summary>
Receive chronyd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_chronyd_server_packets" lineno="20835">
<summary>
Do not audit attempts to receive chronyd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_chronyd_server_packets" lineno="20854">
<summary>
Send and receive chronyd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_chronyd_server_packets" lineno="20870">
<summary>
Do not audit attempts to send and receive chronyd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_chronyd_server_packets" lineno="20885">
<summary>
Relabel packets to chronyd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_clamd_port" lineno="20907">
<summary>
Send and receive TCP traffic on the clamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_clamd_port" lineno="20926">
<summary>
Send UDP traffic on the clamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_clamd_port" lineno="20945">
<summary>
Do not audit attempts to send UDP traffic on the clamd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_clamd_port" lineno="20964">
<summary>
Receive UDP traffic on the clamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_clamd_port" lineno="20983">
<summary>
Do not audit attempts to receive UDP traffic on the clamd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_clamd_port" lineno="21002">
<summary>
Send and receive UDP traffic on the clamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_clamd_port" lineno="21019">
<summary>
Do not audit attempts to send and receive
UDP traffic on the clamd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_clamd_port" lineno="21035">
<summary>
Bind TCP sockets to the clamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_clamd_port" lineno="21055">
<summary>
Bind UDP sockets to the clamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_clamd_port" lineno="21075">
<summary>
Do not audit attempts to sbind to clamd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_clamd_port" lineno="21094">
<summary>
Make a TCP connection to the clamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_clamd_port" lineno="21111">
<summary>
Do not audit attempts to make a TCP connection to clamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_clamd_client_packets" lineno="21131">
<summary>
Send clamd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_clamd_client_packets" lineno="21150">
<summary>
Do not audit attempts to send clamd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_clamd_client_packets" lineno="21169">
<summary>
Receive clamd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_clamd_client_packets" lineno="21188">
<summary>
Do not audit attempts to receive clamd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_clamd_client_packets" lineno="21207">
<summary>
Send and receive clamd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_clamd_client_packets" lineno="21223">
<summary>
Do not audit attempts to send and receive clamd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_clamd_client_packets" lineno="21238">
<summary>
Relabel packets to clamd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_clamd_server_packets" lineno="21258">
<summary>
Send clamd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_clamd_server_packets" lineno="21277">
<summary>
Do not audit attempts to send clamd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_clamd_server_packets" lineno="21296">
<summary>
Receive clamd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_clamd_server_packets" lineno="21315">
<summary>
Do not audit attempts to receive clamd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_clamd_server_packets" lineno="21334">
<summary>
Send and receive clamd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_clamd_server_packets" lineno="21350">
<summary>
Do not audit attempts to send and receive clamd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_clamd_server_packets" lineno="21365">
<summary>
Relabel packets to clamd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_clockspeed_port" lineno="21387">
<summary>
Send and receive TCP traffic on the clockspeed port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_clockspeed_port" lineno="21406">
<summary>
Send UDP traffic on the clockspeed port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_clockspeed_port" lineno="21425">
<summary>
Do not audit attempts to send UDP traffic on the clockspeed port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_clockspeed_port" lineno="21444">
<summary>
Receive UDP traffic on the clockspeed port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_clockspeed_port" lineno="21463">
<summary>
Do not audit attempts to receive UDP traffic on the clockspeed port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_clockspeed_port" lineno="21482">
<summary>
Send and receive UDP traffic on the clockspeed port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_clockspeed_port" lineno="21499">
<summary>
Do not audit attempts to send and receive
UDP traffic on the clockspeed port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_clockspeed_port" lineno="21515">
<summary>
Bind TCP sockets to the clockspeed port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_clockspeed_port" lineno="21535">
<summary>
Bind UDP sockets to the clockspeed port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_clockspeed_port" lineno="21555">
<summary>
Do not audit attempts to sbind to clockspeed port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_clockspeed_port" lineno="21574">
<summary>
Make a TCP connection to the clockspeed port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_clockspeed_port" lineno="21591">
<summary>
Do not audit attempts to make a TCP connection to clockspeed port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_clockspeed_client_packets" lineno="21611">
<summary>
Send clockspeed_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_clockspeed_client_packets" lineno="21630">
<summary>
Do not audit attempts to send clockspeed_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_clockspeed_client_packets" lineno="21649">
<summary>
Receive clockspeed_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_clockspeed_client_packets" lineno="21668">
<summary>
Do not audit attempts to receive clockspeed_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_clockspeed_client_packets" lineno="21687">
<summary>
Send and receive clockspeed_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_clockspeed_client_packets" lineno="21703">
<summary>
Do not audit attempts to send and receive clockspeed_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_clockspeed_client_packets" lineno="21718">
<summary>
Relabel packets to clockspeed_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_clockspeed_server_packets" lineno="21738">
<summary>
Send clockspeed_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_clockspeed_server_packets" lineno="21757">
<summary>
Do not audit attempts to send clockspeed_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_clockspeed_server_packets" lineno="21776">
<summary>
Receive clockspeed_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_clockspeed_server_packets" lineno="21795">
<summary>
Do not audit attempts to receive clockspeed_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_clockspeed_server_packets" lineno="21814">
<summary>
Send and receive clockspeed_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_clockspeed_server_packets" lineno="21830">
<summary>
Do not audit attempts to send and receive clockspeed_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_clockspeed_server_packets" lineno="21845">
<summary>
Relabel packets to clockspeed_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_cluster_port" lineno="21867">
<summary>
Send and receive TCP traffic on the cluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_cluster_port" lineno="21886">
<summary>
Send UDP traffic on the cluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_cluster_port" lineno="21905">
<summary>
Do not audit attempts to send UDP traffic on the cluster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_cluster_port" lineno="21924">
<summary>
Receive UDP traffic on the cluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_cluster_port" lineno="21943">
<summary>
Do not audit attempts to receive UDP traffic on the cluster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_cluster_port" lineno="21962">
<summary>
Send and receive UDP traffic on the cluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_cluster_port" lineno="21979">
<summary>
Do not audit attempts to send and receive
UDP traffic on the cluster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_cluster_port" lineno="21995">
<summary>
Bind TCP sockets to the cluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_cluster_port" lineno="22015">
<summary>
Bind UDP sockets to the cluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_cluster_port" lineno="22035">
<summary>
Do not audit attempts to sbind to cluster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_cluster_port" lineno="22054">
<summary>
Make a TCP connection to the cluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_cluster_port" lineno="22071">
<summary>
Do not audit attempts to make a TCP connection to cluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cluster_client_packets" lineno="22091">
<summary>
Send cluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cluster_client_packets" lineno="22110">
<summary>
Do not audit attempts to send cluster_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cluster_client_packets" lineno="22129">
<summary>
Receive cluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cluster_client_packets" lineno="22148">
<summary>
Do not audit attempts to receive cluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cluster_client_packets" lineno="22167">
<summary>
Send and receive cluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cluster_client_packets" lineno="22183">
<summary>
Do not audit attempts to send and receive cluster_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cluster_client_packets" lineno="22198">
<summary>
Relabel packets to cluster_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cluster_server_packets" lineno="22218">
<summary>
Send cluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cluster_server_packets" lineno="22237">
<summary>
Do not audit attempts to send cluster_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cluster_server_packets" lineno="22256">
<summary>
Receive cluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cluster_server_packets" lineno="22275">
<summary>
Do not audit attempts to receive cluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cluster_server_packets" lineno="22294">
<summary>
Send and receive cluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cluster_server_packets" lineno="22310">
<summary>
Do not audit attempts to send and receive cluster_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cluster_server_packets" lineno="22325">
<summary>
Relabel packets to cluster_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_cma_port" lineno="22347">
<summary>
Send and receive TCP traffic on the cma port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_cma_port" lineno="22366">
<summary>
Send UDP traffic on the cma port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_cma_port" lineno="22385">
<summary>
Do not audit attempts to send UDP traffic on the cma port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_cma_port" lineno="22404">
<summary>
Receive UDP traffic on the cma port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_cma_port" lineno="22423">
<summary>
Do not audit attempts to receive UDP traffic on the cma port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_cma_port" lineno="22442">
<summary>
Send and receive UDP traffic on the cma port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_cma_port" lineno="22459">
<summary>
Do not audit attempts to send and receive
UDP traffic on the cma port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_cma_port" lineno="22475">
<summary>
Bind TCP sockets to the cma port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_cma_port" lineno="22495">
<summary>
Bind UDP sockets to the cma port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_cma_port" lineno="22515">
<summary>
Do not audit attempts to sbind to cma port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_cma_port" lineno="22534">
<summary>
Make a TCP connection to the cma port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_cma_port" lineno="22551">
<summary>
Do not audit attempts to make a TCP connection to cma port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cma_client_packets" lineno="22571">
<summary>
Send cma_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cma_client_packets" lineno="22590">
<summary>
Do not audit attempts to send cma_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cma_client_packets" lineno="22609">
<summary>
Receive cma_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cma_client_packets" lineno="22628">
<summary>
Do not audit attempts to receive cma_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cma_client_packets" lineno="22647">
<summary>
Send and receive cma_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cma_client_packets" lineno="22663">
<summary>
Do not audit attempts to send and receive cma_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cma_client_packets" lineno="22678">
<summary>
Relabel packets to cma_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cma_server_packets" lineno="22698">
<summary>
Send cma_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cma_server_packets" lineno="22717">
<summary>
Do not audit attempts to send cma_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cma_server_packets" lineno="22736">
<summary>
Receive cma_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cma_server_packets" lineno="22755">
<summary>
Do not audit attempts to receive cma_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cma_server_packets" lineno="22774">
<summary>
Send and receive cma_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cma_server_packets" lineno="22790">
<summary>
Do not audit attempts to send and receive cma_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cma_server_packets" lineno="22805">
<summary>
Relabel packets to cma_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_cmadmin_port" lineno="22827">
<summary>
Send and receive TCP traffic on the cmadmin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_cmadmin_port" lineno="22846">
<summary>
Send UDP traffic on the cmadmin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_cmadmin_port" lineno="22865">
<summary>
Do not audit attempts to send UDP traffic on the cmadmin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_cmadmin_port" lineno="22884">
<summary>
Receive UDP traffic on the cmadmin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_cmadmin_port" lineno="22903">
<summary>
Do not audit attempts to receive UDP traffic on the cmadmin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_cmadmin_port" lineno="22922">
<summary>
Send and receive UDP traffic on the cmadmin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_cmadmin_port" lineno="22939">
<summary>
Do not audit attempts to send and receive
UDP traffic on the cmadmin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_cmadmin_port" lineno="22955">
<summary>
Bind TCP sockets to the cmadmin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_cmadmin_port" lineno="22975">
<summary>
Bind UDP sockets to the cmadmin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_cmadmin_port" lineno="22995">
<summary>
Do not audit attempts to sbind to cmadmin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_cmadmin_port" lineno="23014">
<summary>
Make a TCP connection to the cmadmin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_cmadmin_port" lineno="23031">
<summary>
Do not audit attempts to make a TCP connection to cmadmin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cmadmin_client_packets" lineno="23051">
<summary>
Send cmadmin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cmadmin_client_packets" lineno="23070">
<summary>
Do not audit attempts to send cmadmin_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cmadmin_client_packets" lineno="23089">
<summary>
Receive cmadmin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cmadmin_client_packets" lineno="23108">
<summary>
Do not audit attempts to receive cmadmin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cmadmin_client_packets" lineno="23127">
<summary>
Send and receive cmadmin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cmadmin_client_packets" lineno="23143">
<summary>
Do not audit attempts to send and receive cmadmin_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cmadmin_client_packets" lineno="23158">
<summary>
Relabel packets to cmadmin_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cmadmin_server_packets" lineno="23178">
<summary>
Send cmadmin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cmadmin_server_packets" lineno="23197">
<summary>
Do not audit attempts to send cmadmin_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cmadmin_server_packets" lineno="23216">
<summary>
Receive cmadmin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cmadmin_server_packets" lineno="23235">
<summary>
Do not audit attempts to receive cmadmin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cmadmin_server_packets" lineno="23254">
<summary>
Send and receive cmadmin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cmadmin_server_packets" lineno="23270">
<summary>
Do not audit attempts to send and receive cmadmin_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cmadmin_server_packets" lineno="23285">
<summary>
Relabel packets to cmadmin_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_cobbler_port" lineno="23307">
<summary>
Send and receive TCP traffic on the cobbler port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_cobbler_port" lineno="23326">
<summary>
Send UDP traffic on the cobbler port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_cobbler_port" lineno="23345">
<summary>
Do not audit attempts to send UDP traffic on the cobbler port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_cobbler_port" lineno="23364">
<summary>
Receive UDP traffic on the cobbler port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_cobbler_port" lineno="23383">
<summary>
Do not audit attempts to receive UDP traffic on the cobbler port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_cobbler_port" lineno="23402">
<summary>
Send and receive UDP traffic on the cobbler port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_cobbler_port" lineno="23419">
<summary>
Do not audit attempts to send and receive
UDP traffic on the cobbler port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_cobbler_port" lineno="23435">
<summary>
Bind TCP sockets to the cobbler port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_cobbler_port" lineno="23455">
<summary>
Bind UDP sockets to the cobbler port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_cobbler_port" lineno="23475">
<summary>
Do not audit attempts to sbind to cobbler port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_cobbler_port" lineno="23494">
<summary>
Make a TCP connection to the cobbler port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_cobbler_port" lineno="23511">
<summary>
Do not audit attempts to make a TCP connection to cobbler port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cobbler_client_packets" lineno="23531">
<summary>
Send cobbler_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cobbler_client_packets" lineno="23550">
<summary>
Do not audit attempts to send cobbler_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cobbler_client_packets" lineno="23569">
<summary>
Receive cobbler_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cobbler_client_packets" lineno="23588">
<summary>
Do not audit attempts to receive cobbler_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cobbler_client_packets" lineno="23607">
<summary>
Send and receive cobbler_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cobbler_client_packets" lineno="23623">
<summary>
Do not audit attempts to send and receive cobbler_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cobbler_client_packets" lineno="23638">
<summary>
Relabel packets to cobbler_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cobbler_server_packets" lineno="23658">
<summary>
Send cobbler_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cobbler_server_packets" lineno="23677">
<summary>
Do not audit attempts to send cobbler_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cobbler_server_packets" lineno="23696">
<summary>
Receive cobbler_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cobbler_server_packets" lineno="23715">
<summary>
Do not audit attempts to receive cobbler_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cobbler_server_packets" lineno="23734">
<summary>
Send and receive cobbler_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cobbler_server_packets" lineno="23750">
<summary>
Do not audit attempts to send and receive cobbler_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cobbler_server_packets" lineno="23765">
<summary>
Relabel packets to cobbler_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_commplex_link_port" lineno="23787">
<summary>
Send and receive TCP traffic on the commplex_link port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_commplex_link_port" lineno="23806">
<summary>
Send UDP traffic on the commplex_link port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_commplex_link_port" lineno="23825">
<summary>
Do not audit attempts to send UDP traffic on the commplex_link port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_commplex_link_port" lineno="23844">
<summary>
Receive UDP traffic on the commplex_link port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_commplex_link_port" lineno="23863">
<summary>
Do not audit attempts to receive UDP traffic on the commplex_link port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_commplex_link_port" lineno="23882">
<summary>
Send and receive UDP traffic on the commplex_link port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_commplex_link_port" lineno="23899">
<summary>
Do not audit attempts to send and receive
UDP traffic on the commplex_link port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_commplex_link_port" lineno="23915">
<summary>
Bind TCP sockets to the commplex_link port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_commplex_link_port" lineno="23935">
<summary>
Bind UDP sockets to the commplex_link port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_commplex_link_port" lineno="23955">
<summary>
Do not audit attempts to sbind to commplex_link port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_commplex_link_port" lineno="23974">
<summary>
Make a TCP connection to the commplex_link port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_commplex_link_port" lineno="23991">
<summary>
Do not audit attempts to make a TCP connection to commplex_link port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_commplex_link_client_packets" lineno="24011">
<summary>
Send commplex_link_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_commplex_link_client_packets" lineno="24030">
<summary>
Do not audit attempts to send commplex_link_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_commplex_link_client_packets" lineno="24049">
<summary>
Receive commplex_link_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_commplex_link_client_packets" lineno="24068">
<summary>
Do not audit attempts to receive commplex_link_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_commplex_link_client_packets" lineno="24087">
<summary>
Send and receive commplex_link_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_commplex_link_client_packets" lineno="24103">
<summary>
Do not audit attempts to send and receive commplex_link_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_commplex_link_client_packets" lineno="24118">
<summary>
Relabel packets to commplex_link_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_commplex_link_server_packets" lineno="24138">
<summary>
Send commplex_link_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_commplex_link_server_packets" lineno="24157">
<summary>
Do not audit attempts to send commplex_link_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_commplex_link_server_packets" lineno="24176">
<summary>
Receive commplex_link_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_commplex_link_server_packets" lineno="24195">
<summary>
Do not audit attempts to receive commplex_link_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_commplex_link_server_packets" lineno="24214">
<summary>
Send and receive commplex_link_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_commplex_link_server_packets" lineno="24230">
<summary>
Do not audit attempts to send and receive commplex_link_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_commplex_link_server_packets" lineno="24245">
<summary>
Relabel packets to commplex_link_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_commplex_main_port" lineno="24267">
<summary>
Send and receive TCP traffic on the commplex_main port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_commplex_main_port" lineno="24286">
<summary>
Send UDP traffic on the commplex_main port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_commplex_main_port" lineno="24305">
<summary>
Do not audit attempts to send UDP traffic on the commplex_main port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_commplex_main_port" lineno="24324">
<summary>
Receive UDP traffic on the commplex_main port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_commplex_main_port" lineno="24343">
<summary>
Do not audit attempts to receive UDP traffic on the commplex_main port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_commplex_main_port" lineno="24362">
<summary>
Send and receive UDP traffic on the commplex_main port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_commplex_main_port" lineno="24379">
<summary>
Do not audit attempts to send and receive
UDP traffic on the commplex_main port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_commplex_main_port" lineno="24395">
<summary>
Bind TCP sockets to the commplex_main port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_commplex_main_port" lineno="24415">
<summary>
Bind UDP sockets to the commplex_main port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_commplex_main_port" lineno="24435">
<summary>
Do not audit attempts to sbind to commplex_main port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_commplex_main_port" lineno="24454">
<summary>
Make a TCP connection to the commplex_main port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_commplex_main_port" lineno="24471">
<summary>
Do not audit attempts to make a TCP connection to commplex_main port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_commplex_main_client_packets" lineno="24491">
<summary>
Send commplex_main_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_commplex_main_client_packets" lineno="24510">
<summary>
Do not audit attempts to send commplex_main_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_commplex_main_client_packets" lineno="24529">
<summary>
Receive commplex_main_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_commplex_main_client_packets" lineno="24548">
<summary>
Do not audit attempts to receive commplex_main_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_commplex_main_client_packets" lineno="24567">
<summary>
Send and receive commplex_main_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_commplex_main_client_packets" lineno="24583">
<summary>
Do not audit attempts to send and receive commplex_main_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_commplex_main_client_packets" lineno="24598">
<summary>
Relabel packets to commplex_main_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_commplex_main_server_packets" lineno="24618">
<summary>
Send commplex_main_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_commplex_main_server_packets" lineno="24637">
<summary>
Do not audit attempts to send commplex_main_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_commplex_main_server_packets" lineno="24656">
<summary>
Receive commplex_main_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_commplex_main_server_packets" lineno="24675">
<summary>
Do not audit attempts to receive commplex_main_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_commplex_main_server_packets" lineno="24694">
<summary>
Send and receive commplex_main_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_commplex_main_server_packets" lineno="24710">
<summary>
Do not audit attempts to send and receive commplex_main_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_commplex_main_server_packets" lineno="24725">
<summary>
Relabel packets to commplex_main_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_comsat_port" lineno="24747">
<summary>
Send and receive TCP traffic on the comsat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_comsat_port" lineno="24766">
<summary>
Send UDP traffic on the comsat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_comsat_port" lineno="24785">
<summary>
Do not audit attempts to send UDP traffic on the comsat port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_comsat_port" lineno="24804">
<summary>
Receive UDP traffic on the comsat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_comsat_port" lineno="24823">
<summary>
Do not audit attempts to receive UDP traffic on the comsat port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_comsat_port" lineno="24842">
<summary>
Send and receive UDP traffic on the comsat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_comsat_port" lineno="24859">
<summary>
Do not audit attempts to send and receive
UDP traffic on the comsat port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_comsat_port" lineno="24875">
<summary>
Bind TCP sockets to the comsat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_comsat_port" lineno="24895">
<summary>
Bind UDP sockets to the comsat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_comsat_port" lineno="24915">
<summary>
Do not audit attempts to sbind to comsat port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_comsat_port" lineno="24934">
<summary>
Make a TCP connection to the comsat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_comsat_port" lineno="24951">
<summary>
Do not audit attempts to make a TCP connection to comsat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_comsat_client_packets" lineno="24971">
<summary>
Send comsat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_comsat_client_packets" lineno="24990">
<summary>
Do not audit attempts to send comsat_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_comsat_client_packets" lineno="25009">
<summary>
Receive comsat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_comsat_client_packets" lineno="25028">
<summary>
Do not audit attempts to receive comsat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_comsat_client_packets" lineno="25047">
<summary>
Send and receive comsat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_comsat_client_packets" lineno="25063">
<summary>
Do not audit attempts to send and receive comsat_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_comsat_client_packets" lineno="25078">
<summary>
Relabel packets to comsat_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_comsat_server_packets" lineno="25098">
<summary>
Send comsat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_comsat_server_packets" lineno="25117">
<summary>
Do not audit attempts to send comsat_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_comsat_server_packets" lineno="25136">
<summary>
Receive comsat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_comsat_server_packets" lineno="25155">
<summary>
Do not audit attempts to receive comsat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_comsat_server_packets" lineno="25174">
<summary>
Send and receive comsat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_comsat_server_packets" lineno="25190">
<summary>
Do not audit attempts to send and receive comsat_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_comsat_server_packets" lineno="25205">
<summary>
Relabel packets to comsat_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_condor_port" lineno="25227">
<summary>
Send and receive TCP traffic on the condor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_condor_port" lineno="25246">
<summary>
Send UDP traffic on the condor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_condor_port" lineno="25265">
<summary>
Do not audit attempts to send UDP traffic on the condor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_condor_port" lineno="25284">
<summary>
Receive UDP traffic on the condor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_condor_port" lineno="25303">
<summary>
Do not audit attempts to receive UDP traffic on the condor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_condor_port" lineno="25322">
<summary>
Send and receive UDP traffic on the condor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_condor_port" lineno="25339">
<summary>
Do not audit attempts to send and receive
UDP traffic on the condor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_condor_port" lineno="25355">
<summary>
Bind TCP sockets to the condor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_condor_port" lineno="25375">
<summary>
Bind UDP sockets to the condor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_condor_port" lineno="25395">
<summary>
Do not audit attempts to sbind to condor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_condor_port" lineno="25414">
<summary>
Make a TCP connection to the condor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_condor_port" lineno="25431">
<summary>
Do not audit attempts to make a TCP connection to condor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_condor_client_packets" lineno="25451">
<summary>
Send condor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_condor_client_packets" lineno="25470">
<summary>
Do not audit attempts to send condor_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_condor_client_packets" lineno="25489">
<summary>
Receive condor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_condor_client_packets" lineno="25508">
<summary>
Do not audit attempts to receive condor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_condor_client_packets" lineno="25527">
<summary>
Send and receive condor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_condor_client_packets" lineno="25543">
<summary>
Do not audit attempts to send and receive condor_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_condor_client_packets" lineno="25558">
<summary>
Relabel packets to condor_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_condor_server_packets" lineno="25578">
<summary>
Send condor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_condor_server_packets" lineno="25597">
<summary>
Do not audit attempts to send condor_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_condor_server_packets" lineno="25616">
<summary>
Receive condor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_condor_server_packets" lineno="25635">
<summary>
Do not audit attempts to receive condor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_condor_server_packets" lineno="25654">
<summary>
Send and receive condor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_condor_server_packets" lineno="25670">
<summary>
Do not audit attempts to send and receive condor_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_condor_server_packets" lineno="25685">
<summary>
Relabel packets to condor_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_conman_port" lineno="25707">
<summary>
Send and receive TCP traffic on the conman port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_conman_port" lineno="25726">
<summary>
Send UDP traffic on the conman port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_conman_port" lineno="25745">
<summary>
Do not audit attempts to send UDP traffic on the conman port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_conman_port" lineno="25764">
<summary>
Receive UDP traffic on the conman port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_conman_port" lineno="25783">
<summary>
Do not audit attempts to receive UDP traffic on the conman port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_conman_port" lineno="25802">
<summary>
Send and receive UDP traffic on the conman port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_conman_port" lineno="25819">
<summary>
Do not audit attempts to send and receive
UDP traffic on the conman port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_conman_port" lineno="25835">
<summary>
Bind TCP sockets to the conman port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_conman_port" lineno="25855">
<summary>
Bind UDP sockets to the conman port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_conman_port" lineno="25875">
<summary>
Do not audit attempts to sbind to conman port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_conman_port" lineno="25894">
<summary>
Make a TCP connection to the conman port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_conman_port" lineno="25911">
<summary>
Do not audit attempts to make a TCP connection to conman port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_conman_client_packets" lineno="25931">
<summary>
Send conman_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_conman_client_packets" lineno="25950">
<summary>
Do not audit attempts to send conman_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_conman_client_packets" lineno="25969">
<summary>
Receive conman_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_conman_client_packets" lineno="25988">
<summary>
Do not audit attempts to receive conman_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_conman_client_packets" lineno="26007">
<summary>
Send and receive conman_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_conman_client_packets" lineno="26023">
<summary>
Do not audit attempts to send and receive conman_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_conman_client_packets" lineno="26038">
<summary>
Relabel packets to conman_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_conman_server_packets" lineno="26058">
<summary>
Send conman_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_conman_server_packets" lineno="26077">
<summary>
Do not audit attempts to send conman_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_conman_server_packets" lineno="26096">
<summary>
Receive conman_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_conman_server_packets" lineno="26115">
<summary>
Do not audit attempts to receive conman_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_conman_server_packets" lineno="26134">
<summary>
Send and receive conman_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_conman_server_packets" lineno="26150">
<summary>
Do not audit attempts to send and receive conman_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_conman_server_packets" lineno="26165">
<summary>
Relabel packets to conman_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_connlcli_port" lineno="26187">
<summary>
Send and receive TCP traffic on the connlcli port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_connlcli_port" lineno="26206">
<summary>
Send UDP traffic on the connlcli port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_connlcli_port" lineno="26225">
<summary>
Do not audit attempts to send UDP traffic on the connlcli port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_connlcli_port" lineno="26244">
<summary>
Receive UDP traffic on the connlcli port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_connlcli_port" lineno="26263">
<summary>
Do not audit attempts to receive UDP traffic on the connlcli port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_connlcli_port" lineno="26282">
<summary>
Send and receive UDP traffic on the connlcli port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_connlcli_port" lineno="26299">
<summary>
Do not audit attempts to send and receive
UDP traffic on the connlcli port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_connlcli_port" lineno="26315">
<summary>
Bind TCP sockets to the connlcli port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_connlcli_port" lineno="26335">
<summary>
Bind UDP sockets to the connlcli port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_connlcli_port" lineno="26355">
<summary>
Do not audit attempts to sbind to connlcli port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_connlcli_port" lineno="26374">
<summary>
Make a TCP connection to the connlcli port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_connlcli_port" lineno="26391">
<summary>
Do not audit attempts to make a TCP connection to connlcli port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_connlcli_client_packets" lineno="26411">
<summary>
Send connlcli_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_connlcli_client_packets" lineno="26430">
<summary>
Do not audit attempts to send connlcli_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_connlcli_client_packets" lineno="26449">
<summary>
Receive connlcli_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_connlcli_client_packets" lineno="26468">
<summary>
Do not audit attempts to receive connlcli_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_connlcli_client_packets" lineno="26487">
<summary>
Send and receive connlcli_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_connlcli_client_packets" lineno="26503">
<summary>
Do not audit attempts to send and receive connlcli_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_connlcli_client_packets" lineno="26518">
<summary>
Relabel packets to connlcli_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_connlcli_server_packets" lineno="26538">
<summary>
Send connlcli_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_connlcli_server_packets" lineno="26557">
<summary>
Do not audit attempts to send connlcli_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_connlcli_server_packets" lineno="26576">
<summary>
Receive connlcli_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_connlcli_server_packets" lineno="26595">
<summary>
Do not audit attempts to receive connlcli_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_connlcli_server_packets" lineno="26614">
<summary>
Send and receive connlcli_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_connlcli_server_packets" lineno="26630">
<summary>
Do not audit attempts to send and receive connlcli_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_connlcli_server_packets" lineno="26645">
<summary>
Relabel packets to connlcli_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_conntrackd_port" lineno="26667">
<summary>
Send and receive TCP traffic on the conntrackd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_conntrackd_port" lineno="26686">
<summary>
Send UDP traffic on the conntrackd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_conntrackd_port" lineno="26705">
<summary>
Do not audit attempts to send UDP traffic on the conntrackd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_conntrackd_port" lineno="26724">
<summary>
Receive UDP traffic on the conntrackd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_conntrackd_port" lineno="26743">
<summary>
Do not audit attempts to receive UDP traffic on the conntrackd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_conntrackd_port" lineno="26762">
<summary>
Send and receive UDP traffic on the conntrackd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_conntrackd_port" lineno="26779">
<summary>
Do not audit attempts to send and receive
UDP traffic on the conntrackd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_conntrackd_port" lineno="26795">
<summary>
Bind TCP sockets to the conntrackd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_conntrackd_port" lineno="26815">
<summary>
Bind UDP sockets to the conntrackd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_conntrackd_port" lineno="26835">
<summary>
Do not audit attempts to sbind to conntrackd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_conntrackd_port" lineno="26854">
<summary>
Make a TCP connection to the conntrackd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_conntrackd_port" lineno="26871">
<summary>
Do not audit attempts to make a TCP connection to conntrackd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_conntrackd_client_packets" lineno="26891">
<summary>
Send conntrackd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_conntrackd_client_packets" lineno="26910">
<summary>
Do not audit attempts to send conntrackd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_conntrackd_client_packets" lineno="26929">
<summary>
Receive conntrackd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_conntrackd_client_packets" lineno="26948">
<summary>
Do not audit attempts to receive conntrackd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_conntrackd_client_packets" lineno="26967">
<summary>
Send and receive conntrackd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_conntrackd_client_packets" lineno="26983">
<summary>
Do not audit attempts to send and receive conntrackd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_conntrackd_client_packets" lineno="26998">
<summary>
Relabel packets to conntrackd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_conntrackd_server_packets" lineno="27018">
<summary>
Send conntrackd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_conntrackd_server_packets" lineno="27037">
<summary>
Do not audit attempts to send conntrackd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_conntrackd_server_packets" lineno="27056">
<summary>
Receive conntrackd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_conntrackd_server_packets" lineno="27075">
<summary>
Do not audit attempts to receive conntrackd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_conntrackd_server_packets" lineno="27094">
<summary>
Send and receive conntrackd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_conntrackd_server_packets" lineno="27110">
<summary>
Do not audit attempts to send and receive conntrackd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_conntrackd_server_packets" lineno="27125">
<summary>
Relabel packets to conntrackd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_couchdb_port" lineno="27147">
<summary>
Send and receive TCP traffic on the couchdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_couchdb_port" lineno="27166">
<summary>
Send UDP traffic on the couchdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_couchdb_port" lineno="27185">
<summary>
Do not audit attempts to send UDP traffic on the couchdb port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_couchdb_port" lineno="27204">
<summary>
Receive UDP traffic on the couchdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_couchdb_port" lineno="27223">
<summary>
Do not audit attempts to receive UDP traffic on the couchdb port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_couchdb_port" lineno="27242">
<summary>
Send and receive UDP traffic on the couchdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_couchdb_port" lineno="27259">
<summary>
Do not audit attempts to send and receive
UDP traffic on the couchdb port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_couchdb_port" lineno="27275">
<summary>
Bind TCP sockets to the couchdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_couchdb_port" lineno="27295">
<summary>
Bind UDP sockets to the couchdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_couchdb_port" lineno="27315">
<summary>
Do not audit attempts to sbind to couchdb port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_couchdb_port" lineno="27334">
<summary>
Make a TCP connection to the couchdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_couchdb_port" lineno="27351">
<summary>
Do not audit attempts to make a TCP connection to couchdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_couchdb_client_packets" lineno="27371">
<summary>
Send couchdb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_couchdb_client_packets" lineno="27390">
<summary>
Do not audit attempts to send couchdb_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_couchdb_client_packets" lineno="27409">
<summary>
Receive couchdb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_couchdb_client_packets" lineno="27428">
<summary>
Do not audit attempts to receive couchdb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_couchdb_client_packets" lineno="27447">
<summary>
Send and receive couchdb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_couchdb_client_packets" lineno="27463">
<summary>
Do not audit attempts to send and receive couchdb_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_couchdb_client_packets" lineno="27478">
<summary>
Relabel packets to couchdb_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_couchdb_server_packets" lineno="27498">
<summary>
Send couchdb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_couchdb_server_packets" lineno="27517">
<summary>
Do not audit attempts to send couchdb_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_couchdb_server_packets" lineno="27536">
<summary>
Receive couchdb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_couchdb_server_packets" lineno="27555">
<summary>
Do not audit attempts to receive couchdb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_couchdb_server_packets" lineno="27574">
<summary>
Send and receive couchdb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_couchdb_server_packets" lineno="27590">
<summary>
Do not audit attempts to send and receive couchdb_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_couchdb_server_packets" lineno="27605">
<summary>
Relabel packets to couchdb_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ctdb_port" lineno="27627">
<summary>
Send and receive TCP traffic on the ctdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ctdb_port" lineno="27646">
<summary>
Send UDP traffic on the ctdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ctdb_port" lineno="27665">
<summary>
Do not audit attempts to send UDP traffic on the ctdb port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ctdb_port" lineno="27684">
<summary>
Receive UDP traffic on the ctdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ctdb_port" lineno="27703">
<summary>
Do not audit attempts to receive UDP traffic on the ctdb port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ctdb_port" lineno="27722">
<summary>
Send and receive UDP traffic on the ctdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ctdb_port" lineno="27739">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ctdb port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ctdb_port" lineno="27755">
<summary>
Bind TCP sockets to the ctdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ctdb_port" lineno="27775">
<summary>
Bind UDP sockets to the ctdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_ctdb_port" lineno="27795">
<summary>
Do not audit attempts to sbind to ctdb port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ctdb_port" lineno="27814">
<summary>
Make a TCP connection to the ctdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_ctdb_port" lineno="27831">
<summary>
Do not audit attempts to make a TCP connection to ctdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ctdb_client_packets" lineno="27851">
<summary>
Send ctdb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ctdb_client_packets" lineno="27870">
<summary>
Do not audit attempts to send ctdb_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ctdb_client_packets" lineno="27889">
<summary>
Receive ctdb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ctdb_client_packets" lineno="27908">
<summary>
Do not audit attempts to receive ctdb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ctdb_client_packets" lineno="27927">
<summary>
Send and receive ctdb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ctdb_client_packets" lineno="27943">
<summary>
Do not audit attempts to send and receive ctdb_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ctdb_client_packets" lineno="27958">
<summary>
Relabel packets to ctdb_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ctdb_server_packets" lineno="27978">
<summary>
Send ctdb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ctdb_server_packets" lineno="27997">
<summary>
Do not audit attempts to send ctdb_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ctdb_server_packets" lineno="28016">
<summary>
Receive ctdb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ctdb_server_packets" lineno="28035">
<summary>
Do not audit attempts to receive ctdb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ctdb_server_packets" lineno="28054">
<summary>
Send and receive ctdb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ctdb_server_packets" lineno="28070">
<summary>
Do not audit attempts to send and receive ctdb_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ctdb_server_packets" lineno="28085">
<summary>
Relabel packets to ctdb_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_cvs_port" lineno="28107">
<summary>
Send and receive TCP traffic on the cvs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_cvs_port" lineno="28126">
<summary>
Send UDP traffic on the cvs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_cvs_port" lineno="28145">
<summary>
Do not audit attempts to send UDP traffic on the cvs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_cvs_port" lineno="28164">
<summary>
Receive UDP traffic on the cvs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_cvs_port" lineno="28183">
<summary>
Do not audit attempts to receive UDP traffic on the cvs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_cvs_port" lineno="28202">
<summary>
Send and receive UDP traffic on the cvs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_cvs_port" lineno="28219">
<summary>
Do not audit attempts to send and receive
UDP traffic on the cvs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_cvs_port" lineno="28235">
<summary>
Bind TCP sockets to the cvs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_cvs_port" lineno="28255">
<summary>
Bind UDP sockets to the cvs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_cvs_port" lineno="28275">
<summary>
Do not audit attempts to sbind to cvs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_cvs_port" lineno="28294">
<summary>
Make a TCP connection to the cvs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_cvs_port" lineno="28311">
<summary>
Do not audit attempts to make a TCP connection to cvs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cvs_client_packets" lineno="28331">
<summary>
Send cvs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cvs_client_packets" lineno="28350">
<summary>
Do not audit attempts to send cvs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cvs_client_packets" lineno="28369">
<summary>
Receive cvs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cvs_client_packets" lineno="28388">
<summary>
Do not audit attempts to receive cvs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cvs_client_packets" lineno="28407">
<summary>
Send and receive cvs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cvs_client_packets" lineno="28423">
<summary>
Do not audit attempts to send and receive cvs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cvs_client_packets" lineno="28438">
<summary>
Relabel packets to cvs_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cvs_server_packets" lineno="28458">
<summary>
Send cvs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cvs_server_packets" lineno="28477">
<summary>
Do not audit attempts to send cvs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cvs_server_packets" lineno="28496">
<summary>
Receive cvs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cvs_server_packets" lineno="28515">
<summary>
Do not audit attempts to receive cvs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cvs_server_packets" lineno="28534">
<summary>
Send and receive cvs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cvs_server_packets" lineno="28550">
<summary>
Do not audit attempts to send and receive cvs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cvs_server_packets" lineno="28565">
<summary>
Relabel packets to cvs_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_cyphesis_port" lineno="28587">
<summary>
Send and receive TCP traffic on the cyphesis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_cyphesis_port" lineno="28606">
<summary>
Send UDP traffic on the cyphesis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_cyphesis_port" lineno="28625">
<summary>
Do not audit attempts to send UDP traffic on the cyphesis port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_cyphesis_port" lineno="28644">
<summary>
Receive UDP traffic on the cyphesis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_cyphesis_port" lineno="28663">
<summary>
Do not audit attempts to receive UDP traffic on the cyphesis port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_cyphesis_port" lineno="28682">
<summary>
Send and receive UDP traffic on the cyphesis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_cyphesis_port" lineno="28699">
<summary>
Do not audit attempts to send and receive
UDP traffic on the cyphesis port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_cyphesis_port" lineno="28715">
<summary>
Bind TCP sockets to the cyphesis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_cyphesis_port" lineno="28735">
<summary>
Bind UDP sockets to the cyphesis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_cyphesis_port" lineno="28755">
<summary>
Do not audit attempts to sbind to cyphesis port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_cyphesis_port" lineno="28774">
<summary>
Make a TCP connection to the cyphesis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_cyphesis_port" lineno="28791">
<summary>
Do not audit attempts to make a TCP connection to cyphesis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cyphesis_client_packets" lineno="28811">
<summary>
Send cyphesis_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cyphesis_client_packets" lineno="28830">
<summary>
Do not audit attempts to send cyphesis_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cyphesis_client_packets" lineno="28849">
<summary>
Receive cyphesis_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cyphesis_client_packets" lineno="28868">
<summary>
Do not audit attempts to receive cyphesis_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cyphesis_client_packets" lineno="28887">
<summary>
Send and receive cyphesis_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cyphesis_client_packets" lineno="28903">
<summary>
Do not audit attempts to send and receive cyphesis_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cyphesis_client_packets" lineno="28918">
<summary>
Relabel packets to cyphesis_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cyphesis_server_packets" lineno="28938">
<summary>
Send cyphesis_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cyphesis_server_packets" lineno="28957">
<summary>
Do not audit attempts to send cyphesis_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cyphesis_server_packets" lineno="28976">
<summary>
Receive cyphesis_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cyphesis_server_packets" lineno="28995">
<summary>
Do not audit attempts to receive cyphesis_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cyphesis_server_packets" lineno="29014">
<summary>
Send and receive cyphesis_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cyphesis_server_packets" lineno="29030">
<summary>
Do not audit attempts to send and receive cyphesis_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cyphesis_server_packets" lineno="29045">
<summary>
Relabel packets to cyphesis_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_cyrus_imapd_port" lineno="29067">
<summary>
Send and receive TCP traffic on the cyrus_imapd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_cyrus_imapd_port" lineno="29086">
<summary>
Send UDP traffic on the cyrus_imapd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_cyrus_imapd_port" lineno="29105">
<summary>
Do not audit attempts to send UDP traffic on the cyrus_imapd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_cyrus_imapd_port" lineno="29124">
<summary>
Receive UDP traffic on the cyrus_imapd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_cyrus_imapd_port" lineno="29143">
<summary>
Do not audit attempts to receive UDP traffic on the cyrus_imapd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_cyrus_imapd_port" lineno="29162">
<summary>
Send and receive UDP traffic on the cyrus_imapd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_cyrus_imapd_port" lineno="29179">
<summary>
Do not audit attempts to send and receive
UDP traffic on the cyrus_imapd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_cyrus_imapd_port" lineno="29195">
<summary>
Bind TCP sockets to the cyrus_imapd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_cyrus_imapd_port" lineno="29215">
<summary>
Bind UDP sockets to the cyrus_imapd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_cyrus_imapd_port" lineno="29235">
<summary>
Do not audit attempts to sbind to cyrus_imapd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_cyrus_imapd_port" lineno="29254">
<summary>
Make a TCP connection to the cyrus_imapd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_cyrus_imapd_port" lineno="29271">
<summary>
Do not audit attempts to make a TCP connection to cyrus_imapd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cyrus_imapd_client_packets" lineno="29291">
<summary>
Send cyrus_imapd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cyrus_imapd_client_packets" lineno="29310">
<summary>
Do not audit attempts to send cyrus_imapd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cyrus_imapd_client_packets" lineno="29329">
<summary>
Receive cyrus_imapd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cyrus_imapd_client_packets" lineno="29348">
<summary>
Do not audit attempts to receive cyrus_imapd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cyrus_imapd_client_packets" lineno="29367">
<summary>
Send and receive cyrus_imapd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cyrus_imapd_client_packets" lineno="29383">
<summary>
Do not audit attempts to send and receive cyrus_imapd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cyrus_imapd_client_packets" lineno="29398">
<summary>
Relabel packets to cyrus_imapd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cyrus_imapd_server_packets" lineno="29418">
<summary>
Send cyrus_imapd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cyrus_imapd_server_packets" lineno="29437">
<summary>
Do not audit attempts to send cyrus_imapd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cyrus_imapd_server_packets" lineno="29456">
<summary>
Receive cyrus_imapd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cyrus_imapd_server_packets" lineno="29475">
<summary>
Do not audit attempts to receive cyrus_imapd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cyrus_imapd_server_packets" lineno="29494">
<summary>
Send and receive cyrus_imapd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cyrus_imapd_server_packets" lineno="29510">
<summary>
Do not audit attempts to send and receive cyrus_imapd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cyrus_imapd_server_packets" lineno="29525">
<summary>
Relabel packets to cyrus_imapd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_daap_port" lineno="29547">
<summary>
Send and receive TCP traffic on the daap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_daap_port" lineno="29566">
<summary>
Send UDP traffic on the daap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_daap_port" lineno="29585">
<summary>
Do not audit attempts to send UDP traffic on the daap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_daap_port" lineno="29604">
<summary>
Receive UDP traffic on the daap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_daap_port" lineno="29623">
<summary>
Do not audit attempts to receive UDP traffic on the daap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_daap_port" lineno="29642">
<summary>
Send and receive UDP traffic on the daap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_daap_port" lineno="29659">
<summary>
Do not audit attempts to send and receive
UDP traffic on the daap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_daap_port" lineno="29675">
<summary>
Bind TCP sockets to the daap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_daap_port" lineno="29695">
<summary>
Bind UDP sockets to the daap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_daap_port" lineno="29715">
<summary>
Do not audit attempts to sbind to daap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_daap_port" lineno="29734">
<summary>
Make a TCP connection to the daap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_daap_port" lineno="29751">
<summary>
Do not audit attempts to make a TCP connection to daap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_daap_client_packets" lineno="29771">
<summary>
Send daap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_daap_client_packets" lineno="29790">
<summary>
Do not audit attempts to send daap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_daap_client_packets" lineno="29809">
<summary>
Receive daap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_daap_client_packets" lineno="29828">
<summary>
Do not audit attempts to receive daap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_daap_client_packets" lineno="29847">
<summary>
Send and receive daap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_daap_client_packets" lineno="29863">
<summary>
Do not audit attempts to send and receive daap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_daap_client_packets" lineno="29878">
<summary>
Relabel packets to daap_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_daap_server_packets" lineno="29898">
<summary>
Send daap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_daap_server_packets" lineno="29917">
<summary>
Do not audit attempts to send daap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_daap_server_packets" lineno="29936">
<summary>
Receive daap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_daap_server_packets" lineno="29955">
<summary>
Do not audit attempts to receive daap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_daap_server_packets" lineno="29974">
<summary>
Send and receive daap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_daap_server_packets" lineno="29990">
<summary>
Do not audit attempts to send and receive daap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_daap_server_packets" lineno="30005">
<summary>
Relabel packets to daap_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_dbskkd_port" lineno="30027">
<summary>
Send and receive TCP traffic on the dbskkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_dbskkd_port" lineno="30046">
<summary>
Send UDP traffic on the dbskkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_dbskkd_port" lineno="30065">
<summary>
Do not audit attempts to send UDP traffic on the dbskkd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_dbskkd_port" lineno="30084">
<summary>
Receive UDP traffic on the dbskkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_dbskkd_port" lineno="30103">
<summary>
Do not audit attempts to receive UDP traffic on the dbskkd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_dbskkd_port" lineno="30122">
<summary>
Send and receive UDP traffic on the dbskkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_dbskkd_port" lineno="30139">
<summary>
Do not audit attempts to send and receive
UDP traffic on the dbskkd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_dbskkd_port" lineno="30155">
<summary>
Bind TCP sockets to the dbskkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_dbskkd_port" lineno="30175">
<summary>
Bind UDP sockets to the dbskkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_dbskkd_port" lineno="30195">
<summary>
Do not audit attempts to sbind to dbskkd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_dbskkd_port" lineno="30214">
<summary>
Make a TCP connection to the dbskkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_dbskkd_port" lineno="30231">
<summary>
Do not audit attempts to make a TCP connection to dbskkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dbskkd_client_packets" lineno="30251">
<summary>
Send dbskkd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dbskkd_client_packets" lineno="30270">
<summary>
Do not audit attempts to send dbskkd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dbskkd_client_packets" lineno="30289">
<summary>
Receive dbskkd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dbskkd_client_packets" lineno="30308">
<summary>
Do not audit attempts to receive dbskkd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dbskkd_client_packets" lineno="30327">
<summary>
Send and receive dbskkd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dbskkd_client_packets" lineno="30343">
<summary>
Do not audit attempts to send and receive dbskkd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dbskkd_client_packets" lineno="30358">
<summary>
Relabel packets to dbskkd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dbskkd_server_packets" lineno="30378">
<summary>
Send dbskkd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dbskkd_server_packets" lineno="30397">
<summary>
Do not audit attempts to send dbskkd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dbskkd_server_packets" lineno="30416">
<summary>
Receive dbskkd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dbskkd_server_packets" lineno="30435">
<summary>
Do not audit attempts to receive dbskkd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dbskkd_server_packets" lineno="30454">
<summary>
Send and receive dbskkd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dbskkd_server_packets" lineno="30470">
<summary>
Do not audit attempts to send and receive dbskkd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dbskkd_server_packets" lineno="30485">
<summary>
Relabel packets to dbskkd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_dcc_port" lineno="30507">
<summary>
Send and receive TCP traffic on the dcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_dcc_port" lineno="30526">
<summary>
Send UDP traffic on the dcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_dcc_port" lineno="30545">
<summary>
Do not audit attempts to send UDP traffic on the dcc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_dcc_port" lineno="30564">
<summary>
Receive UDP traffic on the dcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_dcc_port" lineno="30583">
<summary>
Do not audit attempts to receive UDP traffic on the dcc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_dcc_port" lineno="30602">
<summary>
Send and receive UDP traffic on the dcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_dcc_port" lineno="30619">
<summary>
Do not audit attempts to send and receive
UDP traffic on the dcc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_dcc_port" lineno="30635">
<summary>
Bind TCP sockets to the dcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_dcc_port" lineno="30655">
<summary>
Bind UDP sockets to the dcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_dcc_port" lineno="30675">
<summary>
Do not audit attempts to sbind to dcc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_dcc_port" lineno="30694">
<summary>
Make a TCP connection to the dcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_dcc_port" lineno="30711">
<summary>
Do not audit attempts to make a TCP connection to dcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dcc_client_packets" lineno="30731">
<summary>
Send dcc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dcc_client_packets" lineno="30750">
<summary>
Do not audit attempts to send dcc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dcc_client_packets" lineno="30769">
<summary>
Receive dcc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dcc_client_packets" lineno="30788">
<summary>
Do not audit attempts to receive dcc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dcc_client_packets" lineno="30807">
<summary>
Send and receive dcc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dcc_client_packets" lineno="30823">
<summary>
Do not audit attempts to send and receive dcc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dcc_client_packets" lineno="30838">
<summary>
Relabel packets to dcc_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dcc_server_packets" lineno="30858">
<summary>
Send dcc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dcc_server_packets" lineno="30877">
<summary>
Do not audit attempts to send dcc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dcc_server_packets" lineno="30896">
<summary>
Receive dcc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dcc_server_packets" lineno="30915">
<summary>
Do not audit attempts to receive dcc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dcc_server_packets" lineno="30934">
<summary>
Send and receive dcc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dcc_server_packets" lineno="30950">
<summary>
Do not audit attempts to send and receive dcc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dcc_server_packets" lineno="30965">
<summary>
Relabel packets to dcc_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_dccm_port" lineno="30987">
<summary>
Send and receive TCP traffic on the dccm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_dccm_port" lineno="31006">
<summary>
Send UDP traffic on the dccm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_dccm_port" lineno="31025">
<summary>
Do not audit attempts to send UDP traffic on the dccm port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_dccm_port" lineno="31044">
<summary>
Receive UDP traffic on the dccm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_dccm_port" lineno="31063">
<summary>
Do not audit attempts to receive UDP traffic on the dccm port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_dccm_port" lineno="31082">
<summary>
Send and receive UDP traffic on the dccm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_dccm_port" lineno="31099">
<summary>
Do not audit attempts to send and receive
UDP traffic on the dccm port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_dccm_port" lineno="31115">
<summary>
Bind TCP sockets to the dccm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_dccm_port" lineno="31135">
<summary>
Bind UDP sockets to the dccm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_dccm_port" lineno="31155">
<summary>
Do not audit attempts to sbind to dccm port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_dccm_port" lineno="31174">
<summary>
Make a TCP connection to the dccm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_dccm_port" lineno="31191">
<summary>
Do not audit attempts to make a TCP connection to dccm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dccm_client_packets" lineno="31211">
<summary>
Send dccm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dccm_client_packets" lineno="31230">
<summary>
Do not audit attempts to send dccm_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dccm_client_packets" lineno="31249">
<summary>
Receive dccm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dccm_client_packets" lineno="31268">
<summary>
Do not audit attempts to receive dccm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dccm_client_packets" lineno="31287">
<summary>
Send and receive dccm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dccm_client_packets" lineno="31303">
<summary>
Do not audit attempts to send and receive dccm_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dccm_client_packets" lineno="31318">
<summary>
Relabel packets to dccm_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dccm_server_packets" lineno="31338">
<summary>
Send dccm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dccm_server_packets" lineno="31357">
<summary>
Do not audit attempts to send dccm_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dccm_server_packets" lineno="31376">
<summary>
Receive dccm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dccm_server_packets" lineno="31395">
<summary>
Do not audit attempts to receive dccm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dccm_server_packets" lineno="31414">
<summary>
Send and receive dccm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dccm_server_packets" lineno="31430">
<summary>
Do not audit attempts to send and receive dccm_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dccm_server_packets" lineno="31445">
<summary>
Relabel packets to dccm_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_dey_keyneg_port" lineno="31467">
<summary>
Send and receive TCP traffic on the dey_keyneg port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_dey_keyneg_port" lineno="31486">
<summary>
Send UDP traffic on the dey_keyneg port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_dey_keyneg_port" lineno="31505">
<summary>
Do not audit attempts to send UDP traffic on the dey_keyneg port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_dey_keyneg_port" lineno="31524">
<summary>
Receive UDP traffic on the dey_keyneg port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_dey_keyneg_port" lineno="31543">
<summary>
Do not audit attempts to receive UDP traffic on the dey_keyneg port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_dey_keyneg_port" lineno="31562">
<summary>
Send and receive UDP traffic on the dey_keyneg port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_dey_keyneg_port" lineno="31579">
<summary>
Do not audit attempts to send and receive
UDP traffic on the dey_keyneg port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_dey_keyneg_port" lineno="31595">
<summary>
Bind TCP sockets to the dey_keyneg port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_dey_keyneg_port" lineno="31615">
<summary>
Bind UDP sockets to the dey_keyneg port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_dey_keyneg_port" lineno="31635">
<summary>
Do not audit attempts to sbind to dey_keyneg port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_dey_keyneg_port" lineno="31654">
<summary>
Make a TCP connection to the dey_keyneg port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_dey_keyneg_port" lineno="31671">
<summary>
Do not audit attempts to make a TCP connection to dey_keyneg port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dey_keyneg_client_packets" lineno="31691">
<summary>
Send dey_keyneg_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dey_keyneg_client_packets" lineno="31710">
<summary>
Do not audit attempts to send dey_keyneg_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dey_keyneg_client_packets" lineno="31729">
<summary>
Receive dey_keyneg_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dey_keyneg_client_packets" lineno="31748">
<summary>
Do not audit attempts to receive dey_keyneg_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dey_keyneg_client_packets" lineno="31767">
<summary>
Send and receive dey_keyneg_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dey_keyneg_client_packets" lineno="31783">
<summary>
Do not audit attempts to send and receive dey_keyneg_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dey_keyneg_client_packets" lineno="31798">
<summary>
Relabel packets to dey_keyneg_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dey_keyneg_server_packets" lineno="31818">
<summary>
Send dey_keyneg_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dey_keyneg_server_packets" lineno="31837">
<summary>
Do not audit attempts to send dey_keyneg_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dey_keyneg_server_packets" lineno="31856">
<summary>
Receive dey_keyneg_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dey_keyneg_server_packets" lineno="31875">
<summary>
Do not audit attempts to receive dey_keyneg_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dey_keyneg_server_packets" lineno="31894">
<summary>
Send and receive dey_keyneg_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dey_keyneg_server_packets" lineno="31910">
<summary>
Do not audit attempts to send and receive dey_keyneg_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dey_keyneg_server_packets" lineno="31925">
<summary>
Relabel packets to dey_keyneg_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_dey_sapi_port" lineno="31947">
<summary>
Send and receive TCP traffic on the dey_sapi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_dey_sapi_port" lineno="31966">
<summary>
Send UDP traffic on the dey_sapi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_dey_sapi_port" lineno="31985">
<summary>
Do not audit attempts to send UDP traffic on the dey_sapi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_dey_sapi_port" lineno="32004">
<summary>
Receive UDP traffic on the dey_sapi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_dey_sapi_port" lineno="32023">
<summary>
Do not audit attempts to receive UDP traffic on the dey_sapi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_dey_sapi_port" lineno="32042">
<summary>
Send and receive UDP traffic on the dey_sapi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_dey_sapi_port" lineno="32059">
<summary>
Do not audit attempts to send and receive
UDP traffic on the dey_sapi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_dey_sapi_port" lineno="32075">
<summary>
Bind TCP sockets to the dey_sapi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_dey_sapi_port" lineno="32095">
<summary>
Bind UDP sockets to the dey_sapi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_dey_sapi_port" lineno="32115">
<summary>
Do not audit attempts to sbind to dey_sapi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_dey_sapi_port" lineno="32134">
<summary>
Make a TCP connection to the dey_sapi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_dey_sapi_port" lineno="32151">
<summary>
Do not audit attempts to make a TCP connection to dey_sapi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dey_sapi_client_packets" lineno="32171">
<summary>
Send dey_sapi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dey_sapi_client_packets" lineno="32190">
<summary>
Do not audit attempts to send dey_sapi_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dey_sapi_client_packets" lineno="32209">
<summary>
Receive dey_sapi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dey_sapi_client_packets" lineno="32228">
<summary>
Do not audit attempts to receive dey_sapi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dey_sapi_client_packets" lineno="32247">
<summary>
Send and receive dey_sapi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dey_sapi_client_packets" lineno="32263">
<summary>
Do not audit attempts to send and receive dey_sapi_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dey_sapi_client_packets" lineno="32278">
<summary>
Relabel packets to dey_sapi_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dey_sapi_server_packets" lineno="32298">
<summary>
Send dey_sapi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dey_sapi_server_packets" lineno="32317">
<summary>
Do not audit attempts to send dey_sapi_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dey_sapi_server_packets" lineno="32336">
<summary>
Receive dey_sapi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dey_sapi_server_packets" lineno="32355">
<summary>
Do not audit attempts to receive dey_sapi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dey_sapi_server_packets" lineno="32374">
<summary>
Send and receive dey_sapi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dey_sapi_server_packets" lineno="32390">
<summary>
Do not audit attempts to send and receive dey_sapi_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dey_sapi_server_packets" lineno="32405">
<summary>
Relabel packets to dey_sapi_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_dhcpc_port" lineno="32427">
<summary>
Send and receive TCP traffic on the dhcpc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_dhcpc_port" lineno="32446">
<summary>
Send UDP traffic on the dhcpc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_dhcpc_port" lineno="32465">
<summary>
Do not audit attempts to send UDP traffic on the dhcpc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_dhcpc_port" lineno="32484">
<summary>
Receive UDP traffic on the dhcpc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_dhcpc_port" lineno="32503">
<summary>
Do not audit attempts to receive UDP traffic on the dhcpc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_dhcpc_port" lineno="32522">
<summary>
Send and receive UDP traffic on the dhcpc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_dhcpc_port" lineno="32539">
<summary>
Do not audit attempts to send and receive
UDP traffic on the dhcpc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_dhcpc_port" lineno="32555">
<summary>
Bind TCP sockets to the dhcpc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_dhcpc_port" lineno="32575">
<summary>
Bind UDP sockets to the dhcpc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_dhcpc_port" lineno="32595">
<summary>
Do not audit attempts to sbind to dhcpc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_dhcpc_port" lineno="32614">
<summary>
Make a TCP connection to the dhcpc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_dhcpc_port" lineno="32631">
<summary>
Do not audit attempts to make a TCP connection to dhcpc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dhcpc_client_packets" lineno="32651">
<summary>
Send dhcpc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dhcpc_client_packets" lineno="32670">
<summary>
Do not audit attempts to send dhcpc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dhcpc_client_packets" lineno="32689">
<summary>
Receive dhcpc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dhcpc_client_packets" lineno="32708">
<summary>
Do not audit attempts to receive dhcpc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dhcpc_client_packets" lineno="32727">
<summary>
Send and receive dhcpc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dhcpc_client_packets" lineno="32743">
<summary>
Do not audit attempts to send and receive dhcpc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dhcpc_client_packets" lineno="32758">
<summary>
Relabel packets to dhcpc_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dhcpc_server_packets" lineno="32778">
<summary>
Send dhcpc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dhcpc_server_packets" lineno="32797">
<summary>
Do not audit attempts to send dhcpc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dhcpc_server_packets" lineno="32816">
<summary>
Receive dhcpc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dhcpc_server_packets" lineno="32835">
<summary>
Do not audit attempts to receive dhcpc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dhcpc_server_packets" lineno="32854">
<summary>
Send and receive dhcpc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dhcpc_server_packets" lineno="32870">
<summary>
Do not audit attempts to send and receive dhcpc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dhcpc_server_packets" lineno="32885">
<summary>
Relabel packets to dhcpc_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_dhcpd_port" lineno="32907">
<summary>
Send and receive TCP traffic on the dhcpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_dhcpd_port" lineno="32926">
<summary>
Send UDP traffic on the dhcpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_dhcpd_port" lineno="32945">
<summary>
Do not audit attempts to send UDP traffic on the dhcpd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_dhcpd_port" lineno="32964">
<summary>
Receive UDP traffic on the dhcpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_dhcpd_port" lineno="32983">
<summary>
Do not audit attempts to receive UDP traffic on the dhcpd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_dhcpd_port" lineno="33002">
<summary>
Send and receive UDP traffic on the dhcpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_dhcpd_port" lineno="33019">
<summary>
Do not audit attempts to send and receive
UDP traffic on the dhcpd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_dhcpd_port" lineno="33035">
<summary>
Bind TCP sockets to the dhcpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_dhcpd_port" lineno="33055">
<summary>
Bind UDP sockets to the dhcpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_dhcpd_port" lineno="33075">
<summary>
Do not audit attempts to sbind to dhcpd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_dhcpd_port" lineno="33094">
<summary>
Make a TCP connection to the dhcpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_dhcpd_port" lineno="33111">
<summary>
Do not audit attempts to make a TCP connection to dhcpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dhcpd_client_packets" lineno="33131">
<summary>
Send dhcpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dhcpd_client_packets" lineno="33150">
<summary>
Do not audit attempts to send dhcpd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dhcpd_client_packets" lineno="33169">
<summary>
Receive dhcpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dhcpd_client_packets" lineno="33188">
<summary>
Do not audit attempts to receive dhcpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dhcpd_client_packets" lineno="33207">
<summary>
Send and receive dhcpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dhcpd_client_packets" lineno="33223">
<summary>
Do not audit attempts to send and receive dhcpd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dhcpd_client_packets" lineno="33238">
<summary>
Relabel packets to dhcpd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dhcpd_server_packets" lineno="33258">
<summary>
Send dhcpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dhcpd_server_packets" lineno="33277">
<summary>
Do not audit attempts to send dhcpd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dhcpd_server_packets" lineno="33296">
<summary>
Receive dhcpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dhcpd_server_packets" lineno="33315">
<summary>
Do not audit attempts to receive dhcpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dhcpd_server_packets" lineno="33334">
<summary>
Send and receive dhcpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dhcpd_server_packets" lineno="33350">
<summary>
Do not audit attempts to send and receive dhcpd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dhcpd_server_packets" lineno="33365">
<summary>
Relabel packets to dhcpd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_dict_port" lineno="33387">
<summary>
Send and receive TCP traffic on the dict port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_dict_port" lineno="33406">
<summary>
Send UDP traffic on the dict port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_dict_port" lineno="33425">
<summary>
Do not audit attempts to send UDP traffic on the dict port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_dict_port" lineno="33444">
<summary>
Receive UDP traffic on the dict port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_dict_port" lineno="33463">
<summary>
Do not audit attempts to receive UDP traffic on the dict port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_dict_port" lineno="33482">
<summary>
Send and receive UDP traffic on the dict port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_dict_port" lineno="33499">
<summary>
Do not audit attempts to send and receive
UDP traffic on the dict port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_dict_port" lineno="33515">
<summary>
Bind TCP sockets to the dict port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_dict_port" lineno="33535">
<summary>
Bind UDP sockets to the dict port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_dict_port" lineno="33555">
<summary>
Do not audit attempts to sbind to dict port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_dict_port" lineno="33574">
<summary>
Make a TCP connection to the dict port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_dict_port" lineno="33591">
<summary>
Do not audit attempts to make a TCP connection to dict port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dict_client_packets" lineno="33611">
<summary>
Send dict_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dict_client_packets" lineno="33630">
<summary>
Do not audit attempts to send dict_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dict_client_packets" lineno="33649">
<summary>
Receive dict_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dict_client_packets" lineno="33668">
<summary>
Do not audit attempts to receive dict_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dict_client_packets" lineno="33687">
<summary>
Send and receive dict_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dict_client_packets" lineno="33703">
<summary>
Do not audit attempts to send and receive dict_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dict_client_packets" lineno="33718">
<summary>
Relabel packets to dict_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dict_server_packets" lineno="33738">
<summary>
Send dict_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dict_server_packets" lineno="33757">
<summary>
Do not audit attempts to send dict_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dict_server_packets" lineno="33776">
<summary>
Receive dict_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dict_server_packets" lineno="33795">
<summary>
Do not audit attempts to receive dict_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dict_server_packets" lineno="33814">
<summary>
Send and receive dict_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dict_server_packets" lineno="33830">
<summary>
Do not audit attempts to send and receive dict_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dict_server_packets" lineno="33845">
<summary>
Relabel packets to dict_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_distccd_port" lineno="33867">
<summary>
Send and receive TCP traffic on the distccd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_distccd_port" lineno="33886">
<summary>
Send UDP traffic on the distccd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_distccd_port" lineno="33905">
<summary>
Do not audit attempts to send UDP traffic on the distccd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_distccd_port" lineno="33924">
<summary>
Receive UDP traffic on the distccd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_distccd_port" lineno="33943">
<summary>
Do not audit attempts to receive UDP traffic on the distccd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_distccd_port" lineno="33962">
<summary>
Send and receive UDP traffic on the distccd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_distccd_port" lineno="33979">
<summary>
Do not audit attempts to send and receive
UDP traffic on the distccd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_distccd_port" lineno="33995">
<summary>
Bind TCP sockets to the distccd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_distccd_port" lineno="34015">
<summary>
Bind UDP sockets to the distccd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_distccd_port" lineno="34035">
<summary>
Do not audit attempts to sbind to distccd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_distccd_port" lineno="34054">
<summary>
Make a TCP connection to the distccd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_distccd_port" lineno="34071">
<summary>
Do not audit attempts to make a TCP connection to distccd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_distccd_client_packets" lineno="34091">
<summary>
Send distccd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_distccd_client_packets" lineno="34110">
<summary>
Do not audit attempts to send distccd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_distccd_client_packets" lineno="34129">
<summary>
Receive distccd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_distccd_client_packets" lineno="34148">
<summary>
Do not audit attempts to receive distccd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_distccd_client_packets" lineno="34167">
<summary>
Send and receive distccd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_distccd_client_packets" lineno="34183">
<summary>
Do not audit attempts to send and receive distccd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_distccd_client_packets" lineno="34198">
<summary>
Relabel packets to distccd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_distccd_server_packets" lineno="34218">
<summary>
Send distccd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_distccd_server_packets" lineno="34237">
<summary>
Do not audit attempts to send distccd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_distccd_server_packets" lineno="34256">
<summary>
Receive distccd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_distccd_server_packets" lineno="34275">
<summary>
Do not audit attempts to receive distccd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_distccd_server_packets" lineno="34294">
<summary>
Send and receive distccd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_distccd_server_packets" lineno="34310">
<summary>
Do not audit attempts to send and receive distccd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_distccd_server_packets" lineno="34325">
<summary>
Relabel packets to distccd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_dogtag_port" lineno="34347">
<summary>
Send and receive TCP traffic on the dogtag port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_dogtag_port" lineno="34366">
<summary>
Send UDP traffic on the dogtag port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_dogtag_port" lineno="34385">
<summary>
Do not audit attempts to send UDP traffic on the dogtag port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_dogtag_port" lineno="34404">
<summary>
Receive UDP traffic on the dogtag port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_dogtag_port" lineno="34423">
<summary>
Do not audit attempts to receive UDP traffic on the dogtag port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_dogtag_port" lineno="34442">
<summary>
Send and receive UDP traffic on the dogtag port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_dogtag_port" lineno="34459">
<summary>
Do not audit attempts to send and receive
UDP traffic on the dogtag port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_dogtag_port" lineno="34475">
<summary>
Bind TCP sockets to the dogtag port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_dogtag_port" lineno="34495">
<summary>
Bind UDP sockets to the dogtag port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_dogtag_port" lineno="34515">
<summary>
Do not audit attempts to sbind to dogtag port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_dogtag_port" lineno="34534">
<summary>
Make a TCP connection to the dogtag port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_dogtag_port" lineno="34551">
<summary>
Do not audit attempts to make a TCP connection to dogtag port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dogtag_client_packets" lineno="34571">
<summary>
Send dogtag_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dogtag_client_packets" lineno="34590">
<summary>
Do not audit attempts to send dogtag_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dogtag_client_packets" lineno="34609">
<summary>
Receive dogtag_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dogtag_client_packets" lineno="34628">
<summary>
Do not audit attempts to receive dogtag_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dogtag_client_packets" lineno="34647">
<summary>
Send and receive dogtag_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dogtag_client_packets" lineno="34663">
<summary>
Do not audit attempts to send and receive dogtag_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dogtag_client_packets" lineno="34678">
<summary>
Relabel packets to dogtag_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dogtag_server_packets" lineno="34698">
<summary>
Send dogtag_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dogtag_server_packets" lineno="34717">
<summary>
Do not audit attempts to send dogtag_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dogtag_server_packets" lineno="34736">
<summary>
Receive dogtag_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dogtag_server_packets" lineno="34755">
<summary>
Do not audit attempts to receive dogtag_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dogtag_server_packets" lineno="34774">
<summary>
Send and receive dogtag_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dogtag_server_packets" lineno="34790">
<summary>
Do not audit attempts to send and receive dogtag_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dogtag_server_packets" lineno="34805">
<summary>
Relabel packets to dogtag_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_dns_port" lineno="34827">
<summary>
Send and receive TCP traffic on the dns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_dns_port" lineno="34846">
<summary>
Send UDP traffic on the dns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_dns_port" lineno="34865">
<summary>
Do not audit attempts to send UDP traffic on the dns port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_dns_port" lineno="34884">
<summary>
Receive UDP traffic on the dns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_dns_port" lineno="34903">
<summary>
Do not audit attempts to receive UDP traffic on the dns port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_dns_port" lineno="34922">
<summary>
Send and receive UDP traffic on the dns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_dns_port" lineno="34939">
<summary>
Do not audit attempts to send and receive
UDP traffic on the dns port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_dns_port" lineno="34955">
<summary>
Bind TCP sockets to the dns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_dns_port" lineno="34975">
<summary>
Bind UDP sockets to the dns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_dns_port" lineno="34995">
<summary>
Do not audit attempts to sbind to dns port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_dns_port" lineno="35014">
<summary>
Make a TCP connection to the dns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_dns_port" lineno="35031">
<summary>
Do not audit attempts to make a TCP connection to dns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dns_client_packets" lineno="35051">
<summary>
Send dns_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dns_client_packets" lineno="35070">
<summary>
Do not audit attempts to send dns_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dns_client_packets" lineno="35089">
<summary>
Receive dns_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dns_client_packets" lineno="35108">
<summary>
Do not audit attempts to receive dns_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dns_client_packets" lineno="35127">
<summary>
Send and receive dns_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dns_client_packets" lineno="35143">
<summary>
Do not audit attempts to send and receive dns_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dns_client_packets" lineno="35158">
<summary>
Relabel packets to dns_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dns_server_packets" lineno="35178">
<summary>
Send dns_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dns_server_packets" lineno="35197">
<summary>
Do not audit attempts to send dns_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dns_server_packets" lineno="35216">
<summary>
Receive dns_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dns_server_packets" lineno="35235">
<summary>
Do not audit attempts to receive dns_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dns_server_packets" lineno="35254">
<summary>
Send and receive dns_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dns_server_packets" lineno="35270">
<summary>
Do not audit attempts to send and receive dns_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dns_server_packets" lineno="35285">
<summary>
Relabel packets to dns_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_dnssec_port" lineno="35307">
<summary>
Send and receive TCP traffic on the dnssec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_dnssec_port" lineno="35326">
<summary>
Send UDP traffic on the dnssec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_dnssec_port" lineno="35345">
<summary>
Do not audit attempts to send UDP traffic on the dnssec port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_dnssec_port" lineno="35364">
<summary>
Receive UDP traffic on the dnssec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_dnssec_port" lineno="35383">
<summary>
Do not audit attempts to receive UDP traffic on the dnssec port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_dnssec_port" lineno="35402">
<summary>
Send and receive UDP traffic on the dnssec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_dnssec_port" lineno="35419">
<summary>
Do not audit attempts to send and receive
UDP traffic on the dnssec port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_dnssec_port" lineno="35435">
<summary>
Bind TCP sockets to the dnssec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_dnssec_port" lineno="35455">
<summary>
Bind UDP sockets to the dnssec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_dnssec_port" lineno="35475">
<summary>
Do not audit attempts to sbind to dnssec port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_dnssec_port" lineno="35494">
<summary>
Make a TCP connection to the dnssec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_dnssec_port" lineno="35511">
<summary>
Do not audit attempts to make a TCP connection to dnssec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dnssec_client_packets" lineno="35531">
<summary>
Send dnssec_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dnssec_client_packets" lineno="35550">
<summary>
Do not audit attempts to send dnssec_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dnssec_client_packets" lineno="35569">
<summary>
Receive dnssec_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dnssec_client_packets" lineno="35588">
<summary>
Do not audit attempts to receive dnssec_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dnssec_client_packets" lineno="35607">
<summary>
Send and receive dnssec_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dnssec_client_packets" lineno="35623">
<summary>
Do not audit attempts to send and receive dnssec_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dnssec_client_packets" lineno="35638">
<summary>
Relabel packets to dnssec_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dnssec_server_packets" lineno="35658">
<summary>
Send dnssec_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dnssec_server_packets" lineno="35677">
<summary>
Do not audit attempts to send dnssec_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dnssec_server_packets" lineno="35696">
<summary>
Receive dnssec_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dnssec_server_packets" lineno="35715">
<summary>
Do not audit attempts to receive dnssec_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dnssec_server_packets" lineno="35734">
<summary>
Send and receive dnssec_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dnssec_server_packets" lineno="35750">
<summary>
Do not audit attempts to send and receive dnssec_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dnssec_server_packets" lineno="35765">
<summary>
Relabel packets to dnssec_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_echo_port" lineno="35787">
<summary>
Send and receive TCP traffic on the echo port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_echo_port" lineno="35806">
<summary>
Send UDP traffic on the echo port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_echo_port" lineno="35825">
<summary>
Do not audit attempts to send UDP traffic on the echo port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_echo_port" lineno="35844">
<summary>
Receive UDP traffic on the echo port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_echo_port" lineno="35863">
<summary>
Do not audit attempts to receive UDP traffic on the echo port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_echo_port" lineno="35882">
<summary>
Send and receive UDP traffic on the echo port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_echo_port" lineno="35899">
<summary>
Do not audit attempts to send and receive
UDP traffic on the echo port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_echo_port" lineno="35915">
<summary>
Bind TCP sockets to the echo port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_echo_port" lineno="35935">
<summary>
Bind UDP sockets to the echo port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_echo_port" lineno="35955">
<summary>
Do not audit attempts to sbind to echo port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_echo_port" lineno="35974">
<summary>
Make a TCP connection to the echo port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_echo_port" lineno="35991">
<summary>
Do not audit attempts to make a TCP connection to echo port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_echo_client_packets" lineno="36011">
<summary>
Send echo_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_echo_client_packets" lineno="36030">
<summary>
Do not audit attempts to send echo_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_echo_client_packets" lineno="36049">
<summary>
Receive echo_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_echo_client_packets" lineno="36068">
<summary>
Do not audit attempts to receive echo_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_echo_client_packets" lineno="36087">
<summary>
Send and receive echo_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_echo_client_packets" lineno="36103">
<summary>
Do not audit attempts to send and receive echo_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_echo_client_packets" lineno="36118">
<summary>
Relabel packets to echo_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_echo_server_packets" lineno="36138">
<summary>
Send echo_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_echo_server_packets" lineno="36157">
<summary>
Do not audit attempts to send echo_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_echo_server_packets" lineno="36176">
<summary>
Receive echo_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_echo_server_packets" lineno="36195">
<summary>
Do not audit attempts to receive echo_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_echo_server_packets" lineno="36214">
<summary>
Send and receive echo_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_echo_server_packets" lineno="36230">
<summary>
Do not audit attempts to send and receive echo_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_echo_server_packets" lineno="36245">
<summary>
Relabel packets to echo_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_efs_port" lineno="36267">
<summary>
Send and receive TCP traffic on the efs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_efs_port" lineno="36286">
<summary>
Send UDP traffic on the efs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_efs_port" lineno="36305">
<summary>
Do not audit attempts to send UDP traffic on the efs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_efs_port" lineno="36324">
<summary>
Receive UDP traffic on the efs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_efs_port" lineno="36343">
<summary>
Do not audit attempts to receive UDP traffic on the efs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_efs_port" lineno="36362">
<summary>
Send and receive UDP traffic on the efs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_efs_port" lineno="36379">
<summary>
Do not audit attempts to send and receive
UDP traffic on the efs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_efs_port" lineno="36395">
<summary>
Bind TCP sockets to the efs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_efs_port" lineno="36415">
<summary>
Bind UDP sockets to the efs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_efs_port" lineno="36435">
<summary>
Do not audit attempts to sbind to efs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_efs_port" lineno="36454">
<summary>
Make a TCP connection to the efs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_efs_port" lineno="36471">
<summary>
Do not audit attempts to make a TCP connection to efs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_efs_client_packets" lineno="36491">
<summary>
Send efs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_efs_client_packets" lineno="36510">
<summary>
Do not audit attempts to send efs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_efs_client_packets" lineno="36529">
<summary>
Receive efs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_efs_client_packets" lineno="36548">
<summary>
Do not audit attempts to receive efs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_efs_client_packets" lineno="36567">
<summary>
Send and receive efs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_efs_client_packets" lineno="36583">
<summary>
Do not audit attempts to send and receive efs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_efs_client_packets" lineno="36598">
<summary>
Relabel packets to efs_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_efs_server_packets" lineno="36618">
<summary>
Send efs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_efs_server_packets" lineno="36637">
<summary>
Do not audit attempts to send efs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_efs_server_packets" lineno="36656">
<summary>
Receive efs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_efs_server_packets" lineno="36675">
<summary>
Do not audit attempts to receive efs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_efs_server_packets" lineno="36694">
<summary>
Send and receive efs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_efs_server_packets" lineno="36710">
<summary>
Do not audit attempts to send and receive efs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_efs_server_packets" lineno="36725">
<summary>
Relabel packets to efs_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_embrace_dp_c_port" lineno="36747">
<summary>
Send and receive TCP traffic on the embrace_dp_c port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_embrace_dp_c_port" lineno="36766">
<summary>
Send UDP traffic on the embrace_dp_c port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_embrace_dp_c_port" lineno="36785">
<summary>
Do not audit attempts to send UDP traffic on the embrace_dp_c port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_embrace_dp_c_port" lineno="36804">
<summary>
Receive UDP traffic on the embrace_dp_c port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_embrace_dp_c_port" lineno="36823">
<summary>
Do not audit attempts to receive UDP traffic on the embrace_dp_c port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_embrace_dp_c_port" lineno="36842">
<summary>
Send and receive UDP traffic on the embrace_dp_c port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_embrace_dp_c_port" lineno="36859">
<summary>
Do not audit attempts to send and receive
UDP traffic on the embrace_dp_c port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_embrace_dp_c_port" lineno="36875">
<summary>
Bind TCP sockets to the embrace_dp_c port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_embrace_dp_c_port" lineno="36895">
<summary>
Bind UDP sockets to the embrace_dp_c port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_embrace_dp_c_port" lineno="36915">
<summary>
Do not audit attempts to sbind to embrace_dp_c port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_embrace_dp_c_port" lineno="36934">
<summary>
Make a TCP connection to the embrace_dp_c port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_embrace_dp_c_port" lineno="36951">
<summary>
Do not audit attempts to make a TCP connection to embrace_dp_c port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_embrace_dp_c_client_packets" lineno="36971">
<summary>
Send embrace_dp_c_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_embrace_dp_c_client_packets" lineno="36990">
<summary>
Do not audit attempts to send embrace_dp_c_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_embrace_dp_c_client_packets" lineno="37009">
<summary>
Receive embrace_dp_c_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_embrace_dp_c_client_packets" lineno="37028">
<summary>
Do not audit attempts to receive embrace_dp_c_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_embrace_dp_c_client_packets" lineno="37047">
<summary>
Send and receive embrace_dp_c_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_embrace_dp_c_client_packets" lineno="37063">
<summary>
Do not audit attempts to send and receive embrace_dp_c_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_embrace_dp_c_client_packets" lineno="37078">
<summary>
Relabel packets to embrace_dp_c_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_embrace_dp_c_server_packets" lineno="37098">
<summary>
Send embrace_dp_c_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_embrace_dp_c_server_packets" lineno="37117">
<summary>
Do not audit attempts to send embrace_dp_c_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_embrace_dp_c_server_packets" lineno="37136">
<summary>
Receive embrace_dp_c_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_embrace_dp_c_server_packets" lineno="37155">
<summary>
Do not audit attempts to receive embrace_dp_c_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_embrace_dp_c_server_packets" lineno="37174">
<summary>
Send and receive embrace_dp_c_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_embrace_dp_c_server_packets" lineno="37190">
<summary>
Do not audit attempts to send and receive embrace_dp_c_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_embrace_dp_c_server_packets" lineno="37205">
<summary>
Relabel packets to embrace_dp_c_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_epmap_port" lineno="37227">
<summary>
Send and receive TCP traffic on the epmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_epmap_port" lineno="37246">
<summary>
Send UDP traffic on the epmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_epmap_port" lineno="37265">
<summary>
Do not audit attempts to send UDP traffic on the epmap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_epmap_port" lineno="37284">
<summary>
Receive UDP traffic on the epmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_epmap_port" lineno="37303">
<summary>
Do not audit attempts to receive UDP traffic on the epmap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_epmap_port" lineno="37322">
<summary>
Send and receive UDP traffic on the epmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_epmap_port" lineno="37339">
<summary>
Do not audit attempts to send and receive
UDP traffic on the epmap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_epmap_port" lineno="37355">
<summary>
Bind TCP sockets to the epmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_epmap_port" lineno="37375">
<summary>
Bind UDP sockets to the epmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_epmap_port" lineno="37395">
<summary>
Do not audit attempts to sbind to epmap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_epmap_port" lineno="37414">
<summary>
Make a TCP connection to the epmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_epmap_port" lineno="37431">
<summary>
Do not audit attempts to make a TCP connection to epmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_epmap_client_packets" lineno="37451">
<summary>
Send epmap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_epmap_client_packets" lineno="37470">
<summary>
Do not audit attempts to send epmap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_epmap_client_packets" lineno="37489">
<summary>
Receive epmap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_epmap_client_packets" lineno="37508">
<summary>
Do not audit attempts to receive epmap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_epmap_client_packets" lineno="37527">
<summary>
Send and receive epmap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_epmap_client_packets" lineno="37543">
<summary>
Do not audit attempts to send and receive epmap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_epmap_client_packets" lineno="37558">
<summary>
Relabel packets to epmap_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_epmap_server_packets" lineno="37578">
<summary>
Send epmap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_epmap_server_packets" lineno="37597">
<summary>
Do not audit attempts to send epmap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_epmap_server_packets" lineno="37616">
<summary>
Receive epmap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_epmap_server_packets" lineno="37635">
<summary>
Do not audit attempts to receive epmap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_epmap_server_packets" lineno="37654">
<summary>
Send and receive epmap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_epmap_server_packets" lineno="37670">
<summary>
Do not audit attempts to send and receive epmap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_epmap_server_packets" lineno="37685">
<summary>
Relabel packets to epmap_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_epmd_port" lineno="37707">
<summary>
Send and receive TCP traffic on the epmd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_epmd_port" lineno="37726">
<summary>
Send UDP traffic on the epmd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_epmd_port" lineno="37745">
<summary>
Do not audit attempts to send UDP traffic on the epmd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_epmd_port" lineno="37764">
<summary>
Receive UDP traffic on the epmd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_epmd_port" lineno="37783">
<summary>
Do not audit attempts to receive UDP traffic on the epmd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_epmd_port" lineno="37802">
<summary>
Send and receive UDP traffic on the epmd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_epmd_port" lineno="37819">
<summary>
Do not audit attempts to send and receive
UDP traffic on the epmd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_epmd_port" lineno="37835">
<summary>
Bind TCP sockets to the epmd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_epmd_port" lineno="37855">
<summary>
Bind UDP sockets to the epmd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_epmd_port" lineno="37875">
<summary>
Do not audit attempts to sbind to epmd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_epmd_port" lineno="37894">
<summary>
Make a TCP connection to the epmd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_epmd_port" lineno="37911">
<summary>
Do not audit attempts to make a TCP connection to epmd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_epmd_client_packets" lineno="37931">
<summary>
Send epmd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_epmd_client_packets" lineno="37950">
<summary>
Do not audit attempts to send epmd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_epmd_client_packets" lineno="37969">
<summary>
Receive epmd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_epmd_client_packets" lineno="37988">
<summary>
Do not audit attempts to receive epmd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_epmd_client_packets" lineno="38007">
<summary>
Send and receive epmd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_epmd_client_packets" lineno="38023">
<summary>
Do not audit attempts to send and receive epmd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_epmd_client_packets" lineno="38038">
<summary>
Relabel packets to epmd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_epmd_server_packets" lineno="38058">
<summary>
Send epmd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_epmd_server_packets" lineno="38077">
<summary>
Do not audit attempts to send epmd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_epmd_server_packets" lineno="38096">
<summary>
Receive epmd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_epmd_server_packets" lineno="38115">
<summary>
Do not audit attempts to receive epmd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_epmd_server_packets" lineno="38134">
<summary>
Send and receive epmd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_epmd_server_packets" lineno="38150">
<summary>
Do not audit attempts to send and receive epmd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_epmd_server_packets" lineno="38165">
<summary>
Relabel packets to epmd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_fac_restore_port" lineno="38187">
<summary>
Send and receive TCP traffic on the fac_restore port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_fac_restore_port" lineno="38206">
<summary>
Send UDP traffic on the fac_restore port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_fac_restore_port" lineno="38225">
<summary>
Do not audit attempts to send UDP traffic on the fac_restore port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_fac_restore_port" lineno="38244">
<summary>
Receive UDP traffic on the fac_restore port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_fac_restore_port" lineno="38263">
<summary>
Do not audit attempts to receive UDP traffic on the fac_restore port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_fac_restore_port" lineno="38282">
<summary>
Send and receive UDP traffic on the fac_restore port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_fac_restore_port" lineno="38299">
<summary>
Do not audit attempts to send and receive
UDP traffic on the fac_restore port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_fac_restore_port" lineno="38315">
<summary>
Bind TCP sockets to the fac_restore port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_fac_restore_port" lineno="38335">
<summary>
Bind UDP sockets to the fac_restore port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_fac_restore_port" lineno="38355">
<summary>
Do not audit attempts to sbind to fac_restore port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_fac_restore_port" lineno="38374">
<summary>
Make a TCP connection to the fac_restore port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_fac_restore_port" lineno="38391">
<summary>
Do not audit attempts to make a TCP connection to fac_restore port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_fac_restore_client_packets" lineno="38411">
<summary>
Send fac_restore_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_fac_restore_client_packets" lineno="38430">
<summary>
Do not audit attempts to send fac_restore_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_fac_restore_client_packets" lineno="38449">
<summary>
Receive fac_restore_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_fac_restore_client_packets" lineno="38468">
<summary>
Do not audit attempts to receive fac_restore_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_fac_restore_client_packets" lineno="38487">
<summary>
Send and receive fac_restore_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_fac_restore_client_packets" lineno="38503">
<summary>
Do not audit attempts to send and receive fac_restore_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_fac_restore_client_packets" lineno="38518">
<summary>
Relabel packets to fac_restore_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_fac_restore_server_packets" lineno="38538">
<summary>
Send fac_restore_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_fac_restore_server_packets" lineno="38557">
<summary>
Do not audit attempts to send fac_restore_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_fac_restore_server_packets" lineno="38576">
<summary>
Receive fac_restore_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_fac_restore_server_packets" lineno="38595">
<summary>
Do not audit attempts to receive fac_restore_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_fac_restore_server_packets" lineno="38614">
<summary>
Send and receive fac_restore_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_fac_restore_server_packets" lineno="38630">
<summary>
Do not audit attempts to send and receive fac_restore_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_fac_restore_server_packets" lineno="38645">
<summary>
Relabel packets to fac_restore_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_fingerd_port" lineno="38667">
<summary>
Send and receive TCP traffic on the fingerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_fingerd_port" lineno="38686">
<summary>
Send UDP traffic on the fingerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_fingerd_port" lineno="38705">
<summary>
Do not audit attempts to send UDP traffic on the fingerd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_fingerd_port" lineno="38724">
<summary>
Receive UDP traffic on the fingerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_fingerd_port" lineno="38743">
<summary>
Do not audit attempts to receive UDP traffic on the fingerd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_fingerd_port" lineno="38762">
<summary>
Send and receive UDP traffic on the fingerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_fingerd_port" lineno="38779">
<summary>
Do not audit attempts to send and receive
UDP traffic on the fingerd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_fingerd_port" lineno="38795">
<summary>
Bind TCP sockets to the fingerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_fingerd_port" lineno="38815">
<summary>
Bind UDP sockets to the fingerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_fingerd_port" lineno="38835">
<summary>
Do not audit attempts to sbind to fingerd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_fingerd_port" lineno="38854">
<summary>
Make a TCP connection to the fingerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_fingerd_port" lineno="38871">
<summary>
Do not audit attempts to make a TCP connection to fingerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_fingerd_client_packets" lineno="38891">
<summary>
Send fingerd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_fingerd_client_packets" lineno="38910">
<summary>
Do not audit attempts to send fingerd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_fingerd_client_packets" lineno="38929">
<summary>
Receive fingerd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_fingerd_client_packets" lineno="38948">
<summary>
Do not audit attempts to receive fingerd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_fingerd_client_packets" lineno="38967">
<summary>
Send and receive fingerd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_fingerd_client_packets" lineno="38983">
<summary>
Do not audit attempts to send and receive fingerd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_fingerd_client_packets" lineno="38998">
<summary>
Relabel packets to fingerd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_fingerd_server_packets" lineno="39018">
<summary>
Send fingerd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_fingerd_server_packets" lineno="39037">
<summary>
Do not audit attempts to send fingerd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_fingerd_server_packets" lineno="39056">
<summary>
Receive fingerd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_fingerd_server_packets" lineno="39075">
<summary>
Do not audit attempts to receive fingerd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_fingerd_server_packets" lineno="39094">
<summary>
Send and receive fingerd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_fingerd_server_packets" lineno="39110">
<summary>
Do not audit attempts to send and receive fingerd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_fingerd_server_packets" lineno="39125">
<summary>
Relabel packets to fingerd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_firepower_port" lineno="39147">
<summary>
Send and receive TCP traffic on the firepower port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_firepower_port" lineno="39166">
<summary>
Send UDP traffic on the firepower port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_firepower_port" lineno="39185">
<summary>
Do not audit attempts to send UDP traffic on the firepower port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_firepower_port" lineno="39204">
<summary>
Receive UDP traffic on the firepower port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_firepower_port" lineno="39223">
<summary>
Do not audit attempts to receive UDP traffic on the firepower port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_firepower_port" lineno="39242">
<summary>
Send and receive UDP traffic on the firepower port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_firepower_port" lineno="39259">
<summary>
Do not audit attempts to send and receive
UDP traffic on the firepower port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_firepower_port" lineno="39275">
<summary>
Bind TCP sockets to the firepower port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_firepower_port" lineno="39295">
<summary>
Bind UDP sockets to the firepower port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_firepower_port" lineno="39315">
<summary>
Do not audit attempts to sbind to firepower port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_firepower_port" lineno="39334">
<summary>
Make a TCP connection to the firepower port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_firepower_port" lineno="39351">
<summary>
Do not audit attempts to make a TCP connection to firepower port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_firepower_client_packets" lineno="39371">
<summary>
Send firepower_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_firepower_client_packets" lineno="39390">
<summary>
Do not audit attempts to send firepower_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_firepower_client_packets" lineno="39409">
<summary>
Receive firepower_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_firepower_client_packets" lineno="39428">
<summary>
Do not audit attempts to receive firepower_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_firepower_client_packets" lineno="39447">
<summary>
Send and receive firepower_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_firepower_client_packets" lineno="39463">
<summary>
Do not audit attempts to send and receive firepower_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_firepower_client_packets" lineno="39478">
<summary>
Relabel packets to firepower_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_firepower_server_packets" lineno="39498">
<summary>
Send firepower_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_firepower_server_packets" lineno="39517">
<summary>
Do not audit attempts to send firepower_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_firepower_server_packets" lineno="39536">
<summary>
Receive firepower_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_firepower_server_packets" lineno="39555">
<summary>
Do not audit attempts to receive firepower_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_firepower_server_packets" lineno="39574">
<summary>
Send and receive firepower_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_firepower_server_packets" lineno="39590">
<summary>
Do not audit attempts to send and receive firepower_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_firepower_server_packets" lineno="39605">
<summary>
Relabel packets to firepower_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_fmpro_internal_port" lineno="39627">
<summary>
Send and receive TCP traffic on the fmpro_internal port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_fmpro_internal_port" lineno="39646">
<summary>
Send UDP traffic on the fmpro_internal port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_fmpro_internal_port" lineno="39665">
<summary>
Do not audit attempts to send UDP traffic on the fmpro_internal port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_fmpro_internal_port" lineno="39684">
<summary>
Receive UDP traffic on the fmpro_internal port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_fmpro_internal_port" lineno="39703">
<summary>
Do not audit attempts to receive UDP traffic on the fmpro_internal port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_fmpro_internal_port" lineno="39722">
<summary>
Send and receive UDP traffic on the fmpro_internal port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_fmpro_internal_port" lineno="39739">
<summary>
Do not audit attempts to send and receive
UDP traffic on the fmpro_internal port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_fmpro_internal_port" lineno="39755">
<summary>
Bind TCP sockets to the fmpro_internal port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_fmpro_internal_port" lineno="39775">
<summary>
Bind UDP sockets to the fmpro_internal port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_fmpro_internal_port" lineno="39795">
<summary>
Do not audit attempts to sbind to fmpro_internal port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_fmpro_internal_port" lineno="39814">
<summary>
Make a TCP connection to the fmpro_internal port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_fmpro_internal_port" lineno="39831">
<summary>
Do not audit attempts to make a TCP connection to fmpro_internal port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_fmpro_internal_client_packets" lineno="39851">
<summary>
Send fmpro_internal_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_fmpro_internal_client_packets" lineno="39870">
<summary>
Do not audit attempts to send fmpro_internal_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_fmpro_internal_client_packets" lineno="39889">
<summary>
Receive fmpro_internal_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_fmpro_internal_client_packets" lineno="39908">
<summary>
Do not audit attempts to receive fmpro_internal_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_fmpro_internal_client_packets" lineno="39927">
<summary>
Send and receive fmpro_internal_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_fmpro_internal_client_packets" lineno="39943">
<summary>
Do not audit attempts to send and receive fmpro_internal_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_fmpro_internal_client_packets" lineno="39958">
<summary>
Relabel packets to fmpro_internal_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_fmpro_internal_server_packets" lineno="39978">
<summary>
Send fmpro_internal_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_fmpro_internal_server_packets" lineno="39997">
<summary>
Do not audit attempts to send fmpro_internal_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_fmpro_internal_server_packets" lineno="40016">
<summary>
Receive fmpro_internal_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_fmpro_internal_server_packets" lineno="40035">
<summary>
Do not audit attempts to receive fmpro_internal_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_fmpro_internal_server_packets" lineno="40054">
<summary>
Send and receive fmpro_internal_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_fmpro_internal_server_packets" lineno="40070">
<summary>
Do not audit attempts to send and receive fmpro_internal_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_fmpro_internal_server_packets" lineno="40085">
<summary>
Relabel packets to fmpro_internal_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_flash_port" lineno="40107">
<summary>
Send and receive TCP traffic on the flash port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_flash_port" lineno="40126">
<summary>
Send UDP traffic on the flash port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_flash_port" lineno="40145">
<summary>
Do not audit attempts to send UDP traffic on the flash port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_flash_port" lineno="40164">
<summary>
Receive UDP traffic on the flash port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_flash_port" lineno="40183">
<summary>
Do not audit attempts to receive UDP traffic on the flash port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_flash_port" lineno="40202">
<summary>
Send and receive UDP traffic on the flash port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_flash_port" lineno="40219">
<summary>
Do not audit attempts to send and receive
UDP traffic on the flash port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_flash_port" lineno="40235">
<summary>
Bind TCP sockets to the flash port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_flash_port" lineno="40255">
<summary>
Bind UDP sockets to the flash port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_flash_port" lineno="40275">
<summary>
Do not audit attempts to sbind to flash port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_flash_port" lineno="40294">
<summary>
Make a TCP connection to the flash port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_flash_port" lineno="40311">
<summary>
Do not audit attempts to make a TCP connection to flash port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_flash_client_packets" lineno="40331">
<summary>
Send flash_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_flash_client_packets" lineno="40350">
<summary>
Do not audit attempts to send flash_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_flash_client_packets" lineno="40369">
<summary>
Receive flash_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_flash_client_packets" lineno="40388">
<summary>
Do not audit attempts to receive flash_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_flash_client_packets" lineno="40407">
<summary>
Send and receive flash_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_flash_client_packets" lineno="40423">
<summary>
Do not audit attempts to send and receive flash_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_flash_client_packets" lineno="40438">
<summary>
Relabel packets to flash_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_flash_server_packets" lineno="40458">
<summary>
Send flash_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_flash_server_packets" lineno="40477">
<summary>
Do not audit attempts to send flash_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_flash_server_packets" lineno="40496">
<summary>
Receive flash_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_flash_server_packets" lineno="40515">
<summary>
Do not audit attempts to receive flash_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_flash_server_packets" lineno="40534">
<summary>
Send and receive flash_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_flash_server_packets" lineno="40550">
<summary>
Do not audit attempts to send and receive flash_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_flash_server_packets" lineno="40565">
<summary>
Relabel packets to flash_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_freeipmi_port" lineno="40587">
<summary>
Send and receive TCP traffic on the freeipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_freeipmi_port" lineno="40606">
<summary>
Send UDP traffic on the freeipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_freeipmi_port" lineno="40625">
<summary>
Do not audit attempts to send UDP traffic on the freeipmi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_freeipmi_port" lineno="40644">
<summary>
Receive UDP traffic on the freeipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_freeipmi_port" lineno="40663">
<summary>
Do not audit attempts to receive UDP traffic on the freeipmi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_freeipmi_port" lineno="40682">
<summary>
Send and receive UDP traffic on the freeipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_freeipmi_port" lineno="40699">
<summary>
Do not audit attempts to send and receive
UDP traffic on the freeipmi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_freeipmi_port" lineno="40715">
<summary>
Bind TCP sockets to the freeipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_freeipmi_port" lineno="40735">
<summary>
Bind UDP sockets to the freeipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_freeipmi_port" lineno="40755">
<summary>
Do not audit attempts to sbind to freeipmi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_freeipmi_port" lineno="40774">
<summary>
Make a TCP connection to the freeipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_freeipmi_port" lineno="40791">
<summary>
Do not audit attempts to make a TCP connection to freeipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_freeipmi_client_packets" lineno="40811">
<summary>
Send freeipmi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_freeipmi_client_packets" lineno="40830">
<summary>
Do not audit attempts to send freeipmi_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_freeipmi_client_packets" lineno="40849">
<summary>
Receive freeipmi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_freeipmi_client_packets" lineno="40868">
<summary>
Do not audit attempts to receive freeipmi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_freeipmi_client_packets" lineno="40887">
<summary>
Send and receive freeipmi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_freeipmi_client_packets" lineno="40903">
<summary>
Do not audit attempts to send and receive freeipmi_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_freeipmi_client_packets" lineno="40918">
<summary>
Relabel packets to freeipmi_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_freeipmi_server_packets" lineno="40938">
<summary>
Send freeipmi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_freeipmi_server_packets" lineno="40957">
<summary>
Do not audit attempts to send freeipmi_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_freeipmi_server_packets" lineno="40976">
<summary>
Receive freeipmi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_freeipmi_server_packets" lineno="40995">
<summary>
Do not audit attempts to receive freeipmi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_freeipmi_server_packets" lineno="41014">
<summary>
Send and receive freeipmi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_freeipmi_server_packets" lineno="41030">
<summary>
Do not audit attempts to send and receive freeipmi_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_freeipmi_server_packets" lineno="41045">
<summary>
Relabel packets to freeipmi_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ftp_port" lineno="41067">
<summary>
Send and receive TCP traffic on the ftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ftp_port" lineno="41086">
<summary>
Send UDP traffic on the ftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ftp_port" lineno="41105">
<summary>
Do not audit attempts to send UDP traffic on the ftp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ftp_port" lineno="41124">
<summary>
Receive UDP traffic on the ftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ftp_port" lineno="41143">
<summary>
Do not audit attempts to receive UDP traffic on the ftp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ftp_port" lineno="41162">
<summary>
Send and receive UDP traffic on the ftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ftp_port" lineno="41179">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ftp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ftp_port" lineno="41195">
<summary>
Bind TCP sockets to the ftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ftp_port" lineno="41215">
<summary>
Bind UDP sockets to the ftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_ftp_port" lineno="41235">
<summary>
Do not audit attempts to sbind to ftp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ftp_port" lineno="41254">
<summary>
Make a TCP connection to the ftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_ftp_port" lineno="41271">
<summary>
Do not audit attempts to make a TCP connection to ftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ftp_client_packets" lineno="41291">
<summary>
Send ftp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ftp_client_packets" lineno="41310">
<summary>
Do not audit attempts to send ftp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ftp_client_packets" lineno="41329">
<summary>
Receive ftp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ftp_client_packets" lineno="41348">
<summary>
Do not audit attempts to receive ftp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ftp_client_packets" lineno="41367">
<summary>
Send and receive ftp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ftp_client_packets" lineno="41383">
<summary>
Do not audit attempts to send and receive ftp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ftp_client_packets" lineno="41398">
<summary>
Relabel packets to ftp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ftp_server_packets" lineno="41418">
<summary>
Send ftp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ftp_server_packets" lineno="41437">
<summary>
Do not audit attempts to send ftp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ftp_server_packets" lineno="41456">
<summary>
Receive ftp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ftp_server_packets" lineno="41475">
<summary>
Do not audit attempts to receive ftp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ftp_server_packets" lineno="41494">
<summary>
Send and receive ftp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ftp_server_packets" lineno="41510">
<summary>
Do not audit attempts to send and receive ftp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ftp_server_packets" lineno="41525">
<summary>
Relabel packets to ftp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ftp_data_port" lineno="41547">
<summary>
Send and receive TCP traffic on the ftp_data port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ftp_data_port" lineno="41566">
<summary>
Send UDP traffic on the ftp_data port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ftp_data_port" lineno="41585">
<summary>
Do not audit attempts to send UDP traffic on the ftp_data port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ftp_data_port" lineno="41604">
<summary>
Receive UDP traffic on the ftp_data port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ftp_data_port" lineno="41623">
<summary>
Do not audit attempts to receive UDP traffic on the ftp_data port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ftp_data_port" lineno="41642">
<summary>
Send and receive UDP traffic on the ftp_data port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ftp_data_port" lineno="41659">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ftp_data port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ftp_data_port" lineno="41675">
<summary>
Bind TCP sockets to the ftp_data port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ftp_data_port" lineno="41695">
<summary>
Bind UDP sockets to the ftp_data port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_ftp_data_port" lineno="41715">
<summary>
Do not audit attempts to sbind to ftp_data port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ftp_data_port" lineno="41734">
<summary>
Make a TCP connection to the ftp_data port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_ftp_data_port" lineno="41751">
<summary>
Do not audit attempts to make a TCP connection to ftp_data port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ftp_data_client_packets" lineno="41771">
<summary>
Send ftp_data_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ftp_data_client_packets" lineno="41790">
<summary>
Do not audit attempts to send ftp_data_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ftp_data_client_packets" lineno="41809">
<summary>
Receive ftp_data_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ftp_data_client_packets" lineno="41828">
<summary>
Do not audit attempts to receive ftp_data_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ftp_data_client_packets" lineno="41847">
<summary>
Send and receive ftp_data_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ftp_data_client_packets" lineno="41863">
<summary>
Do not audit attempts to send and receive ftp_data_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ftp_data_client_packets" lineno="41878">
<summary>
Relabel packets to ftp_data_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ftp_data_server_packets" lineno="41898">
<summary>
Send ftp_data_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ftp_data_server_packets" lineno="41917">
<summary>
Do not audit attempts to send ftp_data_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ftp_data_server_packets" lineno="41936">
<summary>
Receive ftp_data_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ftp_data_server_packets" lineno="41955">
<summary>
Do not audit attempts to receive ftp_data_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ftp_data_server_packets" lineno="41974">
<summary>
Send and receive ftp_data_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ftp_data_server_packets" lineno="41990">
<summary>
Do not audit attempts to send and receive ftp_data_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ftp_data_server_packets" lineno="42005">
<summary>
Relabel packets to ftp_data_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_gatekeeper_port" lineno="42027">
<summary>
Send and receive TCP traffic on the gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_gatekeeper_port" lineno="42046">
<summary>
Send UDP traffic on the gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_gatekeeper_port" lineno="42065">
<summary>
Do not audit attempts to send UDP traffic on the gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_gatekeeper_port" lineno="42084">
<summary>
Receive UDP traffic on the gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_gatekeeper_port" lineno="42103">
<summary>
Do not audit attempts to receive UDP traffic on the gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_gatekeeper_port" lineno="42122">
<summary>
Send and receive UDP traffic on the gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_gatekeeper_port" lineno="42139">
<summary>
Do not audit attempts to send and receive
UDP traffic on the gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_gatekeeper_port" lineno="42155">
<summary>
Bind TCP sockets to the gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_gatekeeper_port" lineno="42175">
<summary>
Bind UDP sockets to the gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_gatekeeper_port" lineno="42195">
<summary>
Do not audit attempts to sbind to gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_gatekeeper_port" lineno="42214">
<summary>
Make a TCP connection to the gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_gatekeeper_port" lineno="42231">
<summary>
Do not audit attempts to make a TCP connection to gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gatekeeper_client_packets" lineno="42251">
<summary>
Send gatekeeper_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gatekeeper_client_packets" lineno="42270">
<summary>
Do not audit attempts to send gatekeeper_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gatekeeper_client_packets" lineno="42289">
<summary>
Receive gatekeeper_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gatekeeper_client_packets" lineno="42308">
<summary>
Do not audit attempts to receive gatekeeper_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gatekeeper_client_packets" lineno="42327">
<summary>
Send and receive gatekeeper_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gatekeeper_client_packets" lineno="42343">
<summary>
Do not audit attempts to send and receive gatekeeper_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gatekeeper_client_packets" lineno="42358">
<summary>
Relabel packets to gatekeeper_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gatekeeper_server_packets" lineno="42378">
<summary>
Send gatekeeper_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gatekeeper_server_packets" lineno="42397">
<summary>
Do not audit attempts to send gatekeeper_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gatekeeper_server_packets" lineno="42416">
<summary>
Receive gatekeeper_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gatekeeper_server_packets" lineno="42435">
<summary>
Do not audit attempts to receive gatekeeper_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gatekeeper_server_packets" lineno="42454">
<summary>
Send and receive gatekeeper_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gatekeeper_server_packets" lineno="42470">
<summary>
Do not audit attempts to send and receive gatekeeper_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gatekeeper_server_packets" lineno="42485">
<summary>
Relabel packets to gatekeeper_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_gear_port" lineno="42507">
<summary>
Send and receive TCP traffic on the gear port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_gear_port" lineno="42526">
<summary>
Send UDP traffic on the gear port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_gear_port" lineno="42545">
<summary>
Do not audit attempts to send UDP traffic on the gear port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_gear_port" lineno="42564">
<summary>
Receive UDP traffic on the gear port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_gear_port" lineno="42583">
<summary>
Do not audit attempts to receive UDP traffic on the gear port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_gear_port" lineno="42602">
<summary>
Send and receive UDP traffic on the gear port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_gear_port" lineno="42619">
<summary>
Do not audit attempts to send and receive
UDP traffic on the gear port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_gear_port" lineno="42635">
<summary>
Bind TCP sockets to the gear port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_gear_port" lineno="42655">
<summary>
Bind UDP sockets to the gear port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_gear_port" lineno="42675">
<summary>
Do not audit attempts to sbind to gear port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_gear_port" lineno="42694">
<summary>
Make a TCP connection to the gear port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_gear_port" lineno="42711">
<summary>
Do not audit attempts to make a TCP connection to gear port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gear_client_packets" lineno="42731">
<summary>
Send gear_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gear_client_packets" lineno="42750">
<summary>
Do not audit attempts to send gear_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gear_client_packets" lineno="42769">
<summary>
Receive gear_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gear_client_packets" lineno="42788">
<summary>
Do not audit attempts to receive gear_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gear_client_packets" lineno="42807">
<summary>
Send and receive gear_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gear_client_packets" lineno="42823">
<summary>
Do not audit attempts to send and receive gear_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gear_client_packets" lineno="42838">
<summary>
Relabel packets to gear_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gear_server_packets" lineno="42858">
<summary>
Send gear_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gear_server_packets" lineno="42877">
<summary>
Do not audit attempts to send gear_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gear_server_packets" lineno="42896">
<summary>
Receive gear_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gear_server_packets" lineno="42915">
<summary>
Do not audit attempts to receive gear_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gear_server_packets" lineno="42934">
<summary>
Send and receive gear_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gear_server_packets" lineno="42950">
<summary>
Do not audit attempts to send and receive gear_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gear_server_packets" lineno="42965">
<summary>
Relabel packets to gear_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_geneve_port" lineno="42987">
<summary>
Send and receive TCP traffic on the geneve port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_geneve_port" lineno="43006">
<summary>
Send UDP traffic on the geneve port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_geneve_port" lineno="43025">
<summary>
Do not audit attempts to send UDP traffic on the geneve port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_geneve_port" lineno="43044">
<summary>
Receive UDP traffic on the geneve port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_geneve_port" lineno="43063">
<summary>
Do not audit attempts to receive UDP traffic on the geneve port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_geneve_port" lineno="43082">
<summary>
Send and receive UDP traffic on the geneve port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_geneve_port" lineno="43099">
<summary>
Do not audit attempts to send and receive
UDP traffic on the geneve port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_geneve_port" lineno="43115">
<summary>
Bind TCP sockets to the geneve port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_geneve_port" lineno="43135">
<summary>
Bind UDP sockets to the geneve port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_geneve_port" lineno="43155">
<summary>
Do not audit attempts to sbind to geneve port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_geneve_port" lineno="43174">
<summary>
Make a TCP connection to the geneve port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_geneve_port" lineno="43191">
<summary>
Do not audit attempts to make a TCP connection to geneve port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_geneve_client_packets" lineno="43211">
<summary>
Send geneve_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_geneve_client_packets" lineno="43230">
<summary>
Do not audit attempts to send geneve_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_geneve_client_packets" lineno="43249">
<summary>
Receive geneve_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_geneve_client_packets" lineno="43268">
<summary>
Do not audit attempts to receive geneve_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_geneve_client_packets" lineno="43287">
<summary>
Send and receive geneve_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_geneve_client_packets" lineno="43303">
<summary>
Do not audit attempts to send and receive geneve_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_geneve_client_packets" lineno="43318">
<summary>
Relabel packets to geneve_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_geneve_server_packets" lineno="43338">
<summary>
Send geneve_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_geneve_server_packets" lineno="43357">
<summary>
Do not audit attempts to send geneve_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_geneve_server_packets" lineno="43376">
<summary>
Receive geneve_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_geneve_server_packets" lineno="43395">
<summary>
Do not audit attempts to receive geneve_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_geneve_server_packets" lineno="43414">
<summary>
Send and receive geneve_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_geneve_server_packets" lineno="43430">
<summary>
Do not audit attempts to send and receive geneve_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_geneve_server_packets" lineno="43445">
<summary>
Relabel packets to geneve_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_gdomap_port" lineno="43467">
<summary>
Send and receive TCP traffic on the gdomap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_gdomap_port" lineno="43486">
<summary>
Send UDP traffic on the gdomap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_gdomap_port" lineno="43505">
<summary>
Do not audit attempts to send UDP traffic on the gdomap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_gdomap_port" lineno="43524">
<summary>
Receive UDP traffic on the gdomap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_gdomap_port" lineno="43543">
<summary>
Do not audit attempts to receive UDP traffic on the gdomap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_gdomap_port" lineno="43562">
<summary>
Send and receive UDP traffic on the gdomap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_gdomap_port" lineno="43579">
<summary>
Do not audit attempts to send and receive
UDP traffic on the gdomap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_gdomap_port" lineno="43595">
<summary>
Bind TCP sockets to the gdomap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_gdomap_port" lineno="43615">
<summary>
Bind UDP sockets to the gdomap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_gdomap_port" lineno="43635">
<summary>
Do not audit attempts to sbind to gdomap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_gdomap_port" lineno="43654">
<summary>
Make a TCP connection to the gdomap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_gdomap_port" lineno="43671">
<summary>
Do not audit attempts to make a TCP connection to gdomap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gdomap_client_packets" lineno="43691">
<summary>
Send gdomap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gdomap_client_packets" lineno="43710">
<summary>
Do not audit attempts to send gdomap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gdomap_client_packets" lineno="43729">
<summary>
Receive gdomap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gdomap_client_packets" lineno="43748">
<summary>
Do not audit attempts to receive gdomap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gdomap_client_packets" lineno="43767">
<summary>
Send and receive gdomap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gdomap_client_packets" lineno="43783">
<summary>
Do not audit attempts to send and receive gdomap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gdomap_client_packets" lineno="43798">
<summary>
Relabel packets to gdomap_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gdomap_server_packets" lineno="43818">
<summary>
Send gdomap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gdomap_server_packets" lineno="43837">
<summary>
Do not audit attempts to send gdomap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gdomap_server_packets" lineno="43856">
<summary>
Receive gdomap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gdomap_server_packets" lineno="43875">
<summary>
Do not audit attempts to receive gdomap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gdomap_server_packets" lineno="43894">
<summary>
Send and receive gdomap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gdomap_server_packets" lineno="43910">
<summary>
Do not audit attempts to send and receive gdomap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gdomap_server_packets" lineno="43925">
<summary>
Relabel packets to gdomap_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_gds_db_port" lineno="43947">
<summary>
Send and receive TCP traffic on the gds_db port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_gds_db_port" lineno="43966">
<summary>
Send UDP traffic on the gds_db port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_gds_db_port" lineno="43985">
<summary>
Do not audit attempts to send UDP traffic on the gds_db port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_gds_db_port" lineno="44004">
<summary>
Receive UDP traffic on the gds_db port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_gds_db_port" lineno="44023">
<summary>
Do not audit attempts to receive UDP traffic on the gds_db port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_gds_db_port" lineno="44042">
<summary>
Send and receive UDP traffic on the gds_db port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_gds_db_port" lineno="44059">
<summary>
Do not audit attempts to send and receive
UDP traffic on the gds_db port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_gds_db_port" lineno="44075">
<summary>
Bind TCP sockets to the gds_db port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_gds_db_port" lineno="44095">
<summary>
Bind UDP sockets to the gds_db port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_gds_db_port" lineno="44115">
<summary>
Do not audit attempts to sbind to gds_db port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_gds_db_port" lineno="44134">
<summary>
Make a TCP connection to the gds_db port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_gds_db_port" lineno="44151">
<summary>
Do not audit attempts to make a TCP connection to gds_db port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gds_db_client_packets" lineno="44171">
<summary>
Send gds_db_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gds_db_client_packets" lineno="44190">
<summary>
Do not audit attempts to send gds_db_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gds_db_client_packets" lineno="44209">
<summary>
Receive gds_db_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gds_db_client_packets" lineno="44228">
<summary>
Do not audit attempts to receive gds_db_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gds_db_client_packets" lineno="44247">
<summary>
Send and receive gds_db_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gds_db_client_packets" lineno="44263">
<summary>
Do not audit attempts to send and receive gds_db_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gds_db_client_packets" lineno="44278">
<summary>
Relabel packets to gds_db_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gds_db_server_packets" lineno="44298">
<summary>
Send gds_db_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gds_db_server_packets" lineno="44317">
<summary>
Do not audit attempts to send gds_db_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gds_db_server_packets" lineno="44336">
<summary>
Receive gds_db_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gds_db_server_packets" lineno="44355">
<summary>
Do not audit attempts to receive gds_db_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gds_db_server_packets" lineno="44374">
<summary>
Send and receive gds_db_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gds_db_server_packets" lineno="44390">
<summary>
Do not audit attempts to send and receive gds_db_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gds_db_server_packets" lineno="44405">
<summary>
Relabel packets to gds_db_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_giftd_port" lineno="44427">
<summary>
Send and receive TCP traffic on the giftd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_giftd_port" lineno="44446">
<summary>
Send UDP traffic on the giftd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_giftd_port" lineno="44465">
<summary>
Do not audit attempts to send UDP traffic on the giftd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_giftd_port" lineno="44484">
<summary>
Receive UDP traffic on the giftd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_giftd_port" lineno="44503">
<summary>
Do not audit attempts to receive UDP traffic on the giftd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_giftd_port" lineno="44522">
<summary>
Send and receive UDP traffic on the giftd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_giftd_port" lineno="44539">
<summary>
Do not audit attempts to send and receive
UDP traffic on the giftd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_giftd_port" lineno="44555">
<summary>
Bind TCP sockets to the giftd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_giftd_port" lineno="44575">
<summary>
Bind UDP sockets to the giftd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_giftd_port" lineno="44595">
<summary>
Do not audit attempts to sbind to giftd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_giftd_port" lineno="44614">
<summary>
Make a TCP connection to the giftd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_giftd_port" lineno="44631">
<summary>
Do not audit attempts to make a TCP connection to giftd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_giftd_client_packets" lineno="44651">
<summary>
Send giftd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_giftd_client_packets" lineno="44670">
<summary>
Do not audit attempts to send giftd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_giftd_client_packets" lineno="44689">
<summary>
Receive giftd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_giftd_client_packets" lineno="44708">
<summary>
Do not audit attempts to receive giftd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_giftd_client_packets" lineno="44727">
<summary>
Send and receive giftd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_giftd_client_packets" lineno="44743">
<summary>
Do not audit attempts to send and receive giftd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_giftd_client_packets" lineno="44758">
<summary>
Relabel packets to giftd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_giftd_server_packets" lineno="44778">
<summary>
Send giftd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_giftd_server_packets" lineno="44797">
<summary>
Do not audit attempts to send giftd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_giftd_server_packets" lineno="44816">
<summary>
Receive giftd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_giftd_server_packets" lineno="44835">
<summary>
Do not audit attempts to receive giftd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_giftd_server_packets" lineno="44854">
<summary>
Send and receive giftd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_giftd_server_packets" lineno="44870">
<summary>
Do not audit attempts to send and receive giftd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_giftd_server_packets" lineno="44885">
<summary>
Relabel packets to giftd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_git_port" lineno="44907">
<summary>
Send and receive TCP traffic on the git port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_git_port" lineno="44926">
<summary>
Send UDP traffic on the git port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_git_port" lineno="44945">
<summary>
Do not audit attempts to send UDP traffic on the git port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_git_port" lineno="44964">
<summary>
Receive UDP traffic on the git port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_git_port" lineno="44983">
<summary>
Do not audit attempts to receive UDP traffic on the git port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_git_port" lineno="45002">
<summary>
Send and receive UDP traffic on the git port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_git_port" lineno="45019">
<summary>
Do not audit attempts to send and receive
UDP traffic on the git port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_git_port" lineno="45035">
<summary>
Bind TCP sockets to the git port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_git_port" lineno="45055">
<summary>
Bind UDP sockets to the git port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_git_port" lineno="45075">
<summary>
Do not audit attempts to sbind to git port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_git_port" lineno="45094">
<summary>
Make a TCP connection to the git port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_git_port" lineno="45111">
<summary>
Do not audit attempts to make a TCP connection to git port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_git_client_packets" lineno="45131">
<summary>
Send git_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_git_client_packets" lineno="45150">
<summary>
Do not audit attempts to send git_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_git_client_packets" lineno="45169">
<summary>
Receive git_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_git_client_packets" lineno="45188">
<summary>
Do not audit attempts to receive git_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_git_client_packets" lineno="45207">
<summary>
Send and receive git_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_git_client_packets" lineno="45223">
<summary>
Do not audit attempts to send and receive git_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_git_client_packets" lineno="45238">
<summary>
Relabel packets to git_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_git_server_packets" lineno="45258">
<summary>
Send git_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_git_server_packets" lineno="45277">
<summary>
Do not audit attempts to send git_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_git_server_packets" lineno="45296">
<summary>
Receive git_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_git_server_packets" lineno="45315">
<summary>
Do not audit attempts to receive git_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_git_server_packets" lineno="45334">
<summary>
Send and receive git_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_git_server_packets" lineno="45350">
<summary>
Do not audit attempts to send and receive git_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_git_server_packets" lineno="45365">
<summary>
Relabel packets to git_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_glance_port" lineno="45387">
<summary>
Send and receive TCP traffic on the glance port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_glance_port" lineno="45406">
<summary>
Send UDP traffic on the glance port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_glance_port" lineno="45425">
<summary>
Do not audit attempts to send UDP traffic on the glance port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_glance_port" lineno="45444">
<summary>
Receive UDP traffic on the glance port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_glance_port" lineno="45463">
<summary>
Do not audit attempts to receive UDP traffic on the glance port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_glance_port" lineno="45482">
<summary>
Send and receive UDP traffic on the glance port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_glance_port" lineno="45499">
<summary>
Do not audit attempts to send and receive
UDP traffic on the glance port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_glance_port" lineno="45515">
<summary>
Bind TCP sockets to the glance port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_glance_port" lineno="45535">
<summary>
Bind UDP sockets to the glance port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_glance_port" lineno="45555">
<summary>
Do not audit attempts to sbind to glance port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_glance_port" lineno="45574">
<summary>
Make a TCP connection to the glance port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_glance_port" lineno="45591">
<summary>
Do not audit attempts to make a TCP connection to glance port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_glance_client_packets" lineno="45611">
<summary>
Send glance_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_glance_client_packets" lineno="45630">
<summary>
Do not audit attempts to send glance_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_glance_client_packets" lineno="45649">
<summary>
Receive glance_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_glance_client_packets" lineno="45668">
<summary>
Do not audit attempts to receive glance_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_glance_client_packets" lineno="45687">
<summary>
Send and receive glance_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_glance_client_packets" lineno="45703">
<summary>
Do not audit attempts to send and receive glance_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_glance_client_packets" lineno="45718">
<summary>
Relabel packets to glance_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_glance_server_packets" lineno="45738">
<summary>
Send glance_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_glance_server_packets" lineno="45757">
<summary>
Do not audit attempts to send glance_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_glance_server_packets" lineno="45776">
<summary>
Receive glance_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_glance_server_packets" lineno="45795">
<summary>
Do not audit attempts to receive glance_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_glance_server_packets" lineno="45814">
<summary>
Send and receive glance_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_glance_server_packets" lineno="45830">
<summary>
Do not audit attempts to send and receive glance_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_glance_server_packets" lineno="45845">
<summary>
Relabel packets to glance_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_glance_registry_port" lineno="45867">
<summary>
Send and receive TCP traffic on the glance_registry port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_glance_registry_port" lineno="45886">
<summary>
Send UDP traffic on the glance_registry port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_glance_registry_port" lineno="45905">
<summary>
Do not audit attempts to send UDP traffic on the glance_registry port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_glance_registry_port" lineno="45924">
<summary>
Receive UDP traffic on the glance_registry port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_glance_registry_port" lineno="45943">
<summary>
Do not audit attempts to receive UDP traffic on the glance_registry port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_glance_registry_port" lineno="45962">
<summary>
Send and receive UDP traffic on the glance_registry port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_glance_registry_port" lineno="45979">
<summary>
Do not audit attempts to send and receive
UDP traffic on the glance_registry port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_glance_registry_port" lineno="45995">
<summary>
Bind TCP sockets to the glance_registry port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_glance_registry_port" lineno="46015">
<summary>
Bind UDP sockets to the glance_registry port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_glance_registry_port" lineno="46035">
<summary>
Do not audit attempts to sbind to glance_registry port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_glance_registry_port" lineno="46054">
<summary>
Make a TCP connection to the glance_registry port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_glance_registry_port" lineno="46071">
<summary>
Do not audit attempts to make a TCP connection to glance_registry port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_glance_registry_client_packets" lineno="46091">
<summary>
Send glance_registry_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_glance_registry_client_packets" lineno="46110">
<summary>
Do not audit attempts to send glance_registry_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_glance_registry_client_packets" lineno="46129">
<summary>
Receive glance_registry_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_glance_registry_client_packets" lineno="46148">
<summary>
Do not audit attempts to receive glance_registry_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_glance_registry_client_packets" lineno="46167">
<summary>
Send and receive glance_registry_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_glance_registry_client_packets" lineno="46183">
<summary>
Do not audit attempts to send and receive glance_registry_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_glance_registry_client_packets" lineno="46198">
<summary>
Relabel packets to glance_registry_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_glance_registry_server_packets" lineno="46218">
<summary>
Send glance_registry_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_glance_registry_server_packets" lineno="46237">
<summary>
Do not audit attempts to send glance_registry_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_glance_registry_server_packets" lineno="46256">
<summary>
Receive glance_registry_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_glance_registry_server_packets" lineno="46275">
<summary>
Do not audit attempts to receive glance_registry_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_glance_registry_server_packets" lineno="46294">
<summary>
Send and receive glance_registry_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_glance_registry_server_packets" lineno="46310">
<summary>
Do not audit attempts to send and receive glance_registry_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_glance_registry_server_packets" lineno="46325">
<summary>
Relabel packets to glance_registry_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_gluster_port" lineno="46347">
<summary>
Send and receive TCP traffic on the gluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_gluster_port" lineno="46366">
<summary>
Send UDP traffic on the gluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_gluster_port" lineno="46385">
<summary>
Do not audit attempts to send UDP traffic on the gluster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_gluster_port" lineno="46404">
<summary>
Receive UDP traffic on the gluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_gluster_port" lineno="46423">
<summary>
Do not audit attempts to receive UDP traffic on the gluster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_gluster_port" lineno="46442">
<summary>
Send and receive UDP traffic on the gluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_gluster_port" lineno="46459">
<summary>
Do not audit attempts to send and receive
UDP traffic on the gluster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_gluster_port" lineno="46475">
<summary>
Bind TCP sockets to the gluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_gluster_port" lineno="46495">
<summary>
Bind UDP sockets to the gluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_gluster_port" lineno="46515">
<summary>
Do not audit attempts to sbind to gluster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_gluster_port" lineno="46534">
<summary>
Make a TCP connection to the gluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_gluster_port" lineno="46551">
<summary>
Do not audit attempts to make a TCP connection to gluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gluster_client_packets" lineno="46571">
<summary>
Send gluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gluster_client_packets" lineno="46590">
<summary>
Do not audit attempts to send gluster_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gluster_client_packets" lineno="46609">
<summary>
Receive gluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gluster_client_packets" lineno="46628">
<summary>
Do not audit attempts to receive gluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gluster_client_packets" lineno="46647">
<summary>
Send and receive gluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gluster_client_packets" lineno="46663">
<summary>
Do not audit attempts to send and receive gluster_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gluster_client_packets" lineno="46678">
<summary>
Relabel packets to gluster_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gluster_server_packets" lineno="46698">
<summary>
Send gluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gluster_server_packets" lineno="46717">
<summary>
Do not audit attempts to send gluster_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gluster_server_packets" lineno="46736">
<summary>
Receive gluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gluster_server_packets" lineno="46755">
<summary>
Do not audit attempts to receive gluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gluster_server_packets" lineno="46774">
<summary>
Send and receive gluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gluster_server_packets" lineno="46790">
<summary>
Do not audit attempts to send and receive gluster_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gluster_server_packets" lineno="46805">
<summary>
Relabel packets to gluster_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_gopher_port" lineno="46827">
<summary>
Send and receive TCP traffic on the gopher port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_gopher_port" lineno="46846">
<summary>
Send UDP traffic on the gopher port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_gopher_port" lineno="46865">
<summary>
Do not audit attempts to send UDP traffic on the gopher port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_gopher_port" lineno="46884">
<summary>
Receive UDP traffic on the gopher port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_gopher_port" lineno="46903">
<summary>
Do not audit attempts to receive UDP traffic on the gopher port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_gopher_port" lineno="46922">
<summary>
Send and receive UDP traffic on the gopher port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_gopher_port" lineno="46939">
<summary>
Do not audit attempts to send and receive
UDP traffic on the gopher port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_gopher_port" lineno="46955">
<summary>
Bind TCP sockets to the gopher port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_gopher_port" lineno="46975">
<summary>
Bind UDP sockets to the gopher port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_gopher_port" lineno="46995">
<summary>
Do not audit attempts to sbind to gopher port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_gopher_port" lineno="47014">
<summary>
Make a TCP connection to the gopher port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_gopher_port" lineno="47031">
<summary>
Do not audit attempts to make a TCP connection to gopher port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gopher_client_packets" lineno="47051">
<summary>
Send gopher_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gopher_client_packets" lineno="47070">
<summary>
Do not audit attempts to send gopher_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gopher_client_packets" lineno="47089">
<summary>
Receive gopher_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gopher_client_packets" lineno="47108">
<summary>
Do not audit attempts to receive gopher_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gopher_client_packets" lineno="47127">
<summary>
Send and receive gopher_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gopher_client_packets" lineno="47143">
<summary>
Do not audit attempts to send and receive gopher_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gopher_client_packets" lineno="47158">
<summary>
Relabel packets to gopher_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gopher_server_packets" lineno="47178">
<summary>
Send gopher_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gopher_server_packets" lineno="47197">
<summary>
Do not audit attempts to send gopher_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gopher_server_packets" lineno="47216">
<summary>
Receive gopher_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gopher_server_packets" lineno="47235">
<summary>
Do not audit attempts to receive gopher_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gopher_server_packets" lineno="47254">
<summary>
Send and receive gopher_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gopher_server_packets" lineno="47270">
<summary>
Do not audit attempts to send and receive gopher_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gopher_server_packets" lineno="47285">
<summary>
Relabel packets to gopher_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_gpsd_port" lineno="47307">
<summary>
Send and receive TCP traffic on the gpsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_gpsd_port" lineno="47326">
<summary>
Send UDP traffic on the gpsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_gpsd_port" lineno="47345">
<summary>
Do not audit attempts to send UDP traffic on the gpsd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_gpsd_port" lineno="47364">
<summary>
Receive UDP traffic on the gpsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_gpsd_port" lineno="47383">
<summary>
Do not audit attempts to receive UDP traffic on the gpsd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_gpsd_port" lineno="47402">
<summary>
Send and receive UDP traffic on the gpsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_gpsd_port" lineno="47419">
<summary>
Do not audit attempts to send and receive
UDP traffic on the gpsd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_gpsd_port" lineno="47435">
<summary>
Bind TCP sockets to the gpsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_gpsd_port" lineno="47455">
<summary>
Bind UDP sockets to the gpsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_gpsd_port" lineno="47475">
<summary>
Do not audit attempts to sbind to gpsd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_gpsd_port" lineno="47494">
<summary>
Make a TCP connection to the gpsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_gpsd_port" lineno="47511">
<summary>
Do not audit attempts to make a TCP connection to gpsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gpsd_client_packets" lineno="47531">
<summary>
Send gpsd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gpsd_client_packets" lineno="47550">
<summary>
Do not audit attempts to send gpsd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gpsd_client_packets" lineno="47569">
<summary>
Receive gpsd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gpsd_client_packets" lineno="47588">
<summary>
Do not audit attempts to receive gpsd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gpsd_client_packets" lineno="47607">
<summary>
Send and receive gpsd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gpsd_client_packets" lineno="47623">
<summary>
Do not audit attempts to send and receive gpsd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gpsd_client_packets" lineno="47638">
<summary>
Relabel packets to gpsd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gpsd_server_packets" lineno="47658">
<summary>
Send gpsd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gpsd_server_packets" lineno="47677">
<summary>
Do not audit attempts to send gpsd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gpsd_server_packets" lineno="47696">
<summary>
Receive gpsd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gpsd_server_packets" lineno="47715">
<summary>
Do not audit attempts to receive gpsd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gpsd_server_packets" lineno="47734">
<summary>
Send and receive gpsd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gpsd_server_packets" lineno="47750">
<summary>
Do not audit attempts to send and receive gpsd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gpsd_server_packets" lineno="47765">
<summary>
Relabel packets to gpsd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_hadoop_datanode_port" lineno="47787">
<summary>
Send and receive TCP traffic on the hadoop_datanode port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_hadoop_datanode_port" lineno="47806">
<summary>
Send UDP traffic on the hadoop_datanode port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_hadoop_datanode_port" lineno="47825">
<summary>
Do not audit attempts to send UDP traffic on the hadoop_datanode port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_hadoop_datanode_port" lineno="47844">
<summary>
Receive UDP traffic on the hadoop_datanode port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_hadoop_datanode_port" lineno="47863">
<summary>
Do not audit attempts to receive UDP traffic on the hadoop_datanode port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_hadoop_datanode_port" lineno="47882">
<summary>
Send and receive UDP traffic on the hadoop_datanode port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_hadoop_datanode_port" lineno="47899">
<summary>
Do not audit attempts to send and receive
UDP traffic on the hadoop_datanode port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_hadoop_datanode_port" lineno="47915">
<summary>
Bind TCP sockets to the hadoop_datanode port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_hadoop_datanode_port" lineno="47935">
<summary>
Bind UDP sockets to the hadoop_datanode port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_hadoop_datanode_port" lineno="47955">
<summary>
Do not audit attempts to sbind to hadoop_datanode port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_hadoop_datanode_port" lineno="47974">
<summary>
Make a TCP connection to the hadoop_datanode port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_hadoop_datanode_port" lineno="47991">
<summary>
Do not audit attempts to make a TCP connection to hadoop_datanode port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_hadoop_datanode_client_packets" lineno="48011">
<summary>
Send hadoop_datanode_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_hadoop_datanode_client_packets" lineno="48030">
<summary>
Do not audit attempts to send hadoop_datanode_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_hadoop_datanode_client_packets" lineno="48049">
<summary>
Receive hadoop_datanode_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_hadoop_datanode_client_packets" lineno="48068">
<summary>
Do not audit attempts to receive hadoop_datanode_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_hadoop_datanode_client_packets" lineno="48087">
<summary>
Send and receive hadoop_datanode_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_hadoop_datanode_client_packets" lineno="48103">
<summary>
Do not audit attempts to send and receive hadoop_datanode_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_hadoop_datanode_client_packets" lineno="48118">
<summary>
Relabel packets to hadoop_datanode_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_hadoop_datanode_server_packets" lineno="48138">
<summary>
Send hadoop_datanode_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_hadoop_datanode_server_packets" lineno="48157">
<summary>
Do not audit attempts to send hadoop_datanode_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_hadoop_datanode_server_packets" lineno="48176">
<summary>
Receive hadoop_datanode_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_hadoop_datanode_server_packets" lineno="48195">
<summary>
Do not audit attempts to receive hadoop_datanode_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_hadoop_datanode_server_packets" lineno="48214">
<summary>
Send and receive hadoop_datanode_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_hadoop_datanode_server_packets" lineno="48230">
<summary>
Do not audit attempts to send and receive hadoop_datanode_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_hadoop_datanode_server_packets" lineno="48245">
<summary>
Relabel packets to hadoop_datanode_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_hadoop_namenode_port" lineno="48267">
<summary>
Send and receive TCP traffic on the hadoop_namenode port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_hadoop_namenode_port" lineno="48286">
<summary>
Send UDP traffic on the hadoop_namenode port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_hadoop_namenode_port" lineno="48305">
<summary>
Do not audit attempts to send UDP traffic on the hadoop_namenode port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_hadoop_namenode_port" lineno="48324">
<summary>
Receive UDP traffic on the hadoop_namenode port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_hadoop_namenode_port" lineno="48343">
<summary>
Do not audit attempts to receive UDP traffic on the hadoop_namenode port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_hadoop_namenode_port" lineno="48362">
<summary>
Send and receive UDP traffic on the hadoop_namenode port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_hadoop_namenode_port" lineno="48379">
<summary>
Do not audit attempts to send and receive
UDP traffic on the hadoop_namenode port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_hadoop_namenode_port" lineno="48395">
<summary>
Bind TCP sockets to the hadoop_namenode port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_hadoop_namenode_port" lineno="48415">
<summary>
Bind UDP sockets to the hadoop_namenode port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_hadoop_namenode_port" lineno="48435">
<summary>
Do not audit attempts to sbind to hadoop_namenode port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_hadoop_namenode_port" lineno="48454">
<summary>
Make a TCP connection to the hadoop_namenode port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_hadoop_namenode_port" lineno="48471">
<summary>
Do not audit attempts to make a TCP connection to hadoop_namenode port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_hadoop_namenode_client_packets" lineno="48491">
<summary>
Send hadoop_namenode_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_hadoop_namenode_client_packets" lineno="48510">
<summary>
Do not audit attempts to send hadoop_namenode_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_hadoop_namenode_client_packets" lineno="48529">
<summary>
Receive hadoop_namenode_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_hadoop_namenode_client_packets" lineno="48548">
<summary>
Do not audit attempts to receive hadoop_namenode_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_hadoop_namenode_client_packets" lineno="48567">
<summary>
Send and receive hadoop_namenode_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_hadoop_namenode_client_packets" lineno="48583">
<summary>
Do not audit attempts to send and receive hadoop_namenode_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_hadoop_namenode_client_packets" lineno="48598">
<summary>
Relabel packets to hadoop_namenode_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_hadoop_namenode_server_packets" lineno="48618">
<summary>
Send hadoop_namenode_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_hadoop_namenode_server_packets" lineno="48637">
<summary>
Do not audit attempts to send hadoop_namenode_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_hadoop_namenode_server_packets" lineno="48656">
<summary>
Receive hadoop_namenode_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_hadoop_namenode_server_packets" lineno="48675">
<summary>
Do not audit attempts to receive hadoop_namenode_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_hadoop_namenode_server_packets" lineno="48694">
<summary>
Send and receive hadoop_namenode_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_hadoop_namenode_server_packets" lineno="48710">
<summary>
Do not audit attempts to send and receive hadoop_namenode_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_hadoop_namenode_server_packets" lineno="48725">
<summary>
Relabel packets to hadoop_namenode_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_hddtemp_port" lineno="48747">
<summary>
Send and receive TCP traffic on the hddtemp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_hddtemp_port" lineno="48766">
<summary>
Send UDP traffic on the hddtemp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_hddtemp_port" lineno="48785">
<summary>
Do not audit attempts to send UDP traffic on the hddtemp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_hddtemp_port" lineno="48804">
<summary>
Receive UDP traffic on the hddtemp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_hddtemp_port" lineno="48823">
<summary>
Do not audit attempts to receive UDP traffic on the hddtemp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_hddtemp_port" lineno="48842">
<summary>
Send and receive UDP traffic on the hddtemp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_hddtemp_port" lineno="48859">
<summary>
Do not audit attempts to send and receive
UDP traffic on the hddtemp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_hddtemp_port" lineno="48875">
<summary>
Bind TCP sockets to the hddtemp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_hddtemp_port" lineno="48895">
<summary>
Bind UDP sockets to the hddtemp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_hddtemp_port" lineno="48915">
<summary>
Do not audit attempts to sbind to hddtemp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_hddtemp_port" lineno="48934">
<summary>
Make a TCP connection to the hddtemp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_hddtemp_port" lineno="48951">
<summary>
Do not audit attempts to make a TCP connection to hddtemp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_hddtemp_client_packets" lineno="48971">
<summary>
Send hddtemp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_hddtemp_client_packets" lineno="48990">
<summary>
Do not audit attempts to send hddtemp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_hddtemp_client_packets" lineno="49009">
<summary>
Receive hddtemp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_hddtemp_client_packets" lineno="49028">
<summary>
Do not audit attempts to receive hddtemp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_hddtemp_client_packets" lineno="49047">
<summary>
Send and receive hddtemp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_hddtemp_client_packets" lineno="49063">
<summary>
Do not audit attempts to send and receive hddtemp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_hddtemp_client_packets" lineno="49078">
<summary>
Relabel packets to hddtemp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_hddtemp_server_packets" lineno="49098">
<summary>
Send hddtemp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_hddtemp_server_packets" lineno="49117">
<summary>
Do not audit attempts to send hddtemp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_hddtemp_server_packets" lineno="49136">
<summary>
Receive hddtemp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_hddtemp_server_packets" lineno="49155">
<summary>
Do not audit attempts to receive hddtemp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_hddtemp_server_packets" lineno="49174">
<summary>
Send and receive hddtemp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_hddtemp_server_packets" lineno="49190">
<summary>
Do not audit attempts to send and receive hddtemp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_hddtemp_server_packets" lineno="49205">
<summary>
Relabel packets to hddtemp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_howl_port" lineno="49227">
<summary>
Send and receive TCP traffic on the howl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_howl_port" lineno="49246">
<summary>
Send UDP traffic on the howl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_howl_port" lineno="49265">
<summary>
Do not audit attempts to send UDP traffic on the howl port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_howl_port" lineno="49284">
<summary>
Receive UDP traffic on the howl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_howl_port" lineno="49303">
<summary>
Do not audit attempts to receive UDP traffic on the howl port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_howl_port" lineno="49322">
<summary>
Send and receive UDP traffic on the howl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_howl_port" lineno="49339">
<summary>
Do not audit attempts to send and receive
UDP traffic on the howl port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_howl_port" lineno="49355">
<summary>
Bind TCP sockets to the howl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_howl_port" lineno="49375">
<summary>
Bind UDP sockets to the howl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_howl_port" lineno="49395">
<summary>
Do not audit attempts to sbind to howl port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_howl_port" lineno="49414">
<summary>
Make a TCP connection to the howl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_howl_port" lineno="49431">
<summary>
Do not audit attempts to make a TCP connection to howl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_howl_client_packets" lineno="49451">
<summary>
Send howl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_howl_client_packets" lineno="49470">
<summary>
Do not audit attempts to send howl_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_howl_client_packets" lineno="49489">
<summary>
Receive howl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_howl_client_packets" lineno="49508">
<summary>
Do not audit attempts to receive howl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_howl_client_packets" lineno="49527">
<summary>
Send and receive howl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_howl_client_packets" lineno="49543">
<summary>
Do not audit attempts to send and receive howl_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_howl_client_packets" lineno="49558">
<summary>
Relabel packets to howl_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_howl_server_packets" lineno="49578">
<summary>
Send howl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_howl_server_packets" lineno="49597">
<summary>
Do not audit attempts to send howl_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_howl_server_packets" lineno="49616">
<summary>
Receive howl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_howl_server_packets" lineno="49635">
<summary>
Do not audit attempts to receive howl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_howl_server_packets" lineno="49654">
<summary>
Send and receive howl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_howl_server_packets" lineno="49670">
<summary>
Do not audit attempts to send and receive howl_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_howl_server_packets" lineno="49685">
<summary>
Relabel packets to howl_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_hplip_port" lineno="49707">
<summary>
Send and receive TCP traffic on the hplip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_hplip_port" lineno="49726">
<summary>
Send UDP traffic on the hplip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_hplip_port" lineno="49745">
<summary>
Do not audit attempts to send UDP traffic on the hplip port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_hplip_port" lineno="49764">
<summary>
Receive UDP traffic on the hplip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_hplip_port" lineno="49783">
<summary>
Do not audit attempts to receive UDP traffic on the hplip port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_hplip_port" lineno="49802">
<summary>
Send and receive UDP traffic on the hplip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_hplip_port" lineno="49819">
<summary>
Do not audit attempts to send and receive
UDP traffic on the hplip port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_hplip_port" lineno="49835">
<summary>
Bind TCP sockets to the hplip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_hplip_port" lineno="49855">
<summary>
Bind UDP sockets to the hplip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_hplip_port" lineno="49875">
<summary>
Do not audit attempts to sbind to hplip port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_hplip_port" lineno="49894">
<summary>
Make a TCP connection to the hplip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_hplip_port" lineno="49911">
<summary>
Do not audit attempts to make a TCP connection to hplip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_hplip_client_packets" lineno="49931">
<summary>
Send hplip_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_hplip_client_packets" lineno="49950">
<summary>
Do not audit attempts to send hplip_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_hplip_client_packets" lineno="49969">
<summary>
Receive hplip_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_hplip_client_packets" lineno="49988">
<summary>
Do not audit attempts to receive hplip_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_hplip_client_packets" lineno="50007">
<summary>
Send and receive hplip_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_hplip_client_packets" lineno="50023">
<summary>
Do not audit attempts to send and receive hplip_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_hplip_client_packets" lineno="50038">
<summary>
Relabel packets to hplip_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_hplip_server_packets" lineno="50058">
<summary>
Send hplip_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_hplip_server_packets" lineno="50077">
<summary>
Do not audit attempts to send hplip_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_hplip_server_packets" lineno="50096">
<summary>
Receive hplip_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_hplip_server_packets" lineno="50115">
<summary>
Do not audit attempts to receive hplip_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_hplip_server_packets" lineno="50134">
<summary>
Send and receive hplip_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_hplip_server_packets" lineno="50150">
<summary>
Do not audit attempts to send and receive hplip_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_hplip_server_packets" lineno="50165">
<summary>
Relabel packets to hplip_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_http_port" lineno="50187">
<summary>
Send and receive TCP traffic on the http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_http_port" lineno="50206">
<summary>
Send UDP traffic on the http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_http_port" lineno="50225">
<summary>
Do not audit attempts to send UDP traffic on the http port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_http_port" lineno="50244">
<summary>
Receive UDP traffic on the http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_http_port" lineno="50263">
<summary>
Do not audit attempts to receive UDP traffic on the http port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_http_port" lineno="50282">
<summary>
Send and receive UDP traffic on the http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_http_port" lineno="50299">
<summary>
Do not audit attempts to send and receive
UDP traffic on the http port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_http_port" lineno="50315">
<summary>
Bind TCP sockets to the http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_http_port" lineno="50335">
<summary>
Bind UDP sockets to the http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_http_port" lineno="50355">
<summary>
Do not audit attempts to sbind to http port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_http_port" lineno="50374">
<summary>
Make a TCP connection to the http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_http_port" lineno="50391">
<summary>
Do not audit attempts to make a TCP connection to http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_http_client_packets" lineno="50411">
<summary>
Send http_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_http_client_packets" lineno="50430">
<summary>
Do not audit attempts to send http_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_http_client_packets" lineno="50449">
<summary>
Receive http_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_http_client_packets" lineno="50468">
<summary>
Do not audit attempts to receive http_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_http_client_packets" lineno="50487">
<summary>
Send and receive http_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_http_client_packets" lineno="50503">
<summary>
Do not audit attempts to send and receive http_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_http_client_packets" lineno="50518">
<summary>
Relabel packets to http_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_http_server_packets" lineno="50538">
<summary>
Send http_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_http_server_packets" lineno="50557">
<summary>
Do not audit attempts to send http_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_http_server_packets" lineno="50576">
<summary>
Receive http_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_http_server_packets" lineno="50595">
<summary>
Do not audit attempts to receive http_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_http_server_packets" lineno="50614">
<summary>
Send and receive http_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_http_server_packets" lineno="50630">
<summary>
Do not audit attempts to send and receive http_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_http_server_packets" lineno="50645">
<summary>
Relabel packets to http_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_http_cache_port" lineno="50667">
<summary>
Send and receive TCP traffic on the http_cache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_http_cache_port" lineno="50686">
<summary>
Send UDP traffic on the http_cache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_http_cache_port" lineno="50705">
<summary>
Do not audit attempts to send UDP traffic on the http_cache port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_http_cache_port" lineno="50724">
<summary>
Receive UDP traffic on the http_cache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_http_cache_port" lineno="50743">
<summary>
Do not audit attempts to receive UDP traffic on the http_cache port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_http_cache_port" lineno="50762">
<summary>
Send and receive UDP traffic on the http_cache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_http_cache_port" lineno="50779">
<summary>
Do not audit attempts to send and receive
UDP traffic on the http_cache port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_http_cache_port" lineno="50795">
<summary>
Bind TCP sockets to the http_cache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_http_cache_port" lineno="50815">
<summary>
Bind UDP sockets to the http_cache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_http_cache_port" lineno="50835">
<summary>
Do not audit attempts to sbind to http_cache port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_http_cache_port" lineno="50854">
<summary>
Make a TCP connection to the http_cache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_http_cache_port" lineno="50871">
<summary>
Do not audit attempts to make a TCP connection to http_cache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_http_cache_client_packets" lineno="50891">
<summary>
Send http_cache_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_http_cache_client_packets" lineno="50910">
<summary>
Do not audit attempts to send http_cache_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_http_cache_client_packets" lineno="50929">
<summary>
Receive http_cache_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_http_cache_client_packets" lineno="50948">
<summary>
Do not audit attempts to receive http_cache_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_http_cache_client_packets" lineno="50967">
<summary>
Send and receive http_cache_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_http_cache_client_packets" lineno="50983">
<summary>
Do not audit attempts to send and receive http_cache_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_http_cache_client_packets" lineno="50998">
<summary>
Relabel packets to http_cache_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_http_cache_server_packets" lineno="51018">
<summary>
Send http_cache_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_http_cache_server_packets" lineno="51037">
<summary>
Do not audit attempts to send http_cache_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_http_cache_server_packets" lineno="51056">
<summary>
Receive http_cache_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_http_cache_server_packets" lineno="51075">
<summary>
Do not audit attempts to receive http_cache_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_http_cache_server_packets" lineno="51094">
<summary>
Send and receive http_cache_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_http_cache_server_packets" lineno="51110">
<summary>
Do not audit attempts to send and receive http_cache_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_http_cache_server_packets" lineno="51125">
<summary>
Relabel packets to http_cache_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ibm_dt_2_port" lineno="51147">
<summary>
Send and receive TCP traffic on the ibm_dt_2 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ibm_dt_2_port" lineno="51166">
<summary>
Send UDP traffic on the ibm_dt_2 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ibm_dt_2_port" lineno="51185">
<summary>
Do not audit attempts to send UDP traffic on the ibm_dt_2 port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ibm_dt_2_port" lineno="51204">
<summary>
Receive UDP traffic on the ibm_dt_2 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ibm_dt_2_port" lineno="51223">
<summary>
Do not audit attempts to receive UDP traffic on the ibm_dt_2 port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ibm_dt_2_port" lineno="51242">
<summary>
Send and receive UDP traffic on the ibm_dt_2 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ibm_dt_2_port" lineno="51259">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ibm_dt_2 port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ibm_dt_2_port" lineno="51275">
<summary>
Bind TCP sockets to the ibm_dt_2 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ibm_dt_2_port" lineno="51295">
<summary>
Bind UDP sockets to the ibm_dt_2 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_ibm_dt_2_port" lineno="51315">
<summary>
Do not audit attempts to sbind to ibm_dt_2 port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ibm_dt_2_port" lineno="51334">
<summary>
Make a TCP connection to the ibm_dt_2 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_ibm_dt_2_port" lineno="51351">
<summary>
Do not audit attempts to make a TCP connection to ibm_dt_2 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ibm_dt_2_client_packets" lineno="51371">
<summary>
Send ibm_dt_2_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ibm_dt_2_client_packets" lineno="51390">
<summary>
Do not audit attempts to send ibm_dt_2_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ibm_dt_2_client_packets" lineno="51409">
<summary>
Receive ibm_dt_2_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ibm_dt_2_client_packets" lineno="51428">
<summary>
Do not audit attempts to receive ibm_dt_2_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ibm_dt_2_client_packets" lineno="51447">
<summary>
Send and receive ibm_dt_2_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ibm_dt_2_client_packets" lineno="51463">
<summary>
Do not audit attempts to send and receive ibm_dt_2_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ibm_dt_2_client_packets" lineno="51478">
<summary>
Relabel packets to ibm_dt_2_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ibm_dt_2_server_packets" lineno="51498">
<summary>
Send ibm_dt_2_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ibm_dt_2_server_packets" lineno="51517">
<summary>
Do not audit attempts to send ibm_dt_2_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ibm_dt_2_server_packets" lineno="51536">
<summary>
Receive ibm_dt_2_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ibm_dt_2_server_packets" lineno="51555">
<summary>
Do not audit attempts to receive ibm_dt_2_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ibm_dt_2_server_packets" lineno="51574">
<summary>
Send and receive ibm_dt_2_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ibm_dt_2_server_packets" lineno="51590">
<summary>
Do not audit attempts to send and receive ibm_dt_2_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ibm_dt_2_server_packets" lineno="51605">
<summary>
Relabel packets to ibm_dt_2_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_intermapper_port" lineno="51627">
<summary>
Send and receive TCP traffic on the intermapper port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_intermapper_port" lineno="51646">
<summary>
Send UDP traffic on the intermapper port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_intermapper_port" lineno="51665">
<summary>
Do not audit attempts to send UDP traffic on the intermapper port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_intermapper_port" lineno="51684">
<summary>
Receive UDP traffic on the intermapper port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_intermapper_port" lineno="51703">
<summary>
Do not audit attempts to receive UDP traffic on the intermapper port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_intermapper_port" lineno="51722">
<summary>
Send and receive UDP traffic on the intermapper port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_intermapper_port" lineno="51739">
<summary>
Do not audit attempts to send and receive
UDP traffic on the intermapper port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_intermapper_port" lineno="51755">
<summary>
Bind TCP sockets to the intermapper port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_intermapper_port" lineno="51775">
<summary>
Bind UDP sockets to the intermapper port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_intermapper_port" lineno="51795">
<summary>
Do not audit attempts to sbind to intermapper port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_intermapper_port" lineno="51814">
<summary>
Make a TCP connection to the intermapper port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_intermapper_port" lineno="51831">
<summary>
Do not audit attempts to make a TCP connection to intermapper port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_intermapper_client_packets" lineno="51851">
<summary>
Send intermapper_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_intermapper_client_packets" lineno="51870">
<summary>
Do not audit attempts to send intermapper_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_intermapper_client_packets" lineno="51889">
<summary>
Receive intermapper_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_intermapper_client_packets" lineno="51908">
<summary>
Do not audit attempts to receive intermapper_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_intermapper_client_packets" lineno="51927">
<summary>
Send and receive intermapper_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_intermapper_client_packets" lineno="51943">
<summary>
Do not audit attempts to send and receive intermapper_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_intermapper_client_packets" lineno="51958">
<summary>
Relabel packets to intermapper_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_intermapper_server_packets" lineno="51978">
<summary>
Send intermapper_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_intermapper_server_packets" lineno="51997">
<summary>
Do not audit attempts to send intermapper_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_intermapper_server_packets" lineno="52016">
<summary>
Receive intermapper_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_intermapper_server_packets" lineno="52035">
<summary>
Do not audit attempts to receive intermapper_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_intermapper_server_packets" lineno="52054">
<summary>
Send and receive intermapper_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_intermapper_server_packets" lineno="52070">
<summary>
Do not audit attempts to send and receive intermapper_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_intermapper_server_packets" lineno="52085">
<summary>
Relabel packets to intermapper_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_i18n_input_port" lineno="52107">
<summary>
Send and receive TCP traffic on the i18n_input port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_i18n_input_port" lineno="52126">
<summary>
Send UDP traffic on the i18n_input port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_i18n_input_port" lineno="52145">
<summary>
Do not audit attempts to send UDP traffic on the i18n_input port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_i18n_input_port" lineno="52164">
<summary>
Receive UDP traffic on the i18n_input port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_i18n_input_port" lineno="52183">
<summary>
Do not audit attempts to receive UDP traffic on the i18n_input port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_i18n_input_port" lineno="52202">
<summary>
Send and receive UDP traffic on the i18n_input port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_i18n_input_port" lineno="52219">
<summary>
Do not audit attempts to send and receive
UDP traffic on the i18n_input port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_i18n_input_port" lineno="52235">
<summary>
Bind TCP sockets to the i18n_input port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_i18n_input_port" lineno="52255">
<summary>
Bind UDP sockets to the i18n_input port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_i18n_input_port" lineno="52275">
<summary>
Do not audit attempts to sbind to i18n_input port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_i18n_input_port" lineno="52294">
<summary>
Make a TCP connection to the i18n_input port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_i18n_input_port" lineno="52311">
<summary>
Do not audit attempts to make a TCP connection to i18n_input port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_i18n_input_client_packets" lineno="52331">
<summary>
Send i18n_input_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_i18n_input_client_packets" lineno="52350">
<summary>
Do not audit attempts to send i18n_input_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_i18n_input_client_packets" lineno="52369">
<summary>
Receive i18n_input_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_i18n_input_client_packets" lineno="52388">
<summary>
Do not audit attempts to receive i18n_input_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_i18n_input_client_packets" lineno="52407">
<summary>
Send and receive i18n_input_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_i18n_input_client_packets" lineno="52423">
<summary>
Do not audit attempts to send and receive i18n_input_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_i18n_input_client_packets" lineno="52438">
<summary>
Relabel packets to i18n_input_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_i18n_input_server_packets" lineno="52458">
<summary>
Send i18n_input_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_i18n_input_server_packets" lineno="52477">
<summary>
Do not audit attempts to send i18n_input_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_i18n_input_server_packets" lineno="52496">
<summary>
Receive i18n_input_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_i18n_input_server_packets" lineno="52515">
<summary>
Do not audit attempts to receive i18n_input_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_i18n_input_server_packets" lineno="52534">
<summary>
Send and receive i18n_input_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_i18n_input_server_packets" lineno="52550">
<summary>
Do not audit attempts to send and receive i18n_input_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_i18n_input_server_packets" lineno="52565">
<summary>
Relabel packets to i18n_input_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_imaze_port" lineno="52587">
<summary>
Send and receive TCP traffic on the imaze port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_imaze_port" lineno="52606">
<summary>
Send UDP traffic on the imaze port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_imaze_port" lineno="52625">
<summary>
Do not audit attempts to send UDP traffic on the imaze port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_imaze_port" lineno="52644">
<summary>
Receive UDP traffic on the imaze port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_imaze_port" lineno="52663">
<summary>
Do not audit attempts to receive UDP traffic on the imaze port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_imaze_port" lineno="52682">
<summary>
Send and receive UDP traffic on the imaze port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_imaze_port" lineno="52699">
<summary>
Do not audit attempts to send and receive
UDP traffic on the imaze port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_imaze_port" lineno="52715">
<summary>
Bind TCP sockets to the imaze port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_imaze_port" lineno="52735">
<summary>
Bind UDP sockets to the imaze port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_imaze_port" lineno="52755">
<summary>
Do not audit attempts to sbind to imaze port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_imaze_port" lineno="52774">
<summary>
Make a TCP connection to the imaze port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_imaze_port" lineno="52791">
<summary>
Do not audit attempts to make a TCP connection to imaze port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_imaze_client_packets" lineno="52811">
<summary>
Send imaze_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_imaze_client_packets" lineno="52830">
<summary>
Do not audit attempts to send imaze_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_imaze_client_packets" lineno="52849">
<summary>
Receive imaze_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_imaze_client_packets" lineno="52868">
<summary>
Do not audit attempts to receive imaze_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_imaze_client_packets" lineno="52887">
<summary>
Send and receive imaze_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_imaze_client_packets" lineno="52903">
<summary>
Do not audit attempts to send and receive imaze_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_imaze_client_packets" lineno="52918">
<summary>
Relabel packets to imaze_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_imaze_server_packets" lineno="52938">
<summary>
Send imaze_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_imaze_server_packets" lineno="52957">
<summary>
Do not audit attempts to send imaze_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_imaze_server_packets" lineno="52976">
<summary>
Receive imaze_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_imaze_server_packets" lineno="52995">
<summary>
Do not audit attempts to receive imaze_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_imaze_server_packets" lineno="53014">
<summary>
Send and receive imaze_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_imaze_server_packets" lineno="53030">
<summary>
Do not audit attempts to send and receive imaze_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_imaze_server_packets" lineno="53045">
<summary>
Relabel packets to imaze_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_inetd_child_port" lineno="53067">
<summary>
Send and receive TCP traffic on the inetd_child port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_inetd_child_port" lineno="53086">
<summary>
Send UDP traffic on the inetd_child port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_inetd_child_port" lineno="53105">
<summary>
Do not audit attempts to send UDP traffic on the inetd_child port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_inetd_child_port" lineno="53124">
<summary>
Receive UDP traffic on the inetd_child port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_inetd_child_port" lineno="53143">
<summary>
Do not audit attempts to receive UDP traffic on the inetd_child port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_inetd_child_port" lineno="53162">
<summary>
Send and receive UDP traffic on the inetd_child port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_inetd_child_port" lineno="53179">
<summary>
Do not audit attempts to send and receive
UDP traffic on the inetd_child port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_inetd_child_port" lineno="53195">
<summary>
Bind TCP sockets to the inetd_child port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_inetd_child_port" lineno="53215">
<summary>
Bind UDP sockets to the inetd_child port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_inetd_child_port" lineno="53235">
<summary>
Do not audit attempts to sbind to inetd_child port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_inetd_child_port" lineno="53254">
<summary>
Make a TCP connection to the inetd_child port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_inetd_child_port" lineno="53271">
<summary>
Do not audit attempts to make a TCP connection to inetd_child port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_inetd_child_client_packets" lineno="53291">
<summary>
Send inetd_child_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_inetd_child_client_packets" lineno="53310">
<summary>
Do not audit attempts to send inetd_child_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_inetd_child_client_packets" lineno="53329">
<summary>
Receive inetd_child_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_inetd_child_client_packets" lineno="53348">
<summary>
Do not audit attempts to receive inetd_child_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_inetd_child_client_packets" lineno="53367">
<summary>
Send and receive inetd_child_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_inetd_child_client_packets" lineno="53383">
<summary>
Do not audit attempts to send and receive inetd_child_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_inetd_child_client_packets" lineno="53398">
<summary>
Relabel packets to inetd_child_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_inetd_child_server_packets" lineno="53418">
<summary>
Send inetd_child_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_inetd_child_server_packets" lineno="53437">
<summary>
Do not audit attempts to send inetd_child_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_inetd_child_server_packets" lineno="53456">
<summary>
Receive inetd_child_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_inetd_child_server_packets" lineno="53475">
<summary>
Do not audit attempts to receive inetd_child_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_inetd_child_server_packets" lineno="53494">
<summary>
Send and receive inetd_child_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_inetd_child_server_packets" lineno="53510">
<summary>
Do not audit attempts to send and receive inetd_child_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_inetd_child_server_packets" lineno="53525">
<summary>
Relabel packets to inetd_child_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_innd_port" lineno="53547">
<summary>
Send and receive TCP traffic on the innd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_innd_port" lineno="53566">
<summary>
Send UDP traffic on the innd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_innd_port" lineno="53585">
<summary>
Do not audit attempts to send UDP traffic on the innd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_innd_port" lineno="53604">
<summary>
Receive UDP traffic on the innd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_innd_port" lineno="53623">
<summary>
Do not audit attempts to receive UDP traffic on the innd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_innd_port" lineno="53642">
<summary>
Send and receive UDP traffic on the innd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_innd_port" lineno="53659">
<summary>
Do not audit attempts to send and receive
UDP traffic on the innd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_innd_port" lineno="53675">
<summary>
Bind TCP sockets to the innd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_innd_port" lineno="53695">
<summary>
Bind UDP sockets to the innd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_innd_port" lineno="53715">
<summary>
Do not audit attempts to sbind to innd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_innd_port" lineno="53734">
<summary>
Make a TCP connection to the innd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_innd_port" lineno="53751">
<summary>
Do not audit attempts to make a TCP connection to innd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_innd_client_packets" lineno="53771">
<summary>
Send innd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_innd_client_packets" lineno="53790">
<summary>
Do not audit attempts to send innd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_innd_client_packets" lineno="53809">
<summary>
Receive innd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_innd_client_packets" lineno="53828">
<summary>
Do not audit attempts to receive innd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_innd_client_packets" lineno="53847">
<summary>
Send and receive innd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_innd_client_packets" lineno="53863">
<summary>
Do not audit attempts to send and receive innd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_innd_client_packets" lineno="53878">
<summary>
Relabel packets to innd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_innd_server_packets" lineno="53898">
<summary>
Send innd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_innd_server_packets" lineno="53917">
<summary>
Do not audit attempts to send innd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_innd_server_packets" lineno="53936">
<summary>
Receive innd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_innd_server_packets" lineno="53955">
<summary>
Do not audit attempts to receive innd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_innd_server_packets" lineno="53974">
<summary>
Send and receive innd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_innd_server_packets" lineno="53990">
<summary>
Do not audit attempts to send and receive innd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_innd_server_packets" lineno="54005">
<summary>
Relabel packets to innd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_interwise_port" lineno="54027">
<summary>
Send and receive TCP traffic on the interwise port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_interwise_port" lineno="54046">
<summary>
Send UDP traffic on the interwise port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_interwise_port" lineno="54065">
<summary>
Do not audit attempts to send UDP traffic on the interwise port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_interwise_port" lineno="54084">
<summary>
Receive UDP traffic on the interwise port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_interwise_port" lineno="54103">
<summary>
Do not audit attempts to receive UDP traffic on the interwise port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_interwise_port" lineno="54122">
<summary>
Send and receive UDP traffic on the interwise port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_interwise_port" lineno="54139">
<summary>
Do not audit attempts to send and receive
UDP traffic on the interwise port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_interwise_port" lineno="54155">
<summary>
Bind TCP sockets to the interwise port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_interwise_port" lineno="54175">
<summary>
Bind UDP sockets to the interwise port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_interwise_port" lineno="54195">
<summary>
Do not audit attempts to sbind to interwise port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_interwise_port" lineno="54214">
<summary>
Make a TCP connection to the interwise port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_interwise_port" lineno="54231">
<summary>
Do not audit attempts to make a TCP connection to interwise port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_interwise_client_packets" lineno="54251">
<summary>
Send interwise_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_interwise_client_packets" lineno="54270">
<summary>
Do not audit attempts to send interwise_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_interwise_client_packets" lineno="54289">
<summary>
Receive interwise_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_interwise_client_packets" lineno="54308">
<summary>
Do not audit attempts to receive interwise_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_interwise_client_packets" lineno="54327">
<summary>
Send and receive interwise_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_interwise_client_packets" lineno="54343">
<summary>
Do not audit attempts to send and receive interwise_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_interwise_client_packets" lineno="54358">
<summary>
Relabel packets to interwise_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_interwise_server_packets" lineno="54378">
<summary>
Send interwise_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_interwise_server_packets" lineno="54397">
<summary>
Do not audit attempts to send interwise_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_interwise_server_packets" lineno="54416">
<summary>
Receive interwise_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_interwise_server_packets" lineno="54435">
<summary>
Do not audit attempts to receive interwise_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_interwise_server_packets" lineno="54454">
<summary>
Send and receive interwise_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_interwise_server_packets" lineno="54470">
<summary>
Do not audit attempts to send and receive interwise_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_interwise_server_packets" lineno="54485">
<summary>
Relabel packets to interwise_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ionixnetmon_port" lineno="54507">
<summary>
Send and receive TCP traffic on the ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ionixnetmon_port" lineno="54526">
<summary>
Send UDP traffic on the ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ionixnetmon_port" lineno="54545">
<summary>
Do not audit attempts to send UDP traffic on the ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ionixnetmon_port" lineno="54564">
<summary>
Receive UDP traffic on the ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ionixnetmon_port" lineno="54583">
<summary>
Do not audit attempts to receive UDP traffic on the ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ionixnetmon_port" lineno="54602">
<summary>
Send and receive UDP traffic on the ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ionixnetmon_port" lineno="54619">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ionixnetmon_port" lineno="54635">
<summary>
Bind TCP sockets to the ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ionixnetmon_port" lineno="54655">
<summary>
Bind UDP sockets to the ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_ionixnetmon_port" lineno="54675">
<summary>
Do not audit attempts to sbind to ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ionixnetmon_port" lineno="54694">
<summary>
Make a TCP connection to the ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_ionixnetmon_port" lineno="54711">
<summary>
Do not audit attempts to make a TCP connection to ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ionixnetmon_client_packets" lineno="54731">
<summary>
Send ionixnetmon_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ionixnetmon_client_packets" lineno="54750">
<summary>
Do not audit attempts to send ionixnetmon_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ionixnetmon_client_packets" lineno="54769">
<summary>
Receive ionixnetmon_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ionixnetmon_client_packets" lineno="54788">
<summary>
Do not audit attempts to receive ionixnetmon_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ionixnetmon_client_packets" lineno="54807">
<summary>
Send and receive ionixnetmon_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ionixnetmon_client_packets" lineno="54823">
<summary>
Do not audit attempts to send and receive ionixnetmon_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ionixnetmon_client_packets" lineno="54838">
<summary>
Relabel packets to ionixnetmon_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ionixnetmon_server_packets" lineno="54858">
<summary>
Send ionixnetmon_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ionixnetmon_server_packets" lineno="54877">
<summary>
Do not audit attempts to send ionixnetmon_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ionixnetmon_server_packets" lineno="54896">
<summary>
Receive ionixnetmon_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ionixnetmon_server_packets" lineno="54915">
<summary>
Do not audit attempts to receive ionixnetmon_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ionixnetmon_server_packets" lineno="54934">
<summary>
Send and receive ionixnetmon_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ionixnetmon_server_packets" lineno="54950">
<summary>
Do not audit attempts to send and receive ionixnetmon_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ionixnetmon_server_packets" lineno="54965">
<summary>
Relabel packets to ionixnetmon_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ipmi_port" lineno="54987">
<summary>
Send and receive TCP traffic on the ipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ipmi_port" lineno="55006">
<summary>
Send UDP traffic on the ipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ipmi_port" lineno="55025">
<summary>
Do not audit attempts to send UDP traffic on the ipmi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ipmi_port" lineno="55044">
<summary>
Receive UDP traffic on the ipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ipmi_port" lineno="55063">
<summary>
Do not audit attempts to receive UDP traffic on the ipmi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ipmi_port" lineno="55082">
<summary>
Send and receive UDP traffic on the ipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ipmi_port" lineno="55099">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ipmi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ipmi_port" lineno="55115">
<summary>
Bind TCP sockets to the ipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ipmi_port" lineno="55135">
<summary>
Bind UDP sockets to the ipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_ipmi_port" lineno="55155">
<summary>
Do not audit attempts to sbind to ipmi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ipmi_port" lineno="55174">
<summary>
Make a TCP connection to the ipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_ipmi_port" lineno="55191">
<summary>
Do not audit attempts to make a TCP connection to ipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ipmi_client_packets" lineno="55211">
<summary>
Send ipmi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ipmi_client_packets" lineno="55230">
<summary>
Do not audit attempts to send ipmi_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ipmi_client_packets" lineno="55249">
<summary>
Receive ipmi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ipmi_client_packets" lineno="55268">
<summary>
Do not audit attempts to receive ipmi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ipmi_client_packets" lineno="55287">
<summary>
Send and receive ipmi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ipmi_client_packets" lineno="55303">
<summary>
Do not audit attempts to send and receive ipmi_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ipmi_client_packets" lineno="55318">
<summary>
Relabel packets to ipmi_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ipmi_server_packets" lineno="55338">
<summary>
Send ipmi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ipmi_server_packets" lineno="55357">
<summary>
Do not audit attempts to send ipmi_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ipmi_server_packets" lineno="55376">
<summary>
Receive ipmi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ipmi_server_packets" lineno="55395">
<summary>
Do not audit attempts to receive ipmi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ipmi_server_packets" lineno="55414">
<summary>
Send and receive ipmi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ipmi_server_packets" lineno="55430">
<summary>
Do not audit attempts to send and receive ipmi_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ipmi_server_packets" lineno="55445">
<summary>
Relabel packets to ipmi_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ipp_port" lineno="55467">
<summary>
Send and receive TCP traffic on the ipp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ipp_port" lineno="55486">
<summary>
Send UDP traffic on the ipp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ipp_port" lineno="55505">
<summary>
Do not audit attempts to send UDP traffic on the ipp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ipp_port" lineno="55524">
<summary>
Receive UDP traffic on the ipp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ipp_port" lineno="55543">
<summary>
Do not audit attempts to receive UDP traffic on the ipp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ipp_port" lineno="55562">
<summary>
Send and receive UDP traffic on the ipp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ipp_port" lineno="55579">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ipp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ipp_port" lineno="55595">
<summary>
Bind TCP sockets to the ipp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ipp_port" lineno="55615">
<summary>
Bind UDP sockets to the ipp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_ipp_port" lineno="55635">
<summary>
Do not audit attempts to sbind to ipp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ipp_port" lineno="55654">
<summary>
Make a TCP connection to the ipp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_ipp_port" lineno="55671">
<summary>
Do not audit attempts to make a TCP connection to ipp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ipp_client_packets" lineno="55691">
<summary>
Send ipp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ipp_client_packets" lineno="55710">
<summary>
Do not audit attempts to send ipp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ipp_client_packets" lineno="55729">
<summary>
Receive ipp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ipp_client_packets" lineno="55748">
<summary>
Do not audit attempts to receive ipp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ipp_client_packets" lineno="55767">
<summary>
Send and receive ipp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ipp_client_packets" lineno="55783">
<summary>
Do not audit attempts to send and receive ipp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ipp_client_packets" lineno="55798">
<summary>
Relabel packets to ipp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ipp_server_packets" lineno="55818">
<summary>
Send ipp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ipp_server_packets" lineno="55837">
<summary>
Do not audit attempts to send ipp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ipp_server_packets" lineno="55856">
<summary>
Receive ipp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ipp_server_packets" lineno="55875">
<summary>
Do not audit attempts to receive ipp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ipp_server_packets" lineno="55894">
<summary>
Send and receive ipp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ipp_server_packets" lineno="55910">
<summary>
Do not audit attempts to send and receive ipp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ipp_server_packets" lineno="55925">
<summary>
Relabel packets to ipp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ipsecnat_port" lineno="55947">
<summary>
Send and receive TCP traffic on the ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ipsecnat_port" lineno="55966">
<summary>
Send UDP traffic on the ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ipsecnat_port" lineno="55985">
<summary>
Do not audit attempts to send UDP traffic on the ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ipsecnat_port" lineno="56004">
<summary>
Receive UDP traffic on the ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ipsecnat_port" lineno="56023">
<summary>
Do not audit attempts to receive UDP traffic on the ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ipsecnat_port" lineno="56042">
<summary>
Send and receive UDP traffic on the ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ipsecnat_port" lineno="56059">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ipsecnat_port" lineno="56075">
<summary>
Bind TCP sockets to the ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ipsecnat_port" lineno="56095">
<summary>
Bind UDP sockets to the ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_ipsecnat_port" lineno="56115">
<summary>
Do not audit attempts to sbind to ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ipsecnat_port" lineno="56134">
<summary>
Make a TCP connection to the ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_ipsecnat_port" lineno="56151">
<summary>
Do not audit attempts to make a TCP connection to ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ipsecnat_client_packets" lineno="56171">
<summary>
Send ipsecnat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ipsecnat_client_packets" lineno="56190">
<summary>
Do not audit attempts to send ipsecnat_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ipsecnat_client_packets" lineno="56209">
<summary>
Receive ipsecnat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ipsecnat_client_packets" lineno="56228">
<summary>
Do not audit attempts to receive ipsecnat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ipsecnat_client_packets" lineno="56247">
<summary>
Send and receive ipsecnat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ipsecnat_client_packets" lineno="56263">
<summary>
Do not audit attempts to send and receive ipsecnat_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ipsecnat_client_packets" lineno="56278">
<summary>
Relabel packets to ipsecnat_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ipsecnat_server_packets" lineno="56298">
<summary>
Send ipsecnat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ipsecnat_server_packets" lineno="56317">
<summary>
Do not audit attempts to send ipsecnat_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ipsecnat_server_packets" lineno="56336">
<summary>
Receive ipsecnat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ipsecnat_server_packets" lineno="56355">
<summary>
Do not audit attempts to receive ipsecnat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ipsecnat_server_packets" lineno="56374">
<summary>
Send and receive ipsecnat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ipsecnat_server_packets" lineno="56390">
<summary>
Do not audit attempts to send and receive ipsecnat_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ipsecnat_server_packets" lineno="56405">
<summary>
Relabel packets to ipsecnat_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ircd_port" lineno="56427">
<summary>
Send and receive TCP traffic on the ircd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ircd_port" lineno="56446">
<summary>
Send UDP traffic on the ircd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ircd_port" lineno="56465">
<summary>
Do not audit attempts to send UDP traffic on the ircd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ircd_port" lineno="56484">
<summary>
Receive UDP traffic on the ircd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ircd_port" lineno="56503">
<summary>
Do not audit attempts to receive UDP traffic on the ircd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ircd_port" lineno="56522">
<summary>
Send and receive UDP traffic on the ircd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ircd_port" lineno="56539">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ircd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ircd_port" lineno="56555">
<summary>
Bind TCP sockets to the ircd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ircd_port" lineno="56575">
<summary>
Bind UDP sockets to the ircd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_ircd_port" lineno="56595">
<summary>
Do not audit attempts to sbind to ircd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ircd_port" lineno="56614">
<summary>
Make a TCP connection to the ircd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_ircd_port" lineno="56631">
<summary>
Do not audit attempts to make a TCP connection to ircd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ircd_client_packets" lineno="56651">
<summary>
Send ircd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ircd_client_packets" lineno="56670">
<summary>
Do not audit attempts to send ircd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ircd_client_packets" lineno="56689">
<summary>
Receive ircd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ircd_client_packets" lineno="56708">
<summary>
Do not audit attempts to receive ircd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ircd_client_packets" lineno="56727">
<summary>
Send and receive ircd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ircd_client_packets" lineno="56743">
<summary>
Do not audit attempts to send and receive ircd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ircd_client_packets" lineno="56758">
<summary>
Relabel packets to ircd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ircd_server_packets" lineno="56778">
<summary>
Send ircd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ircd_server_packets" lineno="56797">
<summary>
Do not audit attempts to send ircd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ircd_server_packets" lineno="56816">
<summary>
Receive ircd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ircd_server_packets" lineno="56835">
<summary>
Do not audit attempts to receive ircd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ircd_server_packets" lineno="56854">
<summary>
Send and receive ircd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ircd_server_packets" lineno="56870">
<summary>
Do not audit attempts to send and receive ircd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ircd_server_packets" lineno="56885">
<summary>
Relabel packets to ircd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_isakmp_port" lineno="56907">
<summary>
Send and receive TCP traffic on the isakmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_isakmp_port" lineno="56926">
<summary>
Send UDP traffic on the isakmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_isakmp_port" lineno="56945">
<summary>
Do not audit attempts to send UDP traffic on the isakmp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_isakmp_port" lineno="56964">
<summary>
Receive UDP traffic on the isakmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_isakmp_port" lineno="56983">
<summary>
Do not audit attempts to receive UDP traffic on the isakmp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_isakmp_port" lineno="57002">
<summary>
Send and receive UDP traffic on the isakmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_isakmp_port" lineno="57019">
<summary>
Do not audit attempts to send and receive
UDP traffic on the isakmp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_isakmp_port" lineno="57035">
<summary>
Bind TCP sockets to the isakmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_isakmp_port" lineno="57055">
<summary>
Bind UDP sockets to the isakmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_isakmp_port" lineno="57075">
<summary>
Do not audit attempts to sbind to isakmp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_isakmp_port" lineno="57094">
<summary>
Make a TCP connection to the isakmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_isakmp_port" lineno="57111">
<summary>
Do not audit attempts to make a TCP connection to isakmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_isakmp_client_packets" lineno="57131">
<summary>
Send isakmp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_isakmp_client_packets" lineno="57150">
<summary>
Do not audit attempts to send isakmp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_isakmp_client_packets" lineno="57169">
<summary>
Receive isakmp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_isakmp_client_packets" lineno="57188">
<summary>
Do not audit attempts to receive isakmp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_isakmp_client_packets" lineno="57207">
<summary>
Send and receive isakmp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_isakmp_client_packets" lineno="57223">
<summary>
Do not audit attempts to send and receive isakmp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_isakmp_client_packets" lineno="57238">
<summary>
Relabel packets to isakmp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_isakmp_server_packets" lineno="57258">
<summary>
Send isakmp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_isakmp_server_packets" lineno="57277">
<summary>
Do not audit attempts to send isakmp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_isakmp_server_packets" lineno="57296">
<summary>
Receive isakmp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_isakmp_server_packets" lineno="57315">
<summary>
Do not audit attempts to receive isakmp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_isakmp_server_packets" lineno="57334">
<summary>
Send and receive isakmp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_isakmp_server_packets" lineno="57350">
<summary>
Do not audit attempts to send and receive isakmp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_isakmp_server_packets" lineno="57365">
<summary>
Relabel packets to isakmp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_iscsi_port" lineno="57387">
<summary>
Send and receive TCP traffic on the iscsi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_iscsi_port" lineno="57406">
<summary>
Send UDP traffic on the iscsi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_iscsi_port" lineno="57425">
<summary>
Do not audit attempts to send UDP traffic on the iscsi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_iscsi_port" lineno="57444">
<summary>
Receive UDP traffic on the iscsi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_iscsi_port" lineno="57463">
<summary>
Do not audit attempts to receive UDP traffic on the iscsi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_iscsi_port" lineno="57482">
<summary>
Send and receive UDP traffic on the iscsi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_iscsi_port" lineno="57499">
<summary>
Do not audit attempts to send and receive
UDP traffic on the iscsi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_iscsi_port" lineno="57515">
<summary>
Bind TCP sockets to the iscsi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_iscsi_port" lineno="57535">
<summary>
Bind UDP sockets to the iscsi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_iscsi_port" lineno="57555">
<summary>
Do not audit attempts to sbind to iscsi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_iscsi_port" lineno="57574">
<summary>
Make a TCP connection to the iscsi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_iscsi_port" lineno="57591">
<summary>
Do not audit attempts to make a TCP connection to iscsi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_iscsi_client_packets" lineno="57611">
<summary>
Send iscsi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_iscsi_client_packets" lineno="57630">
<summary>
Do not audit attempts to send iscsi_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_iscsi_client_packets" lineno="57649">
<summary>
Receive iscsi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_iscsi_client_packets" lineno="57668">
<summary>
Do not audit attempts to receive iscsi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_iscsi_client_packets" lineno="57687">
<summary>
Send and receive iscsi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_iscsi_client_packets" lineno="57703">
<summary>
Do not audit attempts to send and receive iscsi_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_iscsi_client_packets" lineno="57718">
<summary>
Relabel packets to iscsi_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_iscsi_server_packets" lineno="57738">
<summary>
Send iscsi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_iscsi_server_packets" lineno="57757">
<summary>
Do not audit attempts to send iscsi_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_iscsi_server_packets" lineno="57776">
<summary>
Receive iscsi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_iscsi_server_packets" lineno="57795">
<summary>
Do not audit attempts to receive iscsi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_iscsi_server_packets" lineno="57814">
<summary>
Send and receive iscsi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_iscsi_server_packets" lineno="57830">
<summary>
Do not audit attempts to send and receive iscsi_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_iscsi_server_packets" lineno="57845">
<summary>
Relabel packets to iscsi_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_isns_port" lineno="57867">
<summary>
Send and receive TCP traffic on the isns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_isns_port" lineno="57886">
<summary>
Send UDP traffic on the isns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_isns_port" lineno="57905">
<summary>
Do not audit attempts to send UDP traffic on the isns port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_isns_port" lineno="57924">
<summary>
Receive UDP traffic on the isns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_isns_port" lineno="57943">
<summary>
Do not audit attempts to receive UDP traffic on the isns port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_isns_port" lineno="57962">
<summary>
Send and receive UDP traffic on the isns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_isns_port" lineno="57979">
<summary>
Do not audit attempts to send and receive
UDP traffic on the isns port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_isns_port" lineno="57995">
<summary>
Bind TCP sockets to the isns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_isns_port" lineno="58015">
<summary>
Bind UDP sockets to the isns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_isns_port" lineno="58035">
<summary>
Do not audit attempts to sbind to isns port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_isns_port" lineno="58054">
<summary>
Make a TCP connection to the isns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_isns_port" lineno="58071">
<summary>
Do not audit attempts to make a TCP connection to isns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_isns_client_packets" lineno="58091">
<summary>
Send isns_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_isns_client_packets" lineno="58110">
<summary>
Do not audit attempts to send isns_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_isns_client_packets" lineno="58129">
<summary>
Receive isns_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_isns_client_packets" lineno="58148">
<summary>
Do not audit attempts to receive isns_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_isns_client_packets" lineno="58167">
<summary>
Send and receive isns_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_isns_client_packets" lineno="58183">
<summary>
Do not audit attempts to send and receive isns_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_isns_client_packets" lineno="58198">
<summary>
Relabel packets to isns_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_isns_server_packets" lineno="58218">
<summary>
Send isns_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_isns_server_packets" lineno="58237">
<summary>
Do not audit attempts to send isns_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_isns_server_packets" lineno="58256">
<summary>
Receive isns_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_isns_server_packets" lineno="58275">
<summary>
Do not audit attempts to receive isns_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_isns_server_packets" lineno="58294">
<summary>
Send and receive isns_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_isns_server_packets" lineno="58310">
<summary>
Do not audit attempts to send and receive isns_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_isns_server_packets" lineno="58325">
<summary>
Relabel packets to isns_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_jabber_client_port" lineno="58347">
<summary>
Send and receive TCP traffic on the jabber_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_jabber_client_port" lineno="58366">
<summary>
Send UDP traffic on the jabber_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_jabber_client_port" lineno="58385">
<summary>
Do not audit attempts to send UDP traffic on the jabber_client port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_jabber_client_port" lineno="58404">
<summary>
Receive UDP traffic on the jabber_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_jabber_client_port" lineno="58423">
<summary>
Do not audit attempts to receive UDP traffic on the jabber_client port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_jabber_client_port" lineno="58442">
<summary>
Send and receive UDP traffic on the jabber_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_jabber_client_port" lineno="58459">
<summary>
Do not audit attempts to send and receive
UDP traffic on the jabber_client port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_jabber_client_port" lineno="58475">
<summary>
Bind TCP sockets to the jabber_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_jabber_client_port" lineno="58495">
<summary>
Bind UDP sockets to the jabber_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_jabber_client_port" lineno="58515">
<summary>
Do not audit attempts to sbind to jabber_client port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_jabber_client_port" lineno="58534">
<summary>
Make a TCP connection to the jabber_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_jabber_client_port" lineno="58551">
<summary>
Do not audit attempts to make a TCP connection to jabber_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jabber_client_client_packets" lineno="58571">
<summary>
Send jabber_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jabber_client_client_packets" lineno="58590">
<summary>
Do not audit attempts to send jabber_client_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jabber_client_client_packets" lineno="58609">
<summary>
Receive jabber_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jabber_client_client_packets" lineno="58628">
<summary>
Do not audit attempts to receive jabber_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jabber_client_client_packets" lineno="58647">
<summary>
Send and receive jabber_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jabber_client_client_packets" lineno="58663">
<summary>
Do not audit attempts to send and receive jabber_client_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jabber_client_client_packets" lineno="58678">
<summary>
Relabel packets to jabber_client_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jabber_client_server_packets" lineno="58698">
<summary>
Send jabber_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jabber_client_server_packets" lineno="58717">
<summary>
Do not audit attempts to send jabber_client_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jabber_client_server_packets" lineno="58736">
<summary>
Receive jabber_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jabber_client_server_packets" lineno="58755">
<summary>
Do not audit attempts to receive jabber_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jabber_client_server_packets" lineno="58774">
<summary>
Send and receive jabber_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jabber_client_server_packets" lineno="58790">
<summary>
Do not audit attempts to send and receive jabber_client_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jabber_client_server_packets" lineno="58805">
<summary>
Relabel packets to jabber_client_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_jabber_interserver_port" lineno="58827">
<summary>
Send and receive TCP traffic on the jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_jabber_interserver_port" lineno="58846">
<summary>
Send UDP traffic on the jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_jabber_interserver_port" lineno="58865">
<summary>
Do not audit attempts to send UDP traffic on the jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_jabber_interserver_port" lineno="58884">
<summary>
Receive UDP traffic on the jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_jabber_interserver_port" lineno="58903">
<summary>
Do not audit attempts to receive UDP traffic on the jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_jabber_interserver_port" lineno="58922">
<summary>
Send and receive UDP traffic on the jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_jabber_interserver_port" lineno="58939">
<summary>
Do not audit attempts to send and receive
UDP traffic on the jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_jabber_interserver_port" lineno="58955">
<summary>
Bind TCP sockets to the jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_jabber_interserver_port" lineno="58975">
<summary>
Bind UDP sockets to the jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_jabber_interserver_port" lineno="58995">
<summary>
Do not audit attempts to sbind to jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_jabber_interserver_port" lineno="59014">
<summary>
Make a TCP connection to the jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_jabber_interserver_port" lineno="59031">
<summary>
Do not audit attempts to make a TCP connection to jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jabber_interserver_client_packets" lineno="59051">
<summary>
Send jabber_interserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jabber_interserver_client_packets" lineno="59070">
<summary>
Do not audit attempts to send jabber_interserver_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jabber_interserver_client_packets" lineno="59089">
<summary>
Receive jabber_interserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jabber_interserver_client_packets" lineno="59108">
<summary>
Do not audit attempts to receive jabber_interserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jabber_interserver_client_packets" lineno="59127">
<summary>
Send and receive jabber_interserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jabber_interserver_client_packets" lineno="59143">
<summary>
Do not audit attempts to send and receive jabber_interserver_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jabber_interserver_client_packets" lineno="59158">
<summary>
Relabel packets to jabber_interserver_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jabber_interserver_server_packets" lineno="59178">
<summary>
Send jabber_interserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jabber_interserver_server_packets" lineno="59197">
<summary>
Do not audit attempts to send jabber_interserver_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jabber_interserver_server_packets" lineno="59216">
<summary>
Receive jabber_interserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jabber_interserver_server_packets" lineno="59235">
<summary>
Do not audit attempts to receive jabber_interserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jabber_interserver_server_packets" lineno="59254">
<summary>
Send and receive jabber_interserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jabber_interserver_server_packets" lineno="59270">
<summary>
Do not audit attempts to send and receive jabber_interserver_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jabber_interserver_server_packets" lineno="59285">
<summary>
Relabel packets to jabber_interserver_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_jabber_router_port" lineno="59307">
<summary>
Send and receive TCP traffic on the jabber_router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_jabber_router_port" lineno="59326">
<summary>
Send UDP traffic on the jabber_router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_jabber_router_port" lineno="59345">
<summary>
Do not audit attempts to send UDP traffic on the jabber_router port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_jabber_router_port" lineno="59364">
<summary>
Receive UDP traffic on the jabber_router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_jabber_router_port" lineno="59383">
<summary>
Do not audit attempts to receive UDP traffic on the jabber_router port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_jabber_router_port" lineno="59402">
<summary>
Send and receive UDP traffic on the jabber_router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_jabber_router_port" lineno="59419">
<summary>
Do not audit attempts to send and receive
UDP traffic on the jabber_router port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_jabber_router_port" lineno="59435">
<summary>
Bind TCP sockets to the jabber_router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_jabber_router_port" lineno="59455">
<summary>
Bind UDP sockets to the jabber_router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_jabber_router_port" lineno="59475">
<summary>
Do not audit attempts to sbind to jabber_router port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_jabber_router_port" lineno="59494">
<summary>
Make a TCP connection to the jabber_router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_jabber_router_port" lineno="59511">
<summary>
Do not audit attempts to make a TCP connection to jabber_router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jabber_router_client_packets" lineno="59531">
<summary>
Send jabber_router_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jabber_router_client_packets" lineno="59550">
<summary>
Do not audit attempts to send jabber_router_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jabber_router_client_packets" lineno="59569">
<summary>
Receive jabber_router_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jabber_router_client_packets" lineno="59588">
<summary>
Do not audit attempts to receive jabber_router_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jabber_router_client_packets" lineno="59607">
<summary>
Send and receive jabber_router_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jabber_router_client_packets" lineno="59623">
<summary>
Do not audit attempts to send and receive jabber_router_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jabber_router_client_packets" lineno="59638">
<summary>
Relabel packets to jabber_router_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jabber_router_server_packets" lineno="59658">
<summary>
Send jabber_router_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jabber_router_server_packets" lineno="59677">
<summary>
Do not audit attempts to send jabber_router_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jabber_router_server_packets" lineno="59696">
<summary>
Receive jabber_router_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jabber_router_server_packets" lineno="59715">
<summary>
Do not audit attempts to receive jabber_router_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jabber_router_server_packets" lineno="59734">
<summary>
Send and receive jabber_router_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jabber_router_server_packets" lineno="59750">
<summary>
Do not audit attempts to send and receive jabber_router_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jabber_router_server_packets" lineno="59765">
<summary>
Relabel packets to jabber_router_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_jacorb_port" lineno="59787">
<summary>
Send and receive TCP traffic on the jacorb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_jacorb_port" lineno="59806">
<summary>
Send UDP traffic on the jacorb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_jacorb_port" lineno="59825">
<summary>
Do not audit attempts to send UDP traffic on the jacorb port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_jacorb_port" lineno="59844">
<summary>
Receive UDP traffic on the jacorb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_jacorb_port" lineno="59863">
<summary>
Do not audit attempts to receive UDP traffic on the jacorb port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_jacorb_port" lineno="59882">
<summary>
Send and receive UDP traffic on the jacorb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_jacorb_port" lineno="59899">
<summary>
Do not audit attempts to send and receive
UDP traffic on the jacorb port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_jacorb_port" lineno="59915">
<summary>
Bind TCP sockets to the jacorb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_jacorb_port" lineno="59935">
<summary>
Bind UDP sockets to the jacorb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_jacorb_port" lineno="59955">
<summary>
Do not audit attempts to sbind to jacorb port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_jacorb_port" lineno="59974">
<summary>
Make a TCP connection to the jacorb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_jacorb_port" lineno="59991">
<summary>
Do not audit attempts to make a TCP connection to jacorb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jacorb_client_packets" lineno="60011">
<summary>
Send jacorb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jacorb_client_packets" lineno="60030">
<summary>
Do not audit attempts to send jacorb_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jacorb_client_packets" lineno="60049">
<summary>
Receive jacorb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jacorb_client_packets" lineno="60068">
<summary>
Do not audit attempts to receive jacorb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jacorb_client_packets" lineno="60087">
<summary>
Send and receive jacorb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jacorb_client_packets" lineno="60103">
<summary>
Do not audit attempts to send and receive jacorb_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jacorb_client_packets" lineno="60118">
<summary>
Relabel packets to jacorb_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jacorb_server_packets" lineno="60138">
<summary>
Send jacorb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jacorb_server_packets" lineno="60157">
<summary>
Do not audit attempts to send jacorb_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jacorb_server_packets" lineno="60176">
<summary>
Receive jacorb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jacorb_server_packets" lineno="60195">
<summary>
Do not audit attempts to receive jacorb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jacorb_server_packets" lineno="60214">
<summary>
Send and receive jacorb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jacorb_server_packets" lineno="60230">
<summary>
Do not audit attempts to send and receive jacorb_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jacorb_server_packets" lineno="60245">
<summary>
Relabel packets to jacorb_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_jboss_debug_port" lineno="60267">
<summary>
Send and receive TCP traffic on the jboss_debug port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_jboss_debug_port" lineno="60286">
<summary>
Send UDP traffic on the jboss_debug port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_jboss_debug_port" lineno="60305">
<summary>
Do not audit attempts to send UDP traffic on the jboss_debug port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_jboss_debug_port" lineno="60324">
<summary>
Receive UDP traffic on the jboss_debug port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_jboss_debug_port" lineno="60343">
<summary>
Do not audit attempts to receive UDP traffic on the jboss_debug port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_jboss_debug_port" lineno="60362">
<summary>
Send and receive UDP traffic on the jboss_debug port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_jboss_debug_port" lineno="60379">
<summary>
Do not audit attempts to send and receive
UDP traffic on the jboss_debug port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_jboss_debug_port" lineno="60395">
<summary>
Bind TCP sockets to the jboss_debug port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_jboss_debug_port" lineno="60415">
<summary>
Bind UDP sockets to the jboss_debug port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_jboss_debug_port" lineno="60435">
<summary>
Do not audit attempts to sbind to jboss_debug port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_jboss_debug_port" lineno="60454">
<summary>
Make a TCP connection to the jboss_debug port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_jboss_debug_port" lineno="60471">
<summary>
Do not audit attempts to make a TCP connection to jboss_debug port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jboss_debug_client_packets" lineno="60491">
<summary>
Send jboss_debug_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jboss_debug_client_packets" lineno="60510">
<summary>
Do not audit attempts to send jboss_debug_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jboss_debug_client_packets" lineno="60529">
<summary>
Receive jboss_debug_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jboss_debug_client_packets" lineno="60548">
<summary>
Do not audit attempts to receive jboss_debug_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jboss_debug_client_packets" lineno="60567">
<summary>
Send and receive jboss_debug_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jboss_debug_client_packets" lineno="60583">
<summary>
Do not audit attempts to send and receive jboss_debug_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jboss_debug_client_packets" lineno="60598">
<summary>
Relabel packets to jboss_debug_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jboss_debug_server_packets" lineno="60618">
<summary>
Send jboss_debug_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jboss_debug_server_packets" lineno="60637">
<summary>
Do not audit attempts to send jboss_debug_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jboss_debug_server_packets" lineno="60656">
<summary>
Receive jboss_debug_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jboss_debug_server_packets" lineno="60675">
<summary>
Do not audit attempts to receive jboss_debug_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jboss_debug_server_packets" lineno="60694">
<summary>
Send and receive jboss_debug_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jboss_debug_server_packets" lineno="60710">
<summary>
Do not audit attempts to send and receive jboss_debug_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jboss_debug_server_packets" lineno="60725">
<summary>
Relabel packets to jboss_debug_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_jboss_messaging_port" lineno="60747">
<summary>
Send and receive TCP traffic on the jboss_messaging port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_jboss_messaging_port" lineno="60766">
<summary>
Send UDP traffic on the jboss_messaging port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_jboss_messaging_port" lineno="60785">
<summary>
Do not audit attempts to send UDP traffic on the jboss_messaging port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_jboss_messaging_port" lineno="60804">
<summary>
Receive UDP traffic on the jboss_messaging port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_jboss_messaging_port" lineno="60823">
<summary>
Do not audit attempts to receive UDP traffic on the jboss_messaging port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_jboss_messaging_port" lineno="60842">
<summary>
Send and receive UDP traffic on the jboss_messaging port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_jboss_messaging_port" lineno="60859">
<summary>
Do not audit attempts to send and receive
UDP traffic on the jboss_messaging port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_jboss_messaging_port" lineno="60875">
<summary>
Bind TCP sockets to the jboss_messaging port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_jboss_messaging_port" lineno="60895">
<summary>
Bind UDP sockets to the jboss_messaging port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_jboss_messaging_port" lineno="60915">
<summary>
Do not audit attempts to sbind to jboss_messaging port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_jboss_messaging_port" lineno="60934">
<summary>
Make a TCP connection to the jboss_messaging port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_jboss_messaging_port" lineno="60951">
<summary>
Do not audit attempts to make a TCP connection to jboss_messaging port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jboss_messaging_client_packets" lineno="60971">
<summary>
Send jboss_messaging_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jboss_messaging_client_packets" lineno="60990">
<summary>
Do not audit attempts to send jboss_messaging_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jboss_messaging_client_packets" lineno="61009">
<summary>
Receive jboss_messaging_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jboss_messaging_client_packets" lineno="61028">
<summary>
Do not audit attempts to receive jboss_messaging_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jboss_messaging_client_packets" lineno="61047">
<summary>
Send and receive jboss_messaging_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jboss_messaging_client_packets" lineno="61063">
<summary>
Do not audit attempts to send and receive jboss_messaging_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jboss_messaging_client_packets" lineno="61078">
<summary>
Relabel packets to jboss_messaging_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jboss_messaging_server_packets" lineno="61098">
<summary>
Send jboss_messaging_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jboss_messaging_server_packets" lineno="61117">
<summary>
Do not audit attempts to send jboss_messaging_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jboss_messaging_server_packets" lineno="61136">
<summary>
Receive jboss_messaging_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jboss_messaging_server_packets" lineno="61155">
<summary>
Do not audit attempts to receive jboss_messaging_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jboss_messaging_server_packets" lineno="61174">
<summary>
Send and receive jboss_messaging_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jboss_messaging_server_packets" lineno="61190">
<summary>
Do not audit attempts to send and receive jboss_messaging_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jboss_messaging_server_packets" lineno="61205">
<summary>
Relabel packets to jboss_messaging_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_jboss_management_port" lineno="61227">
<summary>
Send and receive TCP traffic on the jboss_management port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_jboss_management_port" lineno="61246">
<summary>
Send UDP traffic on the jboss_management port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_jboss_management_port" lineno="61265">
<summary>
Do not audit attempts to send UDP traffic on the jboss_management port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_jboss_management_port" lineno="61284">
<summary>
Receive UDP traffic on the jboss_management port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_jboss_management_port" lineno="61303">
<summary>
Do not audit attempts to receive UDP traffic on the jboss_management port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_jboss_management_port" lineno="61322">
<summary>
Send and receive UDP traffic on the jboss_management port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_jboss_management_port" lineno="61339">
<summary>
Do not audit attempts to send and receive
UDP traffic on the jboss_management port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_jboss_management_port" lineno="61355">
<summary>
Bind TCP sockets to the jboss_management port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_jboss_management_port" lineno="61375">
<summary>
Bind UDP sockets to the jboss_management port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_jboss_management_port" lineno="61395">
<summary>
Do not audit attempts to sbind to jboss_management port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_jboss_management_port" lineno="61414">
<summary>
Make a TCP connection to the jboss_management port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_jboss_management_port" lineno="61431">
<summary>
Do not audit attempts to make a TCP connection to jboss_management port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jboss_management_client_packets" lineno="61451">
<summary>
Send jboss_management_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jboss_management_client_packets" lineno="61470">
<summary>
Do not audit attempts to send jboss_management_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jboss_management_client_packets" lineno="61489">
<summary>
Receive jboss_management_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jboss_management_client_packets" lineno="61508">
<summary>
Do not audit attempts to receive jboss_management_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jboss_management_client_packets" lineno="61527">
<summary>
Send and receive jboss_management_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jboss_management_client_packets" lineno="61543">
<summary>
Do not audit attempts to send and receive jboss_management_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jboss_management_client_packets" lineno="61558">
<summary>
Relabel packets to jboss_management_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jboss_management_server_packets" lineno="61578">
<summary>
Send jboss_management_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jboss_management_server_packets" lineno="61597">
<summary>
Do not audit attempts to send jboss_management_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jboss_management_server_packets" lineno="61616">
<summary>
Receive jboss_management_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jboss_management_server_packets" lineno="61635">
<summary>
Do not audit attempts to receive jboss_management_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jboss_management_server_packets" lineno="61654">
<summary>
Send and receive jboss_management_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jboss_management_server_packets" lineno="61670">
<summary>
Do not audit attempts to send and receive jboss_management_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jboss_management_server_packets" lineno="61685">
<summary>
Relabel packets to jboss_management_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_journal_remote_port" lineno="61707">
<summary>
Send and receive TCP traffic on the journal_remote port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_journal_remote_port" lineno="61726">
<summary>
Send UDP traffic on the journal_remote port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_journal_remote_port" lineno="61745">
<summary>
Do not audit attempts to send UDP traffic on the journal_remote port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_journal_remote_port" lineno="61764">
<summary>
Receive UDP traffic on the journal_remote port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_journal_remote_port" lineno="61783">
<summary>
Do not audit attempts to receive UDP traffic on the journal_remote port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_journal_remote_port" lineno="61802">
<summary>
Send and receive UDP traffic on the journal_remote port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_journal_remote_port" lineno="61819">
<summary>
Do not audit attempts to send and receive
UDP traffic on the journal_remote port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_journal_remote_port" lineno="61835">
<summary>
Bind TCP sockets to the journal_remote port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_journal_remote_port" lineno="61855">
<summary>
Bind UDP sockets to the journal_remote port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_journal_remote_port" lineno="61875">
<summary>
Do not audit attempts to sbind to journal_remote port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_journal_remote_port" lineno="61894">
<summary>
Make a TCP connection to the journal_remote port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_journal_remote_port" lineno="61911">
<summary>
Do not audit attempts to make a TCP connection to journal_remote port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_journal_remote_client_packets" lineno="61931">
<summary>
Send journal_remote_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_journal_remote_client_packets" lineno="61950">
<summary>
Do not audit attempts to send journal_remote_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_journal_remote_client_packets" lineno="61969">
<summary>
Receive journal_remote_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_journal_remote_client_packets" lineno="61988">
<summary>
Do not audit attempts to receive journal_remote_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_journal_remote_client_packets" lineno="62007">
<summary>
Send and receive journal_remote_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_journal_remote_client_packets" lineno="62023">
<summary>
Do not audit attempts to send and receive journal_remote_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_journal_remote_client_packets" lineno="62038">
<summary>
Relabel packets to journal_remote_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_journal_remote_server_packets" lineno="62058">
<summary>
Send journal_remote_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_journal_remote_server_packets" lineno="62077">
<summary>
Do not audit attempts to send journal_remote_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_journal_remote_server_packets" lineno="62096">
<summary>
Receive journal_remote_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_journal_remote_server_packets" lineno="62115">
<summary>
Do not audit attempts to receive journal_remote_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_journal_remote_server_packets" lineno="62134">
<summary>
Send and receive journal_remote_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_journal_remote_server_packets" lineno="62150">
<summary>
Do not audit attempts to send and receive journal_remote_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_journal_remote_server_packets" lineno="62165">
<summary>
Relabel packets to journal_remote_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_kerberos_port" lineno="62187">
<summary>
Send and receive TCP traffic on the kerberos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_kerberos_port" lineno="62206">
<summary>
Send UDP traffic on the kerberos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_kerberos_port" lineno="62225">
<summary>
Do not audit attempts to send UDP traffic on the kerberos port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_kerberos_port" lineno="62244">
<summary>
Receive UDP traffic on the kerberos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_kerberos_port" lineno="62263">
<summary>
Do not audit attempts to receive UDP traffic on the kerberos port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_kerberos_port" lineno="62282">
<summary>
Send and receive UDP traffic on the kerberos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_kerberos_port" lineno="62299">
<summary>
Do not audit attempts to send and receive
UDP traffic on the kerberos port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_kerberos_port" lineno="62315">
<summary>
Bind TCP sockets to the kerberos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_kerberos_port" lineno="62335">
<summary>
Bind UDP sockets to the kerberos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_kerberos_port" lineno="62355">
<summary>
Do not audit attempts to sbind to kerberos port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_kerberos_port" lineno="62374">
<summary>
Make a TCP connection to the kerberos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_kerberos_port" lineno="62391">
<summary>
Do not audit attempts to make a TCP connection to kerberos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kerberos_client_packets" lineno="62411">
<summary>
Send kerberos_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kerberos_client_packets" lineno="62430">
<summary>
Do not audit attempts to send kerberos_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kerberos_client_packets" lineno="62449">
<summary>
Receive kerberos_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kerberos_client_packets" lineno="62468">
<summary>
Do not audit attempts to receive kerberos_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kerberos_client_packets" lineno="62487">
<summary>
Send and receive kerberos_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kerberos_client_packets" lineno="62503">
<summary>
Do not audit attempts to send and receive kerberos_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kerberos_client_packets" lineno="62518">
<summary>
Relabel packets to kerberos_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kerberos_server_packets" lineno="62538">
<summary>
Send kerberos_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kerberos_server_packets" lineno="62557">
<summary>
Do not audit attempts to send kerberos_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kerberos_server_packets" lineno="62576">
<summary>
Receive kerberos_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kerberos_server_packets" lineno="62595">
<summary>
Do not audit attempts to receive kerberos_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kerberos_server_packets" lineno="62614">
<summary>
Send and receive kerberos_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kerberos_server_packets" lineno="62630">
<summary>
Do not audit attempts to send and receive kerberos_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kerberos_server_packets" lineno="62645">
<summary>
Relabel packets to kerberos_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_kerberos_admin_port" lineno="62667">
<summary>
Send and receive TCP traffic on the kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_kerberos_admin_port" lineno="62686">
<summary>
Send UDP traffic on the kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_kerberos_admin_port" lineno="62705">
<summary>
Do not audit attempts to send UDP traffic on the kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_kerberos_admin_port" lineno="62724">
<summary>
Receive UDP traffic on the kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_kerberos_admin_port" lineno="62743">
<summary>
Do not audit attempts to receive UDP traffic on the kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_kerberos_admin_port" lineno="62762">
<summary>
Send and receive UDP traffic on the kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_kerberos_admin_port" lineno="62779">
<summary>
Do not audit attempts to send and receive
UDP traffic on the kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_kerberos_admin_port" lineno="62795">
<summary>
Bind TCP sockets to the kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_kerberos_admin_port" lineno="62815">
<summary>
Bind UDP sockets to the kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_kerberos_admin_port" lineno="62835">
<summary>
Do not audit attempts to sbind to kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_kerberos_admin_port" lineno="62854">
<summary>
Make a TCP connection to the kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_kerberos_admin_port" lineno="62871">
<summary>
Do not audit attempts to make a TCP connection to kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kerberos_admin_client_packets" lineno="62891">
<summary>
Send kerberos_admin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kerberos_admin_client_packets" lineno="62910">
<summary>
Do not audit attempts to send kerberos_admin_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kerberos_admin_client_packets" lineno="62929">
<summary>
Receive kerberos_admin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kerberos_admin_client_packets" lineno="62948">
<summary>
Do not audit attempts to receive kerberos_admin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kerberos_admin_client_packets" lineno="62967">
<summary>
Send and receive kerberos_admin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kerberos_admin_client_packets" lineno="62983">
<summary>
Do not audit attempts to send and receive kerberos_admin_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kerberos_admin_client_packets" lineno="62998">
<summary>
Relabel packets to kerberos_admin_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kerberos_admin_server_packets" lineno="63018">
<summary>
Send kerberos_admin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kerberos_admin_server_packets" lineno="63037">
<summary>
Do not audit attempts to send kerberos_admin_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kerberos_admin_server_packets" lineno="63056">
<summary>
Receive kerberos_admin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kerberos_admin_server_packets" lineno="63075">
<summary>
Do not audit attempts to receive kerberos_admin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kerberos_admin_server_packets" lineno="63094">
<summary>
Send and receive kerberos_admin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kerberos_admin_server_packets" lineno="63110">
<summary>
Do not audit attempts to send and receive kerberos_admin_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kerberos_admin_server_packets" lineno="63125">
<summary>
Relabel packets to kerberos_admin_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_kerberos_password_port" lineno="63147">
<summary>
Send and receive TCP traffic on the kerberos_password port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_kerberos_password_port" lineno="63166">
<summary>
Send UDP traffic on the kerberos_password port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_kerberos_password_port" lineno="63185">
<summary>
Do not audit attempts to send UDP traffic on the kerberos_password port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_kerberos_password_port" lineno="63204">
<summary>
Receive UDP traffic on the kerberos_password port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_kerberos_password_port" lineno="63223">
<summary>
Do not audit attempts to receive UDP traffic on the kerberos_password port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_kerberos_password_port" lineno="63242">
<summary>
Send and receive UDP traffic on the kerberos_password port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_kerberos_password_port" lineno="63259">
<summary>
Do not audit attempts to send and receive
UDP traffic on the kerberos_password port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_kerberos_password_port" lineno="63275">
<summary>
Bind TCP sockets to the kerberos_password port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_kerberos_password_port" lineno="63295">
<summary>
Bind UDP sockets to the kerberos_password port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_kerberos_password_port" lineno="63315">
<summary>
Do not audit attempts to sbind to kerberos_password port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_kerberos_password_port" lineno="63334">
<summary>
Make a TCP connection to the kerberos_password port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_kerberos_password_port" lineno="63351">
<summary>
Do not audit attempts to make a TCP connection to kerberos_password port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kerberos_password_client_packets" lineno="63371">
<summary>
Send kerberos_password_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kerberos_password_client_packets" lineno="63390">
<summary>
Do not audit attempts to send kerberos_password_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kerberos_password_client_packets" lineno="63409">
<summary>
Receive kerberos_password_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kerberos_password_client_packets" lineno="63428">
<summary>
Do not audit attempts to receive kerberos_password_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kerberos_password_client_packets" lineno="63447">
<summary>
Send and receive kerberos_password_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kerberos_password_client_packets" lineno="63463">
<summary>
Do not audit attempts to send and receive kerberos_password_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kerberos_password_client_packets" lineno="63478">
<summary>
Relabel packets to kerberos_password_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kerberos_password_server_packets" lineno="63498">
<summary>
Send kerberos_password_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kerberos_password_server_packets" lineno="63517">
<summary>
Do not audit attempts to send kerberos_password_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kerberos_password_server_packets" lineno="63536">
<summary>
Receive kerberos_password_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kerberos_password_server_packets" lineno="63555">
<summary>
Do not audit attempts to receive kerberos_password_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kerberos_password_server_packets" lineno="63574">
<summary>
Send and receive kerberos_password_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kerberos_password_server_packets" lineno="63590">
<summary>
Do not audit attempts to send and receive kerberos_password_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kerberos_password_server_packets" lineno="63605">
<summary>
Relabel packets to kerberos_password_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_keylime_port" lineno="63627">
<summary>
Send and receive TCP traffic on the keylime port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_keylime_port" lineno="63646">
<summary>
Send UDP traffic on the keylime port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_keylime_port" lineno="63665">
<summary>
Do not audit attempts to send UDP traffic on the keylime port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_keylime_port" lineno="63684">
<summary>
Receive UDP traffic on the keylime port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_keylime_port" lineno="63703">
<summary>
Do not audit attempts to receive UDP traffic on the keylime port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_keylime_port" lineno="63722">
<summary>
Send and receive UDP traffic on the keylime port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_keylime_port" lineno="63739">
<summary>
Do not audit attempts to send and receive
UDP traffic on the keylime port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_keylime_port" lineno="63755">
<summary>
Bind TCP sockets to the keylime port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_keylime_port" lineno="63775">
<summary>
Bind UDP sockets to the keylime port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_keylime_port" lineno="63795">
<summary>
Do not audit attempts to sbind to keylime port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_keylime_port" lineno="63814">
<summary>
Make a TCP connection to the keylime port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_keylime_port" lineno="63831">
<summary>
Do not audit attempts to make a TCP connection to keylime port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_keylime_client_packets" lineno="63851">
<summary>
Send keylime_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_keylime_client_packets" lineno="63870">
<summary>
Do not audit attempts to send keylime_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_keylime_client_packets" lineno="63889">
<summary>
Receive keylime_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_keylime_client_packets" lineno="63908">
<summary>
Do not audit attempts to receive keylime_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_keylime_client_packets" lineno="63927">
<summary>
Send and receive keylime_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_keylime_client_packets" lineno="63943">
<summary>
Do not audit attempts to send and receive keylime_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_keylime_client_packets" lineno="63958">
<summary>
Relabel packets to keylime_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_keylime_server_packets" lineno="63978">
<summary>
Send keylime_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_keylime_server_packets" lineno="63997">
<summary>
Do not audit attempts to send keylime_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_keylime_server_packets" lineno="64016">
<summary>
Receive keylime_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_keylime_server_packets" lineno="64035">
<summary>
Do not audit attempts to receive keylime_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_keylime_server_packets" lineno="64054">
<summary>
Send and receive keylime_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_keylime_server_packets" lineno="64070">
<summary>
Do not audit attempts to send and receive keylime_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_keylime_server_packets" lineno="64085">
<summary>
Relabel packets to keylime_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_keystone_port" lineno="64107">
<summary>
Send and receive TCP traffic on the keystone port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_keystone_port" lineno="64126">
<summary>
Send UDP traffic on the keystone port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_keystone_port" lineno="64145">
<summary>
Do not audit attempts to send UDP traffic on the keystone port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_keystone_port" lineno="64164">
<summary>
Receive UDP traffic on the keystone port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_keystone_port" lineno="64183">
<summary>
Do not audit attempts to receive UDP traffic on the keystone port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_keystone_port" lineno="64202">
<summary>
Send and receive UDP traffic on the keystone port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_keystone_port" lineno="64219">
<summary>
Do not audit attempts to send and receive
UDP traffic on the keystone port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_keystone_port" lineno="64235">
<summary>
Bind TCP sockets to the keystone port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_keystone_port" lineno="64255">
<summary>
Bind UDP sockets to the keystone port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_keystone_port" lineno="64275">
<summary>
Do not audit attempts to sbind to keystone port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_keystone_port" lineno="64294">
<summary>
Make a TCP connection to the keystone port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_keystone_port" lineno="64311">
<summary>
Do not audit attempts to make a TCP connection to keystone port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_keystone_client_packets" lineno="64331">
<summary>
Send keystone_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_keystone_client_packets" lineno="64350">
<summary>
Do not audit attempts to send keystone_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_keystone_client_packets" lineno="64369">
<summary>
Receive keystone_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_keystone_client_packets" lineno="64388">
<summary>
Do not audit attempts to receive keystone_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_keystone_client_packets" lineno="64407">
<summary>
Send and receive keystone_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_keystone_client_packets" lineno="64423">
<summary>
Do not audit attempts to send and receive keystone_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_keystone_client_packets" lineno="64438">
<summary>
Relabel packets to keystone_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_keystone_server_packets" lineno="64458">
<summary>
Send keystone_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_keystone_server_packets" lineno="64477">
<summary>
Do not audit attempts to send keystone_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_keystone_server_packets" lineno="64496">
<summary>
Receive keystone_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_keystone_server_packets" lineno="64515">
<summary>
Do not audit attempts to receive keystone_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_keystone_server_packets" lineno="64534">
<summary>
Send and receive keystone_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_keystone_server_packets" lineno="64550">
<summary>
Do not audit attempts to send and receive keystone_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_keystone_server_packets" lineno="64565">
<summary>
Relabel packets to keystone_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_kubernetes_port" lineno="64587">
<summary>
Send and receive TCP traffic on the kubernetes port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_kubernetes_port" lineno="64606">
<summary>
Send UDP traffic on the kubernetes port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_kubernetes_port" lineno="64625">
<summary>
Do not audit attempts to send UDP traffic on the kubernetes port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_kubernetes_port" lineno="64644">
<summary>
Receive UDP traffic on the kubernetes port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_kubernetes_port" lineno="64663">
<summary>
Do not audit attempts to receive UDP traffic on the kubernetes port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_kubernetes_port" lineno="64682">
<summary>
Send and receive UDP traffic on the kubernetes port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_kubernetes_port" lineno="64699">
<summary>
Do not audit attempts to send and receive
UDP traffic on the kubernetes port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_kubernetes_port" lineno="64715">
<summary>
Bind TCP sockets to the kubernetes port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_kubernetes_port" lineno="64735">
<summary>
Bind UDP sockets to the kubernetes port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_kubernetes_port" lineno="64755">
<summary>
Do not audit attempts to sbind to kubernetes port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_kubernetes_port" lineno="64774">
<summary>
Make a TCP connection to the kubernetes port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_kubernetes_port" lineno="64791">
<summary>
Do not audit attempts to make a TCP connection to kubernetes port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kubernetes_client_packets" lineno="64811">
<summary>
Send kubernetes_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kubernetes_client_packets" lineno="64830">
<summary>
Do not audit attempts to send kubernetes_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kubernetes_client_packets" lineno="64849">
<summary>
Receive kubernetes_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kubernetes_client_packets" lineno="64868">
<summary>
Do not audit attempts to receive kubernetes_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kubernetes_client_packets" lineno="64887">
<summary>
Send and receive kubernetes_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kubernetes_client_packets" lineno="64903">
<summary>
Do not audit attempts to send and receive kubernetes_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kubernetes_client_packets" lineno="64918">
<summary>
Relabel packets to kubernetes_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kubernetes_server_packets" lineno="64938">
<summary>
Send kubernetes_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kubernetes_server_packets" lineno="64957">
<summary>
Do not audit attempts to send kubernetes_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kubernetes_server_packets" lineno="64976">
<summary>
Receive kubernetes_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kubernetes_server_packets" lineno="64995">
<summary>
Do not audit attempts to receive kubernetes_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kubernetes_server_packets" lineno="65014">
<summary>
Send and receive kubernetes_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kubernetes_server_packets" lineno="65030">
<summary>
Do not audit attempts to send and receive kubernetes_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kubernetes_server_packets" lineno="65045">
<summary>
Relabel packets to kubernetes_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_lltng_port" lineno="65067">
<summary>
Send and receive TCP traffic on the lltng port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_lltng_port" lineno="65086">
<summary>
Send UDP traffic on the lltng port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_lltng_port" lineno="65105">
<summary>
Do not audit attempts to send UDP traffic on the lltng port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_lltng_port" lineno="65124">
<summary>
Receive UDP traffic on the lltng port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_lltng_port" lineno="65143">
<summary>
Do not audit attempts to receive UDP traffic on the lltng port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_lltng_port" lineno="65162">
<summary>
Send and receive UDP traffic on the lltng port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_lltng_port" lineno="65179">
<summary>
Do not audit attempts to send and receive
UDP traffic on the lltng port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_lltng_port" lineno="65195">
<summary>
Bind TCP sockets to the lltng port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_lltng_port" lineno="65215">
<summary>
Bind UDP sockets to the lltng port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_lltng_port" lineno="65235">
<summary>
Do not audit attempts to sbind to lltng port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_lltng_port" lineno="65254">
<summary>
Make a TCP connection to the lltng port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_lltng_port" lineno="65271">
<summary>
Do not audit attempts to make a TCP connection to lltng port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_lltng_client_packets" lineno="65291">
<summary>
Send lltng_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_lltng_client_packets" lineno="65310">
<summary>
Do not audit attempts to send lltng_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_lltng_client_packets" lineno="65329">
<summary>
Receive lltng_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_lltng_client_packets" lineno="65348">
<summary>
Do not audit attempts to receive lltng_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_lltng_client_packets" lineno="65367">
<summary>
Send and receive lltng_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_lltng_client_packets" lineno="65383">
<summary>
Do not audit attempts to send and receive lltng_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_lltng_client_packets" lineno="65398">
<summary>
Relabel packets to lltng_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_lltng_server_packets" lineno="65418">
<summary>
Send lltng_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_lltng_server_packets" lineno="65437">
<summary>
Do not audit attempts to send lltng_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_lltng_server_packets" lineno="65456">
<summary>
Receive lltng_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_lltng_server_packets" lineno="65475">
<summary>
Do not audit attempts to receive lltng_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_lltng_server_packets" lineno="65494">
<summary>
Send and receive lltng_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_lltng_server_packets" lineno="65510">
<summary>
Do not audit attempts to send and receive lltng_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_lltng_server_packets" lineno="65525">
<summary>
Relabel packets to lltng_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_llmnr_port" lineno="65547">
<summary>
Send and receive TCP traffic on the llmnr port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_llmnr_port" lineno="65566">
<summary>
Send UDP traffic on the llmnr port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_llmnr_port" lineno="65585">
<summary>
Do not audit attempts to send UDP traffic on the llmnr port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_llmnr_port" lineno="65604">
<summary>
Receive UDP traffic on the llmnr port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_llmnr_port" lineno="65623">
<summary>
Do not audit attempts to receive UDP traffic on the llmnr port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_llmnr_port" lineno="65642">
<summary>
Send and receive UDP traffic on the llmnr port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_llmnr_port" lineno="65659">
<summary>
Do not audit attempts to send and receive
UDP traffic on the llmnr port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_llmnr_port" lineno="65675">
<summary>
Bind TCP sockets to the llmnr port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_llmnr_port" lineno="65695">
<summary>
Bind UDP sockets to the llmnr port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_llmnr_port" lineno="65715">
<summary>
Do not audit attempts to sbind to llmnr port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_llmnr_port" lineno="65734">
<summary>
Make a TCP connection to the llmnr port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_llmnr_port" lineno="65751">
<summary>
Do not audit attempts to make a TCP connection to llmnr port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_llmnr_client_packets" lineno="65771">
<summary>
Send llmnr_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_llmnr_client_packets" lineno="65790">
<summary>
Do not audit attempts to send llmnr_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_llmnr_client_packets" lineno="65809">
<summary>
Receive llmnr_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_llmnr_client_packets" lineno="65828">
<summary>
Do not audit attempts to receive llmnr_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_llmnr_client_packets" lineno="65847">
<summary>
Send and receive llmnr_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_llmnr_client_packets" lineno="65863">
<summary>
Do not audit attempts to send and receive llmnr_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_llmnr_client_packets" lineno="65878">
<summary>
Relabel packets to llmnr_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_llmnr_server_packets" lineno="65898">
<summary>
Send llmnr_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_llmnr_server_packets" lineno="65917">
<summary>
Do not audit attempts to send llmnr_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_llmnr_server_packets" lineno="65936">
<summary>
Receive llmnr_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_llmnr_server_packets" lineno="65955">
<summary>
Do not audit attempts to receive llmnr_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_llmnr_server_packets" lineno="65974">
<summary>
Send and receive llmnr_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_llmnr_server_packets" lineno="65990">
<summary>
Do not audit attempts to send and receive llmnr_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_llmnr_server_packets" lineno="66005">
<summary>
Relabel packets to llmnr_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_rabbitmq_port" lineno="66027">
<summary>
Send and receive TCP traffic on the rabbitmq port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_rabbitmq_port" lineno="66046">
<summary>
Send UDP traffic on the rabbitmq port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_rabbitmq_port" lineno="66065">
<summary>
Do not audit attempts to send UDP traffic on the rabbitmq port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_rabbitmq_port" lineno="66084">
<summary>
Receive UDP traffic on the rabbitmq port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_rabbitmq_port" lineno="66103">
<summary>
Do not audit attempts to receive UDP traffic on the rabbitmq port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_rabbitmq_port" lineno="66122">
<summary>
Send and receive UDP traffic on the rabbitmq port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_rabbitmq_port" lineno="66139">
<summary>
Do not audit attempts to send and receive
UDP traffic on the rabbitmq port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_rabbitmq_port" lineno="66155">
<summary>
Bind TCP sockets to the rabbitmq port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_rabbitmq_port" lineno="66175">
<summary>
Bind UDP sockets to the rabbitmq port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_rabbitmq_port" lineno="66195">
<summary>
Do not audit attempts to sbind to rabbitmq port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_rabbitmq_port" lineno="66214">
<summary>
Make a TCP connection to the rabbitmq port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_rabbitmq_port" lineno="66231">
<summary>
Do not audit attempts to make a TCP connection to rabbitmq port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rabbitmq_client_packets" lineno="66251">
<summary>
Send rabbitmq_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rabbitmq_client_packets" lineno="66270">
<summary>
Do not audit attempts to send rabbitmq_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rabbitmq_client_packets" lineno="66289">
<summary>
Receive rabbitmq_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rabbitmq_client_packets" lineno="66308">
<summary>
Do not audit attempts to receive rabbitmq_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rabbitmq_client_packets" lineno="66327">
<summary>
Send and receive rabbitmq_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rabbitmq_client_packets" lineno="66343">
<summary>
Do not audit attempts to send and receive rabbitmq_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rabbitmq_client_packets" lineno="66358">
<summary>
Relabel packets to rabbitmq_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rabbitmq_server_packets" lineno="66378">
<summary>
Send rabbitmq_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rabbitmq_server_packets" lineno="66397">
<summary>
Do not audit attempts to send rabbitmq_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rabbitmq_server_packets" lineno="66416">
<summary>
Receive rabbitmq_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rabbitmq_server_packets" lineno="66435">
<summary>
Do not audit attempts to receive rabbitmq_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rabbitmq_server_packets" lineno="66454">
<summary>
Send and receive rabbitmq_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rabbitmq_server_packets" lineno="66470">
<summary>
Do not audit attempts to send and receive rabbitmq_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rabbitmq_server_packets" lineno="66485">
<summary>
Relabel packets to rabbitmq_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_rkt_port" lineno="66507">
<summary>
Send and receive TCP traffic on the rkt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_rkt_port" lineno="66526">
<summary>
Send UDP traffic on the rkt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_rkt_port" lineno="66545">
<summary>
Do not audit attempts to send UDP traffic on the rkt port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_rkt_port" lineno="66564">
<summary>
Receive UDP traffic on the rkt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_rkt_port" lineno="66583">
<summary>
Do not audit attempts to receive UDP traffic on the rkt port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_rkt_port" lineno="66602">
<summary>
Send and receive UDP traffic on the rkt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_rkt_port" lineno="66619">
<summary>
Do not audit attempts to send and receive
UDP traffic on the rkt port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_rkt_port" lineno="66635">
<summary>
Bind TCP sockets to the rkt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_rkt_port" lineno="66655">
<summary>
Bind UDP sockets to the rkt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_rkt_port" lineno="66675">
<summary>
Do not audit attempts to sbind to rkt port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_rkt_port" lineno="66694">
<summary>
Make a TCP connection to the rkt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_rkt_port" lineno="66711">
<summary>
Do not audit attempts to make a TCP connection to rkt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rkt_client_packets" lineno="66731">
<summary>
Send rkt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rkt_client_packets" lineno="66750">
<summary>
Do not audit attempts to send rkt_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rkt_client_packets" lineno="66769">
<summary>
Receive rkt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rkt_client_packets" lineno="66788">
<summary>
Do not audit attempts to receive rkt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rkt_client_packets" lineno="66807">
<summary>
Send and receive rkt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rkt_client_packets" lineno="66823">
<summary>
Do not audit attempts to send and receive rkt_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rkt_client_packets" lineno="66838">
<summary>
Relabel packets to rkt_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rkt_server_packets" lineno="66858">
<summary>
Send rkt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rkt_server_packets" lineno="66877">
<summary>
Do not audit attempts to send rkt_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rkt_server_packets" lineno="66896">
<summary>
Receive rkt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rkt_server_packets" lineno="66915">
<summary>
Do not audit attempts to receive rkt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rkt_server_packets" lineno="66934">
<summary>
Send and receive rkt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rkt_server_packets" lineno="66950">
<summary>
Do not audit attempts to send and receive rkt_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rkt_server_packets" lineno="66965">
<summary>
Relabel packets to rkt_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_rlogin_port" lineno="66987">
<summary>
Send and receive TCP traffic on the rlogin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_rlogin_port" lineno="67006">
<summary>
Send UDP traffic on the rlogin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_rlogin_port" lineno="67025">
<summary>
Do not audit attempts to send UDP traffic on the rlogin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_rlogin_port" lineno="67044">
<summary>
Receive UDP traffic on the rlogin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_rlogin_port" lineno="67063">
<summary>
Do not audit attempts to receive UDP traffic on the rlogin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_rlogin_port" lineno="67082">
<summary>
Send and receive UDP traffic on the rlogin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_rlogin_port" lineno="67099">
<summary>
Do not audit attempts to send and receive
UDP traffic on the rlogin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_rlogin_port" lineno="67115">
<summary>
Bind TCP sockets to the rlogin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_rlogin_port" lineno="67135">
<summary>
Bind UDP sockets to the rlogin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_rlogin_port" lineno="67155">
<summary>
Do not audit attempts to sbind to rlogin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_rlogin_port" lineno="67174">
<summary>
Make a TCP connection to the rlogin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_rlogin_port" lineno="67191">
<summary>
Do not audit attempts to make a TCP connection to rlogin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rlogin_client_packets" lineno="67211">
<summary>
Send rlogin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rlogin_client_packets" lineno="67230">
<summary>
Do not audit attempts to send rlogin_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rlogin_client_packets" lineno="67249">
<summary>
Receive rlogin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rlogin_client_packets" lineno="67268">
<summary>
Do not audit attempts to receive rlogin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rlogin_client_packets" lineno="67287">
<summary>
Send and receive rlogin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rlogin_client_packets" lineno="67303">
<summary>
Do not audit attempts to send and receive rlogin_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rlogin_client_packets" lineno="67318">
<summary>
Relabel packets to rlogin_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rlogin_server_packets" lineno="67338">
<summary>
Send rlogin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rlogin_server_packets" lineno="67357">
<summary>
Do not audit attempts to send rlogin_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rlogin_server_packets" lineno="67376">
<summary>
Receive rlogin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rlogin_server_packets" lineno="67395">
<summary>
Do not audit attempts to receive rlogin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rlogin_server_packets" lineno="67414">
<summary>
Send and receive rlogin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rlogin_server_packets" lineno="67430">
<summary>
Do not audit attempts to send and receive rlogin_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rlogin_server_packets" lineno="67445">
<summary>
Relabel packets to rlogin_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_rtsclient_port" lineno="67467">
<summary>
Send and receive TCP traffic on the rtsclient port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_rtsclient_port" lineno="67486">
<summary>
Send UDP traffic on the rtsclient port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_rtsclient_port" lineno="67505">
<summary>
Do not audit attempts to send UDP traffic on the rtsclient port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_rtsclient_port" lineno="67524">
<summary>
Receive UDP traffic on the rtsclient port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_rtsclient_port" lineno="67543">
<summary>
Do not audit attempts to receive UDP traffic on the rtsclient port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_rtsclient_port" lineno="67562">
<summary>
Send and receive UDP traffic on the rtsclient port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_rtsclient_port" lineno="67579">
<summary>
Do not audit attempts to send and receive
UDP traffic on the rtsclient port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_rtsclient_port" lineno="67595">
<summary>
Bind TCP sockets to the rtsclient port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_rtsclient_port" lineno="67615">
<summary>
Bind UDP sockets to the rtsclient port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_rtsclient_port" lineno="67635">
<summary>
Do not audit attempts to sbind to rtsclient port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_rtsclient_port" lineno="67654">
<summary>
Make a TCP connection to the rtsclient port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_rtsclient_port" lineno="67671">
<summary>
Do not audit attempts to make a TCP connection to rtsclient port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rtsclient_client_packets" lineno="67691">
<summary>
Send rtsclient_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rtsclient_client_packets" lineno="67710">
<summary>
Do not audit attempts to send rtsclient_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rtsclient_client_packets" lineno="67729">
<summary>
Receive rtsclient_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rtsclient_client_packets" lineno="67748">
<summary>
Do not audit attempts to receive rtsclient_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rtsclient_client_packets" lineno="67767">
<summary>
Send and receive rtsclient_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rtsclient_client_packets" lineno="67783">
<summary>
Do not audit attempts to send and receive rtsclient_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rtsclient_client_packets" lineno="67798">
<summary>
Relabel packets to rtsclient_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rtsclient_server_packets" lineno="67818">
<summary>
Send rtsclient_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rtsclient_server_packets" lineno="67837">
<summary>
Do not audit attempts to send rtsclient_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rtsclient_server_packets" lineno="67856">
<summary>
Receive rtsclient_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rtsclient_server_packets" lineno="67875">
<summary>
Do not audit attempts to receive rtsclient_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rtsclient_server_packets" lineno="67894">
<summary>
Send and receive rtsclient_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rtsclient_server_packets" lineno="67910">
<summary>
Do not audit attempts to send and receive rtsclient_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rtsclient_server_packets" lineno="67925">
<summary>
Relabel packets to rtsclient_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_kprop_port" lineno="67947">
<summary>
Send and receive TCP traffic on the kprop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_kprop_port" lineno="67966">
<summary>
Send UDP traffic on the kprop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_kprop_port" lineno="67985">
<summary>
Do not audit attempts to send UDP traffic on the kprop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_kprop_port" lineno="68004">
<summary>
Receive UDP traffic on the kprop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_kprop_port" lineno="68023">
<summary>
Do not audit attempts to receive UDP traffic on the kprop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_kprop_port" lineno="68042">
<summary>
Send and receive UDP traffic on the kprop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_kprop_port" lineno="68059">
<summary>
Do not audit attempts to send and receive
UDP traffic on the kprop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_kprop_port" lineno="68075">
<summary>
Bind TCP sockets to the kprop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_kprop_port" lineno="68095">
<summary>
Bind UDP sockets to the kprop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_kprop_port" lineno="68115">
<summary>
Do not audit attempts to sbind to kprop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_kprop_port" lineno="68134">
<summary>
Make a TCP connection to the kprop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_kprop_port" lineno="68151">
<summary>
Do not audit attempts to make a TCP connection to kprop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kprop_client_packets" lineno="68171">
<summary>
Send kprop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kprop_client_packets" lineno="68190">
<summary>
Do not audit attempts to send kprop_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kprop_client_packets" lineno="68209">
<summary>
Receive kprop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kprop_client_packets" lineno="68228">
<summary>
Do not audit attempts to receive kprop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kprop_client_packets" lineno="68247">
<summary>
Send and receive kprop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kprop_client_packets" lineno="68263">
<summary>
Do not audit attempts to send and receive kprop_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kprop_client_packets" lineno="68278">
<summary>
Relabel packets to kprop_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kprop_server_packets" lineno="68298">
<summary>
Send kprop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kprop_server_packets" lineno="68317">
<summary>
Do not audit attempts to send kprop_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kprop_server_packets" lineno="68336">
<summary>
Receive kprop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kprop_server_packets" lineno="68355">
<summary>
Do not audit attempts to receive kprop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kprop_server_packets" lineno="68374">
<summary>
Send and receive kprop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kprop_server_packets" lineno="68390">
<summary>
Do not audit attempts to send and receive kprop_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kprop_server_packets" lineno="68405">
<summary>
Relabel packets to kprop_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ktalkd_port" lineno="68427">
<summary>
Send and receive TCP traffic on the ktalkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ktalkd_port" lineno="68446">
<summary>
Send UDP traffic on the ktalkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ktalkd_port" lineno="68465">
<summary>
Do not audit attempts to send UDP traffic on the ktalkd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ktalkd_port" lineno="68484">
<summary>
Receive UDP traffic on the ktalkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ktalkd_port" lineno="68503">
<summary>
Do not audit attempts to receive UDP traffic on the ktalkd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ktalkd_port" lineno="68522">
<summary>
Send and receive UDP traffic on the ktalkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ktalkd_port" lineno="68539">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ktalkd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ktalkd_port" lineno="68555">
<summary>
Bind TCP sockets to the ktalkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ktalkd_port" lineno="68575">
<summary>
Bind UDP sockets to the ktalkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_ktalkd_port" lineno="68595">
<summary>
Do not audit attempts to sbind to ktalkd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ktalkd_port" lineno="68614">
<summary>
Make a TCP connection to the ktalkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_ktalkd_port" lineno="68631">
<summary>
Do not audit attempts to make a TCP connection to ktalkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ktalkd_client_packets" lineno="68651">
<summary>
Send ktalkd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ktalkd_client_packets" lineno="68670">
<summary>
Do not audit attempts to send ktalkd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ktalkd_client_packets" lineno="68689">
<summary>
Receive ktalkd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ktalkd_client_packets" lineno="68708">
<summary>
Do not audit attempts to receive ktalkd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ktalkd_client_packets" lineno="68727">
<summary>
Send and receive ktalkd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ktalkd_client_packets" lineno="68743">
<summary>
Do not audit attempts to send and receive ktalkd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ktalkd_client_packets" lineno="68758">
<summary>
Relabel packets to ktalkd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ktalkd_server_packets" lineno="68778">
<summary>
Send ktalkd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ktalkd_server_packets" lineno="68797">
<summary>
Do not audit attempts to send ktalkd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ktalkd_server_packets" lineno="68816">
<summary>
Receive ktalkd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ktalkd_server_packets" lineno="68835">
<summary>
Do not audit attempts to receive ktalkd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ktalkd_server_packets" lineno="68854">
<summary>
Send and receive ktalkd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ktalkd_server_packets" lineno="68870">
<summary>
Do not audit attempts to send and receive ktalkd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ktalkd_server_packets" lineno="68885">
<summary>
Relabel packets to ktalkd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ldap_port" lineno="68907">
<summary>
Send and receive TCP traffic on the ldap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ldap_port" lineno="68926">
<summary>
Send UDP traffic on the ldap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ldap_port" lineno="68945">
<summary>
Do not audit attempts to send UDP traffic on the ldap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ldap_port" lineno="68964">
<summary>
Receive UDP traffic on the ldap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ldap_port" lineno="68983">
<summary>
Do not audit attempts to receive UDP traffic on the ldap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ldap_port" lineno="69002">
<summary>
Send and receive UDP traffic on the ldap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ldap_port" lineno="69019">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ldap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ldap_port" lineno="69035">
<summary>
Bind TCP sockets to the ldap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ldap_port" lineno="69055">
<summary>
Bind UDP sockets to the ldap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_ldap_port" lineno="69075">
<summary>
Do not audit attempts to sbind to ldap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ldap_port" lineno="69094">
<summary>
Make a TCP connection to the ldap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_ldap_port" lineno="69111">
<summary>
Do not audit attempts to make a TCP connection to ldap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ldap_client_packets" lineno="69131">
<summary>
Send ldap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ldap_client_packets" lineno="69150">
<summary>
Do not audit attempts to send ldap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ldap_client_packets" lineno="69169">
<summary>
Receive ldap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ldap_client_packets" lineno="69188">
<summary>
Do not audit attempts to receive ldap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ldap_client_packets" lineno="69207">
<summary>
Send and receive ldap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ldap_client_packets" lineno="69223">
<summary>
Do not audit attempts to send and receive ldap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ldap_client_packets" lineno="69238">
<summary>
Relabel packets to ldap_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ldap_server_packets" lineno="69258">
<summary>
Send ldap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ldap_server_packets" lineno="69277">
<summary>
Do not audit attempts to send ldap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ldap_server_packets" lineno="69296">
<summary>
Receive ldap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ldap_server_packets" lineno="69315">
<summary>
Do not audit attempts to receive ldap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ldap_server_packets" lineno="69334">
<summary>
Send and receive ldap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ldap_server_packets" lineno="69350">
<summary>
Do not audit attempts to send and receive ldap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ldap_server_packets" lineno="69365">
<summary>
Relabel packets to ldap_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_lirc_port" lineno="69387">
<summary>
Send and receive TCP traffic on the lirc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_lirc_port" lineno="69406">
<summary>
Send UDP traffic on the lirc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_lirc_port" lineno="69425">
<summary>
Do not audit attempts to send UDP traffic on the lirc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_lirc_port" lineno="69444">
<summary>
Receive UDP traffic on the lirc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_lirc_port" lineno="69463">
<summary>
Do not audit attempts to receive UDP traffic on the lirc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_lirc_port" lineno="69482">
<summary>
Send and receive UDP traffic on the lirc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_lirc_port" lineno="69499">
<summary>
Do not audit attempts to send and receive
UDP traffic on the lirc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_lirc_port" lineno="69515">
<summary>
Bind TCP sockets to the lirc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_lirc_port" lineno="69535">
<summary>
Bind UDP sockets to the lirc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_lirc_port" lineno="69555">
<summary>
Do not audit attempts to sbind to lirc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_lirc_port" lineno="69574">
<summary>
Make a TCP connection to the lirc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_lirc_port" lineno="69591">
<summary>
Do not audit attempts to make a TCP connection to lirc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_lirc_client_packets" lineno="69611">
<summary>
Send lirc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_lirc_client_packets" lineno="69630">
<summary>
Do not audit attempts to send lirc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_lirc_client_packets" lineno="69649">
<summary>
Receive lirc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_lirc_client_packets" lineno="69668">
<summary>
Do not audit attempts to receive lirc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_lirc_client_packets" lineno="69687">
<summary>
Send and receive lirc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_lirc_client_packets" lineno="69703">
<summary>
Do not audit attempts to send and receive lirc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_lirc_client_packets" lineno="69718">
<summary>
Relabel packets to lirc_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_lirc_server_packets" lineno="69738">
<summary>
Send lirc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_lirc_server_packets" lineno="69757">
<summary>
Do not audit attempts to send lirc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_lirc_server_packets" lineno="69776">
<summary>
Receive lirc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_lirc_server_packets" lineno="69795">
<summary>
Do not audit attempts to receive lirc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_lirc_server_packets" lineno="69814">
<summary>
Send and receive lirc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_lirc_server_packets" lineno="69830">
<summary>
Do not audit attempts to send and receive lirc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_lirc_server_packets" lineno="69845">
<summary>
Relabel packets to lirc_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_luci_port" lineno="69867">
<summary>
Send and receive TCP traffic on the luci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_luci_port" lineno="69886">
<summary>
Send UDP traffic on the luci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_luci_port" lineno="69905">
<summary>
Do not audit attempts to send UDP traffic on the luci port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_luci_port" lineno="69924">
<summary>
Receive UDP traffic on the luci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_luci_port" lineno="69943">
<summary>
Do not audit attempts to receive UDP traffic on the luci port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_luci_port" lineno="69962">
<summary>
Send and receive UDP traffic on the luci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_luci_port" lineno="69979">
<summary>
Do not audit attempts to send and receive
UDP traffic on the luci port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_luci_port" lineno="69995">
<summary>
Bind TCP sockets to the luci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_luci_port" lineno="70015">
<summary>
Bind UDP sockets to the luci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_luci_port" lineno="70035">
<summary>
Do not audit attempts to sbind to luci port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_luci_port" lineno="70054">
<summary>
Make a TCP connection to the luci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_luci_port" lineno="70071">
<summary>
Do not audit attempts to make a TCP connection to luci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_luci_client_packets" lineno="70091">
<summary>
Send luci_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_luci_client_packets" lineno="70110">
<summary>
Do not audit attempts to send luci_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_luci_client_packets" lineno="70129">
<summary>
Receive luci_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_luci_client_packets" lineno="70148">
<summary>
Do not audit attempts to receive luci_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_luci_client_packets" lineno="70167">
<summary>
Send and receive luci_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_luci_client_packets" lineno="70183">
<summary>
Do not audit attempts to send and receive luci_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_luci_client_packets" lineno="70198">
<summary>
Relabel packets to luci_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_luci_server_packets" lineno="70218">
<summary>
Send luci_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_luci_server_packets" lineno="70237">
<summary>
Do not audit attempts to send luci_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_luci_server_packets" lineno="70256">
<summary>
Receive luci_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_luci_server_packets" lineno="70275">
<summary>
Do not audit attempts to receive luci_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_luci_server_packets" lineno="70294">
<summary>
Send and receive luci_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_luci_server_packets" lineno="70310">
<summary>
Do not audit attempts to send and receive luci_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_luci_server_packets" lineno="70325">
<summary>
Relabel packets to luci_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_lmtp_port" lineno="70347">
<summary>
Send and receive TCP traffic on the lmtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_lmtp_port" lineno="70366">
<summary>
Send UDP traffic on the lmtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_lmtp_port" lineno="70385">
<summary>
Do not audit attempts to send UDP traffic on the lmtp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_lmtp_port" lineno="70404">
<summary>
Receive UDP traffic on the lmtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_lmtp_port" lineno="70423">
<summary>
Do not audit attempts to receive UDP traffic on the lmtp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_lmtp_port" lineno="70442">
<summary>
Send and receive UDP traffic on the lmtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_lmtp_port" lineno="70459">
<summary>
Do not audit attempts to send and receive
UDP traffic on the lmtp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_lmtp_port" lineno="70475">
<summary>
Bind TCP sockets to the lmtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_lmtp_port" lineno="70495">
<summary>
Bind UDP sockets to the lmtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_lmtp_port" lineno="70515">
<summary>
Do not audit attempts to sbind to lmtp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_lmtp_port" lineno="70534">
<summary>
Make a TCP connection to the lmtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_lmtp_port" lineno="70551">
<summary>
Do not audit attempts to make a TCP connection to lmtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_lmtp_client_packets" lineno="70571">
<summary>
Send lmtp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_lmtp_client_packets" lineno="70590">
<summary>
Do not audit attempts to send lmtp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_lmtp_client_packets" lineno="70609">
<summary>
Receive lmtp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_lmtp_client_packets" lineno="70628">
<summary>
Do not audit attempts to receive lmtp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_lmtp_client_packets" lineno="70647">
<summary>
Send and receive lmtp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_lmtp_client_packets" lineno="70663">
<summary>
Do not audit attempts to send and receive lmtp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_lmtp_client_packets" lineno="70678">
<summary>
Relabel packets to lmtp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_lmtp_server_packets" lineno="70698">
<summary>
Send lmtp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_lmtp_server_packets" lineno="70717">
<summary>
Do not audit attempts to send lmtp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_lmtp_server_packets" lineno="70736">
<summary>
Receive lmtp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_lmtp_server_packets" lineno="70755">
<summary>
Do not audit attempts to receive lmtp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_lmtp_server_packets" lineno="70774">
<summary>
Send and receive lmtp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_lmtp_server_packets" lineno="70790">
<summary>
Do not audit attempts to send and receive lmtp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_lmtp_server_packets" lineno="70805">
<summary>
Relabel packets to lmtp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_lrrd_port" lineno="70827">
<summary>
Send and receive TCP traffic on the lrrd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_lrrd_port" lineno="70846">
<summary>
Send UDP traffic on the lrrd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_lrrd_port" lineno="70865">
<summary>
Do not audit attempts to send UDP traffic on the lrrd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_lrrd_port" lineno="70884">
<summary>
Receive UDP traffic on the lrrd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_lrrd_port" lineno="70903">
<summary>
Do not audit attempts to receive UDP traffic on the lrrd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_lrrd_port" lineno="70922">
<summary>
Send and receive UDP traffic on the lrrd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_lrrd_port" lineno="70939">
<summary>
Do not audit attempts to send and receive
UDP traffic on the lrrd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_lrrd_port" lineno="70955">
<summary>
Bind TCP sockets to the lrrd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_lrrd_port" lineno="70975">
<summary>
Bind UDP sockets to the lrrd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_lrrd_port" lineno="70995">
<summary>
Do not audit attempts to sbind to lrrd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_lrrd_port" lineno="71014">
<summary>
Make a TCP connection to the lrrd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_lrrd_port" lineno="71031">
<summary>
Do not audit attempts to make a TCP connection to lrrd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_lrrd_client_packets" lineno="71051">
<summary>
Send lrrd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_lrrd_client_packets" lineno="71070">
<summary>
Do not audit attempts to send lrrd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_lrrd_client_packets" lineno="71089">
<summary>
Receive lrrd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_lrrd_client_packets" lineno="71108">
<summary>
Do not audit attempts to receive lrrd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_lrrd_client_packets" lineno="71127">
<summary>
Send and receive lrrd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_lrrd_client_packets" lineno="71143">
<summary>
Do not audit attempts to send and receive lrrd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_lrrd_client_packets" lineno="71158">
<summary>
Relabel packets to lrrd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_lrrd_server_packets" lineno="71178">
<summary>
Send lrrd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_lrrd_server_packets" lineno="71197">
<summary>
Do not audit attempts to send lrrd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_lrrd_server_packets" lineno="71216">
<summary>
Receive lrrd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_lrrd_server_packets" lineno="71235">
<summary>
Do not audit attempts to receive lrrd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_lrrd_server_packets" lineno="71254">
<summary>
Send and receive lrrd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_lrrd_server_packets" lineno="71270">
<summary>
Do not audit attempts to send and receive lrrd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_lrrd_server_packets" lineno="71285">
<summary>
Relabel packets to lrrd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_lsm_plugin_port" lineno="71307">
<summary>
Send and receive TCP traffic on the lsm_plugin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_lsm_plugin_port" lineno="71326">
<summary>
Send UDP traffic on the lsm_plugin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_lsm_plugin_port" lineno="71345">
<summary>
Do not audit attempts to send UDP traffic on the lsm_plugin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_lsm_plugin_port" lineno="71364">
<summary>
Receive UDP traffic on the lsm_plugin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_lsm_plugin_port" lineno="71383">
<summary>
Do not audit attempts to receive UDP traffic on the lsm_plugin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_lsm_plugin_port" lineno="71402">
<summary>
Send and receive UDP traffic on the lsm_plugin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_lsm_plugin_port" lineno="71419">
<summary>
Do not audit attempts to send and receive
UDP traffic on the lsm_plugin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_lsm_plugin_port" lineno="71435">
<summary>
Bind TCP sockets to the lsm_plugin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_lsm_plugin_port" lineno="71455">
<summary>
Bind UDP sockets to the lsm_plugin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_lsm_plugin_port" lineno="71475">
<summary>
Do not audit attempts to sbind to lsm_plugin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_lsm_plugin_port" lineno="71494">
<summary>
Make a TCP connection to the lsm_plugin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_lsm_plugin_port" lineno="71511">
<summary>
Do not audit attempts to make a TCP connection to lsm_plugin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_lsm_plugin_client_packets" lineno="71531">
<summary>
Send lsm_plugin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_lsm_plugin_client_packets" lineno="71550">
<summary>
Do not audit attempts to send lsm_plugin_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_lsm_plugin_client_packets" lineno="71569">
<summary>
Receive lsm_plugin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_lsm_plugin_client_packets" lineno="71588">
<summary>
Do not audit attempts to receive lsm_plugin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_lsm_plugin_client_packets" lineno="71607">
<summary>
Send and receive lsm_plugin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_lsm_plugin_client_packets" lineno="71623">
<summary>
Do not audit attempts to send and receive lsm_plugin_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_lsm_plugin_client_packets" lineno="71638">
<summary>
Relabel packets to lsm_plugin_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_lsm_plugin_server_packets" lineno="71658">
<summary>
Send lsm_plugin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_lsm_plugin_server_packets" lineno="71677">
<summary>
Do not audit attempts to send lsm_plugin_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_lsm_plugin_server_packets" lineno="71696">
<summary>
Receive lsm_plugin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_lsm_plugin_server_packets" lineno="71715">
<summary>
Do not audit attempts to receive lsm_plugin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_lsm_plugin_server_packets" lineno="71734">
<summary>
Send and receive lsm_plugin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_lsm_plugin_server_packets" lineno="71750">
<summary>
Do not audit attempts to send and receive lsm_plugin_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_lsm_plugin_server_packets" lineno="71765">
<summary>
Relabel packets to lsm_plugin_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_l2tp_port" lineno="71787">
<summary>
Send and receive TCP traffic on the l2tp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_l2tp_port" lineno="71806">
<summary>
Send UDP traffic on the l2tp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_l2tp_port" lineno="71825">
<summary>
Do not audit attempts to send UDP traffic on the l2tp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_l2tp_port" lineno="71844">
<summary>
Receive UDP traffic on the l2tp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_l2tp_port" lineno="71863">
<summary>
Do not audit attempts to receive UDP traffic on the l2tp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_l2tp_port" lineno="71882">
<summary>
Send and receive UDP traffic on the l2tp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_l2tp_port" lineno="71899">
<summary>
Do not audit attempts to send and receive
UDP traffic on the l2tp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_l2tp_port" lineno="71915">
<summary>
Bind TCP sockets to the l2tp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_l2tp_port" lineno="71935">
<summary>
Bind UDP sockets to the l2tp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_l2tp_port" lineno="71955">
<summary>
Do not audit attempts to sbind to l2tp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_l2tp_port" lineno="71974">
<summary>
Make a TCP connection to the l2tp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_l2tp_port" lineno="71991">
<summary>
Do not audit attempts to make a TCP connection to l2tp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_l2tp_client_packets" lineno="72011">
<summary>
Send l2tp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_l2tp_client_packets" lineno="72030">
<summary>
Do not audit attempts to send l2tp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_l2tp_client_packets" lineno="72049">
<summary>
Receive l2tp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_l2tp_client_packets" lineno="72068">
<summary>
Do not audit attempts to receive l2tp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_l2tp_client_packets" lineno="72087">
<summary>
Send and receive l2tp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_l2tp_client_packets" lineno="72103">
<summary>
Do not audit attempts to send and receive l2tp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_l2tp_client_packets" lineno="72118">
<summary>
Relabel packets to l2tp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_l2tp_server_packets" lineno="72138">
<summary>
Send l2tp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_l2tp_server_packets" lineno="72157">
<summary>
Do not audit attempts to send l2tp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_l2tp_server_packets" lineno="72176">
<summary>
Receive l2tp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_l2tp_server_packets" lineno="72195">
<summary>
Do not audit attempts to receive l2tp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_l2tp_server_packets" lineno="72214">
<summary>
Send and receive l2tp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_l2tp_server_packets" lineno="72230">
<summary>
Do not audit attempts to send and receive l2tp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_l2tp_server_packets" lineno="72245">
<summary>
Relabel packets to l2tp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_mail_port" lineno="72267">
<summary>
Send and receive TCP traffic on the mail port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_mail_port" lineno="72286">
<summary>
Send UDP traffic on the mail port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_mail_port" lineno="72305">
<summary>
Do not audit attempts to send UDP traffic on the mail port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_mail_port" lineno="72324">
<summary>
Receive UDP traffic on the mail port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_mail_port" lineno="72343">
<summary>
Do not audit attempts to receive UDP traffic on the mail port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_mail_port" lineno="72362">
<summary>
Send and receive UDP traffic on the mail port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_mail_port" lineno="72379">
<summary>
Do not audit attempts to send and receive
UDP traffic on the mail port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_mail_port" lineno="72395">
<summary>
Bind TCP sockets to the mail port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_mail_port" lineno="72415">
<summary>
Bind UDP sockets to the mail port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_mail_port" lineno="72435">
<summary>
Do not audit attempts to sbind to mail port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_mail_port" lineno="72454">
<summary>
Make a TCP connection to the mail port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_mail_port" lineno="72471">
<summary>
Do not audit attempts to make a TCP connection to mail port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mail_client_packets" lineno="72491">
<summary>
Send mail_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mail_client_packets" lineno="72510">
<summary>
Do not audit attempts to send mail_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mail_client_packets" lineno="72529">
<summary>
Receive mail_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mail_client_packets" lineno="72548">
<summary>
Do not audit attempts to receive mail_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mail_client_packets" lineno="72567">
<summary>
Send and receive mail_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mail_client_packets" lineno="72583">
<summary>
Do not audit attempts to send and receive mail_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mail_client_packets" lineno="72598">
<summary>
Relabel packets to mail_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mail_server_packets" lineno="72618">
<summary>
Send mail_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mail_server_packets" lineno="72637">
<summary>
Do not audit attempts to send mail_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mail_server_packets" lineno="72656">
<summary>
Receive mail_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mail_server_packets" lineno="72675">
<summary>
Do not audit attempts to receive mail_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mail_server_packets" lineno="72694">
<summary>
Send and receive mail_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mail_server_packets" lineno="72710">
<summary>
Do not audit attempts to send and receive mail_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mail_server_packets" lineno="72725">
<summary>
Relabel packets to mail_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_mailbox_port" lineno="72747">
<summary>
Send and receive TCP traffic on the mailbox port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_mailbox_port" lineno="72766">
<summary>
Send UDP traffic on the mailbox port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_mailbox_port" lineno="72785">
<summary>
Do not audit attempts to send UDP traffic on the mailbox port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_mailbox_port" lineno="72804">
<summary>
Receive UDP traffic on the mailbox port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_mailbox_port" lineno="72823">
<summary>
Do not audit attempts to receive UDP traffic on the mailbox port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_mailbox_port" lineno="72842">
<summary>
Send and receive UDP traffic on the mailbox port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_mailbox_port" lineno="72859">
<summary>
Do not audit attempts to send and receive
UDP traffic on the mailbox port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_mailbox_port" lineno="72875">
<summary>
Bind TCP sockets to the mailbox port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_mailbox_port" lineno="72895">
<summary>
Bind UDP sockets to the mailbox port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_mailbox_port" lineno="72915">
<summary>
Do not audit attempts to sbind to mailbox port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_mailbox_port" lineno="72934">
<summary>
Make a TCP connection to the mailbox port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_mailbox_port" lineno="72951">
<summary>
Do not audit attempts to make a TCP connection to mailbox port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mailbox_client_packets" lineno="72971">
<summary>
Send mailbox_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mailbox_client_packets" lineno="72990">
<summary>
Do not audit attempts to send mailbox_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mailbox_client_packets" lineno="73009">
<summary>
Receive mailbox_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mailbox_client_packets" lineno="73028">
<summary>
Do not audit attempts to receive mailbox_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mailbox_client_packets" lineno="73047">
<summary>
Send and receive mailbox_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mailbox_client_packets" lineno="73063">
<summary>
Do not audit attempts to send and receive mailbox_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mailbox_client_packets" lineno="73078">
<summary>
Relabel packets to mailbox_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mailbox_server_packets" lineno="73098">
<summary>
Send mailbox_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mailbox_server_packets" lineno="73117">
<summary>
Do not audit attempts to send mailbox_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mailbox_server_packets" lineno="73136">
<summary>
Receive mailbox_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mailbox_server_packets" lineno="73155">
<summary>
Do not audit attempts to receive mailbox_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mailbox_server_packets" lineno="73174">
<summary>
Send and receive mailbox_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mailbox_server_packets" lineno="73190">
<summary>
Do not audit attempts to send and receive mailbox_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mailbox_server_packets" lineno="73205">
<summary>
Relabel packets to mailbox_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_matahari_port" lineno="73227">
<summary>
Send and receive TCP traffic on the matahari port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_matahari_port" lineno="73246">
<summary>
Send UDP traffic on the matahari port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_matahari_port" lineno="73265">
<summary>
Do not audit attempts to send UDP traffic on the matahari port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_matahari_port" lineno="73284">
<summary>
Receive UDP traffic on the matahari port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_matahari_port" lineno="73303">
<summary>
Do not audit attempts to receive UDP traffic on the matahari port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_matahari_port" lineno="73322">
<summary>
Send and receive UDP traffic on the matahari port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_matahari_port" lineno="73339">
<summary>
Do not audit attempts to send and receive
UDP traffic on the matahari port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_matahari_port" lineno="73355">
<summary>
Bind TCP sockets to the matahari port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_matahari_port" lineno="73375">
<summary>
Bind UDP sockets to the matahari port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_matahari_port" lineno="73395">
<summary>
Do not audit attempts to sbind to matahari port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_matahari_port" lineno="73414">
<summary>
Make a TCP connection to the matahari port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_matahari_port" lineno="73431">
<summary>
Do not audit attempts to make a TCP connection to matahari port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_matahari_client_packets" lineno="73451">
<summary>
Send matahari_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_matahari_client_packets" lineno="73470">
<summary>
Do not audit attempts to send matahari_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_matahari_client_packets" lineno="73489">
<summary>
Receive matahari_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_matahari_client_packets" lineno="73508">
<summary>
Do not audit attempts to receive matahari_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_matahari_client_packets" lineno="73527">
<summary>
Send and receive matahari_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_matahari_client_packets" lineno="73543">
<summary>
Do not audit attempts to send and receive matahari_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_matahari_client_packets" lineno="73558">
<summary>
Relabel packets to matahari_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_matahari_server_packets" lineno="73578">
<summary>
Send matahari_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_matahari_server_packets" lineno="73597">
<summary>
Do not audit attempts to send matahari_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_matahari_server_packets" lineno="73616">
<summary>
Receive matahari_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_matahari_server_packets" lineno="73635">
<summary>
Do not audit attempts to receive matahari_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_matahari_server_packets" lineno="73654">
<summary>
Send and receive matahari_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_matahari_server_packets" lineno="73670">
<summary>
Do not audit attempts to send and receive matahari_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_matahari_server_packets" lineno="73685">
<summary>
Relabel packets to matahari_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_memcache_port" lineno="73707">
<summary>
Send and receive TCP traffic on the memcache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_memcache_port" lineno="73726">
<summary>
Send UDP traffic on the memcache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_memcache_port" lineno="73745">
<summary>
Do not audit attempts to send UDP traffic on the memcache port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_memcache_port" lineno="73764">
<summary>
Receive UDP traffic on the memcache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_memcache_port" lineno="73783">
<summary>
Do not audit attempts to receive UDP traffic on the memcache port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_memcache_port" lineno="73802">
<summary>
Send and receive UDP traffic on the memcache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_memcache_port" lineno="73819">
<summary>
Do not audit attempts to send and receive
UDP traffic on the memcache port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_memcache_port" lineno="73835">
<summary>
Bind TCP sockets to the memcache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_memcache_port" lineno="73855">
<summary>
Bind UDP sockets to the memcache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_memcache_port" lineno="73875">
<summary>
Do not audit attempts to sbind to memcache port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_memcache_port" lineno="73894">
<summary>
Make a TCP connection to the memcache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_memcache_port" lineno="73911">
<summary>
Do not audit attempts to make a TCP connection to memcache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_memcache_client_packets" lineno="73931">
<summary>
Send memcache_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_memcache_client_packets" lineno="73950">
<summary>
Do not audit attempts to send memcache_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_memcache_client_packets" lineno="73969">
<summary>
Receive memcache_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_memcache_client_packets" lineno="73988">
<summary>
Do not audit attempts to receive memcache_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_memcache_client_packets" lineno="74007">
<summary>
Send and receive memcache_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_memcache_client_packets" lineno="74023">
<summary>
Do not audit attempts to send and receive memcache_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_memcache_client_packets" lineno="74038">
<summary>
Relabel packets to memcache_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_memcache_server_packets" lineno="74058">
<summary>
Send memcache_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_memcache_server_packets" lineno="74077">
<summary>
Do not audit attempts to send memcache_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_memcache_server_packets" lineno="74096">
<summary>
Receive memcache_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_memcache_server_packets" lineno="74115">
<summary>
Do not audit attempts to receive memcache_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_memcache_server_packets" lineno="74134">
<summary>
Send and receive memcache_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_memcache_server_packets" lineno="74150">
<summary>
Do not audit attempts to send and receive memcache_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_memcache_server_packets" lineno="74165">
<summary>
Relabel packets to memcache_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_milter_port" lineno="74187">
<summary>
Send and receive TCP traffic on the milter port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_milter_port" lineno="74206">
<summary>
Send UDP traffic on the milter port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_milter_port" lineno="74225">
<summary>
Do not audit attempts to send UDP traffic on the milter port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_milter_port" lineno="74244">
<summary>
Receive UDP traffic on the milter port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_milter_port" lineno="74263">
<summary>
Do not audit attempts to receive UDP traffic on the milter port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_milter_port" lineno="74282">
<summary>
Send and receive UDP traffic on the milter port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_milter_port" lineno="74299">
<summary>
Do not audit attempts to send and receive
UDP traffic on the milter port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_milter_port" lineno="74315">
<summary>
Bind TCP sockets to the milter port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_milter_port" lineno="74335">
<summary>
Bind UDP sockets to the milter port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_milter_port" lineno="74355">
<summary>
Do not audit attempts to sbind to milter port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_milter_port" lineno="74374">
<summary>
Make a TCP connection to the milter port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_milter_port" lineno="74391">
<summary>
Do not audit attempts to make a TCP connection to milter port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_milter_client_packets" lineno="74411">
<summary>
Send milter_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_milter_client_packets" lineno="74430">
<summary>
Do not audit attempts to send milter_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_milter_client_packets" lineno="74449">
<summary>
Receive milter_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_milter_client_packets" lineno="74468">
<summary>
Do not audit attempts to receive milter_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_milter_client_packets" lineno="74487">
<summary>
Send and receive milter_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_milter_client_packets" lineno="74503">
<summary>
Do not audit attempts to send and receive milter_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_milter_client_packets" lineno="74518">
<summary>
Relabel packets to milter_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_milter_server_packets" lineno="74538">
<summary>
Send milter_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_milter_server_packets" lineno="74557">
<summary>
Do not audit attempts to send milter_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_milter_server_packets" lineno="74576">
<summary>
Receive milter_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_milter_server_packets" lineno="74595">
<summary>
Do not audit attempts to receive milter_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_milter_server_packets" lineno="74614">
<summary>
Send and receive milter_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_milter_server_packets" lineno="74630">
<summary>
Do not audit attempts to send and receive milter_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_milter_server_packets" lineno="74645">
<summary>
Relabel packets to milter_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_mmcc_port" lineno="74667">
<summary>
Send and receive TCP traffic on the mmcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_mmcc_port" lineno="74686">
<summary>
Send UDP traffic on the mmcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_mmcc_port" lineno="74705">
<summary>
Do not audit attempts to send UDP traffic on the mmcc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_mmcc_port" lineno="74724">
<summary>
Receive UDP traffic on the mmcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_mmcc_port" lineno="74743">
<summary>
Do not audit attempts to receive UDP traffic on the mmcc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_mmcc_port" lineno="74762">
<summary>
Send and receive UDP traffic on the mmcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_mmcc_port" lineno="74779">
<summary>
Do not audit attempts to send and receive
UDP traffic on the mmcc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_mmcc_port" lineno="74795">
<summary>
Bind TCP sockets to the mmcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_mmcc_port" lineno="74815">
<summary>
Bind UDP sockets to the mmcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_mmcc_port" lineno="74835">
<summary>
Do not audit attempts to sbind to mmcc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_mmcc_port" lineno="74854">
<summary>
Make a TCP connection to the mmcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_mmcc_port" lineno="74871">
<summary>
Do not audit attempts to make a TCP connection to mmcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mmcc_client_packets" lineno="74891">
<summary>
Send mmcc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mmcc_client_packets" lineno="74910">
<summary>
Do not audit attempts to send mmcc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mmcc_client_packets" lineno="74929">
<summary>
Receive mmcc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mmcc_client_packets" lineno="74948">
<summary>
Do not audit attempts to receive mmcc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mmcc_client_packets" lineno="74967">
<summary>
Send and receive mmcc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mmcc_client_packets" lineno="74983">
<summary>
Do not audit attempts to send and receive mmcc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mmcc_client_packets" lineno="74998">
<summary>
Relabel packets to mmcc_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mmcc_server_packets" lineno="75018">
<summary>
Send mmcc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mmcc_server_packets" lineno="75037">
<summary>
Do not audit attempts to send mmcc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mmcc_server_packets" lineno="75056">
<summary>
Receive mmcc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mmcc_server_packets" lineno="75075">
<summary>
Do not audit attempts to receive mmcc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mmcc_server_packets" lineno="75094">
<summary>
Send and receive mmcc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mmcc_server_packets" lineno="75110">
<summary>
Do not audit attempts to send and receive mmcc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mmcc_server_packets" lineno="75125">
<summary>
Relabel packets to mmcc_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_mongod_port" lineno="75147">
<summary>
Send and receive TCP traffic on the mongod port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_mongod_port" lineno="75166">
<summary>
Send UDP traffic on the mongod port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_mongod_port" lineno="75185">
<summary>
Do not audit attempts to send UDP traffic on the mongod port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_mongod_port" lineno="75204">
<summary>
Receive UDP traffic on the mongod port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_mongod_port" lineno="75223">
<summary>
Do not audit attempts to receive UDP traffic on the mongod port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_mongod_port" lineno="75242">
<summary>
Send and receive UDP traffic on the mongod port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_mongod_port" lineno="75259">
<summary>
Do not audit attempts to send and receive
UDP traffic on the mongod port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_mongod_port" lineno="75275">
<summary>
Bind TCP sockets to the mongod port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_mongod_port" lineno="75295">
<summary>
Bind UDP sockets to the mongod port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_mongod_port" lineno="75315">
<summary>
Do not audit attempts to sbind to mongod port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_mongod_port" lineno="75334">
<summary>
Make a TCP connection to the mongod port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_mongod_port" lineno="75351">
<summary>
Do not audit attempts to make a TCP connection to mongod port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mongod_client_packets" lineno="75371">
<summary>
Send mongod_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mongod_client_packets" lineno="75390">
<summary>
Do not audit attempts to send mongod_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mongod_client_packets" lineno="75409">
<summary>
Receive mongod_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mongod_client_packets" lineno="75428">
<summary>
Do not audit attempts to receive mongod_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mongod_client_packets" lineno="75447">
<summary>
Send and receive mongod_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mongod_client_packets" lineno="75463">
<summary>
Do not audit attempts to send and receive mongod_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mongod_client_packets" lineno="75478">
<summary>
Relabel packets to mongod_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mongod_server_packets" lineno="75498">
<summary>
Send mongod_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mongod_server_packets" lineno="75517">
<summary>
Do not audit attempts to send mongod_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mongod_server_packets" lineno="75536">
<summary>
Receive mongod_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mongod_server_packets" lineno="75555">
<summary>
Do not audit attempts to receive mongod_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mongod_server_packets" lineno="75574">
<summary>
Send and receive mongod_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mongod_server_packets" lineno="75590">
<summary>
Do not audit attempts to send and receive mongod_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mongod_server_packets" lineno="75605">
<summary>
Relabel packets to mongod_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_monopd_port" lineno="75627">
<summary>
Send and receive TCP traffic on the monopd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_monopd_port" lineno="75646">
<summary>
Send UDP traffic on the monopd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_monopd_port" lineno="75665">
<summary>
Do not audit attempts to send UDP traffic on the monopd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_monopd_port" lineno="75684">
<summary>
Receive UDP traffic on the monopd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_monopd_port" lineno="75703">
<summary>
Do not audit attempts to receive UDP traffic on the monopd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_monopd_port" lineno="75722">
<summary>
Send and receive UDP traffic on the monopd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_monopd_port" lineno="75739">
<summary>
Do not audit attempts to send and receive
UDP traffic on the monopd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_monopd_port" lineno="75755">
<summary>
Bind TCP sockets to the monopd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_monopd_port" lineno="75775">
<summary>
Bind UDP sockets to the monopd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_monopd_port" lineno="75795">
<summary>
Do not audit attempts to sbind to monopd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_monopd_port" lineno="75814">
<summary>
Make a TCP connection to the monopd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_monopd_port" lineno="75831">
<summary>
Do not audit attempts to make a TCP connection to monopd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_monopd_client_packets" lineno="75851">
<summary>
Send monopd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_monopd_client_packets" lineno="75870">
<summary>
Do not audit attempts to send monopd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_monopd_client_packets" lineno="75889">
<summary>
Receive monopd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_monopd_client_packets" lineno="75908">
<summary>
Do not audit attempts to receive monopd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_monopd_client_packets" lineno="75927">
<summary>
Send and receive monopd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_monopd_client_packets" lineno="75943">
<summary>
Do not audit attempts to send and receive monopd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_monopd_client_packets" lineno="75958">
<summary>
Relabel packets to monopd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_monopd_server_packets" lineno="75978">
<summary>
Send monopd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_monopd_server_packets" lineno="75997">
<summary>
Do not audit attempts to send monopd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_monopd_server_packets" lineno="76016">
<summary>
Receive monopd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_monopd_server_packets" lineno="76035">
<summary>
Do not audit attempts to receive monopd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_monopd_server_packets" lineno="76054">
<summary>
Send and receive monopd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_monopd_server_packets" lineno="76070">
<summary>
Do not audit attempts to send and receive monopd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_monopd_server_packets" lineno="76085">
<summary>
Relabel packets to monopd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_mountd_port" lineno="76107">
<summary>
Send and receive TCP traffic on the mountd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_mountd_port" lineno="76126">
<summary>
Send UDP traffic on the mountd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_mountd_port" lineno="76145">
<summary>
Do not audit attempts to send UDP traffic on the mountd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_mountd_port" lineno="76164">
<summary>
Receive UDP traffic on the mountd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_mountd_port" lineno="76183">
<summary>
Do not audit attempts to receive UDP traffic on the mountd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_mountd_port" lineno="76202">
<summary>
Send and receive UDP traffic on the mountd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_mountd_port" lineno="76219">
<summary>
Do not audit attempts to send and receive
UDP traffic on the mountd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_mountd_port" lineno="76235">
<summary>
Bind TCP sockets to the mountd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_mountd_port" lineno="76255">
<summary>
Bind UDP sockets to the mountd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_mountd_port" lineno="76275">
<summary>
Do not audit attempts to sbind to mountd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_mountd_port" lineno="76294">
<summary>
Make a TCP connection to the mountd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_mountd_port" lineno="76311">
<summary>
Do not audit attempts to make a TCP connection to mountd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mountd_client_packets" lineno="76331">
<summary>
Send mountd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mountd_client_packets" lineno="76350">
<summary>
Do not audit attempts to send mountd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mountd_client_packets" lineno="76369">
<summary>
Receive mountd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mountd_client_packets" lineno="76388">
<summary>
Do not audit attempts to receive mountd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mountd_client_packets" lineno="76407">
<summary>
Send and receive mountd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mountd_client_packets" lineno="76423">
<summary>
Do not audit attempts to send and receive mountd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mountd_client_packets" lineno="76438">
<summary>
Relabel packets to mountd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mountd_server_packets" lineno="76458">
<summary>
Send mountd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mountd_server_packets" lineno="76477">
<summary>
Do not audit attempts to send mountd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mountd_server_packets" lineno="76496">
<summary>
Receive mountd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mountd_server_packets" lineno="76515">
<summary>
Do not audit attempts to receive mountd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mountd_server_packets" lineno="76534">
<summary>
Send and receive mountd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mountd_server_packets" lineno="76550">
<summary>
Do not audit attempts to send and receive mountd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mountd_server_packets" lineno="76565">
<summary>
Relabel packets to mountd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_movaz_ssc_port" lineno="76587">
<summary>
Send and receive TCP traffic on the movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_movaz_ssc_port" lineno="76606">
<summary>
Send UDP traffic on the movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_movaz_ssc_port" lineno="76625">
<summary>
Do not audit attempts to send UDP traffic on the movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_movaz_ssc_port" lineno="76644">
<summary>
Receive UDP traffic on the movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_movaz_ssc_port" lineno="76663">
<summary>
Do not audit attempts to receive UDP traffic on the movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_movaz_ssc_port" lineno="76682">
<summary>
Send and receive UDP traffic on the movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_movaz_ssc_port" lineno="76699">
<summary>
Do not audit attempts to send and receive
UDP traffic on the movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_movaz_ssc_port" lineno="76715">
<summary>
Bind TCP sockets to the movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_movaz_ssc_port" lineno="76735">
<summary>
Bind UDP sockets to the movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_movaz_ssc_port" lineno="76755">
<summary>
Do not audit attempts to sbind to movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_movaz_ssc_port" lineno="76774">
<summary>
Make a TCP connection to the movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_movaz_ssc_port" lineno="76791">
<summary>
Do not audit attempts to make a TCP connection to movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_movaz_ssc_client_packets" lineno="76811">
<summary>
Send movaz_ssc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_movaz_ssc_client_packets" lineno="76830">
<summary>
Do not audit attempts to send movaz_ssc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_movaz_ssc_client_packets" lineno="76849">
<summary>
Receive movaz_ssc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_movaz_ssc_client_packets" lineno="76868">
<summary>
Do not audit attempts to receive movaz_ssc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_movaz_ssc_client_packets" lineno="76887">
<summary>
Send and receive movaz_ssc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_movaz_ssc_client_packets" lineno="76903">
<summary>
Do not audit attempts to send and receive movaz_ssc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_movaz_ssc_client_packets" lineno="76918">
<summary>
Relabel packets to movaz_ssc_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_movaz_ssc_server_packets" lineno="76938">
<summary>
Send movaz_ssc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_movaz_ssc_server_packets" lineno="76957">
<summary>
Do not audit attempts to send movaz_ssc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_movaz_ssc_server_packets" lineno="76976">
<summary>
Receive movaz_ssc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_movaz_ssc_server_packets" lineno="76995">
<summary>
Do not audit attempts to receive movaz_ssc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_movaz_ssc_server_packets" lineno="77014">
<summary>
Send and receive movaz_ssc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_movaz_ssc_server_packets" lineno="77030">
<summary>
Do not audit attempts to send and receive movaz_ssc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_movaz_ssc_server_packets" lineno="77045">
<summary>
Relabel packets to movaz_ssc_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_mpd_port" lineno="77067">
<summary>
Send and receive TCP traffic on the mpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_mpd_port" lineno="77086">
<summary>
Send UDP traffic on the mpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_mpd_port" lineno="77105">
<summary>
Do not audit attempts to send UDP traffic on the mpd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_mpd_port" lineno="77124">
<summary>
Receive UDP traffic on the mpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_mpd_port" lineno="77143">
<summary>
Do not audit attempts to receive UDP traffic on the mpd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_mpd_port" lineno="77162">
<summary>
Send and receive UDP traffic on the mpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_mpd_port" lineno="77179">
<summary>
Do not audit attempts to send and receive
UDP traffic on the mpd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_mpd_port" lineno="77195">
<summary>
Bind TCP sockets to the mpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_mpd_port" lineno="77215">
<summary>
Bind UDP sockets to the mpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_mpd_port" lineno="77235">
<summary>
Do not audit attempts to sbind to mpd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_mpd_port" lineno="77254">
<summary>
Make a TCP connection to the mpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_mpd_port" lineno="77271">
<summary>
Do not audit attempts to make a TCP connection to mpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mpd_client_packets" lineno="77291">
<summary>
Send mpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mpd_client_packets" lineno="77310">
<summary>
Do not audit attempts to send mpd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mpd_client_packets" lineno="77329">
<summary>
Receive mpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mpd_client_packets" lineno="77348">
<summary>
Do not audit attempts to receive mpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mpd_client_packets" lineno="77367">
<summary>
Send and receive mpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mpd_client_packets" lineno="77383">
<summary>
Do not audit attempts to send and receive mpd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mpd_client_packets" lineno="77398">
<summary>
Relabel packets to mpd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mpd_server_packets" lineno="77418">
<summary>
Send mpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mpd_server_packets" lineno="77437">
<summary>
Do not audit attempts to send mpd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mpd_server_packets" lineno="77456">
<summary>
Receive mpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mpd_server_packets" lineno="77475">
<summary>
Do not audit attempts to receive mpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mpd_server_packets" lineno="77494">
<summary>
Send and receive mpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mpd_server_packets" lineno="77510">
<summary>
Do not audit attempts to send and receive mpd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mpd_server_packets" lineno="77525">
<summary>
Relabel packets to mpd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_msnp_port" lineno="77547">
<summary>
Send and receive TCP traffic on the msnp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_msnp_port" lineno="77566">
<summary>
Send UDP traffic on the msnp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_msnp_port" lineno="77585">
<summary>
Do not audit attempts to send UDP traffic on the msnp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_msnp_port" lineno="77604">
<summary>
Receive UDP traffic on the msnp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_msnp_port" lineno="77623">
<summary>
Do not audit attempts to receive UDP traffic on the msnp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_msnp_port" lineno="77642">
<summary>
Send and receive UDP traffic on the msnp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_msnp_port" lineno="77659">
<summary>
Do not audit attempts to send and receive
UDP traffic on the msnp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_msnp_port" lineno="77675">
<summary>
Bind TCP sockets to the msnp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_msnp_port" lineno="77695">
<summary>
Bind UDP sockets to the msnp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_msnp_port" lineno="77715">
<summary>
Do not audit attempts to sbind to msnp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_msnp_port" lineno="77734">
<summary>
Make a TCP connection to the msnp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_msnp_port" lineno="77751">
<summary>
Do not audit attempts to make a TCP connection to msnp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_msnp_client_packets" lineno="77771">
<summary>
Send msnp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_msnp_client_packets" lineno="77790">
<summary>
Do not audit attempts to send msnp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_msnp_client_packets" lineno="77809">
<summary>
Receive msnp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_msnp_client_packets" lineno="77828">
<summary>
Do not audit attempts to receive msnp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_msnp_client_packets" lineno="77847">
<summary>
Send and receive msnp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_msnp_client_packets" lineno="77863">
<summary>
Do not audit attempts to send and receive msnp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_msnp_client_packets" lineno="77878">
<summary>
Relabel packets to msnp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_msnp_server_packets" lineno="77898">
<summary>
Send msnp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_msnp_server_packets" lineno="77917">
<summary>
Do not audit attempts to send msnp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_msnp_server_packets" lineno="77936">
<summary>
Receive msnp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_msnp_server_packets" lineno="77955">
<summary>
Do not audit attempts to receive msnp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_msnp_server_packets" lineno="77974">
<summary>
Send and receive msnp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_msnp_server_packets" lineno="77990">
<summary>
Do not audit attempts to send and receive msnp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_msnp_server_packets" lineno="78005">
<summary>
Relabel packets to msnp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_mssql_port" lineno="78027">
<summary>
Send and receive TCP traffic on the mssql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_mssql_port" lineno="78046">
<summary>
Send UDP traffic on the mssql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_mssql_port" lineno="78065">
<summary>
Do not audit attempts to send UDP traffic on the mssql port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_mssql_port" lineno="78084">
<summary>
Receive UDP traffic on the mssql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_mssql_port" lineno="78103">
<summary>
Do not audit attempts to receive UDP traffic on the mssql port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_mssql_port" lineno="78122">
<summary>
Send and receive UDP traffic on the mssql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_mssql_port" lineno="78139">
<summary>
Do not audit attempts to send and receive
UDP traffic on the mssql port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_mssql_port" lineno="78155">
<summary>
Bind TCP sockets to the mssql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_mssql_port" lineno="78175">
<summary>
Bind UDP sockets to the mssql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_mssql_port" lineno="78195">
<summary>
Do not audit attempts to sbind to mssql port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_mssql_port" lineno="78214">
<summary>
Make a TCP connection to the mssql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_mssql_port" lineno="78231">
<summary>
Do not audit attempts to make a TCP connection to mssql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mssql_client_packets" lineno="78251">
<summary>
Send mssql_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mssql_client_packets" lineno="78270">
<summary>
Do not audit attempts to send mssql_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mssql_client_packets" lineno="78289">
<summary>
Receive mssql_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mssql_client_packets" lineno="78308">
<summary>
Do not audit attempts to receive mssql_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mssql_client_packets" lineno="78327">
<summary>
Send and receive mssql_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mssql_client_packets" lineno="78343">
<summary>
Do not audit attempts to send and receive mssql_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mssql_client_packets" lineno="78358">
<summary>
Relabel packets to mssql_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mssql_server_packets" lineno="78378">
<summary>
Send mssql_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mssql_server_packets" lineno="78397">
<summary>
Do not audit attempts to send mssql_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mssql_server_packets" lineno="78416">
<summary>
Receive mssql_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mssql_server_packets" lineno="78435">
<summary>
Do not audit attempts to receive mssql_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mssql_server_packets" lineno="78454">
<summary>
Send and receive mssql_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mssql_server_packets" lineno="78470">
<summary>
Do not audit attempts to send and receive mssql_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mssql_server_packets" lineno="78485">
<summary>
Relabel packets to mssql_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ms_streaming_port" lineno="78507">
<summary>
Send and receive TCP traffic on the ms_streaming port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ms_streaming_port" lineno="78526">
<summary>
Send UDP traffic on the ms_streaming port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ms_streaming_port" lineno="78545">
<summary>
Do not audit attempts to send UDP traffic on the ms_streaming port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ms_streaming_port" lineno="78564">
<summary>
Receive UDP traffic on the ms_streaming port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ms_streaming_port" lineno="78583">
<summary>
Do not audit attempts to receive UDP traffic on the ms_streaming port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ms_streaming_port" lineno="78602">
<summary>
Send and receive UDP traffic on the ms_streaming port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ms_streaming_port" lineno="78619">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ms_streaming port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ms_streaming_port" lineno="78635">
<summary>
Bind TCP sockets to the ms_streaming port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ms_streaming_port" lineno="78655">
<summary>
Bind UDP sockets to the ms_streaming port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_ms_streaming_port" lineno="78675">
<summary>
Do not audit attempts to sbind to ms_streaming port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ms_streaming_port" lineno="78694">
<summary>
Make a TCP connection to the ms_streaming port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_ms_streaming_port" lineno="78711">
<summary>
Do not audit attempts to make a TCP connection to ms_streaming port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ms_streaming_client_packets" lineno="78731">
<summary>
Send ms_streaming_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ms_streaming_client_packets" lineno="78750">
<summary>
Do not audit attempts to send ms_streaming_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ms_streaming_client_packets" lineno="78769">
<summary>
Receive ms_streaming_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ms_streaming_client_packets" lineno="78788">
<summary>
Do not audit attempts to receive ms_streaming_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ms_streaming_client_packets" lineno="78807">
<summary>
Send and receive ms_streaming_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ms_streaming_client_packets" lineno="78823">
<summary>
Do not audit attempts to send and receive ms_streaming_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ms_streaming_client_packets" lineno="78838">
<summary>
Relabel packets to ms_streaming_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ms_streaming_server_packets" lineno="78858">
<summary>
Send ms_streaming_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ms_streaming_server_packets" lineno="78877">
<summary>
Do not audit attempts to send ms_streaming_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ms_streaming_server_packets" lineno="78896">
<summary>
Receive ms_streaming_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ms_streaming_server_packets" lineno="78915">
<summary>
Do not audit attempts to receive ms_streaming_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ms_streaming_server_packets" lineno="78934">
<summary>
Send and receive ms_streaming_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ms_streaming_server_packets" lineno="78950">
<summary>
Do not audit attempts to send and receive ms_streaming_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ms_streaming_server_packets" lineno="78965">
<summary>
Relabel packets to ms_streaming_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_munin_port" lineno="78987">
<summary>
Send and receive TCP traffic on the munin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_munin_port" lineno="79006">
<summary>
Send UDP traffic on the munin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_munin_port" lineno="79025">
<summary>
Do not audit attempts to send UDP traffic on the munin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_munin_port" lineno="79044">
<summary>
Receive UDP traffic on the munin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_munin_port" lineno="79063">
<summary>
Do not audit attempts to receive UDP traffic on the munin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_munin_port" lineno="79082">
<summary>
Send and receive UDP traffic on the munin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_munin_port" lineno="79099">
<summary>
Do not audit attempts to send and receive
UDP traffic on the munin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_munin_port" lineno="79115">
<summary>
Bind TCP sockets to the munin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_munin_port" lineno="79135">
<summary>
Bind UDP sockets to the munin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_munin_port" lineno="79155">
<summary>
Do not audit attempts to sbind to munin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_munin_port" lineno="79174">
<summary>
Make a TCP connection to the munin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_munin_port" lineno="79191">
<summary>
Do not audit attempts to make a TCP connection to munin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_munin_client_packets" lineno="79211">
<summary>
Send munin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_munin_client_packets" lineno="79230">
<summary>
Do not audit attempts to send munin_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_munin_client_packets" lineno="79249">
<summary>
Receive munin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_munin_client_packets" lineno="79268">
<summary>
Do not audit attempts to receive munin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_munin_client_packets" lineno="79287">
<summary>
Send and receive munin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_munin_client_packets" lineno="79303">
<summary>
Do not audit attempts to send and receive munin_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_munin_client_packets" lineno="79318">
<summary>
Relabel packets to munin_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_munin_server_packets" lineno="79338">
<summary>
Send munin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_munin_server_packets" lineno="79357">
<summary>
Do not audit attempts to send munin_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_munin_server_packets" lineno="79376">
<summary>
Receive munin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_munin_server_packets" lineno="79395">
<summary>
Do not audit attempts to receive munin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_munin_server_packets" lineno="79414">
<summary>
Send and receive munin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_munin_server_packets" lineno="79430">
<summary>
Do not audit attempts to send and receive munin_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_munin_server_packets" lineno="79445">
<summary>
Relabel packets to munin_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_mxi_port" lineno="79467">
<summary>
Send and receive TCP traffic on the mxi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_mxi_port" lineno="79486">
<summary>
Send UDP traffic on the mxi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_mxi_port" lineno="79505">
<summary>
Do not audit attempts to send UDP traffic on the mxi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_mxi_port" lineno="79524">
<summary>
Receive UDP traffic on the mxi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_mxi_port" lineno="79543">
<summary>
Do not audit attempts to receive UDP traffic on the mxi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_mxi_port" lineno="79562">
<summary>
Send and receive UDP traffic on the mxi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_mxi_port" lineno="79579">
<summary>
Do not audit attempts to send and receive
UDP traffic on the mxi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_mxi_port" lineno="79595">
<summary>
Bind TCP sockets to the mxi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_mxi_port" lineno="79615">
<summary>
Bind UDP sockets to the mxi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_mxi_port" lineno="79635">
<summary>
Do not audit attempts to sbind to mxi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_mxi_port" lineno="79654">
<summary>
Make a TCP connection to the mxi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_mxi_port" lineno="79671">
<summary>
Do not audit attempts to make a TCP connection to mxi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mxi_client_packets" lineno="79691">
<summary>
Send mxi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mxi_client_packets" lineno="79710">
<summary>
Do not audit attempts to send mxi_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mxi_client_packets" lineno="79729">
<summary>
Receive mxi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mxi_client_packets" lineno="79748">
<summary>
Do not audit attempts to receive mxi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mxi_client_packets" lineno="79767">
<summary>
Send and receive mxi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mxi_client_packets" lineno="79783">
<summary>
Do not audit attempts to send and receive mxi_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mxi_client_packets" lineno="79798">
<summary>
Relabel packets to mxi_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mxi_server_packets" lineno="79818">
<summary>
Send mxi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mxi_server_packets" lineno="79837">
<summary>
Do not audit attempts to send mxi_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mxi_server_packets" lineno="79856">
<summary>
Receive mxi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mxi_server_packets" lineno="79875">
<summary>
Do not audit attempts to receive mxi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mxi_server_packets" lineno="79894">
<summary>
Send and receive mxi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mxi_server_packets" lineno="79910">
<summary>
Do not audit attempts to send and receive mxi_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mxi_server_packets" lineno="79925">
<summary>
Relabel packets to mxi_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_mysqld_port" lineno="79947">
<summary>
Send and receive TCP traffic on the mysqld port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_mysqld_port" lineno="79966">
<summary>
Send UDP traffic on the mysqld port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_mysqld_port" lineno="79985">
<summary>
Do not audit attempts to send UDP traffic on the mysqld port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_mysqld_port" lineno="80004">
<summary>
Receive UDP traffic on the mysqld port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_mysqld_port" lineno="80023">
<summary>
Do not audit attempts to receive UDP traffic on the mysqld port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_mysqld_port" lineno="80042">
<summary>
Send and receive UDP traffic on the mysqld port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_mysqld_port" lineno="80059">
<summary>
Do not audit attempts to send and receive
UDP traffic on the mysqld port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_mysqld_port" lineno="80075">
<summary>
Bind TCP sockets to the mysqld port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_mysqld_port" lineno="80095">
<summary>
Bind UDP sockets to the mysqld port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_mysqld_port" lineno="80115">
<summary>
Do not audit attempts to sbind to mysqld port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_mysqld_port" lineno="80134">
<summary>
Make a TCP connection to the mysqld port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_mysqld_port" lineno="80151">
<summary>
Do not audit attempts to make a TCP connection to mysqld port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mysqld_client_packets" lineno="80171">
<summary>
Send mysqld_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mysqld_client_packets" lineno="80190">
<summary>
Do not audit attempts to send mysqld_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mysqld_client_packets" lineno="80209">
<summary>
Receive mysqld_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mysqld_client_packets" lineno="80228">
<summary>
Do not audit attempts to receive mysqld_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mysqld_client_packets" lineno="80247">
<summary>
Send and receive mysqld_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mysqld_client_packets" lineno="80263">
<summary>
Do not audit attempts to send and receive mysqld_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mysqld_client_packets" lineno="80278">
<summary>
Relabel packets to mysqld_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mysqld_server_packets" lineno="80298">
<summary>
Send mysqld_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mysqld_server_packets" lineno="80317">
<summary>
Do not audit attempts to send mysqld_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mysqld_server_packets" lineno="80336">
<summary>
Receive mysqld_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mysqld_server_packets" lineno="80355">
<summary>
Do not audit attempts to receive mysqld_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mysqld_server_packets" lineno="80374">
<summary>
Send and receive mysqld_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mysqld_server_packets" lineno="80390">
<summary>
Do not audit attempts to send and receive mysqld_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mysqld_server_packets" lineno="80405">
<summary>
Relabel packets to mysqld_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_mysqlmanagerd_port" lineno="80427">
<summary>
Send and receive TCP traffic on the mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_mysqlmanagerd_port" lineno="80446">
<summary>
Send UDP traffic on the mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_mysqlmanagerd_port" lineno="80465">
<summary>
Do not audit attempts to send UDP traffic on the mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_mysqlmanagerd_port" lineno="80484">
<summary>
Receive UDP traffic on the mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_mysqlmanagerd_port" lineno="80503">
<summary>
Do not audit attempts to receive UDP traffic on the mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_mysqlmanagerd_port" lineno="80522">
<summary>
Send and receive UDP traffic on the mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_mysqlmanagerd_port" lineno="80539">
<summary>
Do not audit attempts to send and receive
UDP traffic on the mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_mysqlmanagerd_port" lineno="80555">
<summary>
Bind TCP sockets to the mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_mysqlmanagerd_port" lineno="80575">
<summary>
Bind UDP sockets to the mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_mysqlmanagerd_port" lineno="80595">
<summary>
Do not audit attempts to sbind to mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_mysqlmanagerd_port" lineno="80614">
<summary>
Make a TCP connection to the mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_mysqlmanagerd_port" lineno="80631">
<summary>
Do not audit attempts to make a TCP connection to mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mysqlmanagerd_client_packets" lineno="80651">
<summary>
Send mysqlmanagerd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mysqlmanagerd_client_packets" lineno="80670">
<summary>
Do not audit attempts to send mysqlmanagerd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mysqlmanagerd_client_packets" lineno="80689">
<summary>
Receive mysqlmanagerd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mysqlmanagerd_client_packets" lineno="80708">
<summary>
Do not audit attempts to receive mysqlmanagerd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mysqlmanagerd_client_packets" lineno="80727">
<summary>
Send and receive mysqlmanagerd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mysqlmanagerd_client_packets" lineno="80743">
<summary>
Do not audit attempts to send and receive mysqlmanagerd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mysqlmanagerd_client_packets" lineno="80758">
<summary>
Relabel packets to mysqlmanagerd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mysqlmanagerd_server_packets" lineno="80778">
<summary>
Send mysqlmanagerd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mysqlmanagerd_server_packets" lineno="80797">
<summary>
Do not audit attempts to send mysqlmanagerd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mysqlmanagerd_server_packets" lineno="80816">
<summary>
Receive mysqlmanagerd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mysqlmanagerd_server_packets" lineno="80835">
<summary>
Do not audit attempts to receive mysqlmanagerd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mysqlmanagerd_server_packets" lineno="80854">
<summary>
Send and receive mysqlmanagerd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mysqlmanagerd_server_packets" lineno="80870">
<summary>
Do not audit attempts to send and receive mysqlmanagerd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mysqlmanagerd_server_packets" lineno="80885">
<summary>
Relabel packets to mysqlmanagerd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_mythtv_port" lineno="80907">
<summary>
Send and receive TCP traffic on the mythtv port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_mythtv_port" lineno="80926">
<summary>
Send UDP traffic on the mythtv port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_mythtv_port" lineno="80945">
<summary>
Do not audit attempts to send UDP traffic on the mythtv port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_mythtv_port" lineno="80964">
<summary>
Receive UDP traffic on the mythtv port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_mythtv_port" lineno="80983">
<summary>
Do not audit attempts to receive UDP traffic on the mythtv port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_mythtv_port" lineno="81002">
<summary>
Send and receive UDP traffic on the mythtv port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_mythtv_port" lineno="81019">
<summary>
Do not audit attempts to send and receive
UDP traffic on the mythtv port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_mythtv_port" lineno="81035">
<summary>
Bind TCP sockets to the mythtv port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_mythtv_port" lineno="81055">
<summary>
Bind UDP sockets to the mythtv port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_mythtv_port" lineno="81075">
<summary>
Do not audit attempts to sbind to mythtv port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_mythtv_port" lineno="81094">
<summary>
Make a TCP connection to the mythtv port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_mythtv_port" lineno="81111">
<summary>
Do not audit attempts to make a TCP connection to mythtv port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mythtv_client_packets" lineno="81131">
<summary>
Send mythtv_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mythtv_client_packets" lineno="81150">
<summary>
Do not audit attempts to send mythtv_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mythtv_client_packets" lineno="81169">
<summary>
Receive mythtv_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mythtv_client_packets" lineno="81188">
<summary>
Do not audit attempts to receive mythtv_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mythtv_client_packets" lineno="81207">
<summary>
Send and receive mythtv_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mythtv_client_packets" lineno="81223">
<summary>
Do not audit attempts to send and receive mythtv_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mythtv_client_packets" lineno="81238">
<summary>
Relabel packets to mythtv_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mythtv_server_packets" lineno="81258">
<summary>
Send mythtv_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mythtv_server_packets" lineno="81277">
<summary>
Do not audit attempts to send mythtv_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mythtv_server_packets" lineno="81296">
<summary>
Receive mythtv_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mythtv_server_packets" lineno="81315">
<summary>
Do not audit attempts to receive mythtv_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mythtv_server_packets" lineno="81334">
<summary>
Send and receive mythtv_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mythtv_server_packets" lineno="81350">
<summary>
Do not audit attempts to send and receive mythtv_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mythtv_server_packets" lineno="81365">
<summary>
Relabel packets to mythtv_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_nessus_port" lineno="81387">
<summary>
Send and receive TCP traffic on the nessus port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_nessus_port" lineno="81406">
<summary>
Send UDP traffic on the nessus port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_nessus_port" lineno="81425">
<summary>
Do not audit attempts to send UDP traffic on the nessus port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_nessus_port" lineno="81444">
<summary>
Receive UDP traffic on the nessus port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_nessus_port" lineno="81463">
<summary>
Do not audit attempts to receive UDP traffic on the nessus port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_nessus_port" lineno="81482">
<summary>
Send and receive UDP traffic on the nessus port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_nessus_port" lineno="81499">
<summary>
Do not audit attempts to send and receive
UDP traffic on the nessus port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_nessus_port" lineno="81515">
<summary>
Bind TCP sockets to the nessus port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_nessus_port" lineno="81535">
<summary>
Bind UDP sockets to the nessus port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_nessus_port" lineno="81555">
<summary>
Do not audit attempts to sbind to nessus port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_nessus_port" lineno="81574">
<summary>
Make a TCP connection to the nessus port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_nessus_port" lineno="81591">
<summary>
Do not audit attempts to make a TCP connection to nessus port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_nessus_client_packets" lineno="81611">
<summary>
Send nessus_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_nessus_client_packets" lineno="81630">
<summary>
Do not audit attempts to send nessus_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_nessus_client_packets" lineno="81649">
<summary>
Receive nessus_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_nessus_client_packets" lineno="81668">
<summary>
Do not audit attempts to receive nessus_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_nessus_client_packets" lineno="81687">
<summary>
Send and receive nessus_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_nessus_client_packets" lineno="81703">
<summary>
Do not audit attempts to send and receive nessus_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_nessus_client_packets" lineno="81718">
<summary>
Relabel packets to nessus_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_nessus_server_packets" lineno="81738">
<summary>
Send nessus_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_nessus_server_packets" lineno="81757">
<summary>
Do not audit attempts to send nessus_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_nessus_server_packets" lineno="81776">
<summary>
Receive nessus_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_nessus_server_packets" lineno="81795">
<summary>
Do not audit attempts to receive nessus_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_nessus_server_packets" lineno="81814">
<summary>
Send and receive nessus_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_nessus_server_packets" lineno="81830">
<summary>
Do not audit attempts to send and receive nessus_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_nessus_server_packets" lineno="81845">
<summary>
Relabel packets to nessus_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_netport_port" lineno="81867">
<summary>
Send and receive TCP traffic on the netport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_netport_port" lineno="81886">
<summary>
Send UDP traffic on the netport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_netport_port" lineno="81905">
<summary>
Do not audit attempts to send UDP traffic on the netport port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_netport_port" lineno="81924">
<summary>
Receive UDP traffic on the netport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_netport_port" lineno="81943">
<summary>
Do not audit attempts to receive UDP traffic on the netport port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_netport_port" lineno="81962">
<summary>
Send and receive UDP traffic on the netport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_netport_port" lineno="81979">
<summary>
Do not audit attempts to send and receive
UDP traffic on the netport port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_netport_port" lineno="81995">
<summary>
Bind TCP sockets to the netport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_netport_port" lineno="82015">
<summary>
Bind UDP sockets to the netport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_netport_port" lineno="82035">
<summary>
Do not audit attempts to sbind to netport port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_netport_port" lineno="82054">
<summary>
Make a TCP connection to the netport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_netport_port" lineno="82071">
<summary>
Do not audit attempts to make a TCP connection to netport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_netport_client_packets" lineno="82091">
<summary>
Send netport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_netport_client_packets" lineno="82110">
<summary>
Do not audit attempts to send netport_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_netport_client_packets" lineno="82129">
<summary>
Receive netport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_netport_client_packets" lineno="82148">
<summary>
Do not audit attempts to receive netport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_netport_client_packets" lineno="82167">
<summary>
Send and receive netport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_netport_client_packets" lineno="82183">
<summary>
Do not audit attempts to send and receive netport_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_netport_client_packets" lineno="82198">
<summary>
Relabel packets to netport_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_netport_server_packets" lineno="82218">
<summary>
Send netport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_netport_server_packets" lineno="82237">
<summary>
Do not audit attempts to send netport_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_netport_server_packets" lineno="82256">
<summary>
Receive netport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_netport_server_packets" lineno="82275">
<summary>
Do not audit attempts to receive netport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_netport_server_packets" lineno="82294">
<summary>
Send and receive netport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_netport_server_packets" lineno="82310">
<summary>
Do not audit attempts to send and receive netport_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_netport_server_packets" lineno="82325">
<summary>
Relabel packets to netport_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_netsupport_port" lineno="82347">
<summary>
Send and receive TCP traffic on the netsupport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_netsupport_port" lineno="82366">
<summary>
Send UDP traffic on the netsupport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_netsupport_port" lineno="82385">
<summary>
Do not audit attempts to send UDP traffic on the netsupport port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_netsupport_port" lineno="82404">
<summary>
Receive UDP traffic on the netsupport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_netsupport_port" lineno="82423">
<summary>
Do not audit attempts to receive UDP traffic on the netsupport port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_netsupport_port" lineno="82442">
<summary>
Send and receive UDP traffic on the netsupport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_netsupport_port" lineno="82459">
<summary>
Do not audit attempts to send and receive
UDP traffic on the netsupport port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_netsupport_port" lineno="82475">
<summary>
Bind TCP sockets to the netsupport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_netsupport_port" lineno="82495">
<summary>
Bind UDP sockets to the netsupport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_netsupport_port" lineno="82515">
<summary>
Do not audit attempts to sbind to netsupport port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_netsupport_port" lineno="82534">
<summary>
Make a TCP connection to the netsupport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_netsupport_port" lineno="82551">
<summary>
Do not audit attempts to make a TCP connection to netsupport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_netsupport_client_packets" lineno="82571">
<summary>
Send netsupport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_netsupport_client_packets" lineno="82590">
<summary>
Do not audit attempts to send netsupport_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_netsupport_client_packets" lineno="82609">
<summary>
Receive netsupport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_netsupport_client_packets" lineno="82628">
<summary>
Do not audit attempts to receive netsupport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_netsupport_client_packets" lineno="82647">
<summary>
Send and receive netsupport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_netsupport_client_packets" lineno="82663">
<summary>
Do not audit attempts to send and receive netsupport_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_netsupport_client_packets" lineno="82678">
<summary>
Relabel packets to netsupport_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_netsupport_server_packets" lineno="82698">
<summary>
Send netsupport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_netsupport_server_packets" lineno="82717">
<summary>
Do not audit attempts to send netsupport_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_netsupport_server_packets" lineno="82736">
<summary>
Receive netsupport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_netsupport_server_packets" lineno="82755">
<summary>
Do not audit attempts to receive netsupport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_netsupport_server_packets" lineno="82774">
<summary>
Send and receive netsupport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_netsupport_server_packets" lineno="82790">
<summary>
Do not audit attempts to send and receive netsupport_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_netsupport_server_packets" lineno="82805">
<summary>
Relabel packets to netsupport_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_nfs_port" lineno="82827">
<summary>
Send and receive TCP traffic on the nfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_nfs_port" lineno="82846">
<summary>
Send UDP traffic on the nfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_nfs_port" lineno="82865">
<summary>
Do not audit attempts to send UDP traffic on the nfs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_nfs_port" lineno="82884">
<summary>
Receive UDP traffic on the nfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_nfs_port" lineno="82903">
<summary>
Do not audit attempts to receive UDP traffic on the nfs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_nfs_port" lineno="82922">
<summary>
Send and receive UDP traffic on the nfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_nfs_port" lineno="82939">
<summary>
Do not audit attempts to send and receive
UDP traffic on the nfs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_nfs_port" lineno="82955">
<summary>
Bind TCP sockets to the nfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_nfs_port" lineno="82975">
<summary>
Bind UDP sockets to the nfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_nfs_port" lineno="82995">
<summary>
Do not audit attempts to sbind to nfs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_nfs_port" lineno="83014">
<summary>
Make a TCP connection to the nfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_nfs_port" lineno="83031">
<summary>
Do not audit attempts to make a TCP connection to nfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_nfs_client_packets" lineno="83051">
<summary>
Send nfs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_nfs_client_packets" lineno="83070">
<summary>
Do not audit attempts to send nfs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_nfs_client_packets" lineno="83089">
<summary>
Receive nfs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_nfs_client_packets" lineno="83108">
<summary>
Do not audit attempts to receive nfs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_nfs_client_packets" lineno="83127">
<summary>
Send and receive nfs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_nfs_client_packets" lineno="83143">
<summary>
Do not audit attempts to send and receive nfs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_nfs_client_packets" lineno="83158">
<summary>
Relabel packets to nfs_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_nfs_server_packets" lineno="83178">
<summary>
Send nfs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_nfs_server_packets" lineno="83197">
<summary>
Do not audit attempts to send nfs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_nfs_server_packets" lineno="83216">
<summary>
Receive nfs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_nfs_server_packets" lineno="83235">
<summary>
Do not audit attempts to receive nfs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_nfs_server_packets" lineno="83254">
<summary>
Send and receive nfs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_nfs_server_packets" lineno="83270">
<summary>
Do not audit attempts to send and receive nfs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_nfs_server_packets" lineno="83285">
<summary>
Relabel packets to nfs_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_nmbd_port" lineno="83307">
<summary>
Send and receive TCP traffic on the nmbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_nmbd_port" lineno="83326">
<summary>
Send UDP traffic on the nmbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_nmbd_port" lineno="83345">
<summary>
Do not audit attempts to send UDP traffic on the nmbd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_nmbd_port" lineno="83364">
<summary>
Receive UDP traffic on the nmbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_nmbd_port" lineno="83383">
<summary>
Do not audit attempts to receive UDP traffic on the nmbd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_nmbd_port" lineno="83402">
<summary>
Send and receive UDP traffic on the nmbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_nmbd_port" lineno="83419">
<summary>
Do not audit attempts to send and receive
UDP traffic on the nmbd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_nmbd_port" lineno="83435">
<summary>
Bind TCP sockets to the nmbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_nmbd_port" lineno="83455">
<summary>
Bind UDP sockets to the nmbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_nmbd_port" lineno="83475">
<summary>
Do not audit attempts to sbind to nmbd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_nmbd_port" lineno="83494">
<summary>
Make a TCP connection to the nmbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_nmbd_port" lineno="83511">
<summary>
Do not audit attempts to make a TCP connection to nmbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_nmbd_client_packets" lineno="83531">
<summary>
Send nmbd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_nmbd_client_packets" lineno="83550">
<summary>
Do not audit attempts to send nmbd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_nmbd_client_packets" lineno="83569">
<summary>
Receive nmbd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_nmbd_client_packets" lineno="83588">
<summary>
Do not audit attempts to receive nmbd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_nmbd_client_packets" lineno="83607">
<summary>
Send and receive nmbd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_nmbd_client_packets" lineno="83623">
<summary>
Do not audit attempts to send and receive nmbd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_nmbd_client_packets" lineno="83638">
<summary>
Relabel packets to nmbd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_nmbd_server_packets" lineno="83658">
<summary>
Send nmbd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_nmbd_server_packets" lineno="83677">
<summary>
Do not audit attempts to send nmbd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_nmbd_server_packets" lineno="83696">
<summary>
Receive nmbd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_nmbd_server_packets" lineno="83715">
<summary>
Do not audit attempts to receive nmbd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_nmbd_server_packets" lineno="83734">
<summary>
Send and receive nmbd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_nmbd_server_packets" lineno="83750">
<summary>
Do not audit attempts to send and receive nmbd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_nmbd_server_packets" lineno="83765">
<summary>
Relabel packets to nmbd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_nmea_port" lineno="83787">
<summary>
Send and receive TCP traffic on the nmea port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_nmea_port" lineno="83806">
<summary>
Send UDP traffic on the nmea port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_nmea_port" lineno="83825">
<summary>
Do not audit attempts to send UDP traffic on the nmea port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_nmea_port" lineno="83844">
<summary>
Receive UDP traffic on the nmea port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_nmea_port" lineno="83863">
<summary>
Do not audit attempts to receive UDP traffic on the nmea port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_nmea_port" lineno="83882">
<summary>
Send and receive UDP traffic on the nmea port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_nmea_port" lineno="83899">
<summary>
Do not audit attempts to send and receive
UDP traffic on the nmea port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_nmea_port" lineno="83915">
<summary>
Bind TCP sockets to the nmea port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_nmea_port" lineno="83935">
<summary>
Bind UDP sockets to the nmea port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_nmea_port" lineno="83955">
<summary>
Do not audit attempts to sbind to nmea port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_nmea_port" lineno="83974">
<summary>
Make a TCP connection to the nmea port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_nmea_port" lineno="83991">
<summary>
Do not audit attempts to make a TCP connection to nmea port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_nmea_client_packets" lineno="84011">
<summary>
Send nmea_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_nmea_client_packets" lineno="84030">
<summary>
Do not audit attempts to send nmea_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_nmea_client_packets" lineno="84049">
<summary>
Receive nmea_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_nmea_client_packets" lineno="84068">
<summary>
Do not audit attempts to receive nmea_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_nmea_client_packets" lineno="84087">
<summary>
Send and receive nmea_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_nmea_client_packets" lineno="84103">
<summary>
Do not audit attempts to send and receive nmea_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_nmea_client_packets" lineno="84118">
<summary>
Relabel packets to nmea_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_nmea_server_packets" lineno="84138">
<summary>
Send nmea_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_nmea_server_packets" lineno="84157">
<summary>
Do not audit attempts to send nmea_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_nmea_server_packets" lineno="84176">
<summary>
Receive nmea_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_nmea_server_packets" lineno="84195">
<summary>
Do not audit attempts to receive nmea_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_nmea_server_packets" lineno="84214">
<summary>
Send and receive nmea_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_nmea_server_packets" lineno="84230">
<summary>
Do not audit attempts to send and receive nmea_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_nmea_server_packets" lineno="84245">
<summary>
Relabel packets to nmea_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_nodejs_debug_port" lineno="84267">
<summary>
Send and receive TCP traffic on the nodejs_debug port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_nodejs_debug_port" lineno="84286">
<summary>
Send UDP traffic on the nodejs_debug port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_nodejs_debug_port" lineno="84305">
<summary>
Do not audit attempts to send UDP traffic on the nodejs_debug port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_nodejs_debug_port" lineno="84324">
<summary>
Receive UDP traffic on the nodejs_debug port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_nodejs_debug_port" lineno="84343">
<summary>
Do not audit attempts to receive UDP traffic on the nodejs_debug port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_nodejs_debug_port" lineno="84362">
<summary>
Send and receive UDP traffic on the nodejs_debug port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_nodejs_debug_port" lineno="84379">
<summary>
Do not audit attempts to send and receive
UDP traffic on the nodejs_debug port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_nodejs_debug_port" lineno="84395">
<summary>
Bind TCP sockets to the nodejs_debug port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_nodejs_debug_port" lineno="84415">
<summary>
Bind UDP sockets to the nodejs_debug port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_nodejs_debug_port" lineno="84435">
<summary>
Do not audit attempts to sbind to nodejs_debug port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_nodejs_debug_port" lineno="84454">
<summary>
Make a TCP connection to the nodejs_debug port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_nodejs_debug_port" lineno="84471">
<summary>
Do not audit attempts to make a TCP connection to nodejs_debug port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_nodejs_debug_client_packets" lineno="84491">
<summary>
Send nodejs_debug_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_nodejs_debug_client_packets" lineno="84510">
<summary>
Do not audit attempts to send nodejs_debug_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_nodejs_debug_client_packets" lineno="84529">
<summary>
Receive nodejs_debug_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_nodejs_debug_client_packets" lineno="84548">
<summary>
Do not audit attempts to receive nodejs_debug_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_nodejs_debug_client_packets" lineno="84567">
<summary>
Send and receive nodejs_debug_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_nodejs_debug_client_packets" lineno="84583">
<summary>
Do not audit attempts to send and receive nodejs_debug_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_nodejs_debug_client_packets" lineno="84598">
<summary>
Relabel packets to nodejs_debug_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_nodejs_debug_server_packets" lineno="84618">
<summary>
Send nodejs_debug_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_nodejs_debug_server_packets" lineno="84637">
<summary>
Do not audit attempts to send nodejs_debug_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_nodejs_debug_server_packets" lineno="84656">
<summary>
Receive nodejs_debug_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_nodejs_debug_server_packets" lineno="84675">
<summary>
Do not audit attempts to receive nodejs_debug_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_nodejs_debug_server_packets" lineno="84694">
<summary>
Send and receive nodejs_debug_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_nodejs_debug_server_packets" lineno="84710">
<summary>
Do not audit attempts to send and receive nodejs_debug_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_nodejs_debug_server_packets" lineno="84725">
<summary>
Relabel packets to nodejs_debug_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_nsca_port" lineno="84747">
<summary>
Send and receive TCP traffic on the nsca port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_nsca_port" lineno="84766">
<summary>
Send UDP traffic on the nsca port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_nsca_port" lineno="84785">
<summary>
Do not audit attempts to send UDP traffic on the nsca port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_nsca_port" lineno="84804">
<summary>
Receive UDP traffic on the nsca port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_nsca_port" lineno="84823">
<summary>
Do not audit attempts to receive UDP traffic on the nsca port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_nsca_port" lineno="84842">
<summary>
Send and receive UDP traffic on the nsca port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_nsca_port" lineno="84859">
<summary>
Do not audit attempts to send and receive
UDP traffic on the nsca port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_nsca_port" lineno="84875">
<summary>
Bind TCP sockets to the nsca port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_nsca_port" lineno="84895">
<summary>
Bind UDP sockets to the nsca port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_nsca_port" lineno="84915">
<summary>
Do not audit attempts to sbind to nsca port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_nsca_port" lineno="84934">
<summary>
Make a TCP connection to the nsca port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_nsca_port" lineno="84951">
<summary>
Do not audit attempts to make a TCP connection to nsca port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_nsca_client_packets" lineno="84971">
<summary>
Send nsca_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_nsca_client_packets" lineno="84990">
<summary>
Do not audit attempts to send nsca_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_nsca_client_packets" lineno="85009">
<summary>
Receive nsca_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_nsca_client_packets" lineno="85028">
<summary>
Do not audit attempts to receive nsca_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_nsca_client_packets" lineno="85047">
<summary>
Send and receive nsca_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_nsca_client_packets" lineno="85063">
<summary>
Do not audit attempts to send and receive nsca_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_nsca_client_packets" lineno="85078">
<summary>
Relabel packets to nsca_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_nsca_server_packets" lineno="85098">
<summary>
Send nsca_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_nsca_server_packets" lineno="85117">
<summary>
Do not audit attempts to send nsca_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_nsca_server_packets" lineno="85136">
<summary>
Receive nsca_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_nsca_server_packets" lineno="85155">
<summary>
Do not audit attempts to receive nsca_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_nsca_server_packets" lineno="85174">
<summary>
Send and receive nsca_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_nsca_server_packets" lineno="85190">
<summary>
Do not audit attempts to send and receive nsca_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_nsca_server_packets" lineno="85205">
<summary>
Relabel packets to nsca_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ntop_port" lineno="85227">
<summary>
Send and receive TCP traffic on the ntop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ntop_port" lineno="85246">
<summary>
Send UDP traffic on the ntop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ntop_port" lineno="85265">
<summary>
Do not audit attempts to send UDP traffic on the ntop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ntop_port" lineno="85284">
<summary>
Receive UDP traffic on the ntop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ntop_port" lineno="85303">
<summary>
Do not audit attempts to receive UDP traffic on the ntop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ntop_port" lineno="85322">
<summary>
Send and receive UDP traffic on the ntop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ntop_port" lineno="85339">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ntop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ntop_port" lineno="85355">
<summary>
Bind TCP sockets to the ntop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ntop_port" lineno="85375">
<summary>
Bind UDP sockets to the ntop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_ntop_port" lineno="85395">
<summary>
Do not audit attempts to sbind to ntop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ntop_port" lineno="85414">
<summary>
Make a TCP connection to the ntop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_ntop_port" lineno="85431">
<summary>
Do not audit attempts to make a TCP connection to ntop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ntop_client_packets" lineno="85451">
<summary>
Send ntop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ntop_client_packets" lineno="85470">
<summary>
Do not audit attempts to send ntop_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ntop_client_packets" lineno="85489">
<summary>
Receive ntop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ntop_client_packets" lineno="85508">
<summary>
Do not audit attempts to receive ntop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ntop_client_packets" lineno="85527">
<summary>
Send and receive ntop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ntop_client_packets" lineno="85543">
<summary>
Do not audit attempts to send and receive ntop_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ntop_client_packets" lineno="85558">
<summary>
Relabel packets to ntop_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ntop_server_packets" lineno="85578">
<summary>
Send ntop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ntop_server_packets" lineno="85597">
<summary>
Do not audit attempts to send ntop_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ntop_server_packets" lineno="85616">
<summary>
Receive ntop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ntop_server_packets" lineno="85635">
<summary>
Do not audit attempts to receive ntop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ntop_server_packets" lineno="85654">
<summary>
Send and receive ntop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ntop_server_packets" lineno="85670">
<summary>
Do not audit attempts to send and receive ntop_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ntop_server_packets" lineno="85685">
<summary>
Relabel packets to ntop_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ntp_port" lineno="85707">
<summary>
Send and receive TCP traffic on the ntp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ntp_port" lineno="85726">
<summary>
Send UDP traffic on the ntp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ntp_port" lineno="85745">
<summary>
Do not audit attempts to send UDP traffic on the ntp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ntp_port" lineno="85764">
<summary>
Receive UDP traffic on the ntp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ntp_port" lineno="85783">
<summary>
Do not audit attempts to receive UDP traffic on the ntp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ntp_port" lineno="85802">
<summary>
Send and receive UDP traffic on the ntp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ntp_port" lineno="85819">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ntp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ntp_port" lineno="85835">
<summary>
Bind TCP sockets to the ntp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ntp_port" lineno="85855">
<summary>
Bind UDP sockets to the ntp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_ntp_port" lineno="85875">
<summary>
Do not audit attempts to sbind to ntp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ntp_port" lineno="85894">
<summary>
Make a TCP connection to the ntp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_ntp_port" lineno="85911">
<summary>
Do not audit attempts to make a TCP connection to ntp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ntp_client_packets" lineno="85931">
<summary>
Send ntp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ntp_client_packets" lineno="85950">
<summary>
Do not audit attempts to send ntp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ntp_client_packets" lineno="85969">
<summary>
Receive ntp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ntp_client_packets" lineno="85988">
<summary>
Do not audit attempts to receive ntp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ntp_client_packets" lineno="86007">
<summary>
Send and receive ntp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ntp_client_packets" lineno="86023">
<summary>
Do not audit attempts to send and receive ntp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ntp_client_packets" lineno="86038">
<summary>
Relabel packets to ntp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ntp_server_packets" lineno="86058">
<summary>
Send ntp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ntp_server_packets" lineno="86077">
<summary>
Do not audit attempts to send ntp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ntp_server_packets" lineno="86096">
<summary>
Receive ntp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ntp_server_packets" lineno="86115">
<summary>
Do not audit attempts to receive ntp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ntp_server_packets" lineno="86134">
<summary>
Send and receive ntp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ntp_server_packets" lineno="86150">
<summary>
Do not audit attempts to send and receive ntp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ntp_server_packets" lineno="86165">
<summary>
Relabel packets to ntp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ntske_port" lineno="86187">
<summary>
Send and receive TCP traffic on the ntske port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ntske_port" lineno="86206">
<summary>
Send UDP traffic on the ntske port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ntske_port" lineno="86225">
<summary>
Do not audit attempts to send UDP traffic on the ntske port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ntske_port" lineno="86244">
<summary>
Receive UDP traffic on the ntske port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ntske_port" lineno="86263">
<summary>
Do not audit attempts to receive UDP traffic on the ntske port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ntske_port" lineno="86282">
<summary>
Send and receive UDP traffic on the ntske port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ntske_port" lineno="86299">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ntske port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ntske_port" lineno="86315">
<summary>
Bind TCP sockets to the ntske port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ntske_port" lineno="86335">
<summary>
Bind UDP sockets to the ntske port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_ntske_port" lineno="86355">
<summary>
Do not audit attempts to sbind to ntske port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ntske_port" lineno="86374">
<summary>
Make a TCP connection to the ntske port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_ntske_port" lineno="86391">
<summary>
Do not audit attempts to make a TCP connection to ntske port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ntske_client_packets" lineno="86411">
<summary>
Send ntske_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ntske_client_packets" lineno="86430">
<summary>
Do not audit attempts to send ntske_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ntske_client_packets" lineno="86449">
<summary>
Receive ntske_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ntske_client_packets" lineno="86468">
<summary>
Do not audit attempts to receive ntske_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ntske_client_packets" lineno="86487">
<summary>
Send and receive ntske_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ntske_client_packets" lineno="86503">
<summary>
Do not audit attempts to send and receive ntske_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ntske_client_packets" lineno="86518">
<summary>
Relabel packets to ntske_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ntske_server_packets" lineno="86538">
<summary>
Send ntske_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ntske_server_packets" lineno="86557">
<summary>
Do not audit attempts to send ntske_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ntske_server_packets" lineno="86576">
<summary>
Receive ntske_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ntske_server_packets" lineno="86595">
<summary>
Do not audit attempts to receive ntske_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ntske_server_packets" lineno="86614">
<summary>
Send and receive ntske_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ntske_server_packets" lineno="86630">
<summary>
Do not audit attempts to send and receive ntske_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ntske_server_packets" lineno="86645">
<summary>
Relabel packets to ntske_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_oracle_port" lineno="86667">
<summary>
Send and receive TCP traffic on the oracle port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_oracle_port" lineno="86686">
<summary>
Send UDP traffic on the oracle port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_oracle_port" lineno="86705">
<summary>
Do not audit attempts to send UDP traffic on the oracle port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_oracle_port" lineno="86724">
<summary>
Receive UDP traffic on the oracle port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_oracle_port" lineno="86743">
<summary>
Do not audit attempts to receive UDP traffic on the oracle port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_oracle_port" lineno="86762">
<summary>
Send and receive UDP traffic on the oracle port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_oracle_port" lineno="86779">
<summary>
Do not audit attempts to send and receive
UDP traffic on the oracle port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_oracle_port" lineno="86795">
<summary>
Bind TCP sockets to the oracle port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_oracle_port" lineno="86815">
<summary>
Bind UDP sockets to the oracle port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_oracle_port" lineno="86835">
<summary>
Do not audit attempts to sbind to oracle port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_oracle_port" lineno="86854">
<summary>
Make a TCP connection to the oracle port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_oracle_port" lineno="86871">
<summary>
Do not audit attempts to make a TCP connection to oracle port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_oracle_client_packets" lineno="86891">
<summary>
Send oracle_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_oracle_client_packets" lineno="86910">
<summary>
Do not audit attempts to send oracle_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_oracle_client_packets" lineno="86929">
<summary>
Receive oracle_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_oracle_client_packets" lineno="86948">
<summary>
Do not audit attempts to receive oracle_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_oracle_client_packets" lineno="86967">
<summary>
Send and receive oracle_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_oracle_client_packets" lineno="86983">
<summary>
Do not audit attempts to send and receive oracle_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_oracle_client_packets" lineno="86998">
<summary>
Relabel packets to oracle_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_oracle_server_packets" lineno="87018">
<summary>
Send oracle_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_oracle_server_packets" lineno="87037">
<summary>
Do not audit attempts to send oracle_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_oracle_server_packets" lineno="87056">
<summary>
Receive oracle_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_oracle_server_packets" lineno="87075">
<summary>
Do not audit attempts to receive oracle_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_oracle_server_packets" lineno="87094">
<summary>
Send and receive oracle_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_oracle_server_packets" lineno="87110">
<summary>
Do not audit attempts to send and receive oracle_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_oracle_server_packets" lineno="87125">
<summary>
Relabel packets to oracle_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_oa_system_port" lineno="87147">
<summary>
Send and receive TCP traffic on the oa_system port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_oa_system_port" lineno="87166">
<summary>
Send UDP traffic on the oa_system port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_oa_system_port" lineno="87185">
<summary>
Do not audit attempts to send UDP traffic on the oa_system port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_oa_system_port" lineno="87204">
<summary>
Receive UDP traffic on the oa_system port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_oa_system_port" lineno="87223">
<summary>
Do not audit attempts to receive UDP traffic on the oa_system port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_oa_system_port" lineno="87242">
<summary>
Send and receive UDP traffic on the oa_system port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_oa_system_port" lineno="87259">
<summary>
Do not audit attempts to send and receive
UDP traffic on the oa_system port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_oa_system_port" lineno="87275">
<summary>
Bind TCP sockets to the oa_system port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_oa_system_port" lineno="87295">
<summary>
Bind UDP sockets to the oa_system port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_oa_system_port" lineno="87315">
<summary>
Do not audit attempts to sbind to oa_system port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_oa_system_port" lineno="87334">
<summary>
Make a TCP connection to the oa_system port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_oa_system_port" lineno="87351">
<summary>
Do not audit attempts to make a TCP connection to oa_system port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_oa_system_client_packets" lineno="87371">
<summary>
Send oa_system_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_oa_system_client_packets" lineno="87390">
<summary>
Do not audit attempts to send oa_system_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_oa_system_client_packets" lineno="87409">
<summary>
Receive oa_system_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_oa_system_client_packets" lineno="87428">
<summary>
Do not audit attempts to receive oa_system_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_oa_system_client_packets" lineno="87447">
<summary>
Send and receive oa_system_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_oa_system_client_packets" lineno="87463">
<summary>
Do not audit attempts to send and receive oa_system_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_oa_system_client_packets" lineno="87478">
<summary>
Relabel packets to oa_system_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_oa_system_server_packets" lineno="87498">
<summary>
Send oa_system_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_oa_system_server_packets" lineno="87517">
<summary>
Do not audit attempts to send oa_system_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_oa_system_server_packets" lineno="87536">
<summary>
Receive oa_system_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_oa_system_server_packets" lineno="87555">
<summary>
Do not audit attempts to receive oa_system_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_oa_system_server_packets" lineno="87574">
<summary>
Send and receive oa_system_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_oa_system_server_packets" lineno="87590">
<summary>
Do not audit attempts to send and receive oa_system_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_oa_system_server_packets" lineno="87605">
<summary>
Relabel packets to oa_system_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ocsp_port" lineno="87627">
<summary>
Send and receive TCP traffic on the ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ocsp_port" lineno="87646">
<summary>
Send UDP traffic on the ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ocsp_port" lineno="87665">
<summary>
Do not audit attempts to send UDP traffic on the ocsp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ocsp_port" lineno="87684">
<summary>
Receive UDP traffic on the ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ocsp_port" lineno="87703">
<summary>
Do not audit attempts to receive UDP traffic on the ocsp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ocsp_port" lineno="87722">
<summary>
Send and receive UDP traffic on the ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ocsp_port" lineno="87739">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ocsp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ocsp_port" lineno="87755">
<summary>
Bind TCP sockets to the ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ocsp_port" lineno="87775">
<summary>
Bind UDP sockets to the ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_ocsp_port" lineno="87795">
<summary>
Do not audit attempts to sbind to ocsp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ocsp_port" lineno="87814">
<summary>
Make a TCP connection to the ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_ocsp_port" lineno="87831">
<summary>
Do not audit attempts to make a TCP connection to ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ocsp_client_packets" lineno="87851">
<summary>
Send ocsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ocsp_client_packets" lineno="87870">
<summary>
Do not audit attempts to send ocsp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ocsp_client_packets" lineno="87889">
<summary>
Receive ocsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ocsp_client_packets" lineno="87908">
<summary>
Do not audit attempts to receive ocsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ocsp_client_packets" lineno="87927">
<summary>
Send and receive ocsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ocsp_client_packets" lineno="87943">
<summary>
Do not audit attempts to send and receive ocsp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ocsp_client_packets" lineno="87958">
<summary>
Relabel packets to ocsp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ocsp_server_packets" lineno="87978">
<summary>
Send ocsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ocsp_server_packets" lineno="87997">
<summary>
Do not audit attempts to send ocsp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ocsp_server_packets" lineno="88016">
<summary>
Receive ocsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ocsp_server_packets" lineno="88035">
<summary>
Do not audit attempts to receive ocsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ocsp_server_packets" lineno="88054">
<summary>
Send and receive ocsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ocsp_server_packets" lineno="88070">
<summary>
Do not audit attempts to send and receive ocsp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ocsp_server_packets" lineno="88085">
<summary>
Relabel packets to ocsp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_opendnssec_port" lineno="88107">
<summary>
Send and receive TCP traffic on the opendnssec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_opendnssec_port" lineno="88126">
<summary>
Send UDP traffic on the opendnssec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_opendnssec_port" lineno="88145">
<summary>
Do not audit attempts to send UDP traffic on the opendnssec port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_opendnssec_port" lineno="88164">
<summary>
Receive UDP traffic on the opendnssec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_opendnssec_port" lineno="88183">
<summary>
Do not audit attempts to receive UDP traffic on the opendnssec port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_opendnssec_port" lineno="88202">
<summary>
Send and receive UDP traffic on the opendnssec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_opendnssec_port" lineno="88219">
<summary>
Do not audit attempts to send and receive
UDP traffic on the opendnssec port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_opendnssec_port" lineno="88235">
<summary>
Bind TCP sockets to the opendnssec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_opendnssec_port" lineno="88255">
<summary>
Bind UDP sockets to the opendnssec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_opendnssec_port" lineno="88275">
<summary>
Do not audit attempts to sbind to opendnssec port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_opendnssec_port" lineno="88294">
<summary>
Make a TCP connection to the opendnssec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_opendnssec_port" lineno="88311">
<summary>
Do not audit attempts to make a TCP connection to opendnssec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_opendnssec_client_packets" lineno="88331">
<summary>
Send opendnssec_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_opendnssec_client_packets" lineno="88350">
<summary>
Do not audit attempts to send opendnssec_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_opendnssec_client_packets" lineno="88369">
<summary>
Receive opendnssec_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_opendnssec_client_packets" lineno="88388">
<summary>
Do not audit attempts to receive opendnssec_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_opendnssec_client_packets" lineno="88407">
<summary>
Send and receive opendnssec_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_opendnssec_client_packets" lineno="88423">
<summary>
Do not audit attempts to send and receive opendnssec_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_opendnssec_client_packets" lineno="88438">
<summary>
Relabel packets to opendnssec_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_opendnssec_server_packets" lineno="88458">
<summary>
Send opendnssec_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_opendnssec_server_packets" lineno="88477">
<summary>
Do not audit attempts to send opendnssec_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_opendnssec_server_packets" lineno="88496">
<summary>
Receive opendnssec_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_opendnssec_server_packets" lineno="88515">
<summary>
Do not audit attempts to receive opendnssec_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_opendnssec_server_packets" lineno="88534">
<summary>
Send and receive opendnssec_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_opendnssec_server_packets" lineno="88550">
<summary>
Do not audit attempts to send and receive opendnssec_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_opendnssec_server_packets" lineno="88565">
<summary>
Relabel packets to opendnssec_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_openflow_port" lineno="88587">
<summary>
Send and receive TCP traffic on the openflow port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_openflow_port" lineno="88606">
<summary>
Send UDP traffic on the openflow port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_openflow_port" lineno="88625">
<summary>
Do not audit attempts to send UDP traffic on the openflow port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_openflow_port" lineno="88644">
<summary>
Receive UDP traffic on the openflow port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_openflow_port" lineno="88663">
<summary>
Do not audit attempts to receive UDP traffic on the openflow port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_openflow_port" lineno="88682">
<summary>
Send and receive UDP traffic on the openflow port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_openflow_port" lineno="88699">
<summary>
Do not audit attempts to send and receive
UDP traffic on the openflow port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_openflow_port" lineno="88715">
<summary>
Bind TCP sockets to the openflow port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_openflow_port" lineno="88735">
<summary>
Bind UDP sockets to the openflow port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_openflow_port" lineno="88755">
<summary>
Do not audit attempts to sbind to openflow port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_openflow_port" lineno="88774">
<summary>
Make a TCP connection to the openflow port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_openflow_port" lineno="88791">
<summary>
Do not audit attempts to make a TCP connection to openflow port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_openflow_client_packets" lineno="88811">
<summary>
Send openflow_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_openflow_client_packets" lineno="88830">
<summary>
Do not audit attempts to send openflow_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_openflow_client_packets" lineno="88849">
<summary>
Receive openflow_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_openflow_client_packets" lineno="88868">
<summary>
Do not audit attempts to receive openflow_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_openflow_client_packets" lineno="88887">
<summary>
Send and receive openflow_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_openflow_client_packets" lineno="88903">
<summary>
Do not audit attempts to send and receive openflow_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_openflow_client_packets" lineno="88918">
<summary>
Relabel packets to openflow_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_openflow_server_packets" lineno="88938">
<summary>
Send openflow_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_openflow_server_packets" lineno="88957">
<summary>
Do not audit attempts to send openflow_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_openflow_server_packets" lineno="88976">
<summary>
Receive openflow_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_openflow_server_packets" lineno="88995">
<summary>
Do not audit attempts to receive openflow_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_openflow_server_packets" lineno="89014">
<summary>
Send and receive openflow_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_openflow_server_packets" lineno="89030">
<summary>
Do not audit attempts to send and receive openflow_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_openflow_server_packets" lineno="89045">
<summary>
Relabel packets to openflow_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_openhpid_port" lineno="89067">
<summary>
Send and receive TCP traffic on the openhpid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_openhpid_port" lineno="89086">
<summary>
Send UDP traffic on the openhpid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_openhpid_port" lineno="89105">
<summary>
Do not audit attempts to send UDP traffic on the openhpid port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_openhpid_port" lineno="89124">
<summary>
Receive UDP traffic on the openhpid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_openhpid_port" lineno="89143">
<summary>
Do not audit attempts to receive UDP traffic on the openhpid port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_openhpid_port" lineno="89162">
<summary>
Send and receive UDP traffic on the openhpid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_openhpid_port" lineno="89179">
<summary>
Do not audit attempts to send and receive
UDP traffic on the openhpid port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_openhpid_port" lineno="89195">
<summary>
Bind TCP sockets to the openhpid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_openhpid_port" lineno="89215">
<summary>
Bind UDP sockets to the openhpid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_openhpid_port" lineno="89235">
<summary>
Do not audit attempts to sbind to openhpid port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_openhpid_port" lineno="89254">
<summary>
Make a TCP connection to the openhpid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_openhpid_port" lineno="89271">
<summary>
Do not audit attempts to make a TCP connection to openhpid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_openhpid_client_packets" lineno="89291">
<summary>
Send openhpid_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_openhpid_client_packets" lineno="89310">
<summary>
Do not audit attempts to send openhpid_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_openhpid_client_packets" lineno="89329">
<summary>
Receive openhpid_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_openhpid_client_packets" lineno="89348">
<summary>
Do not audit attempts to receive openhpid_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_openhpid_client_packets" lineno="89367">
<summary>
Send and receive openhpid_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_openhpid_client_packets" lineno="89383">
<summary>
Do not audit attempts to send and receive openhpid_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_openhpid_client_packets" lineno="89398">
<summary>
Relabel packets to openhpid_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_openhpid_server_packets" lineno="89418">
<summary>
Send openhpid_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_openhpid_server_packets" lineno="89437">
<summary>
Do not audit attempts to send openhpid_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_openhpid_server_packets" lineno="89456">
<summary>
Receive openhpid_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_openhpid_server_packets" lineno="89475">
<summary>
Do not audit attempts to receive openhpid_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_openhpid_server_packets" lineno="89494">
<summary>
Send and receive openhpid_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_openhpid_server_packets" lineno="89510">
<summary>
Do not audit attempts to send and receive openhpid_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_openhpid_server_packets" lineno="89525">
<summary>
Relabel packets to openhpid_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_openvpn_port" lineno="89547">
<summary>
Send and receive TCP traffic on the openvpn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_openvpn_port" lineno="89566">
<summary>
Send UDP traffic on the openvpn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_openvpn_port" lineno="89585">
<summary>
Do not audit attempts to send UDP traffic on the openvpn port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_openvpn_port" lineno="89604">
<summary>
Receive UDP traffic on the openvpn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_openvpn_port" lineno="89623">
<summary>
Do not audit attempts to receive UDP traffic on the openvpn port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_openvpn_port" lineno="89642">
<summary>
Send and receive UDP traffic on the openvpn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_openvpn_port" lineno="89659">
<summary>
Do not audit attempts to send and receive
UDP traffic on the openvpn port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_openvpn_port" lineno="89675">
<summary>
Bind TCP sockets to the openvpn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_openvpn_port" lineno="89695">
<summary>
Bind UDP sockets to the openvpn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_openvpn_port" lineno="89715">
<summary>
Do not audit attempts to sbind to openvpn port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_openvpn_port" lineno="89734">
<summary>
Make a TCP connection to the openvpn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_openvpn_port" lineno="89751">
<summary>
Do not audit attempts to make a TCP connection to openvpn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_openvpn_client_packets" lineno="89771">
<summary>
Send openvpn_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_openvpn_client_packets" lineno="89790">
<summary>
Do not audit attempts to send openvpn_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_openvpn_client_packets" lineno="89809">
<summary>
Receive openvpn_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_openvpn_client_packets" lineno="89828">
<summary>
Do not audit attempts to receive openvpn_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_openvpn_client_packets" lineno="89847">
<summary>
Send and receive openvpn_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_openvpn_client_packets" lineno="89863">
<summary>
Do not audit attempts to send and receive openvpn_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_openvpn_client_packets" lineno="89878">
<summary>
Relabel packets to openvpn_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_openvpn_server_packets" lineno="89898">
<summary>
Send openvpn_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_openvpn_server_packets" lineno="89917">
<summary>
Do not audit attempts to send openvpn_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_openvpn_server_packets" lineno="89936">
<summary>
Receive openvpn_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_openvpn_server_packets" lineno="89955">
<summary>
Do not audit attempts to receive openvpn_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_openvpn_server_packets" lineno="89974">
<summary>
Send and receive openvpn_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_openvpn_server_packets" lineno="89990">
<summary>
Do not audit attempts to send and receive openvpn_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_openvpn_server_packets" lineno="90005">
<summary>
Relabel packets to openvpn_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_openvswitch_port" lineno="90027">
<summary>
Send and receive TCP traffic on the openvswitch port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_openvswitch_port" lineno="90046">
<summary>
Send UDP traffic on the openvswitch port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_openvswitch_port" lineno="90065">
<summary>
Do not audit attempts to send UDP traffic on the openvswitch port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_openvswitch_port" lineno="90084">
<summary>
Receive UDP traffic on the openvswitch port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_openvswitch_port" lineno="90103">
<summary>
Do not audit attempts to receive UDP traffic on the openvswitch port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_openvswitch_port" lineno="90122">
<summary>
Send and receive UDP traffic on the openvswitch port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_openvswitch_port" lineno="90139">
<summary>
Do not audit attempts to send and receive
UDP traffic on the openvswitch port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_openvswitch_port" lineno="90155">
<summary>
Bind TCP sockets to the openvswitch port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_openvswitch_port" lineno="90175">
<summary>
Bind UDP sockets to the openvswitch port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_openvswitch_port" lineno="90195">
<summary>
Do not audit attempts to sbind to openvswitch port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_openvswitch_port" lineno="90214">
<summary>
Make a TCP connection to the openvswitch port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_openvswitch_port" lineno="90231">
<summary>
Do not audit attempts to make a TCP connection to openvswitch port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_openvswitch_client_packets" lineno="90251">
<summary>
Send openvswitch_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_openvswitch_client_packets" lineno="90270">
<summary>
Do not audit attempts to send openvswitch_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_openvswitch_client_packets" lineno="90289">
<summary>
Receive openvswitch_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_openvswitch_client_packets" lineno="90308">
<summary>
Do not audit attempts to receive openvswitch_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_openvswitch_client_packets" lineno="90327">
<summary>
Send and receive openvswitch_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_openvswitch_client_packets" lineno="90343">
<summary>
Do not audit attempts to send and receive openvswitch_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_openvswitch_client_packets" lineno="90358">
<summary>
Relabel packets to openvswitch_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_openvswitch_server_packets" lineno="90378">
<summary>
Send openvswitch_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_openvswitch_server_packets" lineno="90397">
<summary>
Do not audit attempts to send openvswitch_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_openvswitch_server_packets" lineno="90416">
<summary>
Receive openvswitch_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_openvswitch_server_packets" lineno="90435">
<summary>
Do not audit attempts to receive openvswitch_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_openvswitch_server_packets" lineno="90454">
<summary>
Send and receive openvswitch_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_openvswitch_server_packets" lineno="90470">
<summary>
Do not audit attempts to send and receive openvswitch_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_openvswitch_server_packets" lineno="90485">
<summary>
Relabel packets to openvswitch_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_openqa_port" lineno="90507">
<summary>
Send and receive TCP traffic on the openqa port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_openqa_port" lineno="90526">
<summary>
Send UDP traffic on the openqa port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_openqa_port" lineno="90545">
<summary>
Do not audit attempts to send UDP traffic on the openqa port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_openqa_port" lineno="90564">
<summary>
Receive UDP traffic on the openqa port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_openqa_port" lineno="90583">
<summary>
Do not audit attempts to receive UDP traffic on the openqa port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_openqa_port" lineno="90602">
<summary>
Send and receive UDP traffic on the openqa port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_openqa_port" lineno="90619">
<summary>
Do not audit attempts to send and receive
UDP traffic on the openqa port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_openqa_port" lineno="90635">
<summary>
Bind TCP sockets to the openqa port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_openqa_port" lineno="90655">
<summary>
Bind UDP sockets to the openqa port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_openqa_port" lineno="90675">
<summary>
Do not audit attempts to sbind to openqa port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_openqa_port" lineno="90694">
<summary>
Make a TCP connection to the openqa port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_openqa_port" lineno="90711">
<summary>
Do not audit attempts to make a TCP connection to openqa port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_openqa_client_packets" lineno="90731">
<summary>
Send openqa_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_openqa_client_packets" lineno="90750">
<summary>
Do not audit attempts to send openqa_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_openqa_client_packets" lineno="90769">
<summary>
Receive openqa_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_openqa_client_packets" lineno="90788">
<summary>
Do not audit attempts to receive openqa_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_openqa_client_packets" lineno="90807">
<summary>
Send and receive openqa_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_openqa_client_packets" lineno="90823">
<summary>
Do not audit attempts to send and receive openqa_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_openqa_client_packets" lineno="90838">
<summary>
Relabel packets to openqa_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_openqa_server_packets" lineno="90858">
<summary>
Send openqa_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_openqa_server_packets" lineno="90877">
<summary>
Do not audit attempts to send openqa_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_openqa_server_packets" lineno="90896">
<summary>
Receive openqa_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_openqa_server_packets" lineno="90915">
<summary>
Do not audit attempts to receive openqa_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_openqa_server_packets" lineno="90934">
<summary>
Send and receive openqa_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_openqa_server_packets" lineno="90950">
<summary>
Do not audit attempts to send and receive openqa_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_openqa_server_packets" lineno="90965">
<summary>
Relabel packets to openqa_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_openqa_websockets_port" lineno="90987">
<summary>
Send and receive TCP traffic on the openqa_websockets port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_openqa_websockets_port" lineno="91006">
<summary>
Send UDP traffic on the openqa_websockets port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_openqa_websockets_port" lineno="91025">
<summary>
Do not audit attempts to send UDP traffic on the openqa_websockets port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_openqa_websockets_port" lineno="91044">
<summary>
Receive UDP traffic on the openqa_websockets port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_openqa_websockets_port" lineno="91063">
<summary>
Do not audit attempts to receive UDP traffic on the openqa_websockets port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_openqa_websockets_port" lineno="91082">
<summary>
Send and receive UDP traffic on the openqa_websockets port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_openqa_websockets_port" lineno="91099">
<summary>
Do not audit attempts to send and receive
UDP traffic on the openqa_websockets port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_openqa_websockets_port" lineno="91115">
<summary>
Bind TCP sockets to the openqa_websockets port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_openqa_websockets_port" lineno="91135">
<summary>
Bind UDP sockets to the openqa_websockets port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_openqa_websockets_port" lineno="91155">
<summary>
Do not audit attempts to sbind to openqa_websockets port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_openqa_websockets_port" lineno="91174">
<summary>
Make a TCP connection to the openqa_websockets port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_openqa_websockets_port" lineno="91191">
<summary>
Do not audit attempts to make a TCP connection to openqa_websockets port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_openqa_websockets_client_packets" lineno="91211">
<summary>
Send openqa_websockets_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_openqa_websockets_client_packets" lineno="91230">
<summary>
Do not audit attempts to send openqa_websockets_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_openqa_websockets_client_packets" lineno="91249">
<summary>
Receive openqa_websockets_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_openqa_websockets_client_packets" lineno="91268">
<summary>
Do not audit attempts to receive openqa_websockets_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_openqa_websockets_client_packets" lineno="91287">
<summary>
Send and receive openqa_websockets_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_openqa_websockets_client_packets" lineno="91303">
<summary>
Do not audit attempts to send and receive openqa_websockets_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_openqa_websockets_client_packets" lineno="91318">
<summary>
Relabel packets to openqa_websockets_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_openqa_websockets_server_packets" lineno="91338">
<summary>
Send openqa_websockets_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_openqa_websockets_server_packets" lineno="91357">
<summary>
Do not audit attempts to send openqa_websockets_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_openqa_websockets_server_packets" lineno="91376">
<summary>
Receive openqa_websockets_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_openqa_websockets_server_packets" lineno="91395">
<summary>
Do not audit attempts to receive openqa_websockets_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_openqa_websockets_server_packets" lineno="91414">
<summary>
Send and receive openqa_websockets_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_openqa_websockets_server_packets" lineno="91430">
<summary>
Do not audit attempts to send and receive openqa_websockets_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_openqa_websockets_server_packets" lineno="91445">
<summary>
Relabel packets to openqa_websockets_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_openqa_liveview_port" lineno="91467">
<summary>
Send and receive TCP traffic on the openqa_liveview port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_openqa_liveview_port" lineno="91486">
<summary>
Send UDP traffic on the openqa_liveview port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_openqa_liveview_port" lineno="91505">
<summary>
Do not audit attempts to send UDP traffic on the openqa_liveview port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_openqa_liveview_port" lineno="91524">
<summary>
Receive UDP traffic on the openqa_liveview port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_openqa_liveview_port" lineno="91543">
<summary>
Do not audit attempts to receive UDP traffic on the openqa_liveview port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_openqa_liveview_port" lineno="91562">
<summary>
Send and receive UDP traffic on the openqa_liveview port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_openqa_liveview_port" lineno="91579">
<summary>
Do not audit attempts to send and receive
UDP traffic on the openqa_liveview port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_openqa_liveview_port" lineno="91595">
<summary>
Bind TCP sockets to the openqa_liveview port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_openqa_liveview_port" lineno="91615">
<summary>
Bind UDP sockets to the openqa_liveview port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_openqa_liveview_port" lineno="91635">
<summary>
Do not audit attempts to sbind to openqa_liveview port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_openqa_liveview_port" lineno="91654">
<summary>
Make a TCP connection to the openqa_liveview port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_openqa_liveview_port" lineno="91671">
<summary>
Do not audit attempts to make a TCP connection to openqa_liveview port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_openqa_liveview_client_packets" lineno="91691">
<summary>
Send openqa_liveview_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_openqa_liveview_client_packets" lineno="91710">
<summary>
Do not audit attempts to send openqa_liveview_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_openqa_liveview_client_packets" lineno="91729">
<summary>
Receive openqa_liveview_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_openqa_liveview_client_packets" lineno="91748">
<summary>
Do not audit attempts to receive openqa_liveview_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_openqa_liveview_client_packets" lineno="91767">
<summary>
Send and receive openqa_liveview_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_openqa_liveview_client_packets" lineno="91783">
<summary>
Do not audit attempts to send and receive openqa_liveview_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_openqa_liveview_client_packets" lineno="91798">
<summary>
Relabel packets to openqa_liveview_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_openqa_liveview_server_packets" lineno="91818">
<summary>
Send openqa_liveview_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_openqa_liveview_server_packets" lineno="91837">
<summary>
Do not audit attempts to send openqa_liveview_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_openqa_liveview_server_packets" lineno="91856">
<summary>
Receive openqa_liveview_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_openqa_liveview_server_packets" lineno="91875">
<summary>
Do not audit attempts to receive openqa_liveview_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_openqa_liveview_server_packets" lineno="91894">
<summary>
Send and receive openqa_liveview_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_openqa_liveview_server_packets" lineno="91910">
<summary>
Do not audit attempts to send and receive openqa_liveview_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_openqa_liveview_server_packets" lineno="91925">
<summary>
Relabel packets to openqa_liveview_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_osapi_compute_port" lineno="91947">
<summary>
Send and receive TCP traffic on the osapi_compute port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_osapi_compute_port" lineno="91966">
<summary>
Send UDP traffic on the osapi_compute port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_osapi_compute_port" lineno="91985">
<summary>
Do not audit attempts to send UDP traffic on the osapi_compute port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_osapi_compute_port" lineno="92004">
<summary>
Receive UDP traffic on the osapi_compute port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_osapi_compute_port" lineno="92023">
<summary>
Do not audit attempts to receive UDP traffic on the osapi_compute port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_osapi_compute_port" lineno="92042">
<summary>
Send and receive UDP traffic on the osapi_compute port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_osapi_compute_port" lineno="92059">
<summary>
Do not audit attempts to send and receive
UDP traffic on the osapi_compute port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_osapi_compute_port" lineno="92075">
<summary>
Bind TCP sockets to the osapi_compute port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_osapi_compute_port" lineno="92095">
<summary>
Bind UDP sockets to the osapi_compute port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_osapi_compute_port" lineno="92115">
<summary>
Do not audit attempts to sbind to osapi_compute port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_osapi_compute_port" lineno="92134">
<summary>
Make a TCP connection to the osapi_compute port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_osapi_compute_port" lineno="92151">
<summary>
Do not audit attempts to make a TCP connection to osapi_compute port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_osapi_compute_client_packets" lineno="92171">
<summary>
Send osapi_compute_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_osapi_compute_client_packets" lineno="92190">
<summary>
Do not audit attempts to send osapi_compute_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_osapi_compute_client_packets" lineno="92209">
<summary>
Receive osapi_compute_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_osapi_compute_client_packets" lineno="92228">
<summary>
Do not audit attempts to receive osapi_compute_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_osapi_compute_client_packets" lineno="92247">
<summary>
Send and receive osapi_compute_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_osapi_compute_client_packets" lineno="92263">
<summary>
Do not audit attempts to send and receive osapi_compute_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_osapi_compute_client_packets" lineno="92278">
<summary>
Relabel packets to osapi_compute_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_osapi_compute_server_packets" lineno="92298">
<summary>
Send osapi_compute_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_osapi_compute_server_packets" lineno="92317">
<summary>
Do not audit attempts to send osapi_compute_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_osapi_compute_server_packets" lineno="92336">
<summary>
Receive osapi_compute_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_osapi_compute_server_packets" lineno="92355">
<summary>
Do not audit attempts to receive osapi_compute_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_osapi_compute_server_packets" lineno="92374">
<summary>
Send and receive osapi_compute_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_osapi_compute_server_packets" lineno="92390">
<summary>
Do not audit attempts to send and receive osapi_compute_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_osapi_compute_server_packets" lineno="92405">
<summary>
Relabel packets to osapi_compute_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ovsdb_port" lineno="92427">
<summary>
Send and receive TCP traffic on the ovsdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ovsdb_port" lineno="92446">
<summary>
Send UDP traffic on the ovsdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ovsdb_port" lineno="92465">
<summary>
Do not audit attempts to send UDP traffic on the ovsdb port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ovsdb_port" lineno="92484">
<summary>
Receive UDP traffic on the ovsdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ovsdb_port" lineno="92503">
<summary>
Do not audit attempts to receive UDP traffic on the ovsdb port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ovsdb_port" lineno="92522">
<summary>
Send and receive UDP traffic on the ovsdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ovsdb_port" lineno="92539">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ovsdb port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ovsdb_port" lineno="92555">
<summary>
Bind TCP sockets to the ovsdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ovsdb_port" lineno="92575">
<summary>
Bind UDP sockets to the ovsdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_ovsdb_port" lineno="92595">
<summary>
Do not audit attempts to sbind to ovsdb port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ovsdb_port" lineno="92614">
<summary>
Make a TCP connection to the ovsdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_ovsdb_port" lineno="92631">
<summary>
Do not audit attempts to make a TCP connection to ovsdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ovsdb_client_packets" lineno="92651">
<summary>
Send ovsdb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ovsdb_client_packets" lineno="92670">
<summary>
Do not audit attempts to send ovsdb_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ovsdb_client_packets" lineno="92689">
<summary>
Receive ovsdb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ovsdb_client_packets" lineno="92708">
<summary>
Do not audit attempts to receive ovsdb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ovsdb_client_packets" lineno="92727">
<summary>
Send and receive ovsdb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ovsdb_client_packets" lineno="92743">
<summary>
Do not audit attempts to send and receive ovsdb_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ovsdb_client_packets" lineno="92758">
<summary>
Relabel packets to ovsdb_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ovsdb_server_packets" lineno="92778">
<summary>
Send ovsdb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ovsdb_server_packets" lineno="92797">
<summary>
Do not audit attempts to send ovsdb_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ovsdb_server_packets" lineno="92816">
<summary>
Receive ovsdb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ovsdb_server_packets" lineno="92835">
<summary>
Do not audit attempts to receive ovsdb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ovsdb_server_packets" lineno="92854">
<summary>
Send and receive ovsdb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ovsdb_server_packets" lineno="92870">
<summary>
Do not audit attempts to send and receive ovsdb_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ovsdb_server_packets" lineno="92885">
<summary>
Relabel packets to ovsdb_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pdps_port" lineno="92907">
<summary>
Send and receive TCP traffic on the pdps port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pdps_port" lineno="92926">
<summary>
Send UDP traffic on the pdps port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pdps_port" lineno="92945">
<summary>
Do not audit attempts to send UDP traffic on the pdps port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pdps_port" lineno="92964">
<summary>
Receive UDP traffic on the pdps port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pdps_port" lineno="92983">
<summary>
Do not audit attempts to receive UDP traffic on the pdps port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pdps_port" lineno="93002">
<summary>
Send and receive UDP traffic on the pdps port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pdps_port" lineno="93019">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pdps port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pdps_port" lineno="93035">
<summary>
Bind TCP sockets to the pdps port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pdps_port" lineno="93055">
<summary>
Bind UDP sockets to the pdps port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_pdps_port" lineno="93075">
<summary>
Do not audit attempts to sbind to pdps port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pdps_port" lineno="93094">
<summary>
Make a TCP connection to the pdps port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_pdps_port" lineno="93111">
<summary>
Do not audit attempts to make a TCP connection to pdps port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pdps_client_packets" lineno="93131">
<summary>
Send pdps_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pdps_client_packets" lineno="93150">
<summary>
Do not audit attempts to send pdps_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pdps_client_packets" lineno="93169">
<summary>
Receive pdps_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pdps_client_packets" lineno="93188">
<summary>
Do not audit attempts to receive pdps_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pdps_client_packets" lineno="93207">
<summary>
Send and receive pdps_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pdps_client_packets" lineno="93223">
<summary>
Do not audit attempts to send and receive pdps_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pdps_client_packets" lineno="93238">
<summary>
Relabel packets to pdps_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pdps_server_packets" lineno="93258">
<summary>
Send pdps_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pdps_server_packets" lineno="93277">
<summary>
Do not audit attempts to send pdps_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pdps_server_packets" lineno="93296">
<summary>
Receive pdps_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pdps_server_packets" lineno="93315">
<summary>
Do not audit attempts to receive pdps_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pdps_server_packets" lineno="93334">
<summary>
Send and receive pdps_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pdps_server_packets" lineno="93350">
<summary>
Do not audit attempts to send and receive pdps_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pdps_server_packets" lineno="93365">
<summary>
Relabel packets to pdps_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pegasus_http_port" lineno="93387">
<summary>
Send and receive TCP traffic on the pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pegasus_http_port" lineno="93406">
<summary>
Send UDP traffic on the pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pegasus_http_port" lineno="93425">
<summary>
Do not audit attempts to send UDP traffic on the pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pegasus_http_port" lineno="93444">
<summary>
Receive UDP traffic on the pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pegasus_http_port" lineno="93463">
<summary>
Do not audit attempts to receive UDP traffic on the pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pegasus_http_port" lineno="93482">
<summary>
Send and receive UDP traffic on the pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pegasus_http_port" lineno="93499">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pegasus_http_port" lineno="93515">
<summary>
Bind TCP sockets to the pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pegasus_http_port" lineno="93535">
<summary>
Bind UDP sockets to the pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_pegasus_http_port" lineno="93555">
<summary>
Do not audit attempts to sbind to pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pegasus_http_port" lineno="93574">
<summary>
Make a TCP connection to the pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_pegasus_http_port" lineno="93591">
<summary>
Do not audit attempts to make a TCP connection to pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pegasus_http_client_packets" lineno="93611">
<summary>
Send pegasus_http_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pegasus_http_client_packets" lineno="93630">
<summary>
Do not audit attempts to send pegasus_http_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pegasus_http_client_packets" lineno="93649">
<summary>
Receive pegasus_http_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pegasus_http_client_packets" lineno="93668">
<summary>
Do not audit attempts to receive pegasus_http_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pegasus_http_client_packets" lineno="93687">
<summary>
Send and receive pegasus_http_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pegasus_http_client_packets" lineno="93703">
<summary>
Do not audit attempts to send and receive pegasus_http_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pegasus_http_client_packets" lineno="93718">
<summary>
Relabel packets to pegasus_http_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pegasus_http_server_packets" lineno="93738">
<summary>
Send pegasus_http_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pegasus_http_server_packets" lineno="93757">
<summary>
Do not audit attempts to send pegasus_http_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pegasus_http_server_packets" lineno="93776">
<summary>
Receive pegasus_http_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pegasus_http_server_packets" lineno="93795">
<summary>
Do not audit attempts to receive pegasus_http_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pegasus_http_server_packets" lineno="93814">
<summary>
Send and receive pegasus_http_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pegasus_http_server_packets" lineno="93830">
<summary>
Do not audit attempts to send and receive pegasus_http_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pegasus_http_server_packets" lineno="93845">
<summary>
Relabel packets to pegasus_http_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pegasus_https_port" lineno="93867">
<summary>
Send and receive TCP traffic on the pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pegasus_https_port" lineno="93886">
<summary>
Send UDP traffic on the pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pegasus_https_port" lineno="93905">
<summary>
Do not audit attempts to send UDP traffic on the pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pegasus_https_port" lineno="93924">
<summary>
Receive UDP traffic on the pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pegasus_https_port" lineno="93943">
<summary>
Do not audit attempts to receive UDP traffic on the pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pegasus_https_port" lineno="93962">
<summary>
Send and receive UDP traffic on the pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pegasus_https_port" lineno="93979">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pegasus_https_port" lineno="93995">
<summary>
Bind TCP sockets to the pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pegasus_https_port" lineno="94015">
<summary>
Bind UDP sockets to the pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_pegasus_https_port" lineno="94035">
<summary>
Do not audit attempts to sbind to pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pegasus_https_port" lineno="94054">
<summary>
Make a TCP connection to the pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_pegasus_https_port" lineno="94071">
<summary>
Do not audit attempts to make a TCP connection to pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pegasus_https_client_packets" lineno="94091">
<summary>
Send pegasus_https_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pegasus_https_client_packets" lineno="94110">
<summary>
Do not audit attempts to send pegasus_https_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pegasus_https_client_packets" lineno="94129">
<summary>
Receive pegasus_https_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pegasus_https_client_packets" lineno="94148">
<summary>
Do not audit attempts to receive pegasus_https_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pegasus_https_client_packets" lineno="94167">
<summary>
Send and receive pegasus_https_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pegasus_https_client_packets" lineno="94183">
<summary>
Do not audit attempts to send and receive pegasus_https_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pegasus_https_client_packets" lineno="94198">
<summary>
Relabel packets to pegasus_https_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pegasus_https_server_packets" lineno="94218">
<summary>
Send pegasus_https_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pegasus_https_server_packets" lineno="94237">
<summary>
Do not audit attempts to send pegasus_https_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pegasus_https_server_packets" lineno="94256">
<summary>
Receive pegasus_https_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pegasus_https_server_packets" lineno="94275">
<summary>
Do not audit attempts to receive pegasus_https_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pegasus_https_server_packets" lineno="94294">
<summary>
Send and receive pegasus_https_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pegasus_https_server_packets" lineno="94310">
<summary>
Do not audit attempts to send and receive pegasus_https_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pegasus_https_server_packets" lineno="94325">
<summary>
Relabel packets to pegasus_https_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pgpkeyserver_port" lineno="94347">
<summary>
Send and receive TCP traffic on the pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pgpkeyserver_port" lineno="94366">
<summary>
Send UDP traffic on the pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pgpkeyserver_port" lineno="94385">
<summary>
Do not audit attempts to send UDP traffic on the pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pgpkeyserver_port" lineno="94404">
<summary>
Receive UDP traffic on the pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pgpkeyserver_port" lineno="94423">
<summary>
Do not audit attempts to receive UDP traffic on the pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pgpkeyserver_port" lineno="94442">
<summary>
Send and receive UDP traffic on the pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pgpkeyserver_port" lineno="94459">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pgpkeyserver_port" lineno="94475">
<summary>
Bind TCP sockets to the pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pgpkeyserver_port" lineno="94495">
<summary>
Bind UDP sockets to the pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_pgpkeyserver_port" lineno="94515">
<summary>
Do not audit attempts to sbind to pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pgpkeyserver_port" lineno="94534">
<summary>
Make a TCP connection to the pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_pgpkeyserver_port" lineno="94551">
<summary>
Do not audit attempts to make a TCP connection to pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pgpkeyserver_client_packets" lineno="94571">
<summary>
Send pgpkeyserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pgpkeyserver_client_packets" lineno="94590">
<summary>
Do not audit attempts to send pgpkeyserver_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pgpkeyserver_client_packets" lineno="94609">
<summary>
Receive pgpkeyserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pgpkeyserver_client_packets" lineno="94628">
<summary>
Do not audit attempts to receive pgpkeyserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pgpkeyserver_client_packets" lineno="94647">
<summary>
Send and receive pgpkeyserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pgpkeyserver_client_packets" lineno="94663">
<summary>
Do not audit attempts to send and receive pgpkeyserver_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pgpkeyserver_client_packets" lineno="94678">
<summary>
Relabel packets to pgpkeyserver_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pgpkeyserver_server_packets" lineno="94698">
<summary>
Send pgpkeyserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pgpkeyserver_server_packets" lineno="94717">
<summary>
Do not audit attempts to send pgpkeyserver_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pgpkeyserver_server_packets" lineno="94736">
<summary>
Receive pgpkeyserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pgpkeyserver_server_packets" lineno="94755">
<summary>
Do not audit attempts to receive pgpkeyserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pgpkeyserver_server_packets" lineno="94774">
<summary>
Send and receive pgpkeyserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pgpkeyserver_server_packets" lineno="94790">
<summary>
Do not audit attempts to send and receive pgpkeyserver_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pgpkeyserver_server_packets" lineno="94805">
<summary>
Relabel packets to pgpkeyserver_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pingd_port" lineno="94827">
<summary>
Send and receive TCP traffic on the pingd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pingd_port" lineno="94846">
<summary>
Send UDP traffic on the pingd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pingd_port" lineno="94865">
<summary>
Do not audit attempts to send UDP traffic on the pingd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pingd_port" lineno="94884">
<summary>
Receive UDP traffic on the pingd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pingd_port" lineno="94903">
<summary>
Do not audit attempts to receive UDP traffic on the pingd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pingd_port" lineno="94922">
<summary>
Send and receive UDP traffic on the pingd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pingd_port" lineno="94939">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pingd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pingd_port" lineno="94955">
<summary>
Bind TCP sockets to the pingd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pingd_port" lineno="94975">
<summary>
Bind UDP sockets to the pingd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_pingd_port" lineno="94995">
<summary>
Do not audit attempts to sbind to pingd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pingd_port" lineno="95014">
<summary>
Make a TCP connection to the pingd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_pingd_port" lineno="95031">
<summary>
Do not audit attempts to make a TCP connection to pingd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pingd_client_packets" lineno="95051">
<summary>
Send pingd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pingd_client_packets" lineno="95070">
<summary>
Do not audit attempts to send pingd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pingd_client_packets" lineno="95089">
<summary>
Receive pingd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pingd_client_packets" lineno="95108">
<summary>
Do not audit attempts to receive pingd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pingd_client_packets" lineno="95127">
<summary>
Send and receive pingd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pingd_client_packets" lineno="95143">
<summary>
Do not audit attempts to send and receive pingd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pingd_client_packets" lineno="95158">
<summary>
Relabel packets to pingd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pingd_server_packets" lineno="95178">
<summary>
Send pingd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pingd_server_packets" lineno="95197">
<summary>
Do not audit attempts to send pingd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pingd_server_packets" lineno="95216">
<summary>
Receive pingd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pingd_server_packets" lineno="95235">
<summary>
Do not audit attempts to receive pingd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pingd_server_packets" lineno="95254">
<summary>
Send and receive pingd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pingd_server_packets" lineno="95270">
<summary>
Do not audit attempts to send and receive pingd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pingd_server_packets" lineno="95285">
<summary>
Relabel packets to pingd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pki_ca_port" lineno="95307">
<summary>
Send and receive TCP traffic on the pki_ca port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pki_ca_port" lineno="95326">
<summary>
Send UDP traffic on the pki_ca port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pki_ca_port" lineno="95345">
<summary>
Do not audit attempts to send UDP traffic on the pki_ca port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pki_ca_port" lineno="95364">
<summary>
Receive UDP traffic on the pki_ca port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pki_ca_port" lineno="95383">
<summary>
Do not audit attempts to receive UDP traffic on the pki_ca port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pki_ca_port" lineno="95402">
<summary>
Send and receive UDP traffic on the pki_ca port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pki_ca_port" lineno="95419">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pki_ca port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pki_ca_port" lineno="95435">
<summary>
Bind TCP sockets to the pki_ca port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pki_ca_port" lineno="95455">
<summary>
Bind UDP sockets to the pki_ca port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_pki_ca_port" lineno="95475">
<summary>
Do not audit attempts to sbind to pki_ca port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pki_ca_port" lineno="95494">
<summary>
Make a TCP connection to the pki_ca port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_pki_ca_port" lineno="95511">
<summary>
Do not audit attempts to make a TCP connection to pki_ca port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pki_ca_client_packets" lineno="95531">
<summary>
Send pki_ca_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pki_ca_client_packets" lineno="95550">
<summary>
Do not audit attempts to send pki_ca_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pki_ca_client_packets" lineno="95569">
<summary>
Receive pki_ca_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pki_ca_client_packets" lineno="95588">
<summary>
Do not audit attempts to receive pki_ca_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pki_ca_client_packets" lineno="95607">
<summary>
Send and receive pki_ca_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pki_ca_client_packets" lineno="95623">
<summary>
Do not audit attempts to send and receive pki_ca_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pki_ca_client_packets" lineno="95638">
<summary>
Relabel packets to pki_ca_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pki_ca_server_packets" lineno="95658">
<summary>
Send pki_ca_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pki_ca_server_packets" lineno="95677">
<summary>
Do not audit attempts to send pki_ca_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pki_ca_server_packets" lineno="95696">
<summary>
Receive pki_ca_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pki_ca_server_packets" lineno="95715">
<summary>
Do not audit attempts to receive pki_ca_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pki_ca_server_packets" lineno="95734">
<summary>
Send and receive pki_ca_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pki_ca_server_packets" lineno="95750">
<summary>
Do not audit attempts to send and receive pki_ca_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pki_ca_server_packets" lineno="95765">
<summary>
Relabel packets to pki_ca_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pki_kra_port" lineno="95787">
<summary>
Send and receive TCP traffic on the pki_kra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pki_kra_port" lineno="95806">
<summary>
Send UDP traffic on the pki_kra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pki_kra_port" lineno="95825">
<summary>
Do not audit attempts to send UDP traffic on the pki_kra port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pki_kra_port" lineno="95844">
<summary>
Receive UDP traffic on the pki_kra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pki_kra_port" lineno="95863">
<summary>
Do not audit attempts to receive UDP traffic on the pki_kra port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pki_kra_port" lineno="95882">
<summary>
Send and receive UDP traffic on the pki_kra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pki_kra_port" lineno="95899">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pki_kra port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pki_kra_port" lineno="95915">
<summary>
Bind TCP sockets to the pki_kra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pki_kra_port" lineno="95935">
<summary>
Bind UDP sockets to the pki_kra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_pki_kra_port" lineno="95955">
<summary>
Do not audit attempts to sbind to pki_kra port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pki_kra_port" lineno="95974">
<summary>
Make a TCP connection to the pki_kra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_pki_kra_port" lineno="95991">
<summary>
Do not audit attempts to make a TCP connection to pki_kra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pki_kra_client_packets" lineno="96011">
<summary>
Send pki_kra_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pki_kra_client_packets" lineno="96030">
<summary>
Do not audit attempts to send pki_kra_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pki_kra_client_packets" lineno="96049">
<summary>
Receive pki_kra_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pki_kra_client_packets" lineno="96068">
<summary>
Do not audit attempts to receive pki_kra_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pki_kra_client_packets" lineno="96087">
<summary>
Send and receive pki_kra_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pki_kra_client_packets" lineno="96103">
<summary>
Do not audit attempts to send and receive pki_kra_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pki_kra_client_packets" lineno="96118">
<summary>
Relabel packets to pki_kra_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pki_kra_server_packets" lineno="96138">
<summary>
Send pki_kra_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pki_kra_server_packets" lineno="96157">
<summary>
Do not audit attempts to send pki_kra_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pki_kra_server_packets" lineno="96176">
<summary>
Receive pki_kra_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pki_kra_server_packets" lineno="96195">
<summary>
Do not audit attempts to receive pki_kra_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pki_kra_server_packets" lineno="96214">
<summary>
Send and receive pki_kra_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pki_kra_server_packets" lineno="96230">
<summary>
Do not audit attempts to send and receive pki_kra_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pki_kra_server_packets" lineno="96245">
<summary>
Relabel packets to pki_kra_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pki_ocsp_port" lineno="96267">
<summary>
Send and receive TCP traffic on the pki_ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pki_ocsp_port" lineno="96286">
<summary>
Send UDP traffic on the pki_ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pki_ocsp_port" lineno="96305">
<summary>
Do not audit attempts to send UDP traffic on the pki_ocsp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pki_ocsp_port" lineno="96324">
<summary>
Receive UDP traffic on the pki_ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pki_ocsp_port" lineno="96343">
<summary>
Do not audit attempts to receive UDP traffic on the pki_ocsp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pki_ocsp_port" lineno="96362">
<summary>
Send and receive UDP traffic on the pki_ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pki_ocsp_port" lineno="96379">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pki_ocsp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pki_ocsp_port" lineno="96395">
<summary>
Bind TCP sockets to the pki_ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pki_ocsp_port" lineno="96415">
<summary>
Bind UDP sockets to the pki_ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_pki_ocsp_port" lineno="96435">
<summary>
Do not audit attempts to sbind to pki_ocsp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pki_ocsp_port" lineno="96454">
<summary>
Make a TCP connection to the pki_ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_pki_ocsp_port" lineno="96471">
<summary>
Do not audit attempts to make a TCP connection to pki_ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pki_ocsp_client_packets" lineno="96491">
<summary>
Send pki_ocsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pki_ocsp_client_packets" lineno="96510">
<summary>
Do not audit attempts to send pki_ocsp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pki_ocsp_client_packets" lineno="96529">
<summary>
Receive pki_ocsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pki_ocsp_client_packets" lineno="96548">
<summary>
Do not audit attempts to receive pki_ocsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pki_ocsp_client_packets" lineno="96567">
<summary>
Send and receive pki_ocsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pki_ocsp_client_packets" lineno="96583">
<summary>
Do not audit attempts to send and receive pki_ocsp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pki_ocsp_client_packets" lineno="96598">
<summary>
Relabel packets to pki_ocsp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pki_ocsp_server_packets" lineno="96618">
<summary>
Send pki_ocsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pki_ocsp_server_packets" lineno="96637">
<summary>
Do not audit attempts to send pki_ocsp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pki_ocsp_server_packets" lineno="96656">
<summary>
Receive pki_ocsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pki_ocsp_server_packets" lineno="96675">
<summary>
Do not audit attempts to receive pki_ocsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pki_ocsp_server_packets" lineno="96694">
<summary>
Send and receive pki_ocsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pki_ocsp_server_packets" lineno="96710">
<summary>
Do not audit attempts to send and receive pki_ocsp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pki_ocsp_server_packets" lineno="96725">
<summary>
Relabel packets to pki_ocsp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pki_tks_port" lineno="96747">
<summary>
Send and receive TCP traffic on the pki_tks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pki_tks_port" lineno="96766">
<summary>
Send UDP traffic on the pki_tks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pki_tks_port" lineno="96785">
<summary>
Do not audit attempts to send UDP traffic on the pki_tks port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pki_tks_port" lineno="96804">
<summary>
Receive UDP traffic on the pki_tks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pki_tks_port" lineno="96823">
<summary>
Do not audit attempts to receive UDP traffic on the pki_tks port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pki_tks_port" lineno="96842">
<summary>
Send and receive UDP traffic on the pki_tks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pki_tks_port" lineno="96859">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pki_tks port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pki_tks_port" lineno="96875">
<summary>
Bind TCP sockets to the pki_tks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pki_tks_port" lineno="96895">
<summary>
Bind UDP sockets to the pki_tks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_pki_tks_port" lineno="96915">
<summary>
Do not audit attempts to sbind to pki_tks port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pki_tks_port" lineno="96934">
<summary>
Make a TCP connection to the pki_tks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_pki_tks_port" lineno="96951">
<summary>
Do not audit attempts to make a TCP connection to pki_tks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pki_tks_client_packets" lineno="96971">
<summary>
Send pki_tks_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pki_tks_client_packets" lineno="96990">
<summary>
Do not audit attempts to send pki_tks_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pki_tks_client_packets" lineno="97009">
<summary>
Receive pki_tks_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pki_tks_client_packets" lineno="97028">
<summary>
Do not audit attempts to receive pki_tks_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pki_tks_client_packets" lineno="97047">
<summary>
Send and receive pki_tks_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pki_tks_client_packets" lineno="97063">
<summary>
Do not audit attempts to send and receive pki_tks_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pki_tks_client_packets" lineno="97078">
<summary>
Relabel packets to pki_tks_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pki_tks_server_packets" lineno="97098">
<summary>
Send pki_tks_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pki_tks_server_packets" lineno="97117">
<summary>
Do not audit attempts to send pki_tks_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pki_tks_server_packets" lineno="97136">
<summary>
Receive pki_tks_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pki_tks_server_packets" lineno="97155">
<summary>
Do not audit attempts to receive pki_tks_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pki_tks_server_packets" lineno="97174">
<summary>
Send and receive pki_tks_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pki_tks_server_packets" lineno="97190">
<summary>
Do not audit attempts to send and receive pki_tks_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pki_tks_server_packets" lineno="97205">
<summary>
Relabel packets to pki_tks_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pki_ra_port" lineno="97227">
<summary>
Send and receive TCP traffic on the pki_ra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pki_ra_port" lineno="97246">
<summary>
Send UDP traffic on the pki_ra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pki_ra_port" lineno="97265">
<summary>
Do not audit attempts to send UDP traffic on the pki_ra port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pki_ra_port" lineno="97284">
<summary>
Receive UDP traffic on the pki_ra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pki_ra_port" lineno="97303">
<summary>
Do not audit attempts to receive UDP traffic on the pki_ra port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pki_ra_port" lineno="97322">
<summary>
Send and receive UDP traffic on the pki_ra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pki_ra_port" lineno="97339">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pki_ra port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pki_ra_port" lineno="97355">
<summary>
Bind TCP sockets to the pki_ra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pki_ra_port" lineno="97375">
<summary>
Bind UDP sockets to the pki_ra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_pki_ra_port" lineno="97395">
<summary>
Do not audit attempts to sbind to pki_ra port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pki_ra_port" lineno="97414">
<summary>
Make a TCP connection to the pki_ra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_pki_ra_port" lineno="97431">
<summary>
Do not audit attempts to make a TCP connection to pki_ra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pki_ra_client_packets" lineno="97451">
<summary>
Send pki_ra_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pki_ra_client_packets" lineno="97470">
<summary>
Do not audit attempts to send pki_ra_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pki_ra_client_packets" lineno="97489">
<summary>
Receive pki_ra_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pki_ra_client_packets" lineno="97508">
<summary>
Do not audit attempts to receive pki_ra_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pki_ra_client_packets" lineno="97527">
<summary>
Send and receive pki_ra_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pki_ra_client_packets" lineno="97543">
<summary>
Do not audit attempts to send and receive pki_ra_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pki_ra_client_packets" lineno="97558">
<summary>
Relabel packets to pki_ra_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pki_ra_server_packets" lineno="97578">
<summary>
Send pki_ra_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pki_ra_server_packets" lineno="97597">
<summary>
Do not audit attempts to send pki_ra_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pki_ra_server_packets" lineno="97616">
<summary>
Receive pki_ra_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pki_ra_server_packets" lineno="97635">
<summary>
Do not audit attempts to receive pki_ra_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pki_ra_server_packets" lineno="97654">
<summary>
Send and receive pki_ra_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pki_ra_server_packets" lineno="97670">
<summary>
Do not audit attempts to send and receive pki_ra_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pki_ra_server_packets" lineno="97685">
<summary>
Relabel packets to pki_ra_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pki_tps_port" lineno="97707">
<summary>
Send and receive TCP traffic on the pki_tps port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pki_tps_port" lineno="97726">
<summary>
Send UDP traffic on the pki_tps port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pki_tps_port" lineno="97745">
<summary>
Do not audit attempts to send UDP traffic on the pki_tps port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pki_tps_port" lineno="97764">
<summary>
Receive UDP traffic on the pki_tps port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pki_tps_port" lineno="97783">
<summary>
Do not audit attempts to receive UDP traffic on the pki_tps port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pki_tps_port" lineno="97802">
<summary>
Send and receive UDP traffic on the pki_tps port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pki_tps_port" lineno="97819">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pki_tps port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pki_tps_port" lineno="97835">
<summary>
Bind TCP sockets to the pki_tps port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pki_tps_port" lineno="97855">
<summary>
Bind UDP sockets to the pki_tps port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_pki_tps_port" lineno="97875">
<summary>
Do not audit attempts to sbind to pki_tps port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pki_tps_port" lineno="97894">
<summary>
Make a TCP connection to the pki_tps port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_pki_tps_port" lineno="97911">
<summary>
Do not audit attempts to make a TCP connection to pki_tps port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pki_tps_client_packets" lineno="97931">
<summary>
Send pki_tps_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pki_tps_client_packets" lineno="97950">
<summary>
Do not audit attempts to send pki_tps_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pki_tps_client_packets" lineno="97969">
<summary>
Receive pki_tps_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pki_tps_client_packets" lineno="97988">
<summary>
Do not audit attempts to receive pki_tps_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pki_tps_client_packets" lineno="98007">
<summary>
Send and receive pki_tps_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pki_tps_client_packets" lineno="98023">
<summary>
Do not audit attempts to send and receive pki_tps_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pki_tps_client_packets" lineno="98038">
<summary>
Relabel packets to pki_tps_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pki_tps_server_packets" lineno="98058">
<summary>
Send pki_tps_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pki_tps_server_packets" lineno="98077">
<summary>
Do not audit attempts to send pki_tps_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pki_tps_server_packets" lineno="98096">
<summary>
Receive pki_tps_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pki_tps_server_packets" lineno="98115">
<summary>
Do not audit attempts to receive pki_tps_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pki_tps_server_packets" lineno="98134">
<summary>
Send and receive pki_tps_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pki_tps_server_packets" lineno="98150">
<summary>
Do not audit attempts to send and receive pki_tps_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pki_tps_server_packets" lineno="98165">
<summary>
Relabel packets to pki_tps_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pktcable_cops_port" lineno="98187">
<summary>
Send and receive TCP traffic on the pktcable_cops port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pktcable_cops_port" lineno="98206">
<summary>
Send UDP traffic on the pktcable_cops port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pktcable_cops_port" lineno="98225">
<summary>
Do not audit attempts to send UDP traffic on the pktcable_cops port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pktcable_cops_port" lineno="98244">
<summary>
Receive UDP traffic on the pktcable_cops port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pktcable_cops_port" lineno="98263">
<summary>
Do not audit attempts to receive UDP traffic on the pktcable_cops port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pktcable_cops_port" lineno="98282">
<summary>
Send and receive UDP traffic on the pktcable_cops port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pktcable_cops_port" lineno="98299">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pktcable_cops port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pktcable_cops_port" lineno="98315">
<summary>
Bind TCP sockets to the pktcable_cops port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pktcable_cops_port" lineno="98335">
<summary>
Bind UDP sockets to the pktcable_cops port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_pktcable_cops_port" lineno="98355">
<summary>
Do not audit attempts to sbind to pktcable_cops port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pktcable_cops_port" lineno="98374">
<summary>
Make a TCP connection to the pktcable_cops port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_pktcable_cops_port" lineno="98391">
<summary>
Do not audit attempts to make a TCP connection to pktcable_cops port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pktcable_cops_client_packets" lineno="98411">
<summary>
Send pktcable_cops_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pktcable_cops_client_packets" lineno="98430">
<summary>
Do not audit attempts to send pktcable_cops_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pktcable_cops_client_packets" lineno="98449">
<summary>
Receive pktcable_cops_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pktcable_cops_client_packets" lineno="98468">
<summary>
Do not audit attempts to receive pktcable_cops_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pktcable_cops_client_packets" lineno="98487">
<summary>
Send and receive pktcable_cops_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pktcable_cops_client_packets" lineno="98503">
<summary>
Do not audit attempts to send and receive pktcable_cops_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pktcable_cops_client_packets" lineno="98518">
<summary>
Relabel packets to pktcable_cops_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pktcable_cops_server_packets" lineno="98538">
<summary>
Send pktcable_cops_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pktcable_cops_server_packets" lineno="98557">
<summary>
Do not audit attempts to send pktcable_cops_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pktcable_cops_server_packets" lineno="98576">
<summary>
Receive pktcable_cops_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pktcable_cops_server_packets" lineno="98595">
<summary>
Do not audit attempts to receive pktcable_cops_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pktcable_cops_server_packets" lineno="98614">
<summary>
Send and receive pktcable_cops_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pktcable_cops_server_packets" lineno="98630">
<summary>
Do not audit attempts to send and receive pktcable_cops_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pktcable_cops_server_packets" lineno="98645">
<summary>
Relabel packets to pktcable_cops_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pop_port" lineno="98667">
<summary>
Send and receive TCP traffic on the pop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pop_port" lineno="98686">
<summary>
Send UDP traffic on the pop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pop_port" lineno="98705">
<summary>
Do not audit attempts to send UDP traffic on the pop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pop_port" lineno="98724">
<summary>
Receive UDP traffic on the pop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pop_port" lineno="98743">
<summary>
Do not audit attempts to receive UDP traffic on the pop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pop_port" lineno="98762">
<summary>
Send and receive UDP traffic on the pop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pop_port" lineno="98779">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pop_port" lineno="98795">
<summary>
Bind TCP sockets to the pop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pop_port" lineno="98815">
<summary>
Bind UDP sockets to the pop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_pop_port" lineno="98835">
<summary>
Do not audit attempts to sbind to pop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pop_port" lineno="98854">
<summary>
Make a TCP connection to the pop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_pop_port" lineno="98871">
<summary>
Do not audit attempts to make a TCP connection to pop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pop_client_packets" lineno="98891">
<summary>
Send pop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pop_client_packets" lineno="98910">
<summary>
Do not audit attempts to send pop_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pop_client_packets" lineno="98929">
<summary>
Receive pop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pop_client_packets" lineno="98948">
<summary>
Do not audit attempts to receive pop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pop_client_packets" lineno="98967">
<summary>
Send and receive pop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pop_client_packets" lineno="98983">
<summary>
Do not audit attempts to send and receive pop_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pop_client_packets" lineno="98998">
<summary>
Relabel packets to pop_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pop_server_packets" lineno="99018">
<summary>
Send pop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pop_server_packets" lineno="99037">
<summary>
Do not audit attempts to send pop_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pop_server_packets" lineno="99056">
<summary>
Receive pop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pop_server_packets" lineno="99075">
<summary>
Do not audit attempts to receive pop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pop_server_packets" lineno="99094">
<summary>
Send and receive pop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pop_server_packets" lineno="99110">
<summary>
Do not audit attempts to send and receive pop_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pop_server_packets" lineno="99125">
<summary>
Relabel packets to pop_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_portmap_port" lineno="99147">
<summary>
Send and receive TCP traffic on the portmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_portmap_port" lineno="99166">
<summary>
Send UDP traffic on the portmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_portmap_port" lineno="99185">
<summary>
Do not audit attempts to send UDP traffic on the portmap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_portmap_port" lineno="99204">
<summary>
Receive UDP traffic on the portmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_portmap_port" lineno="99223">
<summary>
Do not audit attempts to receive UDP traffic on the portmap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_portmap_port" lineno="99242">
<summary>
Send and receive UDP traffic on the portmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_portmap_port" lineno="99259">
<summary>
Do not audit attempts to send and receive
UDP traffic on the portmap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_portmap_port" lineno="99275">
<summary>
Bind TCP sockets to the portmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_portmap_port" lineno="99295">
<summary>
Bind UDP sockets to the portmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_portmap_port" lineno="99315">
<summary>
Do not audit attempts to sbind to portmap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_portmap_port" lineno="99334">
<summary>
Make a TCP connection to the portmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_portmap_port" lineno="99351">
<summary>
Do not audit attempts to make a TCP connection to portmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_portmap_client_packets" lineno="99371">
<summary>
Send portmap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_portmap_client_packets" lineno="99390">
<summary>
Do not audit attempts to send portmap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_portmap_client_packets" lineno="99409">
<summary>
Receive portmap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_portmap_client_packets" lineno="99428">
<summary>
Do not audit attempts to receive portmap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_portmap_client_packets" lineno="99447">
<summary>
Send and receive portmap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_portmap_client_packets" lineno="99463">
<summary>
Do not audit attempts to send and receive portmap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_portmap_client_packets" lineno="99478">
<summary>
Relabel packets to portmap_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_portmap_server_packets" lineno="99498">
<summary>
Send portmap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_portmap_server_packets" lineno="99517">
<summary>
Do not audit attempts to send portmap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_portmap_server_packets" lineno="99536">
<summary>
Receive portmap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_portmap_server_packets" lineno="99555">
<summary>
Do not audit attempts to receive portmap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_portmap_server_packets" lineno="99574">
<summary>
Send and receive portmap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_portmap_server_packets" lineno="99590">
<summary>
Do not audit attempts to send and receive portmap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_portmap_server_packets" lineno="99605">
<summary>
Relabel packets to portmap_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_postfix_policyd_port" lineno="99627">
<summary>
Send and receive TCP traffic on the postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_postfix_policyd_port" lineno="99646">
<summary>
Send UDP traffic on the postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_postfix_policyd_port" lineno="99665">
<summary>
Do not audit attempts to send UDP traffic on the postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_postfix_policyd_port" lineno="99684">
<summary>
Receive UDP traffic on the postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_postfix_policyd_port" lineno="99703">
<summary>
Do not audit attempts to receive UDP traffic on the postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_postfix_policyd_port" lineno="99722">
<summary>
Send and receive UDP traffic on the postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_postfix_policyd_port" lineno="99739">
<summary>
Do not audit attempts to send and receive
UDP traffic on the postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_postfix_policyd_port" lineno="99755">
<summary>
Bind TCP sockets to the postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_postfix_policyd_port" lineno="99775">
<summary>
Bind UDP sockets to the postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_postfix_policyd_port" lineno="99795">
<summary>
Do not audit attempts to sbind to postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_postfix_policyd_port" lineno="99814">
<summary>
Make a TCP connection to the postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_postfix_policyd_port" lineno="99831">
<summary>
Do not audit attempts to make a TCP connection to postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_postfix_policyd_client_packets" lineno="99851">
<summary>
Send postfix_policyd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_postfix_policyd_client_packets" lineno="99870">
<summary>
Do not audit attempts to send postfix_policyd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_postfix_policyd_client_packets" lineno="99889">
<summary>
Receive postfix_policyd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_postfix_policyd_client_packets" lineno="99908">
<summary>
Do not audit attempts to receive postfix_policyd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_postfix_policyd_client_packets" lineno="99927">
<summary>
Send and receive postfix_policyd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_postfix_policyd_client_packets" lineno="99943">
<summary>
Do not audit attempts to send and receive postfix_policyd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_postfix_policyd_client_packets" lineno="99958">
<summary>
Relabel packets to postfix_policyd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_postfix_policyd_server_packets" lineno="99978">
<summary>
Send postfix_policyd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_postfix_policyd_server_packets" lineno="99997">
<summary>
Do not audit attempts to send postfix_policyd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_postfix_policyd_server_packets" lineno="100016">
<summary>
Receive postfix_policyd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_postfix_policyd_server_packets" lineno="100035">
<summary>
Do not audit attempts to receive postfix_policyd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_postfix_policyd_server_packets" lineno="100054">
<summary>
Send and receive postfix_policyd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_postfix_policyd_server_packets" lineno="100070">
<summary>
Do not audit attempts to send and receive postfix_policyd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_postfix_policyd_server_packets" lineno="100085">
<summary>
Relabel packets to postfix_policyd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_postgresql_port" lineno="100107">
<summary>
Send and receive TCP traffic on the postgresql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_postgresql_port" lineno="100126">
<summary>
Send UDP traffic on the postgresql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_postgresql_port" lineno="100145">
<summary>
Do not audit attempts to send UDP traffic on the postgresql port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_postgresql_port" lineno="100164">
<summary>
Receive UDP traffic on the postgresql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_postgresql_port" lineno="100183">
<summary>
Do not audit attempts to receive UDP traffic on the postgresql port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_postgresql_port" lineno="100202">
<summary>
Send and receive UDP traffic on the postgresql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_postgresql_port" lineno="100219">
<summary>
Do not audit attempts to send and receive
UDP traffic on the postgresql port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_postgresql_port" lineno="100235">
<summary>
Bind TCP sockets to the postgresql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_postgresql_port" lineno="100255">
<summary>
Bind UDP sockets to the postgresql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_postgresql_port" lineno="100275">
<summary>
Do not audit attempts to sbind to postgresql port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_postgresql_port" lineno="100294">
<summary>
Make a TCP connection to the postgresql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_postgresql_port" lineno="100311">
<summary>
Do not audit attempts to make a TCP connection to postgresql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_postgresql_client_packets" lineno="100331">
<summary>
Send postgresql_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_postgresql_client_packets" lineno="100350">
<summary>
Do not audit attempts to send postgresql_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_postgresql_client_packets" lineno="100369">
<summary>
Receive postgresql_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_postgresql_client_packets" lineno="100388">
<summary>
Do not audit attempts to receive postgresql_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_postgresql_client_packets" lineno="100407">
<summary>
Send and receive postgresql_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_postgresql_client_packets" lineno="100423">
<summary>
Do not audit attempts to send and receive postgresql_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_postgresql_client_packets" lineno="100438">
<summary>
Relabel packets to postgresql_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_postgresql_server_packets" lineno="100458">
<summary>
Send postgresql_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_postgresql_server_packets" lineno="100477">
<summary>
Do not audit attempts to send postgresql_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_postgresql_server_packets" lineno="100496">
<summary>
Receive postgresql_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_postgresql_server_packets" lineno="100515">
<summary>
Do not audit attempts to receive postgresql_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_postgresql_server_packets" lineno="100534">
<summary>
Send and receive postgresql_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_postgresql_server_packets" lineno="100550">
<summary>
Do not audit attempts to send and receive postgresql_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_postgresql_server_packets" lineno="100565">
<summary>
Relabel packets to postgresql_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_postgrey_port" lineno="100587">
<summary>
Send and receive TCP traffic on the postgrey port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_postgrey_port" lineno="100606">
<summary>
Send UDP traffic on the postgrey port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_postgrey_port" lineno="100625">
<summary>
Do not audit attempts to send UDP traffic on the postgrey port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_postgrey_port" lineno="100644">
<summary>
Receive UDP traffic on the postgrey port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_postgrey_port" lineno="100663">
<summary>
Do not audit attempts to receive UDP traffic on the postgrey port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_postgrey_port" lineno="100682">
<summary>
Send and receive UDP traffic on the postgrey port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_postgrey_port" lineno="100699">
<summary>
Do not audit attempts to send and receive
UDP traffic on the postgrey port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_postgrey_port" lineno="100715">
<summary>
Bind TCP sockets to the postgrey port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_postgrey_port" lineno="100735">
<summary>
Bind UDP sockets to the postgrey port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_postgrey_port" lineno="100755">
<summary>
Do not audit attempts to sbind to postgrey port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_postgrey_port" lineno="100774">
<summary>
Make a TCP connection to the postgrey port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_postgrey_port" lineno="100791">
<summary>
Do not audit attempts to make a TCP connection to postgrey port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_postgrey_client_packets" lineno="100811">
<summary>
Send postgrey_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_postgrey_client_packets" lineno="100830">
<summary>
Do not audit attempts to send postgrey_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_postgrey_client_packets" lineno="100849">
<summary>
Receive postgrey_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_postgrey_client_packets" lineno="100868">
<summary>
Do not audit attempts to receive postgrey_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_postgrey_client_packets" lineno="100887">
<summary>
Send and receive postgrey_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_postgrey_client_packets" lineno="100903">
<summary>
Do not audit attempts to send and receive postgrey_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_postgrey_client_packets" lineno="100918">
<summary>
Relabel packets to postgrey_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_postgrey_server_packets" lineno="100938">
<summary>
Send postgrey_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_postgrey_server_packets" lineno="100957">
<summary>
Do not audit attempts to send postgrey_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_postgrey_server_packets" lineno="100976">
<summary>
Receive postgrey_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_postgrey_server_packets" lineno="100995">
<summary>
Do not audit attempts to receive postgrey_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_postgrey_server_packets" lineno="101014">
<summary>
Send and receive postgrey_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_postgrey_server_packets" lineno="101030">
<summary>
Do not audit attempts to send and receive postgrey_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_postgrey_server_packets" lineno="101045">
<summary>
Relabel packets to postgrey_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pptp_port" lineno="101067">
<summary>
Send and receive TCP traffic on the pptp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pptp_port" lineno="101086">
<summary>
Send UDP traffic on the pptp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pptp_port" lineno="101105">
<summary>
Do not audit attempts to send UDP traffic on the pptp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pptp_port" lineno="101124">
<summary>
Receive UDP traffic on the pptp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pptp_port" lineno="101143">
<summary>
Do not audit attempts to receive UDP traffic on the pptp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pptp_port" lineno="101162">
<summary>
Send and receive UDP traffic on the pptp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pptp_port" lineno="101179">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pptp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pptp_port" lineno="101195">
<summary>
Bind TCP sockets to the pptp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pptp_port" lineno="101215">
<summary>
Bind UDP sockets to the pptp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_pptp_port" lineno="101235">
<summary>
Do not audit attempts to sbind to pptp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pptp_port" lineno="101254">
<summary>
Make a TCP connection to the pptp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_pptp_port" lineno="101271">
<summary>
Do not audit attempts to make a TCP connection to pptp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pptp_client_packets" lineno="101291">
<summary>
Send pptp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pptp_client_packets" lineno="101310">
<summary>
Do not audit attempts to send pptp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pptp_client_packets" lineno="101329">
<summary>
Receive pptp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pptp_client_packets" lineno="101348">
<summary>
Do not audit attempts to receive pptp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pptp_client_packets" lineno="101367">
<summary>
Send and receive pptp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pptp_client_packets" lineno="101383">
<summary>
Do not audit attempts to send and receive pptp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pptp_client_packets" lineno="101398">
<summary>
Relabel packets to pptp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pptp_server_packets" lineno="101418">
<summary>
Send pptp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pptp_server_packets" lineno="101437">
<summary>
Do not audit attempts to send pptp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pptp_server_packets" lineno="101456">
<summary>
Receive pptp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pptp_server_packets" lineno="101475">
<summary>
Do not audit attempts to receive pptp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pptp_server_packets" lineno="101494">
<summary>
Send and receive pptp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pptp_server_packets" lineno="101510">
<summary>
Do not audit attempts to send and receive pptp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pptp_server_packets" lineno="101525">
<summary>
Relabel packets to pptp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_prelude_port" lineno="101547">
<summary>
Send and receive TCP traffic on the prelude port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_prelude_port" lineno="101566">
<summary>
Send UDP traffic on the prelude port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_prelude_port" lineno="101585">
<summary>
Do not audit attempts to send UDP traffic on the prelude port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_prelude_port" lineno="101604">
<summary>
Receive UDP traffic on the prelude port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_prelude_port" lineno="101623">
<summary>
Do not audit attempts to receive UDP traffic on the prelude port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_prelude_port" lineno="101642">
<summary>
Send and receive UDP traffic on the prelude port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_prelude_port" lineno="101659">
<summary>
Do not audit attempts to send and receive
UDP traffic on the prelude port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_prelude_port" lineno="101675">
<summary>
Bind TCP sockets to the prelude port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_prelude_port" lineno="101695">
<summary>
Bind UDP sockets to the prelude port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_prelude_port" lineno="101715">
<summary>
Do not audit attempts to sbind to prelude port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_prelude_port" lineno="101734">
<summary>
Make a TCP connection to the prelude port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_prelude_port" lineno="101751">
<summary>
Do not audit attempts to make a TCP connection to prelude port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_prelude_client_packets" lineno="101771">
<summary>
Send prelude_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_prelude_client_packets" lineno="101790">
<summary>
Do not audit attempts to send prelude_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_prelude_client_packets" lineno="101809">
<summary>
Receive prelude_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_prelude_client_packets" lineno="101828">
<summary>
Do not audit attempts to receive prelude_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_prelude_client_packets" lineno="101847">
<summary>
Send and receive prelude_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_prelude_client_packets" lineno="101863">
<summary>
Do not audit attempts to send and receive prelude_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_prelude_client_packets" lineno="101878">
<summary>
Relabel packets to prelude_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_prelude_server_packets" lineno="101898">
<summary>
Send prelude_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_prelude_server_packets" lineno="101917">
<summary>
Do not audit attempts to send prelude_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_prelude_server_packets" lineno="101936">
<summary>
Receive prelude_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_prelude_server_packets" lineno="101955">
<summary>
Do not audit attempts to receive prelude_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_prelude_server_packets" lineno="101974">
<summary>
Send and receive prelude_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_prelude_server_packets" lineno="101990">
<summary>
Do not audit attempts to send and receive prelude_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_prelude_server_packets" lineno="102005">
<summary>
Relabel packets to prelude_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_presence_port" lineno="102027">
<summary>
Send and receive TCP traffic on the presence port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_presence_port" lineno="102046">
<summary>
Send UDP traffic on the presence port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_presence_port" lineno="102065">
<summary>
Do not audit attempts to send UDP traffic on the presence port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_presence_port" lineno="102084">
<summary>
Receive UDP traffic on the presence port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_presence_port" lineno="102103">
<summary>
Do not audit attempts to receive UDP traffic on the presence port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_presence_port" lineno="102122">
<summary>
Send and receive UDP traffic on the presence port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_presence_port" lineno="102139">
<summary>
Do not audit attempts to send and receive
UDP traffic on the presence port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_presence_port" lineno="102155">
<summary>
Bind TCP sockets to the presence port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_presence_port" lineno="102175">
<summary>
Bind UDP sockets to the presence port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_presence_port" lineno="102195">
<summary>
Do not audit attempts to sbind to presence port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_presence_port" lineno="102214">
<summary>
Make a TCP connection to the presence port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_presence_port" lineno="102231">
<summary>
Do not audit attempts to make a TCP connection to presence port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_presence_client_packets" lineno="102251">
<summary>
Send presence_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_presence_client_packets" lineno="102270">
<summary>
Do not audit attempts to send presence_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_presence_client_packets" lineno="102289">
<summary>
Receive presence_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_presence_client_packets" lineno="102308">
<summary>
Do not audit attempts to receive presence_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_presence_client_packets" lineno="102327">
<summary>
Send and receive presence_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_presence_client_packets" lineno="102343">
<summary>
Do not audit attempts to send and receive presence_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_presence_client_packets" lineno="102358">
<summary>
Relabel packets to presence_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_presence_server_packets" lineno="102378">
<summary>
Send presence_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_presence_server_packets" lineno="102397">
<summary>
Do not audit attempts to send presence_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_presence_server_packets" lineno="102416">
<summary>
Receive presence_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_presence_server_packets" lineno="102435">
<summary>
Do not audit attempts to receive presence_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_presence_server_packets" lineno="102454">
<summary>
Send and receive presence_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_presence_server_packets" lineno="102470">
<summary>
Do not audit attempts to send and receive presence_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_presence_server_packets" lineno="102485">
<summary>
Relabel packets to presence_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_preupgrade_port" lineno="102507">
<summary>
Send and receive TCP traffic on the preupgrade port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_preupgrade_port" lineno="102526">
<summary>
Send UDP traffic on the preupgrade port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_preupgrade_port" lineno="102545">
<summary>
Do not audit attempts to send UDP traffic on the preupgrade port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_preupgrade_port" lineno="102564">
<summary>
Receive UDP traffic on the preupgrade port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_preupgrade_port" lineno="102583">
<summary>
Do not audit attempts to receive UDP traffic on the preupgrade port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_preupgrade_port" lineno="102602">
<summary>
Send and receive UDP traffic on the preupgrade port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_preupgrade_port" lineno="102619">
<summary>
Do not audit attempts to send and receive
UDP traffic on the preupgrade port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_preupgrade_port" lineno="102635">
<summary>
Bind TCP sockets to the preupgrade port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_preupgrade_port" lineno="102655">
<summary>
Bind UDP sockets to the preupgrade port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_preupgrade_port" lineno="102675">
<summary>
Do not audit attempts to sbind to preupgrade port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_preupgrade_port" lineno="102694">
<summary>
Make a TCP connection to the preupgrade port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_preupgrade_port" lineno="102711">
<summary>
Do not audit attempts to make a TCP connection to preupgrade port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_preupgrade_client_packets" lineno="102731">
<summary>
Send preupgrade_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_preupgrade_client_packets" lineno="102750">
<summary>
Do not audit attempts to send preupgrade_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_preupgrade_client_packets" lineno="102769">
<summary>
Receive preupgrade_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_preupgrade_client_packets" lineno="102788">
<summary>
Do not audit attempts to receive preupgrade_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_preupgrade_client_packets" lineno="102807">
<summary>
Send and receive preupgrade_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_preupgrade_client_packets" lineno="102823">
<summary>
Do not audit attempts to send and receive preupgrade_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_preupgrade_client_packets" lineno="102838">
<summary>
Relabel packets to preupgrade_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_preupgrade_server_packets" lineno="102858">
<summary>
Send preupgrade_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_preupgrade_server_packets" lineno="102877">
<summary>
Do not audit attempts to send preupgrade_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_preupgrade_server_packets" lineno="102896">
<summary>
Receive preupgrade_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_preupgrade_server_packets" lineno="102915">
<summary>
Do not audit attempts to receive preupgrade_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_preupgrade_server_packets" lineno="102934">
<summary>
Send and receive preupgrade_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_preupgrade_server_packets" lineno="102950">
<summary>
Do not audit attempts to send and receive preupgrade_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_preupgrade_server_packets" lineno="102965">
<summary>
Relabel packets to preupgrade_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_printer_port" lineno="102987">
<summary>
Send and receive TCP traffic on the printer port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_printer_port" lineno="103006">
<summary>
Send UDP traffic on the printer port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_printer_port" lineno="103025">
<summary>
Do not audit attempts to send UDP traffic on the printer port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_printer_port" lineno="103044">
<summary>
Receive UDP traffic on the printer port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_printer_port" lineno="103063">
<summary>
Do not audit attempts to receive UDP traffic on the printer port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_printer_port" lineno="103082">
<summary>
Send and receive UDP traffic on the printer port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_printer_port" lineno="103099">
<summary>
Do not audit attempts to send and receive
UDP traffic on the printer port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_printer_port" lineno="103115">
<summary>
Bind TCP sockets to the printer port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_printer_port" lineno="103135">
<summary>
Bind UDP sockets to the printer port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_printer_port" lineno="103155">
<summary>
Do not audit attempts to sbind to printer port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_printer_port" lineno="103174">
<summary>
Make a TCP connection to the printer port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_printer_port" lineno="103191">
<summary>
Do not audit attempts to make a TCP connection to printer port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_printer_client_packets" lineno="103211">
<summary>
Send printer_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_printer_client_packets" lineno="103230">
<summary>
Do not audit attempts to send printer_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_printer_client_packets" lineno="103249">
<summary>
Receive printer_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_printer_client_packets" lineno="103268">
<summary>
Do not audit attempts to receive printer_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_printer_client_packets" lineno="103287">
<summary>
Send and receive printer_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_printer_client_packets" lineno="103303">
<summary>
Do not audit attempts to send and receive printer_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_printer_client_packets" lineno="103318">
<summary>
Relabel packets to printer_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_printer_server_packets" lineno="103338">
<summary>
Send printer_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_printer_server_packets" lineno="103357">
<summary>
Do not audit attempts to send printer_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_printer_server_packets" lineno="103376">
<summary>
Receive printer_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_printer_server_packets" lineno="103395">
<summary>
Do not audit attempts to receive printer_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_printer_server_packets" lineno="103414">
<summary>
Send and receive printer_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_printer_server_packets" lineno="103430">
<summary>
Do not audit attempts to send and receive printer_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_printer_server_packets" lineno="103445">
<summary>
Relabel packets to printer_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_priority_e_com_port" lineno="103467">
<summary>
Send and receive TCP traffic on the priority_e_com port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_priority_e_com_port" lineno="103486">
<summary>
Send UDP traffic on the priority_e_com port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_priority_e_com_port" lineno="103505">
<summary>
Do not audit attempts to send UDP traffic on the priority_e_com port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_priority_e_com_port" lineno="103524">
<summary>
Receive UDP traffic on the priority_e_com port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_priority_e_com_port" lineno="103543">
<summary>
Do not audit attempts to receive UDP traffic on the priority_e_com port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_priority_e_com_port" lineno="103562">
<summary>
Send and receive UDP traffic on the priority_e_com port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_priority_e_com_port" lineno="103579">
<summary>
Do not audit attempts to send and receive
UDP traffic on the priority_e_com port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_priority_e_com_port" lineno="103595">
<summary>
Bind TCP sockets to the priority_e_com port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_priority_e_com_port" lineno="103615">
<summary>
Bind UDP sockets to the priority_e_com port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_priority_e_com_port" lineno="103635">
<summary>
Do not audit attempts to sbind to priority_e_com port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_priority_e_com_port" lineno="103654">
<summary>
Make a TCP connection to the priority_e_com port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_priority_e_com_port" lineno="103671">
<summary>
Do not audit attempts to make a TCP connection to priority_e_com port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_priority_e_com_client_packets" lineno="103691">
<summary>
Send priority_e_com_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_priority_e_com_client_packets" lineno="103710">
<summary>
Do not audit attempts to send priority_e_com_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_priority_e_com_client_packets" lineno="103729">
<summary>
Receive priority_e_com_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_priority_e_com_client_packets" lineno="103748">
<summary>
Do not audit attempts to receive priority_e_com_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_priority_e_com_client_packets" lineno="103767">
<summary>
Send and receive priority_e_com_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_priority_e_com_client_packets" lineno="103783">
<summary>
Do not audit attempts to send and receive priority_e_com_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_priority_e_com_client_packets" lineno="103798">
<summary>
Relabel packets to priority_e_com_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_priority_e_com_server_packets" lineno="103818">
<summary>
Send priority_e_com_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_priority_e_com_server_packets" lineno="103837">
<summary>
Do not audit attempts to send priority_e_com_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_priority_e_com_server_packets" lineno="103856">
<summary>
Receive priority_e_com_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_priority_e_com_server_packets" lineno="103875">
<summary>
Do not audit attempts to receive priority_e_com_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_priority_e_com_server_packets" lineno="103894">
<summary>
Send and receive priority_e_com_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_priority_e_com_server_packets" lineno="103910">
<summary>
Do not audit attempts to send and receive priority_e_com_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_priority_e_com_server_packets" lineno="103925">
<summary>
Relabel packets to priority_e_com_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_prosody_port" lineno="103947">
<summary>
Send and receive TCP traffic on the prosody port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_prosody_port" lineno="103966">
<summary>
Send UDP traffic on the prosody port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_prosody_port" lineno="103985">
<summary>
Do not audit attempts to send UDP traffic on the prosody port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_prosody_port" lineno="104004">
<summary>
Receive UDP traffic on the prosody port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_prosody_port" lineno="104023">
<summary>
Do not audit attempts to receive UDP traffic on the prosody port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_prosody_port" lineno="104042">
<summary>
Send and receive UDP traffic on the prosody port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_prosody_port" lineno="104059">
<summary>
Do not audit attempts to send and receive
UDP traffic on the prosody port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_prosody_port" lineno="104075">
<summary>
Bind TCP sockets to the prosody port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_prosody_port" lineno="104095">
<summary>
Bind UDP sockets to the prosody port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_prosody_port" lineno="104115">
<summary>
Do not audit attempts to sbind to prosody port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_prosody_port" lineno="104134">
<summary>
Make a TCP connection to the prosody port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_prosody_port" lineno="104151">
<summary>
Do not audit attempts to make a TCP connection to prosody port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_prosody_client_packets" lineno="104171">
<summary>
Send prosody_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_prosody_client_packets" lineno="104190">
<summary>
Do not audit attempts to send prosody_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_prosody_client_packets" lineno="104209">
<summary>
Receive prosody_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_prosody_client_packets" lineno="104228">
<summary>
Do not audit attempts to receive prosody_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_prosody_client_packets" lineno="104247">
<summary>
Send and receive prosody_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_prosody_client_packets" lineno="104263">
<summary>
Do not audit attempts to send and receive prosody_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_prosody_client_packets" lineno="104278">
<summary>
Relabel packets to prosody_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_prosody_server_packets" lineno="104298">
<summary>
Send prosody_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_prosody_server_packets" lineno="104317">
<summary>
Do not audit attempts to send prosody_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_prosody_server_packets" lineno="104336">
<summary>
Receive prosody_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_prosody_server_packets" lineno="104355">
<summary>
Do not audit attempts to receive prosody_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_prosody_server_packets" lineno="104374">
<summary>
Send and receive prosody_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_prosody_server_packets" lineno="104390">
<summary>
Do not audit attempts to send and receive prosody_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_prosody_server_packets" lineno="104405">
<summary>
Relabel packets to prosody_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ptal_port" lineno="104427">
<summary>
Send and receive TCP traffic on the ptal port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ptal_port" lineno="104446">
<summary>
Send UDP traffic on the ptal port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ptal_port" lineno="104465">
<summary>
Do not audit attempts to send UDP traffic on the ptal port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ptal_port" lineno="104484">
<summary>
Receive UDP traffic on the ptal port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ptal_port" lineno="104503">
<summary>
Do not audit attempts to receive UDP traffic on the ptal port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ptal_port" lineno="104522">
<summary>
Send and receive UDP traffic on the ptal port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ptal_port" lineno="104539">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ptal port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ptal_port" lineno="104555">
<summary>
Bind TCP sockets to the ptal port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ptal_port" lineno="104575">
<summary>
Bind UDP sockets to the ptal port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_ptal_port" lineno="104595">
<summary>
Do not audit attempts to sbind to ptal port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ptal_port" lineno="104614">
<summary>
Make a TCP connection to the ptal port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_ptal_port" lineno="104631">
<summary>
Do not audit attempts to make a TCP connection to ptal port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ptal_client_packets" lineno="104651">
<summary>
Send ptal_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ptal_client_packets" lineno="104670">
<summary>
Do not audit attempts to send ptal_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ptal_client_packets" lineno="104689">
<summary>
Receive ptal_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ptal_client_packets" lineno="104708">
<summary>
Do not audit attempts to receive ptal_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ptal_client_packets" lineno="104727">
<summary>
Send and receive ptal_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ptal_client_packets" lineno="104743">
<summary>
Do not audit attempts to send and receive ptal_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ptal_client_packets" lineno="104758">
<summary>
Relabel packets to ptal_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ptal_server_packets" lineno="104778">
<summary>
Send ptal_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ptal_server_packets" lineno="104797">
<summary>
Do not audit attempts to send ptal_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ptal_server_packets" lineno="104816">
<summary>
Receive ptal_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ptal_server_packets" lineno="104835">
<summary>
Do not audit attempts to receive ptal_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ptal_server_packets" lineno="104854">
<summary>
Send and receive ptal_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ptal_server_packets" lineno="104870">
<summary>
Do not audit attempts to send and receive ptal_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ptal_server_packets" lineno="104885">
<summary>
Relabel packets to ptal_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ptp_event_port" lineno="104907">
<summary>
Send and receive TCP traffic on the ptp_event port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ptp_event_port" lineno="104926">
<summary>
Send UDP traffic on the ptp_event port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ptp_event_port" lineno="104945">
<summary>
Do not audit attempts to send UDP traffic on the ptp_event port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ptp_event_port" lineno="104964">
<summary>
Receive UDP traffic on the ptp_event port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ptp_event_port" lineno="104983">
<summary>
Do not audit attempts to receive UDP traffic on the ptp_event port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ptp_event_port" lineno="105002">
<summary>
Send and receive UDP traffic on the ptp_event port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ptp_event_port" lineno="105019">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ptp_event port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ptp_event_port" lineno="105035">
<summary>
Bind TCP sockets to the ptp_event port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ptp_event_port" lineno="105055">
<summary>
Bind UDP sockets to the ptp_event port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_ptp_event_port" lineno="105075">
<summary>
Do not audit attempts to sbind to ptp_event port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ptp_event_port" lineno="105094">
<summary>
Make a TCP connection to the ptp_event port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_ptp_event_port" lineno="105111">
<summary>
Do not audit attempts to make a TCP connection to ptp_event port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ptp_event_client_packets" lineno="105131">
<summary>
Send ptp_event_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ptp_event_client_packets" lineno="105150">
<summary>
Do not audit attempts to send ptp_event_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ptp_event_client_packets" lineno="105169">
<summary>
Receive ptp_event_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ptp_event_client_packets" lineno="105188">
<summary>
Do not audit attempts to receive ptp_event_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ptp_event_client_packets" lineno="105207">
<summary>
Send and receive ptp_event_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ptp_event_client_packets" lineno="105223">
<summary>
Do not audit attempts to send and receive ptp_event_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ptp_event_client_packets" lineno="105238">
<summary>
Relabel packets to ptp_event_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ptp_event_server_packets" lineno="105258">
<summary>
Send ptp_event_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ptp_event_server_packets" lineno="105277">
<summary>
Do not audit attempts to send ptp_event_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ptp_event_server_packets" lineno="105296">
<summary>
Receive ptp_event_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ptp_event_server_packets" lineno="105315">
<summary>
Do not audit attempts to receive ptp_event_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ptp_event_server_packets" lineno="105334">
<summary>
Send and receive ptp_event_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ptp_event_server_packets" lineno="105350">
<summary>
Do not audit attempts to send and receive ptp_event_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ptp_event_server_packets" lineno="105365">
<summary>
Relabel packets to ptp_event_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pulseaudio_port" lineno="105387">
<summary>
Send and receive TCP traffic on the pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pulseaudio_port" lineno="105406">
<summary>
Send UDP traffic on the pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pulseaudio_port" lineno="105425">
<summary>
Do not audit attempts to send UDP traffic on the pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pulseaudio_port" lineno="105444">
<summary>
Receive UDP traffic on the pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pulseaudio_port" lineno="105463">
<summary>
Do not audit attempts to receive UDP traffic on the pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pulseaudio_port" lineno="105482">
<summary>
Send and receive UDP traffic on the pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pulseaudio_port" lineno="105499">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pulseaudio_port" lineno="105515">
<summary>
Bind TCP sockets to the pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pulseaudio_port" lineno="105535">
<summary>
Bind UDP sockets to the pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_pulseaudio_port" lineno="105555">
<summary>
Do not audit attempts to sbind to pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pulseaudio_port" lineno="105574">
<summary>
Make a TCP connection to the pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_pulseaudio_port" lineno="105591">
<summary>
Do not audit attempts to make a TCP connection to pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pulseaudio_client_packets" lineno="105611">
<summary>
Send pulseaudio_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pulseaudio_client_packets" lineno="105630">
<summary>
Do not audit attempts to send pulseaudio_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pulseaudio_client_packets" lineno="105649">
<summary>
Receive pulseaudio_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pulseaudio_client_packets" lineno="105668">
<summary>
Do not audit attempts to receive pulseaudio_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pulseaudio_client_packets" lineno="105687">
<summary>
Send and receive pulseaudio_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pulseaudio_client_packets" lineno="105703">
<summary>
Do not audit attempts to send and receive pulseaudio_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pulseaudio_client_packets" lineno="105718">
<summary>
Relabel packets to pulseaudio_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pulseaudio_server_packets" lineno="105738">
<summary>
Send pulseaudio_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pulseaudio_server_packets" lineno="105757">
<summary>
Do not audit attempts to send pulseaudio_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pulseaudio_server_packets" lineno="105776">
<summary>
Receive pulseaudio_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pulseaudio_server_packets" lineno="105795">
<summary>
Do not audit attempts to receive pulseaudio_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pulseaudio_server_packets" lineno="105814">
<summary>
Send and receive pulseaudio_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pulseaudio_server_packets" lineno="105830">
<summary>
Do not audit attempts to send and receive pulseaudio_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pulseaudio_server_packets" lineno="105845">
<summary>
Relabel packets to pulseaudio_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pulp_port" lineno="105867">
<summary>
Send and receive TCP traffic on the pulp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pulp_port" lineno="105886">
<summary>
Send UDP traffic on the pulp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pulp_port" lineno="105905">
<summary>
Do not audit attempts to send UDP traffic on the pulp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pulp_port" lineno="105924">
<summary>
Receive UDP traffic on the pulp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pulp_port" lineno="105943">
<summary>
Do not audit attempts to receive UDP traffic on the pulp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pulp_port" lineno="105962">
<summary>
Send and receive UDP traffic on the pulp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pulp_port" lineno="105979">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pulp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pulp_port" lineno="105995">
<summary>
Bind TCP sockets to the pulp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pulp_port" lineno="106015">
<summary>
Bind UDP sockets to the pulp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_pulp_port" lineno="106035">
<summary>
Do not audit attempts to sbind to pulp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pulp_port" lineno="106054">
<summary>
Make a TCP connection to the pulp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_pulp_port" lineno="106071">
<summary>
Do not audit attempts to make a TCP connection to pulp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pulp_client_packets" lineno="106091">
<summary>
Send pulp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pulp_client_packets" lineno="106110">
<summary>
Do not audit attempts to send pulp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pulp_client_packets" lineno="106129">
<summary>
Receive pulp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pulp_client_packets" lineno="106148">
<summary>
Do not audit attempts to receive pulp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pulp_client_packets" lineno="106167">
<summary>
Send and receive pulp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pulp_client_packets" lineno="106183">
<summary>
Do not audit attempts to send and receive pulp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pulp_client_packets" lineno="106198">
<summary>
Relabel packets to pulp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pulp_server_packets" lineno="106218">
<summary>
Send pulp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pulp_server_packets" lineno="106237">
<summary>
Do not audit attempts to send pulp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pulp_server_packets" lineno="106256">
<summary>
Receive pulp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pulp_server_packets" lineno="106275">
<summary>
Do not audit attempts to receive pulp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pulp_server_packets" lineno="106294">
<summary>
Send and receive pulp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pulp_server_packets" lineno="106310">
<summary>
Do not audit attempts to send and receive pulp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pulp_server_packets" lineno="106325">
<summary>
Relabel packets to pulp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_puppet_port" lineno="106347">
<summary>
Send and receive TCP traffic on the puppet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_puppet_port" lineno="106366">
<summary>
Send UDP traffic on the puppet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_puppet_port" lineno="106385">
<summary>
Do not audit attempts to send UDP traffic on the puppet port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_puppet_port" lineno="106404">
<summary>
Receive UDP traffic on the puppet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_puppet_port" lineno="106423">
<summary>
Do not audit attempts to receive UDP traffic on the puppet port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_puppet_port" lineno="106442">
<summary>
Send and receive UDP traffic on the puppet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_puppet_port" lineno="106459">
<summary>
Do not audit attempts to send and receive
UDP traffic on the puppet port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_puppet_port" lineno="106475">
<summary>
Bind TCP sockets to the puppet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_puppet_port" lineno="106495">
<summary>
Bind UDP sockets to the puppet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_puppet_port" lineno="106515">
<summary>
Do not audit attempts to sbind to puppet port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_puppet_port" lineno="106534">
<summary>
Make a TCP connection to the puppet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_puppet_port" lineno="106551">
<summary>
Do not audit attempts to make a TCP connection to puppet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_puppet_client_packets" lineno="106571">
<summary>
Send puppet_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_puppet_client_packets" lineno="106590">
<summary>
Do not audit attempts to send puppet_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_puppet_client_packets" lineno="106609">
<summary>
Receive puppet_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_puppet_client_packets" lineno="106628">
<summary>
Do not audit attempts to receive puppet_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_puppet_client_packets" lineno="106647">
<summary>
Send and receive puppet_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_puppet_client_packets" lineno="106663">
<summary>
Do not audit attempts to send and receive puppet_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_puppet_client_packets" lineno="106678">
<summary>
Relabel packets to puppet_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_puppet_server_packets" lineno="106698">
<summary>
Send puppet_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_puppet_server_packets" lineno="106717">
<summary>
Do not audit attempts to send puppet_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_puppet_server_packets" lineno="106736">
<summary>
Receive puppet_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_puppet_server_packets" lineno="106755">
<summary>
Do not audit attempts to receive puppet_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_puppet_server_packets" lineno="106774">
<summary>
Send and receive puppet_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_puppet_server_packets" lineno="106790">
<summary>
Do not audit attempts to send and receive puppet_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_puppet_server_packets" lineno="106805">
<summary>
Relabel packets to puppet_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pxe_port" lineno="106827">
<summary>
Send and receive TCP traffic on the pxe port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pxe_port" lineno="106846">
<summary>
Send UDP traffic on the pxe port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pxe_port" lineno="106865">
<summary>
Do not audit attempts to send UDP traffic on the pxe port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pxe_port" lineno="106884">
<summary>
Receive UDP traffic on the pxe port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pxe_port" lineno="106903">
<summary>
Do not audit attempts to receive UDP traffic on the pxe port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pxe_port" lineno="106922">
<summary>
Send and receive UDP traffic on the pxe port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pxe_port" lineno="106939">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pxe port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pxe_port" lineno="106955">
<summary>
Bind TCP sockets to the pxe port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pxe_port" lineno="106975">
<summary>
Bind UDP sockets to the pxe port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_pxe_port" lineno="106995">
<summary>
Do not audit attempts to sbind to pxe port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pxe_port" lineno="107014">
<summary>
Make a TCP connection to the pxe port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_pxe_port" lineno="107031">
<summary>
Do not audit attempts to make a TCP connection to pxe port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pxe_client_packets" lineno="107051">
<summary>
Send pxe_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pxe_client_packets" lineno="107070">
<summary>
Do not audit attempts to send pxe_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pxe_client_packets" lineno="107089">
<summary>
Receive pxe_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pxe_client_packets" lineno="107108">
<summary>
Do not audit attempts to receive pxe_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pxe_client_packets" lineno="107127">
<summary>
Send and receive pxe_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pxe_client_packets" lineno="107143">
<summary>
Do not audit attempts to send and receive pxe_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pxe_client_packets" lineno="107158">
<summary>
Relabel packets to pxe_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pxe_server_packets" lineno="107178">
<summary>
Send pxe_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pxe_server_packets" lineno="107197">
<summary>
Do not audit attempts to send pxe_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pxe_server_packets" lineno="107216">
<summary>
Receive pxe_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pxe_server_packets" lineno="107235">
<summary>
Do not audit attempts to receive pxe_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pxe_server_packets" lineno="107254">
<summary>
Send and receive pxe_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pxe_server_packets" lineno="107270">
<summary>
Do not audit attempts to send and receive pxe_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pxe_server_packets" lineno="107285">
<summary>
Relabel packets to pxe_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pyzor_port" lineno="107307">
<summary>
Send and receive TCP traffic on the pyzor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pyzor_port" lineno="107326">
<summary>
Send UDP traffic on the pyzor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pyzor_port" lineno="107345">
<summary>
Do not audit attempts to send UDP traffic on the pyzor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pyzor_port" lineno="107364">
<summary>
Receive UDP traffic on the pyzor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pyzor_port" lineno="107383">
<summary>
Do not audit attempts to receive UDP traffic on the pyzor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pyzor_port" lineno="107402">
<summary>
Send and receive UDP traffic on the pyzor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pyzor_port" lineno="107419">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pyzor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pyzor_port" lineno="107435">
<summary>
Bind TCP sockets to the pyzor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pyzor_port" lineno="107455">
<summary>
Bind UDP sockets to the pyzor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_pyzor_port" lineno="107475">
<summary>
Do not audit attempts to sbind to pyzor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pyzor_port" lineno="107494">
<summary>
Make a TCP connection to the pyzor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_pyzor_port" lineno="107511">
<summary>
Do not audit attempts to make a TCP connection to pyzor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pyzor_client_packets" lineno="107531">
<summary>
Send pyzor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pyzor_client_packets" lineno="107550">
<summary>
Do not audit attempts to send pyzor_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pyzor_client_packets" lineno="107569">
<summary>
Receive pyzor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pyzor_client_packets" lineno="107588">
<summary>
Do not audit attempts to receive pyzor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pyzor_client_packets" lineno="107607">
<summary>
Send and receive pyzor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pyzor_client_packets" lineno="107623">
<summary>
Do not audit attempts to send and receive pyzor_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pyzor_client_packets" lineno="107638">
<summary>
Relabel packets to pyzor_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pyzor_server_packets" lineno="107658">
<summary>
Send pyzor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pyzor_server_packets" lineno="107677">
<summary>
Do not audit attempts to send pyzor_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pyzor_server_packets" lineno="107696">
<summary>
Receive pyzor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pyzor_server_packets" lineno="107715">
<summary>
Do not audit attempts to receive pyzor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pyzor_server_packets" lineno="107734">
<summary>
Send and receive pyzor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pyzor_server_packets" lineno="107750">
<summary>
Do not audit attempts to send and receive pyzor_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pyzor_server_packets" lineno="107765">
<summary>
Relabel packets to pyzor_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_neutron_port" lineno="107787">
<summary>
Send and receive TCP traffic on the neutron port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_neutron_port" lineno="107806">
<summary>
Send UDP traffic on the neutron port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_neutron_port" lineno="107825">
<summary>
Do not audit attempts to send UDP traffic on the neutron port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_neutron_port" lineno="107844">
<summary>
Receive UDP traffic on the neutron port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_neutron_port" lineno="107863">
<summary>
Do not audit attempts to receive UDP traffic on the neutron port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_neutron_port" lineno="107882">
<summary>
Send and receive UDP traffic on the neutron port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_neutron_port" lineno="107899">
<summary>
Do not audit attempts to send and receive
UDP traffic on the neutron port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_neutron_port" lineno="107915">
<summary>
Bind TCP sockets to the neutron port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_neutron_port" lineno="107935">
<summary>
Bind UDP sockets to the neutron port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_neutron_port" lineno="107955">
<summary>
Do not audit attempts to sbind to neutron port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_neutron_port" lineno="107974">
<summary>
Make a TCP connection to the neutron port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_neutron_port" lineno="107991">
<summary>
Do not audit attempts to make a TCP connection to neutron port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_neutron_client_packets" lineno="108011">
<summary>
Send neutron_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_neutron_client_packets" lineno="108030">
<summary>
Do not audit attempts to send neutron_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_neutron_client_packets" lineno="108049">
<summary>
Receive neutron_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_neutron_client_packets" lineno="108068">
<summary>
Do not audit attempts to receive neutron_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_neutron_client_packets" lineno="108087">
<summary>
Send and receive neutron_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_neutron_client_packets" lineno="108103">
<summary>
Do not audit attempts to send and receive neutron_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_neutron_client_packets" lineno="108118">
<summary>
Relabel packets to neutron_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_neutron_server_packets" lineno="108138">
<summary>
Send neutron_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_neutron_server_packets" lineno="108157">
<summary>
Do not audit attempts to send neutron_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_neutron_server_packets" lineno="108176">
<summary>
Receive neutron_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_neutron_server_packets" lineno="108195">
<summary>
Do not audit attempts to receive neutron_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_neutron_server_packets" lineno="108214">
<summary>
Send and receive neutron_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_neutron_server_packets" lineno="108230">
<summary>
Do not audit attempts to send and receive neutron_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_neutron_server_packets" lineno="108245">
<summary>
Relabel packets to neutron_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_nsd_control_port" lineno="108267">
<summary>
Send and receive TCP traffic on the nsd_control port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_nsd_control_port" lineno="108286">
<summary>
Send UDP traffic on the nsd_control port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_nsd_control_port" lineno="108305">
<summary>
Do not audit attempts to send UDP traffic on the nsd_control port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_nsd_control_port" lineno="108324">
<summary>
Receive UDP traffic on the nsd_control port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_nsd_control_port" lineno="108343">
<summary>
Do not audit attempts to receive UDP traffic on the nsd_control port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_nsd_control_port" lineno="108362">
<summary>
Send and receive UDP traffic on the nsd_control port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_nsd_control_port" lineno="108379">
<summary>
Do not audit attempts to send and receive
UDP traffic on the nsd_control port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_nsd_control_port" lineno="108395">
<summary>
Bind TCP sockets to the nsd_control port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_nsd_control_port" lineno="108415">
<summary>
Bind UDP sockets to the nsd_control port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_nsd_control_port" lineno="108435">
<summary>
Do not audit attempts to sbind to nsd_control port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_nsd_control_port" lineno="108454">
<summary>
Make a TCP connection to the nsd_control port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_nsd_control_port" lineno="108471">
<summary>
Do not audit attempts to make a TCP connection to nsd_control port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_nsd_control_client_packets" lineno="108491">
<summary>
Send nsd_control_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_nsd_control_client_packets" lineno="108510">
<summary>
Do not audit attempts to send nsd_control_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_nsd_control_client_packets" lineno="108529">
<summary>
Receive nsd_control_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_nsd_control_client_packets" lineno="108548">
<summary>
Do not audit attempts to receive nsd_control_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_nsd_control_client_packets" lineno="108567">
<summary>
Send and receive nsd_control_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_nsd_control_client_packets" lineno="108583">
<summary>
Do not audit attempts to send and receive nsd_control_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_nsd_control_client_packets" lineno="108598">
<summary>
Relabel packets to nsd_control_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_nsd_control_server_packets" lineno="108618">
<summary>
Send nsd_control_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_nsd_control_server_packets" lineno="108637">
<summary>
Do not audit attempts to send nsd_control_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_nsd_control_server_packets" lineno="108656">
<summary>
Receive nsd_control_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_nsd_control_server_packets" lineno="108675">
<summary>
Do not audit attempts to receive nsd_control_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_nsd_control_server_packets" lineno="108694">
<summary>
Send and receive nsd_control_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_nsd_control_server_packets" lineno="108710">
<summary>
Do not audit attempts to send and receive nsd_control_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_nsd_control_server_packets" lineno="108725">
<summary>
Relabel packets to nsd_control_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_radacct_port" lineno="108747">
<summary>
Send and receive TCP traffic on the radacct port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_radacct_port" lineno="108766">
<summary>
Send UDP traffic on the radacct port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_radacct_port" lineno="108785">
<summary>
Do not audit attempts to send UDP traffic on the radacct port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_radacct_port" lineno="108804">
<summary>
Receive UDP traffic on the radacct port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_radacct_port" lineno="108823">
<summary>
Do not audit attempts to receive UDP traffic on the radacct port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_radacct_port" lineno="108842">
<summary>
Send and receive UDP traffic on the radacct port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_radacct_port" lineno="108859">
<summary>
Do not audit attempts to send and receive
UDP traffic on the radacct port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_radacct_port" lineno="108875">
<summary>
Bind TCP sockets to the radacct port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_radacct_port" lineno="108895">
<summary>
Bind UDP sockets to the radacct port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_radacct_port" lineno="108915">
<summary>
Do not audit attempts to sbind to radacct port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_radacct_port" lineno="108934">
<summary>
Make a TCP connection to the radacct port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_radacct_port" lineno="108951">
<summary>
Do not audit attempts to make a TCP connection to radacct port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_radacct_client_packets" lineno="108971">
<summary>
Send radacct_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_radacct_client_packets" lineno="108990">
<summary>
Do not audit attempts to send radacct_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_radacct_client_packets" lineno="109009">
<summary>
Receive radacct_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_radacct_client_packets" lineno="109028">
<summary>
Do not audit attempts to receive radacct_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_radacct_client_packets" lineno="109047">
<summary>
Send and receive radacct_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_radacct_client_packets" lineno="109063">
<summary>
Do not audit attempts to send and receive radacct_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_radacct_client_packets" lineno="109078">
<summary>
Relabel packets to radacct_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_radacct_server_packets" lineno="109098">
<summary>
Send radacct_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_radacct_server_packets" lineno="109117">
<summary>
Do not audit attempts to send radacct_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_radacct_server_packets" lineno="109136">
<summary>
Receive radacct_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_radacct_server_packets" lineno="109155">
<summary>
Do not audit attempts to receive radacct_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_radacct_server_packets" lineno="109174">
<summary>
Send and receive radacct_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_radacct_server_packets" lineno="109190">
<summary>
Do not audit attempts to send and receive radacct_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_radacct_server_packets" lineno="109205">
<summary>
Relabel packets to radacct_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_radius_port" lineno="109227">
<summary>
Send and receive TCP traffic on the radius port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_radius_port" lineno="109246">
<summary>
Send UDP traffic on the radius port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_radius_port" lineno="109265">
<summary>
Do not audit attempts to send UDP traffic on the radius port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_radius_port" lineno="109284">
<summary>
Receive UDP traffic on the radius port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_radius_port" lineno="109303">
<summary>
Do not audit attempts to receive UDP traffic on the radius port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_radius_port" lineno="109322">
<summary>
Send and receive UDP traffic on the radius port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_radius_port" lineno="109339">
<summary>
Do not audit attempts to send and receive
UDP traffic on the radius port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_radius_port" lineno="109355">
<summary>
Bind TCP sockets to the radius port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_radius_port" lineno="109375">
<summary>
Bind UDP sockets to the radius port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_radius_port" lineno="109395">
<summary>
Do not audit attempts to sbind to radius port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_radius_port" lineno="109414">
<summary>
Make a TCP connection to the radius port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_radius_port" lineno="109431">
<summary>
Do not audit attempts to make a TCP connection to radius port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_radius_client_packets" lineno="109451">
<summary>
Send radius_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_radius_client_packets" lineno="109470">
<summary>
Do not audit attempts to send radius_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_radius_client_packets" lineno="109489">
<summary>
Receive radius_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_radius_client_packets" lineno="109508">
<summary>
Do not audit attempts to receive radius_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_radius_client_packets" lineno="109527">
<summary>
Send and receive radius_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_radius_client_packets" lineno="109543">
<summary>
Do not audit attempts to send and receive radius_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_radius_client_packets" lineno="109558">
<summary>
Relabel packets to radius_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_radius_server_packets" lineno="109578">
<summary>
Send radius_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_radius_server_packets" lineno="109597">
<summary>
Do not audit attempts to send radius_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_radius_server_packets" lineno="109616">
<summary>
Receive radius_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_radius_server_packets" lineno="109635">
<summary>
Do not audit attempts to receive radius_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_radius_server_packets" lineno="109654">
<summary>
Send and receive radius_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_radius_server_packets" lineno="109670">
<summary>
Do not audit attempts to send and receive radius_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_radius_server_packets" lineno="109685">
<summary>
Relabel packets to radius_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_radsec_port" lineno="109707">
<summary>
Send and receive TCP traffic on the radsec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_radsec_port" lineno="109726">
<summary>
Send UDP traffic on the radsec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_radsec_port" lineno="109745">
<summary>
Do not audit attempts to send UDP traffic on the radsec port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_radsec_port" lineno="109764">
<summary>
Receive UDP traffic on the radsec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_radsec_port" lineno="109783">
<summary>
Do not audit attempts to receive UDP traffic on the radsec port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_radsec_port" lineno="109802">
<summary>
Send and receive UDP traffic on the radsec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_radsec_port" lineno="109819">
<summary>
Do not audit attempts to send and receive
UDP traffic on the radsec port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_radsec_port" lineno="109835">
<summary>
Bind TCP sockets to the radsec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_radsec_port" lineno="109855">
<summary>
Bind UDP sockets to the radsec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_radsec_port" lineno="109875">
<summary>
Do not audit attempts to sbind to radsec port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_radsec_port" lineno="109894">
<summary>
Make a TCP connection to the radsec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_radsec_port" lineno="109911">
<summary>
Do not audit attempts to make a TCP connection to radsec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_radsec_client_packets" lineno="109931">
<summary>
Send radsec_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_radsec_client_packets" lineno="109950">
<summary>
Do not audit attempts to send radsec_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_radsec_client_packets" lineno="109969">
<summary>
Receive radsec_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_radsec_client_packets" lineno="109988">
<summary>
Do not audit attempts to receive radsec_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_radsec_client_packets" lineno="110007">
<summary>
Send and receive radsec_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_radsec_client_packets" lineno="110023">
<summary>
Do not audit attempts to send and receive radsec_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_radsec_client_packets" lineno="110038">
<summary>
Relabel packets to radsec_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_radsec_server_packets" lineno="110058">
<summary>
Send radsec_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_radsec_server_packets" lineno="110077">
<summary>
Do not audit attempts to send radsec_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_radsec_server_packets" lineno="110096">
<summary>
Receive radsec_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_radsec_server_packets" lineno="110115">
<summary>
Do not audit attempts to receive radsec_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_radsec_server_packets" lineno="110134">
<summary>
Send and receive radsec_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_radsec_server_packets" lineno="110150">
<summary>
Do not audit attempts to send and receive radsec_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_radsec_server_packets" lineno="110165">
<summary>
Relabel packets to radsec_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_razor_port" lineno="110187">
<summary>
Send and receive TCP traffic on the razor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_razor_port" lineno="110206">
<summary>
Send UDP traffic on the razor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_razor_port" lineno="110225">
<summary>
Do not audit attempts to send UDP traffic on the razor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_razor_port" lineno="110244">
<summary>
Receive UDP traffic on the razor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_razor_port" lineno="110263">
<summary>
Do not audit attempts to receive UDP traffic on the razor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_razor_port" lineno="110282">
<summary>
Send and receive UDP traffic on the razor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_razor_port" lineno="110299">
<summary>
Do not audit attempts to send and receive
UDP traffic on the razor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_razor_port" lineno="110315">
<summary>
Bind TCP sockets to the razor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_razor_port" lineno="110335">
<summary>
Bind UDP sockets to the razor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_razor_port" lineno="110355">
<summary>
Do not audit attempts to sbind to razor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_razor_port" lineno="110374">
<summary>
Make a TCP connection to the razor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_razor_port" lineno="110391">
<summary>
Do not audit attempts to make a TCP connection to razor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_razor_client_packets" lineno="110411">
<summary>
Send razor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_razor_client_packets" lineno="110430">
<summary>
Do not audit attempts to send razor_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_razor_client_packets" lineno="110449">
<summary>
Receive razor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_razor_client_packets" lineno="110468">
<summary>
Do not audit attempts to receive razor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_razor_client_packets" lineno="110487">
<summary>
Send and receive razor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_razor_client_packets" lineno="110503">
<summary>
Do not audit attempts to send and receive razor_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_razor_client_packets" lineno="110518">
<summary>
Relabel packets to razor_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_razor_server_packets" lineno="110538">
<summary>
Send razor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_razor_server_packets" lineno="110557">
<summary>
Do not audit attempts to send razor_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_razor_server_packets" lineno="110576">
<summary>
Receive razor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_razor_server_packets" lineno="110595">
<summary>
Do not audit attempts to receive razor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_razor_server_packets" lineno="110614">
<summary>
Send and receive razor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_razor_server_packets" lineno="110630">
<summary>
Do not audit attempts to send and receive razor_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_razor_server_packets" lineno="110645">
<summary>
Relabel packets to razor_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_time_port" lineno="110667">
<summary>
Send and receive TCP traffic on the time port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_time_port" lineno="110686">
<summary>
Send UDP traffic on the time port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_time_port" lineno="110705">
<summary>
Do not audit attempts to send UDP traffic on the time port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_time_port" lineno="110724">
<summary>
Receive UDP traffic on the time port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_time_port" lineno="110743">
<summary>
Do not audit attempts to receive UDP traffic on the time port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_time_port" lineno="110762">
<summary>
Send and receive UDP traffic on the time port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_time_port" lineno="110779">
<summary>
Do not audit attempts to send and receive
UDP traffic on the time port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_time_port" lineno="110795">
<summary>
Bind TCP sockets to the time port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_time_port" lineno="110815">
<summary>
Bind UDP sockets to the time port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_time_port" lineno="110835">
<summary>
Do not audit attempts to sbind to time port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_time_port" lineno="110854">
<summary>
Make a TCP connection to the time port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_time_port" lineno="110871">
<summary>
Do not audit attempts to make a TCP connection to time port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_time_client_packets" lineno="110891">
<summary>
Send time_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_time_client_packets" lineno="110910">
<summary>
Do not audit attempts to send time_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_time_client_packets" lineno="110929">
<summary>
Receive time_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_time_client_packets" lineno="110948">
<summary>
Do not audit attempts to receive time_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_time_client_packets" lineno="110967">
<summary>
Send and receive time_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_time_client_packets" lineno="110983">
<summary>
Do not audit attempts to send and receive time_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_time_client_packets" lineno="110998">
<summary>
Relabel packets to time_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_time_server_packets" lineno="111018">
<summary>
Send time_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_time_server_packets" lineno="111037">
<summary>
Do not audit attempts to send time_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_time_server_packets" lineno="111056">
<summary>
Receive time_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_time_server_packets" lineno="111075">
<summary>
Do not audit attempts to receive time_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_time_server_packets" lineno="111094">
<summary>
Send and receive time_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_time_server_packets" lineno="111110">
<summary>
Do not audit attempts to send and receive time_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_time_server_packets" lineno="111125">
<summary>
Relabel packets to time_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_redis_port" lineno="111147">
<summary>
Send and receive TCP traffic on the redis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_redis_port" lineno="111166">
<summary>
Send UDP traffic on the redis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_redis_port" lineno="111185">
<summary>
Do not audit attempts to send UDP traffic on the redis port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_redis_port" lineno="111204">
<summary>
Receive UDP traffic on the redis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_redis_port" lineno="111223">
<summary>
Do not audit attempts to receive UDP traffic on the redis port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_redis_port" lineno="111242">
<summary>
Send and receive UDP traffic on the redis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_redis_port" lineno="111259">
<summary>
Do not audit attempts to send and receive
UDP traffic on the redis port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_redis_port" lineno="111275">
<summary>
Bind TCP sockets to the redis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_redis_port" lineno="111295">
<summary>
Bind UDP sockets to the redis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_redis_port" lineno="111315">
<summary>
Do not audit attempts to sbind to redis port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_redis_port" lineno="111334">
<summary>
Make a TCP connection to the redis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_redis_port" lineno="111351">
<summary>
Do not audit attempts to make a TCP connection to redis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_redis_client_packets" lineno="111371">
<summary>
Send redis_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_redis_client_packets" lineno="111390">
<summary>
Do not audit attempts to send redis_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_redis_client_packets" lineno="111409">
<summary>
Receive redis_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_redis_client_packets" lineno="111428">
<summary>
Do not audit attempts to receive redis_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_redis_client_packets" lineno="111447">
<summary>
Send and receive redis_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_redis_client_packets" lineno="111463">
<summary>
Do not audit attempts to send and receive redis_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_redis_client_packets" lineno="111478">
<summary>
Relabel packets to redis_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_redis_server_packets" lineno="111498">
<summary>
Send redis_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_redis_server_packets" lineno="111517">
<summary>
Do not audit attempts to send redis_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_redis_server_packets" lineno="111536">
<summary>
Receive redis_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_redis_server_packets" lineno="111555">
<summary>
Do not audit attempts to receive redis_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_redis_server_packets" lineno="111574">
<summary>
Send and receive redis_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_redis_server_packets" lineno="111590">
<summary>
Do not audit attempts to send and receive redis_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_redis_server_packets" lineno="111605">
<summary>
Relabel packets to redis_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_repository_port" lineno="111627">
<summary>
Send and receive TCP traffic on the repository port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_repository_port" lineno="111646">
<summary>
Send UDP traffic on the repository port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_repository_port" lineno="111665">
<summary>
Do not audit attempts to send UDP traffic on the repository port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_repository_port" lineno="111684">
<summary>
Receive UDP traffic on the repository port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_repository_port" lineno="111703">
<summary>
Do not audit attempts to receive UDP traffic on the repository port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_repository_port" lineno="111722">
<summary>
Send and receive UDP traffic on the repository port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_repository_port" lineno="111739">
<summary>
Do not audit attempts to send and receive
UDP traffic on the repository port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_repository_port" lineno="111755">
<summary>
Bind TCP sockets to the repository port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_repository_port" lineno="111775">
<summary>
Bind UDP sockets to the repository port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_repository_port" lineno="111795">
<summary>
Do not audit attempts to sbind to repository port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_repository_port" lineno="111814">
<summary>
Make a TCP connection to the repository port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_repository_port" lineno="111831">
<summary>
Do not audit attempts to make a TCP connection to repository port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_repository_client_packets" lineno="111851">
<summary>
Send repository_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_repository_client_packets" lineno="111870">
<summary>
Do not audit attempts to send repository_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_repository_client_packets" lineno="111889">
<summary>
Receive repository_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_repository_client_packets" lineno="111908">
<summary>
Do not audit attempts to receive repository_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_repository_client_packets" lineno="111927">
<summary>
Send and receive repository_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_repository_client_packets" lineno="111943">
<summary>
Do not audit attempts to send and receive repository_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_repository_client_packets" lineno="111958">
<summary>
Relabel packets to repository_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_repository_server_packets" lineno="111978">
<summary>
Send repository_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_repository_server_packets" lineno="111997">
<summary>
Do not audit attempts to send repository_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_repository_server_packets" lineno="112016">
<summary>
Receive repository_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_repository_server_packets" lineno="112035">
<summary>
Do not audit attempts to receive repository_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_repository_server_packets" lineno="112054">
<summary>
Send and receive repository_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_repository_server_packets" lineno="112070">
<summary>
Do not audit attempts to send and receive repository_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_repository_server_packets" lineno="112085">
<summary>
Relabel packets to repository_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ricci_port" lineno="112107">
<summary>
Send and receive TCP traffic on the ricci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ricci_port" lineno="112126">
<summary>
Send UDP traffic on the ricci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ricci_port" lineno="112145">
<summary>
Do not audit attempts to send UDP traffic on the ricci port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ricci_port" lineno="112164">
<summary>
Receive UDP traffic on the ricci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ricci_port" lineno="112183">
<summary>
Do not audit attempts to receive UDP traffic on the ricci port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ricci_port" lineno="112202">
<summary>
Send and receive UDP traffic on the ricci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ricci_port" lineno="112219">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ricci port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ricci_port" lineno="112235">
<summary>
Bind TCP sockets to the ricci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ricci_port" lineno="112255">
<summary>
Bind UDP sockets to the ricci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_ricci_port" lineno="112275">
<summary>
Do not audit attempts to sbind to ricci port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ricci_port" lineno="112294">
<summary>
Make a TCP connection to the ricci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_ricci_port" lineno="112311">
<summary>
Do not audit attempts to make a TCP connection to ricci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ricci_client_packets" lineno="112331">
<summary>
Send ricci_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ricci_client_packets" lineno="112350">
<summary>
Do not audit attempts to send ricci_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ricci_client_packets" lineno="112369">
<summary>
Receive ricci_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ricci_client_packets" lineno="112388">
<summary>
Do not audit attempts to receive ricci_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ricci_client_packets" lineno="112407">
<summary>
Send and receive ricci_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ricci_client_packets" lineno="112423">
<summary>
Do not audit attempts to send and receive ricci_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ricci_client_packets" lineno="112438">
<summary>
Relabel packets to ricci_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ricci_server_packets" lineno="112458">
<summary>
Send ricci_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ricci_server_packets" lineno="112477">
<summary>
Do not audit attempts to send ricci_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ricci_server_packets" lineno="112496">
<summary>
Receive ricci_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ricci_server_packets" lineno="112515">
<summary>
Do not audit attempts to receive ricci_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ricci_server_packets" lineno="112534">
<summary>
Send and receive ricci_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ricci_server_packets" lineno="112550">
<summary>
Do not audit attempts to send and receive ricci_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ricci_server_packets" lineno="112565">
<summary>
Relabel packets to ricci_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ricci_modcluster_port" lineno="112587">
<summary>
Send and receive TCP traffic on the ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ricci_modcluster_port" lineno="112606">
<summary>
Send UDP traffic on the ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ricci_modcluster_port" lineno="112625">
<summary>
Do not audit attempts to send UDP traffic on the ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ricci_modcluster_port" lineno="112644">
<summary>
Receive UDP traffic on the ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ricci_modcluster_port" lineno="112663">
<summary>
Do not audit attempts to receive UDP traffic on the ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ricci_modcluster_port" lineno="112682">
<summary>
Send and receive UDP traffic on the ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ricci_modcluster_port" lineno="112699">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ricci_modcluster_port" lineno="112715">
<summary>
Bind TCP sockets to the ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ricci_modcluster_port" lineno="112735">
<summary>
Bind UDP sockets to the ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_ricci_modcluster_port" lineno="112755">
<summary>
Do not audit attempts to sbind to ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ricci_modcluster_port" lineno="112774">
<summary>
Make a TCP connection to the ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_ricci_modcluster_port" lineno="112791">
<summary>
Do not audit attempts to make a TCP connection to ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ricci_modcluster_client_packets" lineno="112811">
<summary>
Send ricci_modcluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ricci_modcluster_client_packets" lineno="112830">
<summary>
Do not audit attempts to send ricci_modcluster_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ricci_modcluster_client_packets" lineno="112849">
<summary>
Receive ricci_modcluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ricci_modcluster_client_packets" lineno="112868">
<summary>
Do not audit attempts to receive ricci_modcluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ricci_modcluster_client_packets" lineno="112887">
<summary>
Send and receive ricci_modcluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ricci_modcluster_client_packets" lineno="112903">
<summary>
Do not audit attempts to send and receive ricci_modcluster_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ricci_modcluster_client_packets" lineno="112918">
<summary>
Relabel packets to ricci_modcluster_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ricci_modcluster_server_packets" lineno="112938">
<summary>
Send ricci_modcluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ricci_modcluster_server_packets" lineno="112957">
<summary>
Do not audit attempts to send ricci_modcluster_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ricci_modcluster_server_packets" lineno="112976">
<summary>
Receive ricci_modcluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ricci_modcluster_server_packets" lineno="112995">
<summary>
Do not audit attempts to receive ricci_modcluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ricci_modcluster_server_packets" lineno="113014">
<summary>
Send and receive ricci_modcluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ricci_modcluster_server_packets" lineno="113030">
<summary>
Do not audit attempts to send and receive ricci_modcluster_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ricci_modcluster_server_packets" lineno="113045">
<summary>
Relabel packets to ricci_modcluster_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_rlogind_port" lineno="113067">
<summary>
Send and receive TCP traffic on the rlogind port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_rlogind_port" lineno="113086">
<summary>
Send UDP traffic on the rlogind port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_rlogind_port" lineno="113105">
<summary>
Do not audit attempts to send UDP traffic on the rlogind port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_rlogind_port" lineno="113124">
<summary>
Receive UDP traffic on the rlogind port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_rlogind_port" lineno="113143">
<summary>
Do not audit attempts to receive UDP traffic on the rlogind port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_rlogind_port" lineno="113162">
<summary>
Send and receive UDP traffic on the rlogind port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_rlogind_port" lineno="113179">
<summary>
Do not audit attempts to send and receive
UDP traffic on the rlogind port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_rlogind_port" lineno="113195">
<summary>
Bind TCP sockets to the rlogind port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_rlogind_port" lineno="113215">
<summary>
Bind UDP sockets to the rlogind port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_rlogind_port" lineno="113235">
<summary>
Do not audit attempts to sbind to rlogind port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_rlogind_port" lineno="113254">
<summary>
Make a TCP connection to the rlogind port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_rlogind_port" lineno="113271">
<summary>
Do not audit attempts to make a TCP connection to rlogind port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rlogind_client_packets" lineno="113291">
<summary>
Send rlogind_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rlogind_client_packets" lineno="113310">
<summary>
Do not audit attempts to send rlogind_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rlogind_client_packets" lineno="113329">
<summary>
Receive rlogind_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rlogind_client_packets" lineno="113348">
<summary>
Do not audit attempts to receive rlogind_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rlogind_client_packets" lineno="113367">
<summary>
Send and receive rlogind_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rlogind_client_packets" lineno="113383">
<summary>
Do not audit attempts to send and receive rlogind_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rlogind_client_packets" lineno="113398">
<summary>
Relabel packets to rlogind_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rlogind_server_packets" lineno="113418">
<summary>
Send rlogind_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rlogind_server_packets" lineno="113437">
<summary>
Do not audit attempts to send rlogind_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rlogind_server_packets" lineno="113456">
<summary>
Receive rlogind_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rlogind_server_packets" lineno="113475">
<summary>
Do not audit attempts to receive rlogind_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rlogind_server_packets" lineno="113494">
<summary>
Send and receive rlogind_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rlogind_server_packets" lineno="113510">
<summary>
Do not audit attempts to send and receive rlogind_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rlogind_server_packets" lineno="113525">
<summary>
Relabel packets to rlogind_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_rndc_port" lineno="113547">
<summary>
Send and receive TCP traffic on the rndc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_rndc_port" lineno="113566">
<summary>
Send UDP traffic on the rndc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_rndc_port" lineno="113585">
<summary>
Do not audit attempts to send UDP traffic on the rndc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_rndc_port" lineno="113604">
<summary>
Receive UDP traffic on the rndc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_rndc_port" lineno="113623">
<summary>
Do not audit attempts to receive UDP traffic on the rndc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_rndc_port" lineno="113642">
<summary>
Send and receive UDP traffic on the rndc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_rndc_port" lineno="113659">
<summary>
Do not audit attempts to send and receive
UDP traffic on the rndc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_rndc_port" lineno="113675">
<summary>
Bind TCP sockets to the rndc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_rndc_port" lineno="113695">
<summary>
Bind UDP sockets to the rndc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_rndc_port" lineno="113715">
<summary>
Do not audit attempts to sbind to rndc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_rndc_port" lineno="113734">
<summary>
Make a TCP connection to the rndc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_rndc_port" lineno="113751">
<summary>
Do not audit attempts to make a TCP connection to rndc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rndc_client_packets" lineno="113771">
<summary>
Send rndc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rndc_client_packets" lineno="113790">
<summary>
Do not audit attempts to send rndc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rndc_client_packets" lineno="113809">
<summary>
Receive rndc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rndc_client_packets" lineno="113828">
<summary>
Do not audit attempts to receive rndc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rndc_client_packets" lineno="113847">
<summary>
Send and receive rndc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rndc_client_packets" lineno="113863">
<summary>
Do not audit attempts to send and receive rndc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rndc_client_packets" lineno="113878">
<summary>
Relabel packets to rndc_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rndc_server_packets" lineno="113898">
<summary>
Send rndc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rndc_server_packets" lineno="113917">
<summary>
Do not audit attempts to send rndc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rndc_server_packets" lineno="113936">
<summary>
Receive rndc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rndc_server_packets" lineno="113955">
<summary>
Do not audit attempts to receive rndc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rndc_server_packets" lineno="113974">
<summary>
Send and receive rndc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rndc_server_packets" lineno="113990">
<summary>
Do not audit attempts to send and receive rndc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rndc_server_packets" lineno="114005">
<summary>
Relabel packets to rndc_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_router_port" lineno="114027">
<summary>
Send and receive TCP traffic on the router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_router_port" lineno="114046">
<summary>
Send UDP traffic on the router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_router_port" lineno="114065">
<summary>
Do not audit attempts to send UDP traffic on the router port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_router_port" lineno="114084">
<summary>
Receive UDP traffic on the router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_router_port" lineno="114103">
<summary>
Do not audit attempts to receive UDP traffic on the router port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_router_port" lineno="114122">
<summary>
Send and receive UDP traffic on the router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_router_port" lineno="114139">
<summary>
Do not audit attempts to send and receive
UDP traffic on the router port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_router_port" lineno="114155">
<summary>
Bind TCP sockets to the router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_router_port" lineno="114175">
<summary>
Bind UDP sockets to the router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_router_port" lineno="114195">
<summary>
Do not audit attempts to sbind to router port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_router_port" lineno="114214">
<summary>
Make a TCP connection to the router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_router_port" lineno="114231">
<summary>
Do not audit attempts to make a TCP connection to router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_router_client_packets" lineno="114251">
<summary>
Send router_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_router_client_packets" lineno="114270">
<summary>
Do not audit attempts to send router_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_router_client_packets" lineno="114289">
<summary>
Receive router_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_router_client_packets" lineno="114308">
<summary>
Do not audit attempts to receive router_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_router_client_packets" lineno="114327">
<summary>
Send and receive router_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_router_client_packets" lineno="114343">
<summary>
Do not audit attempts to send and receive router_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_router_client_packets" lineno="114358">
<summary>
Relabel packets to router_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_router_server_packets" lineno="114378">
<summary>
Send router_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_router_server_packets" lineno="114397">
<summary>
Do not audit attempts to send router_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_router_server_packets" lineno="114416">
<summary>
Receive router_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_router_server_packets" lineno="114435">
<summary>
Do not audit attempts to receive router_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_router_server_packets" lineno="114454">
<summary>
Send and receive router_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_router_server_packets" lineno="114470">
<summary>
Do not audit attempts to send and receive router_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_router_server_packets" lineno="114485">
<summary>
Relabel packets to router_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_rsh_port" lineno="114507">
<summary>
Send and receive TCP traffic on the rsh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_rsh_port" lineno="114526">
<summary>
Send UDP traffic on the rsh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_rsh_port" lineno="114545">
<summary>
Do not audit attempts to send UDP traffic on the rsh port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_rsh_port" lineno="114564">
<summary>
Receive UDP traffic on the rsh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_rsh_port" lineno="114583">
<summary>
Do not audit attempts to receive UDP traffic on the rsh port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_rsh_port" lineno="114602">
<summary>
Send and receive UDP traffic on the rsh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_rsh_port" lineno="114619">
<summary>
Do not audit attempts to send and receive
UDP traffic on the rsh port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_rsh_port" lineno="114635">
<summary>
Bind TCP sockets to the rsh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_rsh_port" lineno="114655">
<summary>
Bind UDP sockets to the rsh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_rsh_port" lineno="114675">
<summary>
Do not audit attempts to sbind to rsh port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_rsh_port" lineno="114694">
<summary>
Make a TCP connection to the rsh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_rsh_port" lineno="114711">
<summary>
Do not audit attempts to make a TCP connection to rsh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rsh_client_packets" lineno="114731">
<summary>
Send rsh_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rsh_client_packets" lineno="114750">
<summary>
Do not audit attempts to send rsh_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rsh_client_packets" lineno="114769">
<summary>
Receive rsh_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rsh_client_packets" lineno="114788">
<summary>
Do not audit attempts to receive rsh_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rsh_client_packets" lineno="114807">
<summary>
Send and receive rsh_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rsh_client_packets" lineno="114823">
<summary>
Do not audit attempts to send and receive rsh_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rsh_client_packets" lineno="114838">
<summary>
Relabel packets to rsh_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rsh_server_packets" lineno="114858">
<summary>
Send rsh_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rsh_server_packets" lineno="114877">
<summary>
Do not audit attempts to send rsh_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rsh_server_packets" lineno="114896">
<summary>
Receive rsh_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rsh_server_packets" lineno="114915">
<summary>
Do not audit attempts to receive rsh_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rsh_server_packets" lineno="114934">
<summary>
Send and receive rsh_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rsh_server_packets" lineno="114950">
<summary>
Do not audit attempts to send and receive rsh_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rsh_server_packets" lineno="114965">
<summary>
Relabel packets to rsh_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_rsync_port" lineno="114987">
<summary>
Send and receive TCP traffic on the rsync port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_rsync_port" lineno="115006">
<summary>
Send UDP traffic on the rsync port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_rsync_port" lineno="115025">
<summary>
Do not audit attempts to send UDP traffic on the rsync port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_rsync_port" lineno="115044">
<summary>
Receive UDP traffic on the rsync port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_rsync_port" lineno="115063">
<summary>
Do not audit attempts to receive UDP traffic on the rsync port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_rsync_port" lineno="115082">
<summary>
Send and receive UDP traffic on the rsync port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_rsync_port" lineno="115099">
<summary>
Do not audit attempts to send and receive
UDP traffic on the rsync port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_rsync_port" lineno="115115">
<summary>
Bind TCP sockets to the rsync port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_rsync_port" lineno="115135">
<summary>
Bind UDP sockets to the rsync port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_rsync_port" lineno="115155">
<summary>
Do not audit attempts to sbind to rsync port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_rsync_port" lineno="115174">
<summary>
Make a TCP connection to the rsync port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_rsync_port" lineno="115191">
<summary>
Do not audit attempts to make a TCP connection to rsync port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rsync_client_packets" lineno="115211">
<summary>
Send rsync_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rsync_client_packets" lineno="115230">
<summary>
Do not audit attempts to send rsync_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rsync_client_packets" lineno="115249">
<summary>
Receive rsync_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rsync_client_packets" lineno="115268">
<summary>
Do not audit attempts to receive rsync_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rsync_client_packets" lineno="115287">
<summary>
Send and receive rsync_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rsync_client_packets" lineno="115303">
<summary>
Do not audit attempts to send and receive rsync_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rsync_client_packets" lineno="115318">
<summary>
Relabel packets to rsync_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rsync_server_packets" lineno="115338">
<summary>
Send rsync_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rsync_server_packets" lineno="115357">
<summary>
Do not audit attempts to send rsync_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rsync_server_packets" lineno="115376">
<summary>
Receive rsync_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rsync_server_packets" lineno="115395">
<summary>
Do not audit attempts to receive rsync_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rsync_server_packets" lineno="115414">
<summary>
Send and receive rsync_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rsync_server_packets" lineno="115430">
<summary>
Do not audit attempts to send and receive rsync_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rsync_server_packets" lineno="115445">
<summary>
Relabel packets to rsync_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_rtp_media_port" lineno="115467">
<summary>
Send and receive TCP traffic on the rtp_media port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_rtp_media_port" lineno="115486">
<summary>
Send UDP traffic on the rtp_media port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_rtp_media_port" lineno="115505">
<summary>
Do not audit attempts to send UDP traffic on the rtp_media port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_rtp_media_port" lineno="115524">
<summary>
Receive UDP traffic on the rtp_media port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_rtp_media_port" lineno="115543">
<summary>
Do not audit attempts to receive UDP traffic on the rtp_media port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_rtp_media_port" lineno="115562">
<summary>
Send and receive UDP traffic on the rtp_media port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_rtp_media_port" lineno="115579">
<summary>
Do not audit attempts to send and receive
UDP traffic on the rtp_media port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_rtp_media_port" lineno="115595">
<summary>
Bind TCP sockets to the rtp_media port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_rtp_media_port" lineno="115615">
<summary>
Bind UDP sockets to the rtp_media port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_rtp_media_port" lineno="115635">
<summary>
Do not audit attempts to sbind to rtp_media port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_rtp_media_port" lineno="115654">
<summary>
Make a TCP connection to the rtp_media port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_rtp_media_port" lineno="115671">
<summary>
Do not audit attempts to make a TCP connection to rtp_media port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rtp_media_client_packets" lineno="115691">
<summary>
Send rtp_media_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rtp_media_client_packets" lineno="115710">
<summary>
Do not audit attempts to send rtp_media_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rtp_media_client_packets" lineno="115729">
<summary>
Receive rtp_media_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rtp_media_client_packets" lineno="115748">
<summary>
Do not audit attempts to receive rtp_media_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rtp_media_client_packets" lineno="115767">
<summary>
Send and receive rtp_media_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rtp_media_client_packets" lineno="115783">
<summary>
Do not audit attempts to send and receive rtp_media_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rtp_media_client_packets" lineno="115798">
<summary>
Relabel packets to rtp_media_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rtp_media_server_packets" lineno="115818">
<summary>
Send rtp_media_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rtp_media_server_packets" lineno="115837">
<summary>
Do not audit attempts to send rtp_media_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rtp_media_server_packets" lineno="115856">
<summary>
Receive rtp_media_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rtp_media_server_packets" lineno="115875">
<summary>
Do not audit attempts to receive rtp_media_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rtp_media_server_packets" lineno="115894">
<summary>
Send and receive rtp_media_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rtp_media_server_packets" lineno="115910">
<summary>
Do not audit attempts to send and receive rtp_media_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rtp_media_server_packets" lineno="115925">
<summary>
Relabel packets to rtp_media_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_rtsp_port" lineno="115947">
<summary>
Send and receive TCP traffic on the rtsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_rtsp_port" lineno="115966">
<summary>
Send UDP traffic on the rtsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_rtsp_port" lineno="115985">
<summary>
Do not audit attempts to send UDP traffic on the rtsp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_rtsp_port" lineno="116004">
<summary>
Receive UDP traffic on the rtsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_rtsp_port" lineno="116023">
<summary>
Do not audit attempts to receive UDP traffic on the rtsp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_rtsp_port" lineno="116042">
<summary>
Send and receive UDP traffic on the rtsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_rtsp_port" lineno="116059">
<summary>
Do not audit attempts to send and receive
UDP traffic on the rtsp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_rtsp_port" lineno="116075">
<summary>
Bind TCP sockets to the rtsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_rtsp_port" lineno="116095">
<summary>
Bind UDP sockets to the rtsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_rtsp_port" lineno="116115">
<summary>
Do not audit attempts to sbind to rtsp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_rtsp_port" lineno="116134">
<summary>
Make a TCP connection to the rtsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_rtsp_port" lineno="116151">
<summary>
Do not audit attempts to make a TCP connection to rtsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rtsp_client_packets" lineno="116171">
<summary>
Send rtsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rtsp_client_packets" lineno="116190">
<summary>
Do not audit attempts to send rtsp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rtsp_client_packets" lineno="116209">
<summary>
Receive rtsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rtsp_client_packets" lineno="116228">
<summary>
Do not audit attempts to receive rtsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rtsp_client_packets" lineno="116247">
<summary>
Send and receive rtsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rtsp_client_packets" lineno="116263">
<summary>
Do not audit attempts to send and receive rtsp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rtsp_client_packets" lineno="116278">
<summary>
Relabel packets to rtsp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rtsp_server_packets" lineno="116298">
<summary>
Send rtsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rtsp_server_packets" lineno="116317">
<summary>
Do not audit attempts to send rtsp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rtsp_server_packets" lineno="116336">
<summary>
Receive rtsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rtsp_server_packets" lineno="116355">
<summary>
Do not audit attempts to receive rtsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rtsp_server_packets" lineno="116374">
<summary>
Send and receive rtsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rtsp_server_packets" lineno="116390">
<summary>
Do not audit attempts to send and receive rtsp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rtsp_server_packets" lineno="116405">
<summary>
Relabel packets to rtsp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_rwho_port" lineno="116427">
<summary>
Send and receive TCP traffic on the rwho port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_rwho_port" lineno="116446">
<summary>
Send UDP traffic on the rwho port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_rwho_port" lineno="116465">
<summary>
Do not audit attempts to send UDP traffic on the rwho port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_rwho_port" lineno="116484">
<summary>
Receive UDP traffic on the rwho port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_rwho_port" lineno="116503">
<summary>
Do not audit attempts to receive UDP traffic on the rwho port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_rwho_port" lineno="116522">
<summary>
Send and receive UDP traffic on the rwho port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_rwho_port" lineno="116539">
<summary>
Do not audit attempts to send and receive
UDP traffic on the rwho port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_rwho_port" lineno="116555">
<summary>
Bind TCP sockets to the rwho port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_rwho_port" lineno="116575">
<summary>
Bind UDP sockets to the rwho port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_rwho_port" lineno="116595">
<summary>
Do not audit attempts to sbind to rwho port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_rwho_port" lineno="116614">
<summary>
Make a TCP connection to the rwho port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_rwho_port" lineno="116631">
<summary>
Do not audit attempts to make a TCP connection to rwho port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rwho_client_packets" lineno="116651">
<summary>
Send rwho_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rwho_client_packets" lineno="116670">
<summary>
Do not audit attempts to send rwho_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rwho_client_packets" lineno="116689">
<summary>
Receive rwho_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rwho_client_packets" lineno="116708">
<summary>
Do not audit attempts to receive rwho_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rwho_client_packets" lineno="116727">
<summary>
Send and receive rwho_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rwho_client_packets" lineno="116743">
<summary>
Do not audit attempts to send and receive rwho_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rwho_client_packets" lineno="116758">
<summary>
Relabel packets to rwho_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rwho_server_packets" lineno="116778">
<summary>
Send rwho_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rwho_server_packets" lineno="116797">
<summary>
Do not audit attempts to send rwho_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rwho_server_packets" lineno="116816">
<summary>
Receive rwho_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rwho_server_packets" lineno="116835">
<summary>
Do not audit attempts to receive rwho_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rwho_server_packets" lineno="116854">
<summary>
Send and receive rwho_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rwho_server_packets" lineno="116870">
<summary>
Do not audit attempts to send and receive rwho_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rwho_server_packets" lineno="116885">
<summary>
Relabel packets to rwho_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_salt_port" lineno="116907">
<summary>
Send and receive TCP traffic on the salt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_salt_port" lineno="116926">
<summary>
Send UDP traffic on the salt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_salt_port" lineno="116945">
<summary>
Do not audit attempts to send UDP traffic on the salt port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_salt_port" lineno="116964">
<summary>
Receive UDP traffic on the salt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_salt_port" lineno="116983">
<summary>
Do not audit attempts to receive UDP traffic on the salt port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_salt_port" lineno="117002">
<summary>
Send and receive UDP traffic on the salt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_salt_port" lineno="117019">
<summary>
Do not audit attempts to send and receive
UDP traffic on the salt port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_salt_port" lineno="117035">
<summary>
Bind TCP sockets to the salt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_salt_port" lineno="117055">
<summary>
Bind UDP sockets to the salt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_salt_port" lineno="117075">
<summary>
Do not audit attempts to sbind to salt port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_salt_port" lineno="117094">
<summary>
Make a TCP connection to the salt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_salt_port" lineno="117111">
<summary>
Do not audit attempts to make a TCP connection to salt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_salt_client_packets" lineno="117131">
<summary>
Send salt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_salt_client_packets" lineno="117150">
<summary>
Do not audit attempts to send salt_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_salt_client_packets" lineno="117169">
<summary>
Receive salt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_salt_client_packets" lineno="117188">
<summary>
Do not audit attempts to receive salt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_salt_client_packets" lineno="117207">
<summary>
Send and receive salt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_salt_client_packets" lineno="117223">
<summary>
Do not audit attempts to send and receive salt_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_salt_client_packets" lineno="117238">
<summary>
Relabel packets to salt_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_salt_server_packets" lineno="117258">
<summary>
Send salt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_salt_server_packets" lineno="117277">
<summary>
Do not audit attempts to send salt_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_salt_server_packets" lineno="117296">
<summary>
Receive salt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_salt_server_packets" lineno="117315">
<summary>
Do not audit attempts to receive salt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_salt_server_packets" lineno="117334">
<summary>
Send and receive salt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_salt_server_packets" lineno="117350">
<summary>
Do not audit attempts to send and receive salt_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_salt_server_packets" lineno="117365">
<summary>
Relabel packets to salt_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_sap_port" lineno="117387">
<summary>
Send and receive TCP traffic on the sap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_sap_port" lineno="117406">
<summary>
Send UDP traffic on the sap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_sap_port" lineno="117425">
<summary>
Do not audit attempts to send UDP traffic on the sap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_sap_port" lineno="117444">
<summary>
Receive UDP traffic on the sap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_sap_port" lineno="117463">
<summary>
Do not audit attempts to receive UDP traffic on the sap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_sap_port" lineno="117482">
<summary>
Send and receive UDP traffic on the sap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_sap_port" lineno="117499">
<summary>
Do not audit attempts to send and receive
UDP traffic on the sap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_sap_port" lineno="117515">
<summary>
Bind TCP sockets to the sap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_sap_port" lineno="117535">
<summary>
Bind UDP sockets to the sap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_sap_port" lineno="117555">
<summary>
Do not audit attempts to sbind to sap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_sap_port" lineno="117574">
<summary>
Make a TCP connection to the sap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_sap_port" lineno="117591">
<summary>
Do not audit attempts to make a TCP connection to sap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sap_client_packets" lineno="117611">
<summary>
Send sap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sap_client_packets" lineno="117630">
<summary>
Do not audit attempts to send sap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sap_client_packets" lineno="117649">
<summary>
Receive sap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sap_client_packets" lineno="117668">
<summary>
Do not audit attempts to receive sap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sap_client_packets" lineno="117687">
<summary>
Send and receive sap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sap_client_packets" lineno="117703">
<summary>
Do not audit attempts to send and receive sap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sap_client_packets" lineno="117718">
<summary>
Relabel packets to sap_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sap_server_packets" lineno="117738">
<summary>
Send sap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sap_server_packets" lineno="117757">
<summary>
Do not audit attempts to send sap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sap_server_packets" lineno="117776">
<summary>
Receive sap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sap_server_packets" lineno="117795">
<summary>
Do not audit attempts to receive sap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sap_server_packets" lineno="117814">
<summary>
Send and receive sap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sap_server_packets" lineno="117830">
<summary>
Do not audit attempts to send and receive sap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sap_server_packets" lineno="117845">
<summary>
Relabel packets to sap_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_saphostctrl_port" lineno="117867">
<summary>
Send and receive TCP traffic on the saphostctrl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_saphostctrl_port" lineno="117886">
<summary>
Send UDP traffic on the saphostctrl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_saphostctrl_port" lineno="117905">
<summary>
Do not audit attempts to send UDP traffic on the saphostctrl port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_saphostctrl_port" lineno="117924">
<summary>
Receive UDP traffic on the saphostctrl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_saphostctrl_port" lineno="117943">
<summary>
Do not audit attempts to receive UDP traffic on the saphostctrl port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_saphostctrl_port" lineno="117962">
<summary>
Send and receive UDP traffic on the saphostctrl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_saphostctrl_port" lineno="117979">
<summary>
Do not audit attempts to send and receive
UDP traffic on the saphostctrl port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_saphostctrl_port" lineno="117995">
<summary>
Bind TCP sockets to the saphostctrl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_saphostctrl_port" lineno="118015">
<summary>
Bind UDP sockets to the saphostctrl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_saphostctrl_port" lineno="118035">
<summary>
Do not audit attempts to sbind to saphostctrl port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_saphostctrl_port" lineno="118054">
<summary>
Make a TCP connection to the saphostctrl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_saphostctrl_port" lineno="118071">
<summary>
Do not audit attempts to make a TCP connection to saphostctrl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_saphostctrl_client_packets" lineno="118091">
<summary>
Send saphostctrl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_saphostctrl_client_packets" lineno="118110">
<summary>
Do not audit attempts to send saphostctrl_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_saphostctrl_client_packets" lineno="118129">
<summary>
Receive saphostctrl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_saphostctrl_client_packets" lineno="118148">
<summary>
Do not audit attempts to receive saphostctrl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_saphostctrl_client_packets" lineno="118167">
<summary>
Send and receive saphostctrl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_saphostctrl_client_packets" lineno="118183">
<summary>
Do not audit attempts to send and receive saphostctrl_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_saphostctrl_client_packets" lineno="118198">
<summary>
Relabel packets to saphostctrl_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_saphostctrl_server_packets" lineno="118218">
<summary>
Send saphostctrl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_saphostctrl_server_packets" lineno="118237">
<summary>
Do not audit attempts to send saphostctrl_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_saphostctrl_server_packets" lineno="118256">
<summary>
Receive saphostctrl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_saphostctrl_server_packets" lineno="118275">
<summary>
Do not audit attempts to receive saphostctrl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_saphostctrl_server_packets" lineno="118294">
<summary>
Send and receive saphostctrl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_saphostctrl_server_packets" lineno="118310">
<summary>
Do not audit attempts to send and receive saphostctrl_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_saphostctrl_server_packets" lineno="118325">
<summary>
Relabel packets to saphostctrl_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_servistaitsm_port" lineno="118347">
<summary>
Send and receive TCP traffic on the servistaitsm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_servistaitsm_port" lineno="118366">
<summary>
Send UDP traffic on the servistaitsm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_servistaitsm_port" lineno="118385">
<summary>
Do not audit attempts to send UDP traffic on the servistaitsm port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_servistaitsm_port" lineno="118404">
<summary>
Receive UDP traffic on the servistaitsm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_servistaitsm_port" lineno="118423">
<summary>
Do not audit attempts to receive UDP traffic on the servistaitsm port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_servistaitsm_port" lineno="118442">
<summary>
Send and receive UDP traffic on the servistaitsm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_servistaitsm_port" lineno="118459">
<summary>
Do not audit attempts to send and receive
UDP traffic on the servistaitsm port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_servistaitsm_port" lineno="118475">
<summary>
Bind TCP sockets to the servistaitsm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_servistaitsm_port" lineno="118495">
<summary>
Bind UDP sockets to the servistaitsm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_servistaitsm_port" lineno="118515">
<summary>
Do not audit attempts to sbind to servistaitsm port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_servistaitsm_port" lineno="118534">
<summary>
Make a TCP connection to the servistaitsm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_servistaitsm_port" lineno="118551">
<summary>
Do not audit attempts to make a TCP connection to servistaitsm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_servistaitsm_client_packets" lineno="118571">
<summary>
Send servistaitsm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_servistaitsm_client_packets" lineno="118590">
<summary>
Do not audit attempts to send servistaitsm_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_servistaitsm_client_packets" lineno="118609">
<summary>
Receive servistaitsm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_servistaitsm_client_packets" lineno="118628">
<summary>
Do not audit attempts to receive servistaitsm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_servistaitsm_client_packets" lineno="118647">
<summary>
Send and receive servistaitsm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_servistaitsm_client_packets" lineno="118663">
<summary>
Do not audit attempts to send and receive servistaitsm_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_servistaitsm_client_packets" lineno="118678">
<summary>
Relabel packets to servistaitsm_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_servistaitsm_server_packets" lineno="118698">
<summary>
Send servistaitsm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_servistaitsm_server_packets" lineno="118717">
<summary>
Do not audit attempts to send servistaitsm_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_servistaitsm_server_packets" lineno="118736">
<summary>
Receive servistaitsm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_servistaitsm_server_packets" lineno="118755">
<summary>
Do not audit attempts to receive servistaitsm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_servistaitsm_server_packets" lineno="118774">
<summary>
Send and receive servistaitsm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_servistaitsm_server_packets" lineno="118790">
<summary>
Do not audit attempts to send and receive servistaitsm_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_servistaitsm_server_packets" lineno="118805">
<summary>
Relabel packets to servistaitsm_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_sge_port" lineno="118827">
<summary>
Send and receive TCP traffic on the sge port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_sge_port" lineno="118846">
<summary>
Send UDP traffic on the sge port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_sge_port" lineno="118865">
<summary>
Do not audit attempts to send UDP traffic on the sge port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_sge_port" lineno="118884">
<summary>
Receive UDP traffic on the sge port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_sge_port" lineno="118903">
<summary>
Do not audit attempts to receive UDP traffic on the sge port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_sge_port" lineno="118922">
<summary>
Send and receive UDP traffic on the sge port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_sge_port" lineno="118939">
<summary>
Do not audit attempts to send and receive
UDP traffic on the sge port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_sge_port" lineno="118955">
<summary>
Bind TCP sockets to the sge port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_sge_port" lineno="118975">
<summary>
Bind UDP sockets to the sge port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_sge_port" lineno="118995">
<summary>
Do not audit attempts to sbind to sge port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_sge_port" lineno="119014">
<summary>
Make a TCP connection to the sge port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_sge_port" lineno="119031">
<summary>
Do not audit attempts to make a TCP connection to sge port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sge_client_packets" lineno="119051">
<summary>
Send sge_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sge_client_packets" lineno="119070">
<summary>
Do not audit attempts to send sge_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sge_client_packets" lineno="119089">
<summary>
Receive sge_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sge_client_packets" lineno="119108">
<summary>
Do not audit attempts to receive sge_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sge_client_packets" lineno="119127">
<summary>
Send and receive sge_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sge_client_packets" lineno="119143">
<summary>
Do not audit attempts to send and receive sge_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sge_client_packets" lineno="119158">
<summary>
Relabel packets to sge_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sge_server_packets" lineno="119178">
<summary>
Send sge_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sge_server_packets" lineno="119197">
<summary>
Do not audit attempts to send sge_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sge_server_packets" lineno="119216">
<summary>
Receive sge_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sge_server_packets" lineno="119235">
<summary>
Do not audit attempts to receive sge_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sge_server_packets" lineno="119254">
<summary>
Send and receive sge_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sge_server_packets" lineno="119270">
<summary>
Do not audit attempts to send and receive sge_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sge_server_packets" lineno="119285">
<summary>
Relabel packets to sge_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_shellinaboxd_port" lineno="119307">
<summary>
Send and receive TCP traffic on the shellinaboxd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_shellinaboxd_port" lineno="119326">
<summary>
Send UDP traffic on the shellinaboxd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_shellinaboxd_port" lineno="119345">
<summary>
Do not audit attempts to send UDP traffic on the shellinaboxd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_shellinaboxd_port" lineno="119364">
<summary>
Receive UDP traffic on the shellinaboxd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_shellinaboxd_port" lineno="119383">
<summary>
Do not audit attempts to receive UDP traffic on the shellinaboxd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_shellinaboxd_port" lineno="119402">
<summary>
Send and receive UDP traffic on the shellinaboxd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_shellinaboxd_port" lineno="119419">
<summary>
Do not audit attempts to send and receive
UDP traffic on the shellinaboxd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_shellinaboxd_port" lineno="119435">
<summary>
Bind TCP sockets to the shellinaboxd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_shellinaboxd_port" lineno="119455">
<summary>
Bind UDP sockets to the shellinaboxd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_shellinaboxd_port" lineno="119475">
<summary>
Do not audit attempts to sbind to shellinaboxd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_shellinaboxd_port" lineno="119494">
<summary>
Make a TCP connection to the shellinaboxd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_shellinaboxd_port" lineno="119511">
<summary>
Do not audit attempts to make a TCP connection to shellinaboxd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_shellinaboxd_client_packets" lineno="119531">
<summary>
Send shellinaboxd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_shellinaboxd_client_packets" lineno="119550">
<summary>
Do not audit attempts to send shellinaboxd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_shellinaboxd_client_packets" lineno="119569">
<summary>
Receive shellinaboxd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_shellinaboxd_client_packets" lineno="119588">
<summary>
Do not audit attempts to receive shellinaboxd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_shellinaboxd_client_packets" lineno="119607">
<summary>
Send and receive shellinaboxd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_shellinaboxd_client_packets" lineno="119623">
<summary>
Do not audit attempts to send and receive shellinaboxd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_shellinaboxd_client_packets" lineno="119638">
<summary>
Relabel packets to shellinaboxd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_shellinaboxd_server_packets" lineno="119658">
<summary>
Send shellinaboxd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_shellinaboxd_server_packets" lineno="119677">
<summary>
Do not audit attempts to send shellinaboxd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_shellinaboxd_server_packets" lineno="119696">
<summary>
Receive shellinaboxd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_shellinaboxd_server_packets" lineno="119715">
<summary>
Do not audit attempts to receive shellinaboxd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_shellinaboxd_server_packets" lineno="119734">
<summary>
Send and receive shellinaboxd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_shellinaboxd_server_packets" lineno="119750">
<summary>
Do not audit attempts to send and receive shellinaboxd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_shellinaboxd_server_packets" lineno="119765">
<summary>
Relabel packets to shellinaboxd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_sieve_port" lineno="119787">
<summary>
Send and receive TCP traffic on the sieve port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_sieve_port" lineno="119806">
<summary>
Send UDP traffic on the sieve port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_sieve_port" lineno="119825">
<summary>
Do not audit attempts to send UDP traffic on the sieve port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_sieve_port" lineno="119844">
<summary>
Receive UDP traffic on the sieve port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_sieve_port" lineno="119863">
<summary>
Do not audit attempts to receive UDP traffic on the sieve port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_sieve_port" lineno="119882">
<summary>
Send and receive UDP traffic on the sieve port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_sieve_port" lineno="119899">
<summary>
Do not audit attempts to send and receive
UDP traffic on the sieve port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_sieve_port" lineno="119915">
<summary>
Bind TCP sockets to the sieve port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_sieve_port" lineno="119935">
<summary>
Bind UDP sockets to the sieve port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_sieve_port" lineno="119955">
<summary>
Do not audit attempts to sbind to sieve port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_sieve_port" lineno="119974">
<summary>
Make a TCP connection to the sieve port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_sieve_port" lineno="119991">
<summary>
Do not audit attempts to make a TCP connection to sieve port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sieve_client_packets" lineno="120011">
<summary>
Send sieve_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sieve_client_packets" lineno="120030">
<summary>
Do not audit attempts to send sieve_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sieve_client_packets" lineno="120049">
<summary>
Receive sieve_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sieve_client_packets" lineno="120068">
<summary>
Do not audit attempts to receive sieve_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sieve_client_packets" lineno="120087">
<summary>
Send and receive sieve_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sieve_client_packets" lineno="120103">
<summary>
Do not audit attempts to send and receive sieve_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sieve_client_packets" lineno="120118">
<summary>
Relabel packets to sieve_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sieve_server_packets" lineno="120138">
<summary>
Send sieve_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sieve_server_packets" lineno="120157">
<summary>
Do not audit attempts to send sieve_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sieve_server_packets" lineno="120176">
<summary>
Receive sieve_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sieve_server_packets" lineno="120195">
<summary>
Do not audit attempts to receive sieve_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sieve_server_packets" lineno="120214">
<summary>
Send and receive sieve_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sieve_server_packets" lineno="120230">
<summary>
Do not audit attempts to send and receive sieve_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sieve_server_packets" lineno="120245">
<summary>
Relabel packets to sieve_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_sip_port" lineno="120267">
<summary>
Send and receive TCP traffic on the sip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_sip_port" lineno="120286">
<summary>
Send UDP traffic on the sip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_sip_port" lineno="120305">
<summary>
Do not audit attempts to send UDP traffic on the sip port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_sip_port" lineno="120324">
<summary>
Receive UDP traffic on the sip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_sip_port" lineno="120343">
<summary>
Do not audit attempts to receive UDP traffic on the sip port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_sip_port" lineno="120362">
<summary>
Send and receive UDP traffic on the sip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_sip_port" lineno="120379">
<summary>
Do not audit attempts to send and receive
UDP traffic on the sip port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_sip_port" lineno="120395">
<summary>
Bind TCP sockets to the sip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_sip_port" lineno="120415">
<summary>
Bind UDP sockets to the sip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_sip_port" lineno="120435">
<summary>
Do not audit attempts to sbind to sip port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_sip_port" lineno="120454">
<summary>
Make a TCP connection to the sip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_sip_port" lineno="120471">
<summary>
Do not audit attempts to make a TCP connection to sip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sip_client_packets" lineno="120491">
<summary>
Send sip_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sip_client_packets" lineno="120510">
<summary>
Do not audit attempts to send sip_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sip_client_packets" lineno="120529">
<summary>
Receive sip_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sip_client_packets" lineno="120548">
<summary>
Do not audit attempts to receive sip_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sip_client_packets" lineno="120567">
<summary>
Send and receive sip_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sip_client_packets" lineno="120583">
<summary>
Do not audit attempts to send and receive sip_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sip_client_packets" lineno="120598">
<summary>
Relabel packets to sip_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sip_server_packets" lineno="120618">
<summary>
Send sip_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sip_server_packets" lineno="120637">
<summary>
Do not audit attempts to send sip_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sip_server_packets" lineno="120656">
<summary>
Receive sip_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sip_server_packets" lineno="120675">
<summary>
Do not audit attempts to receive sip_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sip_server_packets" lineno="120694">
<summary>
Send and receive sip_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sip_server_packets" lineno="120710">
<summary>
Do not audit attempts to send and receive sip_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sip_server_packets" lineno="120725">
<summary>
Relabel packets to sip_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_sixxsconfig_port" lineno="120747">
<summary>
Send and receive TCP traffic on the sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_sixxsconfig_port" lineno="120766">
<summary>
Send UDP traffic on the sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_sixxsconfig_port" lineno="120785">
<summary>
Do not audit attempts to send UDP traffic on the sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_sixxsconfig_port" lineno="120804">
<summary>
Receive UDP traffic on the sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_sixxsconfig_port" lineno="120823">
<summary>
Do not audit attempts to receive UDP traffic on the sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_sixxsconfig_port" lineno="120842">
<summary>
Send and receive UDP traffic on the sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_sixxsconfig_port" lineno="120859">
<summary>
Do not audit attempts to send and receive
UDP traffic on the sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_sixxsconfig_port" lineno="120875">
<summary>
Bind TCP sockets to the sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_sixxsconfig_port" lineno="120895">
<summary>
Bind UDP sockets to the sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_sixxsconfig_port" lineno="120915">
<summary>
Do not audit attempts to sbind to sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_sixxsconfig_port" lineno="120934">
<summary>
Make a TCP connection to the sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_sixxsconfig_port" lineno="120951">
<summary>
Do not audit attempts to make a TCP connection to sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sixxsconfig_client_packets" lineno="120971">
<summary>
Send sixxsconfig_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sixxsconfig_client_packets" lineno="120990">
<summary>
Do not audit attempts to send sixxsconfig_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sixxsconfig_client_packets" lineno="121009">
<summary>
Receive sixxsconfig_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sixxsconfig_client_packets" lineno="121028">
<summary>
Do not audit attempts to receive sixxsconfig_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sixxsconfig_client_packets" lineno="121047">
<summary>
Send and receive sixxsconfig_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sixxsconfig_client_packets" lineno="121063">
<summary>
Do not audit attempts to send and receive sixxsconfig_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sixxsconfig_client_packets" lineno="121078">
<summary>
Relabel packets to sixxsconfig_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sixxsconfig_server_packets" lineno="121098">
<summary>
Send sixxsconfig_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sixxsconfig_server_packets" lineno="121117">
<summary>
Do not audit attempts to send sixxsconfig_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sixxsconfig_server_packets" lineno="121136">
<summary>
Receive sixxsconfig_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sixxsconfig_server_packets" lineno="121155">
<summary>
Do not audit attempts to receive sixxsconfig_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sixxsconfig_server_packets" lineno="121174">
<summary>
Send and receive sixxsconfig_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sixxsconfig_server_packets" lineno="121190">
<summary>
Do not audit attempts to send and receive sixxsconfig_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sixxsconfig_server_packets" lineno="121205">
<summary>
Relabel packets to sixxsconfig_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_smbd_port" lineno="121227">
<summary>
Send and receive TCP traffic on the smbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_smbd_port" lineno="121246">
<summary>
Send UDP traffic on the smbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_smbd_port" lineno="121265">
<summary>
Do not audit attempts to send UDP traffic on the smbd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_smbd_port" lineno="121284">
<summary>
Receive UDP traffic on the smbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_smbd_port" lineno="121303">
<summary>
Do not audit attempts to receive UDP traffic on the smbd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_smbd_port" lineno="121322">
<summary>
Send and receive UDP traffic on the smbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_smbd_port" lineno="121339">
<summary>
Do not audit attempts to send and receive
UDP traffic on the smbd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_smbd_port" lineno="121355">
<summary>
Bind TCP sockets to the smbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_smbd_port" lineno="121375">
<summary>
Bind UDP sockets to the smbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_smbd_port" lineno="121395">
<summary>
Do not audit attempts to sbind to smbd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_smbd_port" lineno="121414">
<summary>
Make a TCP connection to the smbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_smbd_port" lineno="121431">
<summary>
Do not audit attempts to make a TCP connection to smbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_smbd_client_packets" lineno="121451">
<summary>
Send smbd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_smbd_client_packets" lineno="121470">
<summary>
Do not audit attempts to send smbd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_smbd_client_packets" lineno="121489">
<summary>
Receive smbd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_smbd_client_packets" lineno="121508">
<summary>
Do not audit attempts to receive smbd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_smbd_client_packets" lineno="121527">
<summary>
Send and receive smbd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_smbd_client_packets" lineno="121543">
<summary>
Do not audit attempts to send and receive smbd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_smbd_client_packets" lineno="121558">
<summary>
Relabel packets to smbd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_smbd_server_packets" lineno="121578">
<summary>
Send smbd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_smbd_server_packets" lineno="121597">
<summary>
Do not audit attempts to send smbd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_smbd_server_packets" lineno="121616">
<summary>
Receive smbd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_smbd_server_packets" lineno="121635">
<summary>
Do not audit attempts to receive smbd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_smbd_server_packets" lineno="121654">
<summary>
Send and receive smbd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_smbd_server_packets" lineno="121670">
<summary>
Do not audit attempts to send and receive smbd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_smbd_server_packets" lineno="121685">
<summary>
Relabel packets to smbd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_smtp_port" lineno="121707">
<summary>
Send and receive TCP traffic on the smtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_smtp_port" lineno="121726">
<summary>
Send UDP traffic on the smtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_smtp_port" lineno="121745">
<summary>
Do not audit attempts to send UDP traffic on the smtp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_smtp_port" lineno="121764">
<summary>
Receive UDP traffic on the smtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_smtp_port" lineno="121783">
<summary>
Do not audit attempts to receive UDP traffic on the smtp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_smtp_port" lineno="121802">
<summary>
Send and receive UDP traffic on the smtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_smtp_port" lineno="121819">
<summary>
Do not audit attempts to send and receive
UDP traffic on the smtp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_smtp_port" lineno="121835">
<summary>
Bind TCP sockets to the smtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_smtp_port" lineno="121855">
<summary>
Bind UDP sockets to the smtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_smtp_port" lineno="121875">
<summary>
Do not audit attempts to sbind to smtp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_smtp_port" lineno="121894">
<summary>
Make a TCP connection to the smtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_smtp_port" lineno="121911">
<summary>
Do not audit attempts to make a TCP connection to smtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_smtp_client_packets" lineno="121931">
<summary>
Send smtp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_smtp_client_packets" lineno="121950">
<summary>
Do not audit attempts to send smtp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_smtp_client_packets" lineno="121969">
<summary>
Receive smtp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_smtp_client_packets" lineno="121988">
<summary>
Do not audit attempts to receive smtp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_smtp_client_packets" lineno="122007">
<summary>
Send and receive smtp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_smtp_client_packets" lineno="122023">
<summary>
Do not audit attempts to send and receive smtp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_smtp_client_packets" lineno="122038">
<summary>
Relabel packets to smtp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_smtp_server_packets" lineno="122058">
<summary>
Send smtp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_smtp_server_packets" lineno="122077">
<summary>
Do not audit attempts to send smtp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_smtp_server_packets" lineno="122096">
<summary>
Receive smtp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_smtp_server_packets" lineno="122115">
<summary>
Do not audit attempts to receive smtp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_smtp_server_packets" lineno="122134">
<summary>
Send and receive smtp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_smtp_server_packets" lineno="122150">
<summary>
Do not audit attempts to send and receive smtp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_smtp_server_packets" lineno="122165">
<summary>
Relabel packets to smtp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_snmp_port" lineno="122187">
<summary>
Send and receive TCP traffic on the snmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_snmp_port" lineno="122206">
<summary>
Send UDP traffic on the snmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_snmp_port" lineno="122225">
<summary>
Do not audit attempts to send UDP traffic on the snmp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_snmp_port" lineno="122244">
<summary>
Receive UDP traffic on the snmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_snmp_port" lineno="122263">
<summary>
Do not audit attempts to receive UDP traffic on the snmp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_snmp_port" lineno="122282">
<summary>
Send and receive UDP traffic on the snmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_snmp_port" lineno="122299">
<summary>
Do not audit attempts to send and receive
UDP traffic on the snmp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_snmp_port" lineno="122315">
<summary>
Bind TCP sockets to the snmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_snmp_port" lineno="122335">
<summary>
Bind UDP sockets to the snmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_snmp_port" lineno="122355">
<summary>
Do not audit attempts to sbind to snmp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_snmp_port" lineno="122374">
<summary>
Make a TCP connection to the snmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_snmp_port" lineno="122391">
<summary>
Do not audit attempts to make a TCP connection to snmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_snmp_client_packets" lineno="122411">
<summary>
Send snmp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_snmp_client_packets" lineno="122430">
<summary>
Do not audit attempts to send snmp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_snmp_client_packets" lineno="122449">
<summary>
Receive snmp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_snmp_client_packets" lineno="122468">
<summary>
Do not audit attempts to receive snmp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_snmp_client_packets" lineno="122487">
<summary>
Send and receive snmp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_snmp_client_packets" lineno="122503">
<summary>
Do not audit attempts to send and receive snmp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_snmp_client_packets" lineno="122518">
<summary>
Relabel packets to snmp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_snmp_server_packets" lineno="122538">
<summary>
Send snmp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_snmp_server_packets" lineno="122557">
<summary>
Do not audit attempts to send snmp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_snmp_server_packets" lineno="122576">
<summary>
Receive snmp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_snmp_server_packets" lineno="122595">
<summary>
Do not audit attempts to receive snmp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_snmp_server_packets" lineno="122614">
<summary>
Send and receive snmp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_snmp_server_packets" lineno="122630">
<summary>
Do not audit attempts to send and receive snmp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_snmp_server_packets" lineno="122645">
<summary>
Relabel packets to snmp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_smntubootstrap_port" lineno="122667">
<summary>
Send and receive TCP traffic on the smntubootstrap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_smntubootstrap_port" lineno="122686">
<summary>
Send UDP traffic on the smntubootstrap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_smntubootstrap_port" lineno="122705">
<summary>
Do not audit attempts to send UDP traffic on the smntubootstrap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_smntubootstrap_port" lineno="122724">
<summary>
Receive UDP traffic on the smntubootstrap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_smntubootstrap_port" lineno="122743">
<summary>
Do not audit attempts to receive UDP traffic on the smntubootstrap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_smntubootstrap_port" lineno="122762">
<summary>
Send and receive UDP traffic on the smntubootstrap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_smntubootstrap_port" lineno="122779">
<summary>
Do not audit attempts to send and receive
UDP traffic on the smntubootstrap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_smntubootstrap_port" lineno="122795">
<summary>
Bind TCP sockets to the smntubootstrap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_smntubootstrap_port" lineno="122815">
<summary>
Bind UDP sockets to the smntubootstrap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_smntubootstrap_port" lineno="122835">
<summary>
Do not audit attempts to sbind to smntubootstrap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_smntubootstrap_port" lineno="122854">
<summary>
Make a TCP connection to the smntubootstrap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_smntubootstrap_port" lineno="122871">
<summary>
Do not audit attempts to make a TCP connection to smntubootstrap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_smntubootstrap_client_packets" lineno="122891">
<summary>
Send smntubootstrap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_smntubootstrap_client_packets" lineno="122910">
<summary>
Do not audit attempts to send smntubootstrap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_smntubootstrap_client_packets" lineno="122929">
<summary>
Receive smntubootstrap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_smntubootstrap_client_packets" lineno="122948">
<summary>
Do not audit attempts to receive smntubootstrap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_smntubootstrap_client_packets" lineno="122967">
<summary>
Send and receive smntubootstrap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_smntubootstrap_client_packets" lineno="122983">
<summary>
Do not audit attempts to send and receive smntubootstrap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_smntubootstrap_client_packets" lineno="122998">
<summary>
Relabel packets to smntubootstrap_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_smntubootstrap_server_packets" lineno="123018">
<summary>
Send smntubootstrap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_smntubootstrap_server_packets" lineno="123037">
<summary>
Do not audit attempts to send smntubootstrap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_smntubootstrap_server_packets" lineno="123056">
<summary>
Receive smntubootstrap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_smntubootstrap_server_packets" lineno="123075">
<summary>
Do not audit attempts to receive smntubootstrap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_smntubootstrap_server_packets" lineno="123094">
<summary>
Send and receive smntubootstrap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_smntubootstrap_server_packets" lineno="123110">
<summary>
Do not audit attempts to send and receive smntubootstrap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_smntubootstrap_server_packets" lineno="123125">
<summary>
Relabel packets to smntubootstrap_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_socks_port" lineno="123147">
<summary>
Send and receive TCP traffic on the socks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_socks_port" lineno="123166">
<summary>
Send UDP traffic on the socks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_socks_port" lineno="123185">
<summary>
Do not audit attempts to send UDP traffic on the socks port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_socks_port" lineno="123204">
<summary>
Receive UDP traffic on the socks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_socks_port" lineno="123223">
<summary>
Do not audit attempts to receive UDP traffic on the socks port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_socks_port" lineno="123242">
<summary>
Send and receive UDP traffic on the socks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_socks_port" lineno="123259">
<summary>
Do not audit attempts to send and receive
UDP traffic on the socks port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_socks_port" lineno="123275">
<summary>
Bind TCP sockets to the socks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_socks_port" lineno="123295">
<summary>
Bind UDP sockets to the socks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_socks_port" lineno="123315">
<summary>
Do not audit attempts to sbind to socks port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_socks_port" lineno="123334">
<summary>
Make a TCP connection to the socks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_socks_port" lineno="123351">
<summary>
Do not audit attempts to make a TCP connection to socks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_socks_client_packets" lineno="123371">
<summary>
Send socks_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_socks_client_packets" lineno="123390">
<summary>
Do not audit attempts to send socks_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_socks_client_packets" lineno="123409">
<summary>
Receive socks_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_socks_client_packets" lineno="123428">
<summary>
Do not audit attempts to receive socks_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_socks_client_packets" lineno="123447">
<summary>
Send and receive socks_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_socks_client_packets" lineno="123463">
<summary>
Do not audit attempts to send and receive socks_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_socks_client_packets" lineno="123478">
<summary>
Relabel packets to socks_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_socks_server_packets" lineno="123498">
<summary>
Send socks_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_socks_server_packets" lineno="123517">
<summary>
Do not audit attempts to send socks_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_socks_server_packets" lineno="123536">
<summary>
Receive socks_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_socks_server_packets" lineno="123555">
<summary>
Do not audit attempts to receive socks_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_socks_server_packets" lineno="123574">
<summary>
Send and receive socks_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_socks_server_packets" lineno="123590">
<summary>
Do not audit attempts to send and receive socks_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_socks_server_packets" lineno="123605">
<summary>
Relabel packets to socks_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_soundd_port" lineno="123627">
<summary>
Send and receive TCP traffic on the soundd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_soundd_port" lineno="123646">
<summary>
Send UDP traffic on the soundd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_soundd_port" lineno="123665">
<summary>
Do not audit attempts to send UDP traffic on the soundd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_soundd_port" lineno="123684">
<summary>
Receive UDP traffic on the soundd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_soundd_port" lineno="123703">
<summary>
Do not audit attempts to receive UDP traffic on the soundd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_soundd_port" lineno="123722">
<summary>
Send and receive UDP traffic on the soundd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_soundd_port" lineno="123739">
<summary>
Do not audit attempts to send and receive
UDP traffic on the soundd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_soundd_port" lineno="123755">
<summary>
Bind TCP sockets to the soundd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_soundd_port" lineno="123775">
<summary>
Bind UDP sockets to the soundd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_soundd_port" lineno="123795">
<summary>
Do not audit attempts to sbind to soundd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_soundd_port" lineno="123814">
<summary>
Make a TCP connection to the soundd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_soundd_port" lineno="123831">
<summary>
Do not audit attempts to make a TCP connection to soundd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_soundd_client_packets" lineno="123851">
<summary>
Send soundd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_soundd_client_packets" lineno="123870">
<summary>
Do not audit attempts to send soundd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_soundd_client_packets" lineno="123889">
<summary>
Receive soundd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_soundd_client_packets" lineno="123908">
<summary>
Do not audit attempts to receive soundd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_soundd_client_packets" lineno="123927">
<summary>
Send and receive soundd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_soundd_client_packets" lineno="123943">
<summary>
Do not audit attempts to send and receive soundd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_soundd_client_packets" lineno="123958">
<summary>
Relabel packets to soundd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_soundd_server_packets" lineno="123978">
<summary>
Send soundd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_soundd_server_packets" lineno="123997">
<summary>
Do not audit attempts to send soundd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_soundd_server_packets" lineno="124016">
<summary>
Receive soundd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_soundd_server_packets" lineno="124035">
<summary>
Do not audit attempts to receive soundd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_soundd_server_packets" lineno="124054">
<summary>
Send and receive soundd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_soundd_server_packets" lineno="124070">
<summary>
Do not audit attempts to send and receive soundd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_soundd_server_packets" lineno="124085">
<summary>
Relabel packets to soundd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_spamd_port" lineno="124107">
<summary>
Send and receive TCP traffic on the spamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_spamd_port" lineno="124126">
<summary>
Send UDP traffic on the spamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_spamd_port" lineno="124145">
<summary>
Do not audit attempts to send UDP traffic on the spamd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_spamd_port" lineno="124164">
<summary>
Receive UDP traffic on the spamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_spamd_port" lineno="124183">
<summary>
Do not audit attempts to receive UDP traffic on the spamd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_spamd_port" lineno="124202">
<summary>
Send and receive UDP traffic on the spamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_spamd_port" lineno="124219">
<summary>
Do not audit attempts to send and receive
UDP traffic on the spamd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_spamd_port" lineno="124235">
<summary>
Bind TCP sockets to the spamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_spamd_port" lineno="124255">
<summary>
Bind UDP sockets to the spamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_spamd_port" lineno="124275">
<summary>
Do not audit attempts to sbind to spamd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_spamd_port" lineno="124294">
<summary>
Make a TCP connection to the spamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_spamd_port" lineno="124311">
<summary>
Do not audit attempts to make a TCP connection to spamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_spamd_client_packets" lineno="124331">
<summary>
Send spamd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_spamd_client_packets" lineno="124350">
<summary>
Do not audit attempts to send spamd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_spamd_client_packets" lineno="124369">
<summary>
Receive spamd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_spamd_client_packets" lineno="124388">
<summary>
Do not audit attempts to receive spamd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_spamd_client_packets" lineno="124407">
<summary>
Send and receive spamd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_spamd_client_packets" lineno="124423">
<summary>
Do not audit attempts to send and receive spamd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_spamd_client_packets" lineno="124438">
<summary>
Relabel packets to spamd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_spamd_server_packets" lineno="124458">
<summary>
Send spamd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_spamd_server_packets" lineno="124477">
<summary>
Do not audit attempts to send spamd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_spamd_server_packets" lineno="124496">
<summary>
Receive spamd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_spamd_server_packets" lineno="124515">
<summary>
Do not audit attempts to receive spamd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_spamd_server_packets" lineno="124534">
<summary>
Send and receive spamd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_spamd_server_packets" lineno="124550">
<summary>
Do not audit attempts to send and receive spamd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_spamd_server_packets" lineno="124565">
<summary>
Relabel packets to spamd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_speech_port" lineno="124587">
<summary>
Send and receive TCP traffic on the speech port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_speech_port" lineno="124606">
<summary>
Send UDP traffic on the speech port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_speech_port" lineno="124625">
<summary>
Do not audit attempts to send UDP traffic on the speech port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_speech_port" lineno="124644">
<summary>
Receive UDP traffic on the speech port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_speech_port" lineno="124663">
<summary>
Do not audit attempts to receive UDP traffic on the speech port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_speech_port" lineno="124682">
<summary>
Send and receive UDP traffic on the speech port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_speech_port" lineno="124699">
<summary>
Do not audit attempts to send and receive
UDP traffic on the speech port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_speech_port" lineno="124715">
<summary>
Bind TCP sockets to the speech port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_speech_port" lineno="124735">
<summary>
Bind UDP sockets to the speech port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_speech_port" lineno="124755">
<summary>
Do not audit attempts to sbind to speech port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_speech_port" lineno="124774">
<summary>
Make a TCP connection to the speech port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_speech_port" lineno="124791">
<summary>
Do not audit attempts to make a TCP connection to speech port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_speech_client_packets" lineno="124811">
<summary>
Send speech_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_speech_client_packets" lineno="124830">
<summary>
Do not audit attempts to send speech_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_speech_client_packets" lineno="124849">
<summary>
Receive speech_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_speech_client_packets" lineno="124868">
<summary>
Do not audit attempts to receive speech_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_speech_client_packets" lineno="124887">
<summary>
Send and receive speech_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_speech_client_packets" lineno="124903">
<summary>
Do not audit attempts to send and receive speech_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_speech_client_packets" lineno="124918">
<summary>
Relabel packets to speech_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_speech_server_packets" lineno="124938">
<summary>
Send speech_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_speech_server_packets" lineno="124957">
<summary>
Do not audit attempts to send speech_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_speech_server_packets" lineno="124976">
<summary>
Receive speech_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_speech_server_packets" lineno="124995">
<summary>
Do not audit attempts to receive speech_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_speech_server_packets" lineno="125014">
<summary>
Send and receive speech_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_speech_server_packets" lineno="125030">
<summary>
Do not audit attempts to send and receive speech_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_speech_server_packets" lineno="125045">
<summary>
Relabel packets to speech_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_squid_port" lineno="125067">
<summary>
Send and receive TCP traffic on the squid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_squid_port" lineno="125086">
<summary>
Send UDP traffic on the squid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_squid_port" lineno="125105">
<summary>
Do not audit attempts to send UDP traffic on the squid port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_squid_port" lineno="125124">
<summary>
Receive UDP traffic on the squid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_squid_port" lineno="125143">
<summary>
Do not audit attempts to receive UDP traffic on the squid port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_squid_port" lineno="125162">
<summary>
Send and receive UDP traffic on the squid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_squid_port" lineno="125179">
<summary>
Do not audit attempts to send and receive
UDP traffic on the squid port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_squid_port" lineno="125195">
<summary>
Bind TCP sockets to the squid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_squid_port" lineno="125215">
<summary>
Bind UDP sockets to the squid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_squid_port" lineno="125235">
<summary>
Do not audit attempts to sbind to squid port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_squid_port" lineno="125254">
<summary>
Make a TCP connection to the squid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_squid_port" lineno="125271">
<summary>
Do not audit attempts to make a TCP connection to squid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_squid_client_packets" lineno="125291">
<summary>
Send squid_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_squid_client_packets" lineno="125310">
<summary>
Do not audit attempts to send squid_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_squid_client_packets" lineno="125329">
<summary>
Receive squid_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_squid_client_packets" lineno="125348">
<summary>
Do not audit attempts to receive squid_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_squid_client_packets" lineno="125367">
<summary>
Send and receive squid_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_squid_client_packets" lineno="125383">
<summary>
Do not audit attempts to send and receive squid_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_squid_client_packets" lineno="125398">
<summary>
Relabel packets to squid_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_squid_server_packets" lineno="125418">
<summary>
Send squid_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_squid_server_packets" lineno="125437">
<summary>
Do not audit attempts to send squid_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_squid_server_packets" lineno="125456">
<summary>
Receive squid_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_squid_server_packets" lineno="125475">
<summary>
Do not audit attempts to receive squid_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_squid_server_packets" lineno="125494">
<summary>
Send and receive squid_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_squid_server_packets" lineno="125510">
<summary>
Do not audit attempts to send and receive squid_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_squid_server_packets" lineno="125525">
<summary>
Relabel packets to squid_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ssdp_port" lineno="125547">
<summary>
Send and receive TCP traffic on the ssdp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ssdp_port" lineno="125566">
<summary>
Send UDP traffic on the ssdp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ssdp_port" lineno="125585">
<summary>
Do not audit attempts to send UDP traffic on the ssdp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ssdp_port" lineno="125604">
<summary>
Receive UDP traffic on the ssdp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ssdp_port" lineno="125623">
<summary>
Do not audit attempts to receive UDP traffic on the ssdp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ssdp_port" lineno="125642">
<summary>
Send and receive UDP traffic on the ssdp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ssdp_port" lineno="125659">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ssdp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ssdp_port" lineno="125675">
<summary>
Bind TCP sockets to the ssdp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ssdp_port" lineno="125695">
<summary>
Bind UDP sockets to the ssdp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_ssdp_port" lineno="125715">
<summary>
Do not audit attempts to sbind to ssdp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ssdp_port" lineno="125734">
<summary>
Make a TCP connection to the ssdp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_ssdp_port" lineno="125751">
<summary>
Do not audit attempts to make a TCP connection to ssdp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ssdp_client_packets" lineno="125771">
<summary>
Send ssdp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ssdp_client_packets" lineno="125790">
<summary>
Do not audit attempts to send ssdp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ssdp_client_packets" lineno="125809">
<summary>
Receive ssdp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ssdp_client_packets" lineno="125828">
<summary>
Do not audit attempts to receive ssdp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ssdp_client_packets" lineno="125847">
<summary>
Send and receive ssdp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ssdp_client_packets" lineno="125863">
<summary>
Do not audit attempts to send and receive ssdp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ssdp_client_packets" lineno="125878">
<summary>
Relabel packets to ssdp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ssdp_server_packets" lineno="125898">
<summary>
Send ssdp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ssdp_server_packets" lineno="125917">
<summary>
Do not audit attempts to send ssdp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ssdp_server_packets" lineno="125936">
<summary>
Receive ssdp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ssdp_server_packets" lineno="125955">
<summary>
Do not audit attempts to receive ssdp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ssdp_server_packets" lineno="125974">
<summary>
Send and receive ssdp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ssdp_server_packets" lineno="125990">
<summary>
Do not audit attempts to send and receive ssdp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ssdp_server_packets" lineno="126005">
<summary>
Relabel packets to ssdp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ssh_port" lineno="126027">
<summary>
Send and receive TCP traffic on the ssh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ssh_port" lineno="126046">
<summary>
Send UDP traffic on the ssh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ssh_port" lineno="126065">
<summary>
Do not audit attempts to send UDP traffic on the ssh port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ssh_port" lineno="126084">
<summary>
Receive UDP traffic on the ssh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ssh_port" lineno="126103">
<summary>
Do not audit attempts to receive UDP traffic on the ssh port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ssh_port" lineno="126122">
<summary>
Send and receive UDP traffic on the ssh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ssh_port" lineno="126139">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ssh port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ssh_port" lineno="126155">
<summary>
Bind TCP sockets to the ssh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ssh_port" lineno="126175">
<summary>
Bind UDP sockets to the ssh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_ssh_port" lineno="126195">
<summary>
Do not audit attempts to sbind to ssh port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ssh_port" lineno="126214">
<summary>
Make a TCP connection to the ssh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_ssh_port" lineno="126231">
<summary>
Do not audit attempts to make a TCP connection to ssh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ssh_client_packets" lineno="126251">
<summary>
Send ssh_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ssh_client_packets" lineno="126270">
<summary>
Do not audit attempts to send ssh_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ssh_client_packets" lineno="126289">
<summary>
Receive ssh_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ssh_client_packets" lineno="126308">
<summary>
Do not audit attempts to receive ssh_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ssh_client_packets" lineno="126327">
<summary>
Send and receive ssh_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ssh_client_packets" lineno="126343">
<summary>
Do not audit attempts to send and receive ssh_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ssh_client_packets" lineno="126358">
<summary>
Relabel packets to ssh_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ssh_server_packets" lineno="126378">
<summary>
Send ssh_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ssh_server_packets" lineno="126397">
<summary>
Do not audit attempts to send ssh_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ssh_server_packets" lineno="126416">
<summary>
Receive ssh_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ssh_server_packets" lineno="126435">
<summary>
Do not audit attempts to receive ssh_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ssh_server_packets" lineno="126454">
<summary>
Send and receive ssh_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ssh_server_packets" lineno="126470">
<summary>
Do not audit attempts to send and receive ssh_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ssh_server_packets" lineno="126485">
<summary>
Relabel packets to ssh_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_stunnel_port" lineno="126507">
<summary>
Send and receive TCP traffic on the stunnel port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_stunnel_port" lineno="126526">
<summary>
Send UDP traffic on the stunnel port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_stunnel_port" lineno="126545">
<summary>
Do not audit attempts to send UDP traffic on the stunnel port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_stunnel_port" lineno="126564">
<summary>
Receive UDP traffic on the stunnel port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_stunnel_port" lineno="126583">
<summary>
Do not audit attempts to receive UDP traffic on the stunnel port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_stunnel_port" lineno="126602">
<summary>
Send and receive UDP traffic on the stunnel port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_stunnel_port" lineno="126619">
<summary>
Do not audit attempts to send and receive
UDP traffic on the stunnel port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_stunnel_port" lineno="126635">
<summary>
Bind TCP sockets to the stunnel port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_stunnel_port" lineno="126655">
<summary>
Bind UDP sockets to the stunnel port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_stunnel_port" lineno="126675">
<summary>
Do not audit attempts to sbind to stunnel port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_stunnel_port" lineno="126694">
<summary>
Make a TCP connection to the stunnel port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_stunnel_port" lineno="126711">
<summary>
Do not audit attempts to make a TCP connection to stunnel port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_stunnel_client_packets" lineno="126731">
<summary>
Send stunnel_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_stunnel_client_packets" lineno="126750">
<summary>
Do not audit attempts to send stunnel_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_stunnel_client_packets" lineno="126769">
<summary>
Receive stunnel_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_stunnel_client_packets" lineno="126788">
<summary>
Do not audit attempts to receive stunnel_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_stunnel_client_packets" lineno="126807">
<summary>
Send and receive stunnel_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_stunnel_client_packets" lineno="126823">
<summary>
Do not audit attempts to send and receive stunnel_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_stunnel_client_packets" lineno="126838">
<summary>
Relabel packets to stunnel_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_stunnel_server_packets" lineno="126858">
<summary>
Send stunnel_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_stunnel_server_packets" lineno="126877">
<summary>
Do not audit attempts to send stunnel_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_stunnel_server_packets" lineno="126896">
<summary>
Receive stunnel_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_stunnel_server_packets" lineno="126915">
<summary>
Do not audit attempts to receive stunnel_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_stunnel_server_packets" lineno="126934">
<summary>
Send and receive stunnel_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_stunnel_server_packets" lineno="126950">
<summary>
Do not audit attempts to send and receive stunnel_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_stunnel_server_packets" lineno="126965">
<summary>
Relabel packets to stunnel_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_svn_port" lineno="126987">
<summary>
Send and receive TCP traffic on the svn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_svn_port" lineno="127006">
<summary>
Send UDP traffic on the svn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_svn_port" lineno="127025">
<summary>
Do not audit attempts to send UDP traffic on the svn port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_svn_port" lineno="127044">
<summary>
Receive UDP traffic on the svn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_svn_port" lineno="127063">
<summary>
Do not audit attempts to receive UDP traffic on the svn port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_svn_port" lineno="127082">
<summary>
Send and receive UDP traffic on the svn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_svn_port" lineno="127099">
<summary>
Do not audit attempts to send and receive
UDP traffic on the svn port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_svn_port" lineno="127115">
<summary>
Bind TCP sockets to the svn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_svn_port" lineno="127135">
<summary>
Bind UDP sockets to the svn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_svn_port" lineno="127155">
<summary>
Do not audit attempts to sbind to svn port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_svn_port" lineno="127174">
<summary>
Make a TCP connection to the svn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_svn_port" lineno="127191">
<summary>
Do not audit attempts to make a TCP connection to svn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_svn_client_packets" lineno="127211">
<summary>
Send svn_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_svn_client_packets" lineno="127230">
<summary>
Do not audit attempts to send svn_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_svn_client_packets" lineno="127249">
<summary>
Receive svn_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_svn_client_packets" lineno="127268">
<summary>
Do not audit attempts to receive svn_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_svn_client_packets" lineno="127287">
<summary>
Send and receive svn_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_svn_client_packets" lineno="127303">
<summary>
Do not audit attempts to send and receive svn_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_svn_client_packets" lineno="127318">
<summary>
Relabel packets to svn_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_svn_server_packets" lineno="127338">
<summary>
Send svn_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_svn_server_packets" lineno="127357">
<summary>
Do not audit attempts to send svn_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_svn_server_packets" lineno="127376">
<summary>
Receive svn_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_svn_server_packets" lineno="127395">
<summary>
Do not audit attempts to receive svn_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_svn_server_packets" lineno="127414">
<summary>
Send and receive svn_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_svn_server_packets" lineno="127430">
<summary>
Do not audit attempts to send and receive svn_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_svn_server_packets" lineno="127445">
<summary>
Relabel packets to svn_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_svrloc_port" lineno="127467">
<summary>
Send and receive TCP traffic on the svrloc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_svrloc_port" lineno="127486">
<summary>
Send UDP traffic on the svrloc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_svrloc_port" lineno="127505">
<summary>
Do not audit attempts to send UDP traffic on the svrloc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_svrloc_port" lineno="127524">
<summary>
Receive UDP traffic on the svrloc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_svrloc_port" lineno="127543">
<summary>
Do not audit attempts to receive UDP traffic on the svrloc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_svrloc_port" lineno="127562">
<summary>
Send and receive UDP traffic on the svrloc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_svrloc_port" lineno="127579">
<summary>
Do not audit attempts to send and receive
UDP traffic on the svrloc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_svrloc_port" lineno="127595">
<summary>
Bind TCP sockets to the svrloc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_svrloc_port" lineno="127615">
<summary>
Bind UDP sockets to the svrloc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_svrloc_port" lineno="127635">
<summary>
Do not audit attempts to sbind to svrloc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_svrloc_port" lineno="127654">
<summary>
Make a TCP connection to the svrloc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_svrloc_port" lineno="127671">
<summary>
Do not audit attempts to make a TCP connection to svrloc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_svrloc_client_packets" lineno="127691">
<summary>
Send svrloc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_svrloc_client_packets" lineno="127710">
<summary>
Do not audit attempts to send svrloc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_svrloc_client_packets" lineno="127729">
<summary>
Receive svrloc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_svrloc_client_packets" lineno="127748">
<summary>
Do not audit attempts to receive svrloc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_svrloc_client_packets" lineno="127767">
<summary>
Send and receive svrloc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_svrloc_client_packets" lineno="127783">
<summary>
Do not audit attempts to send and receive svrloc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_svrloc_client_packets" lineno="127798">
<summary>
Relabel packets to svrloc_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_svrloc_server_packets" lineno="127818">
<summary>
Send svrloc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_svrloc_server_packets" lineno="127837">
<summary>
Do not audit attempts to send svrloc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_svrloc_server_packets" lineno="127856">
<summary>
Receive svrloc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_svrloc_server_packets" lineno="127875">
<summary>
Do not audit attempts to receive svrloc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_svrloc_server_packets" lineno="127894">
<summary>
Send and receive svrloc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_svrloc_server_packets" lineno="127910">
<summary>
Do not audit attempts to send and receive svrloc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_svrloc_server_packets" lineno="127925">
<summary>
Relabel packets to svrloc_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_swat_port" lineno="127947">
<summary>
Send and receive TCP traffic on the swat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_swat_port" lineno="127966">
<summary>
Send UDP traffic on the swat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_swat_port" lineno="127985">
<summary>
Do not audit attempts to send UDP traffic on the swat port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_swat_port" lineno="128004">
<summary>
Receive UDP traffic on the swat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_swat_port" lineno="128023">
<summary>
Do not audit attempts to receive UDP traffic on the swat port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_swat_port" lineno="128042">
<summary>
Send and receive UDP traffic on the swat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_swat_port" lineno="128059">
<summary>
Do not audit attempts to send and receive
UDP traffic on the swat port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_swat_port" lineno="128075">
<summary>
Bind TCP sockets to the swat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_swat_port" lineno="128095">
<summary>
Bind UDP sockets to the swat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_swat_port" lineno="128115">
<summary>
Do not audit attempts to sbind to swat port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_swat_port" lineno="128134">
<summary>
Make a TCP connection to the swat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_swat_port" lineno="128151">
<summary>
Do not audit attempts to make a TCP connection to swat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_swat_client_packets" lineno="128171">
<summary>
Send swat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_swat_client_packets" lineno="128190">
<summary>
Do not audit attempts to send swat_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_swat_client_packets" lineno="128209">
<summary>
Receive swat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_swat_client_packets" lineno="128228">
<summary>
Do not audit attempts to receive swat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_swat_client_packets" lineno="128247">
<summary>
Send and receive swat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_swat_client_packets" lineno="128263">
<summary>
Do not audit attempts to send and receive swat_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_swat_client_packets" lineno="128278">
<summary>
Relabel packets to swat_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_swat_server_packets" lineno="128298">
<summary>
Send swat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_swat_server_packets" lineno="128317">
<summary>
Do not audit attempts to send swat_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_swat_server_packets" lineno="128336">
<summary>
Receive swat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_swat_server_packets" lineno="128355">
<summary>
Do not audit attempts to receive swat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_swat_server_packets" lineno="128374">
<summary>
Send and receive swat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_swat_server_packets" lineno="128390">
<summary>
Do not audit attempts to send and receive swat_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_swat_server_packets" lineno="128405">
<summary>
Relabel packets to swat_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_swift_port" lineno="128427">
<summary>
Send and receive TCP traffic on the swift port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_swift_port" lineno="128446">
<summary>
Send UDP traffic on the swift port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_swift_port" lineno="128465">
<summary>
Do not audit attempts to send UDP traffic on the swift port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_swift_port" lineno="128484">
<summary>
Receive UDP traffic on the swift port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_swift_port" lineno="128503">
<summary>
Do not audit attempts to receive UDP traffic on the swift port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_swift_port" lineno="128522">
<summary>
Send and receive UDP traffic on the swift port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_swift_port" lineno="128539">
<summary>
Do not audit attempts to send and receive
UDP traffic on the swift port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_swift_port" lineno="128555">
<summary>
Bind TCP sockets to the swift port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_swift_port" lineno="128575">
<summary>
Bind UDP sockets to the swift port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_swift_port" lineno="128595">
<summary>
Do not audit attempts to sbind to swift port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_swift_port" lineno="128614">
<summary>
Make a TCP connection to the swift port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_swift_port" lineno="128631">
<summary>
Do not audit attempts to make a TCP connection to swift port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_swift_client_packets" lineno="128651">
<summary>
Send swift_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_swift_client_packets" lineno="128670">
<summary>
Do not audit attempts to send swift_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_swift_client_packets" lineno="128689">
<summary>
Receive swift_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_swift_client_packets" lineno="128708">
<summary>
Do not audit attempts to receive swift_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_swift_client_packets" lineno="128727">
<summary>
Send and receive swift_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_swift_client_packets" lineno="128743">
<summary>
Do not audit attempts to send and receive swift_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_swift_client_packets" lineno="128758">
<summary>
Relabel packets to swift_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_swift_server_packets" lineno="128778">
<summary>
Send swift_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_swift_server_packets" lineno="128797">
<summary>
Do not audit attempts to send swift_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_swift_server_packets" lineno="128816">
<summary>
Receive swift_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_swift_server_packets" lineno="128835">
<summary>
Do not audit attempts to receive swift_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_swift_server_packets" lineno="128854">
<summary>
Send and receive swift_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_swift_server_packets" lineno="128870">
<summary>
Do not audit attempts to send and receive swift_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_swift_server_packets" lineno="128885">
<summary>
Relabel packets to swift_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_sype_transport_port" lineno="128907">
<summary>
Send and receive TCP traffic on the sype_transport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_sype_transport_port" lineno="128926">
<summary>
Send UDP traffic on the sype_transport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_sype_transport_port" lineno="128945">
<summary>
Do not audit attempts to send UDP traffic on the sype_transport port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_sype_transport_port" lineno="128964">
<summary>
Receive UDP traffic on the sype_transport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_sype_transport_port" lineno="128983">
<summary>
Do not audit attempts to receive UDP traffic on the sype_transport port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_sype_transport_port" lineno="129002">
<summary>
Send and receive UDP traffic on the sype_transport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_sype_transport_port" lineno="129019">
<summary>
Do not audit attempts to send and receive
UDP traffic on the sype_transport port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_sype_transport_port" lineno="129035">
<summary>
Bind TCP sockets to the sype_transport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_sype_transport_port" lineno="129055">
<summary>
Bind UDP sockets to the sype_transport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_sype_transport_port" lineno="129075">
<summary>
Do not audit attempts to sbind to sype_transport port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_sype_transport_port" lineno="129094">
<summary>
Make a TCP connection to the sype_transport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_sype_transport_port" lineno="129111">
<summary>
Do not audit attempts to make a TCP connection to sype_transport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sype_transport_client_packets" lineno="129131">
<summary>
Send sype_transport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sype_transport_client_packets" lineno="129150">
<summary>
Do not audit attempts to send sype_transport_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sype_transport_client_packets" lineno="129169">
<summary>
Receive sype_transport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sype_transport_client_packets" lineno="129188">
<summary>
Do not audit attempts to receive sype_transport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sype_transport_client_packets" lineno="129207">
<summary>
Send and receive sype_transport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sype_transport_client_packets" lineno="129223">
<summary>
Do not audit attempts to send and receive sype_transport_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sype_transport_client_packets" lineno="129238">
<summary>
Relabel packets to sype_transport_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sype_transport_server_packets" lineno="129258">
<summary>
Send sype_transport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sype_transport_server_packets" lineno="129277">
<summary>
Do not audit attempts to send sype_transport_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sype_transport_server_packets" lineno="129296">
<summary>
Receive sype_transport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sype_transport_server_packets" lineno="129315">
<summary>
Do not audit attempts to receive sype_transport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sype_transport_server_packets" lineno="129334">
<summary>
Send and receive sype_transport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sype_transport_server_packets" lineno="129350">
<summary>
Do not audit attempts to send and receive sype_transport_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sype_transport_server_packets" lineno="129365">
<summary>
Relabel packets to sype_transport_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_syslogd_port" lineno="129387">
<summary>
Send and receive TCP traffic on the syslogd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_syslogd_port" lineno="129406">
<summary>
Send UDP traffic on the syslogd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_syslogd_port" lineno="129425">
<summary>
Do not audit attempts to send UDP traffic on the syslogd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_syslogd_port" lineno="129444">
<summary>
Receive UDP traffic on the syslogd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_syslogd_port" lineno="129463">
<summary>
Do not audit attempts to receive UDP traffic on the syslogd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_syslogd_port" lineno="129482">
<summary>
Send and receive UDP traffic on the syslogd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_syslogd_port" lineno="129499">
<summary>
Do not audit attempts to send and receive
UDP traffic on the syslogd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_syslogd_port" lineno="129515">
<summary>
Bind TCP sockets to the syslogd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_syslogd_port" lineno="129535">
<summary>
Bind UDP sockets to the syslogd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_syslogd_port" lineno="129555">
<summary>
Do not audit attempts to sbind to syslogd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_syslogd_port" lineno="129574">
<summary>
Make a TCP connection to the syslogd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_syslogd_port" lineno="129591">
<summary>
Do not audit attempts to make a TCP connection to syslogd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_syslogd_client_packets" lineno="129611">
<summary>
Send syslogd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_syslogd_client_packets" lineno="129630">
<summary>
Do not audit attempts to send syslogd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_syslogd_client_packets" lineno="129649">
<summary>
Receive syslogd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_syslogd_client_packets" lineno="129668">
<summary>
Do not audit attempts to receive syslogd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_syslogd_client_packets" lineno="129687">
<summary>
Send and receive syslogd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_syslogd_client_packets" lineno="129703">
<summary>
Do not audit attempts to send and receive syslogd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_syslogd_client_packets" lineno="129718">
<summary>
Relabel packets to syslogd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_syslogd_server_packets" lineno="129738">
<summary>
Send syslogd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_syslogd_server_packets" lineno="129757">
<summary>
Do not audit attempts to send syslogd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_syslogd_server_packets" lineno="129776">
<summary>
Receive syslogd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_syslogd_server_packets" lineno="129795">
<summary>
Do not audit attempts to receive syslogd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_syslogd_server_packets" lineno="129814">
<summary>
Send and receive syslogd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_syslogd_server_packets" lineno="129830">
<summary>
Do not audit attempts to send and receive syslogd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_syslogd_server_packets" lineno="129845">
<summary>
Relabel packets to syslogd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_syslog_tls_port" lineno="129867">
<summary>
Send and receive TCP traffic on the syslog_tls port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_syslog_tls_port" lineno="129886">
<summary>
Send UDP traffic on the syslog_tls port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_syslog_tls_port" lineno="129905">
<summary>
Do not audit attempts to send UDP traffic on the syslog_tls port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_syslog_tls_port" lineno="129924">
<summary>
Receive UDP traffic on the syslog_tls port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_syslog_tls_port" lineno="129943">
<summary>
Do not audit attempts to receive UDP traffic on the syslog_tls port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_syslog_tls_port" lineno="129962">
<summary>
Send and receive UDP traffic on the syslog_tls port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_syslog_tls_port" lineno="129979">
<summary>
Do not audit attempts to send and receive
UDP traffic on the syslog_tls port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_syslog_tls_port" lineno="129995">
<summary>
Bind TCP sockets to the syslog_tls port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_syslog_tls_port" lineno="130015">
<summary>
Bind UDP sockets to the syslog_tls port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_syslog_tls_port" lineno="130035">
<summary>
Do not audit attempts to sbind to syslog_tls port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_syslog_tls_port" lineno="130054">
<summary>
Make a TCP connection to the syslog_tls port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_syslog_tls_port" lineno="130071">
<summary>
Do not audit attempts to make a TCP connection to syslog_tls port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_syslog_tls_client_packets" lineno="130091">
<summary>
Send syslog_tls_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_syslog_tls_client_packets" lineno="130110">
<summary>
Do not audit attempts to send syslog_tls_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_syslog_tls_client_packets" lineno="130129">
<summary>
Receive syslog_tls_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_syslog_tls_client_packets" lineno="130148">
<summary>
Do not audit attempts to receive syslog_tls_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_syslog_tls_client_packets" lineno="130167">
<summary>
Send and receive syslog_tls_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_syslog_tls_client_packets" lineno="130183">
<summary>
Do not audit attempts to send and receive syslog_tls_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_syslog_tls_client_packets" lineno="130198">
<summary>
Relabel packets to syslog_tls_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_syslog_tls_server_packets" lineno="130218">
<summary>
Send syslog_tls_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_syslog_tls_server_packets" lineno="130237">
<summary>
Do not audit attempts to send syslog_tls_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_syslog_tls_server_packets" lineno="130256">
<summary>
Receive syslog_tls_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_syslog_tls_server_packets" lineno="130275">
<summary>
Do not audit attempts to receive syslog_tls_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_syslog_tls_server_packets" lineno="130294">
<summary>
Send and receive syslog_tls_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_syslog_tls_server_packets" lineno="130310">
<summary>
Do not audit attempts to send and receive syslog_tls_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_syslog_tls_server_packets" lineno="130325">
<summary>
Relabel packets to syslog_tls_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_statsd_port" lineno="130347">
<summary>
Send and receive TCP traffic on the statsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_statsd_port" lineno="130366">
<summary>
Send UDP traffic on the statsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_statsd_port" lineno="130385">
<summary>
Do not audit attempts to send UDP traffic on the statsd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_statsd_port" lineno="130404">
<summary>
Receive UDP traffic on the statsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_statsd_port" lineno="130423">
<summary>
Do not audit attempts to receive UDP traffic on the statsd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_statsd_port" lineno="130442">
<summary>
Send and receive UDP traffic on the statsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_statsd_port" lineno="130459">
<summary>
Do not audit attempts to send and receive
UDP traffic on the statsd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_statsd_port" lineno="130475">
<summary>
Bind TCP sockets to the statsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_statsd_port" lineno="130495">
<summary>
Bind UDP sockets to the statsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_statsd_port" lineno="130515">
<summary>
Do not audit attempts to sbind to statsd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_statsd_port" lineno="130534">
<summary>
Make a TCP connection to the statsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_statsd_port" lineno="130551">
<summary>
Do not audit attempts to make a TCP connection to statsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_statsd_client_packets" lineno="130571">
<summary>
Send statsd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_statsd_client_packets" lineno="130590">
<summary>
Do not audit attempts to send statsd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_statsd_client_packets" lineno="130609">
<summary>
Receive statsd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_statsd_client_packets" lineno="130628">
<summary>
Do not audit attempts to receive statsd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_statsd_client_packets" lineno="130647">
<summary>
Send and receive statsd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_statsd_client_packets" lineno="130663">
<summary>
Do not audit attempts to send and receive statsd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_statsd_client_packets" lineno="130678">
<summary>
Relabel packets to statsd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_statsd_server_packets" lineno="130698">
<summary>
Send statsd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_statsd_server_packets" lineno="130717">
<summary>
Do not audit attempts to send statsd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_statsd_server_packets" lineno="130736">
<summary>
Receive statsd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_statsd_server_packets" lineno="130755">
<summary>
Do not audit attempts to receive statsd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_statsd_server_packets" lineno="130774">
<summary>
Send and receive statsd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_statsd_server_packets" lineno="130790">
<summary>
Do not audit attempts to send and receive statsd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_statsd_server_packets" lineno="130805">
<summary>
Relabel packets to statsd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_tangd_port" lineno="130827">
<summary>
Send and receive TCP traffic on the tangd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_tangd_port" lineno="130846">
<summary>
Send UDP traffic on the tangd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_tangd_port" lineno="130865">
<summary>
Do not audit attempts to send UDP traffic on the tangd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_tangd_port" lineno="130884">
<summary>
Receive UDP traffic on the tangd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_tangd_port" lineno="130903">
<summary>
Do not audit attempts to receive UDP traffic on the tangd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_tangd_port" lineno="130922">
<summary>
Send and receive UDP traffic on the tangd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_tangd_port" lineno="130939">
<summary>
Do not audit attempts to send and receive
UDP traffic on the tangd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_tangd_port" lineno="130955">
<summary>
Bind TCP sockets to the tangd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_tangd_port" lineno="130975">
<summary>
Bind UDP sockets to the tangd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_tangd_port" lineno="130995">
<summary>
Do not audit attempts to sbind to tangd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_tangd_port" lineno="131014">
<summary>
Make a TCP connection to the tangd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_tangd_port" lineno="131031">
<summary>
Do not audit attempts to make a TCP connection to tangd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_tangd_client_packets" lineno="131051">
<summary>
Send tangd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_tangd_client_packets" lineno="131070">
<summary>
Do not audit attempts to send tangd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_tangd_client_packets" lineno="131089">
<summary>
Receive tangd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_tangd_client_packets" lineno="131108">
<summary>
Do not audit attempts to receive tangd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_tangd_client_packets" lineno="131127">
<summary>
Send and receive tangd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_tangd_client_packets" lineno="131143">
<summary>
Do not audit attempts to send and receive tangd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_tangd_client_packets" lineno="131158">
<summary>
Relabel packets to tangd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_tangd_server_packets" lineno="131178">
<summary>
Send tangd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_tangd_server_packets" lineno="131197">
<summary>
Do not audit attempts to send tangd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_tangd_server_packets" lineno="131216">
<summary>
Receive tangd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_tangd_server_packets" lineno="131235">
<summary>
Do not audit attempts to receive tangd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_tangd_server_packets" lineno="131254">
<summary>
Send and receive tangd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_tangd_server_packets" lineno="131270">
<summary>
Do not audit attempts to send and receive tangd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_tangd_server_packets" lineno="131285">
<summary>
Relabel packets to tangd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_tcs_port" lineno="131307">
<summary>
Send and receive TCP traffic on the tcs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_tcs_port" lineno="131326">
<summary>
Send UDP traffic on the tcs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_tcs_port" lineno="131345">
<summary>
Do not audit attempts to send UDP traffic on the tcs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_tcs_port" lineno="131364">
<summary>
Receive UDP traffic on the tcs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_tcs_port" lineno="131383">
<summary>
Do not audit attempts to receive UDP traffic on the tcs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_tcs_port" lineno="131402">
<summary>
Send and receive UDP traffic on the tcs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_tcs_port" lineno="131419">
<summary>
Do not audit attempts to send and receive
UDP traffic on the tcs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_tcs_port" lineno="131435">
<summary>
Bind TCP sockets to the tcs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_tcs_port" lineno="131455">
<summary>
Bind UDP sockets to the tcs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_tcs_port" lineno="131475">
<summary>
Do not audit attempts to sbind to tcs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_tcs_port" lineno="131494">
<summary>
Make a TCP connection to the tcs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_tcs_port" lineno="131511">
<summary>
Do not audit attempts to make a TCP connection to tcs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_tcs_client_packets" lineno="131531">
<summary>
Send tcs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_tcs_client_packets" lineno="131550">
<summary>
Do not audit attempts to send tcs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_tcs_client_packets" lineno="131569">
<summary>
Receive tcs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_tcs_client_packets" lineno="131588">
<summary>
Do not audit attempts to receive tcs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_tcs_client_packets" lineno="131607">
<summary>
Send and receive tcs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_tcs_client_packets" lineno="131623">
<summary>
Do not audit attempts to send and receive tcs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_tcs_client_packets" lineno="131638">
<summary>
Relabel packets to tcs_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_tcs_server_packets" lineno="131658">
<summary>
Send tcs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_tcs_server_packets" lineno="131677">
<summary>
Do not audit attempts to send tcs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_tcs_server_packets" lineno="131696">
<summary>
Receive tcs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_tcs_server_packets" lineno="131715">
<summary>
Do not audit attempts to receive tcs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_tcs_server_packets" lineno="131734">
<summary>
Send and receive tcs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_tcs_server_packets" lineno="131750">
<summary>
Do not audit attempts to send and receive tcs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_tcs_server_packets" lineno="131765">
<summary>
Relabel packets to tcs_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_telnetd_port" lineno="131787">
<summary>
Send and receive TCP traffic on the telnetd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_telnetd_port" lineno="131806">
<summary>
Send UDP traffic on the telnetd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_telnetd_port" lineno="131825">
<summary>
Do not audit attempts to send UDP traffic on the telnetd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_telnetd_port" lineno="131844">
<summary>
Receive UDP traffic on the telnetd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_telnetd_port" lineno="131863">
<summary>
Do not audit attempts to receive UDP traffic on the telnetd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_telnetd_port" lineno="131882">
<summary>
Send and receive UDP traffic on the telnetd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_telnetd_port" lineno="131899">
<summary>
Do not audit attempts to send and receive
UDP traffic on the telnetd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_telnetd_port" lineno="131915">
<summary>
Bind TCP sockets to the telnetd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_telnetd_port" lineno="131935">
<summary>
Bind UDP sockets to the telnetd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_telnetd_port" lineno="131955">
<summary>
Do not audit attempts to sbind to telnetd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_telnetd_port" lineno="131974">
<summary>
Make a TCP connection to the telnetd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_telnetd_port" lineno="131991">
<summary>
Do not audit attempts to make a TCP connection to telnetd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_telnetd_client_packets" lineno="132011">
<summary>
Send telnetd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_telnetd_client_packets" lineno="132030">
<summary>
Do not audit attempts to send telnetd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_telnetd_client_packets" lineno="132049">
<summary>
Receive telnetd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_telnetd_client_packets" lineno="132068">
<summary>
Do not audit attempts to receive telnetd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_telnetd_client_packets" lineno="132087">
<summary>
Send and receive telnetd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_telnetd_client_packets" lineno="132103">
<summary>
Do not audit attempts to send and receive telnetd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_telnetd_client_packets" lineno="132118">
<summary>
Relabel packets to telnetd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_telnetd_server_packets" lineno="132138">
<summary>
Send telnetd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_telnetd_server_packets" lineno="132157">
<summary>
Do not audit attempts to send telnetd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_telnetd_server_packets" lineno="132176">
<summary>
Receive telnetd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_telnetd_server_packets" lineno="132195">
<summary>
Do not audit attempts to receive telnetd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_telnetd_server_packets" lineno="132214">
<summary>
Send and receive telnetd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_telnetd_server_packets" lineno="132230">
<summary>
Do not audit attempts to send and receive telnetd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_telnetd_server_packets" lineno="132245">
<summary>
Relabel packets to telnetd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_tftp_port" lineno="132267">
<summary>
Send and receive TCP traffic on the tftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_tftp_port" lineno="132286">
<summary>
Send UDP traffic on the tftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_tftp_port" lineno="132305">
<summary>
Do not audit attempts to send UDP traffic on the tftp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_tftp_port" lineno="132324">
<summary>
Receive UDP traffic on the tftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_tftp_port" lineno="132343">
<summary>
Do not audit attempts to receive UDP traffic on the tftp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_tftp_port" lineno="132362">
<summary>
Send and receive UDP traffic on the tftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_tftp_port" lineno="132379">
<summary>
Do not audit attempts to send and receive
UDP traffic on the tftp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_tftp_port" lineno="132395">
<summary>
Bind TCP sockets to the tftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_tftp_port" lineno="132415">
<summary>
Bind UDP sockets to the tftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_tftp_port" lineno="132435">
<summary>
Do not audit attempts to sbind to tftp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_tftp_port" lineno="132454">
<summary>
Make a TCP connection to the tftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_tftp_port" lineno="132471">
<summary>
Do not audit attempts to make a TCP connection to tftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_tftp_client_packets" lineno="132491">
<summary>
Send tftp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_tftp_client_packets" lineno="132510">
<summary>
Do not audit attempts to send tftp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_tftp_client_packets" lineno="132529">
<summary>
Receive tftp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_tftp_client_packets" lineno="132548">
<summary>
Do not audit attempts to receive tftp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_tftp_client_packets" lineno="132567">
<summary>
Send and receive tftp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_tftp_client_packets" lineno="132583">
<summary>
Do not audit attempts to send and receive tftp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_tftp_client_packets" lineno="132598">
<summary>
Relabel packets to tftp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_tftp_server_packets" lineno="132618">
<summary>
Send tftp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_tftp_server_packets" lineno="132637">
<summary>
Do not audit attempts to send tftp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_tftp_server_packets" lineno="132656">
<summary>
Receive tftp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_tftp_server_packets" lineno="132675">
<summary>
Do not audit attempts to receive tftp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_tftp_server_packets" lineno="132694">
<summary>
Send and receive tftp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_tftp_server_packets" lineno="132710">
<summary>
Do not audit attempts to send and receive tftp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_tftp_server_packets" lineno="132725">
<summary>
Relabel packets to tftp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_tor_port" lineno="132747">
<summary>
Send and receive TCP traffic on the tor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_tor_port" lineno="132766">
<summary>
Send UDP traffic on the tor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_tor_port" lineno="132785">
<summary>
Do not audit attempts to send UDP traffic on the tor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_tor_port" lineno="132804">
<summary>
Receive UDP traffic on the tor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_tor_port" lineno="132823">
<summary>
Do not audit attempts to receive UDP traffic on the tor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_tor_port" lineno="132842">
<summary>
Send and receive UDP traffic on the tor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_tor_port" lineno="132859">
<summary>
Do not audit attempts to send and receive
UDP traffic on the tor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_tor_port" lineno="132875">
<summary>
Bind TCP sockets to the tor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_tor_port" lineno="132895">
<summary>
Bind UDP sockets to the tor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_tor_port" lineno="132915">
<summary>
Do not audit attempts to sbind to tor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_tor_port" lineno="132934">
<summary>
Make a TCP connection to the tor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_tor_port" lineno="132951">
<summary>
Do not audit attempts to make a TCP connection to tor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_tor_client_packets" lineno="132971">
<summary>
Send tor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_tor_client_packets" lineno="132990">
<summary>
Do not audit attempts to send tor_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_tor_client_packets" lineno="133009">
<summary>
Receive tor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_tor_client_packets" lineno="133028">
<summary>
Do not audit attempts to receive tor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_tor_client_packets" lineno="133047">
<summary>
Send and receive tor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_tor_client_packets" lineno="133063">
<summary>
Do not audit attempts to send and receive tor_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_tor_client_packets" lineno="133078">
<summary>
Relabel packets to tor_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_tor_server_packets" lineno="133098">
<summary>
Send tor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_tor_server_packets" lineno="133117">
<summary>
Do not audit attempts to send tor_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_tor_server_packets" lineno="133136">
<summary>
Receive tor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_tor_server_packets" lineno="133155">
<summary>
Do not audit attempts to receive tor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_tor_server_packets" lineno="133174">
<summary>
Send and receive tor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_tor_server_packets" lineno="133190">
<summary>
Do not audit attempts to send and receive tor_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_tor_server_packets" lineno="133205">
<summary>
Relabel packets to tor_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_traceroute_port" lineno="133227">
<summary>
Send and receive TCP traffic on the traceroute port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_traceroute_port" lineno="133246">
<summary>
Send UDP traffic on the traceroute port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_traceroute_port" lineno="133265">
<summary>
Do not audit attempts to send UDP traffic on the traceroute port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_traceroute_port" lineno="133284">
<summary>
Receive UDP traffic on the traceroute port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_traceroute_port" lineno="133303">
<summary>
Do not audit attempts to receive UDP traffic on the traceroute port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_traceroute_port" lineno="133322">
<summary>
Send and receive UDP traffic on the traceroute port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_traceroute_port" lineno="133339">
<summary>
Do not audit attempts to send and receive
UDP traffic on the traceroute port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_traceroute_port" lineno="133355">
<summary>
Bind TCP sockets to the traceroute port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_traceroute_port" lineno="133375">
<summary>
Bind UDP sockets to the traceroute port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_traceroute_port" lineno="133395">
<summary>
Do not audit attempts to sbind to traceroute port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_traceroute_port" lineno="133414">
<summary>
Make a TCP connection to the traceroute port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_traceroute_port" lineno="133431">
<summary>
Do not audit attempts to make a TCP connection to traceroute port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_traceroute_client_packets" lineno="133451">
<summary>
Send traceroute_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_traceroute_client_packets" lineno="133470">
<summary>
Do not audit attempts to send traceroute_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_traceroute_client_packets" lineno="133489">
<summary>
Receive traceroute_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_traceroute_client_packets" lineno="133508">
<summary>
Do not audit attempts to receive traceroute_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_traceroute_client_packets" lineno="133527">
<summary>
Send and receive traceroute_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_traceroute_client_packets" lineno="133543">
<summary>
Do not audit attempts to send and receive traceroute_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_traceroute_client_packets" lineno="133558">
<summary>
Relabel packets to traceroute_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_traceroute_server_packets" lineno="133578">
<summary>
Send traceroute_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_traceroute_server_packets" lineno="133597">
<summary>
Do not audit attempts to send traceroute_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_traceroute_server_packets" lineno="133616">
<summary>
Receive traceroute_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_traceroute_server_packets" lineno="133635">
<summary>
Do not audit attempts to receive traceroute_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_traceroute_server_packets" lineno="133654">
<summary>
Send and receive traceroute_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_traceroute_server_packets" lineno="133670">
<summary>
Do not audit attempts to send and receive traceroute_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_traceroute_server_packets" lineno="133685">
<summary>
Relabel packets to traceroute_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_tram_port" lineno="133707">
<summary>
Send and receive TCP traffic on the tram port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_tram_port" lineno="133726">
<summary>
Send UDP traffic on the tram port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_tram_port" lineno="133745">
<summary>
Do not audit attempts to send UDP traffic on the tram port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_tram_port" lineno="133764">
<summary>
Receive UDP traffic on the tram port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_tram_port" lineno="133783">
<summary>
Do not audit attempts to receive UDP traffic on the tram port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_tram_port" lineno="133802">
<summary>
Send and receive UDP traffic on the tram port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_tram_port" lineno="133819">
<summary>
Do not audit attempts to send and receive
UDP traffic on the tram port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_tram_port" lineno="133835">
<summary>
Bind TCP sockets to the tram port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_tram_port" lineno="133855">
<summary>
Bind UDP sockets to the tram port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_tram_port" lineno="133875">
<summary>
Do not audit attempts to sbind to tram port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_tram_port" lineno="133894">
<summary>
Make a TCP connection to the tram port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_tram_port" lineno="133911">
<summary>
Do not audit attempts to make a TCP connection to tram port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_tram_client_packets" lineno="133931">
<summary>
Send tram_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_tram_client_packets" lineno="133950">
<summary>
Do not audit attempts to send tram_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_tram_client_packets" lineno="133969">
<summary>
Receive tram_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_tram_client_packets" lineno="133988">
<summary>
Do not audit attempts to receive tram_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_tram_client_packets" lineno="134007">
<summary>
Send and receive tram_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_tram_client_packets" lineno="134023">
<summary>
Do not audit attempts to send and receive tram_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_tram_client_packets" lineno="134038">
<summary>
Relabel packets to tram_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_tram_server_packets" lineno="134058">
<summary>
Send tram_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_tram_server_packets" lineno="134077">
<summary>
Do not audit attempts to send tram_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_tram_server_packets" lineno="134096">
<summary>
Receive tram_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_tram_server_packets" lineno="134115">
<summary>
Do not audit attempts to receive tram_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_tram_server_packets" lineno="134134">
<summary>
Send and receive tram_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_tram_server_packets" lineno="134150">
<summary>
Do not audit attempts to send and receive tram_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_tram_server_packets" lineno="134165">
<summary>
Relabel packets to tram_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_transproxy_port" lineno="134187">
<summary>
Send and receive TCP traffic on the transproxy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_transproxy_port" lineno="134206">
<summary>
Send UDP traffic on the transproxy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_transproxy_port" lineno="134225">
<summary>
Do not audit attempts to send UDP traffic on the transproxy port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_transproxy_port" lineno="134244">
<summary>
Receive UDP traffic on the transproxy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_transproxy_port" lineno="134263">
<summary>
Do not audit attempts to receive UDP traffic on the transproxy port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_transproxy_port" lineno="134282">
<summary>
Send and receive UDP traffic on the transproxy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_transproxy_port" lineno="134299">
<summary>
Do not audit attempts to send and receive
UDP traffic on the transproxy port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_transproxy_port" lineno="134315">
<summary>
Bind TCP sockets to the transproxy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_transproxy_port" lineno="134335">
<summary>
Bind UDP sockets to the transproxy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_transproxy_port" lineno="134355">
<summary>
Do not audit attempts to sbind to transproxy port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_transproxy_port" lineno="134374">
<summary>
Make a TCP connection to the transproxy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_transproxy_port" lineno="134391">
<summary>
Do not audit attempts to make a TCP connection to transproxy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_transproxy_client_packets" lineno="134411">
<summary>
Send transproxy_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_transproxy_client_packets" lineno="134430">
<summary>
Do not audit attempts to send transproxy_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_transproxy_client_packets" lineno="134449">
<summary>
Receive transproxy_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_transproxy_client_packets" lineno="134468">
<summary>
Do not audit attempts to receive transproxy_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_transproxy_client_packets" lineno="134487">
<summary>
Send and receive transproxy_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_transproxy_client_packets" lineno="134503">
<summary>
Do not audit attempts to send and receive transproxy_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_transproxy_client_packets" lineno="134518">
<summary>
Relabel packets to transproxy_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_transproxy_server_packets" lineno="134538">
<summary>
Send transproxy_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_transproxy_server_packets" lineno="134557">
<summary>
Do not audit attempts to send transproxy_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_transproxy_server_packets" lineno="134576">
<summary>
Receive transproxy_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_transproxy_server_packets" lineno="134595">
<summary>
Do not audit attempts to receive transproxy_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_transproxy_server_packets" lineno="134614">
<summary>
Send and receive transproxy_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_transproxy_server_packets" lineno="134630">
<summary>
Do not audit attempts to send and receive transproxy_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_transproxy_server_packets" lineno="134645">
<summary>
Relabel packets to transproxy_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_trisoap_port" lineno="134667">
<summary>
Send and receive TCP traffic on the trisoap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_trisoap_port" lineno="134686">
<summary>
Send UDP traffic on the trisoap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_trisoap_port" lineno="134705">
<summary>
Do not audit attempts to send UDP traffic on the trisoap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_trisoap_port" lineno="134724">
<summary>
Receive UDP traffic on the trisoap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_trisoap_port" lineno="134743">
<summary>
Do not audit attempts to receive UDP traffic on the trisoap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_trisoap_port" lineno="134762">
<summary>
Send and receive UDP traffic on the trisoap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_trisoap_port" lineno="134779">
<summary>
Do not audit attempts to send and receive
UDP traffic on the trisoap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_trisoap_port" lineno="134795">
<summary>
Bind TCP sockets to the trisoap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_trisoap_port" lineno="134815">
<summary>
Bind UDP sockets to the trisoap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_trisoap_port" lineno="134835">
<summary>
Do not audit attempts to sbind to trisoap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_trisoap_port" lineno="134854">
<summary>
Make a TCP connection to the trisoap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_trisoap_port" lineno="134871">
<summary>
Do not audit attempts to make a TCP connection to trisoap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_trisoap_client_packets" lineno="134891">
<summary>
Send trisoap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_trisoap_client_packets" lineno="134910">
<summary>
Do not audit attempts to send trisoap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_trisoap_client_packets" lineno="134929">
<summary>
Receive trisoap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_trisoap_client_packets" lineno="134948">
<summary>
Do not audit attempts to receive trisoap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_trisoap_client_packets" lineno="134967">
<summary>
Send and receive trisoap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_trisoap_client_packets" lineno="134983">
<summary>
Do not audit attempts to send and receive trisoap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_trisoap_client_packets" lineno="134998">
<summary>
Relabel packets to trisoap_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_trisoap_server_packets" lineno="135018">
<summary>
Send trisoap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_trisoap_server_packets" lineno="135037">
<summary>
Do not audit attempts to send trisoap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_trisoap_server_packets" lineno="135056">
<summary>
Receive trisoap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_trisoap_server_packets" lineno="135075">
<summary>
Do not audit attempts to receive trisoap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_trisoap_server_packets" lineno="135094">
<summary>
Send and receive trisoap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_trisoap_server_packets" lineno="135110">
<summary>
Do not audit attempts to send and receive trisoap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_trisoap_server_packets" lineno="135125">
<summary>
Relabel packets to trisoap_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_trivnet1_port" lineno="135147">
<summary>
Send and receive TCP traffic on the trivnet1 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_trivnet1_port" lineno="135166">
<summary>
Send UDP traffic on the trivnet1 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_trivnet1_port" lineno="135185">
<summary>
Do not audit attempts to send UDP traffic on the trivnet1 port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_trivnet1_port" lineno="135204">
<summary>
Receive UDP traffic on the trivnet1 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_trivnet1_port" lineno="135223">
<summary>
Do not audit attempts to receive UDP traffic on the trivnet1 port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_trivnet1_port" lineno="135242">
<summary>
Send and receive UDP traffic on the trivnet1 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_trivnet1_port" lineno="135259">
<summary>
Do not audit attempts to send and receive
UDP traffic on the trivnet1 port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_trivnet1_port" lineno="135275">
<summary>
Bind TCP sockets to the trivnet1 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_trivnet1_port" lineno="135295">
<summary>
Bind UDP sockets to the trivnet1 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_trivnet1_port" lineno="135315">
<summary>
Do not audit attempts to sbind to trivnet1 port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_trivnet1_port" lineno="135334">
<summary>
Make a TCP connection to the trivnet1 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_trivnet1_port" lineno="135351">
<summary>
Do not audit attempts to make a TCP connection to trivnet1 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_trivnet1_client_packets" lineno="135371">
<summary>
Send trivnet1_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_trivnet1_client_packets" lineno="135390">
<summary>
Do not audit attempts to send trivnet1_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_trivnet1_client_packets" lineno="135409">
<summary>
Receive trivnet1_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_trivnet1_client_packets" lineno="135428">
<summary>
Do not audit attempts to receive trivnet1_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_trivnet1_client_packets" lineno="135447">
<summary>
Send and receive trivnet1_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_trivnet1_client_packets" lineno="135463">
<summary>
Do not audit attempts to send and receive trivnet1_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_trivnet1_client_packets" lineno="135478">
<summary>
Relabel packets to trivnet1_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_trivnet1_server_packets" lineno="135498">
<summary>
Send trivnet1_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_trivnet1_server_packets" lineno="135517">
<summary>
Do not audit attempts to send trivnet1_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_trivnet1_server_packets" lineno="135536">
<summary>
Receive trivnet1_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_trivnet1_server_packets" lineno="135555">
<summary>
Do not audit attempts to receive trivnet1_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_trivnet1_server_packets" lineno="135574">
<summary>
Send and receive trivnet1_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_trivnet1_server_packets" lineno="135590">
<summary>
Do not audit attempts to send and receive trivnet1_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_trivnet1_server_packets" lineno="135605">
<summary>
Relabel packets to trivnet1_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ups_port" lineno="135627">
<summary>
Send and receive TCP traffic on the ups port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ups_port" lineno="135646">
<summary>
Send UDP traffic on the ups port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ups_port" lineno="135665">
<summary>
Do not audit attempts to send UDP traffic on the ups port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ups_port" lineno="135684">
<summary>
Receive UDP traffic on the ups port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ups_port" lineno="135703">
<summary>
Do not audit attempts to receive UDP traffic on the ups port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ups_port" lineno="135722">
<summary>
Send and receive UDP traffic on the ups port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ups_port" lineno="135739">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ups port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ups_port" lineno="135755">
<summary>
Bind TCP sockets to the ups port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ups_port" lineno="135775">
<summary>
Bind UDP sockets to the ups port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_ups_port" lineno="135795">
<summary>
Do not audit attempts to sbind to ups port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ups_port" lineno="135814">
<summary>
Make a TCP connection to the ups port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_ups_port" lineno="135831">
<summary>
Do not audit attempts to make a TCP connection to ups port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ups_client_packets" lineno="135851">
<summary>
Send ups_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ups_client_packets" lineno="135870">
<summary>
Do not audit attempts to send ups_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ups_client_packets" lineno="135889">
<summary>
Receive ups_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ups_client_packets" lineno="135908">
<summary>
Do not audit attempts to receive ups_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ups_client_packets" lineno="135927">
<summary>
Send and receive ups_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ups_client_packets" lineno="135943">
<summary>
Do not audit attempts to send and receive ups_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ups_client_packets" lineno="135958">
<summary>
Relabel packets to ups_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ups_server_packets" lineno="135978">
<summary>
Send ups_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ups_server_packets" lineno="135997">
<summary>
Do not audit attempts to send ups_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ups_server_packets" lineno="136016">
<summary>
Receive ups_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ups_server_packets" lineno="136035">
<summary>
Do not audit attempts to receive ups_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ups_server_packets" lineno="136054">
<summary>
Send and receive ups_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ups_server_packets" lineno="136070">
<summary>
Do not audit attempts to send and receive ups_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ups_server_packets" lineno="136085">
<summary>
Relabel packets to ups_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_utcpserver_port" lineno="136107">
<summary>
Send and receive TCP traffic on the utcpserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_utcpserver_port" lineno="136126">
<summary>
Send UDP traffic on the utcpserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_utcpserver_port" lineno="136145">
<summary>
Do not audit attempts to send UDP traffic on the utcpserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_utcpserver_port" lineno="136164">
<summary>
Receive UDP traffic on the utcpserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_utcpserver_port" lineno="136183">
<summary>
Do not audit attempts to receive UDP traffic on the utcpserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_utcpserver_port" lineno="136202">
<summary>
Send and receive UDP traffic on the utcpserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_utcpserver_port" lineno="136219">
<summary>
Do not audit attempts to send and receive
UDP traffic on the utcpserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_utcpserver_port" lineno="136235">
<summary>
Bind TCP sockets to the utcpserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_utcpserver_port" lineno="136255">
<summary>
Bind UDP sockets to the utcpserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_utcpserver_port" lineno="136275">
<summary>
Do not audit attempts to sbind to utcpserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_utcpserver_port" lineno="136294">
<summary>
Make a TCP connection to the utcpserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_utcpserver_port" lineno="136311">
<summary>
Do not audit attempts to make a TCP connection to utcpserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_utcpserver_client_packets" lineno="136331">
<summary>
Send utcpserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_utcpserver_client_packets" lineno="136350">
<summary>
Do not audit attempts to send utcpserver_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_utcpserver_client_packets" lineno="136369">
<summary>
Receive utcpserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_utcpserver_client_packets" lineno="136388">
<summary>
Do not audit attempts to receive utcpserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_utcpserver_client_packets" lineno="136407">
<summary>
Send and receive utcpserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_utcpserver_client_packets" lineno="136423">
<summary>
Do not audit attempts to send and receive utcpserver_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_utcpserver_client_packets" lineno="136438">
<summary>
Relabel packets to utcpserver_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_utcpserver_server_packets" lineno="136458">
<summary>
Send utcpserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_utcpserver_server_packets" lineno="136477">
<summary>
Do not audit attempts to send utcpserver_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_utcpserver_server_packets" lineno="136496">
<summary>
Receive utcpserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_utcpserver_server_packets" lineno="136515">
<summary>
Do not audit attempts to receive utcpserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_utcpserver_server_packets" lineno="136534">
<summary>
Send and receive utcpserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_utcpserver_server_packets" lineno="136550">
<summary>
Do not audit attempts to send and receive utcpserver_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_utcpserver_server_packets" lineno="136565">
<summary>
Relabel packets to utcpserver_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_uucpd_port" lineno="136587">
<summary>
Send and receive TCP traffic on the uucpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_uucpd_port" lineno="136606">
<summary>
Send UDP traffic on the uucpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_uucpd_port" lineno="136625">
<summary>
Do not audit attempts to send UDP traffic on the uucpd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_uucpd_port" lineno="136644">
<summary>
Receive UDP traffic on the uucpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_uucpd_port" lineno="136663">
<summary>
Do not audit attempts to receive UDP traffic on the uucpd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_uucpd_port" lineno="136682">
<summary>
Send and receive UDP traffic on the uucpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_uucpd_port" lineno="136699">
<summary>
Do not audit attempts to send and receive
UDP traffic on the uucpd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_uucpd_port" lineno="136715">
<summary>
Bind TCP sockets to the uucpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_uucpd_port" lineno="136735">
<summary>
Bind UDP sockets to the uucpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_uucpd_port" lineno="136755">
<summary>
Do not audit attempts to sbind to uucpd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_uucpd_port" lineno="136774">
<summary>
Make a TCP connection to the uucpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_uucpd_port" lineno="136791">
<summary>
Do not audit attempts to make a TCP connection to uucpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_uucpd_client_packets" lineno="136811">
<summary>
Send uucpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_uucpd_client_packets" lineno="136830">
<summary>
Do not audit attempts to send uucpd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_uucpd_client_packets" lineno="136849">
<summary>
Receive uucpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_uucpd_client_packets" lineno="136868">
<summary>
Do not audit attempts to receive uucpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_uucpd_client_packets" lineno="136887">
<summary>
Send and receive uucpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_uucpd_client_packets" lineno="136903">
<summary>
Do not audit attempts to send and receive uucpd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_uucpd_client_packets" lineno="136918">
<summary>
Relabel packets to uucpd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_uucpd_server_packets" lineno="136938">
<summary>
Send uucpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_uucpd_server_packets" lineno="136957">
<summary>
Do not audit attempts to send uucpd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_uucpd_server_packets" lineno="136976">
<summary>
Receive uucpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_uucpd_server_packets" lineno="136995">
<summary>
Do not audit attempts to receive uucpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_uucpd_server_packets" lineno="137014">
<summary>
Send and receive uucpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_uucpd_server_packets" lineno="137030">
<summary>
Do not audit attempts to send and receive uucpd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_uucpd_server_packets" lineno="137045">
<summary>
Relabel packets to uucpd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_us_cli_port" lineno="137067">
<summary>
Send and receive TCP traffic on the us_cli port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_us_cli_port" lineno="137086">
<summary>
Send UDP traffic on the us_cli port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_us_cli_port" lineno="137105">
<summary>
Do not audit attempts to send UDP traffic on the us_cli port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_us_cli_port" lineno="137124">
<summary>
Receive UDP traffic on the us_cli port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_us_cli_port" lineno="137143">
<summary>
Do not audit attempts to receive UDP traffic on the us_cli port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_us_cli_port" lineno="137162">
<summary>
Send and receive UDP traffic on the us_cli port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_us_cli_port" lineno="137179">
<summary>
Do not audit attempts to send and receive
UDP traffic on the us_cli port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_us_cli_port" lineno="137195">
<summary>
Bind TCP sockets to the us_cli port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_us_cli_port" lineno="137215">
<summary>
Bind UDP sockets to the us_cli port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_us_cli_port" lineno="137235">
<summary>
Do not audit attempts to sbind to us_cli port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_us_cli_port" lineno="137254">
<summary>
Make a TCP connection to the us_cli port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_us_cli_port" lineno="137271">
<summary>
Do not audit attempts to make a TCP connection to us_cli port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_us_cli_client_packets" lineno="137291">
<summary>
Send us_cli_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_us_cli_client_packets" lineno="137310">
<summary>
Do not audit attempts to send us_cli_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_us_cli_client_packets" lineno="137329">
<summary>
Receive us_cli_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_us_cli_client_packets" lineno="137348">
<summary>
Do not audit attempts to receive us_cli_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_us_cli_client_packets" lineno="137367">
<summary>
Send and receive us_cli_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_us_cli_client_packets" lineno="137383">
<summary>
Do not audit attempts to send and receive us_cli_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_us_cli_client_packets" lineno="137398">
<summary>
Relabel packets to us_cli_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_us_cli_server_packets" lineno="137418">
<summary>
Send us_cli_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_us_cli_server_packets" lineno="137437">
<summary>
Do not audit attempts to send us_cli_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_us_cli_server_packets" lineno="137456">
<summary>
Receive us_cli_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_us_cli_server_packets" lineno="137475">
<summary>
Do not audit attempts to receive us_cli_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_us_cli_server_packets" lineno="137494">
<summary>
Send and receive us_cli_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_us_cli_server_packets" lineno="137510">
<summary>
Do not audit attempts to send and receive us_cli_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_us_cli_server_packets" lineno="137525">
<summary>
Relabel packets to us_cli_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_varnishd_port" lineno="137547">
<summary>
Send and receive TCP traffic on the varnishd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_varnishd_port" lineno="137566">
<summary>
Send UDP traffic on the varnishd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_varnishd_port" lineno="137585">
<summary>
Do not audit attempts to send UDP traffic on the varnishd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_varnishd_port" lineno="137604">
<summary>
Receive UDP traffic on the varnishd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_varnishd_port" lineno="137623">
<summary>
Do not audit attempts to receive UDP traffic on the varnishd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_varnishd_port" lineno="137642">
<summary>
Send and receive UDP traffic on the varnishd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_varnishd_port" lineno="137659">
<summary>
Do not audit attempts to send and receive
UDP traffic on the varnishd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_varnishd_port" lineno="137675">
<summary>
Bind TCP sockets to the varnishd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_varnishd_port" lineno="137695">
<summary>
Bind UDP sockets to the varnishd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_varnishd_port" lineno="137715">
<summary>
Do not audit attempts to sbind to varnishd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_varnishd_port" lineno="137734">
<summary>
Make a TCP connection to the varnishd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_varnishd_port" lineno="137751">
<summary>
Do not audit attempts to make a TCP connection to varnishd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_varnishd_client_packets" lineno="137771">
<summary>
Send varnishd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_varnishd_client_packets" lineno="137790">
<summary>
Do not audit attempts to send varnishd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_varnishd_client_packets" lineno="137809">
<summary>
Receive varnishd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_varnishd_client_packets" lineno="137828">
<summary>
Do not audit attempts to receive varnishd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_varnishd_client_packets" lineno="137847">
<summary>
Send and receive varnishd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_varnishd_client_packets" lineno="137863">
<summary>
Do not audit attempts to send and receive varnishd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_varnishd_client_packets" lineno="137878">
<summary>
Relabel packets to varnishd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_varnishd_server_packets" lineno="137898">
<summary>
Send varnishd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_varnishd_server_packets" lineno="137917">
<summary>
Do not audit attempts to send varnishd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_varnishd_server_packets" lineno="137936">
<summary>
Receive varnishd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_varnishd_server_packets" lineno="137955">
<summary>
Do not audit attempts to receive varnishd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_varnishd_server_packets" lineno="137974">
<summary>
Send and receive varnishd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_varnishd_server_packets" lineno="137990">
<summary>
Do not audit attempts to send and receive varnishd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_varnishd_server_packets" lineno="138005">
<summary>
Relabel packets to varnishd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_versa_tek_port" lineno="138027">
<summary>
Send and receive TCP traffic on the versa_tek port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_versa_tek_port" lineno="138046">
<summary>
Send UDP traffic on the versa_tek port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_versa_tek_port" lineno="138065">
<summary>
Do not audit attempts to send UDP traffic on the versa_tek port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_versa_tek_port" lineno="138084">
<summary>
Receive UDP traffic on the versa_tek port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_versa_tek_port" lineno="138103">
<summary>
Do not audit attempts to receive UDP traffic on the versa_tek port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_versa_tek_port" lineno="138122">
<summary>
Send and receive UDP traffic on the versa_tek port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_versa_tek_port" lineno="138139">
<summary>
Do not audit attempts to send and receive
UDP traffic on the versa_tek port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_versa_tek_port" lineno="138155">
<summary>
Bind TCP sockets to the versa_tek port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_versa_tek_port" lineno="138175">
<summary>
Bind UDP sockets to the versa_tek port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_versa_tek_port" lineno="138195">
<summary>
Do not audit attempts to sbind to versa_tek port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_versa_tek_port" lineno="138214">
<summary>
Make a TCP connection to the versa_tek port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_versa_tek_port" lineno="138231">
<summary>
Do not audit attempts to make a TCP connection to versa_tek port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_versa_tek_client_packets" lineno="138251">
<summary>
Send versa_tek_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_versa_tek_client_packets" lineno="138270">
<summary>
Do not audit attempts to send versa_tek_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_versa_tek_client_packets" lineno="138289">
<summary>
Receive versa_tek_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_versa_tek_client_packets" lineno="138308">
<summary>
Do not audit attempts to receive versa_tek_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_versa_tek_client_packets" lineno="138327">
<summary>
Send and receive versa_tek_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_versa_tek_client_packets" lineno="138343">
<summary>
Do not audit attempts to send and receive versa_tek_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_versa_tek_client_packets" lineno="138358">
<summary>
Relabel packets to versa_tek_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_versa_tek_server_packets" lineno="138378">
<summary>
Send versa_tek_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_versa_tek_server_packets" lineno="138397">
<summary>
Do not audit attempts to send versa_tek_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_versa_tek_server_packets" lineno="138416">
<summary>
Receive versa_tek_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_versa_tek_server_packets" lineno="138435">
<summary>
Do not audit attempts to receive versa_tek_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_versa_tek_server_packets" lineno="138454">
<summary>
Send and receive versa_tek_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_versa_tek_server_packets" lineno="138470">
<summary>
Do not audit attempts to send and receive versa_tek_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_versa_tek_server_packets" lineno="138485">
<summary>
Relabel packets to versa_tek_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_virt_port" lineno="138507">
<summary>
Send and receive TCP traffic on the virt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_virt_port" lineno="138526">
<summary>
Send UDP traffic on the virt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_virt_port" lineno="138545">
<summary>
Do not audit attempts to send UDP traffic on the virt port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_virt_port" lineno="138564">
<summary>
Receive UDP traffic on the virt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_virt_port" lineno="138583">
<summary>
Do not audit attempts to receive UDP traffic on the virt port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_virt_port" lineno="138602">
<summary>
Send and receive UDP traffic on the virt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_virt_port" lineno="138619">
<summary>
Do not audit attempts to send and receive
UDP traffic on the virt port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_virt_port" lineno="138635">
<summary>
Bind TCP sockets to the virt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_virt_port" lineno="138655">
<summary>
Bind UDP sockets to the virt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_virt_port" lineno="138675">
<summary>
Do not audit attempts to sbind to virt port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_virt_port" lineno="138694">
<summary>
Make a TCP connection to the virt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_virt_port" lineno="138711">
<summary>
Do not audit attempts to make a TCP connection to virt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_virt_client_packets" lineno="138731">
<summary>
Send virt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_virt_client_packets" lineno="138750">
<summary>
Do not audit attempts to send virt_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_virt_client_packets" lineno="138769">
<summary>
Receive virt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_virt_client_packets" lineno="138788">
<summary>
Do not audit attempts to receive virt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_virt_client_packets" lineno="138807">
<summary>
Send and receive virt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_virt_client_packets" lineno="138823">
<summary>
Do not audit attempts to send and receive virt_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_virt_client_packets" lineno="138838">
<summary>
Relabel packets to virt_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_virt_server_packets" lineno="138858">
<summary>
Send virt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_virt_server_packets" lineno="138877">
<summary>
Do not audit attempts to send virt_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_virt_server_packets" lineno="138896">
<summary>
Receive virt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_virt_server_packets" lineno="138915">
<summary>
Do not audit attempts to receive virt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_virt_server_packets" lineno="138934">
<summary>
Send and receive virt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_virt_server_packets" lineno="138950">
<summary>
Do not audit attempts to send and receive virt_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_virt_server_packets" lineno="138965">
<summary>
Relabel packets to virt_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_virtual_places_port" lineno="138987">
<summary>
Send and receive TCP traffic on the virtual_places port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_virtual_places_port" lineno="139006">
<summary>
Send UDP traffic on the virtual_places port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_virtual_places_port" lineno="139025">
<summary>
Do not audit attempts to send UDP traffic on the virtual_places port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_virtual_places_port" lineno="139044">
<summary>
Receive UDP traffic on the virtual_places port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_virtual_places_port" lineno="139063">
<summary>
Do not audit attempts to receive UDP traffic on the virtual_places port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_virtual_places_port" lineno="139082">
<summary>
Send and receive UDP traffic on the virtual_places port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_virtual_places_port" lineno="139099">
<summary>
Do not audit attempts to send and receive
UDP traffic on the virtual_places port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_virtual_places_port" lineno="139115">
<summary>
Bind TCP sockets to the virtual_places port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_virtual_places_port" lineno="139135">
<summary>
Bind UDP sockets to the virtual_places port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_virtual_places_port" lineno="139155">
<summary>
Do not audit attempts to sbind to virtual_places port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_virtual_places_port" lineno="139174">
<summary>
Make a TCP connection to the virtual_places port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_virtual_places_port" lineno="139191">
<summary>
Do not audit attempts to make a TCP connection to virtual_places port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_virtual_places_client_packets" lineno="139211">
<summary>
Send virtual_places_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_virtual_places_client_packets" lineno="139230">
<summary>
Do not audit attempts to send virtual_places_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_virtual_places_client_packets" lineno="139249">
<summary>
Receive virtual_places_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_virtual_places_client_packets" lineno="139268">
<summary>
Do not audit attempts to receive virtual_places_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_virtual_places_client_packets" lineno="139287">
<summary>
Send and receive virtual_places_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_virtual_places_client_packets" lineno="139303">
<summary>
Do not audit attempts to send and receive virtual_places_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_virtual_places_client_packets" lineno="139318">
<summary>
Relabel packets to virtual_places_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_virtual_places_server_packets" lineno="139338">
<summary>
Send virtual_places_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_virtual_places_server_packets" lineno="139357">
<summary>
Do not audit attempts to send virtual_places_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_virtual_places_server_packets" lineno="139376">
<summary>
Receive virtual_places_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_virtual_places_server_packets" lineno="139395">
<summary>
Do not audit attempts to receive virtual_places_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_virtual_places_server_packets" lineno="139414">
<summary>
Send and receive virtual_places_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_virtual_places_server_packets" lineno="139430">
<summary>
Do not audit attempts to send and receive virtual_places_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_virtual_places_server_packets" lineno="139445">
<summary>
Relabel packets to virtual_places_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_virt_migration_port" lineno="139467">
<summary>
Send and receive TCP traffic on the virt_migration port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_virt_migration_port" lineno="139486">
<summary>
Send UDP traffic on the virt_migration port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_virt_migration_port" lineno="139505">
<summary>
Do not audit attempts to send UDP traffic on the virt_migration port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_virt_migration_port" lineno="139524">
<summary>
Receive UDP traffic on the virt_migration port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_virt_migration_port" lineno="139543">
<summary>
Do not audit attempts to receive UDP traffic on the virt_migration port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_virt_migration_port" lineno="139562">
<summary>
Send and receive UDP traffic on the virt_migration port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_virt_migration_port" lineno="139579">
<summary>
Do not audit attempts to send and receive
UDP traffic on the virt_migration port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_virt_migration_port" lineno="139595">
<summary>
Bind TCP sockets to the virt_migration port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_virt_migration_port" lineno="139615">
<summary>
Bind UDP sockets to the virt_migration port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_virt_migration_port" lineno="139635">
<summary>
Do not audit attempts to sbind to virt_migration port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_virt_migration_port" lineno="139654">
<summary>
Make a TCP connection to the virt_migration port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_virt_migration_port" lineno="139671">
<summary>
Do not audit attempts to make a TCP connection to virt_migration port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_virt_migration_client_packets" lineno="139691">
<summary>
Send virt_migration_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_virt_migration_client_packets" lineno="139710">
<summary>
Do not audit attempts to send virt_migration_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_virt_migration_client_packets" lineno="139729">
<summary>
Receive virt_migration_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_virt_migration_client_packets" lineno="139748">
<summary>
Do not audit attempts to receive virt_migration_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_virt_migration_client_packets" lineno="139767">
<summary>
Send and receive virt_migration_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_virt_migration_client_packets" lineno="139783">
<summary>
Do not audit attempts to send and receive virt_migration_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_virt_migration_client_packets" lineno="139798">
<summary>
Relabel packets to virt_migration_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_virt_migration_server_packets" lineno="139818">
<summary>
Send virt_migration_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_virt_migration_server_packets" lineno="139837">
<summary>
Do not audit attempts to send virt_migration_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_virt_migration_server_packets" lineno="139856">
<summary>
Receive virt_migration_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_virt_migration_server_packets" lineno="139875">
<summary>
Do not audit attempts to receive virt_migration_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_virt_migration_server_packets" lineno="139894">
<summary>
Send and receive virt_migration_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_virt_migration_server_packets" lineno="139910">
<summary>
Do not audit attempts to send and receive virt_migration_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_virt_migration_server_packets" lineno="139925">
<summary>
Relabel packets to virt_migration_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_vnc_port" lineno="139947">
<summary>
Send and receive TCP traffic on the vnc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_vnc_port" lineno="139966">
<summary>
Send UDP traffic on the vnc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_vnc_port" lineno="139985">
<summary>
Do not audit attempts to send UDP traffic on the vnc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_vnc_port" lineno="140004">
<summary>
Receive UDP traffic on the vnc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_vnc_port" lineno="140023">
<summary>
Do not audit attempts to receive UDP traffic on the vnc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_vnc_port" lineno="140042">
<summary>
Send and receive UDP traffic on the vnc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_vnc_port" lineno="140059">
<summary>
Do not audit attempts to send and receive
UDP traffic on the vnc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_vnc_port" lineno="140075">
<summary>
Bind TCP sockets to the vnc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_vnc_port" lineno="140095">
<summary>
Bind UDP sockets to the vnc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_vnc_port" lineno="140115">
<summary>
Do not audit attempts to sbind to vnc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_vnc_port" lineno="140134">
<summary>
Make a TCP connection to the vnc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_vnc_port" lineno="140151">
<summary>
Do not audit attempts to make a TCP connection to vnc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_vnc_client_packets" lineno="140171">
<summary>
Send vnc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_vnc_client_packets" lineno="140190">
<summary>
Do not audit attempts to send vnc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_vnc_client_packets" lineno="140209">
<summary>
Receive vnc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_vnc_client_packets" lineno="140228">
<summary>
Do not audit attempts to receive vnc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_vnc_client_packets" lineno="140247">
<summary>
Send and receive vnc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_vnc_client_packets" lineno="140263">
<summary>
Do not audit attempts to send and receive vnc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_vnc_client_packets" lineno="140278">
<summary>
Relabel packets to vnc_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_vnc_server_packets" lineno="140298">
<summary>
Send vnc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_vnc_server_packets" lineno="140317">
<summary>
Do not audit attempts to send vnc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_vnc_server_packets" lineno="140336">
<summary>
Receive vnc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_vnc_server_packets" lineno="140355">
<summary>
Do not audit attempts to receive vnc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_vnc_server_packets" lineno="140374">
<summary>
Send and receive vnc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_vnc_server_packets" lineno="140390">
<summary>
Do not audit attempts to send and receive vnc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_vnc_server_packets" lineno="140405">
<summary>
Relabel packets to vnc_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_vqp_port" lineno="140427">
<summary>
Send and receive TCP traffic on the vqp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_vqp_port" lineno="140446">
<summary>
Send UDP traffic on the vqp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_vqp_port" lineno="140465">
<summary>
Do not audit attempts to send UDP traffic on the vqp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_vqp_port" lineno="140484">
<summary>
Receive UDP traffic on the vqp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_vqp_port" lineno="140503">
<summary>
Do not audit attempts to receive UDP traffic on the vqp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_vqp_port" lineno="140522">
<summary>
Send and receive UDP traffic on the vqp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_vqp_port" lineno="140539">
<summary>
Do not audit attempts to send and receive
UDP traffic on the vqp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_vqp_port" lineno="140555">
<summary>
Bind TCP sockets to the vqp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_vqp_port" lineno="140575">
<summary>
Bind UDP sockets to the vqp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_vqp_port" lineno="140595">
<summary>
Do not audit attempts to sbind to vqp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_vqp_port" lineno="140614">
<summary>
Make a TCP connection to the vqp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_vqp_port" lineno="140631">
<summary>
Do not audit attempts to make a TCP connection to vqp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_vqp_client_packets" lineno="140651">
<summary>
Send vqp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_vqp_client_packets" lineno="140670">
<summary>
Do not audit attempts to send vqp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_vqp_client_packets" lineno="140689">
<summary>
Receive vqp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_vqp_client_packets" lineno="140708">
<summary>
Do not audit attempts to receive vqp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_vqp_client_packets" lineno="140727">
<summary>
Send and receive vqp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_vqp_client_packets" lineno="140743">
<summary>
Do not audit attempts to send and receive vqp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_vqp_client_packets" lineno="140758">
<summary>
Relabel packets to vqp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_vqp_server_packets" lineno="140778">
<summary>
Send vqp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_vqp_server_packets" lineno="140797">
<summary>
Do not audit attempts to send vqp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_vqp_server_packets" lineno="140816">
<summary>
Receive vqp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_vqp_server_packets" lineno="140835">
<summary>
Do not audit attempts to receive vqp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_vqp_server_packets" lineno="140854">
<summary>
Send and receive vqp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_vqp_server_packets" lineno="140870">
<summary>
Do not audit attempts to send and receive vqp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_vqp_server_packets" lineno="140885">
<summary>
Relabel packets to vqp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_wccp_port" lineno="140907">
<summary>
Send and receive TCP traffic on the wccp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_wccp_port" lineno="140926">
<summary>
Send UDP traffic on the wccp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_wccp_port" lineno="140945">
<summary>
Do not audit attempts to send UDP traffic on the wccp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_wccp_port" lineno="140964">
<summary>
Receive UDP traffic on the wccp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_wccp_port" lineno="140983">
<summary>
Do not audit attempts to receive UDP traffic on the wccp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_wccp_port" lineno="141002">
<summary>
Send and receive UDP traffic on the wccp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_wccp_port" lineno="141019">
<summary>
Do not audit attempts to send and receive
UDP traffic on the wccp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_wccp_port" lineno="141035">
<summary>
Bind TCP sockets to the wccp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_wccp_port" lineno="141055">
<summary>
Bind UDP sockets to the wccp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_wccp_port" lineno="141075">
<summary>
Do not audit attempts to sbind to wccp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_wccp_port" lineno="141094">
<summary>
Make a TCP connection to the wccp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_wccp_port" lineno="141111">
<summary>
Do not audit attempts to make a TCP connection to wccp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_wccp_client_packets" lineno="141131">
<summary>
Send wccp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_wccp_client_packets" lineno="141150">
<summary>
Do not audit attempts to send wccp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_wccp_client_packets" lineno="141169">
<summary>
Receive wccp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_wccp_client_packets" lineno="141188">
<summary>
Do not audit attempts to receive wccp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_wccp_client_packets" lineno="141207">
<summary>
Send and receive wccp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_wccp_client_packets" lineno="141223">
<summary>
Do not audit attempts to send and receive wccp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_wccp_client_packets" lineno="141238">
<summary>
Relabel packets to wccp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_wccp_server_packets" lineno="141258">
<summary>
Send wccp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_wccp_server_packets" lineno="141277">
<summary>
Do not audit attempts to send wccp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_wccp_server_packets" lineno="141296">
<summary>
Receive wccp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_wccp_server_packets" lineno="141315">
<summary>
Do not audit attempts to receive wccp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_wccp_server_packets" lineno="141334">
<summary>
Send and receive wccp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_wccp_server_packets" lineno="141350">
<summary>
Do not audit attempts to send and receive wccp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_wccp_server_packets" lineno="141365">
<summary>
Relabel packets to wccp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_websm_port" lineno="141387">
<summary>
Send and receive TCP traffic on the websm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_websm_port" lineno="141406">
<summary>
Send UDP traffic on the websm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_websm_port" lineno="141425">
<summary>
Do not audit attempts to send UDP traffic on the websm port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_websm_port" lineno="141444">
<summary>
Receive UDP traffic on the websm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_websm_port" lineno="141463">
<summary>
Do not audit attempts to receive UDP traffic on the websm port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_websm_port" lineno="141482">
<summary>
Send and receive UDP traffic on the websm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_websm_port" lineno="141499">
<summary>
Do not audit attempts to send and receive
UDP traffic on the websm port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_websm_port" lineno="141515">
<summary>
Bind TCP sockets to the websm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_websm_port" lineno="141535">
<summary>
Bind UDP sockets to the websm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_websm_port" lineno="141555">
<summary>
Do not audit attempts to sbind to websm port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_websm_port" lineno="141574">
<summary>
Make a TCP connection to the websm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_websm_port" lineno="141591">
<summary>
Do not audit attempts to make a TCP connection to websm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_websm_client_packets" lineno="141611">
<summary>
Send websm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_websm_client_packets" lineno="141630">
<summary>
Do not audit attempts to send websm_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_websm_client_packets" lineno="141649">
<summary>
Receive websm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_websm_client_packets" lineno="141668">
<summary>
Do not audit attempts to receive websm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_websm_client_packets" lineno="141687">
<summary>
Send and receive websm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_websm_client_packets" lineno="141703">
<summary>
Do not audit attempts to send and receive websm_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_websm_client_packets" lineno="141718">
<summary>
Relabel packets to websm_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_websm_server_packets" lineno="141738">
<summary>
Send websm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_websm_server_packets" lineno="141757">
<summary>
Do not audit attempts to send websm_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_websm_server_packets" lineno="141776">
<summary>
Receive websm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_websm_server_packets" lineno="141795">
<summary>
Do not audit attempts to receive websm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_websm_server_packets" lineno="141814">
<summary>
Send and receive websm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_websm_server_packets" lineno="141830">
<summary>
Do not audit attempts to send and receive websm_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_websm_server_packets" lineno="141845">
<summary>
Relabel packets to websm_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_whois_port" lineno="141867">
<summary>
Send and receive TCP traffic on the whois port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_whois_port" lineno="141886">
<summary>
Send UDP traffic on the whois port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_whois_port" lineno="141905">
<summary>
Do not audit attempts to send UDP traffic on the whois port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_whois_port" lineno="141924">
<summary>
Receive UDP traffic on the whois port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_whois_port" lineno="141943">
<summary>
Do not audit attempts to receive UDP traffic on the whois port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_whois_port" lineno="141962">
<summary>
Send and receive UDP traffic on the whois port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_whois_port" lineno="141979">
<summary>
Do not audit attempts to send and receive
UDP traffic on the whois port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_whois_port" lineno="141995">
<summary>
Bind TCP sockets to the whois port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_whois_port" lineno="142015">
<summary>
Bind UDP sockets to the whois port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_whois_port" lineno="142035">
<summary>
Do not audit attempts to sbind to whois port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_whois_port" lineno="142054">
<summary>
Make a TCP connection to the whois port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_whois_port" lineno="142071">
<summary>
Do not audit attempts to make a TCP connection to whois port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_whois_client_packets" lineno="142091">
<summary>
Send whois_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_whois_client_packets" lineno="142110">
<summary>
Do not audit attempts to send whois_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_whois_client_packets" lineno="142129">
<summary>
Receive whois_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_whois_client_packets" lineno="142148">
<summary>
Do not audit attempts to receive whois_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_whois_client_packets" lineno="142167">
<summary>
Send and receive whois_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_whois_client_packets" lineno="142183">
<summary>
Do not audit attempts to send and receive whois_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_whois_client_packets" lineno="142198">
<summary>
Relabel packets to whois_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_whois_server_packets" lineno="142218">
<summary>
Send whois_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_whois_server_packets" lineno="142237">
<summary>
Do not audit attempts to send whois_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_whois_server_packets" lineno="142256">
<summary>
Receive whois_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_whois_server_packets" lineno="142275">
<summary>
Do not audit attempts to receive whois_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_whois_server_packets" lineno="142294">
<summary>
Send and receive whois_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_whois_server_packets" lineno="142310">
<summary>
Do not audit attempts to send and receive whois_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_whois_server_packets" lineno="142325">
<summary>
Relabel packets to whois_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_winshadow_port" lineno="142347">
<summary>
Send and receive TCP traffic on the winshadow port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_winshadow_port" lineno="142366">
<summary>
Send UDP traffic on the winshadow port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_winshadow_port" lineno="142385">
<summary>
Do not audit attempts to send UDP traffic on the winshadow port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_winshadow_port" lineno="142404">
<summary>
Receive UDP traffic on the winshadow port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_winshadow_port" lineno="142423">
<summary>
Do not audit attempts to receive UDP traffic on the winshadow port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_winshadow_port" lineno="142442">
<summary>
Send and receive UDP traffic on the winshadow port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_winshadow_port" lineno="142459">
<summary>
Do not audit attempts to send and receive
UDP traffic on the winshadow port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_winshadow_port" lineno="142475">
<summary>
Bind TCP sockets to the winshadow port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_winshadow_port" lineno="142495">
<summary>
Bind UDP sockets to the winshadow port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_winshadow_port" lineno="142515">
<summary>
Do not audit attempts to sbind to winshadow port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_winshadow_port" lineno="142534">
<summary>
Make a TCP connection to the winshadow port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_winshadow_port" lineno="142551">
<summary>
Do not audit attempts to make a TCP connection to winshadow port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_winshadow_client_packets" lineno="142571">
<summary>
Send winshadow_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_winshadow_client_packets" lineno="142590">
<summary>
Do not audit attempts to send winshadow_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_winshadow_client_packets" lineno="142609">
<summary>
Receive winshadow_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_winshadow_client_packets" lineno="142628">
<summary>
Do not audit attempts to receive winshadow_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_winshadow_client_packets" lineno="142647">
<summary>
Send and receive winshadow_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_winshadow_client_packets" lineno="142663">
<summary>
Do not audit attempts to send and receive winshadow_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_winshadow_client_packets" lineno="142678">
<summary>
Relabel packets to winshadow_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_winshadow_server_packets" lineno="142698">
<summary>
Send winshadow_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_winshadow_server_packets" lineno="142717">
<summary>
Do not audit attempts to send winshadow_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_winshadow_server_packets" lineno="142736">
<summary>
Receive winshadow_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_winshadow_server_packets" lineno="142755">
<summary>
Do not audit attempts to receive winshadow_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_winshadow_server_packets" lineno="142774">
<summary>
Send and receive winshadow_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_winshadow_server_packets" lineno="142790">
<summary>
Do not audit attempts to send and receive winshadow_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_winshadow_server_packets" lineno="142805">
<summary>
Relabel packets to winshadow_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_wap_wsp_port" lineno="142827">
<summary>
Send and receive TCP traffic on the wap_wsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_wap_wsp_port" lineno="142846">
<summary>
Send UDP traffic on the wap_wsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_wap_wsp_port" lineno="142865">
<summary>
Do not audit attempts to send UDP traffic on the wap_wsp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_wap_wsp_port" lineno="142884">
<summary>
Receive UDP traffic on the wap_wsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_wap_wsp_port" lineno="142903">
<summary>
Do not audit attempts to receive UDP traffic on the wap_wsp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_wap_wsp_port" lineno="142922">
<summary>
Send and receive UDP traffic on the wap_wsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_wap_wsp_port" lineno="142939">
<summary>
Do not audit attempts to send and receive
UDP traffic on the wap_wsp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_wap_wsp_port" lineno="142955">
<summary>
Bind TCP sockets to the wap_wsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_wap_wsp_port" lineno="142975">
<summary>
Bind UDP sockets to the wap_wsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_wap_wsp_port" lineno="142995">
<summary>
Do not audit attempts to sbind to wap_wsp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_wap_wsp_port" lineno="143014">
<summary>
Make a TCP connection to the wap_wsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_wap_wsp_port" lineno="143031">
<summary>
Do not audit attempts to make a TCP connection to wap_wsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_wap_wsp_client_packets" lineno="143051">
<summary>
Send wap_wsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_wap_wsp_client_packets" lineno="143070">
<summary>
Do not audit attempts to send wap_wsp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_wap_wsp_client_packets" lineno="143089">
<summary>
Receive wap_wsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_wap_wsp_client_packets" lineno="143108">
<summary>
Do not audit attempts to receive wap_wsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_wap_wsp_client_packets" lineno="143127">
<summary>
Send and receive wap_wsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_wap_wsp_client_packets" lineno="143143">
<summary>
Do not audit attempts to send and receive wap_wsp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_wap_wsp_client_packets" lineno="143158">
<summary>
Relabel packets to wap_wsp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_wap_wsp_server_packets" lineno="143178">
<summary>
Send wap_wsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_wap_wsp_server_packets" lineno="143197">
<summary>
Do not audit attempts to send wap_wsp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_wap_wsp_server_packets" lineno="143216">
<summary>
Receive wap_wsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_wap_wsp_server_packets" lineno="143235">
<summary>
Do not audit attempts to receive wap_wsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_wap_wsp_server_packets" lineno="143254">
<summary>
Send and receive wap_wsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_wap_wsp_server_packets" lineno="143270">
<summary>
Do not audit attempts to send and receive wap_wsp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_wap_wsp_server_packets" lineno="143285">
<summary>
Relabel packets to wap_wsp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_wsdapi_port" lineno="143307">
<summary>
Send and receive TCP traffic on the wsdapi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_wsdapi_port" lineno="143326">
<summary>
Send UDP traffic on the wsdapi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_wsdapi_port" lineno="143345">
<summary>
Do not audit attempts to send UDP traffic on the wsdapi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_wsdapi_port" lineno="143364">
<summary>
Receive UDP traffic on the wsdapi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_wsdapi_port" lineno="143383">
<summary>
Do not audit attempts to receive UDP traffic on the wsdapi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_wsdapi_port" lineno="143402">
<summary>
Send and receive UDP traffic on the wsdapi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_wsdapi_port" lineno="143419">
<summary>
Do not audit attempts to send and receive
UDP traffic on the wsdapi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_wsdapi_port" lineno="143435">
<summary>
Bind TCP sockets to the wsdapi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_wsdapi_port" lineno="143455">
<summary>
Bind UDP sockets to the wsdapi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_wsdapi_port" lineno="143475">
<summary>
Do not audit attempts to sbind to wsdapi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_wsdapi_port" lineno="143494">
<summary>
Make a TCP connection to the wsdapi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_wsdapi_port" lineno="143511">
<summary>
Do not audit attempts to make a TCP connection to wsdapi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_wsdapi_client_packets" lineno="143531">
<summary>
Send wsdapi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_wsdapi_client_packets" lineno="143550">
<summary>
Do not audit attempts to send wsdapi_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_wsdapi_client_packets" lineno="143569">
<summary>
Receive wsdapi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_wsdapi_client_packets" lineno="143588">
<summary>
Do not audit attempts to receive wsdapi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_wsdapi_client_packets" lineno="143607">
<summary>
Send and receive wsdapi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_wsdapi_client_packets" lineno="143623">
<summary>
Do not audit attempts to send and receive wsdapi_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_wsdapi_client_packets" lineno="143638">
<summary>
Relabel packets to wsdapi_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_wsdapi_server_packets" lineno="143658">
<summary>
Send wsdapi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_wsdapi_server_packets" lineno="143677">
<summary>
Do not audit attempts to send wsdapi_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_wsdapi_server_packets" lineno="143696">
<summary>
Receive wsdapi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_wsdapi_server_packets" lineno="143715">
<summary>
Do not audit attempts to receive wsdapi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_wsdapi_server_packets" lineno="143734">
<summary>
Send and receive wsdapi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_wsdapi_server_packets" lineno="143750">
<summary>
Do not audit attempts to send and receive wsdapi_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_wsdapi_server_packets" lineno="143765">
<summary>
Relabel packets to wsdapi_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_wsicopy_port" lineno="143787">
<summary>
Send and receive TCP traffic on the wsicopy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_wsicopy_port" lineno="143806">
<summary>
Send UDP traffic on the wsicopy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_wsicopy_port" lineno="143825">
<summary>
Do not audit attempts to send UDP traffic on the wsicopy port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_wsicopy_port" lineno="143844">
<summary>
Receive UDP traffic on the wsicopy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_wsicopy_port" lineno="143863">
<summary>
Do not audit attempts to receive UDP traffic on the wsicopy port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_wsicopy_port" lineno="143882">
<summary>
Send and receive UDP traffic on the wsicopy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_wsicopy_port" lineno="143899">
<summary>
Do not audit attempts to send and receive
UDP traffic on the wsicopy port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_wsicopy_port" lineno="143915">
<summary>
Bind TCP sockets to the wsicopy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_wsicopy_port" lineno="143935">
<summary>
Bind UDP sockets to the wsicopy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_wsicopy_port" lineno="143955">
<summary>
Do not audit attempts to sbind to wsicopy port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_wsicopy_port" lineno="143974">
<summary>
Make a TCP connection to the wsicopy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_wsicopy_port" lineno="143991">
<summary>
Do not audit attempts to make a TCP connection to wsicopy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_wsicopy_client_packets" lineno="144011">
<summary>
Send wsicopy_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_wsicopy_client_packets" lineno="144030">
<summary>
Do not audit attempts to send wsicopy_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_wsicopy_client_packets" lineno="144049">
<summary>
Receive wsicopy_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_wsicopy_client_packets" lineno="144068">
<summary>
Do not audit attempts to receive wsicopy_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_wsicopy_client_packets" lineno="144087">
<summary>
Send and receive wsicopy_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_wsicopy_client_packets" lineno="144103">
<summary>
Do not audit attempts to send and receive wsicopy_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_wsicopy_client_packets" lineno="144118">
<summary>
Relabel packets to wsicopy_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_wsicopy_server_packets" lineno="144138">
<summary>
Send wsicopy_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_wsicopy_server_packets" lineno="144157">
<summary>
Do not audit attempts to send wsicopy_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_wsicopy_server_packets" lineno="144176">
<summary>
Receive wsicopy_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_wsicopy_server_packets" lineno="144195">
<summary>
Do not audit attempts to receive wsicopy_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_wsicopy_server_packets" lineno="144214">
<summary>
Send and receive wsicopy_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_wsicopy_server_packets" lineno="144230">
<summary>
Do not audit attempts to send and receive wsicopy_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_wsicopy_server_packets" lineno="144245">
<summary>
Relabel packets to wsicopy_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_xdmcp_port" lineno="144267">
<summary>
Send and receive TCP traffic on the xdmcp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_xdmcp_port" lineno="144286">
<summary>
Send UDP traffic on the xdmcp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_xdmcp_port" lineno="144305">
<summary>
Do not audit attempts to send UDP traffic on the xdmcp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_xdmcp_port" lineno="144324">
<summary>
Receive UDP traffic on the xdmcp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_xdmcp_port" lineno="144343">
<summary>
Do not audit attempts to receive UDP traffic on the xdmcp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_xdmcp_port" lineno="144362">
<summary>
Send and receive UDP traffic on the xdmcp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_xdmcp_port" lineno="144379">
<summary>
Do not audit attempts to send and receive
UDP traffic on the xdmcp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_xdmcp_port" lineno="144395">
<summary>
Bind TCP sockets to the xdmcp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_xdmcp_port" lineno="144415">
<summary>
Bind UDP sockets to the xdmcp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_xdmcp_port" lineno="144435">
<summary>
Do not audit attempts to sbind to xdmcp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_xdmcp_port" lineno="144454">
<summary>
Make a TCP connection to the xdmcp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_xdmcp_port" lineno="144471">
<summary>
Do not audit attempts to make a TCP connection to xdmcp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xdmcp_client_packets" lineno="144491">
<summary>
Send xdmcp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xdmcp_client_packets" lineno="144510">
<summary>
Do not audit attempts to send xdmcp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xdmcp_client_packets" lineno="144529">
<summary>
Receive xdmcp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xdmcp_client_packets" lineno="144548">
<summary>
Do not audit attempts to receive xdmcp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xdmcp_client_packets" lineno="144567">
<summary>
Send and receive xdmcp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xdmcp_client_packets" lineno="144583">
<summary>
Do not audit attempts to send and receive xdmcp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xdmcp_client_packets" lineno="144598">
<summary>
Relabel packets to xdmcp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xdmcp_server_packets" lineno="144618">
<summary>
Send xdmcp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xdmcp_server_packets" lineno="144637">
<summary>
Do not audit attempts to send xdmcp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xdmcp_server_packets" lineno="144656">
<summary>
Receive xdmcp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xdmcp_server_packets" lineno="144675">
<summary>
Do not audit attempts to receive xdmcp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xdmcp_server_packets" lineno="144694">
<summary>
Send and receive xdmcp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xdmcp_server_packets" lineno="144710">
<summary>
Do not audit attempts to send and receive xdmcp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xdmcp_server_packets" lineno="144725">
<summary>
Relabel packets to xdmcp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_xen_port" lineno="144747">
<summary>
Send and receive TCP traffic on the xen port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_xen_port" lineno="144766">
<summary>
Send UDP traffic on the xen port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_xen_port" lineno="144785">
<summary>
Do not audit attempts to send UDP traffic on the xen port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_xen_port" lineno="144804">
<summary>
Receive UDP traffic on the xen port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_xen_port" lineno="144823">
<summary>
Do not audit attempts to receive UDP traffic on the xen port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_xen_port" lineno="144842">
<summary>
Send and receive UDP traffic on the xen port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_xen_port" lineno="144859">
<summary>
Do not audit attempts to send and receive
UDP traffic on the xen port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_xen_port" lineno="144875">
<summary>
Bind TCP sockets to the xen port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_xen_port" lineno="144895">
<summary>
Bind UDP sockets to the xen port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_xen_port" lineno="144915">
<summary>
Do not audit attempts to sbind to xen port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_xen_port" lineno="144934">
<summary>
Make a TCP connection to the xen port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_xen_port" lineno="144951">
<summary>
Do not audit attempts to make a TCP connection to xen port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xen_client_packets" lineno="144971">
<summary>
Send xen_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xen_client_packets" lineno="144990">
<summary>
Do not audit attempts to send xen_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xen_client_packets" lineno="145009">
<summary>
Receive xen_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xen_client_packets" lineno="145028">
<summary>
Do not audit attempts to receive xen_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xen_client_packets" lineno="145047">
<summary>
Send and receive xen_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xen_client_packets" lineno="145063">
<summary>
Do not audit attempts to send and receive xen_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xen_client_packets" lineno="145078">
<summary>
Relabel packets to xen_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xen_server_packets" lineno="145098">
<summary>
Send xen_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xen_server_packets" lineno="145117">
<summary>
Do not audit attempts to send xen_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xen_server_packets" lineno="145136">
<summary>
Receive xen_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xen_server_packets" lineno="145155">
<summary>
Do not audit attempts to receive xen_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xen_server_packets" lineno="145174">
<summary>
Send and receive xen_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xen_server_packets" lineno="145190">
<summary>
Do not audit attempts to send and receive xen_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xen_server_packets" lineno="145205">
<summary>
Relabel packets to xen_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_xinuexpansion3_port" lineno="145227">
<summary>
Send and receive TCP traffic on the xinuexpansion3 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_xinuexpansion3_port" lineno="145246">
<summary>
Send UDP traffic on the xinuexpansion3 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_xinuexpansion3_port" lineno="145265">
<summary>
Do not audit attempts to send UDP traffic on the xinuexpansion3 port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_xinuexpansion3_port" lineno="145284">
<summary>
Receive UDP traffic on the xinuexpansion3 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_xinuexpansion3_port" lineno="145303">
<summary>
Do not audit attempts to receive UDP traffic on the xinuexpansion3 port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_xinuexpansion3_port" lineno="145322">
<summary>
Send and receive UDP traffic on the xinuexpansion3 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_xinuexpansion3_port" lineno="145339">
<summary>
Do not audit attempts to send and receive
UDP traffic on the xinuexpansion3 port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_xinuexpansion3_port" lineno="145355">
<summary>
Bind TCP sockets to the xinuexpansion3 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_xinuexpansion3_port" lineno="145375">
<summary>
Bind UDP sockets to the xinuexpansion3 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_xinuexpansion3_port" lineno="145395">
<summary>
Do not audit attempts to sbind to xinuexpansion3 port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_xinuexpansion3_port" lineno="145414">
<summary>
Make a TCP connection to the xinuexpansion3 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_xinuexpansion3_port" lineno="145431">
<summary>
Do not audit attempts to make a TCP connection to xinuexpansion3 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xinuexpansion3_client_packets" lineno="145451">
<summary>
Send xinuexpansion3_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xinuexpansion3_client_packets" lineno="145470">
<summary>
Do not audit attempts to send xinuexpansion3_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xinuexpansion3_client_packets" lineno="145489">
<summary>
Receive xinuexpansion3_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xinuexpansion3_client_packets" lineno="145508">
<summary>
Do not audit attempts to receive xinuexpansion3_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xinuexpansion3_client_packets" lineno="145527">
<summary>
Send and receive xinuexpansion3_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xinuexpansion3_client_packets" lineno="145543">
<summary>
Do not audit attempts to send and receive xinuexpansion3_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xinuexpansion3_client_packets" lineno="145558">
<summary>
Relabel packets to xinuexpansion3_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xinuexpansion3_server_packets" lineno="145578">
<summary>
Send xinuexpansion3_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xinuexpansion3_server_packets" lineno="145597">
<summary>
Do not audit attempts to send xinuexpansion3_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xinuexpansion3_server_packets" lineno="145616">
<summary>
Receive xinuexpansion3_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xinuexpansion3_server_packets" lineno="145635">
<summary>
Do not audit attempts to receive xinuexpansion3_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xinuexpansion3_server_packets" lineno="145654">
<summary>
Send and receive xinuexpansion3_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xinuexpansion3_server_packets" lineno="145670">
<summary>
Do not audit attempts to send and receive xinuexpansion3_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xinuexpansion3_server_packets" lineno="145685">
<summary>
Relabel packets to xinuexpansion3_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_xinuexpansion4_port" lineno="145707">
<summary>
Send and receive TCP traffic on the xinuexpansion4 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_xinuexpansion4_port" lineno="145726">
<summary>
Send UDP traffic on the xinuexpansion4 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_xinuexpansion4_port" lineno="145745">
<summary>
Do not audit attempts to send UDP traffic on the xinuexpansion4 port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_xinuexpansion4_port" lineno="145764">
<summary>
Receive UDP traffic on the xinuexpansion4 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_xinuexpansion4_port" lineno="145783">
<summary>
Do not audit attempts to receive UDP traffic on the xinuexpansion4 port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_xinuexpansion4_port" lineno="145802">
<summary>
Send and receive UDP traffic on the xinuexpansion4 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_xinuexpansion4_port" lineno="145819">
<summary>
Do not audit attempts to send and receive
UDP traffic on the xinuexpansion4 port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_xinuexpansion4_port" lineno="145835">
<summary>
Bind TCP sockets to the xinuexpansion4 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_xinuexpansion4_port" lineno="145855">
<summary>
Bind UDP sockets to the xinuexpansion4 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_xinuexpansion4_port" lineno="145875">
<summary>
Do not audit attempts to sbind to xinuexpansion4 port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_xinuexpansion4_port" lineno="145894">
<summary>
Make a TCP connection to the xinuexpansion4 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_xinuexpansion4_port" lineno="145911">
<summary>
Do not audit attempts to make a TCP connection to xinuexpansion4 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xinuexpansion4_client_packets" lineno="145931">
<summary>
Send xinuexpansion4_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xinuexpansion4_client_packets" lineno="145950">
<summary>
Do not audit attempts to send xinuexpansion4_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xinuexpansion4_client_packets" lineno="145969">
<summary>
Receive xinuexpansion4_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xinuexpansion4_client_packets" lineno="145988">
<summary>
Do not audit attempts to receive xinuexpansion4_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xinuexpansion4_client_packets" lineno="146007">
<summary>
Send and receive xinuexpansion4_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xinuexpansion4_client_packets" lineno="146023">
<summary>
Do not audit attempts to send and receive xinuexpansion4_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xinuexpansion4_client_packets" lineno="146038">
<summary>
Relabel packets to xinuexpansion4_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xinuexpansion4_server_packets" lineno="146058">
<summary>
Send xinuexpansion4_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xinuexpansion4_server_packets" lineno="146077">
<summary>
Do not audit attempts to send xinuexpansion4_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xinuexpansion4_server_packets" lineno="146096">
<summary>
Receive xinuexpansion4_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xinuexpansion4_server_packets" lineno="146115">
<summary>
Do not audit attempts to receive xinuexpansion4_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xinuexpansion4_server_packets" lineno="146134">
<summary>
Send and receive xinuexpansion4_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xinuexpansion4_server_packets" lineno="146150">
<summary>
Do not audit attempts to send and receive xinuexpansion4_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xinuexpansion4_server_packets" lineno="146165">
<summary>
Relabel packets to xinuexpansion4_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_xfs_port" lineno="146187">
<summary>
Send and receive TCP traffic on the xfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_xfs_port" lineno="146206">
<summary>
Send UDP traffic on the xfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_xfs_port" lineno="146225">
<summary>
Do not audit attempts to send UDP traffic on the xfs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_xfs_port" lineno="146244">
<summary>
Receive UDP traffic on the xfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_xfs_port" lineno="146263">
<summary>
Do not audit attempts to receive UDP traffic on the xfs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_xfs_port" lineno="146282">
<summary>
Send and receive UDP traffic on the xfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_xfs_port" lineno="146299">
<summary>
Do not audit attempts to send and receive
UDP traffic on the xfs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_xfs_port" lineno="146315">
<summary>
Bind TCP sockets to the xfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_xfs_port" lineno="146335">
<summary>
Bind UDP sockets to the xfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_xfs_port" lineno="146355">
<summary>
Do not audit attempts to sbind to xfs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_xfs_port" lineno="146374">
<summary>
Make a TCP connection to the xfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_xfs_port" lineno="146391">
<summary>
Do not audit attempts to make a TCP connection to xfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xfs_client_packets" lineno="146411">
<summary>
Send xfs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xfs_client_packets" lineno="146430">
<summary>
Do not audit attempts to send xfs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xfs_client_packets" lineno="146449">
<summary>
Receive xfs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xfs_client_packets" lineno="146468">
<summary>
Do not audit attempts to receive xfs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xfs_client_packets" lineno="146487">
<summary>
Send and receive xfs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xfs_client_packets" lineno="146503">
<summary>
Do not audit attempts to send and receive xfs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xfs_client_packets" lineno="146518">
<summary>
Relabel packets to xfs_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xfs_server_packets" lineno="146538">
<summary>
Send xfs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xfs_server_packets" lineno="146557">
<summary>
Do not audit attempts to send xfs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xfs_server_packets" lineno="146576">
<summary>
Receive xfs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xfs_server_packets" lineno="146595">
<summary>
Do not audit attempts to receive xfs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xfs_server_packets" lineno="146614">
<summary>
Send and receive xfs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xfs_server_packets" lineno="146630">
<summary>
Do not audit attempts to send and receive xfs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xfs_server_packets" lineno="146645">
<summary>
Relabel packets to xfs_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_xmsg_port" lineno="146667">
<summary>
Send and receive TCP traffic on the xmsg port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_xmsg_port" lineno="146686">
<summary>
Send UDP traffic on the xmsg port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_xmsg_port" lineno="146705">
<summary>
Do not audit attempts to send UDP traffic on the xmsg port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_xmsg_port" lineno="146724">
<summary>
Receive UDP traffic on the xmsg port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_xmsg_port" lineno="146743">
<summary>
Do not audit attempts to receive UDP traffic on the xmsg port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_xmsg_port" lineno="146762">
<summary>
Send and receive UDP traffic on the xmsg port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_xmsg_port" lineno="146779">
<summary>
Do not audit attempts to send and receive
UDP traffic on the xmsg port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_xmsg_port" lineno="146795">
<summary>
Bind TCP sockets to the xmsg port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_xmsg_port" lineno="146815">
<summary>
Bind UDP sockets to the xmsg port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_xmsg_port" lineno="146835">
<summary>
Do not audit attempts to sbind to xmsg port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_xmsg_port" lineno="146854">
<summary>
Make a TCP connection to the xmsg port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_xmsg_port" lineno="146871">
<summary>
Do not audit attempts to make a TCP connection to xmsg port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xmsg_client_packets" lineno="146891">
<summary>
Send xmsg_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xmsg_client_packets" lineno="146910">
<summary>
Do not audit attempts to send xmsg_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xmsg_client_packets" lineno="146929">
<summary>
Receive xmsg_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xmsg_client_packets" lineno="146948">
<summary>
Do not audit attempts to receive xmsg_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xmsg_client_packets" lineno="146967">
<summary>
Send and receive xmsg_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xmsg_client_packets" lineno="146983">
<summary>
Do not audit attempts to send and receive xmsg_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xmsg_client_packets" lineno="146998">
<summary>
Relabel packets to xmsg_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xmsg_server_packets" lineno="147018">
<summary>
Send xmsg_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xmsg_server_packets" lineno="147037">
<summary>
Do not audit attempts to send xmsg_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xmsg_server_packets" lineno="147056">
<summary>
Receive xmsg_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xmsg_server_packets" lineno="147075">
<summary>
Do not audit attempts to receive xmsg_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xmsg_server_packets" lineno="147094">
<summary>
Send and receive xmsg_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xmsg_server_packets" lineno="147110">
<summary>
Do not audit attempts to send and receive xmsg_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xmsg_server_packets" lineno="147125">
<summary>
Relabel packets to xmsg_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_xodbc_connect_port" lineno="147147">
<summary>
Send and receive TCP traffic on the xodbc_connect port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_xodbc_connect_port" lineno="147166">
<summary>
Send UDP traffic on the xodbc_connect port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_xodbc_connect_port" lineno="147185">
<summary>
Do not audit attempts to send UDP traffic on the xodbc_connect port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_xodbc_connect_port" lineno="147204">
<summary>
Receive UDP traffic on the xodbc_connect port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_xodbc_connect_port" lineno="147223">
<summary>
Do not audit attempts to receive UDP traffic on the xodbc_connect port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_xodbc_connect_port" lineno="147242">
<summary>
Send and receive UDP traffic on the xodbc_connect port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_xodbc_connect_port" lineno="147259">
<summary>
Do not audit attempts to send and receive
UDP traffic on the xodbc_connect port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_xodbc_connect_port" lineno="147275">
<summary>
Bind TCP sockets to the xodbc_connect port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_xodbc_connect_port" lineno="147295">
<summary>
Bind UDP sockets to the xodbc_connect port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_xodbc_connect_port" lineno="147315">
<summary>
Do not audit attempts to sbind to xodbc_connect port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_xodbc_connect_port" lineno="147334">
<summary>
Make a TCP connection to the xodbc_connect port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_xodbc_connect_port" lineno="147351">
<summary>
Do not audit attempts to make a TCP connection to xodbc_connect port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xodbc_connect_client_packets" lineno="147371">
<summary>
Send xodbc_connect_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xodbc_connect_client_packets" lineno="147390">
<summary>
Do not audit attempts to send xodbc_connect_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xodbc_connect_client_packets" lineno="147409">
<summary>
Receive xodbc_connect_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xodbc_connect_client_packets" lineno="147428">
<summary>
Do not audit attempts to receive xodbc_connect_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xodbc_connect_client_packets" lineno="147447">
<summary>
Send and receive xodbc_connect_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xodbc_connect_client_packets" lineno="147463">
<summary>
Do not audit attempts to send and receive xodbc_connect_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xodbc_connect_client_packets" lineno="147478">
<summary>
Relabel packets to xodbc_connect_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xodbc_connect_server_packets" lineno="147498">
<summary>
Send xodbc_connect_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xodbc_connect_server_packets" lineno="147517">
<summary>
Do not audit attempts to send xodbc_connect_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xodbc_connect_server_packets" lineno="147536">
<summary>
Receive xodbc_connect_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xodbc_connect_server_packets" lineno="147555">
<summary>
Do not audit attempts to receive xodbc_connect_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xodbc_connect_server_packets" lineno="147574">
<summary>
Send and receive xodbc_connect_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xodbc_connect_server_packets" lineno="147590">
<summary>
Do not audit attempts to send and receive xodbc_connect_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xodbc_connect_server_packets" lineno="147605">
<summary>
Relabel packets to xodbc_connect_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_xserver_port" lineno="147627">
<summary>
Send and receive TCP traffic on the xserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_xserver_port" lineno="147646">
<summary>
Send UDP traffic on the xserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_xserver_port" lineno="147665">
<summary>
Do not audit attempts to send UDP traffic on the xserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_xserver_port" lineno="147684">
<summary>
Receive UDP traffic on the xserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_xserver_port" lineno="147703">
<summary>
Do not audit attempts to receive UDP traffic on the xserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_xserver_port" lineno="147722">
<summary>
Send and receive UDP traffic on the xserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_xserver_port" lineno="147739">
<summary>
Do not audit attempts to send and receive
UDP traffic on the xserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_xserver_port" lineno="147755">
<summary>
Bind TCP sockets to the xserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_xserver_port" lineno="147775">
<summary>
Bind UDP sockets to the xserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_xserver_port" lineno="147795">
<summary>
Do not audit attempts to sbind to xserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_xserver_port" lineno="147814">
<summary>
Make a TCP connection to the xserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_xserver_port" lineno="147831">
<summary>
Do not audit attempts to make a TCP connection to xserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xserver_client_packets" lineno="147851">
<summary>
Send xserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xserver_client_packets" lineno="147870">
<summary>
Do not audit attempts to send xserver_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xserver_client_packets" lineno="147889">
<summary>
Receive xserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xserver_client_packets" lineno="147908">
<summary>
Do not audit attempts to receive xserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xserver_client_packets" lineno="147927">
<summary>
Send and receive xserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xserver_client_packets" lineno="147943">
<summary>
Do not audit attempts to send and receive xserver_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xserver_client_packets" lineno="147958">
<summary>
Relabel packets to xserver_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xserver_server_packets" lineno="147978">
<summary>
Send xserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xserver_server_packets" lineno="147997">
<summary>
Do not audit attempts to send xserver_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xserver_server_packets" lineno="148016">
<summary>
Receive xserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xserver_server_packets" lineno="148035">
<summary>
Do not audit attempts to receive xserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xserver_server_packets" lineno="148054">
<summary>
Send and receive xserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xserver_server_packets" lineno="148070">
<summary>
Do not audit attempts to send and receive xserver_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xserver_server_packets" lineno="148085">
<summary>
Relabel packets to xserver_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_qpasa_agent_port" lineno="148107">
<summary>
Send and receive TCP traffic on the qpasa_agent port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_qpasa_agent_port" lineno="148126">
<summary>
Send UDP traffic on the qpasa_agent port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_qpasa_agent_port" lineno="148145">
<summary>
Do not audit attempts to send UDP traffic on the qpasa_agent port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_qpasa_agent_port" lineno="148164">
<summary>
Receive UDP traffic on the qpasa_agent port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_qpasa_agent_port" lineno="148183">
<summary>
Do not audit attempts to receive UDP traffic on the qpasa_agent port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_qpasa_agent_port" lineno="148202">
<summary>
Send and receive UDP traffic on the qpasa_agent port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_qpasa_agent_port" lineno="148219">
<summary>
Do not audit attempts to send and receive
UDP traffic on the qpasa_agent port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_qpasa_agent_port" lineno="148235">
<summary>
Bind TCP sockets to the qpasa_agent port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_qpasa_agent_port" lineno="148255">
<summary>
Bind UDP sockets to the qpasa_agent port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_qpasa_agent_port" lineno="148275">
<summary>
Do not audit attempts to sbind to qpasa_agent port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_qpasa_agent_port" lineno="148294">
<summary>
Make a TCP connection to the qpasa_agent port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_qpasa_agent_port" lineno="148311">
<summary>
Do not audit attempts to make a TCP connection to qpasa_agent port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_qpasa_agent_client_packets" lineno="148331">
<summary>
Send qpasa_agent_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_qpasa_agent_client_packets" lineno="148350">
<summary>
Do not audit attempts to send qpasa_agent_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_qpasa_agent_client_packets" lineno="148369">
<summary>
Receive qpasa_agent_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_qpasa_agent_client_packets" lineno="148388">
<summary>
Do not audit attempts to receive qpasa_agent_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_qpasa_agent_client_packets" lineno="148407">
<summary>
Send and receive qpasa_agent_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_qpasa_agent_client_packets" lineno="148423">
<summary>
Do not audit attempts to send and receive qpasa_agent_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_qpasa_agent_client_packets" lineno="148438">
<summary>
Relabel packets to qpasa_agent_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_qpasa_agent_server_packets" lineno="148458">
<summary>
Send qpasa_agent_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_qpasa_agent_server_packets" lineno="148477">
<summary>
Do not audit attempts to send qpasa_agent_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_qpasa_agent_server_packets" lineno="148496">
<summary>
Receive qpasa_agent_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_qpasa_agent_server_packets" lineno="148515">
<summary>
Do not audit attempts to receive qpasa_agent_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_qpasa_agent_server_packets" lineno="148534">
<summary>
Send and receive qpasa_agent_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_qpasa_agent_server_packets" lineno="148550">
<summary>
Do not audit attempts to send and receive qpasa_agent_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_qpasa_agent_server_packets" lineno="148565">
<summary>
Relabel packets to qpasa_agent_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_zarafa_port" lineno="148587">
<summary>
Send and receive TCP traffic on the zarafa port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_zarafa_port" lineno="148606">
<summary>
Send UDP traffic on the zarafa port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_zarafa_port" lineno="148625">
<summary>
Do not audit attempts to send UDP traffic on the zarafa port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_zarafa_port" lineno="148644">
<summary>
Receive UDP traffic on the zarafa port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_zarafa_port" lineno="148663">
<summary>
Do not audit attempts to receive UDP traffic on the zarafa port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_zarafa_port" lineno="148682">
<summary>
Send and receive UDP traffic on the zarafa port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_zarafa_port" lineno="148699">
<summary>
Do not audit attempts to send and receive
UDP traffic on the zarafa port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_zarafa_port" lineno="148715">
<summary>
Bind TCP sockets to the zarafa port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_zarafa_port" lineno="148735">
<summary>
Bind UDP sockets to the zarafa port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_zarafa_port" lineno="148755">
<summary>
Do not audit attempts to sbind to zarafa port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_zarafa_port" lineno="148774">
<summary>
Make a TCP connection to the zarafa port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_zarafa_port" lineno="148791">
<summary>
Do not audit attempts to make a TCP connection to zarafa port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zarafa_client_packets" lineno="148811">
<summary>
Send zarafa_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zarafa_client_packets" lineno="148830">
<summary>
Do not audit attempts to send zarafa_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zarafa_client_packets" lineno="148849">
<summary>
Receive zarafa_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zarafa_client_packets" lineno="148868">
<summary>
Do not audit attempts to receive zarafa_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zarafa_client_packets" lineno="148887">
<summary>
Send and receive zarafa_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zarafa_client_packets" lineno="148903">
<summary>
Do not audit attempts to send and receive zarafa_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zarafa_client_packets" lineno="148918">
<summary>
Relabel packets to zarafa_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zarafa_server_packets" lineno="148938">
<summary>
Send zarafa_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zarafa_server_packets" lineno="148957">
<summary>
Do not audit attempts to send zarafa_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zarafa_server_packets" lineno="148976">
<summary>
Receive zarafa_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zarafa_server_packets" lineno="148995">
<summary>
Do not audit attempts to receive zarafa_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zarafa_server_packets" lineno="149014">
<summary>
Send and receive zarafa_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zarafa_server_packets" lineno="149030">
<summary>
Do not audit attempts to send and receive zarafa_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zarafa_server_packets" lineno="149045">
<summary>
Relabel packets to zarafa_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_zabbix_port" lineno="149067">
<summary>
Send and receive TCP traffic on the zabbix port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_zabbix_port" lineno="149086">
<summary>
Send UDP traffic on the zabbix port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_zabbix_port" lineno="149105">
<summary>
Do not audit attempts to send UDP traffic on the zabbix port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_zabbix_port" lineno="149124">
<summary>
Receive UDP traffic on the zabbix port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_zabbix_port" lineno="149143">
<summary>
Do not audit attempts to receive UDP traffic on the zabbix port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_zabbix_port" lineno="149162">
<summary>
Send and receive UDP traffic on the zabbix port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_zabbix_port" lineno="149179">
<summary>
Do not audit attempts to send and receive
UDP traffic on the zabbix port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_zabbix_port" lineno="149195">
<summary>
Bind TCP sockets to the zabbix port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_zabbix_port" lineno="149215">
<summary>
Bind UDP sockets to the zabbix port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_zabbix_port" lineno="149235">
<summary>
Do not audit attempts to sbind to zabbix port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_zabbix_port" lineno="149254">
<summary>
Make a TCP connection to the zabbix port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_zabbix_port" lineno="149271">
<summary>
Do not audit attempts to make a TCP connection to zabbix port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zabbix_client_packets" lineno="149291">
<summary>
Send zabbix_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zabbix_client_packets" lineno="149310">
<summary>
Do not audit attempts to send zabbix_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zabbix_client_packets" lineno="149329">
<summary>
Receive zabbix_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zabbix_client_packets" lineno="149348">
<summary>
Do not audit attempts to receive zabbix_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zabbix_client_packets" lineno="149367">
<summary>
Send and receive zabbix_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zabbix_client_packets" lineno="149383">
<summary>
Do not audit attempts to send and receive zabbix_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zabbix_client_packets" lineno="149398">
<summary>
Relabel packets to zabbix_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zabbix_server_packets" lineno="149418">
<summary>
Send zabbix_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zabbix_server_packets" lineno="149437">
<summary>
Do not audit attempts to send zabbix_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zabbix_server_packets" lineno="149456">
<summary>
Receive zabbix_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zabbix_server_packets" lineno="149475">
<summary>
Do not audit attempts to receive zabbix_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zabbix_server_packets" lineno="149494">
<summary>
Send and receive zabbix_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zabbix_server_packets" lineno="149510">
<summary>
Do not audit attempts to send and receive zabbix_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zabbix_server_packets" lineno="149525">
<summary>
Relabel packets to zabbix_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_zabbix_agent_port" lineno="149547">
<summary>
Send and receive TCP traffic on the zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_zabbix_agent_port" lineno="149566">
<summary>
Send UDP traffic on the zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_zabbix_agent_port" lineno="149585">
<summary>
Do not audit attempts to send UDP traffic on the zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_zabbix_agent_port" lineno="149604">
<summary>
Receive UDP traffic on the zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_zabbix_agent_port" lineno="149623">
<summary>
Do not audit attempts to receive UDP traffic on the zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_zabbix_agent_port" lineno="149642">
<summary>
Send and receive UDP traffic on the zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_zabbix_agent_port" lineno="149659">
<summary>
Do not audit attempts to send and receive
UDP traffic on the zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_zabbix_agent_port" lineno="149675">
<summary>
Bind TCP sockets to the zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_zabbix_agent_port" lineno="149695">
<summary>
Bind UDP sockets to the zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_zabbix_agent_port" lineno="149715">
<summary>
Do not audit attempts to sbind to zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_zabbix_agent_port" lineno="149734">
<summary>
Make a TCP connection to the zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_zabbix_agent_port" lineno="149751">
<summary>
Do not audit attempts to make a TCP connection to zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zabbix_agent_client_packets" lineno="149771">
<summary>
Send zabbix_agent_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zabbix_agent_client_packets" lineno="149790">
<summary>
Do not audit attempts to send zabbix_agent_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zabbix_agent_client_packets" lineno="149809">
<summary>
Receive zabbix_agent_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zabbix_agent_client_packets" lineno="149828">
<summary>
Do not audit attempts to receive zabbix_agent_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zabbix_agent_client_packets" lineno="149847">
<summary>
Send and receive zabbix_agent_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zabbix_agent_client_packets" lineno="149863">
<summary>
Do not audit attempts to send and receive zabbix_agent_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zabbix_agent_client_packets" lineno="149878">
<summary>
Relabel packets to zabbix_agent_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zabbix_agent_server_packets" lineno="149898">
<summary>
Send zabbix_agent_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zabbix_agent_server_packets" lineno="149917">
<summary>
Do not audit attempts to send zabbix_agent_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zabbix_agent_server_packets" lineno="149936">
<summary>
Receive zabbix_agent_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zabbix_agent_server_packets" lineno="149955">
<summary>
Do not audit attempts to receive zabbix_agent_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zabbix_agent_server_packets" lineno="149974">
<summary>
Send and receive zabbix_agent_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zabbix_agent_server_packets" lineno="149990">
<summary>
Do not audit attempts to send and receive zabbix_agent_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zabbix_agent_server_packets" lineno="150005">
<summary>
Relabel packets to zabbix_agent_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_zookeeper_client_port" lineno="150027">
<summary>
Send and receive TCP traffic on the zookeeper_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_zookeeper_client_port" lineno="150046">
<summary>
Send UDP traffic on the zookeeper_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_zookeeper_client_port" lineno="150065">
<summary>
Do not audit attempts to send UDP traffic on the zookeeper_client port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_zookeeper_client_port" lineno="150084">
<summary>
Receive UDP traffic on the zookeeper_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_zookeeper_client_port" lineno="150103">
<summary>
Do not audit attempts to receive UDP traffic on the zookeeper_client port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_zookeeper_client_port" lineno="150122">
<summary>
Send and receive UDP traffic on the zookeeper_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_zookeeper_client_port" lineno="150139">
<summary>
Do not audit attempts to send and receive
UDP traffic on the zookeeper_client port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_zookeeper_client_port" lineno="150155">
<summary>
Bind TCP sockets to the zookeeper_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_zookeeper_client_port" lineno="150175">
<summary>
Bind UDP sockets to the zookeeper_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_zookeeper_client_port" lineno="150195">
<summary>
Do not audit attempts to sbind to zookeeper_client port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_zookeeper_client_port" lineno="150214">
<summary>
Make a TCP connection to the zookeeper_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_zookeeper_client_port" lineno="150231">
<summary>
Do not audit attempts to make a TCP connection to zookeeper_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zookeeper_client_client_packets" lineno="150251">
<summary>
Send zookeeper_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zookeeper_client_client_packets" lineno="150270">
<summary>
Do not audit attempts to send zookeeper_client_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zookeeper_client_client_packets" lineno="150289">
<summary>
Receive zookeeper_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zookeeper_client_client_packets" lineno="150308">
<summary>
Do not audit attempts to receive zookeeper_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zookeeper_client_client_packets" lineno="150327">
<summary>
Send and receive zookeeper_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zookeeper_client_client_packets" lineno="150343">
<summary>
Do not audit attempts to send and receive zookeeper_client_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zookeeper_client_client_packets" lineno="150358">
<summary>
Relabel packets to zookeeper_client_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zookeeper_client_server_packets" lineno="150378">
<summary>
Send zookeeper_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zookeeper_client_server_packets" lineno="150397">
<summary>
Do not audit attempts to send zookeeper_client_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zookeeper_client_server_packets" lineno="150416">
<summary>
Receive zookeeper_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zookeeper_client_server_packets" lineno="150435">
<summary>
Do not audit attempts to receive zookeeper_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zookeeper_client_server_packets" lineno="150454">
<summary>
Send and receive zookeeper_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zookeeper_client_server_packets" lineno="150470">
<summary>
Do not audit attempts to send and receive zookeeper_client_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zookeeper_client_server_packets" lineno="150485">
<summary>
Relabel packets to zookeeper_client_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_zookeeper_election_port" lineno="150507">
<summary>
Send and receive TCP traffic on the zookeeper_election port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_zookeeper_election_port" lineno="150526">
<summary>
Send UDP traffic on the zookeeper_election port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_zookeeper_election_port" lineno="150545">
<summary>
Do not audit attempts to send UDP traffic on the zookeeper_election port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_zookeeper_election_port" lineno="150564">
<summary>
Receive UDP traffic on the zookeeper_election port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_zookeeper_election_port" lineno="150583">
<summary>
Do not audit attempts to receive UDP traffic on the zookeeper_election port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_zookeeper_election_port" lineno="150602">
<summary>
Send and receive UDP traffic on the zookeeper_election port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_zookeeper_election_port" lineno="150619">
<summary>
Do not audit attempts to send and receive
UDP traffic on the zookeeper_election port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_zookeeper_election_port" lineno="150635">
<summary>
Bind TCP sockets to the zookeeper_election port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_zookeeper_election_port" lineno="150655">
<summary>
Bind UDP sockets to the zookeeper_election port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_zookeeper_election_port" lineno="150675">
<summary>
Do not audit attempts to sbind to zookeeper_election port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_zookeeper_election_port" lineno="150694">
<summary>
Make a TCP connection to the zookeeper_election port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_zookeeper_election_port" lineno="150711">
<summary>
Do not audit attempts to make a TCP connection to zookeeper_election port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zookeeper_election_client_packets" lineno="150731">
<summary>
Send zookeeper_election_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zookeeper_election_client_packets" lineno="150750">
<summary>
Do not audit attempts to send zookeeper_election_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zookeeper_election_client_packets" lineno="150769">
<summary>
Receive zookeeper_election_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zookeeper_election_client_packets" lineno="150788">
<summary>
Do not audit attempts to receive zookeeper_election_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zookeeper_election_client_packets" lineno="150807">
<summary>
Send and receive zookeeper_election_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zookeeper_election_client_packets" lineno="150823">
<summary>
Do not audit attempts to send and receive zookeeper_election_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zookeeper_election_client_packets" lineno="150838">
<summary>
Relabel packets to zookeeper_election_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zookeeper_election_server_packets" lineno="150858">
<summary>
Send zookeeper_election_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zookeeper_election_server_packets" lineno="150877">
<summary>
Do not audit attempts to send zookeeper_election_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zookeeper_election_server_packets" lineno="150896">
<summary>
Receive zookeeper_election_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zookeeper_election_server_packets" lineno="150915">
<summary>
Do not audit attempts to receive zookeeper_election_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zookeeper_election_server_packets" lineno="150934">
<summary>
Send and receive zookeeper_election_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zookeeper_election_server_packets" lineno="150950">
<summary>
Do not audit attempts to send and receive zookeeper_election_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zookeeper_election_server_packets" lineno="150965">
<summary>
Relabel packets to zookeeper_election_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_zookeeper_leader_port" lineno="150987">
<summary>
Send and receive TCP traffic on the zookeeper_leader port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_zookeeper_leader_port" lineno="151006">
<summary>
Send UDP traffic on the zookeeper_leader port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_zookeeper_leader_port" lineno="151025">
<summary>
Do not audit attempts to send UDP traffic on the zookeeper_leader port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_zookeeper_leader_port" lineno="151044">
<summary>
Receive UDP traffic on the zookeeper_leader port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_zookeeper_leader_port" lineno="151063">
<summary>
Do not audit attempts to receive UDP traffic on the zookeeper_leader port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_zookeeper_leader_port" lineno="151082">
<summary>
Send and receive UDP traffic on the zookeeper_leader port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_zookeeper_leader_port" lineno="151099">
<summary>
Do not audit attempts to send and receive
UDP traffic on the zookeeper_leader port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_zookeeper_leader_port" lineno="151115">
<summary>
Bind TCP sockets to the zookeeper_leader port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_zookeeper_leader_port" lineno="151135">
<summary>
Bind UDP sockets to the zookeeper_leader port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_zookeeper_leader_port" lineno="151155">
<summary>
Do not audit attempts to sbind to zookeeper_leader port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_zookeeper_leader_port" lineno="151174">
<summary>
Make a TCP connection to the zookeeper_leader port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_zookeeper_leader_port" lineno="151191">
<summary>
Do not audit attempts to make a TCP connection to zookeeper_leader port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zookeeper_leader_client_packets" lineno="151211">
<summary>
Send zookeeper_leader_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zookeeper_leader_client_packets" lineno="151230">
<summary>
Do not audit attempts to send zookeeper_leader_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zookeeper_leader_client_packets" lineno="151249">
<summary>
Receive zookeeper_leader_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zookeeper_leader_client_packets" lineno="151268">
<summary>
Do not audit attempts to receive zookeeper_leader_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zookeeper_leader_client_packets" lineno="151287">
<summary>
Send and receive zookeeper_leader_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zookeeper_leader_client_packets" lineno="151303">
<summary>
Do not audit attempts to send and receive zookeeper_leader_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zookeeper_leader_client_packets" lineno="151318">
<summary>
Relabel packets to zookeeper_leader_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zookeeper_leader_server_packets" lineno="151338">
<summary>
Send zookeeper_leader_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zookeeper_leader_server_packets" lineno="151357">
<summary>
Do not audit attempts to send zookeeper_leader_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zookeeper_leader_server_packets" lineno="151376">
<summary>
Receive zookeeper_leader_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zookeeper_leader_server_packets" lineno="151395">
<summary>
Do not audit attempts to receive zookeeper_leader_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zookeeper_leader_server_packets" lineno="151414">
<summary>
Send and receive zookeeper_leader_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zookeeper_leader_server_packets" lineno="151430">
<summary>
Do not audit attempts to send and receive zookeeper_leader_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zookeeper_leader_server_packets" lineno="151445">
<summary>
Relabel packets to zookeeper_leader_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_zebra_port" lineno="151467">
<summary>
Send and receive TCP traffic on the zebra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_zebra_port" lineno="151486">
<summary>
Send UDP traffic on the zebra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_zebra_port" lineno="151505">
<summary>
Do not audit attempts to send UDP traffic on the zebra port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_zebra_port" lineno="151524">
<summary>
Receive UDP traffic on the zebra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_zebra_port" lineno="151543">
<summary>
Do not audit attempts to receive UDP traffic on the zebra port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_zebra_port" lineno="151562">
<summary>
Send and receive UDP traffic on the zebra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_zebra_port" lineno="151579">
<summary>
Do not audit attempts to send and receive
UDP traffic on the zebra port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_zebra_port" lineno="151595">
<summary>
Bind TCP sockets to the zebra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_zebra_port" lineno="151615">
<summary>
Bind UDP sockets to the zebra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_zebra_port" lineno="151635">
<summary>
Do not audit attempts to sbind to zebra port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_zebra_port" lineno="151654">
<summary>
Make a TCP connection to the zebra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_zebra_port" lineno="151671">
<summary>
Do not audit attempts to make a TCP connection to zebra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zebra_client_packets" lineno="151691">
<summary>
Send zebra_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zebra_client_packets" lineno="151710">
<summary>
Do not audit attempts to send zebra_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zebra_client_packets" lineno="151729">
<summary>
Receive zebra_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zebra_client_packets" lineno="151748">
<summary>
Do not audit attempts to receive zebra_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zebra_client_packets" lineno="151767">
<summary>
Send and receive zebra_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zebra_client_packets" lineno="151783">
<summary>
Do not audit attempts to send and receive zebra_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zebra_client_packets" lineno="151798">
<summary>
Relabel packets to zebra_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zebra_server_packets" lineno="151818">
<summary>
Send zebra_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zebra_server_packets" lineno="151837">
<summary>
Do not audit attempts to send zebra_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zebra_server_packets" lineno="151856">
<summary>
Receive zebra_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zebra_server_packets" lineno="151875">
<summary>
Do not audit attempts to receive zebra_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zebra_server_packets" lineno="151894">
<summary>
Send and receive zebra_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zebra_server_packets" lineno="151910">
<summary>
Do not audit attempts to send and receive zebra_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zebra_server_packets" lineno="151925">
<summary>
Relabel packets to zebra_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_zented_port" lineno="151947">
<summary>
Send and receive TCP traffic on the zented port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_zented_port" lineno="151966">
<summary>
Send UDP traffic on the zented port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_zented_port" lineno="151985">
<summary>
Do not audit attempts to send UDP traffic on the zented port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_zented_port" lineno="152004">
<summary>
Receive UDP traffic on the zented port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_zented_port" lineno="152023">
<summary>
Do not audit attempts to receive UDP traffic on the zented port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_zented_port" lineno="152042">
<summary>
Send and receive UDP traffic on the zented port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_zented_port" lineno="152059">
<summary>
Do not audit attempts to send and receive
UDP traffic on the zented port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_zented_port" lineno="152075">
<summary>
Bind TCP sockets to the zented port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_zented_port" lineno="152095">
<summary>
Bind UDP sockets to the zented port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_zented_port" lineno="152115">
<summary>
Do not audit attempts to sbind to zented port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_zented_port" lineno="152134">
<summary>
Make a TCP connection to the zented port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_zented_port" lineno="152151">
<summary>
Do not audit attempts to make a TCP connection to zented port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zented_client_packets" lineno="152171">
<summary>
Send zented_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zented_client_packets" lineno="152190">
<summary>
Do not audit attempts to send zented_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zented_client_packets" lineno="152209">
<summary>
Receive zented_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zented_client_packets" lineno="152228">
<summary>
Do not audit attempts to receive zented_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zented_client_packets" lineno="152247">
<summary>
Send and receive zented_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zented_client_packets" lineno="152263">
<summary>
Do not audit attempts to send and receive zented_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zented_client_packets" lineno="152278">
<summary>
Relabel packets to zented_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zented_server_packets" lineno="152298">
<summary>
Send zented_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zented_server_packets" lineno="152317">
<summary>
Do not audit attempts to send zented_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zented_server_packets" lineno="152336">
<summary>
Receive zented_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zented_server_packets" lineno="152355">
<summary>
Do not audit attempts to receive zented_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zented_server_packets" lineno="152374">
<summary>
Send and receive zented_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zented_server_packets" lineno="152390">
<summary>
Do not audit attempts to send and receive zented_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zented_server_packets" lineno="152405">
<summary>
Relabel packets to zented_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_zope_port" lineno="152427">
<summary>
Send and receive TCP traffic on the zope port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_zope_port" lineno="152446">
<summary>
Send UDP traffic on the zope port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_zope_port" lineno="152465">
<summary>
Do not audit attempts to send UDP traffic on the zope port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_zope_port" lineno="152484">
<summary>
Receive UDP traffic on the zope port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_zope_port" lineno="152503">
<summary>
Do not audit attempts to receive UDP traffic on the zope port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_zope_port" lineno="152522">
<summary>
Send and receive UDP traffic on the zope port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_zope_port" lineno="152539">
<summary>
Do not audit attempts to send and receive
UDP traffic on the zope port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_zope_port" lineno="152555">
<summary>
Bind TCP sockets to the zope port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_zope_port" lineno="152575">
<summary>
Bind UDP sockets to the zope port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_dontaudit_udp_bind_zope_port" lineno="152595">
<summary>
Do not audit attempts to sbind to zope port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_zope_port" lineno="152614">
<summary>
Make a TCP connection to the zope port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_zope_port" lineno="152631">
<summary>
Do not audit attempts to make a TCP connection to zope port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zope_client_packets" lineno="152651">
<summary>
Send zope_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zope_client_packets" lineno="152670">
<summary>
Do not audit attempts to send zope_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zope_client_packets" lineno="152689">
<summary>
Receive zope_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zope_client_packets" lineno="152708">
<summary>
Do not audit attempts to receive zope_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zope_client_packets" lineno="152727">
<summary>
Send and receive zope_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zope_client_packets" lineno="152743">
<summary>
Do not audit attempts to send and receive zope_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zope_client_packets" lineno="152758">
<summary>
Relabel packets to zope_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zope_server_packets" lineno="152778">
<summary>
Send zope_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zope_server_packets" lineno="152797">
<summary>
Do not audit attempts to send zope_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zope_server_packets" lineno="152816">
<summary>
Receive zope_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zope_server_packets" lineno="152835">
<summary>
Do not audit attempts to receive zope_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zope_server_packets" lineno="152854">
<summary>
Send and receive zope_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zope_server_packets" lineno="152870">
<summary>
Do not audit attempts to send and receive zope_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zope_server_packets" lineno="152885">
<summary>
Relabel packets to zope_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_lo_if" lineno="152908">
<summary>
Send and receive TCP network traffic on the lo interface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_lo_if" lineno="152927">
<summary>
Send UDP network traffic on the lo interface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_udp_receive_lo_if" lineno="152946">
<summary>
Receive UDP network traffic on the lo interface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_udp_sendrecv_lo_if" lineno="152965">
<summary>
Send and receive UDP network traffic on the lo interface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_raw_send_lo_if" lineno="152981">
<summary>
Send raw IP packets on the lo interface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_raw_receive_lo_if" lineno="153000">
<summary>
Receive raw IP packets on the lo interface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_raw_sendrecv_lo_if" lineno="153019">
<summary>
Send and receive raw IP packets on the lo interface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
</module>
<module name="devices" filename="policy/modules/kernel/devices.if">
<summary>
Device nodes and interfaces for many basic system devices.
</summary>
<desc>
<p>
This module creates the device node concept and provides
the policy for many of the device files. Notable exceptions are
the mass storage and terminal devices that are covered by other
modules.
</p>
<p>
This module creates the concept of a device node. That is a
char or block device file, usually in /dev. All types that
are used to label device nodes should use the dev_node macro.
</p>
<p>
Additionally, this module controls access to three things:
<ul>
<li>the device directories containing device nodes</li>
<li>device nodes as a group</li>
<li>individual access to specific device nodes covered by
this module.</li>
</ul>
</p>
</desc>
<required val="true">
Depended on by other required modules.
</required>
<interface name="dev_node" lineno="66">
<summary>
Make the specified type usable for device
nodes in a filesystem.
</summary>
<desc>
<p>
Make the specified type usable for device nodes
in a filesystem.  Types used for device nodes that
do not use this interface, or an interface that
calls this one, will have unexpected behaviors
while the system is running.
</p>
<p>
Example:
</p>
<p>
type mydev_t;
dev_node(mydev_t)
allow mydomain_t mydev_t:chr_file read_chr_file_perms;
</p>
<p>
Related interfaces:
</p>
<ul>
<li>term_tty()</li>
<li>term_pty()</li>
</ul>
</desc>
<param name="type">
<summary>
Type to be used for device nodes.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="dev_associate" lineno="84">
<summary>
Associate the specified file type with device filesystem.
</summary>
<param name="file_type">
<summary>
The type of the file to be associated.
</summary>
</param>
</interface>
<interface name="dev_getattr_fs" lineno="103">
<summary>
Get attributes of device filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_mounton" lineno="121">
<summary>
Mount a filesystem on /dev
</summary>
<param name="domain">
<summary>
Domain allow access.
</summary>
</param>
</interface>
<interface name="dev_mounton_all_device_nodes" lineno="139">
<summary>
Allow caller domain to mounton all device nodes
</summary>
<param name="domain">
<summary>
Domain allow access.
</summary>
</param>
</interface>
<interface name="dev_relabel_all_dev_nodes" lineno="160">
<summary>
Allow full relabeling (to and from) of all device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dev_relabel_all_dev_files" lineno="186">
<summary>
Allow full relabeling (to and from) of all device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dev_list_all_dev_nodes" lineno="204">
<summary>
List all of the device nodes in a device directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_generic_dirs" lineno="223">
<summary>
Set the attributes of /dev directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_list_all_dev_nodes" lineno="241">
<summary>
Dontaudit attempts to list all device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_all_access_check" lineno="259">
<summary>
Dontaudit attempts to list all device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_add_entry_generic_dirs" lineno="277">
<summary>
Add entries to directories in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_remove_entry_generic_dirs" lineno="295">
<summary>
Add entries to directories in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_create_generic_dirs" lineno="313">
<summary>
Create a directory in the device directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_watch_generic_dirs" lineno="332">
<summary>
Watch generic device directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_delete_generic_dirs" lineno="350">
<summary>
Delete a directory in the device directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_generic_dirs" lineno="368">
<summary>
Manage of directories in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_relabel_generic_dev_dirs" lineno="386">
<summary>
Allow full relabeling (to and from) of directories in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_generic_files" lineno="404">
<summary>
dontaudit getattr generic files in /dev.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_read_generic_files" lineno="422">
<summary>
Read generic files in /dev.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_read_generic_files" lineno="440">
<summary>
Read generic files in /dev.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_rw_generic_files" lineno="458">
<summary>
Read and write generic files in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_delete_generic_files" lineno="476">
<summary>
Delete generic files in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_generic_files" lineno="494">
<summary>
Create a file in the device directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_generic_pipes" lineno="512">
<summary>
Dontaudit getattr on generic pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_write_generic_sockets" lineno="530">
<summary>
Write generic socket files in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_generic_blk_files" lineno="548">
<summary>
Allow getattr on generic block devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rename_generic_blk_files" lineno="566">
<summary>
Rename generic block device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_write_generic_sock_files" lineno="584">
<summary>
write generic sock files in /dev. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_generic_blk_files" lineno="599">
<summary>
Dontaudit getattr on generic block devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_setattr_generic_blk_files" lineno="617">
<summary>
Dontaudit setattr on generic block devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_create_generic_blk_files" lineno="635">
<summary>
Create generic block device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_delete_generic_blk_files" lineno="653">
<summary>
Delete generic block device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_generic_chr_files" lineno="671">
<summary>
Allow getattr for generic character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_generic_chr_files" lineno="689">
<summary>
Dontaudit getattr for generic character device files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_rename_generic_chr_files" lineno="707">
<summary>
Rename generic character device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_setattr_generic_chr_files" lineno="725">
<summary>
Dontaudit setattr for generic character device files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_read_generic_chr_files" lineno="743">
<summary>
Read generic character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_generic_chr_files" lineno="761">
<summary>
Read and write generic character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_generic_blk_files" lineno="779">
<summary>
Read and write generic block device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_rw_generic_chr_files" lineno="797">
<summary>
Dontaudit attempts to read/write generic character device files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_create_generic_chr_files" lineno="815">
<summary>
Create generic character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_delete_generic_chr_files" lineno="833">
<summary>
Delete generic character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_relabelfrom_generic_chr_files" lineno="851">
<summary>
Relabel from generic character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_setattr_generic_symlinks" lineno="870">
<summary>
Do not audit attempts to set the attributes
of symbolic links in device directories (/dev).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_create_generic_symlinks" lineno="888">
<summary>
Create symbolic links in device directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_delete_generic_symlinks" lineno="906">
<summary>
Delete symbolic links in device directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_generic_symlinks" lineno="924">
<summary>
Read symbolic links in device directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_generic_symlinks" lineno="942">
<summary>
Create, delete, read, and write symbolic links in device directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_relabel_generic_symlinks" lineno="960">
<summary>
Relabel symbolic links in device directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_all_dev_nodes" lineno="978">
<summary>
Create, delete, read, and write device nodes in device directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_rw_generic_dev_nodes" lineno="1014">
<summary>
Dontaudit getattr for generic device files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_read_generic_blk_files" lineno="1032">
<summary>
Read block device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_generic_blk_files" lineno="1050">
<summary>
Create, delete, read, and write block device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_generic_chr_files" lineno="1068">
<summary>
Create, delete, read, and write character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_filetrans" lineno="1103">
<summary>
Create, read, and write device nodes. The node
will be transitioned to the type provided.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file">
<summary>
Type to which the created node will be transitioned.
</summary>
</param>
<param name="objectclass(es)">
<summary>
Object class(es) (single or set including {}) for which this
the transition will occur.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="dev_tmpfs_filetrans_dev" lineno="1138">
<summary>
Create, read, and write device nodes. The node
will be transitioned to the type provided.  This is
a temporary interface until devtmpfs functionality
fixed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="objectclass(es)">
<summary>
Object class(es) (single or set including {}) for which this
the transition will occur.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="dev_getattr_all" lineno="1156">
<summary>
Allow getattr on all device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_all_blk_files" lineno="1176">
<summary>
Getattr on all block file device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dev_lock_all_blk_files" lineno="1196">
<summary>
Lock on all block file device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dev_read_all_blk_files" lineno="1216">
<summary>
Read on all block file device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dev_dontaudit_getattr_all_blk_files" lineno="1235">
<summary>
Dontaudit getattr on all block file device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_getattr_all_chr_files" lineno="1255">
<summary>
Getattr on all character file device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dev_dontaudit_getattr_all_chr_files" lineno="1274">
<summary>
Dontaudit getattr on all character file device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_setattr_all_blk_files" lineno="1294">
<summary>
Setattr on all block file device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dev_setattr_all_chr_files" lineno="1313">
<summary>
Setattr on all character file device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dev_dontaudit_read_all_blk_files" lineno="1331">
<summary>
Dontaudit read on all block file device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_write_all_blk_files" lineno="1349">
<summary>
Dontaudit write on all block file device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_read_all_chr_files" lineno="1367">
<summary>
Dontaudit read on all character file device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_write_all_chr_files" lineno="1385">
<summary>
Dontaudit write on all character file device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_create_all_files" lineno="1403">
<summary>
Create all device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_create_all_blk_files" lineno="1421">
<summary>
Create all block device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_create_all_chr_files" lineno="1439">
<summary>
Create all character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_all_inherited_chr_files" lineno="1457">
<summary>
rw all inherited character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_all_inherited_blk_files" lineno="1475">
<summary>
rw all inherited blk device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_delete_all_blk_files" lineno="1493">
<summary>
Delete all block device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_delete_all_chr_files" lineno="1511">
<summary>
Delete all character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rename_all_blk_files" lineno="1529">
<summary>
Rename all block device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rename_all_chr_files" lineno="1547">
<summary>
Rename all character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_all_blk_files" lineno="1565">
<summary>
Read, write, create, and delete all block device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_all_chr_files" lineno="1589">
<summary>
Read, write, create, and delete all character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_agp_dev" lineno="1609">
<summary>
Getattr the agp devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_agp" lineno="1627">
<summary>
Read and write the agp devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_apm_bios_dev" lineno="1645">
<summary>
Get the attributes of the apm bios device node.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_apm_bios_dev" lineno="1664">
<summary>
Do not audit attempts to get the attributes of
the apm bios device node.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_setattr_apm_bios_dev" lineno="1682">
<summary>
Set the attributes of the apm bios device node.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_setattr_apm_bios_dev" lineno="1701">
<summary>
Do not audit attempts to set the attributes of
the apm bios device node.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_rw_apm_bios" lineno="1719">
<summary>
Read and write the apm bios.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_autofs_dev" lineno="1737">
<summary>
Get the attributes of the autofs device node.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_autofs_dev" lineno="1756">
<summary>
Do not audit attempts to get the attributes of
the autofs device node.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_setattr_autofs_dev" lineno="1774">
<summary>
Set the attributes of the autofs device node.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_setattr_autofs_dev" lineno="1793">
<summary>
Do not audit attempts to set the attributes of
the autofs device node.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_rw_autofs" lineno="1811">
<summary>
Read and write the autofs device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_relabel_autofs_dev" lineno="1829">
<summary>
Relabel the autofs device node.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_cardmgr" lineno="1847">
<summary>
Read and write the PCMCIA card manager device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_rw_cardmgr" lineno="1866">
<summary>
Do not audit attempts to read and
write the PCMCIA card manager device.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_create_cardmgr_dev" lineno="1886">
<summary>
Create, read, write, and delete
the PCMCIA card manager device
with the correct type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_cardmgr_dev" lineno="1906">
<summary>
Create, read, write, and delete
the PCMCIA card manager device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_filetrans_cardmgr" lineno="1932">
<summary>
Automatic type transition to the type
for PCMCIA card manager device nodes when
created in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="dev_filetrans_xserver_misc" lineno="1952">
<summary>
Automatic type transition to the type
for xserver misc device nodes when
created in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_cpu_dev" lineno="1971">
<summary>
Get the attributes of the CPU
microcode and id interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_cpu_dev" lineno="1990">
<summary>
Set the attributes of the CPU
microcode and id interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_cpuid" lineno="2008">
<summary>
Read the CPU identity.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_cpu_microcode" lineno="2027">
<summary>
Read and write the the CPU microcode device. This
is required to load CPU microcode.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_crash" lineno="2045">
<summary>
Read the kernel crash device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_cachefiles" lineno="2063">
<summary>
Read and write to the cachefilesd device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_crypto" lineno="2081">
<summary>
Read and write the the hardware SSL accelerator.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_ecryptfs" lineno="2099">
<summary>
Read and write the the ecrypt filesystem device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_dlm_control" lineno="2117">
<summary>
Set the attributes of the dlm control devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_dlm_control" lineno="2135">
<summary>
Read and write the the dlm control device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_dma_dev" lineno="2153">
<summary>
Read and write the the dma device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_dri_dev" lineno="2171">
<summary>
getattr the dri devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_dri_dev" lineno="2189">
<summary>
Setattr the dri devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_map_dri" lineno="2207">
<summary>
Mmap the dri devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_dri" lineno="2225">
<summary>
Read and write the dri devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_inherited_dri" lineno="2244">
<summary>
Read and write the dri devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_rw_dri" lineno="2263">
<summary>
Dontaudit read and write on the dri devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_manage_dri_dev" lineno="2281">
<summary>
Create, read, write, and delete the dri devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_filetrans_dri" lineno="2305">
<summary>
Automatic type transition to the type
for DRI device nodes when created in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="dev_getattr_input_dev" lineno="2323">
<summary>
Get the attributes of the event devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_input_dev" lineno="2342">
<summary>
Set the attributes of the event devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_input" lineno="2361">
<summary>
Read input event devices (/dev/input).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_input_dev" lineno="2379">
<summary>
Read input event devices (/dev/input).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_inherited_input_dev" lineno="2397">
<summary>
Read input event devices (/dev/input).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_ipmi_dev" lineno="2416">
<summary>
Read ipmi devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_ipmi_dev" lineno="2434">
<summary>
Read and write ipmi devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_ipmi_dev" lineno="2452">
<summary>
Manage ipmi devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_filetrans_ipmi" lineno="2477">
<summary>
Automatic type transition to the type
for PCMCIA card manager device nodes when
created in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="dev_getattr_infiniband_dev" lineno="2495">
<summary>
Get attributes of infiniband devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_infiniband_dev" lineno="2513">
<summary>
Read infiniband devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_infiniband_dev" lineno="2532">
<summary>
Read and write ipmi devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_infiniband_mgmt_dev" lineno="2552">
<summary>
Read infiniband mgmt devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_infiniband_mgmt_dev" lineno="2571">
<summary>
Read and write ipmi devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_framebuffer_dev" lineno="2590">
<summary>
Get the attributes of the framebuffer device node.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_framebuffer_dev" lineno="2608">
<summary>
Set the attributes of the framebuffer device node.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_setattr_framebuffer_dev" lineno="2627">
<summary>
Dot not audit attempts to set the attributes
of the framebuffer device node.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_read_framebuffer" lineno="2645">
<summary>
Read the framebuffer.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_read_framebuffer" lineno="2663">
<summary>
Do not audit attempts to read the framebuffer.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_write_framebuffer" lineno="2681">
<summary>
Write the framebuffer.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_map_framebuffer" lineno="2699">
<summary>
Mmap the framebuffer.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_framebuffer" lineno="2717">
<summary>
Read and write the framebuffer.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_kmsg" lineno="2735">
<summary>
Read the kernel messages
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_read_kmsg" lineno="2753">
<summary>
Do not audit attempts to read the kernel messages
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_write_kmsg" lineno="2771">
<summary>
Write to the kernel messages device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_mounton_kmsg" lineno="2789">
<summary>
Mounton the kernel messages device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_ksm_dev" lineno="2807">
<summary>
Get the attributes of the ksm devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_ksm_dev" lineno="2825">
<summary>
Set the attributes of the ksm devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_ksm" lineno="2843">
<summary>
Read the ksm devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_ksm" lineno="2861">
<summary>
Read and write to ksm devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_kvm_dev" lineno="2879">
<summary>
Get the attributes of the kvm devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_kvm_dev" lineno="2897">
<summary>
Set the attributes of the kvm devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_kvm" lineno="2915">
<summary>
Read the kvm devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_kvm" lineno="2933">
<summary>
Read and write to kvm devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_sev" lineno="2951">
<summary>
Read and write to sev devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_lirc" lineno="2969">
<summary>
Read the lirc device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_lirc" lineno="2987">
<summary>
Read and write the lirc device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_filetrans_lirc" lineno="3011">
<summary>
Automatic type transition to the type
for lirc device nodes when created in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="dev_getattr_loop_control" lineno="3029">
<summary>
Get the attributes of the loop comtrol device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_loop_control" lineno="3047">
<summary>
Read the loop comtrol device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_loop_control" lineno="3065">
<summary>
Read and write the loop control device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_rw_loop_control" lineno="3083">
<summary>
Do not audit attempts to read and write loop control device.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_delete_loop_control_dev" lineno="3101">
<summary>
Delete the loop control device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_lvm_control" lineno="3119">
<summary>
Get the attributes of the loop comtrol device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_lvm_control" lineno="3137">
<summary>
Read the lvm comtrol device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_lvm_control" lineno="3155">
<summary>
Read and write the lvm control device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_rw_lvm_control" lineno="3173">
<summary>
Do not audit attempts to read and write lvm control device.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_delete_lvm_control_dev" lineno="3191">
<summary>
Delete the lvm control device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_memory_dev" lineno="3209">
<summary>
dontaudit getattr raw memory devices (e.g. /dev/mem).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_read_raw_memory" lineno="3227">
<summary>
Read raw memory devices (e.g. /dev/mem).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_raw_memory_reader" lineno="3250">
<summary>
Allow to be reader of raw memory devices (e.g. /dev/mem).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_read_raw_memory" lineno="3269">
<summary>
Do not audit attempts to read raw memory devices
(e.g. /dev/mem).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_write_raw_memory" lineno="3288">
<summary>
Do not audit attempts to write to raw memory devices
(e.g. /dev/mem).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_write_raw_memory" lineno="3306">
<summary>
Write raw memory devices (e.g. /dev/mem).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_raw_memory_writer" lineno="3328">
<summary>
Allow to be writer of raw memory devices (e.g. /dev/mem).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rx_raw_memory" lineno="3346">
<summary>
Read and execute raw memory devices (e.g. /dev/mem).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_wx_raw_memory" lineno="3365">
<summary>
Write and execute raw memory devices (e.g. /dev/mem).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_misc_dev" lineno="3384">
<summary>
Get the attributes of miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_misc_dev" lineno="3403">
<summary>
Do not audit attempts to get the attributes
of miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_setattr_misc_dev" lineno="3421">
<summary>
Set the attributes of miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_setattr_misc_dev" lineno="3440">
<summary>
Do not audit attempts to set the attributes
of miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_read_misc" lineno="3458">
<summary>
Read miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_write_misc" lineno="3476">
<summary>
Write miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_rw_misc" lineno="3494">
<summary>
Do not audit attempts to read and write miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_getattr_modem_dev" lineno="3512">
<summary>
Get the attributes of the modem devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_modem_dev" lineno="3530">
<summary>
Set the attributes of the modem devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_modem" lineno="3548">
<summary>
Read the modem devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_modem" lineno="3566">
<summary>
Read and write to modem devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_monitor_dev" lineno="3584">
<summary>
Get the attributes of the monitor devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_monitor_dev" lineno="3602">
<summary>
Set the attributes of the monitor devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_monitor_dev" lineno="3620">
<summary>
Read the monitor devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_monitor_dev" lineno="3638">
<summary>
Read and write to monitor devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_mouse_dev" lineno="3656">
<summary>
Get the attributes of the mouse devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_mouse_dev" lineno="3674">
<summary>
Set the attributes of the mouse devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_mouse" lineno="3692">
<summary>
Read the mouse devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_mouse" lineno="3710">
<summary>
Read and write to mouse devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_mtrr_dev" lineno="3729">
<summary>
Get the attributes of the memory type range
registers (MTRR) device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_write_mtrr" lineno="3762">
<summary>
Write the memory type range
registers (MTRR).  (Deprecated)
</summary>
<desc>
<p>
Write the memory type range
registers (MTRR).  This interface has
been deprecated, dev_rw_mtrr() should be
used instead.
</p>
<p>
The MTRR device ioctls can be used for
reading and writing; thus, write access to the
device cannot be separated from read access.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_write_mtrr" lineno="3778">
<summary>
Do not audit attempts to write the memory type
range registers (MTRR).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_read_mtrr" lineno="3798">
<summary>
Do not audit attempts to read the memory type
range registers (MTRR).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_read_mtrr" lineno="3817">
<summary>
Read the memory type range registers (MTRR).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_mtrr" lineno="3836">
<summary>
Read and write the memory type range registers (MTRR).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_netcontrol_dev" lineno="3855">
<summary>
Get the attributes of the network control device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_netcontrol" lineno="3873">
<summary>
Read the network control identity.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_netcontrol" lineno="3891">
<summary>
Read and write the the network control device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_null_dev" lineno="3909">
<summary>
Get the attributes of the null device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_null_dev" lineno="3927">
<summary>
Set the attributes of the null device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_delete_null" lineno="3945">
<summary>
Delete the null device (/dev/null).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_null" lineno="3963">
<summary>
Read and write to the null device (/dev/null).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_create_null_dev" lineno="3981">
<summary>
Create the null device (/dev/null).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_service_status_null_dev" lineno="3999">
<summary>
Get the status of a null device service.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_config_null_dev_service" lineno="4017">
<summary>
Configure null_device as a unit files.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dev_read_nvme" lineno="4038">
<summary>
Read Non-Volatile Memory Host Controller Interface. (Deprecated)
</summary>
<desc>
Use storage_raw_read_fixed_disk() instead.
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_nvme" lineno="4057">
<summary>
Read/Write Non-Volatile Memory Host Controller Interface. (Deprecated)
</summary>
<desc>
Use storage_raw_read_fixed_disk() and
storage_raw_write_fixed_disk() instead.
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_nvram_dev" lineno="4074">
<summary>
Do not audit attempts to get the attributes
of the BIOS non-volatile RAM device.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_read_nvram" lineno="4092">
<summary>
Read BIOS non-volatile RAM.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_nvram" lineno="4110">
<summary>
Read and write BIOS non-volatile RAM.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_printer_dev" lineno="4128">
<summary>
Get the attributes of the printer device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_printer_dev" lineno="4146">
<summary>
Set the attributes of the printer device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_append_printer" lineno="4165">
<summary>
Append the printer device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_printer" lineno="4183">
<summary>
Read and write the printer device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_relabel_printer" lineno="4201">
<summary>
Relabel the printer device node.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_printer" lineno="4219">
<summary>
Read and write the printer device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_qemu_dev" lineno="4239">
<summary>
Get the attributes of the QEMU
microcode and id interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_qemu_dev" lineno="4258">
<summary>
Set the attributes of the QEMU
microcode and id interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_qemu" lineno="4276">
<summary>
Read the QEMU device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_qemu" lineno="4294">
<summary>
Read and write the the QEMU device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_rand" lineno="4328">
<summary>
Read from random number generator
devices (e.g., /dev/random).
</summary>
<desc>
<p>
Allow the specified domain to read from random number
generator devices (e.g., /dev/random).  Typically this is
used in situations when a cryptographically secure random
number is needed.
</p>
<p>
Related interface:
</p>
<ul>
<li>dev_read_urand()</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="dev_dontaudit_read_rand" lineno="4347">
<summary>
Do not audit attempts to read from random
number generator devices (e.g., /dev/random)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_append_rand" lineno="4366">
<summary>
Do not audit attempts to append to the random
number generator devices (e.g., /dev/random)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_write_rand" lineno="4386">
<summary>
Write to the random device (e.g., /dev/random). This adds
entropy used to generate the random data read from the
random device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_realtime_clock" lineno="4404">
<summary>
Read the realtime clock (/dev/rtc).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_write_realtime_clock" lineno="4422">
<summary>
Set the realtime clock (/dev/rtc).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_realtime_clock" lineno="4442">
<summary>
Read and set the realtime clock (/dev/rtc).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_scanner_dev" lineno="4457">
<summary>
Get the attributes of the scanner device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_scanner_dev" lineno="4476">
<summary>
Do not audit attempts to get the attributes of
the scanner device.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_setattr_scanner_dev" lineno="4494">
<summary>
Set the attributes of the scanner device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_setattr_scanner_dev" lineno="4513">
<summary>
Do not audit attempts to set the attributes of
the scanner device.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_rw_scanner" lineno="4531">
<summary>
Read and write the scanner device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_sound_dev" lineno="4549">
<summary>
Get the attributes of the sound devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_sound_dev" lineno="4567">
<summary>
Set the attributes of the sound devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_sound" lineno="4585">
<summary>
Read the sound devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_write_sound" lineno="4604">
<summary>
Write the sound devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_sound_mixer" lineno="4622">
<summary>
Read the sound mixer devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_write_sound_mixer" lineno="4641">
<summary>
Write the sound mixer devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_power_mgmt_dev" lineno="4659">
<summary>
Get the attributes of the the power management device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_power_mgmt_dev" lineno="4677">
<summary>
Set the attributes of the the power management device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_power_management" lineno="4695">
<summary>
Read and write the the power management device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_smartcard_dev" lineno="4713">
<summary>
Getattr on smartcard devices
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_smartcard_dev" lineno="4732">
<summary>
dontaudit getattr on smartcard devices
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_rw_smartcard" lineno="4751">
<summary>
Read and write smartcard devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_smartcard" lineno="4769">
<summary>
Create, read, write, and delete smartcard devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_associate_sysfs" lineno="4787">
<summary>
Associate a file to a sysfs filesystem.
</summary>
<param name="file_type">
<summary>
The type of the file to be associated to sysfs.
</summary>
</param>
</interface>
<interface name="dev_getattr_sysfs_dirs" lineno="4805">
<summary>
Get the attributes of sysfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_sysfs_dirs" lineno="4823">
<summary>
Set the attributes of sysfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_sysfs_fs" lineno="4841">
<summary>
Get attributes of sysfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_mounton_sysfs" lineno="4859">
<summary>
Mount a filesystem on /sys
</summary>
<param name="domain">
<summary>
Domain allow access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_mounton_sysfs" lineno="4877">
<summary>
Dontaudit attempts to mount a filesystem on /sys
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_mount_sysfs_fs" lineno="4895">
<summary>
Mount sysfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_unmount_sysfs_fs" lineno="4913">
<summary>
Unmount sysfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_remount_sysfs_fs" lineno="4931">
<summary>
Remount sysfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_search_sysfs" lineno="4949">
<summary>
Search the sysfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_search_sysfs" lineno="4967">
<summary>
Do not audit attempts to search sysfs.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_list_sysfs" lineno="4985">
<summary>
List the contents of the sysfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_write_sysfs_dirs" lineno="5005">
<summary>
Write in a sysfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_access_check_sysfs" lineno="5023">
<summary>
Access check for a sysfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_write_sysfs_dirs" lineno="5041">
<summary>
Do not audit attempts to write in a sysfs directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_read_cpu_online" lineno="5064">
<summary>
Read cpu online hardware state information.
</summary>
<desc>
<p>
Allow the specified domain to read /sys/devices/system/cpu/online file.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_relabel_cpu_online" lineno="5083">
<summary>
Relabel cpu online hardware state information.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_sysfs" lineno="5113">
<summary>
Read hardware state information.
</summary>
<desc>
<p>
Allow the specified domain to read the contents of
the sysfs filesystem.  This filesystem contains
information, parameters, and other settings on the
hardware installed on the system.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="dev_write_sysfs" lineno="5134">
<summary>
Allow caller to write to sysfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_sysfs" lineno="5153">
<summary>
Allow caller to r/w to sysfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_create_sysfs_files" lineno="5174">
<summary>
Allow caller create hardware state information files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_relabel_sysfs_dirs" lineno="5192">
<summary>
Relabel hardware state directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_relabel_all_sysfs" lineno="5210">
<summary>
Relabel hardware state files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_sysfs_dirs" lineno="5230">
<summary>
Allow caller to modify hardware state information.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_sysfs" lineno="5248">
<summary>
Allow caller to modify hardware state information.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_map_sysfs" lineno="5268">
<summary>
Mmap the sysfs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_tpm" lineno="5286">
<summary>
Read the TPM device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_tpm" lineno="5304">
<summary>
Read and write the TPM device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_urand" lineno="5345">
<summary>
Read from pseudo random number generator devices (e.g., /dev/urandom).
</summary>
<desc>
<p>
Allow the specified domain to read from pseudo random number
generator devices (e.g., /dev/urandom).  Typically this is
used in situations when a cryptographically secure random
number is not necessarily needed.  One example is the Stack
Smashing Protector (SSP, formerly known as ProPolice) support
that may be compiled into programs.
</p>
<p>
Related interface:
</p>
<ul>
<li>dev_read_rand()</li>
</ul>
<p>
Related tunable:
</p>
<ul>
<li>global_ssp</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="dev_dontaudit_read_urand" lineno="5364">
<summary>
Do not audit attempts to read from pseudo
random devices (e.g., /dev/urandom)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_write_urand" lineno="5383">
<summary>
Write to the pseudo random device (e.g., /dev/urandom). This
sets the random number generator seed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_write_urand" lineno="5402">
<summary>
Do not audit attempts to write to pseudo
random devices (e.g., /dev/urandom)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_getattr_generic_usb_dev" lineno="5420">
<summary>
Getattr generic the USB devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_generic_usb_dev" lineno="5438">
<summary>
Setattr generic the USB devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_generic_usb_dev" lineno="5456">
<summary>
Read generic the USB devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_generic_usb_dev" lineno="5474">
<summary>
Read and write generic the USB devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_relabel_generic_usb_dev" lineno="5492">
<summary>
Relabel generic the USB devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_usbmon_dev" lineno="5510">
<summary>
Read USB monitor devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_map_usbmon_dev" lineno="5528">
<summary>
Mmap USB monitor devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_write_usbmon_dev" lineno="5546">
<summary>
Write USB monitor devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_mount_usbfs" lineno="5564">
<summary>
Mount a usbfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_associate_usbfs" lineno="5582">
<summary>
Associate a file to a usbfs filesystem.
</summary>
<param name="file_type">
<summary>
The type of the file to be associated to usbfs.
</summary>
</param>
</interface>
<interface name="dev_getattr_usbfs_dirs" lineno="5600">
<summary>
Get the attributes of a directory in the usb filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_usbfs_dirs" lineno="5619">
<summary>
Do not audit attempts to get the attributes
of a directory in the usb filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_search_usbfs" lineno="5637">
<summary>
Search the directory containing USB hardware information.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_list_usbfs" lineno="5655">
<summary>
Allow caller to get a list of usb hardware.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_usbfs_files" lineno="5676">
<summary>
Set the attributes of usbfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_usbfs" lineno="5696">
<summary>
Read USB hardware information using
the usbfs filesystem interface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_usbfs" lineno="5716">
<summary>
Allow caller to modify usb hardware configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_userio_dev" lineno="5736">
<summary>
Read and write userio device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_map_userio_dev" lineno="5754">
<summary>
Mmap the userio devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_video_dev" lineno="5772">
<summary>
Get the attributes of video4linux devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_video_dev" lineno="5791">
<summary>
Do not audit attempts to get the attributes
of video4linux device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_setattr_video_dev" lineno="5809">
<summary>
Set the attributes of video4linux device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_setattr_video_dev" lineno="5828">
<summary>
Do not audit attempts to set the attributes
of video4linux device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_read_video_dev" lineno="5846">
<summary>
Read the video4linux devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_map_video_dev" lineno="5864">
<summary>
Mmap the video4linux devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_write_video_dev" lineno="5883">
<summary>
Write the video4linux devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_vfio_dev" lineno="5901">
<summary>
Get the attributes of vfio devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_vfio_dev" lineno="5920">
<summary>
Do not audit attempts to get the attributes
of vfio device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_setattr_vfio_dev" lineno="5938">
<summary>
Set the attributes of vfio device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_setattr_vfio_dev" lineno="5957">
<summary>
Do not audit attempts to set the attributes
of vfio device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_read_vfio_dev" lineno="5975">
<summary>
Read the vfio devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_write_vfio_dev" lineno="5993">
<summary>
Write the vfio devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_vfio_dev" lineno="6011">
<summary>
Read and write the VFIO devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_vhost" lineno="6029">
<summary>
Allow read/write the vhost net device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_inherited_vhost" lineno="6047">
<summary>
Allow read/write inheretid the vhost net device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_map_vhost" lineno="6065">
<summary>
Allow map the vhost devices
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_vmware" lineno="6083">
<summary>
Read and write VMWare devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rwx_vmware" lineno="6101">
<summary>
Read, write, and mmap VMWare devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_watchdog" lineno="6120">
<summary>
Read from watchdog devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_write_watchdog" lineno="6138">
<summary>
Write to watchdog devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_watchdog" lineno="6156">
<summary>
RW to watchdog devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_wireless" lineno="6174">
<summary>
Read and write the the wireless device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_xen" lineno="6192">
<summary>
Read and write Xen devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_xen" lineno="6211">
<summary>
Create, read, write, and delete Xen devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_filetrans_xen" lineno="6235">
<summary>
Automatic type transition to the type
for xen device nodes when created in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="dev_getattr_xserver_misc_dev" lineno="6253">
<summary>
Get the attributes of X server miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_xserver_misc_dev" lineno="6271">
<summary>
Set the attributes of X server miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_xserver_misc" lineno="6289">
<summary>
Read and write X server miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_leaked_xserver_misc" lineno="6308">
<summary>
Dontaudit attempts to Read and write X server miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_manage_xserver_misc" lineno="6326">
<summary>
Read and write X server miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_map_xserver_misc" lineno="6346">
<summary>
mmap X server miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_zero" lineno="6365">
<summary>
Read and write to the zero device (/dev/zero).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rwx_zero" lineno="6384">
<summary>
Read, write, and execute the zero device (/dev/zero).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_execmod_zero" lineno="6403">
<summary>
Execmod the zero device (/dev/zero).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_create_zero_dev" lineno="6422">
<summary>
Create the zero device (/dev/zero).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_unconfined" lineno="6440">
<summary>
Unconfined access to devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_all" lineno="6458">
<summary>
Dontaudit getattr on all device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_getattr_mei" lineno="6477">
<summary>
Get the attributes of the mei devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_mei" lineno="6495">
<summary>
Read the mei devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_mei" lineno="6513">
<summary>
Read and write to mei devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_uhid_dev" lineno="6531">
<summary>
Read and write uhid devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_hypervkvp" lineno="6550">
<summary>
Allow read/write the hypervkvp device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_gpfs" lineno="6568">
<summary>
Allow read/write the hypervkvp device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_gpio" lineno="6586">
<summary>
Allow read/write the gpiochip device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_hypervvssd" lineno="6604">
<summary>
Allow read/write the hypervvssd device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_vsock" lineno="6622">
<summary>
Allow read the vsock device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_gnss" lineno="6640">
<summary>
Allow read/write the gnss device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_gnss" lineno="6658">
<summary>
Allow setattr the gnss device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_papr_sysparm" lineno="6676">
<summary>
Allow read/write the papr-sysparm device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_hfi1" lineno="6694">
<summary>
Allow read the hfi1_[0-9]+ devices
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_filetrans_printer_named_dev" lineno="6712">
<summary>
Create all named devices with the correct label
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_filetrans_all_named_dev" lineno="6770">
<summary>
Create all named devices with the correct label
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_filetrans_xserver_named_dev" lineno="7600">
<summary>
Create all named devices with the correct label
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_io_uring_cmd_on_all_dev_nodes" lineno="7666">
<summary>
Allow to use IORING_OP_URING_CMD on all device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="domain" filename="policy/modules/kernel/domain.if">
<summary>Core policy for domains.</summary>
<required val="true">
Contains the concept of a domain.
</required>
<interface name="domain_base_type" lineno="26">
<summary>
Make the specified type usable as a basic domain.
</summary>
<desc>
<p>
Make the specified type usable as a basic domain.
</p>
<p>
This is primarily used for kernel threads;
generally the domain_type() interface is
more appropriate for userland processes.
</p>
</desc>
<param name="type">
<summary>
Type to be used as a basic domain type.
</summary>
</param>
</interface>
<interface name="domain_type" lineno="75">
<summary>
Make the specified type usable as a domain.
</summary>
<desc>
<p>
Make the specified type usable as a domain.  This,
or an interface that calls this interface, must be
used on all types that are used as domains.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>application_domain()</li>
<li>init_daemon_domain()</li>
<li>init_domaion()</li>
<li>init_ranged_daemon_domain()</li>
<li>init_ranged_domain()</li>
<li>init_ranged_system_domain()</li>
<li>init_script_domain()</li>
<li>init_system_domain()</li>
</ul>
<p>
Example:
</p>
<p>
type mydomain_t;
domain_type(mydomain_t)
type myfile_t;
files_type(myfile_t)
allow mydomain_t myfile_t:file read_file_perms;
</p>
</desc>
<param name="type">
<summary>
Type to be used as a domain type.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="domain_entry_file" lineno="100">
<summary>
Make the specified type usable as
an entry point for the domain.
</summary>
<param name="domain">
<summary>
Domain to be entered.
</summary>
</param>
<param name="type">
<summary>
Type of program used for entering
the domain.
</summary>
</param>
</interface>
<interface name="domain_interactive_fd" lineno="128">
<summary>
Make the file descriptors of the specified
domain for interactive use (widely inheritable)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dyntrans_type" lineno="157">
<summary>
Allow the specified domain to perform
dynamic transitions.
</summary>
<desc>
<p>
Allow the specified domain to perform
dynamic transitions.
</p>
<p>
This violates process tranquility, and it
is strongly suggested that this not be used.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_system_change_exemption" lineno="177">
<summary>
Makes caller and execption to the constraint
preventing changing to the system user
identity and system role.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_subj_id_change_exemption" lineno="196">
<summary>
Makes caller an exception to the constraint preventing
changing of user identity.
</summary>
<param name="domain">
<summary>
The process type to make an exception to the constraint.
</summary>
</param>
</interface>
<interface name="domain_role_change_exemption" lineno="215">
<summary>
Makes caller an exception to the constraint preventing
changing of role.
</summary>
<param name="domain">
<summary>
The process type to make an exception to the constraint.
</summary>
</param>
</interface>
<interface name="domain_obj_id_change_exemption" lineno="235">
<summary>
Makes caller an exception to the constraint preventing
changing the user identity in object contexts.
</summary>
<param name="domain">
<summary>
The process type to make an exception to the constraint.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_user_exemption_target" lineno="270">
<summary>
Make the specified domain the target of
the user domain exception of the
SELinux role and identity change
constraints.
</summary>
<desc>
<p>
Make the specified domain the target of
the user domain exception of the
SELinux role and identity change
constraints.
</p>
<p>
This interface is needed to decouple
the user domains from the base module.
It should not be used other than on
user domains.
</p>
</desc>
<param name="domain">
<summary>
Domain target for user exemption.
</summary>
</param>
</interface>
<interface name="domain_cron_exemption_source" lineno="305">
<summary>
Make the specified domain the source of
the cron domain exception of the
SELinux role and identity change
constraints.
</summary>
<desc>
<p>
Make the specified domain the source of
the cron domain exception of the
SELinux role and identity change
constraints.
</p>
<p>
This interface is needed to decouple
the cron domains from the base module.
It should not be used other than on
cron domains.
</p>
</desc>
<param name="domain">
<summary>
Domain target for user exemption.
</summary>
</param>
</interface>
<interface name="domain_cron_exemption_target" lineno="340">
<summary>
Make the specified domain the target of
the cron domain exception of the
SELinux role and identity change
constraints.
</summary>
<desc>
<p>
Make the specified domain the target of
the cron domain exception of the
SELinux role and identity change
constraints.
</p>
<p>
This interface is needed to decouple
the cron domains from the base module.
It should not be used other than on
user cron jobs.
</p>
</desc>
<param name="domain">
<summary>
Domain target for user exemption.
</summary>
</param>
</interface>
<interface name="domain_use_interactive_fds" lineno="368">
<summary>
Inherit and use file descriptors from
domains with interactive programs.
</summary>
<desc>
<p>
Allow the specified domain to inherit and use file
descriptors from domains with interactive programs.
This does not allow access to the objects being referenced
by the file descriptors.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="1"/>
</interface>
<interface name="domain_dontaudit_use_interactive_fds" lineno="388">
<summary>
Do not audit attempts to inherit file
descriptors from domains with interactive
programs.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_sigchld_interactive_fds" lineno="408">
<summary>
Send a SIGCHLD signal to domains whose file
discriptors are widely inheritable.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_setpriority_all_domains" lineno="427">
<summary>
Set the nice level of all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_signal_all_domains" lineno="446">
<summary>
Send general signals to all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_dontaudit_signal_all_domains" lineno="466">
<summary>
Do not audit attempts to send general
signals to all domains.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_signull_all_domains" lineno="485">
<summary>
Send a null signal to all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_dontaudit_signull_all_domains" lineno="505">
<summary>
Do not audit attempts to send
signulls to all domains.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_sigstop_all_domains" lineno="524">
<summary>
Send a stop signal to all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_sigchld_all_domains" lineno="543">
<summary>
Send a child terminated signal to all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_kill_all_domains" lineno="562">
<summary>
Send a kill signal to all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_unix_read_all_semaphores" lineno="582">
<summary>
Allow unix_read all domains semaphores
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_destroy_all_semaphores" lineno="601">
<summary>
Destroy all domains semaphores
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_search_all_domains_state" lineno="619">
<summary>
Search the process state directory (/proc/pid) of all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_read_view_all_domains_keyrings" lineno="638">
<summary>
Allow read and view of process kernel keyrings
</summary>
<param name="domain">
<summary>
Domain to dontaudit.
</summary>
</param>
</interface>
<interface name="domain_rw_all_domains_keyrings" lineno="656">
<summary>
Allow read and write  of process kernel keyrings
</summary>
<param name="domain">
<summary>
Domain to dontaudit.
</summary>
</param>
</interface>
<interface name="domain_manage_all_domains_keyrings" lineno="674">
<summary>
Allow manage of process kernel keyrings
</summary>
<param name="domain">
<summary>
Domain to dontaudit.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_search_all_domains_keyrings" lineno="692">
<summary>
Dontaudit search of process kernel keyrings
</summary>
<param name="domain">
<summary>
Domain to dontaudit.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_link_all_domains_keyrings" lineno="710">
<summary>
Dontaudit link of process kernel keyrings
</summary>
<param name="domain">
<summary>
Domain to dontaudit.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_search_all_domains_state" lineno="729">
<summary>
Do not audit attempts to search the process
state directory (/proc/pid) of all domains.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_read_all_domains_state" lineno="748">
<summary>
Read the process state (/proc/pid) of all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_getattr_all_domains" lineno="770">
<summary>
Get the attributes of all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_dontaudit_getattr_all_domains" lineno="789">
<summary>
Do not audit attempts to get the attributes
of all domains.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_read_confined_domains_state" lineno="808">
<summary>
Read the process state (/proc/pid) of all confined domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_getattr_confined_domains" lineno="834">
<summary>
Get the attributes of all confined domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_ptrace_all_domains" lineno="853">
<summary>
Ptrace all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_dontaudit_ptrace_all_domains" lineno="882">
<summary>
Do not audit attempts to ptrace all domains.
</summary>
<desc>
<p>
Do not audit attempts to ptrace all domains.
</p>
<p>
Generally this needs to be suppressed because procps tries to access
/proc/pid/environ and this now triggers a ptrace check in recent kernels
(2.4 and 2.6).
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_ptrace_confined_domains" lineno="910">
<summary>
Do not audit attempts to ptrace confined domains.
</summary>
<desc>
<p>
Do not audit attempts to ptrace confined domains.
</p>
<p>
Generally this needs to be suppressed because procps tries to access
/proc/pid/environ and this now triggers a ptrace check in recent kernels
(2.4 and 2.6).
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_read_all_domains_state" lineno="929">
<summary>
Do not audit attempts to read the process
state (/proc/pid) of all domains.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_list_all_domains_state" lineno="954">
<summary>
Do not audit attempts to read the process state
directories of all domains.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_getsession_all_domains" lineno="972">
<summary>
Get the session ID of all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getsession_all_domains" lineno="991">
<summary>
Do not audit attempts to get the
session ID of all domains.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_getpgid_all_domains" lineno="1009">
<summary>
Get the process group ID of all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_getsched_all_domains" lineno="1027">
<summary>
Get the scheduler information of all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_getcap_all_domains" lineno="1045">
<summary>
Get the capability information of all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_getattr_all_sockets" lineno="1074">
<summary>
Get the attributes of all domains
sockets, for all socket types.
</summary>
<desc>
<p>
Get the attributes of all domains
sockets, for all socket types.
</p>
<p>
This is commonly used for domains
that can use lsof on all domains.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getattr_all_sockets" lineno="1103">
<summary>
Do not audit attempts to get the attributes
of all domains sockets, for all socket types.
</summary>
<desc>
<p>
Do not audit attempts to get the attributes
of all domains sockets, for all socket types.
</p>
<p>
This interface was added for PCMCIA cardmgr
and is probably excessive.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getattr_all_tcp_sockets" lineno="1122">
<summary>
Do not audit attempts to get the attributes
of all domains TCP sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getattr_all_udp_sockets" lineno="1141">
<summary>
Do not audit attempts to get the attributes
of all domains UDP sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_rw_all_udp_sockets" lineno="1160">
<summary>
Do not audit attempts to read or write
all domains UDP sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getattr_all_key_sockets" lineno="1179">
<summary>
Do not audit attempts to get attribues of
all domains IPSEC key management sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getattr_all_packet_sockets" lineno="1198">
<summary>
Do not audit attempts to get attribues of
all domains packet sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getattr_all_raw_sockets" lineno="1217">
<summary>
Do not audit attempts to get attribues of
all domains raw sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_rw_all_key_sockets" lineno="1236">
<summary>
Do not audit attempts to read or write
all domains key sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getattr_all_dgram_sockets" lineno="1255">
<summary>
Do not audit attempts to get the attributes
of all domains unix datagram sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_getattr_all_stream_sockets" lineno="1274">
<summary>
Get the attributes
of all domains unix datagram sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getattr_all_stream_sockets" lineno="1293">
<summary>
Do not audit attempts to get the attributes
of all domains unix datagram sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_connect_all_stream_sockets" lineno="1311">
<summary>
Connect to all domains unix stream sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_getattr_all_pipes" lineno="1340">
<summary>
Get the attributes of all domains
unnamed pipes.
</summary>
<desc>
<p>
Get the attributes of all domains
unnamed pipes.
</p>
<p>
This is commonly used for domains
that can use lsof on all domains.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getattr_all_pipes" lineno="1359">
<summary>
Do not audit attempts to get the attributes
of all domains unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_ipsec_setcontext_all_domains" lineno="1378">
<summary>
Allow specified type to set context of all
domains IPSEC associations.
</summary>
<param name="type">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_getattr_all_entry_files" lineno="1397">
<summary>
Get the attributes of entry point
files for all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getattr_all_entry_files" lineno="1417">
<summary>
Do not audit attempts to get the attributes
of all entry point files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_read_all_entry_files" lineno="1435">
<summary>
Read the entry point files for all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_exec_all_entry_files" lineno="1456">
<summary>
Execute the entry point files for all
domains in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_dontaudit_exec_all_entry_files" lineno="1474">
<summary>
dontaudit checking for execute on all entry point files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_manage_all_entry_files" lineno="1494">
<summary>
Create, read, write, and delete all
entrypoint files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_relabelfrom" lineno="1512">
<summary>
Relabel from domain types on files if a user managed to mislable
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_relabel_all_entry_files" lineno="1532">
<summary>
Relabel to and from all entry point
file types.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_mmap_all_entry_files" lineno="1551">
<summary>
Mmap all entry point files as executable.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_entry_file_spec_domtrans" lineno="1575">
<summary>
Execute an entry_type in the specified domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="domain_mmap_low" lineno="1597">
<summary>
Ability to mmap a low area of the address
space conditionally, as configured by
/proc/sys/vm/mmap_min_addr.
Preventing such mappings helps protect against
exploiting null deref bugs in the kernel.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_mmap_low_uncond" lineno="1624">
<summary>
Ability to mmap a low area of the address
space unconditionally, as configured
by /proc/sys/vm/mmap_min_addr.
Preventing such mappings helps protect against
exploiting null deref bugs in the kernel.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_all_recvfrom_all_domains" lineno="1646">
<summary>
Allow specified type to receive labeled
networking packets from all domains, over
all protocols (TCP, UDP, etc)
</summary>
<param name="type">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_unconfined_signal" lineno="1664">
<summary>
Send generic signals to the unconfined domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_named_filetrans" lineno="1682">
<summary>
Named Filetrans Domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_stub_named_filetrans_domain" lineno="1700">
<summary>
named_filetrans_domain stub attribute interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="domain_unconfined" lineno="1716">
<summary>
Unconfined access to domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_leaks" lineno="1747">
<summary>
Do not audit attempts to read or write
all leaked sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_transition_all" lineno="1765">
<summary>
Allow caller to transition to any domain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_access_check" lineno="1783">
<summary>
Do not audit attempts to access check /proc
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_setrlimit_all_domains" lineno="1802">
<summary>
Allow set resource limits to all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_rlimitinh_all_domains" lineno="1821">
<summary>
Allow set resource limits to all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_noatsecure_all_domains" lineno="1839">
<summary>
Allow all domains noatsecure permission
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dyntrans" lineno="1857">
<summary>
Allow domain dyntransition to all domains in domain attribute.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="domain_rw_perf_event_all_domains" lineno="1875">
<summary>
Allow read and write perf_event file descriptors from all domains
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="domain_fd_use" dftval="true">
<desc>
<p>
Allow all domains to use other domains file descriptors
</p>
</desc>
</tunable>
<tunable name="fips_mode" dftval="true">
<desc>
<p>
Allow all domains to execute in fips_mode
</p>
</desc>
</tunable>
<tunable name="domain_kernel_load_modules" dftval="false">
<desc>
<p>
Allow all domains to have the kernel load modules
</p>
</desc>
</tunable>
<tunable name="mmap_low_allowed" dftval="false">
<desc>
<p>
Control the ability to mmap a low area of the address space,
as configured by /proc/sys/vm/mmap_min_addr.
</p>
</desc>
</tunable>
<tunable name="domain_can_write_kmsg" dftval="false">
<desc>
<p>
Allow all domains write to kmsg_device,
while kernel is executed with systemd.log_target=kmsg parameter.
</p>
</desc>
</tunable>
<tunable name="domain_can_mmap_files" dftval="false">
<desc>
<p>
Allow any process to mmap any file on system with attribute file_type.
</p>
</desc>
</tunable>
</module>
<module name="files" filename="policy/modules/kernel/files.if">
<summary>
Basic filesystem types and interfaces.
</summary>
<desc>
<p>
This module contains basic filesystem types and interfaces. This
includes:
<ul>
<li>The concept of different file types including basic
files, mount points, tmp files, etc.</li>
<li>Access to groups of files and all files.</li>
<li>Types and interfaces for the basic filesystem layout
(/, /etc, /tmp, /usr, etc.).</li>
</ul>
</p>
</desc>
<required val="true">
Contains the concept of a file.
Comains the file initial SID.
</required>
<interface name="files_stub_etc" lineno="32">
<summary>
files stub etc_t interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="files_stub_var_lock" lineno="48">
<summary>
files stub var_lock_t interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="files_stub_var_log" lineno="64">
<summary>
files stub var_log_t interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="files_stub_var_lib" lineno="80">
<summary>
files stub var_lib_t interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="files_stub_var_run" lineno="96">
<summary>
files stub var_run_t interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="files_stub_var_spool" lineno="112">
<summary>
files stub var_run_t interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="files_stub_var" lineno="128">
<summary>
files stub var_run_t interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="files_stub_tmp" lineno="145">
<summary>
files stub tmp_t interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="files_type" lineno="210">
<summary>
Make the specified type usable for files
in a filesystem.
</summary>
<desc>
<p>
Make the specified type usable for files
in a filesystem.  Types used for files that
do not use this interface, or an interface that
calls this one, will have unexpected behaviors
while the system is running. If the type is used
for device nodes (character or block files), then
the dev_node() interface is more appropriate.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>application_domain()</li>
<li>application_executable_file()</li>
<li>corecmd_executable_file()</li>
<li>init_daemon_domain()</li>
<li>init_domaion()</li>
<li>init_ranged_daemon_domain()</li>
<li>init_ranged_domain()</li>
<li>init_ranged_system_domain()</li>
<li>init_script_file()</li>
<li>init_script_domain()</li>
<li>init_system_domain()</li>
<li>files_config_files()</li>
<li>files_lock_file()</li>
<li>files_mountpoint()</li>
<li>files_pid_file()</li>
<li>files_security_file()</li>
<li>files_security_mountpoint()</li>
<li>files_spool_file()</li>
<li>files_tmp_file()</li>
<li>files_tmpfs_file()</li>
<li>logging_log_file()</li>
<li>userdom_user_home_content()</li>
</ul>
<p>
Example:
</p>
<p>
type myfile_t;
files_type(myfile_t)
allow mydomain_t myfile_t:file read_file_perms;
</p>
</desc>
<param name="type">
<summary>
Type to be used for files.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="files_auth_file" lineno="230">
<summary>
Mark the specified type as a file
that is related to authentication.
</summary>
<param name="file_type">
<summary>
Type of the authentication-related
file.
</summary>
</param>
</interface>
<interface name="files_security_file" lineno="251">
<summary>
Make the specified type a file that
should not be dontaudited from
browsing from user domains.
</summary>
<param name="file_type">
<summary>
Type of the file to be used as a
member directory.
</summary>
</param>
</interface>
<interface name="files_mountpoint" lineno="271">
<summary>
Make the specified type usable for
filesystem mount points.
</summary>
<param name="type">
<summary>
Type to be used for mount points.
</summary>
</param>
</interface>
<interface name="files_mountpoint_filetrans" lineno="306">
<summary>
Create a private type object in mountpoint dir
with an automatic type transition
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object_class">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="files_security_mountpoint" lineno="325">
<summary>
Make the specified type usable for
security file filesystem mount points.
</summary>
<param name="type">
<summary>
Type to be used for mount points.
</summary>
</param>
</interface>
<interface name="files_lock_file" lineno="345">
<summary>
Make the specified type usable for
lock files.
</summary>
<param name="type">
<summary>
Type to be used for lock files.
</summary>
</param>
</interface>
<interface name="files_pid_file" lineno="393">
<summary>
Make the specified type usable for
runtime process ID files.
</summary>
<desc>
<p>
Make the specified type usable for runtime process ID files,
typically found in /var/run.
This will also make the type usable for files, making
calls to files_type() redundant.  Failure to use this interface
for a PID file type may result in problems with starting
or stopping services.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>files_pid_filetrans()</li>
</ul>
<p>
Example usage with a domain that can create and
write its PID file with a private PID file type in the
/var/run directory:
</p>
<p>
type mypidfile_t;
files_pid_file(mypidfile_t)
allow mydomain_t mypidfile_t:file { create_file_perms write_file_perms };
files_pid_filetrans(mydomain_t, mypidfile_t, file)
</p>
</desc>
<param name="type">
<summary>
Type to be used for PID files.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="files_config_file" lineno="433">
<summary>
Make the specified type a
configuration file.
</summary>
<desc>
<p>
Make the specified type usable for configuration files.
This will also make the type usable for files, making
calls to files_type() redundant.  Failure to use this interface
for a temporary file may result in problems with
configuration management tools.
</p>
<p>
Example usage with a domain that can read
its configuration file /etc:
</p>
<p>
type myconffile_t;
files_config_file(myconffile_t)
allow mydomain_t myconffile_t:file read_file_perms;
files_search_etc(mydomain_t)
</p>
</desc>
<param name="file_type">
<summary>
Type to be used as a configuration file.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="files_poly" lineno="453">
<summary>
Make the specified type a
polyinstantiated directory.
</summary>
<param name="file_type">
<summary>
Type of the file to be used as a
polyinstantiated directory.
</summary>
</param>
</interface>
<interface name="files_poly_parent" lineno="474">
<summary>
Make the specified type a parent
of a polyinstantiated directory.
</summary>
<param name="file_type">
<summary>
Type of the file to be used as a
parent directory.
</summary>
</param>
</interface>
<interface name="files_poly_member" lineno="495">
<summary>
Make the specified type a
polyinstantiation member directory.
</summary>
<param name="file_type">
<summary>
Type of the file to be used as a
member directory.
</summary>
</param>
</interface>
<interface name="files_poly_member_tmp" lineno="522">
<summary>
Make the domain use the specified
type of polyinstantiated directory.
</summary>
<param name="domain">
<summary>
Domain using the polyinstantiated
directory.
</summary>
</param>
<param name="file_type">
<summary>
Type of the file to be used as a
member directory.
</summary>
</param>
</interface>
<interface name="files_tmp_file" lineno="569">
<summary>
Make the specified type a file
used for temporary files.
</summary>
<desc>
<p>
Make the specified type usable for temporary files.
This will also make the type usable for files, making
calls to files_type() redundant.  Failure to use this interface
for a temporary file may result in problems with
purging temporary files.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>files_tmp_filetrans()</li>
</ul>
<p>
Example usage with a domain that can create and
write its temporary file in the system temporary file
directories (/tmp or /var/tmp):
</p>
<p>
type mytmpfile_t;
files_tmp_file(mytmpfile_t)
allow mydomain_t mytmpfile_t:file { create_file_perms write_file_perms };
files_tmp_filetrans(mydomain_t, mytmpfile_t, file)
</p>
</desc>
<param name="file_type">
<summary>
Type of the file to be used as a
temporary file.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="files_tmpfs_file" lineno="591">
<summary>
Transform the type into a file, for use on a
virtual memory filesystem (tmpfs).
</summary>
<param name="type">
<summary>
The type to be transformed.
</summary>
</param>
</interface>
<interface name="files_getattr_all_dirs" lineno="610">
<summary>
Get the attributes of all directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_all_dirs" lineno="629">
<summary>
Do not audit attempts to get the attributes
of all directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_getattr_non_security_dirs" lineno="647">
<summary>
Get attributes of all non-security directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_list_non_security" lineno="665">
<summary>
List all non-security directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_watch_non_security_dirs" lineno="683">
<summary>
Watch all non-security directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_watch_non_security_files" lineno="701">
<summary>
Watch all non-security files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_watch_non_security_lnk_files" lineno="719">
<summary>
Watch all non-security lnk_files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_list_non_security" lineno="738">
<summary>
Do not audit attempts to list all
non-security directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_mounton_non_security" lineno="757">
<summary>
Mount a filesystem on all non-security
directories and files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_write_non_security_dirs" lineno="776">
<summary>
Allow attempts to modify any directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_setattr_non_security_dirs" lineno="794">
<summary>
Allow attempts to setattr any directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_create_non_security_dirs" lineno="812">
<summary>
Allow attempts to create non-security directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_non_security_dirs" lineno="830">
<summary>
Allow attempts to manage non-security directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_search_non_security_dirs" lineno="848">
<summary>
Allow attempts to search non-security directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_getattr_all_files" lineno="866">
<summary>
Get the attributes of all files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_getattr_all_chr_files" lineno="885">
<summary>
Get the attributes of all chr files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_getattr_all_blk_files" lineno="903">
<summary>
Get the attributes of all blk files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_all_files" lineno="922">
<summary>
Do not audit attempts to get the attributes
of all files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_non_security_files" lineno="941">
<summary>
Do not audit attempts to get the attributes
of non security files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_proc_type_files" lineno="960">
<summary>
Do not audit attempts to get the attributes
of proc_type files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_sysctl_type_files" lineno="979">
<summary>
Do not audit attempts to get the attributes
of sysctl_type files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_filesystem_type_files" lineno="998">
<summary>
Do not audit attempts to get the attributes
of filesystem_type files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_non_security_dirs" lineno="1017">
<summary>
Do not audit attempts to search
non security dirs.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_setattr_non_security_files" lineno="1036">
<summary>
Do not audit attempts to set the attributes
of non security files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_setattr_non_security_dirs" lineno="1055">
<summary>
Do not audit attempts to set the attributes
of non security directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_read_all_files" lineno="1073">
<summary>
Read all files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_mmap_all_files" lineno="1096">
<summary>
Mmap all files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_execmod_all_files" lineno="1123">
<summary>
Allow shared library text relocations in all files.
</summary>
<desc>
<p>
Allow shared library text relocations in all files.
</p>
<p>
This is added to support WINE policy.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_non_security_files" lineno="1142">
<summary>
Read all non-security files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_map_non_security_files" lineno="1163">
<summary>
Map all non-security files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_rw_inherited_non_security_files" lineno="1182">
<summary>
Read/Write all inherited non-security files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_append_non_security_files" lineno="1201">
<summary>
Allow Append to non-security files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_manage_non_security_files" lineno="1220">
<summary>
Manage all non-security files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_relabel_non_security_files" lineno="1240">
<summary>
Relabel all non-security files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_search_base_file_types" lineno="1269">
<summary>
Search all base file dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabel_base_file_types" lineno="1287">
<summary>
Relabel all base file types.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_all_dirs_except" lineno="1319">
<summary>
Read all directories on the filesystem, except
the listed exceptions.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded.  Each type or attribute
must be negated by the caller.
</summary>
</param>
</interface>
<interface name="files_read_all_files_except" lineno="1344">
<summary>
Read all files on the filesystem, except
the listed exceptions.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded.  Each type or attribute
must be negated by the caller.
</summary>
</param>
</interface>
<interface name="files_read_all_symlinks_except" lineno="1369">
<summary>
Read all symbolic links on the filesystem, except
the listed exceptions.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded.  Each type or attribute
must be negated by the caller.
</summary>
</param>
</interface>
<interface name="files_getattr_all_symlinks" lineno="1387">
<summary>
Get the attributes of all symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_all_symlinks" lineno="1406">
<summary>
Do not audit attempts to get the attributes
of all symbolic links.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_read_all_symlinks" lineno="1424">
<summary>
Do not audit attempts to read all symbolic links.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_non_security_symlinks" lineno="1443">
<summary>
Do not audit attempts to get the attributes
of non security symbolic links.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_non_security_blk_files" lineno="1462">
<summary>
Do not audit attempts to get the attributes
of non security block devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_non_security_chr_files" lineno="1481">
<summary>
Do not audit attempts to get the attributes
of non security character devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_read_all_symlinks" lineno="1500">
<summary>
Read all symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_getattr_all_pipes" lineno="1519">
<summary>
Get the attributes of all named pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_all_pipes" lineno="1539">
<summary>
Do not audit attempts to get the attributes
of all named pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_non_security_pipes" lineno="1558">
<summary>
Do not audit attempts to get the attributes
of non security named pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_rw_inherited_pipes" lineno="1577">
<summary>
Do not audit attempts to read/write
of non security named pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_getattr_all_sockets" lineno="1595">
<summary>
Get the attributes of all named sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_all_sockets" lineno="1615">
<summary>
Do not audit attempts to get the attributes
of all named sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_read_all_sockets" lineno="1634">
<summary>
Do not audit attempts to read
of all named sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_read_all_non_security_files" lineno="1653">
<summary>
Do not audit attempts to read
of all security file types.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_non_security_sockets" lineno="1672">
<summary>
Do not audit attempts to get the attributes
of non security named sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_read_all_blk_files" lineno="1690">
<summary>
Read all block nodes with file types.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_all_chr_files" lineno="1708">
<summary>
Read all character nodes with file types.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabel_all_files" lineno="1734">
<summary>
Relabel all files on the filesystem, except
the listed exceptions.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded.  Each type or attribute
must be negated by the caller.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_rw_all_files" lineno="1771">
<summary>
rw all files on the filesystem, except
the listed exceptions.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded.  Each type or attribute
must be negated by the caller.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_manage_all_files" lineno="1797">
<summary>
Manage all files on the filesystem, except
the listed exceptions.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded.  Each type or attribute
must be negated by the caller.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_search_all" lineno="1826">
<summary>
Search the contents of all directories on
extended attribute filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_list_all" lineno="1845">
<summary>
List the contents of all directories on
extended attribute filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_all_dirs" lineno="1865">
<summary>
Do not audit attempts to search the
contents of any directories on extended
attribute filesystems.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_map_all_dirs" lineno="1884">
<summary>
Do not audit attempts to map
file_type directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_getattr_all_file_type_fs" lineno="1907">
<summary>
Get the attributes of all filesystems
with the type of a file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabelto_all_file_type_fs" lineno="1925">
<summary>
Relabel a filesystem to the type of a file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabel_all_file_type_fs" lineno="1943">
<summary>
Relabel a filesystem to the type of a file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_mount_all_file_type_fs" lineno="1961">
<summary>
Mount all filesystems with the type of a file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_unmount_all_file_type_fs" lineno="1979">
<summary>
Unmount all filesystems with the type of a file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_remount_all_file_type_fs" lineno="1997">
<summary>
Remount all filesystems with the type of a file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_getattr_non_auth_dirs" lineno="2016">
<summary>
Get attributes of all non-authentication related
directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_list_non_auth_dirs" lineno="2035">
<summary>
Read all non-authentication related
directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_watch_non_auth_dirs" lineno="2053">
<summary>
Watch non-authentication related directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_non_auth_files" lineno="2072">
<summary>
Read all non-authentication related
files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_non_auth_symlinks" lineno="2091">
<summary>
Read all non-authentication related
symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rw_non_auth_files" lineno="2109">
<summary>
rw non-authentication related files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_non_auth_files" lineno="2129">
<summary>
Manage non-authentication related
files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_relabel_non_auth_files" lineno="2157">
<summary>
Relabel all non-authentication related
files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_manage_config_dirs" lineno="2188">
<summary>
Manage all configuration directories on filesystem
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>

</interface>
<interface name="files_relabel_config_dirs" lineno="2207">
<summary>
Relabel configuration directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>

</interface>
<interface name="files_read_config_files" lineno="2225">
<summary>
Read config files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_config_files" lineno="2246">
<summary>
Manage all configuration files on filesystem
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>

</interface>
<interface name="files_relabel_config_files" lineno="2265">
<summary>
Relabel configuration files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>

</interface>
<interface name="files_mounton_all_mountpoints" lineno="2283">
<summary>
Mount a filesystem on all mount points.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_getattr_all_mountpoints" lineno="2302">
<summary>
Get the attributes of all mount points.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_setattr_all_mountpoints" lineno="2320">
<summary>
Set the attributes of all mount points.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabelto_all_mountpoints" lineno="2338">
<summary>
Set the attributes of all mount points.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_setattr_all_mountpoints" lineno="2356">
<summary>
Do not audit attempts to set the attributes on all mount points.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_search_all_mountpoints" lineno="2374">
<summary>
Search all mount points.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_all_mountpoints" lineno="2392">
<summary>
Do not audit searching of all mount points.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_list_all_mountpoints" lineno="2410">
<summary>
List all mount points.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_list_all_mountpoints" lineno="2428">
<summary>
Do not audit listing of all mount points.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_write_all_mountpoints" lineno="2446">
<summary>
Write all mount points.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_write_all_mountpoints" lineno="2464">
<summary>
Do not audit attempts to write to mount points.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_watch_sb_all_mountpoints" lineno="2483">
<summary>
Watch_sb all mount points
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_unmount_all_mountpoints" lineno="2501">
<summary>
Do not audit attempts to unmount all mount points.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_read_all_mountpoint_symlinks" lineno="2519">
<summary>
Read  all mountpoint symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_entrypoint_all_mountpoint" lineno="2538">
<summary>
Make all mountpoint as entrypoint.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rmdir_all_dirs" lineno="2556">
<summary>
Remove all file type directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_watch_sb_all_dirs" lineno="2574">
<summary>
Watch_sb all file type directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_write_all_dirs" lineno="2592">
<summary>
Write all file type directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_list_root" lineno="2610">
<summary>
List the contents of the root directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_write_root_dirs" lineno="2628">
<summary>
Do not audit attempts to write to / dirs.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_watch_sb_root_dirs" lineno="2646">
<summary>
Watch_sb root directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_write_root_dirs" lineno="2664">
<summary>
Do not audit attempts to write to / dirs.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_rw_root_dir" lineno="2683">
<summary>
Do not audit attempts to write
files in the root directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_access_check_root" lineno="2702">
<summary>
Do not audit attempts to check the
access on root directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_root_filetrans" lineno="2737">
<summary>
Create an object in the root directory, with a private
type using a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="files_read_root_files" lineno="2755">
<summary>
Read files in the root directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_read_root_files" lineno="2774">
<summary>
Do not audit attempts to read files in
the root directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_rw_root_files" lineno="2793">
<summary>
Do not audit attempts to read or write
files in the root directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_rw_root_chr_files" lineno="2812">
<summary>
Do not audit attempts to read or write
character device nodes in the root directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_delete_root_files" lineno="2830">
<summary>
Delete files in the root directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_root_dir_entry" lineno="2848">
<summary>
Remove entries from the root directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_setattr_root_dirs" lineno="2866">
<summary>
Set attributes of the root directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_watch_root_dirs" lineno="2884">
<summary>
Watch the root directory.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="files_watch_mount_root_dirs" lineno="2902">
<summary>
Watch_mount the root directory.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="files_watch_with_perm_root_dirs" lineno="2920">
<summary>
Watch_with_perm the root directory.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="files_relabel_rootfs" lineno="2938">
<summary>
Relabel a rootfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_unmount_rootfs" lineno="2956">
<summary>
Unmount a rootfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_mounton_rootfs" lineno="2974">
<summary>
Mount a filesystem on the root file system
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_remount_rootfs" lineno="2992">
<summary>
Remount a filesystem on the root file system
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_mounton_rootfs" lineno="3010">
<summary>
Mount a filesystem on the root file system
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_getattr_boot_dirs" lineno="3028">
<summary>
Get attributes of the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_boot_dirs" lineno="3047">
<summary>
Do not audit attempts to get attributes
of the /boot directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_search_boot" lineno="3065">
<summary>
Search the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_boot" lineno="3083">
<summary>
Do not audit attempts to search the /boot directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_list_boot" lineno="3101">
<summary>
List the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_list_boot" lineno="3119">
<summary>
Do not audit attempts to list the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_create_boot_dirs" lineno="3137">
<summary>
Create directories in /boot
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_boot_dirs" lineno="3156">
<summary>
Create, read, write, and delete
directories in /boot.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_manage_boot_dirs" lineno="3175">
<summary>
Do not audit attempts to manage entries
in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_watch_boot_dirs" lineno="3193">
<summary>
Watch directories in /boot.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_watch_sb_boot_dirs" lineno="3211">
<summary>
Watch_sb boot directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_watch_mount_boot_dirs" lineno="3229">
<summary>
Watch_mount directories in /boot.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_watch_with_perm_boot_dirs" lineno="3247">
<summary>
Watch_with_perm directories in /boot.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_boot_filetrans" lineno="3281">
<summary>
Create a private type object in boot
with an automatic type transition
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object_class">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="files_read_boot_files" lineno="3300">
<summary>
read files in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_map_boot_files" lineno="3318">
<summary>
Map files in the /boot.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_boot_files" lineno="3337">
<summary>
Create, read, write, and delete files
in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_dontaudit_manage_boot_files" lineno="3357">
<summary>
Dontaudit Create, read, write, and delete files
in the boot files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_relabelfrom_boot_files" lineno="3375">
<summary>
Relabel from files in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabelto_boot_files" lineno="3393">
<summary>
Relabel to files in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_boot_symlinks" lineno="3411">
<summary>
Read symbolic links in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rw_boot_symlinks" lineno="3430">
<summary>
Read and write symbolic links
in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_boot_symlinks" lineno="3450">
<summary>
Create, read, write, and delete symbolic links
in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_kernel_img" lineno="3468">
<summary>
Read kernel files in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_create_kernel_img" lineno="3489">
<summary>
Install a kernel into the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_delete_kernel" lineno="3509">
<summary>
Delete a kernel from /boot.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_getattr_default_dirs" lineno="3527">
<summary>
Getattr of directories with the default file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_default_dirs" lineno="3546">
<summary>
Do not audit attempts to get the attributes of
directories with the default file type.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_search_default" lineno="3564">
<summary>
Search the contents of directories with the default file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_list_default" lineno="3582">
<summary>
List contents of directories with the default file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_list_default" lineno="3601">
<summary>
Do not audit attempts to list contents of
directories with the default file type.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_manage_default_dirs" lineno="3620">
<summary>
Create, read, write, and delete directories with
the default file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_mounton_default" lineno="3638">
<summary>
Mount a filesystem on a directory with the default file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_default_files" lineno="3657">
<summary>
Do not audit attempts to get the attributes of
files with the default file type.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_read_default_files" lineno="3675">
<summary>
Read files with the default file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_read_default_files" lineno="3694">
<summary>
Do not audit attempts to read files
with the default file type.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_manage_default_files" lineno="3713">
<summary>
Create, read, write, and delete files with
the default file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_default_symlinks" lineno="3731">
<summary>
Read symbolic links with the default file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_default_sockets" lineno="3749">
<summary>
Read sockets with the default file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_default_pipes" lineno="3767">
<summary>
Read named pipes with the default file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_mounton_etc" lineno="3785">
<summary>
Mounton directories on filesystem /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_search_etc" lineno="3803">
<summary>
Search the contents of /etc directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_setattr_etc_dirs" lineno="3821">
<summary>
Set the attributes of the /etc directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_list_etc" lineno="3839">
<summary>
List the contents of /etc directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_write_etc_dirs" lineno="3857">
<summary>
Do not audit attempts to write to /etc dirs.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_rw_etc_dirs" lineno="3875">
<summary>
Add and remove entries from /etc directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_remove_etc_dir" lineno="3893">
<summary>
Dontaudit remove dir /etc directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_manage_etc_dirs" lineno="3912">
<summary>
Manage generic directories in /etc
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>

</interface>
<interface name="files_read_etc_files" lineno="3964">
<summary>
Read generic files in /etc.
</summary>
<desc>
<p>
Allow the specified domain to read generic
files in /etc. These files are typically
general system configuration files that do
not have more specific SELinux types.  Some
examples of these files are:
</p>
<ul>
<li>/etc/fstab</li>
<li>/etc/passwd</li>
<li>/etc/services</li>
<li>/etc/shells</li>
</ul>
<p>
This interface does not include access to /etc/shadow.
</p>
<p>
Generally, it is safe for many domains to have
this access.  However, since this interface provides
access to the /etc/passwd file, caution must be
exercised, as user account names can be leaked
through this access.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>auth_read_shadow()</li>
<li>files_read_etc_runtime_files()</li>
<li>seutil_read_config()</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="files_map_etc_files" lineno="3985">
<summary>
Map generic files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="files_dontaudit_write_etc_files" lineno="4003">
<summary>
Do not audit attempts to write generic files in /etc.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_rw_etc_files" lineno="4022">
<summary>
Read and write generic files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_create_etc_files" lineno="4042">
<summary>
Create generic files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_map_read_etc_files" lineno="4060">
<summary>
Map and read generic files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_etc_files" lineno="4080">
<summary>
Create, read, write, and delete generic
files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_dontaudit_access_check_etc" lineno="4100">
<summary>
Do not audit attempts to check the
access on etc files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_delete_etc_files" lineno="4118">
<summary>
Delete system configuration files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_etc_dir_entry" lineno="4136">
<summary>
Remove entries from the etc directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_exec_etc_files" lineno="4154">
<summary>
Execute generic files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabel_etc_files" lineno="4174">
<summary>
Relabel from and to generic files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_etc_symlinks" lineno="4193">
<summary>
Read symbolic links in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_etc_symlinks" lineno="4211">
<summary>
Create, read, write, and delete symbolic links in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_etc_filetrans" lineno="4245">
<summary>
Create objects in /etc with a private
type using a type_transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file_type">
<summary>
Private file type.
</summary>
</param>
<param name="class">
<summary>
Object classes to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="files_watch_etc_dirs" lineno="4263">
<summary>
Watch generic directories in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="files_watch_etc_files" lineno="4281">
<summary>
Watch generic files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="files_create_boot_flag" lineno="4311">
<summary>
Create a boot flag.
</summary>
<desc>
<p>
Create a boot flag, such as
/.autorelabel and /.autofsck.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_delete_boot_flag" lineno="4337">
<summary>
Delete a boot flag.
</summary>
<desc>
<p>
Delete a boot flag, such as
/.autorelabel and /.autofsck.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_read_etc_runtime_files" lineno="4375">
<summary>
Read files in /etc that are dynamically
created on boot, such as mtab.
</summary>
<desc>
<p>
Allow the specified domain to read dynamically created
configuration files in /etc. These files are typically
general system configuration files that do
not have more specific SELinux types.  Some
examples of these files are:
</p>
<ul>
<li>/etc/motd</li>
<li>/etc/mtab</li>
<li>/etc/nologin</li>
</ul>
<p>
This interface does not include access to /etc/shadow.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10" />
<rolecap/>
</interface>
<interface name="files_dontaudit_setattr_etc_runtime_files" lineno="4395">
<summary>
Do not audit attempts to set the attributes of the etc_runtime files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_write_etc_runtime_files" lineno="4413">
<summary>
Do not audit attempts to write etc_runtime files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_read_etc_runtime_files" lineno="4433">
<summary>
Do not audit attempts to read files
in /etc that are dynamically
created on boot, such as mtab.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_rw_etc_runtime_files" lineno="4453">
<summary>
Read and write files in /etc that are dynamically
created on boot, such as mtab.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_manage_etc_runtime_files" lineno="4476">
<summary>
Create, read, write, and delete files in
/etc that are dynamically created on boot,
such as mtab.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_etc_filetrans_etc_runtime" lineno="4507">
<summary>
Create, etc runtime objects with an automatic
type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object">
<summary>
The class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="files_getattr_isid_type_dirs" lineno="4526">
<summary>
Getattr of directories on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_getattr_isid_type" lineno="4545">
<summary>
Getattr all file opbjects on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_setattr_isid_type_dirs" lineno="4564">
<summary>
Setattr of directories on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_isid_type_dirs" lineno="4583">
<summary>
Do not audit attempts to search directories on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_list_isid_type_dirs" lineno="4602">
<summary>
List the contents of directories on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rw_isid_type_dirs" lineno="4621">
<summary>
Read and write directories on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_isid_type_dirs" lineno="4640">
<summary>
Delete directories on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_exec_isid_files" lineno="4658">
<summary>
Execute files on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_mounton_isid" lineno="4677">
<summary>
Moundon directories on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabelfrom_isid_type" lineno="4696">
<summary>
Relabelfrom all file opbjects on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_isid_type_dirs" lineno="4715">
<summary>
Create, read, write, and delete directories
on new filesystems that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_mounton_isid_type_dirs" lineno="4734">
<summary>
Mount a filesystem on a directory on new filesystems
that has not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_mounton_isid_type_chr_file" lineno="4753">
<summary>
Mount a filesystem on a new chr_file
that has not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_isid_type_files" lineno="4772">
<summary>
Read files on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_isid_type_files" lineno="4791">
<summary>
Delete files on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_isid_type_symlinks" lineno="4810">
<summary>
Delete symbolic links on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_isid_type_fifo_files" lineno="4829">
<summary>
Delete named pipes on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_isid_type_sock_files" lineno="4848">
<summary>
Delete named sockets on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_isid_type_blk_files" lineno="4867">
<summary>
Delete block files on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_write_isid_chr_files" lineno="4886">
<summary>
Do not audit attempts to write to character
files that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_delete_isid_type_chr_files" lineno="4905">
<summary>
Delete chr files on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_isid_type_files" lineno="4924">
<summary>
Create, read, write, and delete files
on new filesystems that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_isid_type_symlinks" lineno="4943">
<summary>
Create, read, write, and delete symbolic links
on new filesystems that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rw_isid_type_blk_files" lineno="4962">
<summary>
Read and write block device nodes on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rw_inherited_isid_type_files" lineno="4981">
<summary>
rw any files inherited from another process
on new filesystems that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_isid_type_blk_files" lineno="5000">
<summary>
Create, read, write, and delete block device nodes
on new filesystems that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_isid_type_chr_files" lineno="5019">
<summary>
Create, read, write, and delete character device nodes
on new filesystems that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_mounton_isid" lineno="5038">
<summary>
Dontaudit Moundon directories on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_getattr_home_dir" lineno="5057">
<summary>
Get the attributes of the home directories root
(/home).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_home_dir" lineno="5078">
<summary>
Do not audit attempts to get the
attributes of the home directories root
(/home).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_access_check_home_dir" lineno="5098">
<summary>
Do not audit attempts to check the
access on home root directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_create_home_dir" lineno="5116">
<summary>
Create /home directories
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="files_search_home" lineno="5134">
<summary>
Search home directories root (/home).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_home" lineno="5154">
<summary>
Do not audit attempts to search
home directories root (/home).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_list_home" lineno="5174">
<summary>
Do not audit attempts to list
home directories root (/home).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_list_home" lineno="5193">
<summary>
Get listing of home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_watch_home" lineno="5212">
<summary>
Watch home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_watch_mount_home" lineno="5230">
<summary>
Watch_mount home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_watch_with_perm_home" lineno="5248">
<summary>
Watch_with_perm home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabelto_home" lineno="5266">
<summary>
Relabel to user home root (/home).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_home_filetrans" lineno="5299">
<summary>
Create objects in /home.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="home_type">
<summary>
The private type.
</summary>
</param>
<param name="object">
<summary>
The class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="files_getattr_lost_found_dirs" lineno="5317">
<summary>
Get the attributes of lost+found directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_lost_found_dirs" lineno="5336">
<summary>
Do not audit attempts to get the attributes of
lost+found directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_list_lost_found" lineno="5354">
<summary>
List the contents of lost+found directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_lost_found" lineno="5374">
<summary>
Create, read, write, and delete objects in
lost+found directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_search_mnt" lineno="5396">
<summary>
Search the contents of /mnt.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_mnt" lineno="5414">
<summary>
Do not audit attempts to search /mnt.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_list_mnt" lineno="5432">
<summary>
List the contents of /mnt.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_list_mnt" lineno="5450">
<summary>
dontaudit List the contents of /mnt.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_access_check_mnt" lineno="5469">
<summary>
Do not audit attempts to check the
write access on mnt files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_mounton_mnt" lineno="5486">
<summary>
Mount a filesystem on /mnt.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_mnt_dirs" lineno="5505">
<summary>
Create, read, write, and delete directories in /mnt.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_manage_mnt_files" lineno="5523">
<summary>
Create, read, write, and delete files in /mnt.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_mnt_files" lineno="5541">
<summary>
read files in /mnt.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_mnt_symlinks" lineno="5559">
<summary>
Read symbolic links in /mnt.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_load_kernel_modules" lineno="5578">
<summary>
Load kernel module files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_map_kernel_modules" lineno="5597">
<summary>
Mmap kernel module files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_mnt_symlinks" lineno="5616">
<summary>
Create, read, write, and delete symbolic links in /mnt.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_search_kernel_modules" lineno="5634">
<summary>
Search the contents of the kernel module directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_list_kernel_modules" lineno="5653">
<summary>
List the contents of the kernel module directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_getattr_kernel_modules" lineno="5671">
<summary>
Get the attributes of kernel module files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_kernel_modules" lineno="5689">
<summary>
Read kernel module files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_write_kernel_modules" lineno="5710">
<summary>
Write kernel module files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_kernel_modules" lineno="5729">
<summary>
Delete kernel module files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_kernel_modules" lineno="5749">
<summary>
Create, read, write, and delete
kernel module files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_relabel_kernel_modules" lineno="5767">
<summary>
Relabel from and to kernel module files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_kernel_modules_filetrans" lineno="5802">
<summary>
Create objects in the kernel module directories
with a private type via an automatic type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object_class">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="files_list_world_readable" lineno="5821">
<summary>
List world-readable directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_read_world_readable_files" lineno="5840">
<summary>
Read world-readable files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_read_world_readable_symlinks" lineno="5859">
<summary>
Read world-readable symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_read_world_readable_pipes" lineno="5877">
<summary>
Read world-readable named pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_world_readable_sockets" lineno="5895">
<summary>
Read world-readable sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_system_conf_files" lineno="5913">
<summary>
Read manageable system configuration files in /etc
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_watch_system_conf_dirs" lineno="5933">
<summary>
Watch manageable system configuration dirs in /etc
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_system_conf_files" lineno="5952">
<summary>
Manage manageable system configuration files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_filetrans_system_conf_named_files" lineno="5971">
<summary>
File name transition for system configuration files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabelto_system_conf_files" lineno="6009">
<summary>
Relabel manageable system configuration files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabelfrom_system_conf_files" lineno="6027">
<summary>
Relabel manageable system configuration files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_etc_filetrans_system_conf" lineno="6046">
<summary>
Create files in /etc with the type used for
the manageable system config files.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="files_manage_system_db_files" lineno="6064">
<summary>
Manage manageable system db files in /var/lib.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_watch_system_db_dirs" lineno="6083">
<summary>
Watch manageable system db dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_watch_system_db_files" lineno="6101">
<summary>
Watch manageable system db files in /var/db.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_map_system_db_files" lineno="6119">
<summary>
Map manageable system db files in /var/lib.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_filetrans_system_db_named_files" lineno="6136">
<summary>
File name transition for system db files in /var/lib.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_filetrans_tmp_named_files" lineno="6155">
<summary>
File name transition for tmp files in /.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_associate_tmp" lineno="6176">
<summary>
Allow the specified type to associate
to a filesystem with the type of the
temporary directory (/tmp).
</summary>
<param name="file_type">
<summary>
Type of the file to associate.
</summary>
</param>
</interface>
<interface name="files_associate_rootfs" lineno="6196">
<summary>
Allow the specified type to associate
to a filesystem with the type of the
/ file system
</summary>
<param name="file_type">
<summary>
Type of the file to associate.
</summary>
</param>
</interface>
<interface name="files_getattr_tmp_dirs" lineno="6214">
<summary>
Get the	attributes of the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_access_check_tmp" lineno="6234">
<summary>
Do not audit attempts to check the
access on tmp files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_tmp_dirs" lineno="6253">
<summary>
Do not audit attempts to get the
attributes of the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_search_tmp" lineno="6271">
<summary>
Search the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_tmp" lineno="6291">
<summary>
Do not audit attempts to search the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_list_tmp" lineno="6309">
<summary>
Read the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_list_tmp" lineno="6328">
<summary>
Do not audit listing of the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_rw_generic_tmp_dir" lineno="6346">
<summary>
Allow read and write to the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain not to audit.
</summary>
</param>
</interface>
<interface name="files_delete_tmp_files" lineno="6365">
<summary>
Delete generic tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_tmp_sockets" lineno="6383">
<summary>
Delete generic tmp sock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_tmp_pipes" lineno="6401">
<summary>
Delete generic tmp named pipes
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_tmp_dir_entry" lineno="6419">
<summary>
Remove entries from the tmp directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_generic_tmp_files" lineno="6438">
<summary>
Read files in the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_write_generic_tmp_sock_files" lineno="6456">
<summary>
Write socket files in the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_generic_tmp_dirs" lineno="6474">
<summary>
Manage temporary directories in /tmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_watch_generic_tmp_dirs" lineno="6492">
<summary>
Watch generic directories in /tmp
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="files_watch_mount_generic_tmp_dirs" lineno="6510">
<summary>
Watch_mount generic directories in /tmp
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="files_watch_with_perm_generic_tmp_dirs" lineno="6528">
<summary>
Watch_with_perm generic directories in /tmp
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="files_execmod_tmp" lineno="6554">
<summary>
Allow shared library text relocations in tmp files.
</summary>
<desc>
<p>
Allow shared library text relocations in tmp files.
</p>
<p>
This is added to support java policy.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_generic_tmp_files" lineno="6572">
<summary>
Manage temporary files and directories in /tmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_map_generic_tmp_files" lineno="6591">
<summary>
Mmap temporary files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolebase/>
</interface>
<interface name="files_read_generic_tmp_symlinks" lineno="6609">
<summary>
Read symbolic links in the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rw_generic_tmp_sockets" lineno="6627">
<summary>
Read and write generic named sockets in the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabelfrom_tmp_dirs" lineno="6645">
<summary>
Relabel a dir from the type used in /tmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabelfrom_tmp_files" lineno="6663">
<summary>
Relabel a file from the type used in /tmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_setattr_all_tmp_dirs" lineno="6681">
<summary>
Set the attributes of all tmp directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_inherited_tmp_files" lineno="6699">
<summary>
Allow caller to read inherited tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_append_inherited_tmp_files" lineno="6717">
<summary>
Allow caller to append inherited tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rw_inherited_tmp_file" lineno="6735">
<summary>
Allow caller to read and write inherited tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_list_all_tmp" lineno="6753">
<summary>
List all tmp directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabel_all_tmp_dirs" lineno="6773">
<summary>
Relabel to and from all temporary
directory types.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_dontaudit_getattr_all_tmp_files" lineno="6794">
<summary>
Do not audit attempts to get the attributes
of all tmp files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_getattr_all_tmp_files" lineno="6813">
<summary>
Allow attempts to get the attributes
of all tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabel_all_tmp_files" lineno="6833">
<summary>
Relabel to and from all temporary
file types.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_dontaudit_getattr_all_tmp_sockets" lineno="6854">
<summary>
Do not audit attempts to get the attributes
of all tmp sock_file.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_read_all_tmp_files" lineno="6872">
<summary>
Read all tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_tmp_file_leaks" lineno="6891">
<summary>
Do not audit attempts to read or write
all leaked tmpfiles files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_rw_tmp_file_leaks" lineno="6910">
<summary>
Do allow attempts to read or write
all leaked tmpfiles files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_tmp_filetrans" lineno="6944">
<summary>
Create an object in the tmp directories, with a private
type using a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="files_purge_tmp" lineno="6962">
<summary>
Delete the contents of /tmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_setattr_usr_dirs" lineno="6995">
<summary>
Set the attributes of the /usr directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_search_usr" lineno="7013">
<summary>
Search the content of /usr.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_list_usr" lineno="7032">
<summary>
List the contents of generic
directories in /usr.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_write_usr_dirs" lineno="7050">
<summary>
Do not audit write of /usr dirs
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_rw_usr_dirs" lineno="7068">
<summary>
Add and remove entries from /usr directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_rw_usr_dirs" lineno="7087">
<summary>
Do not audit attempts to add and remove
entries from /usr directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_delete_usr_dirs" lineno="7105">
<summary>
Delete generic directories in /usr in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_usr_dirs" lineno="7123">
<summary>
Manage generic directories in /usr in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_usr_files" lineno="7141">
<summary>
Delete generic files in /usr in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_mmap_usr_files" lineno="7159">
<summary>
Map files in /usr in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_getattr_usr_files" lineno="7177">
<summary>
Get the attributes of files in /usr.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_usr_files" lineno="7213">
<summary>
Read generic files in /usr.
</summary>
<desc>
<p>
Allow the specified domain to read generic
files in /usr. These files are various program
files that do not have more specific SELinux types.
Some examples of these files are:
</p>
<ul>
<li>/usr/include/*</li>
<li>/usr/share/doc/*</li>
<li>/usr/share/info/*</li>
</ul>
<p>
Generally, it is safe for many domains to have
this access.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="files_exec_usr_files" lineno="7233">
<summary>
Execute generic programs in /usr in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_write_usr_files" lineno="7253">
<summary>
dontaudit write of /usr files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_manage_usr_files" lineno="7271">
<summary>
Create, read, write, and delete files in the /usr directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabelto_usr_files" lineno="7289">
<summary>
Relabel a file to the type used in /usr.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabelfrom_usr_files" lineno="7307">
<summary>
Relabel a file from the type used in /usr.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_usr_symlinks" lineno="7325">
<summary>
Read symbolic links in /usr.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_usr_filetrans" lineno="7358">
<summary>
Create objects in the /usr directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file_type">
<summary>
The type of the object to be created
</summary>
</param>
<param name="object_class">
<summary>
The object class.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_src" lineno="7376">
<summary>
Do not audit attempts to search /usr/src.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_getattr_usr_src_files" lineno="7394">
<summary>
Get the attributes of files in /usr/src.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_usr_src_files" lineno="7415">
<summary>
Read files in /usr/src.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_exec_usr_src_files" lineno="7436">
<summary>
Execute programs in /usr/src in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_watch_usr_dirs" lineno="7456">
<summary>
Watch generic directories in /usr.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_watch_usr_files" lineno="7474">
<summary>
Watch generic files in /usr.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_create_kernel_symbol_table" lineno="7492">
<summary>
Install a system.map into the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_kernel_symbol_table" lineno="7511">
<summary>
Dontaudit getattr attempts on the system.map file
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_read_kernel_symbol_table" lineno="7529">
<summary>
Read system.map in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_kernel_symbol_table" lineno="7548">
<summary>
Delete a system.map in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_mounton_kernel_symbol_table" lineno="7568">
<summary>
Mounton system_map directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_search_var" lineno="7587">
<summary>
Search the contents of /var.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_write_var_dirs" lineno="7605">
<summary>
Do not audit attempts to write to /var.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_write_var_dirs" lineno="7623">
<summary>
Allow attempts to write to /var.dirs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_setattr_var_dirs" lineno="7641">
<summary>
Set the attributes of the /var directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_var" lineno="7660">
<summary>
Do not audit attempts to search
the contents of /var.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_list_var" lineno="7678">
<summary>
List the contents of /var.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_list_var" lineno="7696">
<summary>
Do not audit listing of the var directory (/var).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_create_var_dirs" lineno="7715">
<summary>
Create directories
in the /var directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_var_dirs" lineno="7734">
<summary>
Create, read, write, and delete directories
in the /var directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_watch_var_dirs" lineno="7752">
<summary>
Watch generic directories in /var.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_var_files" lineno="7770">
<summary>
Read files in the /var directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_append_var_files" lineno="7788">
<summary>
Append files in the /var directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rw_var_files" lineno="7806">
<summary>
Read and write files in the /var directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_rw_var_files" lineno="7825">
<summary>
Do not audit attempts to read and write
files in the /var directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_manage_var_files" lineno="7843">
<summary>
Create, read, write, and delete files in the /var directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_var_symlinks" lineno="7861">
<summary>
Read symbolic links in the /var directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_var_symlinks" lineno="7880">
<summary>
Create, read, write, and delete symbolic
links in the /var directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_var_filetrans" lineno="7913">
<summary>
Create objects in the /var directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file_type">
<summary>
The type of the object to be created
</summary>
</param>
<param name="object_class">
<summary>
The object class.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="files_relabel_var_dirs" lineno="7932">
<summary>
Relabel dirs in the /var directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_getattr_var_lib_dirs" lineno="7949">
<summary>
Get the attributes of the /var/lib directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_search_var_lib" lineno="7981">
<summary>
Search the /var/lib directory.
</summary>
<desc>
<p>
Search the /var/lib directory.  This is
necessary to access files or directories under
/var/lib that have a private type.  For example, a
domain accessing a private library file in the
/var/lib directory:
</p>
<p>
allow mydomain_t mylibfile_t:file read_file_perms;
files_search_var_lib(mydomain_t)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="5"/>
</interface>
<interface name="files_dontaudit_search_var_lib" lineno="8001">
<summary>
Do not audit attempts to search the
contents of /var/lib.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="read" weight="5"/>
</interface>
<interface name="files_list_var_lib" lineno="8019">
<summary>
List the contents of the /var/lib directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rw_var_lib_dirs" lineno="8037">
<summary>
Read-write /var/lib directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_map_var_lib_files" lineno="8055">
<summary>
Map /var/lib directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_create_var_lib_dirs" lineno="8073">
<summary>
Create directories in /var/lib
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_create_var_lib_symlinks" lineno="8091">
<summary>
Create symlinks in /var/lib
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_var_lib_filetrans" lineno="8124">
<summary>
Create objects in the /var/lib directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file_type">
<summary>
The type of the object to be created
</summary>
</param>
<param name="object_class">
<summary>
The object class.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="files_read_var_lib_files" lineno="8143">
<summary>
Read generic files in /var/lib.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_var_lib_files" lineno="8162">
<summary>
Manage generic files in /var/lib.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_var_lib_symlinks" lineno="8180">
<summary>
Read generic symbolic links in /var/lib
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_var_lib_symlinks" lineno="8199">
<summary>
manage generic symbolic links
in the /var/lib directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_var_lib_dirs" lineno="8217">
<summary>
Manage generic directories in /var/lib.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_watch_var_lib_dirs" lineno="8235">
<summary>
Watch generic directories in /var/lib.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_urandom_seed" lineno="8257">
<summary>
Create, read, write, and delete the
pseudorandom number generator seed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabelto_var_lib_dirs" lineno="8277">
<summary>
Relabel to dirs in the /var/lib directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabel_var_lib_dirs" lineno="8295">
<summary>
Relabel dirs in the /var/lib directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_mounttab" lineno="8313">
<summary>
Allow domain to manage mount tables
necessary for rpcd, nfsd, etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_list_locks" lineno="8332">
<summary>
List generic lock directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_search_locks" lineno="8351">
<summary>
Search the locks directory (/var/lock).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_locks" lineno="8372">
<summary>
Do not audit attempts to search the
locks directory (/var/lock).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_rw_inherited_locks" lineno="8392">
<summary>
Do not audit attempts to read/write inherited
locks (/var/lock).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_setattr_lock_dirs" lineno="8410">
<summary>
Set the attributes of the /var/lock directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rw_lock_dirs" lineno="8429">
<summary>
Add and remove entries in the /var/lock
directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_create_lock_dirs" lineno="8448">
<summary>
Create lock directories
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="files_relabel_all_lock_dirs" lineno="8468">
<summary>
Relabel to and from all lock directory types.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabel_all_lock_files" lineno="8489">
<summary>
Relabel to and from all lock file types.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_getattr_generic_locks" lineno="8510">
<summary>
Get the attributes of generic lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_generic_locks" lineno="8530">
<summary>
Delete generic lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_generic_locks" lineno="8550">
<summary>
Create, read, write, and delete generic
lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_all_locks" lineno="8570">
<summary>
Delete all lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_read_all_locks" lineno="8591">
<summary>
Read all lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_all_locks" lineno="8613">
<summary>
manage all lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_lock_filetrans" lineno="8651">
<summary>
Create an object in the locks directory, with a private
type using a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_pid_dirs" lineno="8671">
<summary>
Do not audit attempts to get the attributes
of the /var/run directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_setattr_pid_dirs" lineno="8690">
<summary>
Set the attributes of the /var/run directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_search_pids" lineno="8710">
<summary>
Search the contents of runtime process
ID directories (/var/run).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rw_pid_dirs" lineno="8730">
<summary>
Add and remove entries from pid directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_create_var_run_dirs" lineno="8748">
<summary>
Create generic pid directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_pids" lineno="8768">
<summary>
Do not audit attempts to search
the /var/run directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_all_pids" lineno="8788">
<summary>
Do not audit attempts to search
the all /var/run directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_search_all_pids" lineno="8806">
<summary>
Allow search the all /var/run directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_watch_var_run_dirs" lineno="8824">
<summary>
Watch generic pid directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_watch_var_run_path" lineno="8842">
<summary>
Watch generic pid directory and its parents.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_list_pids" lineno="8862">
<summary>
List the contents of the runtime process
ID directories (/var/run).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_generic_pids" lineno="8881">
<summary>
Read generic process ID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_write_generic_pid_pipes" lineno="8901">
<summary>
Write named generic process ID pipes
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_write_generic_pid_sockets" lineno="8920">
<summary>
Write named generic process ID sockets
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_pid_filetrans" lineno="8981">
<summary>
Create an object in the process ID directory, with a private type.
</summary>
<desc>
<p>
Create an object in the process ID directory (e.g., /var/run)
with a private type.  Typically this is used for creating
private PID files in /var/run with the private type instead
of the general PID file type. To accomplish this goal,
either the program must be SELinux-aware, or use this interface.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>files_pid_file()</li>
</ul>
<p>
Example usage with a domain that can create and
write its PID file with a private PID file type in the
/var/run directory:
</p>
<p>
type mypidfile_t;
files_pid_file(mypidfile_t)
allow mydomain_t mypidfile_t:file { create_file_perms write_file_perms };
files_pid_filetrans(mydomain_t, mypidfile_t, file)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="files_pid_filetrans_lock_dir" lineno="9005">
<summary>
Create a generic lock directory within the run directories
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="files_rw_inherited_generic_pid_files" lineno="9023">
<summary>
rw generic pid files inherited from another process
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rw_generic_pids" lineno="9041">
<summary>
Read and write generic process ID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_all_pids" lineno="9062">
<summary>
Do not audit attempts to get the attributes of
daemon runtime data files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_write_all_pids" lineno="9082">
<summary>
Do not audit attempts to write to daemon runtime data files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_ioctl_all_pids" lineno="9101">
<summary>
Do not audit attempts to ioctl daemon runtime data files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_relabel_all_pid_dirs" lineno="9121">
<summary>
Relable all pid directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_all_pid_sockets" lineno="9139">
<summary>
Delete all pid sockets
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_create_all_pid_sockets" lineno="9157">
<summary>
Create all pid sockets
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_create_all_pid_pipes" lineno="9175">
<summary>
Create all pid named pipes
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_all_pid_pipes" lineno="9193">
<summary>
Delete all pid named pipes
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_all_pid_dirs" lineno="9212">
<summary>
manage all pidfile directories
in the /var/run directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_all_pids" lineno="9232">
<summary>
Read all process ID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_map_all_pids" lineno="9254">
<summary>
mmap all process ID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_relabel_all_pid_files" lineno="9273">
<summary>
Relable all pid files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_exec_generic_pid_files" lineno="9291">
<summary>
Execute generic programs in /var/run in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_write_all_pid_sockets" lineno="9310">
<summary>
Write all sockets
in the /var/run directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_all_pids" lineno="9329">
<summary>
manage all pidfiles
in the /var/run directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_mounton_all_poly_members" lineno="9348">
<summary>
Mount filesystems on all polyinstantiation
member directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_all_pids" lineno="9367">
<summary>
Delete all process IDs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_delete_all_pid_dirs" lineno="9392">
<summary>
Delete all process ID directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_spool_file" lineno="9442">
<summary>
Make the specified type a file
used for spool files.
</summary>
<desc>
<p>
Make the specified type usable for spool files.
This will also make the type usable for files, making
calls to files_type() redundant.  Failure to use this interface
for a spool file may result in problems with
purging spool files.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>files_spool_filetrans()</li>
</ul>
<p>
Example usage with a domain that can create and
write its spool file in the system spool file
directories (/var/spool):
</p>
<p>
type myspoolfile_t;
files_spool_file(myfile_spool_t)
allow mydomain_t myfile_spool_t:file { create_file_perms write_file_perms };
files_spool_filetrans(mydomain_t, myfile_spool_t, file)
</p>
</desc>
<param name="file_type">
<summary>
Type of the file to be used as a
spool file.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="files_create_all_spool_sockets" lineno="9461">
<summary>
Create all spool sockets
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_all_spool_sockets" lineno="9479">
<summary>
Delete all spool sockets
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabel_all_spool_dirs" lineno="9499">
<summary>
Relabel to and from all spool
directory types.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_search_spool" lineno="9519">
<summary>
Search the contents of generic spool
directories (/var/spool).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_spool" lineno="9538">
<summary>
Do not audit attempts to search generic
spool directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_list_spool" lineno="9557">
<summary>
List the contents of generic spool
(/var/spool) directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_generic_spool_dirs" lineno="9576">
<summary>
Create, read, write, and delete generic
spool directories (/var/spool).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_generic_spool" lineno="9595">
<summary>
Read generic spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_generic_spool" lineno="9615">
<summary>
Create, read, write, and delete generic
spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_spool_filetrans" lineno="9651">
<summary>
Create objects in the spool directory
with a private type with a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file">
<summary>
Type to which the created node will be transitioned.
</summary>
</param>
<param name="class">
<summary>
Object class(es) (single or set including {}) for which this
the transition will occur.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="files_polyinstantiate_all" lineno="9671">
<summary>
Allow access to manage all polyinstantiated
directories on the system.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_unconfined" lineno="9725">
<summary>
Unconfined access to files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_root_files" lineno="9749">
<summary>
Create a core files in /
</summary>
<desc>
<p>
Create a core file in /,
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_create_default_dir" lineno="9773">
<summary>
Create a default directory
</summary>
<desc>
<p>
Create a default_t direcrory
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_root_filetrans_default" lineno="9797">
<summary>
Create, default_t objects with an automatic
type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object">
<summary>
The class of the object being created.
</summary>
</param>
</interface>
<interface name="files_filetrans_lib" lineno="9831">
<summary>
Create, lib_t objects with an automatic
type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="directory_type">
<summary>
Type of the directory to be transitioned from
</summary>
</param>
<param name="object">
<summary>
The class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="files_watch_lib_dirs" lineno="9849">
<summary>
Watch generic directories in /lib.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_generic_pids_symlinks" lineno="9868">
<summary>
manage generic symbolic links
in the /var/run directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_watch_all_pid" lineno="9886">
<summary>
Watch the pidfile files and directories
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_tmpfs_files" lineno="9906">
<summary>
Do not audit attempts to getattr
all tmpfs files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_delete_tmpfs_files" lineno="9924">
<summary>
Allow delete all tmpfs files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_rw_tmpfs_files" lineno="9942">
<summary>
Allow read write all tmpfs files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_watch_tmpfs_dirs" lineno="9960">
<summary>
Watch a tmpfs directory.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="files_dontaudit_read_security_files" lineno="9978">
<summary>
Do not audit attempts to read security files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_security_files" lineno="9996">
<summary>
Do not audit attempts to search security files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_list_security_dirs" lineno="10014">
<summary>
Do not audit attempts to read security dirs
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_rw_all_inherited_files" lineno="10037">
<summary>
rw any files inherited from another process
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_type">
<summary>
Object type.
</summary>
</param>
</interface>
<interface name="files_entrypoint_all_files" lineno="10059">
<summary>
Allow any file point to be the entrypoint of this domain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_dontaudit_all_non_security_leaks" lineno="10078">
<summary>
Do not audit attempts to rw inherited file perms
of non security files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_leaks" lineno="10097">
<summary>
Do not audit attempts to read or write
all leaked files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_create_as_is_all_files" lineno="10116">
<summary>
Allow domain to create_file_ass all types
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_all_access_check" lineno="10136">
<summary>
Do not audit attempts to check the
access on all files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_write_all_files" lineno="10154">
<summary>
Do not audit attempts to write to all files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_delete_all_files" lineno="10172">
<summary>
Do not audit attempts to unlink all files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_read_all_dirs" lineno="10196">
<summary>
Do not audit attempts to read all directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_delete_all_non_security_files" lineno="10214">
<summary>
Allow domain to delete to all files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_delete_all_non_security_dirs" lineno="10233">
<summary>
Allow domain to delete to all dirs
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_filetrans_named_content" lineno="10251">
<summary>
Transition named content in the var_run_t directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_filetrans_named_content_var" lineno="10317">
<summary>
Transition named content in the var_t directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_base_file" lineno="10343">
<summary>
Make the specified type a
base file.
</summary>
<desc>
<p>
Identify file type as base file type.  Tools will use this attribute,
to help users diagnose problems.
</p>
</desc>
<param name="file_type">
<summary>
Type to be used as a base files.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="files_ro_base_file" lineno="10368">
<summary>
Make the specified type a
base read only file.
</summary>
<desc>
<p>
Make the specified type readable for all domains.
</p>
</desc>
<param name="file_type">
<summary>
Type to be used as a base read only files.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="files_read_all_base_ro_files" lineno="10387">
<summary>
Read all ro base files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_exec_all_base_ro_files" lineno="10408">
<summary>
Execute all base ro files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_config_all_files" lineno="10427">
<summary>
Allow the specified domain to modify the systemd configuration of
any file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_status_etc" lineno="10445">
<summary>
Get the status of etc_t files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_mounton_modules_object" lineno="10463">
<summary>
Dontaudit Mount a modules_object_t
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_io_uring_cmd_on_all_files" lineno="10481">
<summary>
Allow the domain to use IORING_OP_URING_CMD on all files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="filesystem" filename="policy/modules/kernel/filesystem.if">
<summary>Policy for filesystems.</summary>
<required val="true">
Contains the initial SID for the filesystems.
</required>
<interface name="fs_type" lineno="16">
<summary>
Transform specified type into a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_noxattr_type" lineno="36">
<summary>
Transform specified type into a filesystem
type which does not have extended attribute
support.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_associate" lineno="59">
<summary>
Associate the specified file type to persistent
filesystems with extended attributes.  This
allows a file of this type to be created on
a filesystem such as ext3, JFS, and XFS.
</summary>
<param name="file_type">
<summary>
The type of the to be associated.
</summary>
</param>
</interface>
<interface name="fs_associate_noxattr" lineno="81">
<summary>
Associate the specified file type to
filesystems which lack extended attributes
support.  This allows a file of this type
to be created on a filesystem such as
FAT32, and NFS.
</summary>
<param name="file_type">
<summary>
The type of the to be associated.
</summary>
</param>
</interface>
<interface name="fs_exec_noxattr" lineno="101">
<summary>
Execute files on a filesystem that does
not support extended attributes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_mount_xattr_fs" lineno="121">
<summary>
Mount a persistent filesystem which
has extended attributes, such as
ext3, JFS, or XFS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_xattr_fs" lineno="142">
<summary>
Remount a persistent filesystem which
has extended attributes, such as
ext3, JFS, or XFS.  This allows
some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_xattr_fs" lineno="162">
<summary>
Unmount a persistent filesystem which
has extended attributes, such as
ext3, JFS, or XFS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_all_mount_fs_perms_xattr_fs" lineno="182">
<summary>
Mount, remount, unmount a persistent filesystem which
has extended attributes, such as
ext3, JFS, or XFS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_xattr_fs" lineno="218">
<summary>
Get the attributes of persistent
filesystems which have extended
attributes, such as ext3, JFS, or XFS.
</summary>
<desc>
<p>
Allow the specified domain to
get the attributes of a persistent
filesystems which have extended
attributes, such as ext3, JFS, or XFS.
Example attributes:
</p>
<ul>
<li>Type of the file system (e.g., ext3)</li>
<li>Size of the file system</li>
<li>Available space on the file system</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="5"/>
<rolecap/>
</interface>
<interface name="fs_dontaudit_getattr_xattr_fs" lineno="239">
<summary>
Do not audit attempts to
get the attributes of a persistent
filesystem which has extended
attributes, such as ext3, JFS, or XFS.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_relabelfrom_xattr_fs" lineno="259">
<summary>
Allow changing of the label of a
filesystem with extended attributes
using the context= mount option.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_watch_xattr_fs" lineno="277">
<summary>
Watch filesystem with extended attributes
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_get_xattr_fs_quotas" lineno="297">
<summary>
Get the filesystem quotas of a filesystem
with extended attributes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_set_xattr_fs_quotas" lineno="317">
<summary>
Set the filesystem quotas of a filesystem
with extended attributes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_read_anon_inodefs_files" lineno="335">
<summary>
Read files on anon_inodefs file systems. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_anon_inodefs_files" lineno="350">
<summary>
Read and write files on anon_inodefs
file systems. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_rw_anon_inodefs_files" lineno="365">
<summary>
Do not audit attempts to read or write files on
anon_inodefs file systems. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_mount_autofs" lineno="379">
<summary>
Mount an automount pseudo filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_autofs" lineno="398">
<summary>
Remount an automount pseudo filesystem
This allows some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_autofs" lineno="416">
<summary>
Unmount an automount pseudo filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_autofs" lineno="435">
<summary>
Get the attributes of an automount
pseudo filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_auto_mountpoints" lineno="462">
<summary>
Search automount filesystem to use automatically
mounted filesystems.
</summary>
<desc>
Allow the specified domain to search mount points
that have filesystems that are mounted by
the automount service.  Generally this will
be required for any domain that accesses objects
on these filesystems.
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="5"/>
</interface>
<interface name="fs_list_auto_mountpoints" lineno="482">
<summary>
Read directories of automatically
mounted filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_list_auto_mountpoints" lineno="501">
<summary>
Do not audit attempts to list directories of automatically
mounted filesystems.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_autofs_symlinks" lineno="520">
<summary>
Create, read, write, and delete symbolic links
on an autofs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_binfmt_misc_dirs" lineno="539">
<summary>
Get the attributes of directories on
binfmt_misc filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_binfmt_misc" lineno="558">
<summary>
Read binfmt_misc filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_register_binary_executable_type" lineno="594">
<summary>
Register an interpreter for new binary
file types, using the kernel binfmt_misc
support.
</summary>
<desc>
<p>
Register an interpreter for new binary
file types, using the kernel binfmt_misc
support.
</p>
<p>
A common use for this is to
register a JVM as an interpreter for
Java byte code.  Registered binaries
can be directly executed on a command line
without specifying the interpreter.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_list_bpf_dirs" lineno="612">
<summary>
List bpf directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_bpf_dirs" lineno="632">
<summary>
Manage bpf directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_bpf_files" lineno="653">
<summary>
Read bpf files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mount_cgroup" lineno="674">
<summary>
Mount cgroup filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_associate_cgroupfs" lineno="692">
<summary>
Allow the type to associate to cgroup filesystems.
</summary>
<param name="type">
<summary>
The type of the object to be associated.
</summary>
</param>
</interface>
<interface name="fs_remount_cgroup" lineno="710">
<summary>
Remount cgroup filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_cgroup" lineno="728">
<summary>
Unmount cgroup filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_cgroup" lineno="746">
<summary>
Get attributes of cgroup filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_cgroup_files" lineno="764">
<summary>
Get attributes of cgroup files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_cgroup_dirs" lineno="785">
<summary>
Search cgroup directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_relabel_cgroup_dirs" lineno="806">
<summary>
Relabel cgroup directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_cgroup_dirs" lineno="825">
<summary>
list cgroup directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_search_cgroup_dirs" lineno="845">
<summary>
Do not audit attempts to search cgroup directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_delete_cgroup_dirs" lineno="864">
<summary>
Delete cgroup directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_cgroup_dirs" lineno="884">
<summary>
Manage cgroup directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_watch_cgroup_dirs" lineno="905">
<summary>
Watch cgroup directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_cgroup_files" lineno="926">
<summary>
Read cgroup files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_write_cgroup_files" lineno="948">
<summary>
Write cgroup files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_cgroup_files" lineno="968">
<summary>
Read and write cgroup files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_rw_cgroup_files" lineno="992">
<summary>
Do not audit attempts to open,
get attributes, read and write
cgroup files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_relabel_cgroup_files" lineno="1010">
<summary>
Relabel cgroup files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_create_cgroup_files" lineno="1029">
<summary>
Create cgroup files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_cgroup_files" lineno="1048">
<summary>
Manage cgroup files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_watch_cgroup_files" lineno="1069">
<summary>
Watch cgroup files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mounton_cgroup" lineno="1091">
<summary>
Mount on cgroup directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_cephfs_files" lineno="1109">
<summary>
Read and write ceph files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_list_cifs_dirs" lineno="1130">
<summary>
Do not audit attempts to read
dirs on a CIFS or SMB filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_mount_cifs" lineno="1148">
<summary>
Mount a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_cifs" lineno="1167">
<summary>
Remount a CIFS or SMB network filesystem.
This allows some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_cifs" lineno="1185">
<summary>
Unmount a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_cifs" lineno="1205">
<summary>
Get the attributes of a CIFS or
SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_setattr_cifs_dirs" lineno="1223">
<summary>
Set the attributes of cifs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_cifs" lineno="1241">
<summary>
Search directories on a CIFS or SMB filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_cifs" lineno="1260">
<summary>
List the contents of directories on a
CIFS or SMB filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_list_cifs" lineno="1279">
<summary>
Do not audit attempts to list the contents
of directories on a CIFS or SMB filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_mounton_cifs" lineno="1297">
<summary>
Mounton a CIFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_cifs_files" lineno="1316">
<summary>
Read files on a CIFS or SMB filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_getattr_noxattr_fs" lineno="1337">
<summary>
Get the attributes of filesystems that
do not have extended attribute support.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_list_noxattr_fs" lineno="1355">
<summary>
Read all noxattrfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_list_noxattr_fs" lineno="1374">
<summary>
Do not audit attempts to list all
noxattrfs directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_noxattr_fs_dirs" lineno="1392">
<summary>
Create, read, write, and delete all noxattrfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_noxattr_fs_files" lineno="1410">
<summary>
Read all noxattrfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_inherited_noxattr_fs_files" lineno="1428">
<summary>
Read/Write all inherited noxattrfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_read_noxattr_fs_files" lineno="1447">
<summary>
Do not audit attempts to read all
noxattrfs files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_write_noxattr_fs_files" lineno="1465">
<summary>
Dont audit attempts to write to noxattrfs files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_noxattr_fs_files" lineno="1483">
<summary>
Create, read, write, and delete all noxattrfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_noxattr_fs_symlinks" lineno="1501">
<summary>
Read all noxattrfs symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_relabelfrom_noxattr_fs" lineno="1520">
<summary>
Relabel all objets from filesystems that
do not support extended attributes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_read_cifs_files" lineno="1546">
<summary>
Do not audit attempts to read
files on a CIFS or SMB filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_append_cifs_files" lineno="1566">
<summary>
Append files
on a CIFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_append_cifs_files" lineno="1586">
<summary>
Do not audit attempts to append files
on a CIFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_read_inherited_cifs_files" lineno="1604">
<summary>
Read inherited files on a CIFS or SMB filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_inherited_cifs_files" lineno="1622">
<summary>
Read/Write inherited files on a CIFS or SMB filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_rw_cifs_files" lineno="1641">
<summary>
Do not audit attempts to read or
write files on a CIFS or SMB filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_read_cifs_symlinks" lineno="1659">
<summary>
Read symbolic links on a CIFS or SMB filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_cifs_named_pipes" lineno="1679">
<summary>
Read named pipes
on a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_cifs_named_sockets" lineno="1698">
<summary>
Read named pipes
on a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_exec_cifs_files" lineno="1719">
<summary>
Execute files on a CIFS or SMB
network filesystem, in the caller
domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_map_cifs_files" lineno="1741">
<summary>
Mmap files on a CIFS or SMB
network filesystem, in the caller
domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_manage_cifs_dirs" lineno="1761">
<summary>
Create, read, write, and delete directories
on a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_manage_cifs_dirs" lineno="1781">
<summary>
Do not audit attempts to create, read,
write, and delete directories
on a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_cifs_files" lineno="1801">
<summary>
Create, read, write, and delete files
on a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_manage_cifs_files" lineno="1821">
<summary>
Do not audit attempts to create, read,
write, and delete files
on a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_cifs_symlinks" lineno="1840">
<summary>
Create, read, write, and delete symbolic links
on a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_cifs_named_pipes" lineno="1859">
<summary>
Create, read, write, and delete named pipes
on a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_cifs_named_sockets" lineno="1878">
<summary>
Create, read, write, and delete named sockets
on a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_cifs_domtrans" lineno="1921">
<summary>
Execute a file on a CIFS or SMB filesystem
in the specified domain.
</summary>
<desc>
<p>
Execute a file on a CIFS or SMB filesystem
in the specified domain.  This allows
the specified domain to execute any file
on these filesystems in the specified
domain.  This is not suggested.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
<p>
This interface was added to handle
home directories on CIFS/SMB filesystems,
in particular used by the ssh-agent policy.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="fs_cifs_entry_type" lineno="1941">
<summary>
Make general progams in cifs an entrypoint for
the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which cifs_t is an entrypoint.
</summary>
</param>
</interface>
<interface name="fs_cifs_entrypoint" lineno="1960">
<summary>
Make general progams in CIFS an entrypoint for
the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which cifs_t is an entrypoint.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_write_configfs_dirs" lineno="1979">
<summary>
dontaudit write dirs
on a configfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_configfs_dirs" lineno="1998">
<summary>
Read dirs
on a configfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_configfs_dirs" lineno="2017">
<summary>
Create, read, write, and delete dirs
on a configfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_configfs_files" lineno="2036">
<summary>
Read files
on a configfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_configfs_files" lineno="2055">
<summary>
Create, read, write, and delete files
on a configfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_configfs_lnk_files" lineno="2074">
<summary>
Create, read, write, and delete files
on a configfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_configfs" lineno="2092">
<summary>
Unmount a configfs filesystem
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mount_dos_fs" lineno="2111">
<summary>
Mount a DOS filesystem, such as
FAT32 or NTFS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_dos_fs" lineno="2131">
<summary>
Remount a DOS filesystem, such as
FAT32 or NTFS.  This allows
some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_dos_fs" lineno="2150">
<summary>
Unmount a DOS filesystem, such as
FAT32 or NTFS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_dos_fs" lineno="2170">
<summary>
Get the attributes of a DOS
filesystem, such as FAT32 or NTFS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_relabelfrom_dos_fs" lineno="2189">
<summary>
Allow changing of the label of a
DOS filesystem using the context= mount option.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_watch_dos_fs" lineno="2207">
<summary>
Watch dosfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_dos" lineno="2225">
<summary>
Search dosfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_dos" lineno="2243">
<summary>
List dirs DOS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_dos_dirs" lineno="2262">
<summary>
Create, read, write, and delete dirs
on a DOS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_watch_sb_dos_dirs" lineno="2280">
<summary>
Watch_sb dirs on a DOS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_watch_mount_dos_dirs" lineno="2298">
<summary>
Watch_mount dirs on a DOS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_watch_with_perm_dos_dirs" lineno="2316">
<summary>
Watch_with_perm dirs on a DOS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_map_dos_files" lineno="2334">
<summary>
Mmap files on a DOS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_dos_files" lineno="2352">
<summary>
Read files on a DOS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_dos_files" lineno="2371">
<summary>
Create, read, write, and delete files
on a DOS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_eventpollfs" lineno="2399">
<summary>
Read eventpollfs files.
</summary>
<desc>
<p>
Read eventpollfs files
</p>
<p>
This interface has been deprecated, and will
be removed in the future.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_ecryptfs" lineno="2413">
<summary>
Get the attributes of an ecryptfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_ecryptfs" lineno="2432">
<summary>
Search directories
on a ecrypt filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_ecryptfs_dirs" lineno="2452">
<summary>
Create, read, write, and delete directories
on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_read_ecryptfs_files" lineno="2473">
<summary>
Create, read, write, and delete files
on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_manage_ecryptfs_files" lineno="2493">
<summary>
Create, read, write, and delete files
on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_manage_ecryptfs_files" lineno="2514">
<summary>
Do not audit attempts to create,
read, write, and delete files
on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_read_ecryptfs_symlinks" lineno="2532">
<summary>
Read symbolic links on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_append_ecryptfs_files" lineno="2551">
<summary>
Dontaudit append files on  ecrypt filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_ecryptfs_symlinks" lineno="2568">
<summary>
Manage symbolic links on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_ecryptfs_domtrans" lineno="2611">
<summary>
Execute a file on a FUSE filesystem
in the specified domain.
</summary>
<desc>
<p>
Execute a file on a FUSE filesystem
in the specified domain.  This allows
the specified domain to execute any file
on these filesystems in the specified
domain.  This is not suggested.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
<p>
This interface was added to handle
home directories on FUSE filesystems,
in particular used by the ssh-agent policy.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="fs_mount_fusefs" lineno="2630">
<summary>
Mount a FUSE filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_fusefs" lineno="2648">
<summary>
Unmount a FUSE filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mounton_fusefs" lineno="2666">
<summary>
Mounton a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_fusefs" lineno="2686">
<summary>
Search directories
on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_list_fusefs" lineno="2705">
<summary>
Do not audit attempts to list the contents
of directories on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_fusefs_dirs" lineno="2725">
<summary>
Create, read, write, and delete directories
on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_manage_fusefs_dirs" lineno="2745">
<summary>
Do not audit attempts to create, read,
write, and delete directories
on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_read_fusefs_files" lineno="2764">
<summary>
Read, a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_exec_fusefs_files" lineno="2783">
<summary>
Execute files on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_mmap_fusefs_files" lineno="2802">
<summary>
mmap files on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_manage_fusefs_named_sockets" lineno="2821">
<summary>
Create, read, write, and delete named sockets
on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_fusefs_named_pipes" lineno="2839">
<summary>
Create, read, write, and delete named pipes
on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_fusefs_entry_type" lineno="2858">
<summary>
Make general progams in FUSEFS an entrypoint for
the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which fusefs_t is an entrypoint.
</summary>
</param>
</interface>
<interface name="fs_fusefs_entrypoint" lineno="2877">
<summary>
Make general progams in FUSEFS an entrypoint for
the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which fusefs_t is an entrypoint.
</summary>
</param>
</interface>
<interface name="fs_manage_fusefs_files" lineno="2897">
<summary>
Create, read, write, and delete files
on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_manage_fusefs_files" lineno="2917">
<summary>
Do not audit attempts to create,
read, write, and delete files
on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_read_fusefs_symlinks" lineno="2935">
<summary>
Read symbolic links on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_fusefs_symlinks" lineno="2954">
<summary>
Manage symbolic links on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_fusefs_domtrans" lineno="2997">
<summary>
Execute a file on a FUSE filesystem
in the specified domain.
</summary>
<desc>
<p>
Execute a file on a FUSE filesystem
in the specified domain.  This allows
the specified domain to execute any file
on these filesystems in the specified
domain.  This is not suggested.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
<p>
This interface was added to handle
home directories on FUSE filesystems,
in particular used by the ssh-agent policy.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="fs_getattr_fusefs" lineno="3017">
<summary>
Get the attributes of a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_getattr_hugetlbfs" lineno="3036">
<summary>
Get the attributes of an hugetlbfs
filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_hugetlbfs" lineno="3054">
<summary>
List hugetlbfs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_hugetlbfs_dirs" lineno="3072">
<summary>
Manage hugetlbfs dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_hugetlbfs_files" lineno="3090">
<summary>
Read hugetlbfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_hugetlbfs_files" lineno="3108">
<summary>
Read and write hugetlbfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_hugetlbfs_files" lineno="3127">
<summary>
Manage  hugetlbfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_exec_hugetlbfs_files" lineno="3145">
<summary>
Execute hugetlbfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_associate_hugetlbfs" lineno="3164">
<summary>
Allow the type to associate to hugetlbfs filesystems.
</summary>
<param name="type">
<summary>
The type of the object to be associated.
</summary>
</param>
</interface>
<interface name="fs_list_oracleasmfs" lineno="3182">
<summary>
List oracleasmfs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_oracleasmfs_fs" lineno="3201">
<summary>
Get the attributes of an oracleasmfs
filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_oracleasmfs" lineno="3220">
<summary>
Get the attributes of an oracleasmfs
filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_setattr_oracleasmfs" lineno="3239">
<summary>
Get the attributes of an oracleasmfs
filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_setattr_oracleasmfs_dirs" lineno="3258">
<summary>
Get the attributes of an oracleasmfs
filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_oracleasm" lineno="3276">
<summary>
Read and write the oracleasm device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_inotifyfs" lineno="3296">
<summary>
Search inotifyfs filesystem. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_inotifyfs" lineno="3310">
<summary>
List inotifyfs filesystem. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_list_inotifyfs" lineno="3324">
<summary>
Do not audit attempts to list inotifyfs filesystem. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_hugetlbfs_filetrans" lineno="3354">
<summary>
Create an object in a hugetlbfs filesystem, with a private
type using a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="fs_mount_iso9660_fs" lineno="3374">
<summary>
Mount an iso9660 filesystem, which
is usually used on CDs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_iso9660_fs" lineno="3394">
<summary>
Remount an iso9660 filesystem, which
is usually used on CDs.  This allows
some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_iso9660_fs" lineno="3413">
<summary>
Unmount an iso9660 filesystem, which
is usually used on CDs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_iso9660_fs" lineno="3433">
<summary>
Get the attributes of an iso9660
filesystem, which is usually used on CDs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_getattr_iso9660_files" lineno="3452">
<summary>
Read files on an iso9660 filesystem, which
is usually used on CDs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_iso9660_files" lineno="3472">
<summary>
Read files on an iso9660 filesystem, which
is usually used on CDs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mount_nfs" lineno="3492">
<summary>
Mount a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_nfs" lineno="3511">
<summary>
Remount a NFS filesystem.  This allows
some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_nfs" lineno="3529">
<summary>
Unmount a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_nfs" lineno="3548">
<summary>
Get the attributes of a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_setattr_nfs_dirs" lineno="3566">
<summary>
Set the attributes of nfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_nfs" lineno="3584">
<summary>
Search directories on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_nfs" lineno="3602">
<summary>
List NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_list_nfs" lineno="3621">
<summary>
Do not audit attempts to list the contents
of directories on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_mounton_nfs" lineno="3639">
<summary>
Mounton a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_nfs_files" lineno="3658">
<summary>
Read files on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_read_nfs_files" lineno="3679">
<summary>
Do not audit attempts to read
files on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_write_nfs_files" lineno="3697">
<summary>
Read files on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_exec_nfs_files" lineno="3718">
<summary>
Execute files on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_nfs_entry_type" lineno="3738">
<summary>
Make general progams in nfs an entrypoint for
the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which nfs_t is an entrypoint.
</summary>
</param>
</interface>
<interface name="fs_nfs_entrypoint" lineno="3757">
<summary>
Make general progams in NFS an entrypoint for
the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which nfs_t is an entrypoint.
</summary>
</param>
</interface>
<interface name="fs_append_nfs_files" lineno="3777">
<summary>
Append files
on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_append_nfs_files" lineno="3797">
<summary>
Do not audit attempts to append files
on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_read_inherited_nfs_files" lineno="3815">
<summary>
Read inherited files on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_inherited_nfs_files" lineno="3833">
<summary>
Read/write inherited files on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_rw_nfs_files" lineno="3852">
<summary>
Do not audit attempts to read or
write files on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_read_nfs_symlinks" lineno="3870">
<summary>
Read symbolic links on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_read_nfs_symlinks" lineno="3889">
<summary>
Do not audit attempts to read symbolic links on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_read_nfs_named_sockets" lineno="3907">
<summary>
Read named sockets on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_nfs_named_pipes" lineno="3926">
<summary>
Read named pipes on a NFS network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_getattr_rpc_dirs" lineno="3944">
<summary>
Read directories of RPC file system pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_watch_rpc_dirs" lineno="3962">
<summary>
Watch directories of RPC file system pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_rpc" lineno="3980">
<summary>
Search directories of RPC file system pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_pstorefs" lineno="4007">
<summary>
Do not audit attempts to list removable storage directories.
</summary>
<desc>
<p>
Do not audit attempts to list removable storage directories
</p>
<p>
This interface has been deprecated, and will
be removed in the future.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_pstore" lineno="4021">
<summary>
List kernel persistent storage directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_read_pstore_files" lineno="4039">
<summary>
Read kernel persistent storage files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_delete_pstore_files" lineno="4058">
<summary>
Delete kernel persistent storage files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_relabel_pstore_dirs" lineno="4077">
<summary>
Relabel directory on removable storage.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_removable" lineno="4095">
<summary>
Search removable storage directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_list_removable" lineno="4113">
<summary>
Do not audit attempts to list removable storage directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_read_removable_files" lineno="4131">
<summary>
Read removable storage files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mmap_removable_files" lineno="4151">
<summary>
mmap files on a removable files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_read_removable_files" lineno="4169">
<summary>
Do not audit attempts to read removable storage files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_write_removable_files" lineno="4187">
<summary>
Do not audit attempts to write removable storage files.
</summary>
<param name="domain">
<summary>
Domain not to audit.
</summary>
</param>
</interface>
<interface name="fs_read_removable_symlinks" lineno="4205">
<summary>
Read removable storage symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_removable_blk_files" lineno="4223">
<summary>
Read block nodes on removable filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_removable_blk_files" lineno="4242">
<summary>
Read and write block nodes on removable filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_rpc" lineno="4261">
<summary>
Read directories of RPC file system pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_rpc_files" lineno="4279">
<summary>
Read files of RPC file system pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_rpc_symlinks" lineno="4297">
<summary>
Read symbolic links of RPC file system pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_rpc_sockets" lineno="4315">
<summary>
Read sockets of RPC file system pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_rpc_sockets" lineno="4333">
<summary>
Read and write sockets of RPC file system pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_create_nfs_dirs" lineno="4352">
<summary>
Create directories on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_create_nfs_files" lineno="4372">
<summary>
Create files on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_manage_nfs_dirs" lineno="4393">
<summary>
Create, read, write, and delete directories
on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_manage_nfs_dirs" lineno="4414">
<summary>
Do not audit attempts to create, read,
write, and delete directories
on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_nfs_files" lineno="4434">
<summary>
Create, read, write, and delete files
on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_mmap_nfs_files" lineno="4454">
<summary>
mmap files on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_manage_nfs_files" lineno="4474">
<summary>
Do not audit attempts to create,
read, write, and delete files
on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_nfs_symlinks" lineno="4494">
<summary>
Create, read, write, and delete symbolic links
on a NFS network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_manage_nfs_named_pipes" lineno="4514">
<summary>
Create, read, write, and delete named pipes
on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_nfs_named_sockets" lineno="4533">
<summary>
Create, read, write, and delete named sockets
on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_nfs_domtrans" lineno="4576">
<summary>
Execute a file on a NFS filesystem
in the specified domain.
</summary>
<desc>
<p>
Execute a file on a NFS filesystem
in the specified domain.  This allows
the specified domain to execute any file
on a NFS filesystem in the specified
domain.  This is not suggested.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
<p>
This interface was added to handle
home directories on NFS filesystems,
in particular used by the ssh-agent policy.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="fs_mounton_nfsd_fs" lineno="4595">
<summary>
Mount on nfsd_fs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mount_nfsd_fs" lineno="4613">
<summary>
Mount a NFS server pseudo filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_nfsd_fs" lineno="4632">
<summary>
Mount a NFS server pseudo filesystem.
This allows some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_nfsd_fs" lineno="4650">
<summary>
Unmount a NFS server pseudo filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_nfsd_fs" lineno="4669">
<summary>
Get the attributes of a NFS server
pseudo filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_nfsd_fs" lineno="4687">
<summary>
Search NFS server directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_nfsd_fs" lineno="4705">
<summary>
List NFS server directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_nfsd_files" lineno="4723">
<summary>
Getattr files on an nfsd filesystem
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_nfsd_files" lineno="4741">
<summary>
read files on an nfsd filesystem
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_nfsd_fs" lineno="4759">
<summary>
Read and write NFS server files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_getattr_nsfs_files" lineno="4777">
<summary>
Getattr files on an nsfs filesystem
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_nsfs_files" lineno="4796">
<summary>
Getattr files on an nsfs filesystem
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_nsfs_files" lineno="4814">
<summary>
Read nsfs inodes (e.g. /proc/pid/ns/uts)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_nsfs_files" lineno="4832">
<summary>
Read and write nsfs inodes (e.g. /proc/pid/ns/uts)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mount_nsfs" lineno="4851">
<summary>
Mount a nsfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_nsfs" lineno="4870">
<summary>
Remount a tmpfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_nsfs" lineno="4888">
<summary>
Unmount a tmpfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_nfsd_fs" lineno="4906">
<summary>
Manage NFS server files and directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_associate_ramfs" lineno="4925">
<summary>
Allow the type to associate to ramfs filesystems. (Deprecated)
</summary>
<param name="type">
<summary>
The type of the object to be associated.
</summary>
</param>
</interface>
<interface name="fs_associate_proc" lineno="4940">
<summary>
Allow the type to associate to proc filesystems.
</summary>
<param name="type">
<summary>
The type of the object to be associated.
</summary>
</param>
</interface>
<interface name="fs_mount_ramfs" lineno="4958">
<summary>
Mount a RAM filesystem. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_ramfs" lineno="4974">
<summary>
Remount a RAM filesystem.  This allows
some mount options to be changed. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_ramfs" lineno="4989">
<summary>
Unmount a RAM filesystem. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_ramfs" lineno="5004">
<summary>
Get the attributes of a RAM filesystem. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_ramfs" lineno="5019">
<summary>
Search directories on a ramfs (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_search_ramfs" lineno="5034">
<summary>
Do not audit attempts to search directories on a ramfs (Deprecated)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_ramfs_dirs" lineno="5049">
<summary>
Create, read, write, and delete
directories on a ramfs. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_read_ramfs_files" lineno="5064">
<summary>
Do not audit attempts to read on a ramfs files. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_read_ramfs_pipes" lineno="5079">
<summary>
Do not audit attempts to read on a ramfs fifo_files. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_ramfs_files" lineno="5094">
<summary>
Create, read, write, and delete
files on a ramfs filesystem. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_write_ramfs_pipes" lineno="5109">
<summary>
Write to named pipe on a ramfs filesystem. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_write_ramfs_pipes" lineno="5124">
<summary>
Do not audit attempts to write to named
pipes on a ramfs filesystem. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_rw_ramfs_pipes" lineno="5138">
<summary>
Read and write a named pipe on a ramfs filesystem. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_ramfs_pipes" lineno="5153">
<summary>
Create, read, write, and delete
named pipes on a ramfs filesystem. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_write_ramfs_sockets" lineno="5167">
<summary>
Write to named socket on a ramfs filesystem. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_ramfs_sockets" lineno="5182">
<summary>
Create, read, write, and delete
named sockets on a ramfs filesystem. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mount_romfs" lineno="5196">
<summary>
Mount a ROM filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_romfs" lineno="5215">
<summary>
Remount a ROM filesystem.  This allows
some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_romfs" lineno="5233">
<summary>
Unmount a ROM filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_romfs" lineno="5252">
<summary>
Get the attributes of a ROM
filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mount_rpc_pipefs" lineno="5270">
<summary>
Mount a RPC pipe filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_rpc_pipefs" lineno="5289">
<summary>
Remount a RPC pipe filesystem.  This
allows some mount option to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_rpc_pipefs" lineno="5307">
<summary>
Unmount a RPC pipe filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_rpc_pipefs" lineno="5326">
<summary>
Get the attributes of a RPC pipe
filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_rpc_named_pipes" lineno="5344">
<summary>
Read and write RPC pipe filesystem named pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mount_tmpfs" lineno="5362">
<summary>
Mount a tmpfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_watch_tmpfs" lineno="5380">
<summary>
Watch a tmpfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_remount_tmpfs" lineno="5398">
<summary>
Dontaudit remount a tmpfs filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_remount_tmpfs" lineno="5416">
<summary>
Remount a tmpfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_tmpfs" lineno="5434">
<summary>
Unmount a tmpfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_all_mount_fs_perms_tmpfs" lineno="5452">
<summary>
Mount, remount, unmount a tmpfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mounton_tmpfs" lineno="5470">
<summary>
Mount on tmpfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_watch_sb_tmpfs" lineno="5488">
<summary>
Watch_sb tmpfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_tmpfs" lineno="5508">
<summary>
Get the attributes of a tmpfs
filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_associate_tmpfs" lineno="5526">
<summary>
Allow the type to associate to tmpfs filesystems.
</summary>
<param name="type">
<summary>
The type of the object to be associated.
</summary>
</param>
</interface>
<interface name="fs_relabelfrom_tmpfs" lineno="5544">
<summary>
Relabel from tmpfs filesystem.
</summary>
<param name="type">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_tmpfs_dirs" lineno="5562">
<summary>
Get the attributes of tmpfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_getattr_tmpfs_dirs" lineno="5581">
<summary>
Do not audit attempts to get the attributes
of tmpfs directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_setattr_tmpfs_dirs" lineno="5599">
<summary>
Set the attributes of tmpfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_tmpfs" lineno="5617">
<summary>
Search tmpfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_tmpfs" lineno="5635">
<summary>
List the contents of generic tmpfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_list_tmpfs" lineno="5654">
<summary>
Do not audit attempts to list the
contents of generic tmpfs directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_relabel_tmpfs_dirs" lineno="5672">
<summary>
Relabel directory  on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_watch_mount_tmpfs_dirs" lineno="5690">
<summary>
Watch_mount directory on the tmpfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_watch_with_perm_tmpfs_dirs" lineno="5709">
<summary>
Watch_with_perm directory on the tmpfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_relabel_tmpfs_fifo_files" lineno="5728">
<summary>
Relabel fifo_file  on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_relabel_tmpfs_files" lineno="5746">
<summary>
Relabel files  on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_delete_tmpfs_dirs" lineno="5764">
<summary>
Delete tmpfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_tmpfs_dirs" lineno="5784">
<summary>
Create, read, write, and delete
tmpfs directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_write_tmpfs_dirs" lineno="5803">
<summary>
Do not audit attempts to write
tmpfs directories
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_tmpfs_filetrans" lineno="5837">
<summary>
Create an object in a tmpfs filesystem, with a private
type using a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_getattr_tmpfs_files" lineno="5857">
<summary>
Do not audit attempts to getattr
generic tmpfs files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_rw_tmpfs_files" lineno="5876">
<summary>
Do not audit attempts to read or write
generic tmpfs files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_auto_mountpoints" lineno="5895">
<summary>
Create, read, write, and delete
auto moutpoints.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_tmpfs_files" lineno="5913">
<summary>
Read generic tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_tmpfs_files" lineno="5931">
<summary>
Read and write generic tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_inherited_tmpfs_files" lineno="5949">
<summary>
Read and write generic tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_tmpfs_symlinks" lineno="5967">
<summary>
Read tmpfs link files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_relabelfrom_tmpfs_lnk_files" lineno="5985">
<summary>
Relabel from tmpfs lnk files.
</summary>
<param name="type">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_tmpfs_chr_files" lineno="6003">
<summary>
Read and write character nodes on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_use_tmpfs_chr_dev" lineno="6022">
<summary>
Do not audit attempts to read and write character nodes on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_create_tmpfs_chr_dev" lineno="6041">
<summary>
Do not audit attempts to create character nodes on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_read_tmpfs_blk_dev" lineno="6059">
<summary>
Do not audit attempts to dontaudit read block nodes on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_read_tmpfs_files" lineno="6077">
<summary>
Do not audit attempts to read files on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_relabel_tmpfs_chr_file" lineno="6095">
<summary>
Relabel character nodes on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_tmpfs_blk_files" lineno="6114">
<summary>
Read and write block nodes on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_tmpfs_blk_file" lineno="6133">
<summary>
Relabel block nodes on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_relabel_tmpfs_blk_file" lineno="6151">
<summary>
Relabel block nodes on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_relabel_tmpfs_sock_file" lineno="6170">
<summary>
Relabel sock nodes on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_delete_tmpfs_files" lineno="6189">
<summary>
Delete generic files in tmpfs directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_tmpfs_files" lineno="6209">
<summary>
Read and write, create and delete generic
files on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_exec_tmpfs_files" lineno="6228">
<summary>
Execute files on a tmpfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_manage_tmpfs_symlinks" lineno="6247">
<summary>
Read and write, create and delete symbolic
links on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_tmpfs_sockets" lineno="6266">
<summary>
Read and write, create and delete socket
files on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_write_tmpfs_socket_files" lineno="6284">
<summary>
Write to socket files on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_tmpfs_chr_files" lineno="6304">
<summary>
Read and write, create and delete character
nodes on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_tmpfs_blk_files" lineno="6323">
<summary>
Read and write, create and delete block nodes
on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mount_xenfs" lineno="6341">
<summary>
Mount a XENFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_xenfs" lineno="6359">
<summary>
Search the XENFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_xenfs_files" lineno="6378">
<summary>
Read files on a XENFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_xenfs_dirs" lineno="6398">
<summary>
Create, read, write, and delete directories
on a XENFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_manage_xenfs_dirs" lineno="6418">
<summary>
Do not audit attempts to create, read,
write, and delete directories
on a XENFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_xenfs_files" lineno="6438">
<summary>
Create, read, write, and delete files
on a XENFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_manage_xenfs_files" lineno="6458">
<summary>
Do not audit attempts to create,
read, write, and delete files
on a XENFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_mount_all_fs" lineno="6476">
<summary>
Mount all filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_all_fs" lineno="6497">
<summary>
Remount all filesystems.  This
allows some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_all_fs" lineno="6515">
<summary>
Unmount all filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_watch_all_fs" lineno="6533">
<summary>
Watch all filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_all_fs" lineno="6565">
<summary>
Get the attributes of all filesystems.
</summary>
<desc>
<p>
Allow the specified domain to
get the attributes of all filesystems.
Example attributes:
</p>
<ul>
<li>Type of the file system (e.g., ext3)</li>
<li>Size of the file system</li>
<li>Available space on the file system</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="5"/>
<rolecap/>
</interface>
<interface name="fs_dontaudit_getattr_all_fs" lineno="6585">
<summary>
Do not audit attempts to get the attributes
all filesystems.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_all_access_check" lineno="6604">
<summary>
Do not audit attempts to check the
access on all filesystems.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_get_all_fs_quotas" lineno="6624">
<summary>
Get the quotas of all filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_set_all_quotas" lineno="6643">
<summary>
Set the quotas of all filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_relabelfrom_all_fs" lineno="6661">
<summary>
Relabelfrom all filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_all_dirs" lineno="6680">
<summary>
Get the attributes of all directories
with a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_getattr_all_dirs" lineno="6699">
<summary>
Dontaudit Get the attributes of all directories
with a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_map_all_dirs" lineno="6718">
<summary>
Dontaudit map of all directories
with a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_all" lineno="6736">
<summary>
Search all directories with a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_all" lineno="6754">
<summary>
List all directories with a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_all_files" lineno="6773">
<summary>
Get the attributes of all files with
a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_getattr_all_files" lineno="6792">
<summary>
Do not audit attempts to get the attributes
of all files with a filesystem type.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_getattr_all_symlinks" lineno="6811">
<summary>
Get the attributes of all symbolic links with
a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_getattr_all_symlinks" lineno="6830">
<summary>
Do not audit attempts to get the attributes
of all symbolic links with a filesystem type.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_getattr_all_pipes" lineno="6849">
<summary>
Get the attributes of all named pipes with
a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_getattr_all_pipes" lineno="6868">
<summary>
Do not audit attempts to get the attributes
of all named pipes with a filesystem type.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_getattr_all_sockets" lineno="6887">
<summary>
Get the attributes of all named sockets with
a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_getattr_all_sockets" lineno="6906">
<summary>
Do not audit attempts to get the attributes
of all named sockets with a filesystem type.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_getattr_all_blk_files" lineno="6925">
<summary>
Get the attributes of all block device nodes with
a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_all_chr_files" lineno="6944">
<summary>
Get the attributes of all character device nodes with
a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unconfined" lineno="6962">
<summary>
Unconfined access to filesystems
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_leaks" lineno="6981">
<summary>
Do not audit attempts to read or write
all leaked filesystems files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_tmpfs_filetrans_named_content" lineno="7001">
<summary>
Transition named content in tmpfs_t directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_efivarfs_files" lineno="7024">
<summary>
Read files in efivarfs
- contains Linux Kernel configuration options for UEFI systems
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_manage_efivarfs_files" lineno="7043">
<summary>
Manage efivarfs files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_search_efivarfs_dirs" lineno="7061">
<summary>
Search efivarfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_setattr_efivarfs_files" lineno="7080">
<summary>
Set the attributes of efivarfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_onload_sockets" lineno="7099">
<summary>
Read and write sockets of ONLOAD file system pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_tracefs_dirs" lineno="7120">
<summary>
Search tracefs_t directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_tracefs_files" lineno="7138">
<summary>
Read and write tracefs_t files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_tracefs_dirs" lineno="7158">
<summary>
Create, read, write, and delete dirs
labeled as tracefs_t.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_mount_tracefs" lineno="7176">
<summary>
Mount tracefs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_tracefs" lineno="7194">
<summary>
Remount tracefs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_tracefs" lineno="7212">
<summary>
Unmount tracefs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="kernel" filename="policy/modules/kernel/kernel.if">
<summary>
Policy for kernel threads, proc filesystem,
and unlabeled processes and objects.
</summary>
<required val="true">
This module has initial SIDs.
</required>
<interface name="kernel_domtrans_to" lineno="25">
<summary>
Allows to start userland processes
by transitioning to the specified domain.
</summary>
<param name="domain">
<summary>
The process type entered by kernel.
</summary>
</param>
<param name="entrypoint">
<summary>
The executable type for the entrypoint.
</summary>
</param>
</interface>
<interface name="kernel_ranged_domtrans_to" lineno="55">
<summary>
Allows to start userland processes
by transitioning to the specified domain,
with a range transition.
</summary>
<param name="domain">
<summary>
The process type entered by kernel.
</summary>
</param>
<param name="entrypoint">
<summary>
The executable type for the entrypoint.
</summary>
</param>
<param name="range">
<summary>
Range for the domain.
</summary>
</param>
</interface>
<interface name="kernel_rootfs_mountpoint" lineno="83">
<summary>
Allows the kernel to mount filesystems on
the specified directory type.
</summary>
<param name="directory_type">
<summary>
The type of the directory to use as a mountpoint.
</summary>
</param>
</interface>
<interface name="kernel_setpgid" lineno="101">
<summary>
Set the process group of kernel threads.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_setsched" lineno="119">
<summary>
Set the priority of kernel threads.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_setsched" lineno="137">
<summary>
Dontaudit attempts to set the priority of kernel threads.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_getsched" lineno="155">
<summary>
Get scheduling policy and attributes of kernel threads.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_sigchld" lineno="173">
<summary>
Send a SIGCHLD signal to kernel threads.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_kill" lineno="191">
<summary>
Send a kill signal to kernel threads.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_signal" lineno="209">
<summary>
Send a generic signal to kernel threads.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_signull" lineno="227">
<summary>
Send signull to kernel threads.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_share_state" lineno="246">
<summary>
Allows the kernel to share state information with
the caller.
</summary>
<param name="domain">
<summary>
The type of the process with which to share state information.
</summary>
</param>
</interface>
<interface name="kernel_use_fds" lineno="264">
<summary>
Permits caller to use kernel file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_use_fds" lineno="283">
<summary>
Do not audit attempts to use
kernel file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_rw_pipes" lineno="301">
<summary>
Read and write kernel unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_stream_connect" lineno="320">
<summary>
Connect to kernel using a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_rw_unix_dgram_sockets" lineno="338">
<summary>
Read and write kernel unix datagram sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dgram_send" lineno="356">
<summary>
Send messages to kernel unix datagram sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_tcp_recvfrom" lineno="374">
<summary>
Receive messages from kernel TCP sockets.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_udp_send" lineno="388">
<summary>
Send UDP network traffic to the kernel.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_udp_recvfrom" lineno="402">
<summary>
Receive messages from kernel UDP sockets.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_load_module" lineno="416">
<summary>
Allows caller to load kernel modules
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_load_unsigned_module" lineno="434">
<summary>
Allows caller to load unsigned kernel modules
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_search_key" lineno="448">
<summary>
Allow search the kernel key ring.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_search_key" lineno="466">
<summary>
dontaudit search the kernel key ring.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_link_key" lineno="484">
<summary>
Allow link to the kernel key ring.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_link_key" lineno="502">
<summary>
dontaudit link to the kernel key ring.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_rw_key" lineno="520">
<summary>
Allow read, view, and write the kernel key ring.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_read_key" lineno="538">
<summary>
Allow read the kernel key ring.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_view_key" lineno="556">
<summary>
Allow view the kernel key ring.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_view_key" lineno="574">
<summary>
dontaudit view the kernel key ring.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_read_ring_buffer" lineno="592">
<summary>
Allows caller to read the ring buffer.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_dontaudit_read_ring_buffer" lineno="611">
<summary>
Do not audit attempts to read the ring buffer.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_change_ring_buffer_level" lineno="630">
<summary>
Change the level of kernel messages logged to the console.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_clear_ring_buffer" lineno="658">
<summary>
Allows the caller to clear the ring buffer.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_request_load_module" lineno="698">
<summary>
Allows caller to request the kernel to load a module
</summary>
<desc>
<p>
Allow the specified domain to request that the kernel
load a kernel module.  An example of this is the
auto-loading of network drivers when doing an
ioctl() on a network interface.
</p>
<p>
In the specific case of a module loading request
on a network interface, the domain will also
need the net_admin capability.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_request_load_module" lineno="716">
<summary>
Do not audit requests to the kernel to load a module.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_get_sysvipc_info" lineno="734">
<summary>
Get information on all System V IPC objects.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_getattr_debugfs" lineno="752">
<summary>
Get the attributes of a kernel debugging filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_mount_debugfs" lineno="770">
<summary>
Mount a kernel debugging filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_unmount_debugfs" lineno="788">
<summary>
Unmount a kernel debugging filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_remount_debugfs" lineno="806">
<summary>
Remount a kernel debugging filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_search_debugfs" lineno="824">
<summary>
Search the contents of a kernel debugging filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_search_debugfs" lineno="842">
<summary>
Do not audit attempts to search the kernel debugging filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_read_debugfs" lineno="860">
<summary>
Read information from the debugging filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_write_debugfs_dirs" lineno="880">
<summary>
Do not audit attempts to write kernel debugging filesystem dirs.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_manage_debugfs" lineno="898">
<summary>
Manage information from the debugging filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_mount_kvmfs" lineno="918">
<summary>
Mount a kernel VM filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_mount_proc" lineno="936">
<summary>
Mount the proc filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_unmount_proc" lineno="954">
<summary>
Unmount the proc filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_mounton_proc" lineno="972">
<summary>
Mounton a proc filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_getattr_proc" lineno="990">
<summary>
Get the attributes of the proc filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_setattr_proc_dirs" lineno="1009">
<summary>
Do not audit attempts to set the
attributes of directories in /proc.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_setattr_proc_files" lineno="1028">
<summary>
Do not audit attempts to set the
attributes of files in /proc.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_search_proc" lineno="1046">
<summary>
Search directories in /proc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_list_proc" lineno="1064">
<summary>
List the contents of directories in /proc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_list_proc" lineno="1083">
<summary>
Do not audit attempts to list the
contents of directories in /proc.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_write_proc_dirs" lineno="1102">
<summary>
Do not audit attempts to write the
directories in /proc.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_getattr_proc_files" lineno="1120">
<summary>
Get the attributes of files in /proc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_read_proc_files" lineno="1138">
<summary>
Read generic files in /proc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_read_proc_symlinks" lineno="1165">
<summary>
Read generic symbolic links in /proc.
</summary>
<desc>
<p>
Allow the specified domain to read (follow) generic
symbolic links (symlinks) in the proc filesystem (/proc).
This interface does not include access to the targets of
these links.  An example symlink is /proc/self.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="kernel_read_system_state" lineno="1204">
<summary>
Allows caller to read system state information in /proc.
</summary>
<desc>
<p>
Allow the specified domain to read general system
state information from the proc filesystem (/proc).
</p>
<p>
Generally it should be safe to allow this access.  Some
example files that can be read based on this interface:
</p>
<ul>
<li>/proc/cpuinfo</li>
<li>/proc/meminfo</li>
<li>/proc/uptime</li>
</ul>
<p>
This does not allow access to sysctl entries (/proc/sys/*)
nor process state information (/proc/pid).
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
<rolecap/>
</interface>
<interface name="kernel_write_proc_files" lineno="1227">
<summary>
Write to generic proc entries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_dontaudit_write_proc_files" lineno="1246">
<summary>
Do not audit attempts to write the
file in /proc.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_access_check_proc" lineno="1265">
<summary>
Do not audit attempts to check the
access on generic proc entries.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_read_system_state" lineno="1284">
<summary>
Do not audit attempts by caller to
read system state information in proc.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_read_proc_symlinks" lineno="1303">
<summary>
Do not audit attempts by caller to
read system state information in proc.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_read_afs_state" lineno="1322">
<summary>
Allow caller to read state information for AFS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_afs_state" lineno="1342">
<summary>
Allow caller to read and write state information for AFS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_read_software_raid_state" lineno="1362">
<summary>
Allow caller to read the state information for software raid.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_software_raid_state" lineno="1382">
<summary>
Allow caller to read and set the state information for software raid.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_getattr_core_if" lineno="1402">
<summary>
Allows caller to get attribues of core kernel interface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_getattr_core_if" lineno="1423">
<summary>
Do not audit attempts to get the attributes of
core kernel interfaces.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_read_core_if" lineno="1441">
<summary>
Allows caller to read the core kernel interface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_mounton_core_if" lineno="1464">
<summary>
Allow caller to mounton the kernel messages file
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_read_messages" lineno="1483">
<summary>
Allow caller to read kernel messages
using the /proc/kmsg interface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_mounton_messages" lineno="1504">
<summary>
Allow caller to mounton the kernel messages file
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_getattr_message_if" lineno="1523">
<summary>
Allow caller to get the attributes of kernel message
interface (/proc/kmsg).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_getattr_message_if" lineno="1542">
<summary>
Do not audit attempts by caller to get the attributes of kernel
message interfaces.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_search_network_state" lineno="1562">
<summary>
Do not audit attempts to search the network
state directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>

</interface>
<interface name="kernel_search_network_state" lineno="1581">
<summary>
Allow searching of network state directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>

</interface>
<interface name="kernel_read_network_state" lineno="1611">
<summary>
Read the network state information.
</summary>
<desc>
<p>
Allow the specified domain to read the networking
state information. This includes several pieces
of networking information, such as network interface
names, netfilter (iptables) statistics, protocol
information, routes, and remote procedure call (RPC)
information.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
<rolecap/>
</interface>
<interface name="kernel_read_network_state_symlinks" lineno="1632">
<summary>
Allow caller to read the network state symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_search_xen_state" lineno="1653">
<summary>
Allow searching of xen state directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>

</interface>
<interface name="kernel_dontaudit_search_xen_state" lineno="1673">
<summary>
Do not audit attempts to search the xen
state directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>

</interface>
<interface name="kernel_read_xen_state" lineno="1692">
<summary>
Allow caller to read the xen state information.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>

</interface>
<interface name="kernel_read_xen_state_symlinks" lineno="1714">
<summary>
Allow caller to read the xen state symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>

</interface>
<interface name="kernel_write_xen_state" lineno="1735">
<summary>
Allow caller to write xen state information.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>

</interface>
<interface name="kernel_list_all_proc" lineno="1753">
<summary>
Allow attempts to list all proc directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_mounton_all_proc" lineno="1772">
<summary>
Allow attempts to mounton all proc directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_list_all_proc" lineno="1791">
<summary>
Do not audit attempts to list all proc directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_read_all_proc" lineno="1810">
<summary>
Allow attempts to read all proc types.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_search_sysctl" lineno="1834">
<summary>
Do not audit attempts by caller to search
the base directory of sysctls.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>

</interface>
<interface name="kernel_read_sysctl" lineno="1853">
<summary>
Allow access to read sysctl directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>

</interface>
<interface name="kernel_read_device_sysctls" lineno="1873">
<summary>
Allow caller to read the device sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_device_sysctls" lineno="1894">
<summary>
Read and write device sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_search_vm_sysctl" lineno="1914">
<summary>
Allow caller to search virtual memory sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_read_vm_sysctls" lineno="1933">
<summary>
Allow caller to read virtual memory sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_vm_sysctls" lineno="1954">
<summary>
Read and write virtual memory sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_search_network_sysctl" lineno="1976">
<summary>
Search network sysctl directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_search_network_sysctl" lineno="1994">
<summary>
Do not audit attempts by caller to search network sysctl directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_read_net_sysctls" lineno="2013">
<summary>
Allow caller to read network sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_net_sysctls" lineno="2034">
<summary>
Allow caller to modiry contents of sysctl network files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_read_unix_sysctls" lineno="2056">
<summary>
Allow caller to read unix domain
socket sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_unix_sysctls" lineno="2077">
<summary>
Read and write unix domain
socket sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_read_hotplug_sysctls" lineno="2097">
<summary>
Read the hotplug sysctl.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_rw_hotplug_sysctls" lineno="2111">
<summary>
Read and write the hotplug sysctl.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_read_modprobe_sysctls" lineno="2125">
<summary>
Read the modprobe sysctl.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_rw_modprobe_sysctls" lineno="2139">
<summary>
Read and write the modprobe sysctl.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_mounton_kernel_sysctl" lineno="2153">
<summary>
Allow mounton generic kernel sysctls.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_search_kernel_sysctl" lineno="2172">
<summary>
Do not audit attempts to search generic kernel sysctls.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_read_crypto_sysctls" lineno="2190">
<summary>
Read generic crypto sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_read_kernel_sysctls" lineno="2231">
<summary>
Read general kernel sysctls.
</summary>
<desc>
<p>
Allow the specified domain to read general
kernel sysctl settings. These settings are typically
read using the sysctl program.  The settings
that are included by this interface are prefixed
with "kernel.", for example, kernel.sysrq.
</p>
<p>
This does not include access to the hotplug
handler setting (kernel.hotplug)
nor the module installer handler setting
(kernel.modprobe).
</p>
<p>
Related interfaces:
</p>
<ul>
<li>kernel_rw_kernel_sysctl()</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="kernel_dontaudit_write_kernel_sysctl" lineno="2251">
<summary>
Do not audit attempts to write generic kernel sysctls.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_rw_kernel_sysctl" lineno="2270">
<summary>
Read and write generic kernel sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_read_kernel_ns_lastpid_sysctls" lineno="2291">
<summary>
Read kernel ns lastpid sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_dontaudit_write_kernel_ns_lastpid_sysctl" lineno="2311">
<summary>
Do not audit attempts to write kernel ns lastpid sysctls.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_rw_kernel_ns_lastpid_sysctl" lineno="2330">
<summary>
Read and write kernel ns lastpid sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_read_fs_sysctls" lineno="2351">
<summary>
Read filesystem sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_fs_sysctls" lineno="2372">
<summary>
Read and write fileystem sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_dontaudit_search_fs_sysctl" lineno="2392">
<summary>
Do not audit attempts to search filesystem sysctl directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_read_irq_sysctls" lineno="2411">
<summary>
Read IRQ sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_irq_sysctls" lineno="2432">
<summary>
Read and write IRQ sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_read_rpc_sysctls" lineno="2453">
<summary>
Read RPC sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_rpc_sysctls_dirs" lineno="2475">
<summary>
Read RPC sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_rpc_sysctls" lineno="2494">
<summary>
Read and write RPC sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_create_rpc_sysctls" lineno="2515">
<summary>
Read and write RPC sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_dontaudit_list_all_sysctls" lineno="2534">
<summary>
Do not audit attempts to list all sysctl directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_mounton_all_sysctls" lineno="2553">
<summary>
Allow attempts to mounton all sysctl directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_mounton_systemd_ProtectKernelTunables" lineno="2571">
<summary>
Allow attempts to mounton all filesystems used by ProtectKernelTunables systemd feature.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_getattr_all_sysctls" lineno="2600">
<summary>
Get the attributes of all sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_read_all_sysctls" lineno="2619">
<summary>
Allow caller to read all sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_all_sysctls" lineno="2642">
<summary>
Read and write all sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_kill_unlabeled" lineno="2666">
<summary>
Send a kill signal to unlabeled processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_mount_unlabeled" lineno="2684">
<summary>
Mount a kernel unlabeled filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_unmount_unlabeled" lineno="2702">
<summary>
Unmount a kernel unlabeled filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_signal_unlabeled" lineno="2720">
<summary>
Send general signals to unlabeled processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_signull_unlabeled" lineno="2738">
<summary>
Send a null signal to unlabeled processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_sigstop_unlabeled" lineno="2756">
<summary>
Send a stop signal to unlabeled processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_sigchld_unlabeled" lineno="2774">
<summary>
Send a child terminated signal to unlabeled processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_list_unlabeled" lineno="2792">
<summary>
List unlabeled directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_delete_unlabeled" lineno="2810">
<summary>
Delete unlabeled files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_read_unlabeled_state" lineno="2829">
<summary>
Read the process state (/proc/pid) of all unlabeled_t.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_list_unlabeled" lineno="2849">
<summary>
Do not audit attempts to list unlabeled directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_rw_unlabeled_dirs" lineno="2867">
<summary>
Read and write unlabeled directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_rw_unlabeled_files" lineno="2885">
<summary>
Read and write unlabeled files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_watch_unlabeled_dirs" lineno="2903">
<summary>
Watch unlabeled directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_getattr_unlabeled_files" lineno="2922">
<summary>
Do not audit attempts by caller to get the
attributes of an unlabeled file.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_read_unlabeled_files" lineno="2941">
<summary>
Do not audit attempts by caller to
read an unlabeled file.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_getattr_unlabeled_symlinks" lineno="2960">
<summary>
Do not audit attempts by caller to get the
attributes of unlabeled symbolic links.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_getattr_unlabeled_pipes" lineno="2979">
<summary>
Do not audit attempts by caller to get the
attributes of unlabeled named pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_getattr_unlabeled_sockets" lineno="2998">
<summary>
Do not audit attempts by caller to get the
attributes of unlabeled named sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_getattr_unlabeled_blk_files" lineno="3017">
<summary>
Do not audit attempts by caller to get attributes for
unlabeled block devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_read_unlabeled_lnk_files" lineno="3035">
<summary>
Read unlabeled symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_rw_unlabeled_blk_files" lineno="3053">
<summary>
Read and write unlabeled block device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_rw_unlabeled_socket" lineno="3071">
<summary>
Read and write unlabeled sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_getattr_unlabeled_chr_files" lineno="3090">
<summary>
Do not audit attempts by caller to get attributes for
unlabeled character devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_relabelfrom_unlabeled_dirs" lineno="3108">
<summary>
Allow caller to relabel unlabeled directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_relabelfrom_unlabeled_fs" lineno="3126">
<summary>
Allow caller to relabel unlabeled filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_relabelfrom_unlabeled_files" lineno="3144">
<summary>
Allow caller to relabel unlabeled files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_relabelfrom_unlabeled_symlinks" lineno="3163">
<summary>
Allow caller to relabel unlabeled symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_relabelfrom_unlabeled_pipes" lineno="3182">
<summary>
Allow caller to relabel unlabeled named pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_relabelfrom_unlabeled_sockets" lineno="3201">
<summary>
Allow caller to relabel unlabeled named sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_sendrecv_unlabeled_association" lineno="3235">
<summary>
Send and receive messages from an
unlabeled IPSEC association.
</summary>
<desc>
<p>
Send and receive messages from an
unlabeled IPSEC association.  Network
connections that are not protected
by IPSEC have use an unlabeled
assocation.
</p>
<p>
The corenetwork interface
corenet_non_ipsec_sendrecv() should
be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_sendrecv_unlabeled_association" lineno="3268">
<summary>
Do not audit attempts to send and receive messages
from an	unlabeled IPSEC association.
</summary>
<desc>
<p>
Do not audit attempts to send and receive messages
from an	unlabeled IPSEC association.  Network
connections that are not protected
by IPSEC have use an unlabeled
assocation.
</p>
<p>
The corenetwork interface
corenet_dontaudit_non_ipsec_sendrecv() should
be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_dccp_recvfrom_unlabeled" lineno="3286">
<summary>
Receive DCCP packets from an unlabeled connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_tcp_recvfrom_unlabeled" lineno="3313">
<summary>
Receive TCP packets from an unlabeled connection.
</summary>
<desc>
<p>
Receive TCP packets from an unlabeled connection.
</p>
<p>
The corenetwork interface corenet_tcp_recv_unlabeled() should
be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_dccp_recvfrom_unlabeled" lineno="3332">
<summary>
Do not audit attempts to receive DCCP packets from an unlabeled
connection.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_tcp_recvfrom_unlabeled" lineno="3361">
<summary>
Do not audit attempts to receive TCP packets from an unlabeled
connection.
</summary>
<desc>
<p>
Do not audit attempts to receive TCP packets from an unlabeled
connection.
</p>
<p>
The corenetwork interface corenet_dontaudit_tcp_recv_unlabeled()
should be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_udp_recvfrom_unlabeled" lineno="3388">
<summary>
Receive UDP packets from an unlabeled connection.
</summary>
<desc>
<p>
Receive UDP packets from an unlabeled connection.
</p>
<p>
The corenetwork interface corenet_udp_recv_unlabeled() should
be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_udp_recvfrom_unlabeled" lineno="3417">
<summary>
Do not audit attempts to receive UDP packets from an unlabeled
connection.
</summary>
<desc>
<p>
Do not audit attempts to receive UDP packets from an unlabeled
connection.
</p>
<p>
The corenetwork interface corenet_dontaudit_udp_recv_unlabeled()
should be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_raw_recvfrom_unlabeled" lineno="3444">
<summary>
Receive Raw IP packets from an unlabeled connection.
</summary>
<desc>
<p>
Receive Raw IP packets from an unlabeled connection.
</p>
<p>
The corenetwork interface corenet_raw_recv_unlabeled() should
be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_rw_unlabeled_rawip_socket" lineno="3470">
<summary>
Read/Write Raw IP packets from an unlabeled connection.
</summary>
<desc>
<p>
Receive Raw IP packets from an unlabeled connection.
</p>
<p>
The corenetwork interface corenet_raw_recv_unlabeled() should
be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_rw_unlabeled_smc_socket" lineno="3493">
<summary>
Read/Write smc packets from an unlabeled connection.
</summary>
<desc>
<p>
Receive smc packets from an unlabeled connection.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_rw_unlabeled_vsock_socket" lineno="3516">
<summary>
Read/Write vsock packets from an unlabeled connection.
</summary>
<desc>
<p>
Receive vsock packets from an unlabeled connection.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_raw_recvfrom_unlabeled" lineno="3545">
<summary>
Do not audit attempts to receive Raw IP packets from an unlabeled
connection.
</summary>
<desc>
<p>
Do not audit attempts to receive Raw IP packets from an unlabeled
connection.
</p>
<p>
The corenetwork interface corenet_dontaudit_raw_recv_unlabeled()
should be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_sendrecv_unlabeled_packets" lineno="3575">
<summary>
Send and receive unlabeled packets.
</summary>
<desc>
<p>
Send and receive unlabeled packets.
These packets do not match any netfilter
SECMARK rules.
</p>
<p>
The corenetwork interface
corenet_sendrecv_unlabeled_packets() should
be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_recvfrom_unlabeled_peer" lineno="3603">
<summary>
Receive packets from an unlabeled peer.
</summary>
<desc>
<p>
Receive packets from an unlabeled peer, these packets do not have any
peer labeling information present.
</p>
<p>
The corenetwork interface corenet_recvfrom_unlabeled_peer() should
be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_recvfrom_unlabeled_peer" lineno="3631">
<summary>
Do not audit attempts to receive packets from an unlabeled peer.
</summary>
<desc>
<p>
Do not audit attempts to receive packets from an unlabeled peer,
these packets do not have any peer labeling information present.
</p>
<p>
The corenetwork interface corenet_dontaudit_*_recvfrom_unlabeled()
should be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_relabelfrom_unlabeled_database" lineno="3649">
<summary>
Relabel from unlabeled database objects.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_relabelto_unlabeled" lineno="3686">
<summary>
Relabel to unlabeled context .
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_unconfined" lineno="3704">
<summary>
Unconfined access to kernel module resources.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_stream_read" lineno="3724">
<summary>
Allow the specified domain to getattr on
the kernel with a unix socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_stream_write" lineno="3743">
<summary>
Allow the specified domain to write on
the kernel with a unix socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_rw_stream_socket_perms" lineno="3762">
<summary>
Allow the specified domain to read/write on
the kernel with a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_ioctl_stream_sockets" lineno="3782">
<summary>
Allow the specified domain to ioctl a
kernel with a unix domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_proc_type" lineno="3800">
<summary>
Make the specified type usable for regular entries in proc
</summary>
<param name="type">
<summary>
Type to be used for /proc entries.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_getattr_all_sysctls" lineno="3818">
<summary>
Do not audit attempts by caller to get attributes on all sysctls.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_read_state" lineno="3836">
<summary>
Read the process state (/proc/pid) of the kernel.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_read_state" lineno="3856">
<summary>
Dontaudit attempts to read the process state (/proc/pid) of the kernel.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_search_numa_state" lineno="3877">
<summary>
Allow searching of numa state directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>

</interface>
<interface name="kernel_dontaudit_search_numa_state" lineno="3897">
<summary>
Do not audit attempts to search the numa
state directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>

</interface>
<interface name="kernel_read_numa_state" lineno="3916">
<summary>
Allow caller to read the numa state information.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>

</interface>
<interface name="kernel_read_numa_state_symlinks" lineno="3938">
<summary>
Allow caller to read the numa state symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>

</interface>
<interface name="kernel_write_numa_state" lineno="3959">
<summary>
Allow caller to write numa state information.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>

</interface>
<interface name="kernel_search_vm_overcommit_sysctl" lineno="3977">
<summary>
Allow caller to search virtual memory overcommit sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_read_vm_overcommit_sysctls" lineno="3997">
<summary>
Allow caller to read virtual memory overcommit sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_vm_overcommit_sysctls" lineno="4017">
<summary>
Read and write virtual memory overcommit sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_dontaudit_search_security_state" lineno="4039">
<summary>
Do not audit attempts to search the security
state directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>

</interface>
<interface name="kernel_search_security_state" lineno="4058">
<summary>
Allow searching of security state directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>

</interface>
<interface name="kernel_read_security_state" lineno="4084">
<summary>
Read the security state information.
</summary>
<desc>
<p>
Allow the specified domain to read the security
state information.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
<rolecap/>
</interface>
<interface name="kernel_write_security_state" lineno="4115">
<summary>
Write the security state information.
</summary>
<desc>
<p>
Allow the specified domain to write the security
state information.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
<rolecap/>
</interface>
<interface name="kernel_read_security_state_symlinks" lineno="4133">
<summary>
Allow caller to read the security state symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_ib_access_unlabeled_pkeys" lineno="4153">
<summary>
Access unlabeled infiniband pkeys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_ib_manage_subnet_unlabeled_endports" lineno="4171">
<summary>
Manage subnet on unlabeled Infiniband endports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_rw_security_state" lineno="4189">
<summary>
Allow caller to read the security state symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_search_usermodehelper_state" lineno="4211">
<summary>
Do not audit attempts to search the usermodehelper
state directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>

</interface>
<interface name="kernel_search_usermodehelper_state" lineno="4230">
<summary>
Allow searching of usermodehelper state directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>

</interface>
<interface name="kernel_read_usermodehelper_state" lineno="4260">
<summary>
Read the usermodehelper state information.
</summary>
<desc>
<p>
Allow the specified domain to read the usermodehelpering
state information. This includes several pieces
of usermodehelpering information, such as usermodehelper interface
names, usermodehelperfilter (iptables) statistics, protocol
information, routes, and remote procedure call (RPC)
information.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
<rolecap/>
</interface>
<interface name="kernel_read_usermodehelper_state_symlinks" lineno="4281">
<summary>
Allow caller to read the usermodehelper state symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_rw_usermodehelper_state" lineno="4302">
<summary>
Read and write usermodehelper state
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_dontaudit_write_usermodehelper_state" lineno="4323">
<summary>
Dontaudit write usermodehelper state
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_relabelto_usermodehelper" lineno="4341">
<summary>
Relabel to usermodehelper context .
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_relabelfrom_usermodehelper" lineno="4359">
<summary>
Relabel from usermodehelper context .
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_read_netlink_audit_socket" lineno="4377">
<summary>
Read netlink audit socket
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_unlabeled_domtrans" lineno="4400">
<summary>
Execute an unlabeled file in the specified domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="kernel_unlabeled_entry_type" lineno="4421">
<summary>
Make general progams without labeles an entrypoint for
the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which unlabeled_t is an entrypoint.
</summary>
</param>
</interface>
<interface name="kernel_kexec_load" lineno="4440">
<summary>
Allow the caller load a new kernel
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_write_perf_event" lineno="4454">
<summary>
Allow the caller write perf_event
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_manage_perf_event" lineno="4473">
<summary>
Allow the caller manage perf_event
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_prog_run_bpf" lineno="4489">
<summary>
Allow caller domain to run bpf.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<bool name="secure_mode_insmod" dftval="false">
<desc>
<p>
Disable kernel module loading.
</p>
</desc>
</bool>
</module>
<module name="mcs" filename="policy/modules/kernel/mcs.if">
<summary>Multicategory security policy</summary>
<required val="true">
Contains attributes used in MCS policy.
</required>
<interface name="mcs_constrained" lineno="26">
<summary>
Constrain by category access control (MCS).
</summary>
<desc>
<p>
Constrain the specified type by category based
access control (MCS) This prevents this domain from
interacting with subjects and operating on objects
that it otherwise would be able to interact
with or operate on respectively.
</p>
</desc>
<param name="domain">
<summary>
Type to be constrained by MCS.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="mcs_file_read_all" lineno="46">
<summary>
This domain is allowed to read files and directories
regardless of their MCS category set.
</summary>
<param name="domain">
<summary>
Domain target for user exemption.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mcs_file_write_all" lineno="62">
<summary>
This domain is allowed to write files and directories
regardless of their MCS category set.
</summary>
<param name="domain">
<summary>
Domain target for user exemption.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mcs_killall" lineno="78">
<summary>
This domain is allowed to sigkill and sigstop
all domains regardless of their MCS category set.
</summary>
<param name="domain">
<summary>
Domain target for user exemption.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mcs_ptrace_all" lineno="94">
<summary>
This domain is allowed to ptrace
all domains regardless of their MCS
category set.
</summary>
<param name="domain">
<summary>
Domain target for user exemption.
</summary>
</param>
</interface>
<interface name="mcs_process_set_categories" lineno="110">
<summary>
Make specified domain MCS trusted
for setting any category set for
the processes it executes.
</summary>
<param name="domain">
<summary>
Domain target for user exemption.
</summary>
</param>
</interface>
<interface name="mcs_socket_write_all_levels" lineno="130">
<summary>
Make specified domain MCS trusted
for writing to sockets at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="mls" filename="policy/modules/kernel/mls.if">
<summary>Multilevel security policy</summary>
<desc>
<p>
This module contains interfaces for handling multilevel
security.  The interfaces allow the specified subjects
and objects to be allowed certain privileges in the
MLS rules.
</p>
</desc>
<required val="true">
Contains attributes used in MLS policy.
</required>
<interface name="mls_file_read_to_clearance" lineno="26">
<summary>
Make specified domain MLS trusted
for reading from files up to its clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_file_read_up" lineno="55">
<summary>
Make specified domain MLS trusted
for reading from files at all levels.  (Deprecated)
</summary>
<desc>
<p>
Make specified domain MLS trusted
for reading from files at all levels.
</p>
<p>
This interface has been deprecated, please use
mls_file_read_all_levels() instead.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mls_file_read_all_levels" lineno="72">
<summary>
Make specified domain MLS trusted
for reading from files at all levels.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_file_write_to_clearance" lineno="92">
<summary>
Make specified domain MLS trusted
for write to files up to its clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_file_relabel_to_clearance" lineno="112">
<summary>
Make specified domain MLS trusted
for relabelto to files up to its clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_file_write_down" lineno="141">
<summary>
Make specified domain MLS trusted
for writing to files at all levels.  (Deprecated)
</summary>
<desc>
<p>
Make specified domain MLS trusted
for writing to files at all levels.
</p>
<p>
This interface has been deprecated, please use
mls_file_write_all_levels() instead.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mls_file_write_all_levels" lineno="158">
<summary>
Make specified domain MLS trusted
for writing to files at all levels.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_file_upgrade" lineno="178">
<summary>
Make specified domain MLS trusted
for raising the level of files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_file_downgrade" lineno="198">
<summary>
Make specified domain MLS trusted
for lowering the level of files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_file_write_within_range" lineno="220">
<summary>
Make specified domain trusted to
be written to within its MLS range.
The subject's MLS range must be a
proper subset of the object's MLS range.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_socket_read_all_levels" lineno="240">
<summary>
Make specified domain MLS trusted
for reading from sockets at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_socket_read_to_clearance" lineno="261">
<summary>
Make specified domain MLS trusted
for reading from sockets at any level
that is dominated by the process clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_socket_write_to_clearance" lineno="282">
<summary>
Make specified domain MLS trusted
for writing to sockets up to
its clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_socket_write_all_levels" lineno="302">
<summary>
Make specified domain MLS trusted
for writing to sockets at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_net_receive_all_levels" lineno="323">
<summary>
Make specified domain MLS trusted
for receiving network data from
network interfaces or hosts at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_net_write_within_range" lineno="345">
<summary>
Make specified domain trusted to
write to network objects within its MLS range.
The subject's MLS range must be a
proper subset of the object's MLS range.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_net_inbound_all_levels" lineno="366">
<summary>
Make specified domain trusted to
write inbound packets regardless of the
network's or node's MLS range.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_net_outbound_all_levels" lineno="387">
<summary>
Make specified domain trusted to
write outbound packets regardless of the
network's or node's MLS range.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_sysvipc_read_to_clearance" lineno="408">
<summary>
Make specified domain MLS trusted
for reading from System V IPC objects
up to its clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_sysvipc_read_all_levels" lineno="429">
<summary>
Make specified domain MLS trusted
for reading from System V IPC objects
at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_sysvipc_write_to_clearance" lineno="450">
<summary>
Make specified domain MLS trusted
for writing to System V IPC objects
up to its clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_sysvipc_write_all_levels" lineno="471">
<summary>
Make specified domain MLS trusted
for writing to System V IPC objects
at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_rangetrans_source" lineno="491">
<summary>
Allow the specified domain to do a MLS
range transition that changes
the current level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mls_rangetrans_target" lineno="511">
<summary>
Make specified domain a target domain
for MLS range transitions that change
the current level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mls_process_read_to_clearance" lineno="532">
<summary>
Make specified domain MLS trusted
for reading from processes up to
its clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_process_read_up" lineno="561">
<summary>
Make specified domain MLS trusted
for reading from processes at all levels.  (Deprecated)
</summary>
<desc>
<p>
Make specified domain MLS trusted
for reading from processes at all levels.
</p>
<p>
This interface has been deprecated, please use
mls_process_read_all_levels() instead.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mls_process_read_all_levels" lineno="578">
<summary>
Make specified domain MLS trusted
for reading from processes at all levels.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_process_write_to_clearance" lineno="599">
<summary>
Make specified domain MLS trusted
for writing to processes up to
its clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_process_write_down" lineno="628">
<summary>
Make specified domain MLS trusted
for writing to processes at all levels.  (Deprecated)
</summary>
<desc>
<p>
Make specified domain MLS trusted
for writing to processes at all levels.
</p>
<p>
This interface has been deprecated, please use
mls_process_write_all_levels() instead.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mls_process_write_all_levels" lineno="645">
<summary>
Make specified domain MLS trusted
for writing to processes at all levels.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_process_set_level" lineno="666">
<summary>
Make specified domain MLS trusted
for setting the level of processes
it executes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_xwin_read_to_clearance" lineno="686">
<summary>
Make specified domain MLS trusted
for reading from X objects up to its clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_xwin_read_all_levels" lineno="706">
<summary>
Make specified domain MLS trusted
for reading from X objects at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_xwin_write_to_clearance" lineno="726">
<summary>
Make specified domain MLS trusted
for write to X objects up to its clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_xwin_write_all_levels" lineno="746">
<summary>
Make specified domain MLS trusted
for writing to X objects at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_colormap_read_all_levels" lineno="766">
<summary>
Make specified domain MLS trusted
for reading from X colormaps at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_colormap_write_all_levels" lineno="786">
<summary>
Make specified domain MLS trusted
for writing to X colormaps at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_trusted_object" lineno="815">
<summary>
Make specified object MLS trusted.
</summary>
<desc>
<p>
Make specified object MLS trusted.  This
allows all levels to read and write the
object.
</p>
<p>
This currently only applies to filesystem
objects, for example, files and directories.
</p>
</desc>
<param name="domain">
<summary>
The type of the object.
</summary>
</param>
</interface>
<interface name="mls_fd_use_all_levels" lineno="836">
<summary>
Make the specified domain trusted
to inherit and use file descriptors
from all levels.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_fd_share_all_levels" lineno="857">
<summary>
Make the file descriptors from the
specifed domain inheritable by
all levels.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_context_translate_all_levels" lineno="877">
<summary>
Make specified domain MLS trusted
for translating contexts at all levels.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_db_read_all_levels" lineno="897">
<summary>
Make specified domain MLS trusted
for reading from databases at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_db_write_all_levels" lineno="917">
<summary>
Make specified domain MLS trusted
for writing to databases at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_db_upgrade" lineno="937">
<summary>
Make specified domain MLS trusted
for raising the level of databases.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_db_downgrade" lineno="957">
<summary>
Make specified domain MLS trusted
for lowering the level of databases.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_dbus_send_all_levels" lineno="977">
<summary>
Make specified domain MLS trusted
for sending dbus messages to
all levels.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_dbus_recv_all_levels" lineno="998">
<summary>
Make specified domain MLS trusted
for receiving dbus messages from
all levels.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="selinux" filename="policy/modules/kernel/selinux.if">
<summary>
Policy for kernel security interface, in particular, selinuxfs.
</summary>
<required val="true">
Contains the policy for the kernel SELinux security interface.
</required>
<interface name="selinux_labeled_boolean" lineno="34">
<summary>
Make the specified type used for labeling SELinux Booleans.
This interface is only usable in the base module.
</summary>
<desc>
<p>
Make the specified type used for labeling SELinux Booleans.
</p>
<p>
This makes use of genfscon statements, which are only
available in the base module.  Thus any module which calls this
interface must be included in the base module.
</p>
</desc>
<param name="type">
<summary>
Type used for labeling a Boolean.
</summary>
</param>
<param name="boolean">
<summary>
Name of the Boolean.
</summary>
</param>
</interface>
<interface name="selinux_get_fs_mount" lineno="56">
<summary>
Get the mountpoint of the selinuxfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_dontaudit_get_fs_mount" lineno="85">
<summary>
Do not audit attempts to get the mountpoint
of the selinuxfs filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="selinux_mount_fs" lineno="111">
<summary>
Mount the selinuxfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_remount_fs" lineno="133">
<summary>
Remount the selinuxfs filesystem.
This allows some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_unmount_fs" lineno="154">
<summary>
Unmount the selinuxfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_getattr_fs" lineno="175">
<summary>
Get the attributes of the selinuxfs filesystem
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_dontaudit_getattr_fs" lineno="195">
<summary>
Do not audit attempts to get the
attributes of the selinuxfs filesystem
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="selinux_dontaudit_getattr_dir" lineno="214">
<summary>
Do not audit attempts to get the
attributes of the selinuxfs directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="selinux_search_fs" lineno="232">
<summary>
Search selinuxfs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_dontaudit_search_fs" lineno="256">
<summary>
Do not audit attempts to search selinuxfs.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="selinux_mounton_fs" lineno="274">
<summary>
Mount on selinuxfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_dontaudit_read_fs" lineno="297">
<summary>
Do not audit attempts to read
generic selinuxfs entries
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="selinux_get_enforce_mode" lineno="319">
<summary>
Allows the caller to get the mode of policy enforcement
(enforcing or permissive mode).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_set_enforce_mode" lineno="353">
<summary>
Allow caller to set the mode of policy enforcement
(enforcing or permissive mode).
</summary>
<desc>
<p>
Allow caller to set the mode of policy enforcement
(enforcing or permissive mode).
</p>
<p>
Since this is a security event, this action is
always audited.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_load_policy" lineno="375">
<summary>
Allow caller to load the policy into the kernel.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_read_policy" lineno="398">
<summary>
Allow caller to read the policy from the kernel.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_set_boolean" lineno="437">
<summary>
Allow caller to set the state of Booleans to
enable or disable conditional portions of the policy.  (Deprecated)
</summary>
<desc>
<p>
Allow caller to set the state of Booleans to
enable or disable conditional portions of the policy.
</p>
<p>
Since this is a security event, this action is
always audited.
</p>
<p>
This interface has been deprecated.  Please use
selinux_set_generic_booleans() or selinux_set_all_booleans()
instead.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_set_generic_booleans" lineno="464">
<summary>
Allow caller to set the state of generic Booleans to
enable or disable conditional portions of the policy.
</summary>
<desc>
<p>
Allow caller to set the state of generic Booleans to
enable or disable conditional portions of the policy.
</p>
<p>
Since this is a security event, this action is
always audited.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_set_all_booleans" lineno="500">
<summary>
Allow caller to set the state of all Booleans to
enable or disable conditional portions of the policy.
</summary>
<desc>
<p>
Allow caller to set the state of all Booleans to
enable or disable conditional portions of the policy.
</p>
<p>
Since this is a security event, this action is
always audited.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_set_parameters" lineno="538">
<summary>
Allow caller to set SELinux access vector cache parameters.
</summary>
<desc>
<p>
Allow caller to set SELinux access vector cache parameters.
The allows the domain to set performance related parameters
of the AVC, such as cache threshold.
</p>
<p>
Since this is a security event, this action is
always audited.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_validate_context" lineno="565">
<summary>
Allows caller to validate security contexts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_dontaudit_validate_context" lineno="589">
<summary>
Do not audit attempts to validate security contexts.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_compute_access_vector" lineno="610">
<summary>
Allows caller to compute an access vector.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_compute_create_context" lineno="634">
<summary>
Calculate the default type for object creation.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_compute_member" lineno="658">
<summary>
Allows caller to compute polyinstatntiated
directory members.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_compute_relabel_context" lineno="690">
<summary>
Calculate the context for relabeling objects.
</summary>
<desc>
<p>
Calculate the context for relabeling objects.
This is determined by using the type_change
rules in the policy, and is generally used
for determining the context for relabeling
a terminal when a user logs in.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_setcheckreqprot" lineno="713">
<summary>
Allows caller to setcheckreqprot
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_compute_user_contexts" lineno="736">
<summary>
Allows caller to compute possible contexts for a user.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_unconfined" lineno="759">
<summary>
Unconfined access to the SELinux kernel security server.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_genbool" lineno="781">
<summary>
Generate a file context for a boolean type
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_read_security_files" lineno="802">
<summary>
Allow caller to read security_t files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<bool name="secure_mode_policyload" dftval="false">
<desc>
<p>
Boolean to determine whether the system permits loading policy, setting
enforcing mode, and changing boolean values.  Set this to true and you
have to reboot to set it back.
</p>
</desc>
</bool>
</module>
<module name="storage" filename="policy/modules/kernel/storage.if">
<summary>Policy controlling access to storage devices</summary>
<interface name="storage_getattr_fixed_disk_dev" lineno="14">
<summary>
Allow the caller to get the attributes of fixed disk
device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_rw_inherited_fixed_disk_dev" lineno="34">
<summary>
Allow the caller to read/write inherited fixed disk
device nodes.
</summary>
<param name="domain">
<summary>
The domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_getattr_fixed_disk_dev" lineno="58">
<summary>
Do not audit attempts made by the caller to get
the attributes of fixed disk device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="storage_setattr_fixed_disk_dev" lineno="78">
<summary>
Allow the caller to set the attributes of fixed disk
device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_setattr_fixed_disk_dev" lineno="98">
<summary>
Do not audit attempts made by the caller to set
the attributes of fixed disk device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="storage_raw_read_fixed_disk" lineno="119">
<summary>
Allow the caller to directly read from a fixed disk.
This is extremly dangerous as it can bypass the
SELinux protections for filesystem objects, and
should only be used by trusted domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_read_fixed_disk" lineno="144">
<summary>
Do not audit attempts made by the caller to read
fixed disk device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="storage_raw_write_fixed_disk" lineno="167">
<summary>
Allow the caller to directly write to a fixed disk.
This is extremly dangerous as it can bypass the
SELinux protections for filesystem objects, and
should only be used by trusted domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_write_fixed_disk" lineno="190">
<summary>
Do not audit attempts made by the caller to write
fixed disk device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="storage_raw_rw_fixed_disk" lineno="212">
<summary>
Allow the caller to directly read and write to a fixed disk.
This is extremly dangerous as it can bypass the
SELinux protections for filesystem objects, and
should only be used by trusted domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_watch_fixed_disk_dev" lineno="228">
<summary>
Allow the caller to watch fixed disk device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_create_fixed_disk_dev" lineno="247">
<summary>
Allow the caller to create fixed disk device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_delete_fixed_disk_dev" lineno="268">
<summary>
Allow the caller to create fixed disk device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_manage_fixed_disk" lineno="287">
<summary>
Create, read, write, and delete fixed disk device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_dev_filetrans_fixed_disk" lineno="316">
<summary>
Create block devices in /dev with the fixed disk type
via an automatic type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="filename" optional="true">
<summary>
Optional filename of the block device to be created
</summary>
</param>
</interface>
<interface name="storage_dev_filetrans_named_fixed_disk" lineno="335">
<summary>
Create block devices in /dev with the fixed disk type
via an automatic type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_tmpfs_filetrans_fixed_disk" lineno="377">
<summary>
Create block devices in on a tmpfs filesystem with the
fixed disk type via an automatic type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_tmp_filetrans_fixed_disk" lineno="396">
<summary>
Create block devices in on a tmp filesystem with the
fixed disk type via an automatic type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_relabel_fixed_disk" lineno="414">
<summary>
Relabel fixed disk device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_swapon_fixed_disk" lineno="433">
<summary>
Enable a fixed disk device as swap space
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_getattr_fuse_dev" lineno="453">
<summary>
Allow the caller to get the attributes
of device nodes of fuse devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_rw_fuse" lineno="472">
<summary>
read or write fuse device interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_rw_fuse" lineno="491">
<summary>
Do not audit attempts to read or write
fuse device interfaces.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="storage_getattr_scsi_generic_dev" lineno="510">
<summary>
Allow the caller to get the attributes of
the generic SCSI interface device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_setattr_scsi_generic_dev" lineno="530">
<summary>
Allow the caller to set the attributes of
the generic SCSI interface device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_read_scsi_generic" lineno="553">
<summary>
Allow the caller to directly read, in a
generic fashion, from any SCSI device.
This is extremly dangerous as it can bypass the
SELinux protections for filesystem objects, and
should only be used by trusted domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_write_scsi_generic" lineno="578">
<summary>
Allow the caller to directly write, in a
generic fashion, from any SCSI device.
This is extremly dangerous as it can bypass the
SELinux protections for filesystem objects, and
should only be used by trusted domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_rw_inherited_scsi_generic" lineno="604">
<summary>
Allow the caller to directly read and write, in a
generic fashion, from any SCSI device.
This is extremly dangerous as it can bypass the
SELinux protections for filesystem objects, and
should only be used by trusted domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_setattr_scsi_generic_dev_dev" lineno="629">
<summary>
Set attributes of the device nodes
for the SCSI generic inerface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_rw_scsi_generic" lineno="649">
<summary>
Do not audit attempts to read or write
SCSI generic device interfaces.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="storage_getattr_removable_dev" lineno="668">
<summary>
Allow the caller to get the attributes of removable
devices device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_getattr_removable_dev" lineno="688">
<summary>
Do not audit attempts made by the caller to get
the attributes of removable devices device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_read_removable_device" lineno="707">
<summary>
Do not audit attempts made by the caller to read
removable devices device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_write_removable_device" lineno="727">
<summary>
Do not audit attempts made by the caller to write
removable devices device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="storage_setattr_removable_dev" lineno="746">
<summary>
Allow the caller to set the attributes of removable
devices device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_setattr_removable_dev" lineno="766">
<summary>
Do not audit attempts made by the caller to set
the attributes of removable devices device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="storage_raw_read_removable_device" lineno="788">
<summary>
Allow the caller to directly read from
a removable device.
This is extremly dangerous as it can bypass the
SELinux protections for filesystem objects, and
should only be used by trusted domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_raw_read_removable_device" lineno="807">
<summary>
Do not audit attempts to directly read removable devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="storage_raw_write_removable_device" lineno="829">
<summary>
Allow the caller to directly write to
a removable device.
This is extremly dangerous as it can bypass the
SELinux protections for filesystem objects, and
should only be used by trusted domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_raw_write_removable_device" lineno="848">
<summary>
Do not audit attempts to directly write removable devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="storage_rw_inherited_removable_device" lineno="866">
<summary>
Alow read and write inherited removable devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="storage_read_tape" lineno="885">
<summary>
Allow the caller to directly read
a tape device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_write_tape" lineno="905">
<summary>
Allow the caller to directly read
a tape device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_getattr_tape_dev" lineno="925">
<summary>
Allow the caller to get the attributes
of device nodes of tape devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_setattr_tape_dev" lineno="945">
<summary>
Allow the caller to set the attributes
of device nodes of tape devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_unconfined" lineno="964">
<summary>
Unconfined access to storage devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_filetrans_all_named_dev" lineno="982">
<summary>
Create all named devices with the correct label
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="terminal" filename="policy/modules/kernel/terminal.if">
<summary>Policy for terminals.</summary>
<required val="true">
Depended on by other required modules.
</required>
<interface name="term_pty" lineno="16">
<summary>
Transform specified type into a pty type.
</summary>
<param name="pty_type">
<summary>
An object type that will applied to a pty.
</summary>
</param>
</interface>
<interface name="term_user_pty" lineno="45">
<summary>
Transform specified type into an user
pty type. This allows it to be relabeled via
type change by login programs such as ssh.
</summary>
<param name="userdomain">
<summary>
The type of the user domain associated with
this pty.
</summary>
</param>
<param name="object_type">
<summary>
An object type that will applied to a pty.
</summary>
</param>
</interface>
<interface name="term_login_pty" lineno="65">
<summary>
Transform specified type into a pty type
used by login programs, such as sshd.
</summary>
<param name="pty_type">
<summary>
An object type that will applied to a pty.
</summary>
</param>
</interface>
<interface name="term_tty" lineno="84">
<summary>
Transform specified type into a tty type.
</summary>
<param name="tty_type">
<summary>
An object type that will applied to a tty.
</summary>
</param>
</interface>
<interface name="term_user_tty" lineno="110">
<summary>
Transform specified type into a user tty type.
</summary>
<param name="domain">
<summary>
User domain that is related to this tty.
</summary>
</param>
<param name="tty_type">
<summary>
An object type that will applied to a tty.
</summary>
</param>
</interface>
<interface name="term_create_pty_dir" lineno="144">
<summary>
Create the /dev/pts directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_create_pty" lineno="168">
<summary>
Create a pty in the /dev/pts directory.
</summary>
<param name="domain">
<summary>
The type of the process creating the pty.
</summary>
</param>
<param name="pty_type">
<summary>
The type of the pty.
</summary>
</param>
</interface>
<interface name="term_write_all_terms" lineno="194">
<summary>
Write the console, all
ttys and all ptys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_use_all_terms" lineno="217">
<summary>
Read and write the console, all
ttys and all ptys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_use_all_inherited_terms" lineno="240">
<summary>
Read and write the inherited console, all inherited
ttys and ptys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_write_console" lineno="260">
<summary>
Write to the console.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_read_console" lineno="280">
<summary>
Read from the console.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_read_console" lineno="300">
<summary>
Do not audit attempts to read from the console.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_use_console" lineno="318">
<summary>
Read from and write to the console.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_dontaudit_use_console" lineno="338">
<summary>
Do not audit attemtps to read from
or write to the console.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_setattr_console" lineno="361">
<summary>
Set the attributes of the console
device node.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_relabel_console" lineno="380">
<summary>
Relabel from and to the console type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_create_console_dev" lineno="399">
<summary>
Create the console device (/dev/console).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_watch_console_dev" lineno="419">
<summary>
Watch the console device (/dev/console).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_watch_reads_console_dev" lineno="437">
<summary>
Watch_reads the console device (/dev/console).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_getattr_pty_fs" lineno="455">
<summary>
Get the attributes of a pty filesystem
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_mount_pty_fs" lineno="473">
<summary>
Mount a pty filesystem
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_unmount_pty_fs" lineno="491">
<summary>
Unmount a pty filesystem
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_relabel_pty_fs" lineno="509">
<summary>
Relabel from and to pty filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_dontaudit_getattr_pty_dirs" lineno="529">
<summary>
Do not audit attempts to get the
attributes of the /dev/pts directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_search_ptys" lineno="547">
<summary>
Search the contents of the /dev/pts directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_dontaudit_search_ptys" lineno="567">
<summary>
Do not audit attempts to search the
contents of the /dev/pts directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_list_ptys" lineno="587">
<summary>
Read the /dev/pts directory to
list all ptys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_relabel_ptys_dirs" lineno="606">
<summary>
Relabel the /dev/pts directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_dontaudit_list_ptys" lineno="625">
<summary>
Do not audit attempts to read the
/dev/pts directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_dontaudit_manage_pty_dirs" lineno="644">
<summary>
Do not audit attempts to create, read,
write, or delete the /dev/pts directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_getattr_generic_ptys" lineno="662">
<summary>
Get the attributes of generic pty devices.
</summary>
<param name="domain">
<summary>
Domain to allow
</summary>
</param>
</interface>
<interface name="term_dontaudit_getattr_generic_ptys" lineno="680">
<summary>
Do not audit attempts to get the attributes
of generic pty devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_ioctl_generic_ptys" lineno="698">
<summary>
ioctl of generic pty devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_setattr_generic_ptys" lineno="720">
<summary>
Allow setting the attributes of
generic pty devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_dontaudit_setattr_generic_ptys" lineno="740">
<summary>
Dontaudit setting the attributes of
generic pty devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_use_generic_ptys" lineno="760">
<summary>
Read and write the generic pty
type.  This is generally only used in
the targeted policy.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_dontaudit_use_generic_ptys" lineno="782">
<summary>
Do not audit attempts to read and
write the generic pty type.  This is
generally only used in the targeted policy.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_setattr_controlling_term" lineno="801">
<summary>
Set the attributes of the tty device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_use_controlling_term" lineno="821">
<summary>
Read and write the controlling
terminal (/dev/tty).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_getattr_ptmx" lineno="840">
<summary>
Get the attributes of the pty multiplexor (/dev/ptmx).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_dontaudit_getattr_ptmx" lineno="859">
<summary>
Do not audit attempts to get attributes
on the pty multiplexor (/dev/ptmx).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_use_ptmx" lineno="877">
<summary>
Read and write the pty multiplexor (/dev/ptmx).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_dontaudit_use_ptmx" lineno="897">
<summary>
Do not audit attempts to read and
write the pty multiplexor (/dev/ptmx).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_getattr_all_ptys" lineno="917">
<summary>
Get the attributes of all
pty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_getattr_all_ptys" lineno="940">
<summary>
Do not audit attempts to get the
attributes of any pty
device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_setattr_all_ptys" lineno="960">
<summary>
Set the attributes of all
pty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_relabelto_all_ptys" lineno="981">
<summary>
Relabel to all ptys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_write_all_ptys" lineno="999">
<summary>
Write to all ptys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_use_all_ptys" lineno="1019">
<summary>
Read and write all ptys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_use_all_inherited_ptys" lineno="1041">
<summary>
Read and write all inherited ptys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_use_all_ptys" lineno="1060">
<summary>
Do not audit attempts to read or write any ptys.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_relabel_all_ptys" lineno="1078">
<summary>
Relabel from and to all pty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_getattr_all_user_ptys" lineno="1100">
<summary>
Get the attributes of all user
pty device nodes. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_getattr_all_user_ptys" lineno="1117">
<summary>
Do not audit attempts to get the
attributes of any user pty
device nodes. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_setattr_all_user_ptys" lineno="1134">
<summary>
Set the attributes of all user
pty device nodes. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_relabelto_all_user_ptys" lineno="1149">
<summary>
Relabel to all user ptys. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_write_all_user_ptys" lineno="1164">
<summary>
Write to all user ptys. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_use_all_user_ptys" lineno="1180">
<summary>
Read and write all user ptys. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_use_all_user_ptys" lineno="1196">
<summary>
Do not audit attempts to read any
user ptys. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_relabel_all_user_ptys" lineno="1212">
<summary>
Relabel from and to all user
user pty device nodes. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_getattr_unallocated_ttys" lineno="1229">
<summary>
Get the attributes of all unallocated
tty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_open_unallocated_ttys" lineno="1249">
<summary>
Allow open access for all unallocated
tty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_dontaudit_getattr_unallocated_ttys" lineno="1271">
<summary>
Do not audit attempts to get the attributes
of all unallocated tty device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_setattr_unallocated_ttys" lineno="1291">
<summary>
Set the attributes of all unallocated
tty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_setattr_unallocated_ttys" lineno="1311">
<summary>
Do not audit attempts to set the attributes
of unallocated tty device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_dontaudit_ioctl_unallocated_ttys" lineno="1330">
<summary>
Do not audit attempts to ioctl
unallocated tty device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_watch_unallocated_ttys" lineno="1348">
<summary>
Watch unallocated tty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_watch_reads_unallocated_ttys" lineno="1366">
<summary>
Watch_reads unallocated tty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_relabel_unallocated_ttys" lineno="1385">
<summary>
Relabel from and to the unallocated
tty type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_mounton_unallocated_ttys" lineno="1405">
<summary>
Mounton unallocated tty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_reset_tty_labels" lineno="1424">
<summary>
Relabel from all user tty types to
the unallocated tty type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_append_unallocated_ttys" lineno="1445">
<summary>
Append to unallocated ttys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_write_unallocated_ttys" lineno="1464">
<summary>
Write to unallocated ttys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_use_unallocated_ttys" lineno="1484">
<summary>
Read and write unallocated ttys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_use_unallocated_ttys" lineno="1504">
<summary>
Do not audit attempts to read or
write unallocated ttys.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_use_usb_ttys" lineno="1524">
<summary>
Read and write USB tty character
device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_setattr_usb_ttys" lineno="1544">
<summary>
Setattr on USB tty character
device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_getattr_all_ttys" lineno="1563">
<summary>
Get the attributes of all tty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_getattr_all_ttys" lineno="1585">
<summary>
Do not audit attempts to get the
attributes of any tty device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_setattr_all_ttys" lineno="1607">
<summary>
Set the attributes of all tty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_relabel_all_ttys" lineno="1626">
<summary>
Relabel from and to all tty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_write_all_ttys" lineno="1645">
<summary>
Write to all ttys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_use_all_ttys" lineno="1665">
<summary>
Read and write all ttys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_use_all_inherited_ttys" lineno="1685">
<summary>
Read and write all inherited ttys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_use_all_ttys" lineno="1705">
<summary>
Do not audit attempts to read or write
any ttys.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_getattr_all_user_ttys" lineno="1725">
<summary>
Get the attributes of all user tty
device nodes. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_getattr_all_user_ttys" lineno="1742">
<summary>
Do not audit attempts to get the
attributes of any user tty
device nodes. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_setattr_all_user_ttys" lineno="1759">
<summary>
Set the attributes of all user tty
device nodes. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_relabel_all_user_ttys" lineno="1775">
<summary>
Relabel from and to all user
user tty device nodes. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_write_all_user_ttys" lineno="1790">
<summary>
Write to all user ttys. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_use_all_user_ttys" lineno="1806">
<summary>
Read and write all user to all user ttys. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_use_all_user_ttys" lineno="1822">
<summary>
Do not audit attempts to read or write
any user ttys. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_watch_user_ttys" lineno="1837">
<summary>
Watch user tty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_watch_reads_user_ttys" lineno="1855">
<summary>
Watch_reads user tty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_getattr_virtio_console" lineno="1873">
<summary>
Getattr on the virtio console.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_use_virtio_console" lineno="1891">
<summary>
Read from and write to the virtio console.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_filetrans_all_named_dev" lineno="1910">
<summary>
Create all named term devices with the correct label
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="ubac" filename="policy/modules/kernel/ubac.if">
<summary>User-based access control policy</summary>
<required val="true">
Contains attributes used in UBAC policy.
</required>
<interface name="ubac_constrained" lineno="29">
<summary>
Constrain by user-based access control (UBAC).
</summary>
<desc>
<p>
Constrain the specified type by user-based
access control (UBAC).  Typically, these are
user processes or user files that need to be
differentiated by SELinux user.  Normally this
does not include administrative or privileged
programs. For the UBAC rules to be enforced,
both the subject (source) type and the object
(target) types must be UBAC constrained.
</p>
</desc>
<param name="type">
<summary>
Type to be constrained by UBAC.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="ubac_file_exempt" lineno="47">
<summary>
Exempt user-based access control for files.
</summary>
<param name="domain">
<summary>
Domain to be exempted.
</summary>
</param>
</interface>
<interface name="ubac_process_exempt" lineno="65">
<summary>
Exempt user-based access control for processes.
</summary>
<param name="domain">
<summary>
Domain to be exempted.
</summary>
</param>
</interface>
<interface name="ubac_fd_exempt" lineno="83">
<summary>
Exempt user-based access control for file descriptors.
</summary>
<param name="domain">
<summary>
Domain to be exempted.
</summary>
</param>
</interface>
<interface name="ubac_socket_exempt" lineno="101">
<summary>
Exempt user-based access control for sockets.
</summary>
<param name="domain">
<summary>
Domain to be exempted.
</summary>
</param>
</interface>
<interface name="ubac_sysvipc_exempt" lineno="119">
<summary>
Exempt user-based access control for SysV IPC.
</summary>
<param name="domain">
<summary>
Domain to be exempted.
</summary>
</param>
</interface>
<interface name="ubac_xwin_exempt" lineno="137">
<summary>
Exempt user-based access control for X Windows.
</summary>
<param name="domain">
<summary>
Domain to be exempted.
</summary>
</param>
</interface>
<interface name="ubac_dbus_exempt" lineno="155">
<summary>
Exempt user-based access control for dbus.
</summary>
<param name="domain">
<summary>
Domain to be exempted.
</summary>
</param>
</interface>
<interface name="ubac_key_exempt" lineno="173">
<summary>
Exempt user-based access control for keys.
</summary>
<param name="domain">
<summary>
Domain to be exempted.
</summary>
</param>
</interface>
<interface name="ubac_db_exempt" lineno="191">
<summary>
Exempt user-based access control for databases.
</summary>
<param name="domain">
<summary>
Domain to be exempted.
</summary>
</param>
</interface>
</module>
<module name="unlabelednet" filename="policy/modules/kernel/unlabelednet.if">
<summary> Policy for allowing confined domains to use unlabeled_t packets</summary>
</module>
</layer>
<layer name="roles">
<summary>Policy modules for user roles.</summary>
<module name="auditadm" filename="policy/modules/roles/auditadm.if">
<summary>Audit administrator role</summary>
<interface name="auditadm_role_change" lineno="14">
<summary>
Change to the audit administrator role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="auditadm_role_change_to" lineno="44">
<summary>
Change from the audit administrator role.
</summary>
<desc>
<p>
Change from the audit administrator role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="guest" filename="policy/modules/roles/guest.if">
<summary>Least privileged terminal user role.</summary>
<interface name="guest_role_change" lineno="14">
<summary>
Change to the guest role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="guest_role_change_to" lineno="44">
<summary>
Change from the guest role.
</summary>
<desc>
<p>
Change from the guest role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="logadm" filename="policy/modules/roles/logadm.if">
<summary>Log administrator role</summary>
<interface name="logadm_role_change" lineno="14">
<summary>
Change to the log administrator role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logadm_role_change_to" lineno="44">
<summary>
Change from the log administrator role.
</summary>
<desc>
<p>
Change from the log administrator role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="secadm" filename="policy/modules/roles/secadm.if">
<summary>Security administrator role</summary>
<interface name="secadm_role_change" lineno="14">
<summary>
Change to the security administrator role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="secadm_role_change_to_template" lineno="44">
<summary>
Change from the security administrator role.
</summary>
<desc>
<p>
Change from the security administrator role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="staff" filename="policy/modules/roles/staff.if">
<summary>Administrator's unprivileged user</summary>
<interface name="staff_stub" lineno="13">
<summary>
staff stub userdomain interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="staff_role_change" lineno="30">
<summary>
Change to the staff role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="staff_role_change_to" lineno="60">
<summary>
Change from the staff role.
</summary>
<desc>
<p>
Change from the staff role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="staff_use_svirt" dftval="false">
<desc>
<p>
allow staff user to create and transition to svirt domains.
</p>
</desc>
</tunable>
</module>
<module name="sysadm" filename="policy/modules/roles/sysadm.if">
<summary>General system administration role</summary>
<interface name="sysadm_role_change" lineno="14">
<summary>
Change to the system administrator role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sysadm_role_change_to" lineno="44">
<summary>
Change from the system administrator role.
</summary>
<desc>
<p>
Change from the system administrator role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sysadm_shell_domtrans" lineno="62">
<summary>
Execute a shell in the sysadm domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysadm_stub" lineno="83">
<summary>
sysadm stub interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="sysadm_bin_spec_domtrans" lineno="100">
<summary>
Execute a generic bin program in the sysadm domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysadm_entry_spec_domtrans" lineno="123">
<summary>
Execute all entrypoint files in the sysadm domain. This
is an explicit transition, requiring the
caller to use setexeccon().
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysadm_entry_spec_domtrans_to" lineno="158">
<summary>
Allow sysadm to execute all entrypoint files in
a specified domain.  This is an explicit transition,
requiring the caller to use setexeccon().
</summary>
<desc>
<p>
Allow sysadm to execute all entrypoint files in
a specified domain.  This is an explicit transition,
requiring the caller to use setexeccon().
</p>
<p>
This is a interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysadm_bin_spec_domtrans_to" lineno="192">
<summary>
Allow sysadm to execute a generic bin program in
a specified domain.  This is an explicit transition,
requiring the caller to use setexeccon().
</summary>
<desc>
<p>
Allow sysadm to execute a generic bin program in
a specified domain.
</p>
<p>
This is a interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="domain">
<summary>
Domain to execute in.
</summary>
</param>
</interface>
<interface name="sysadm_sigchld" lineno="213">
<summary>
Send a SIGCHLD signal to sysadm users.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysadm_use_fds" lineno="231">
<summary>
Inherit and use sysadm file descriptors
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysadm_rw_pipes" lineno="249">
<summary>
Read and write sysadm user unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="sysadm_secadm" filename="policy/modules/roles/sysadm_secadm.if">
<summary>No Interfaces</summary>
</module>
<module name="unconfineduser" filename="policy/modules/roles/unconfineduser.if">
<summary>Unconfined user role</summary>
<interface name="unconfined_role_change_to" lineno="25">
<summary>
Change from the unconfineduser role.
</summary>
<desc>
<p>
Change from the unconfineduser role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="unconfined_domtrans" lineno="43">
<summary>
Transition to the unconfined domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_run" lineno="66">
<summary>
Execute specified programs in the unconfined domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to allow the unconfined domain.
</summary>
</param>
</interface>
<interface name="unconfined_shell_domtrans" lineno="85">
<summary>
Transition to the unconfined domain by executing a shell.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_xsession_spec_domtrans" lineno="104">
<summary>
Execute an Xserver session in unconfined domain.  This
is an explicit transition, requiring the
caller to use setexeccon().
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="unconfined_domtrans_to" lineno="142">
<summary>
Allow unconfined to execute the specified program in
the specified domain.
</summary>
<desc>
<p>
Allow unconfined to execute the specified program in
the specified domain.
</p>
<p>
This is a interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="domain">
<summary>
Domain to execute in.
</summary>
</param>
<param name="entry_file">
<summary>
Domain entry point file.
</summary>
</param>
</interface>
<interface name="unconfined_run_to" lineno="179">
<summary>
Allow unconfined to execute the specified program in
the specified domain.  Allow the specified domain the
unconfined role and use of unconfined user terminals.
</summary>
<desc>
<p>
Allow unconfined to execute the specified program in
the specified domain.  Allow the specified domain the
unconfined role and use of unconfined user terminals.
</p>
<p>
This is a interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="domain">
<summary>
Domain to execute in.
</summary>
</param>
<param name="entry_file">
<summary>
Domain entry point file.
</summary>
</param>
</interface>
<interface name="unconfined_stub_role" lineno="200">
<summary>
Stub unconfined role.
</summary>
<param name="domain_prefix">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_use_fds" lineno="216">
<summary>
Inherit file descriptors from the unconfined domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_sigchld" lineno="234">
<summary>
Send a SIGCHLD signal to the unconfined domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_signull" lineno="252">
<summary>
Send a SIGNULL signal to the unconfined domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_signal" lineno="270">
<summary>
Send generic signals to the unconfined domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_read_pipes" lineno="288">
<summary>
Read unconfined domain unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_dontaudit_read_pipes" lineno="306">
<summary>
Do not audit attempts to read unconfined domain unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_rw_pipes" lineno="324">
<summary>
Read and write unconfined domain unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_dontaudit_rw_pipes" lineno="343">
<summary>
Do not audit attempts to read and write
unconfined domain unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="unconfined_dontaudit_rw_stream" lineno="362">
<summary>
Do not audit attempts to read and write
unconfined domain stream.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="unconfined_stream_connect" lineno="381">
<summary>
Connect to the unconfined domain using
a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_dontaudit_rw_tcp_sockets" lineno="410">
<summary>
Do not audit attempts to read or write
unconfined domain tcp sockets.
</summary>
<desc>
<p>
Do not audit attempts to read or write
unconfined domain tcp sockets.
</p>
<p>
This interface was added due to a broken
symptom in ldconfig.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="unconfined_dontaudit_rw_packet_sockets" lineno="439">
<summary>
Do not audit attempts to read or write
unconfined domain packet sockets.
</summary>
<desc>
<p>
Do not audit attempts to read or write
unconfined domain packet sockets.
</p>
<p>
This interface was added due to a broken
symptom.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="unconfined_create_keys" lineno="457">
<summary>
Create keys for the unconfined domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_dontaudit_write_state" lineno="475">
<summary>
Dontaudit write process information for unconfined process.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_dontaudit_read_state" lineno="493">
<summary>
Dontaudit read process information for unconfined process.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_write_keys" lineno="512">
<summary>
Write keys for the unconfined domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_dbus_send" lineno="530">
<summary>
Send messages to the unconfined domain over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_dbus_acquire_svc" lineno="550">
<summary>
Create communication channel with unconfined domain over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_dbus_chat" lineno="570">
<summary>
Send and receive messages from
unconfined_t over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_dbus_connect" lineno="591">
<summary>
Connect to the the unconfined DBUS
for service (acquire_svc).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_ptrace" lineno="610">
<summary>
Allow ptrace of unconfined domain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_rw_shm" lineno="628">
<summary>
Read and write to unconfined shared memory.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="unconfined_set_rlimitnh" lineno="646">
<summary>
Allow apps to set rlimits on unconfined user
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_setsched" lineno="664">
<summary>
Allow apps to setsched on unconfined user
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_getpgid" lineno="682">
<summary>
Get the process group of unconfined.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_role_change" lineno="701">
<summary>
Change to the unconfined role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="unconfined_attach_tun_iface" lineno="719">
<summary>
Allow domain to attach to TUN devices created by unconfined_t users.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_transition" lineno="743">
<summary>
Allow domain to transition to unconfined_t user
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="entrypoint">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_typebounds" lineno="763">
<summary>
unconfined_t domain typebounds calling domain.
</summary>
<param name="domain">
<summary>
Domain to be typebound.
</summary>
</param>
</interface>
<interface name="unconfined_exec_typebounds" lineno="781">
<summary>
unconfined_exec_t domain typebounds file_type.
</summary>
<param name="domain">
<summary>
File type to be typebound.
</summary>
</param>
</interface>
<interface name="unconfined_dgram_send" lineno="799">
<summary>
Send a message to unconfined user over a unix domain datagram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_destroy_msgq" lineno="817">
<summary>
Destroy unconfined user's message queue entries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_destroy_shm" lineno="835">
<summary>
Destroy unconfined user's SysV shared memory segments.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="unconfined_chrome_sandbox_transition" dftval="false">
<desc>
<p>
allow unconfined users to transition to the chrome sandbox domains when running chrome-sandbox
</p>
</desc>
</tunable>
<tunable name="unconfined_mozilla_plugin_transition" dftval="false">
<desc>
<p>
Allow unconfined users to transition to the Mozilla plugin domain when running xulrunner plugin-container.
</p>
</desc>
</tunable>
<tunable name="unconfined_login" dftval="true">
<desc>
<p>
Allow a user to login as an unconfined domain
</p>
</desc>
</tunable>
<tunable name="unconfined_dyntrans_all" dftval="false">
<desc>
<p>
Allow a unconfined user to dynamically transition to a new context using setcon.
</p>
</desc>
</tunable>
</module>
<module name="unprivuser" filename="policy/modules/roles/unprivuser.if">
<summary>Generic unprivileged user</summary>
<interface name="unprivuser_role_change" lineno="14">
<summary>
Change to the generic user role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="unprivuser_role_change_to" lineno="44">
<summary>
Change from the generic user role.
</summary>
<desc>
<p>
Change from the generic user role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="unprivuser_use_svirt" dftval="false">
<desc>
<p>
Allow unprivileged user to create and transition to svirt domains.
</p>
</desc>
</tunable>
</module>
<module name="xguest" filename="policy/modules/roles/xguest.if">
<summary>Least privileged xwindows user role.</summary>
<interface name="xguest_role_change" lineno="14">
<summary>
Change to the xguest role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="xguest_role_change_to" lineno="44">
<summary>
Change from the xguest role.
</summary>
<desc>
<p>
Change from the xguest role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="xguest_mount_media" dftval="true">
<desc>
<p>
Allow xguest users to mount removable media
</p>
</desc>
</tunable>
<tunable name="xguest_connect_network" dftval="true">
<desc>
<p>
Allow xguest users to configure Network Manager and connect to apache ports
</p>
</desc>
</tunable>
<tunable name="xguest_use_bluetooth" dftval="true">
<desc>
<p>
Allow xguest to use blue tooth devices
</p>
</desc>
</tunable>
</module>
</layer>
<layer name="services">
<summary>
	Policy modules for system services, like cron, and network services,
	like sshd.
</summary>
<module name="postgresql" filename="policy/modules/services/postgresql.if">
<summary>PostgreSQL relational database</summary>
<interface name="postgresql_role" lineno="18">
<summary>
Role access for SE-PostgreSQL.
</summary>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</interface>
<interface name="postgresql_run" lineno="46">
<summary>
Execute the postgresql program in the postgresql domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to allow the postgresql domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="postgresql_loadable_module" lineno="65">
<summary>
Marks as a SE-PostgreSQL loadable shared library module
</summary>
<param name="type">
<summary>
Type marked as a database object type.
</summary>
</param>
</interface>
<interface name="postgresql_database_object" lineno="83">
<summary>
Marks as a SE-PostgreSQL database object type
</summary>
<param name="type">
<summary>
Type marked as a database object type.
</summary>
</param>
</interface>
<interface name="postgresql_schema_object" lineno="101">
<summary>
Marks as a SE-PostgreSQL schema object type
</summary>
<param name="type">
<summary>
Type marked as a schema object type.
</summary>
</param>
</interface>
<interface name="postgresql_table_object" lineno="119">
<summary>
Marks as a SE-PostgreSQL table/column/tuple object type
</summary>
<param name="type">
<summary>
Type marked as a table/column/tuple object type.
</summary>
</param>
</interface>
<interface name="postgresql_system_table_object" lineno="137">
<summary>
Marks as a SE-PostgreSQL system table/column/tuple object type
</summary>
<param name="type">
<summary>
Type marked as a table/column/tuple object type.
</summary>
</param>
</interface>
<interface name="postgresql_sequence_object" lineno="156">
<summary>
Marks as a SE-PostgreSQL sequence type
</summary>
<param name="type">
<summary>
Type marked as a sequence type.
</summary>
</param>
</interface>
<interface name="postgresql_view_object" lineno="174">
<summary>
Marks as a SE-PostgreSQL view object type
</summary>
<param name="type">
<summary>
Type marked as a view object type.
</summary>
</param>
</interface>
<interface name="postgresql_procedure_object" lineno="192">
<summary>
Marks as a SE-PostgreSQL procedure object type
</summary>
<param name="type">
<summary>
Type marked as a procedure object type.
</summary>
</param>
</interface>
<interface name="postgresql_trusted_procedure_object" lineno="210">
<summary>
Marks as a SE-PostgreSQL trusted procedure object type
</summary>
<param name="type">
<summary>
Type marked as a trusted procedure object type.
</summary>
</param>
</interface>
<interface name="postgresql_language_object" lineno="230">
<summary>
Marks as a SE-PostgreSQL procedural language object type
</summary>
<param name="type">
<summary>
Type marked as a procedural language object type.
</summary>
</param>
</interface>
<interface name="postgresql_blob_object" lineno="248">
<summary>
Marks as a SE-PostgreSQL binary large object type
</summary>
<param name="type">
<summary>
Type marked as a database binary large object type.
</summary>
</param>
</interface>
<interface name="postgresql_search_db" lineno="266">
<summary>
Allow the specified domain to search postgresql's database directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postgresql_manage_db" lineno="284">
<summary>
Allow the specified domain to manage postgresql's database.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postgresql_domtrans" lineno="305">
<summary>
Execute postgresql in the postgresql domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="postgresql_exec" lineno="323">
<summary>
Execute Postgresql in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postgresql_signal" lineno="341">
<summary>
Allow domain to signal postgresql
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postgresql_signull" lineno="358">
<summary>
Allow domain to signull postgresql
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postgresql_read_config" lineno="376">
<summary>
Allow the specified domain to read postgresql's etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="postgresql_tcp_connect" lineno="397">
<summary>
Allow the specified domain to connect to postgresql with a tcp socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postgresql_stream_connect" lineno="418">
<summary>
Allow the specified domain to connect to postgresql with a unix socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postgresql_unpriv_client" lineno="441">
<summary>
Allow the specified domain unprivileged accesses to unifined database objects
managed by SE-PostgreSQL,
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postgresql_unconfined" lineno="460">
<summary>
Allow the specified domain unconfined accesses to any database objects
managed by SE-PostgreSQL,
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postgresql_filetrans_named_content" lineno="478">
<summary>
Transition to postgresql named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postgresql_admin" lineno="507">
<summary>
All of the rules required to administrate an postgresql environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the postgresql domain.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="postgresql_can_rsync" dftval="false">
<desc>
<p>
Allow postgresql to use ssh and rsync for point-in-time recovery
</p>
</desc>
</tunable>
<tunable name="postgresql_selinux_users_ddl" dftval="true">
<desc>
<p>
Allow unprivileged users to execute DDL statement
</p>
</desc>
</tunable>
<tunable name="postgresql_selinux_transmit_client_label" dftval="false">
<desc>
<p>
Allow transmit client label to foreign database
</p>
</desc>
</tunable>
<tunable name="postgresql_selinux_unconfined_dbadm" dftval="true">
<desc>
<p>
Allow database admins to execute DML statement
</p>
</desc>
</tunable>
</module>
<module name="ssh" filename="policy/modules/services/ssh.if">
<summary>Secure shell client and server policy.</summary>
<template name="ssh_basic_client_template" lineno="34">
<summary>
Basic SSH client template.
</summary>
<desc>
<p>
This template creates a derived domains which are used
for ssh client sessions.  A derived
type is also created to protect the user ssh keys.
</p>
<p>
This template was added for NX.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The prefix of the domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="user_domain">
<summary>
The type of the domain.
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
</template>
<template name="ssh_dyntransition_domain_template" lineno="165">
<summary>
The template to define a domain to which sshd dyntransition.
</summary>
<param name="domain">
<summary>
The prefix of the dyntransition domain
</summary>
</param>
</template>
<template name="ssh_server_template" lineno="198">
<summary>
The template to define a ssh server.
</summary>
<desc>
<p>
This template creates a domains to be used for
creating a ssh server.  This is typically done
to have multiple ssh servers of different sensitivities,
such as for an internal network-facing ssh server, and
a external network-facing ssh server.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The prefix of the server domain (e.g., sshd
is the prefix for sshd_t).
</summary>
</param>
</template>
<template name="ssh_role_template" lineno="335">
<summary>
Role access for ssh
</summary>
<param name="role_prefix">
<summary>
The prefix of the role (e.g., user
is the prefix for user_r).
</summary>
</param>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
<rolecap/>
</template>
<interface name="ssh_sigchld" lineno="432">
<summary>
Send a SIGCHLD signal to the ssh server.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_signal" lineno="450">
<summary>
Send a generic signal to the ssh server.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_signull" lineno="468">
<summary>
Send a null signal to sshd processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_read_pipes" lineno="486">
<summary>
Read a ssh server unnamed pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_rw_dgram_sockets" lineno="504">
<summary>
Read and write ssh server unix dgram sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_rw_pipes" lineno="522">
<summary>
Read and write a ssh server unnamed pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_rw_stream_sockets" lineno="540">
<summary>
Read and write ssh server unix domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_rw_tcp_sockets" lineno="558">
<summary>
Read and write ssh server TCP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_dontaudit_rw_tcp_sockets" lineno="577">
<summary>
Do not audit attempts to read and write
ssh server TCP sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="ssh_tcp_connect" lineno="595">
<summary>
Connect to SSH daemons over TCP sockets.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_domtrans" lineno="609">
<summary>
Execute the ssh daemon sshd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ssh_initrc_domtrans" lineno="627">
<summary>
Execute sshd server in the sshd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_exec" lineno="645">
<summary>
Execute the ssh client in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_setattr_key_files" lineno="664">
<summary>
Set the attributes of sshd key files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_agent_exec" lineno="683">
<summary>
Execute the ssh agent client in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_agent_signal" lineno="702">
<summary>
Send generic signals to ssh_agent_type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_getattr_user_home_dir" lineno="720">
<summary>
Getattr ssh home directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_list_user_home_dir" lineno="738">
<summary>
List ssh home directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_dontaudit_search_user_home_dir" lineno="756">
<summary>
Dontaudit search ssh home directory
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="ssh_read_user_home_files" lineno="774">
<summary>
Read ssh home directory content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_domtrans_keygen" lineno="795">
<summary>
Execute the ssh key generator in the ssh keygen domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ssh_exec_keygen" lineno="814">
<summary>
Execute the ssh key generator in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ssh_run_keygen" lineno="839">
<summary>
Execute ssh-keygen in the iptables domain, and
allow the specified role the ssh-keygen domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ssh_getattr_server_keys" lineno="858">
<summary>
Getattr ssh server keys
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="ssh_dontaudit_read_server_keys" lineno="876">
<summary>
Read ssh server keys
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="ssh_append_home_files" lineno="894">
<summary>
Append ssh home directory content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_manage_home_files" lineno="913">
<summary>
Manage ssh home directory content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_create_home_dirs" lineno="932">
<summary>
Create ssh home directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_delete_tmp" lineno="951">
<summary>
Delete from the ssh temp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_dyntransition_to" lineno="970">
<summary>
Allow domain dyntransition to chroot_user_t domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_filetrans_admin_home_content" lineno="991">
<summary>
Create .ssh directory in the /root directory
with an correct label.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_filetrans_home_content" lineno="1011">
<summary>
Create .ssh directory in the user home directory
with an correct label.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_filetrans_keys" lineno="1033">
<summary>
Create .ssh directory in the user home directory
with an correct label.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_dontaudit_use_ptys" lineno="1058">
<summary>
Do not audit attempts to read and
write the sshd pty type.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="ssh_use_ptys" lineno="1076">
<summary>
Read and write inherited sshd pty type.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="ssh_systemctl" lineno="1094">
<summary>
Execute sshd server in the sshd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ssh_read_state" lineno="1118">
<summary>
Allow the domain to read state files in /proc.
</summary>
<param name="domain">
<summary>
Domain to allow access.
</summary>
</param>
</interface>
<tunable name="ssh_keysign" dftval="false">
<desc>
<p>
allow host key based authentication
</p>
</desc>
</tunable>
<tunable name="ssh_sysadm_login" dftval="false">
<desc>
<p>
Allow ssh logins as sysadm_r:sysadm_t
</p>
</desc>
</tunable>
<tunable name="ssh_chroot_rw_homedirs" dftval="false">
<desc>
<p>
allow ssh with chroot env to read and write files
in the user home directories
</p>
</desc>
</tunable>
<tunable name="ssh_use_tcpd" dftval="false">
<desc>
<p>
Allow sshd to use tcp wrappers
</p>
</desc>
</tunable>
</module>
<module name="xserver" filename="policy/modules/services/xserver.if">
<summary>X Windows Server</summary>
<interface name="xserver_restricted_role" lineno="19">
<summary>
Rules required for using the X Windows server
and environment, for restricted users.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_dri_domain" lineno="45">
<summary>
Domain wants to use direct io devices
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_role" lineno="69">
<summary>
Rules required for using the X Windows server
and environment.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_ro_session" lineno="122">
<summary>
Create sessions on the X server, with read-only
access to the X server shared
memory segments.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="tmpfs_type">
<summary>
The type of the domain SYSV tmpfs files.
</summary>
</param>
</interface>
<interface name="xserver_rw_session" lineno="162">
<summary>
Create sessions on the X server, with read and write
access to the X server shared
memory segments.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="tmpfs_type">
<summary>
The type of the domain SYSV tmpfs files.
</summary>
</param>
</interface>
<interface name="xserver_non_drawing_client" lineno="182">
<summary>
Create non-drawing client sessions on an X server.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_user_client" lineno="219">
<summary>
Create full client sessions
on a user X server.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="tmpfs_type">
<summary>
The type of the domain SYSV tmpfs files.
</summary>
</param>
</interface>
<template name="xserver_common_x_domain_template" lineno="280">
<summary>
Interface to provide X object permissions on a given X server to
an X client domain.  Provides the minimal set required by a basic
X client application.
</summary>
<param name="prefix">
<summary>
The prefix of the X client domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="domain">
<summary>
Client domain allowed access.
</summary>
</param>
</template>
<template name="xserver_object_types_template" lineno="353">
<summary>
Template for creating the set of types used
in an X windows domain.
</summary>
<param name="prefix">
<summary>
The prefix of the X client domain (e.g., user
is the prefix for user_t).
</summary>
</param>
</template>
<template name="xserver_user_x_domain_template" lineno="395">
<summary>
Interface to provide X object permissions on a given X server to
an X client domain.  Provides the minimal set required by a basic
X client application.
</summary>
<param name="prefix">
<summary>
The prefix of the X client domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="domain">
<summary>
Client domain allowed access.
</summary>
</param>
<param name="tmpfs_type">
<summary>
The type of the domain SYSV tmpfs files.
</summary>
</param>
</template>
<interface name="xserver_use_user_fonts" lineno="471">
<summary>
Read user fonts, user font configuration,
and manage the user font cache.
</summary>
<desc>
<p>
Read user fonts, user font configuration,
and manage the user font cache.
</p>
<p>
This is a templated interface, and should only
be called from a per-userdomain template.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_domtrans_xdm" lineno="502">
<summary>
Transition to the Xauthority domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="xserver_domtrans_xauth" lineno="521">
<summary>
Transition to the Xauthority domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="xserver_exec_xauth" lineno="539">
<summary>
Allow exec of Xauthority program..
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_exec_xauth" lineno="557">
<summary>
Dontaudit exec of Xauthority program.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="xserver_user_home_dir_filetrans_user_xauth" lineno="575">
<summary>
Create a Xauthority file in the user home directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_admin_home_dir_filetrans_xauth" lineno="593">
<summary>
Create a Xauthority file in the admin home directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_use_all_users_fonts" lineno="612">
<summary>
Read all users fonts, user font configurations,
and manage all users font caches.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_read_user_xauth" lineno="627">
<summary>
Read all users .Xauthority.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_manage_user_xauth" lineno="647">
<summary>
Manage all users .Xauthority.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_setattr_console_pipes" lineno="665">
<summary>
Set the attributes of the X windows console named pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_rw_console" lineno="683">
<summary>
Read and write the X windows console named pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_read_state_xdm" lineno="701">
<summary>
Read XDM state files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_use_xdm_fds" lineno="720">
<summary>
Use file descriptors for xdm.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_use_xdm_fds" lineno="739">
<summary>
Do not audit attempts to inherit
XDM file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="xserver_rw_xdm_pipes" lineno="757">
<summary>
Read and write XDM unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_rw_xdm_pipes" lineno="776">
<summary>
Do not audit attempts to read and write
XDM unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="xserver_read_xdm_state" lineno="794">
<summary>
Read xdm process state files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_manage_xdm_spool_files" lineno="816">
<summary>
Create, read, write, and delete
xdm_spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_stream_connect_xdm" lineno="836">
<summary>
Connect to XDM over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_stream_accept_xdm" lineno="858">
<summary>
Accept a connection to XDM over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_append_xdm_stream_socket" lineno="878">
<summary>
Allow domain to append XDM unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_read_xdm_home_files" lineno="896">
<summary>
Read XDM files in user home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_read_config" lineno="915">
<summary>
Read xserver configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_manage_config" lineno="935">
<summary>
Manage xserver configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_create_config_dirs" lineno="955">
<summary>
Create xserver configuration dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_read_xdm_rw_config" lineno="974">
<summary>
Read xdm-writable configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_search_xdm_tmp_dirs" lineno="993">
<summary>
Search XDM temporary directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_setattr_xdm_tmp_dirs" lineno="1008">
<summary>
Set the attributes of XDM temporary directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_xdm_tmp_dirs" lineno="1023">
<summary>
Dont audit attempts to set the attributes of XDM temporary directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="xserver_create_xdm_tmp_sockets" lineno="1039">
<summary>
Create a named socket in a XDM
temporary directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_read_xdm_pid" lineno="1054">
<summary>
Read XDM pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_map_xdm_pid" lineno="1073">
<summary>
Mmap XDM pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_read_xdm_pid" lineno="1091">
<summary>
Dontaudit Read XDM pid files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="xserver_read_xdm_lib_files" lineno="1110">
<summary>
Read XDM var lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_read_inherited_xdm_lib_files" lineno="1129">
<summary>
Read inherited XDM var lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_xsession_entry_type" lineno="1147">
<summary>
Make an X session script an entrypoint for the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which the shell is an entrypoint.
</summary>
</param>
</interface>
<interface name="xserver_xsession_spec_domtrans" lineno="1184">
<summary>
Execute an X session in the target domain.  This
is an explicit transition, requiring the
caller to use setexeccon().
</summary>
<desc>
<p>
Execute an Xsession in the target domain.  This
is an explicit transition, requiring the
caller to use setexeccon().
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the shell process.
</summary>
</param>
</interface>
<interface name="xserver_getattr_log" lineno="1202">
<summary>
Get the attributes of X server logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_read_log" lineno="1221">
<summary>
Allow domain to read X server logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_write_log" lineno="1241">
<summary>
Do not audit attempts to write the X server
log files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="xserver_delete_log" lineno="1259">
<summary>
Delete X server log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_read_xkb_libs" lineno="1280">
<summary>
Read X keyboard extension libraries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_manage_xkb_libs" lineno="1301">
<summary>
Manage X keyboard extension libraries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_xkb_libs_access" lineno="1321">
<summary>
dontaudit access checks X keyboard extension libraries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_read_xdm_etc_files" lineno="1340">
<summary>
Read xdm config files.
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
<interface name="xserver_manage_xdm_etc_files" lineno="1360">
<summary>
Manage xdm config files.
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
<interface name="xserver_watch_xdm_etc_dirs" lineno="1379">
<summary>
Watch xdm config directories.
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
<interface name="xserver_read_xdm_tmp_files" lineno="1398">
<summary>
Read xdm temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_read_xdm_tmp_files" lineno="1413">
<summary>
Do not audit attempts to read xdm temporary files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="xserver_rw_xdm_tmp_files" lineno="1428">
<summary>
Read write xdm temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_manage_xdm_tmp_files" lineno="1443">
<summary>
Create, read, write, and delete xdm temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_relabel_xdm_tmp_dirs" lineno="1458">
<summary>
Create, read, write, and delete xdm temporary dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_manage_xdm_tmp_dirs" lineno="1473">
<summary>
Create, read, write, and delete xdm temporary dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_getattr_xdm_tmp_sockets" lineno="1489">
<summary>
Do not audit attempts to get the attributes of
xdm temporary named sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="xserver_domtrans" lineno="1504">
<summary>
Execute the X server in the X server domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="xserver_nnp_daemon_domain" lineno="1527">
<summary>
Allow SELinux Domain trasition
into confined domain with NoNewPrivileges
Systemd Security feature.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_exec" lineno="1545">
<summary>
Allow execute the X server.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="xserver_signal" lineno="1563">
<summary>
Signal X servers
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_xdm_signull" lineno="1581">
<summary>
Send a null signal to xdm processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_kill" lineno="1599">
<summary>
Kill X servers
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_rw_shm" lineno="1618">
<summary>
Read and write X server Sys V Shared
memory segments.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_rw_tcp_sockets" lineno="1637">
<summary>
Do not audit attempts to read and write to
X server sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_rw_stream_sockets" lineno="1656">
<summary>
Do not audit attempts to read and write X server
unix domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_xdm_rw_stream_sockets" lineno="1675">
<summary>
Do not audit attempts to read and write xdm
unix domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="xserver_stream_connect" lineno="1694">
<summary>
Connect to the X server over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_stream_connect" lineno="1715">
<summary>
Dontaudit attempts to connect to xserver
over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="xserver_read_tmp_files" lineno="1733">
<summary>
Read X server temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_manage_core_devices" lineno="1754">
<summary>
Interface to provide X object permissions on a given X server to
an X client domain.  Gives the domain permission to read the
virtual core keyboard and virtual core pointer devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_unconfined" lineno="1791">
<summary>
Interface to provide X object permissions on a given X server to
an X client domain.  Gives the domain complete control over the
display.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_append_xdm_home_files" lineno="1810">
<summary>
Dontaudit append to .xsession-errors file
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
<interface name="xserver_append_xdm_home_files" lineno="1836">
<summary>
append to .xsession-errors file
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
<interface name="xserver_xdm_search_spool" lineno="1863">
<summary>
Allow search the xdm_spool files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_xdm_read_spool" lineno="1882">
<summary>
Allow read the xdm_spool files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_xdm_manage_spool" lineno="1901">
<summary>
Manage the xdm_spool files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_dbus_chat_xdm" lineno="1921">
<summary>
Send and receive messages from
xdm over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_dbus_chat" lineno="1942">
<summary>
Send and receive messages from
xdm over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_read_pid" lineno="1962">
<summary>
Read xserver files created in /var/run
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_exec_pid" lineno="1981">
<summary>
Execute xserver files created in /var/run
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_write_pid" lineno="2000">
<summary>
Write xserver files created in /var/run
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_xdm_append_log" lineno="2020">
<summary>
Allow append the xdm
log files.
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
<interface name="xserver_xdm_ioctl_log" lineno="2040">
<summary>
Allow ioctl the xdm log files.
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
<interface name="xserver_append_xdm_tmp_files" lineno="2059">
<summary>
Allow append the xdm
tmp files.
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
<interface name="xserver_read_user_iceauth" lineno="2074">
<summary>
Read a user Iceauthority domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_rw_inherited_user_fonts" lineno="2093">
<summary>
Read/write inherited user homedir fonts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_search_xdm_lib" lineno="2114">
<summary>
Search XDM var lib dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_entry_type" lineno="2132">
<summary>
Make an X executable an entrypoint for the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which the shell is an entrypoint.
</summary>
</param>
</interface>
<interface name="xserver_run" lineno="2157">
<summary>
Execute xsever in the xserver domain, and
allow the specified role the xserver domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the xserver domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="xserver_run_xauth" lineno="2184">
<summary>
Execute xsever in the xserver domain, and
allow the specified role the xserver domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the xserver domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="xserver_read_home_fonts" lineno="2204">
<summary>
Read user homedir fonts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="xserver_manage_user_fonts_dir" lineno="2227">
<summary>
Manage user fonts dir.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="xserver_manage_home_fonts" lineno="2247">
<summary>
Manage user homedir fonts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="xserver_filetrans_fonts_cache_home_content" lineno="2273">
<summary>
Transition to xserver .fontconfig named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_filetrans_home_content" lineno="2291">
<summary>
Transition to xserver named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_filetrans_admin_home_content" lineno="2347">
<summary>
Create xserver content in admin home
directory with a named file transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_xdm_tmp_filetrans" lineno="2416">
<summary>
Create objects in a xdm temporary directory
with an automatic type transition to
a specified private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to create.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_search_log" lineno="2431">
<summary>
Dontaudit search ssh home directory
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="xserver_rw_xdm_keys" lineno="2449">
<summary>
Manage keys for xdm.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_filetrans_named_content" lineno="2467">
<summary>
Transition to xdm named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="xserver_clients_write_xshm" dftval="false">
<desc>
<p>
Allows clients to write to the X server shared
memory segments.
</p>
</desc>
</tunable>
<tunable name="xserver_execmem" dftval="false">
<desc>
<p>
Allows XServer to execute writable memory
</p>
</desc>
</tunable>
<tunable name="xdm_exec_bootloader" dftval="false">
<desc>
<p>
Allow the graphical login program to execute bootloader
</p>
</desc>
</tunable>
<tunable name="xdm_manage_bootloader" dftval="true">
<desc>
<p>
Allow the graphical login program to create, read, write, and delete files in the /boot director and DOS filesystem.
</p>
</desc>
</tunable>
<tunable name="xdm_sysadm_login" dftval="false">
<desc>
<p>
Allow the graphical login program to login directly as sysadm_r:sysadm_t
</p>
</desc>
</tunable>
<tunable name="xdm_write_home" dftval="false">
<desc>
<p>
Allow the graphical login program to create files in HOME dirs as xdm_home_t.
</p>
</desc>
</tunable>
<tunable name="xdm_bind_vnc_tcp_port" dftval="false">
<desc>
<p>
Allows xdm_t to bind on vnc_port_t(5910)
</p>
</desc>
</tunable>
<tunable name="xserver_object_manager" dftval="false">
<desc>
<p>
Support X userspace object manager
</p>
</desc>
</tunable>
<tunable name="selinuxuser_direct_dri_enabled" dftval="false">
<desc>
<p>
Allow regular users direct dri device access
</p>
</desc>
</tunable>
</module>
</layer>
<layer name="system">
<summary>
	Policy modules for system functions from init to multi-user login.
</summary>
<module name="application" filename="policy/modules/system/application.if">
<summary>Policy for user executable applications.</summary>
<interface name="application_type" lineno="13">
<summary>
Make the specified type usable as an application domain.
</summary>
<param name="type">
<summary>
Type to be used as a domain type.
</summary>
</param>
</interface>
<interface name="application_executable_file" lineno="36">
<summary>
Make the specified type usable for files
that are exectuables, such as binary programs.
This does not include shared libraries.
</summary>
<param name="type">
<summary>
Type to be used for files.
</summary>
</param>
</interface>
<interface name="application_executable_ioctl" lineno="58">
<summary>
Make the specified type usable for files
that are exectuables, such as binary programs.
This does not include shared libraries.
</summary>
<param name="type">
<summary>
Type to be used for files.
</summary>
</param>
</interface>
<interface name="application_exec" lineno="77">
<summary>
Execute application executables in the caller domain.
</summary>
<param name="type">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="application_exec_all" lineno="96">
<summary>
Execute all executable files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="application_dontaudit_exec" lineno="114">
<summary>
Dontaudit execute all executable files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="application_domain" lineno="148">
<summary>
Create a domain for applications.
</summary>
<desc>
<p>
Create a domain for applications.  Typically these are
programs that are run interactively.
</p>
<p>
The types will be made usable as a domain and file, making
calls to domain_type() and files_type() redundant.
</p>
</desc>
<param name="domain">
<summary>
Type to be used as an application domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="application_signull" lineno="164">
<summary>
Send null signals to all application domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="application_dontaudit_signull" lineno="183">
<summary>
Do not audit attempts to send null signals
to all application domains.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="application_signal" lineno="201">
<summary>
Send general signals to all application domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="application_dontaudit_signal" lineno="220">
<summary>
Do not audit attempts to send general signals
to all application domains.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="application_sigkill" lineno="238">
<summary>
Send kill signals to all application domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="application_dontaudit_sigkill" lineno="257">
<summary>
Do not audit attempts to send kill signals
to all application domains.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="application_getattr_socket" lineno="275">
<summary>
Getattr all application sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="authlogin" filename="policy/modules/system/authlogin.if">
<summary>Common policy for authentication and user login.</summary>
<interface name="auth_role" lineno="18">
<summary>
Role access for password authentication.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_use_pam" lineno="49">
<summary>
Use PAM for authentication.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_login_pgm_domain" lineno="117">
<summary>
Make the specified domain used for a login program.
</summary>
<param name="domain">
<summary>
Domain type used for a login program domain.
</summary>
</param>
</interface>
<interface name="authlogin_read_state" lineno="156">
<summary>
Read authlogin state files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="authlogin_rw_pipes" lineno="175">
<summary>
Read and write a authlogin unnamed pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_login_entry_type" lineno="193">
<summary>
Use the login program as an entry point program.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_file" lineno="223">
<summary>
Make the specified type usable as a
login file.
</summary>
<desc>
<p>
Make the specified type usable as a login file,
This type has restricted modification capabilities when used with
other interfaces that permit files_type access.
The default type has properties similar to that of the shadow file.
This will also make the type usable as a security file, making
calls to files_security_file() redundant.
</p>
</desc>
<param name="type">
<summary>
Type to be used as a login file.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="auth_domtrans_login_program" lineno="243">
<summary>
Execute a login_program in the target domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the login_program process.
</summary>
</param>
</interface>
<interface name="auth_exec_login_program" lineno="263">
<summary>
Execute a login_program in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="auth_ranged_domtrans_login_program" lineno="293">
<summary>
Execute a login_program in the target domain,
with a range transition.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the login_program process.
</summary>
</param>
<param name="range">
<summary>
Range of the login program.
</summary>
</param>
</interface>
<interface name="auth_search_cache" lineno="319">
<summary>
Search authentication cache
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_read_cache" lineno="337">
<summary>
Read authentication cache
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_rw_cache" lineno="355">
<summary>
Read/Write authentication cache
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_create_cache" lineno="373">
<summary>
Create authentication cache
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_manage_cache" lineno="391">
<summary>
Manage authentication cache
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_var_filetrans_cache" lineno="411">
<summary>
Automatic transition from cache_t to cache.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_domtrans_chk_passwd" lineno="429">
<summary>
Run unix_chkpwd to check a password.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="auth_domtrans_chkpwd" lineno="480">
<summary>
Run unix_chkpwd to check a password.
Stripped down version to be called within boolean
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="auth_exec_chkpwd" lineno="501">
<summary>
Execute chkpwd in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="auth_run_chk_passwd" lineno="524">
<summary>
Execute chkpwd programs in the chkpwd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to allow the chkpwd domain.
</summary>
</param>
</interface>
<interface name="auth_signal_chk_passwd" lineno="544">
<summary>
Send generic signals to chkpwd processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_domtrans_upd_passwd" lineno="562">
<summary>
Execute a domain transition to run unix_update.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="auth_run_upd_passwd" lineno="586">
<summary>
Execute updpwd programs in the updpwd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to allow the updpwd domain.
</summary>
</param>
</interface>
<interface name="auth_getattr_shadow" lineno="605">
<summary>
Get the attributes of the shadow passwords file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_dontaudit_getattr_shadow" lineno="625">
<summary>
Do not audit attempts to get the attributes
of the shadow passwords file.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="auth_map_shadow" lineno="643">
<summary>
Mmap the shadow passwords file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_read_shadow" lineno="665">
<summary>
Read the shadow passwords file (/etc/shadow)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_can_read_shadow_passwords" lineno="689">
<summary>
Pass shadow assertion for reading.
</summary>
<desc>
<p>
Pass shadow assertion for reading.
This should only be used with
auth_tunable_read_shadow(), and
only exists because typeattribute
does not work in conditionals.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_tunable_read_shadow" lineno="715">
<summary>
Read the shadow password file.
</summary>
<desc>
<p>
Read the shadow password file.  This
should only be used in a conditional;
it does not pass the reading shadow
assertion.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_dontaudit_read_shadow" lineno="735">
<summary>
Do not audit attempts to read the shadow
password file (/etc/shadow).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="auth_rw_shadow" lineno="753">
<summary>
Read and write the shadow password file (/etc/shadow).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_manage_shadow" lineno="775">
<summary>
Create, read, write, and delete the shadow
password file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_etc_filetrans_shadow" lineno="800">
<summary>
Automatic transition from etc to shadow.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_relabelto_shadow" lineno="819">
<summary>
Relabel to the shadow
password file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_relabel_shadow" lineno="841">
<summary>
Relabel from and to the shadow
password file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_relabelto_passwd_files" lineno="863">
<summary>
Relabel to the
password file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_append_faillog" lineno="882">
<summary>
Append to the login failure log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_rw_faillog" lineno="901">
<summary>
Read and write the login failure log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_relabel_faillog" lineno="920">
<summary>
Relabel the login failure log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_manage_faillog" lineno="939">
<summary>
Manage the login failure log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_read_lastlog" lineno="964">
<summary>
Read the last logins log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="auth_append_lastlog" lineno="983">
<summary>
Append only to the last logins log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_rw_lastlog" lineno="1002">
<summary>
Read and write to the last logins log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_create_lastlog" lineno="1021">
<summary>
Manage create logins log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_domtrans_pam_timestamp" lineno="1041">
<summary>
Execute pam timestamp programs in the pam timestamp domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="auth_domtrans_pam" lineno="1059">
<summary>
Execute pam timestamp programs in the pam timestamp domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="auth_signal_pam" lineno="1074">
<summary>
Send generic signals to pam processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_run_pam_timestamp" lineno="1097">
<summary>
Execute pam_timestamp programs in the PAM timestamp domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to allow the PAM domain.
</summary>
</param>
</interface>
<interface name="auth_run_pam" lineno="1121">
<summary>
Execute pam_timestamp programs in the PAM timestamp domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to allow the PAM domain.
</summary>
</param>
</interface>
<interface name="auth_exec_pam" lineno="1136">
<summary>
Execute the pam program.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_read_var_auth" lineno="1155">
<summary>
Read var auth files. Used by various other applications
and pam applets etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_rw_var_auth" lineno="1175">
<summary>
Read and write var auth files. Used by various other applications
and pam applets etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_manage_var_auth" lineno="1195">
<summary>
Manage var auth files. Used by various other applications
and pam applets etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_relabel_var_auth_dirs" lineno="1218">
<summary>
Relabel all var auth files. Used by various other applications
and pam applets etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_read_pam_pid" lineno="1237">
<summary>
Read PAM PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_dontaudit_read_pam_pid" lineno="1257">
<summary>
Do not audit attemps to read PAM PID files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="auth_delete_pam_pid" lineno="1275">
<summary>
Delete pam PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_manage_pam_pid" lineno="1295">
<summary>
Manage pam PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_domtrans_pam_console" lineno="1320">
<summary>
Execute pam_console with a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="auth_run_pam_console" lineno="1343">
<summary>
Execute pam_console in the pam timestamp domain
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to allow transitioning into the pam_console_t domain.
</summary>
</param>
</interface>
<interface name="auth_search_pam_console_data" lineno="1363">
<summary>
Search the contents of the
pam_console data directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_list_pam_console_data" lineno="1383">
<summary>
List the contents of the pam_console
data directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_create_pam_console_data_dirs" lineno="1402">
<summary>
Create pam var console pid directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_relabel_pam_console_data_dirs" lineno="1421">
<summary>
Relabel pam_console data directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_read_pam_console_data" lineno="1439">
<summary>
Read pam_console data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_manage_pam_console_data" lineno="1460">
<summary>
Create, read, write, and delete
pam_console data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_delete_pam_console_data" lineno="1481">
<summary>
Delete pam_console data.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_pid_filetrans_pam_var_console" lineno="1514">
<summary>
Create specified objects in
pid directories with the pam var
console pid file type using a
file type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="auth_read_all_dirs_except_auth_files" lineno="1539">
<summary>
Read all directories on the filesystem, except
login files and listed exceptions.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded.  Each type or attribute
must be negated by the caller.
</summary>
</param>
</interface>
<interface name="auth_read_all_dirs_except_shadow" lineno="1561">
<summary>
Read all directories on the filesystem, except
the shadow passwords and listed exceptions.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded.  Each type or attribute
must be negated by the caller.
</summary>
</param>
</interface>
<interface name="auth_read_all_files_except_auth_files" lineno="1584">
<summary>
Read all files on the filesystem, except
login files and listed exceptions.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded.  Each type or attribute
must be negated by the caller.
</summary>
</param>
<rolecap/>
</interface>
<interface name="auth_read_all_files_except_shadow" lineno="1607">
<summary>
Read all files on the filesystem, except
the shadow passwords and listed exceptions.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded.  Each type or attribute
must be negated by the caller.
</summary>
</param>
<rolecap/>
</interface>
<interface name="auth_read_all_symlinks_except_auth_files" lineno="1629">
<summary>
Read all symbolic links on the filesystem, except
login files and listed exceptions.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded.  Each type or attribute
must be negated by the caller.
</summary>
</param>
</interface>
<interface name="auth_read_all_symlinks_except_shadow" lineno="1651">
<summary>
Read all symbolic links on the filesystem, except
the shadow passwords and listed exceptions.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded.  Each type or attribute
must be negated by the caller.
</summary>
</param>
</interface>
<interface name="auth_relabel_all_files_except_auth_files" lineno="1673">
<summary>
Relabel all files on the filesystem, except
login files and listed exceptions.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded.  Each type or attribute
must be negated by the caller.
</summary>
</param>
</interface>
<interface name="auth_relabel_all_files_except_shadow" lineno="1695">
<summary>
Relabel all files on the filesystem, except
the shadow passwords and listed exceptions.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded.  Each type or attribute
must be negated by the caller.
</summary>
</param>
</interface>
<interface name="auth_rw_all_files_except_auth_files" lineno="1717">
<summary>
Read and write all files on the filesystem, except
login files and listed exceptions.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded.  Each type or attribute
must be negated by the caller.
</summary>
</param>
</interface>
<interface name="auth_rw_all_files_except_shadow" lineno="1739">
<summary>
Read and write all files on the filesystem, except
the shadow passwords and listed exceptions.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded.  Each type or attribute
must be negated by the caller.
</summary>
</param>
</interface>
<interface name="auth_manage_all_files_except_auth_files" lineno="1761">
<summary>
Manage all files on the filesystem, except
login files passwords and listed exceptions.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded.  Each type or attribute
must be negated by the caller.
</summary>
</param>
</interface>
<interface name="auth_manage_all_files_except_shadow" lineno="1783">
<summary>
Manage all files on the filesystem, except
the shadow passwords and listed exceptions.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded.  Each type or attribute
must be negated by the caller.
</summary>
</param>
</interface>
<interface name="auth_domtrans_utempter" lineno="1798">
<summary>
Execute utempter programs in the utempter domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="auth_run_utempter" lineno="1821">
<summary>
Execute utempter programs in the utempter domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to allow the utempter domain.
</summary>
</param>
</interface>
<interface name="auth_dontaudit_exec_utempter" lineno="1840">
<summary>
Do not audit attemps to execute utempter executable.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="auth_setattr_login_records" lineno="1858">
<summary>
Set the attributes of login record files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_relabel_login_records" lineno="1877">
<summary>
Relabel login record files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_read_login_records" lineno="1897">
<summary>
Read login records files (/var/log/wtmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="auth_dontaudit_read_login_records" lineno="1918">
<summary>
Do not audit attempts to read login records
files (/var/log/wtmp).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="auth_dontaudit_write_login_records" lineno="1937">
<summary>
Do not audit attempts to write to
login records files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="auth_append_login_records" lineno="1955">
<summary>
Append to login records (wtmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_write_login_records" lineno="1974">
<summary>
Write to login records (wtmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_rw_login_records" lineno="1992">
<summary>
Read and write login records.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_log_filetrans_login_records" lineno="2012">
<summary>
Create a login records in the log directory
using a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_manage_login_records" lineno="2031">
<summary>
Create, read, write, and delete login
records files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_reader_shadow" lineno="2061">
<summary>
Read access to the authlogin module.
</summary>
<desc>
<p>
Read access to the authlogin module.
</p>
<p>
Currently, this only allows assertions for
the shadow passwords file (/etc/shadow) to
be passed.  No access is granted yet.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_writer_shadow" lineno="2089">
<summary>
Write access to the authlogin module.
</summary>
<desc>
<p>
Write access to the authlogin module.
</p>
<p>
Currently, this only allows assertions for
the shadow passwords file (/etc/shadow) to
be passed.  No access is granted yet.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_use_nsswitch" lineno="2117">
<summary>
Use nsswitch to look up user, password, group, or
host information.
</summary>
<desc>
<p>
Allow the specified domain to look up user, password,
group, or host information using the name service.
The most common use of this interface is for services
that do host name resolution (usually DNS resolution).
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="auth_unconfined" lineno="2147">
<summary>
Unconfined access to the authlogin module.
</summary>
<desc>
<p>
Unconfined access to the authlogin module.
</p>
<p>
Currently, this only allows assertions for
the shadow passwords file (/etc/shadow) to
be passed.  No access is granted yet.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_filetrans_named_content" lineno="2169">
<summary>
Transition to authlogin named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_getattr_passwd" lineno="2222">
<summary>
Get the attributes of the passwd passwords file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_dontaudit_getattr_passwd" lineno="2242">
<summary>
Do not audit attempts to get the attributes
of the passwd passwords file.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="auth_read_passwd" lineno="2263">
<summary>
Read the passwd passwords file (/etc/passwd)
Allow to use sss nsswitch module for passwd and group.
Allow to use systemd nsswitch module for passwd and group
which is used for dynamic users.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_read_passwd_file" lineno="2286">
<summary>
Read the passwd passwords file (/etc/passwd) only
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_map_passwd" lineno="2304">
<summary>
Mmap the passwd passwords file (/etc/passwd)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_dontaudit_read_passwd" lineno="2323">
<summary>
Do not audit attempts to read the passwd
password file (/etc/passwd).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="auth_manage_passwd" lineno="2342">
<summary>
Create, read, write, and delete the passwd
password file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_watch_passwd" lineno="2369">
<summary>
Watch the passwd passwords file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_filetrans_admin_home_content" lineno="2389">
<summary>
Create auth directory in the /root directory
with an correct label.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_read_home_content" lineno="2410">
<summary>
Read the authorization data in the user home directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_manage_home_content" lineno="2430">
<summary>
Read the authorization data in the user home directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_filetrans_home_content" lineno="2452">
<summary>
Create auth directory in the user home directory
with an correct label.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_filetrans_auth_home_content" lineno="2474">
<summary>
Create auth directory in the config home directory
with a correct label.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_login_pgm_sigchld" lineno="2494">
<summary>
Send a SIGCHLD signal to login programs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_login_manage_key" lineno="2512">
<summary>
Manage the keyrings of all login programs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="authlogin_radius" dftval="false">
<desc>
<p>
Allow users to login using a radius server
</p>
</desc>
</tunable>
<tunable name="authlogin_yubikey" dftval="false">
<desc>
<p>
Allow users to login using a yubikey OTP server or challenge response mode
</p>
</desc>
</tunable>
<tunable name="authlogin_nsswitch_use_ldap" dftval="false">
<desc>
<p>
Allow users to resolve user passwd entries directly from ldap rather then using a sssd server
</p>
</desc>
</tunable>
</module>
<module name="clock" filename="policy/modules/system/clock.if">
<summary>Policy for reading and setting the hardware clock.</summary>
<interface name="clock_domtrans" lineno="13">
<summary>
Execute hwclock in the clock domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="clock_run" lineno="38">
<summary>
Execute hwclock in the clock domain, and
allow the specified role the hwclock domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="clock_exec" lineno="57">
<summary>
Execute hwclock in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clock_read_adjtime" lineno="75">
<summary>
Read clock drift adjustments.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clock_dontaudit_write_adjtime" lineno="94">
<summary>
Do not audit attempts to write clock drift adjustments.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="clock_rw_adjtime" lineno="112">
<summary>
Read and write clock drift adjustments.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clock_manage_adjtime" lineno="131">
<summary>
Manage clock drift adjustments.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clock_filetrans_named_content" lineno="150">
<summary>
Transition to systemd clock content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="fstools" filename="policy/modules/system/fstools.if">
<summary>Tools for filesystem management, such as mkfs and fsck.</summary>
<interface name="fstools_domtrans" lineno="13">
<summary>
Execute fs tools in the fstools domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="fstools_run" lineno="39">
<summary>
Execute fs tools in the fstools domain, and
allow the specified role the fs tools domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fstools_exec" lineno="58">
<summary>
Execute fsadm in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fstools_signal" lineno="76">
<summary>
Send signal to fsadm process
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fstools_read_pipes" lineno="94">
<summary>
Read fstools unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fstools_relabelto_entry_files" lineno="113">
<summary>
Relabel a file to the type used by the
filesystem tools programs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fstools_manage_entry_files" lineno="132">
<summary>
Create, read, write, and delete a file used by the
filesystem tools programs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fstools_getattr_swap_files" lineno="150">
<summary>
Getattr swapfile
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fstools_read_swap_files" lineno="168">
<summary>
Read swapfile
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fstools_rw_swap_files" lineno="186">
<summary>
Read/Write swapfile
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fsadm_manage_pid" lineno="204">
<summary>
Create, read, write, and delete the FSADM pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fstools_filetrans_named_content_fsadm" lineno="225">
<summary>
Transition to systemd  content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="getty" filename="policy/modules/system/getty.if">
<summary>Policy for getty.</summary>
<interface name="getty_domtrans" lineno="13">
<summary>
Execute gettys in the getty domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="getty_use_fds" lineno="32">
<summary>
Inherit and use getty file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="getty_read_log" lineno="51">
<summary>
Allow process to read getty log file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="getty_read_config" lineno="71">
<summary>
Allow process to read getty config file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="getty_rw_config" lineno="91">
<summary>
Allow process to edit getty config file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="getty_systemctl" lineno="110">
<summary>
Execute getty server in the getty domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="getty_start_services" lineno="133">
<summary>
Start getty unit files domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="hostname" filename="policy/modules/system/hostname.if">
<summary>Policy for changing the system host name.</summary>
<interface name="hostname_domtrans" lineno="13">
<summary>
Execute hostname in the hostname domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="hostname_run" lineno="38">
<summary>
Execute hostname in the hostname domain, and
allow the specified role the hostname domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="hostname_exec" lineno="57">
<summary>
Execute hostname in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="init" filename="policy/modules/system/init.if">
<summary>System initialization programs (init and init scripts).</summary>
<interface name="init_stub_initrc" lineno="13">
<summary>
initrc stub interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="init_script_file" lineno="48">
<summary>
Create a file type used for init scripts.
</summary>
<desc>
<p>
Create a file type used for init scripts.  It can not be
used in conjunction with init_script_domain(). These
script files are typically stored in the /etc/init.d directory.
</p>
<p>
Typically this is used to constrain what services an
admin can start/stop.  For example, a policy writer may want
to constrain a web administrator to only being able to
restart the web server, not other services.  This special type
will help address that goal.
</p>
<p>
This also makes the type usable for files; thus an
explicit call to files_type() is redundant.
</p>
</desc>
<param name="script_file">
<summary>
Type to be used for a script file.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="init_script_domain" lineno="83">
<summary>
Create a domain used for init scripts.
</summary>
<desc>
<p>
Create a domain used for init scripts.
Can not be used in conjunction with
init_script_file().
</p>
</desc>
<param name="domain">
<summary>
Type to be used as an init script domain.
</summary>
</param>
<param name="script_file">
<summary>
Type of the script file used as an entry point to this domain.
</summary>
</param>
</interface>
<interface name="init_domain" lineno="113">
<summary>
Create a domain which can be started by init.
</summary>
<param name="domain">
<summary>
Type to be used as a domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
</interface>
<interface name="init_nnp_daemon_domain" lineno="150">
<summary>
Allow SELinux Domain trasition from sytemd
into confined domain with NoNewPrivileges
Systemd Security feature.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_ranged_domain" lineno="179">
<summary>
Create a domain which can be started by init,
with a range transition.
</summary>
<param name="domain">
<summary>
Type to be used as a domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
<param name="range">
<summary>
Range for the domain.
</summary>
</param>
</interface>
<interface name="init_daemon_domain" lineno="231">
<summary>
Create a domain for long running processes
(daemons/services) which are started by init scripts.
</summary>
<desc>
<p>
Create a domain for long running processes (daemons/services)
which are started by init scripts. Short running processes
should use the init_system_domain() interface instead.
Typically all long running processes started by an init
script (usually in /etc/init.d) will need to use this
interface.
</p>
<p>
The types will be made usable as a domain and file, making
calls to domain_type() and files_type() redundant.
</p>
<p>
If the process must also run in a specific MLS/MCS level,
the init_ranged_daemon_domain() should be used instead.
</p>
</desc>
<param name="domain">
<summary>
Type to be used as a daemon domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="init_initrc_domain" lineno="269">
<summary>
Create initrc domain.
</summary>
<param name="domain">
<summary>
Type to be used as a initrc daemon domain.
</summary>
</param>
</interface>
<interface name="init_ranged_daemon_domain" lineno="319">
<summary>
Create a domain for long running processes
(daemons/services) which are started by init scripts,
running at a specified MLS/MCS range.
</summary>
<desc>
<p>
Create a domain for long running processes (daemons/services)
which are started by init scripts, running at a specified
MLS/MCS range. Short running processes
should use the init_ranged_system_domain() interface instead.
Typically all long running processes started by an init
script (usually in /etc/init.d) will need to use this
interface if they need to run in a specific MLS/MCS range.
</p>
<p>
The types will be made usable as a domain and file, making
calls to domain_type() and files_type() redundant.
</p>
<p>
If the policy build option TYPE is standard (MLS and MCS disabled),
this interface has the same behavior as init_daemon_domain().
</p>
</desc>
<param name="domain">
<summary>
Type to be used as a daemon domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
<param name="range">
<summary>
MLS/MCS range for the domain.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="init_system_domain" lineno="376">
<summary>
Create a domain for short running processes
which are started by init scripts.
</summary>
<desc>
<p>
Create a domain for short running processes
which are started by init scripts. These are generally applications that
are used to initialize the system during boot.
Long running processes, such as daemons/services
should use the init_daemon_domain() interface instead.
Typically all short running processes started by an init
script (usually in /etc/init.d) will need to use this
interface.
</p>
<p>
The types will be made usable as a domain and file, making
calls to domain_type() and files_type() redundant.
</p>
<p>
If the process must also run in a specific MLS/MCS level,
the init_ranged_system_domain() should be used instead.
</p>
</desc>
<param name="domain">
<summary>
Type to be used as a system domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="init_ranged_system_domain" lineno="436">
<summary>
Create a domain for short running processes
which are started by init scripts.
</summary>
<desc>
<p>
Create a domain for long running processes (daemons/services)
which are started by init scripts.
These are generally applications that
are used to initialize the system during boot.
Long running processes
should use the init_ranged_system_domain() interface instead.
Typically all short running processes started by an init
script (usually in /etc/init.d) will need to use this
interface if they need to run in a specific MLS/MCS range.
</p>
<p>
The types will be made usable as a domain and file, making
calls to domain_type() and files_type() redundant.
</p>
<p>
If the policy build option TYPE is standard (MLS and MCS disabled),
this interface has the same behavior as init_system_domain().
</p>
</desc>
<param name="domain">
<summary>
Type to be used as a system domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
<param name="range">
<summary>
Range for the domain.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="init_explicit_domain" lineno="472">
<summary>
Create a domain which can be started by init
using an explicit transition.
</summary>
<param name="domain">
<summary>
Type to be used as a domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
</interface>
<interface name="init_dyntrans" lineno="495">
<summary>
Allow domain dyntransition to init_t domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="init_daemon_run_dir" lineno="519">
<summary>
Mark the file type as a daemon run dir, allowing initrc_t
to create it
</summary>
<param name="filetype">
<summary>
Type to mark as a daemon run dir
</summary>
</param>
<param name="filename">
<summary>
Filename of the directory that the init script creates
</summary>
</param>
</interface>
<interface name="init_domtrans" lineno="540">
<summary>
Execute init (/sbin/init) with a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="init_entrypoint_exec" lineno="560">
<summary>
Allow any file point to be the entrypoint of this domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_exec" lineno="578">
<summary>
Execute the init program in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_access_check" lineno="601">
<summary>
Check access to the init/systemd executable.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_getattr_exec" lineno="621">
<summary>
Dontaudit getattr on the init program.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="init_exec_rc" lineno="650">
<summary>
Execute the rc application in the caller domain.
</summary>
<desc>
<p>
This is only applicable to Gentoo or distributions that use the OpenRC
init system.
</p>
<p>
The OpenRC /sbin/rc binary is used for both init scripts as well as
management applications and tools. When used for management purposes,
calling /sbin/rc should never cause a transition to initrc_t.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_getpgid" lineno="669">
<summary>
Get the process group of init.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_signull" lineno="687">
<summary>
Send init a null signal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_sigchld" lineno="705">
<summary>
Send init a SIGCHLD signal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_signal" lineno="723">
<summary>
Send generic signals to init.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_var_lib_filetrans" lineno="756">
<summary>
Create objects in the init_var_lib_t directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file_type">
<summary>
The type of the object to be created
</summary>
</param>
<param name="object_class">
<summary>
The object class.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="init_abstract_socket_activation" lineno="775">
<summary>
Abstract socket service activation (systemd).
</summary>
<param name="domain">
<summary>
The domain to be started by systemd socket activation.
</summary>
</param>
</interface>
<interface name="init_named_socket_activation" lineno="804">
<summary>
Named socket service activation (systemd).
</summary>
<param name="domain">
<summary>
The domain to be started by systemd socket activation.
</summary>
</param>
<param name="sock_file">
<summary>
The domain socket file type.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="init_stream_connect" lineno="828">
<summary>
Connect to init with a unix socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_stream_connectto" lineno="848">
<summary>
Connect to init with a unix socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_stream_connect" lineno="867">
<summary>
Dontaudit Connect to init with a unix socket.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_dontaudit_getattr_stream_socket" lineno="885">
<summary>
Dontaudit getattr to init with a unix socket.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_dontaudit_rw_stream_socket" lineno="903">
<summary>
Dontaudit read and write to init with a unix socket.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_use_fds" lineno="961">
<summary>
Inherit and use file descriptors from init.
</summary>
<desc>
<p>
Allow the specified domain to inherit file
descriptors from the init program (process ID 1).
Typically the only file descriptors to be
inherited from init are for the console.
This does not allow the domain any access to
the object to which the file descriptors references.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>init_dontaudit_use_fds()</li>
<li>term_dontaudit_use_console()</li>
<li>term_use_console()</li>
</ul>
<p>
Example usage:
</p>
<p>
init_use_fds(mydomain_t)
term_use_console(mydomain_t)
</p>
<p>
Normally, processes that can inherit these file
descriptors (usually services) write messages to the
system log instead of writing to the console.
Therefore, in many cases, this access should
dontaudited instead.
</p>
<p>
Example dontaudit usage:
</p>
<p>
init_dontaudit_use_fds(mydomain_t)
term_dontaudit_use_console(mydomain_t)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="1"/>
</interface>
<interface name="init_dontaudit_use_fds" lineno="980">
<summary>
Do not audit attempts to inherit file
descriptors from init.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_udp_send" lineno="998">
<summary>
Send UDP network traffic to init.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_getattr_initctl" lineno="1012">
<summary>
Get the attributes of initctl.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_getattr_initctl" lineno="1031">
<summary>
Do not audit attempts to get the
attributes of initctl.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_write_initctl" lineno="1049">
<summary>
Write to initctl.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_telinit" lineno="1069">
<summary>
Use telinit (Read and write initctl).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="init_rw_initctl" lineno="1102">
<summary>
Read and write initctl.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_rw_initctl" lineno="1122">
<summary>
Do not audit attempts to read and
write initctl.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_script_file_entry_type" lineno="1141">
<summary>
Make init scripts an entry point for
the specified domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_spec_domtrans_script" lineno="1159">
<summary>
Execute init scripts with a specified domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="init_domtrans_script" lineno="1195">
<summary>
Execute init scripts with an automatic domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="init_bin_domtrans_spec" lineno="1227">
<summary>
Execute a file in a bin directory
in the initrc_t domain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_script_file_domtrans" lineno="1260">
<summary>
Execute a init script in a specified domain.
</summary>
<desc>
<p>
Execute a init script in a specified domain.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="source_domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
Domain to transition to.
</summary>
</param>
</interface>
<interface name="init_labeled_script_domtrans" lineno="1285">
<summary>
Transition to the init script domain
on a specified labeled init script.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="init_script_file">
<summary>
Labeled init script file.
</summary>
</param>
</interface>
<interface name="init_all_labeled_script_domtrans" lineno="1310">
<summary>
Transition to the init script domain
for all labeled init script types
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="init_run_daemon" lineno="1340">
<summary>
Start and stop daemon programs directly.
</summary>
<desc>
<p>
Start and stop daemon programs directly
in the traditional "/etc/init.d/daemon start"
style, and do not require run_init.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be performing this action.
</summary>
</param>
</interface>
<interface name="init_exec_notrans_direct_init_entry" lineno="1360">
<summary>
Allow execute all init daemon executables type without transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_read_state" lineno="1378">
<summary>
Read the process state (/proc/pid) of init.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_read_state" lineno="1398">
<summary>
Dontaudit read the process state (/proc/pid) of init.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_read_key" lineno="1418">
<summary>
Read the process keyring of init.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_view_key" lineno="1436">
<summary>
Allow view the init key ring.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_write_key" lineno="1454">
<summary>
Write the process keyring of init.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_ptrace" lineno="1473">
<summary>
Ptrace init
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="init_write_script_pipes" lineno="1493">
<summary>
Write an init script unnamed pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_getattr_script_files" lineno="1511">
<summary>
Get the attribute of init script entrypoint files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_read_script_files" lineno="1530">
<summary>
Read init scripts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_exec_script_files" lineno="1549">
<summary>
Execute init scripts in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_getattr_all_script_files" lineno="1568">
<summary>
Get the attribute of all init script entrypoint files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_config_all_script_files" lineno="1588">
<summary>
Allow the specified domain to modify the systemd configuration of
all init scripts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_config_transient_files" lineno="1607">
<summary>
Allow the specified domain to modify the systemd configuration of
transient scripts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_manage_config_transient_files" lineno="1626">
<summary>
Allow the specified domain to modify the systemd configuration of
transient scripts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_read_all_script_files" lineno="1644">
<summary>
Read all init script files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_status_all_script_files" lineno="1663">
<summary>
Get the status all init script files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_getattr_all_script_files" lineno="1682">
<summary>
Dontaudit getattr all init script files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_dontaudit_read_all_script_files" lineno="1700">
<summary>
Dontaudit read all init script files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_exec_all_script_files" lineno="1718">
<summary>
Execute all init scripts in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_read_script_state" lineno="1737">
<summary>
Read the process state (/proc/pid) of the init scripts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_use_script_fds" lineno="1756">
<summary>
Inherit and use init script file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_use_script_fds" lineno="1775">
<summary>
Do not audit attempts to inherit
init script file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_search_script_keys" lineno="1793">
<summary>
Search init script keys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_getpgid_script" lineno="1811">
<summary>
Get the process group ID of init scripts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_sigchld_script" lineno="1829">
<summary>
Send SIGCHLD signals to init scripts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_signal_script" lineno="1847">
<summary>
Send generic signals to init scripts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_sigkill_script" lineno="1865">
<summary>
Send kill signals to init scripts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_signull_script" lineno="1883">
<summary>
Send null signals to init scripts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_rw_script_pipes" lineno="1901">
<summary>
Read and write init script unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_udp_send_script" lineno="1919">
<summary>
Send UDP network traffic to init scripts.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_stream_connect_script" lineno="1934">
<summary>
Allow the specified domain to connect to
init scripts with a unix socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_rw_script_stream_sockets" lineno="1953">
<summary>
Allow the specified domain to read/write to
init scripts with a unix domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_stream_connect_script" lineno="1972">
<summary>
Dont audit the specified domain connecting to
init scripts with a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_dbus_send_script" lineno="1989">
<summary>
Send messages to init scripts over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dbus_chat" lineno="2010">
<summary>
Send and receive messages from
init over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_dbus_chat" lineno="2030">
<summary>
Dontaudit attempts to send dbus domains chat messages
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_dbus_chat_script" lineno="2051">
<summary>
Send and receive messages from
init scripts over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_use_script_ptys" lineno="2080">
<summary>
Read and write the init script pty.
</summary>
<desc>
<p>
Read and write the init script pty.  This
pty is generally opened by the open_init_pty
portion of the run_init program so that the
daemon does not require direct access to
the administrator terminal.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_use_inherited_script_ptys" lineno="2099">
<summary>
Read and write inherited init script ptys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_use_script_ptys" lineno="2121">
<summary>
Do not audit attempts to read and
write the init script pty.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_getattr_script_status_files" lineno="2140">
<summary>
Get the attributes of init script
status files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_manage_script_status_files" lineno="2159">
<summary>
Manage init script
status files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_read_script_status_files" lineno="2178">
<summary>
Do not audit attempts to read init script
status files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_read_script_tmp_files" lineno="2197">
<summary>
Read init script temporary data.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_rw_script_tmp_files" lineno="2216">
<summary>
Read and write init script temporary data.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_manage_script_tmp_files" lineno="2235">
<summary>
Manage init script temporary data.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_write_initrc_tmp_pipes" lineno="2257">
<summary>
Allow caller doamin to write  initrc_tmp_t pipes
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_dontaudit_write_initrc_tmp" lineno="2275">
<summary>
Do not audit attempts to read initrc_tmp_t files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_rw_inherited_script_tmp_files" lineno="2293">
<summary>
Read and write init script inherited temporary data.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_script_tmp_filetrans" lineno="2327">
<summary>
Create files in a init script
temporary data directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file_type">
<summary>
The type of the object to be created
</summary>
</param>
<param name="object_class">
<summary>
The object class.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="init_getattr_utmp" lineno="2346">
<summary>
Get the attributes of init script process id files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_read_utmp" lineno="2364">
<summary>
Read utmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_read_machineid" lineno="2383">
<summary>
Read utmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_read_utmp" lineno="2402">
<summary>
Do not audit attempts to read utmp.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_dontaudit_write_utmp" lineno="2420">
<summary>
Do not audit attempts to write utmp.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_write_utmp" lineno="2438">
<summary>
Write to utmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_lock_utmp" lineno="2458">
<summary>
Do not audit attempts to lock
init script pid files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_rw_utmp" lineno="2476">
<summary>
Read and write utmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_rw_utmp" lineno="2495">
<summary>
Do not audit attempts to read and write utmp.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_watch_utmp" lineno="2513">
<summary>
Watch the utmp file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_manage_utmp" lineno="2532">
<summary>
Create, read, write, and delete utmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_pid_filetrans_utmp" lineno="2552">
<summary>
Create files in /var/run with the
utmp file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_search_pid_dirs" lineno="2570">
<summary>
Allow search  directory in the /run/systemd directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_list_pid_dirs" lineno="2588">
<summary>
Allow listing of the /run/systemd directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_create_pid_dirs" lineno="2606">
<summary>
Create a directory in the /run/systemd directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_delete_pid_dir_entry" lineno="2625">
<summary>
Remove entries from the /run/systemd directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_watch_pid_dir" lineno="2643">
<summary>
Watch the /run/systemd directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_getattr_pid_blk_file" lineno="2661">
<summary>
Get the attributes of block nodes in the /run/systemd directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_getattr_pid_chr_file" lineno="2679">
<summary>
Get the attributes of character device nodes in the /run/systemd directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_pid_filetrans" lineno="2714">
<summary>
Create objects in /run/systemd directory
with an automatic type transition to
a specified private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to create.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="init_named_pid_filetrans" lineno="2750">
<summary>
Create objects in /run/systemd directory
with an automatic type transition to
a specified private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to create.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="init_tcp_recvfrom_all_daemons" lineno="2769">
<summary>
Allow the specified domain to connect to daemon with a tcp socket
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_udp_recvfrom_all_daemons" lineno="2787">
<summary>
Allow the specified domain to connect to daemon with a udp socket
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_script_role_transition" lineno="2814">
<summary>
Transition to system_r when execute an init script
</summary>
<desc>
<p>
Execute a init script in a specified role
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="source_role">
<summary>
Role to transition from.
</summary>
</param>
</interface>
<interface name="init_dontaudit_script_leaks" lineno="2832">
<summary>
dontaudit read and write an leaked init scrip file descriptors
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_ioctl_stream_sockets" lineno="2854">
<summary>
Allow the specified domain to ioctl an
init with a unix domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_rw_stream_sockets" lineno="2873">
<summary>
Allow the specified domain to read/write to
init with a unix domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_append_stream_sockets" lineno="2892">
<summary>
Allow the specified domain to append to
init unix domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_write_pid_socket" lineno="2911">
<summary>
Allow the specified domain to write to
init sock file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dgram_send" lineno="2930">
<summary>
Send a message to init over a unix domain
datagram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_stream_send" lineno="2949">
<summary>
Send a message to init over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_sock_file" lineno="2974">
<summary>
Create a file type used for init socket files.
</summary>
<desc>
<p>
This defines a type that init can create sock_file within for
impersonation purposes
</p>
</desc>
<param name="script_file">
<summary>
Type to be used for a sock file.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="init_read_pid_files" lineno="2993">
<summary>
Read init pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_manage_pid_files" lineno="3012">
<summary>
Manage init pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_read_pid_lnk_files" lineno="3030">
<summary>
Read init pid lnk_files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_read_pipes" lineno="3048">
<summary>
Read init unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_rw_pipes" lineno="3066">
<summary>
Read/Write init unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_rw_tcp_sockets" lineno="3084">
<summary>
Read and write init TCP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_use_notify" lineno="3102">
<summary>
Use sd_notify
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_status" lineno="3123">
<summary>
Get the system status information from init
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_stop" lineno="3142">
<summary>
Stop system from init
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_start" lineno="3160">
<summary>
Start  system from init
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_reboot" lineno="3178">
<summary>
Tell init to reboot the system.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_enable_services" lineno="3197">
<summary>
Tell init to enable the services.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_disable_services" lineno="3215">
<summary>
Tell init to disable the services.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_reload_services" lineno="3233">
<summary>
Tell init to reload the services.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_halt" lineno="3251">
<summary>
Tell init to halt the system.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_undefined" lineno="3270">
<summary>
Tell init to do an unknown access.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_start_transient_unit" lineno="3288">
<summary>
Tell init to do an unknown access.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_enable_transient_unit" lineno="3306">
<summary>
Tell init to do an unknown access.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_disable_transient_unit" lineno="3324">
<summary>
Tell init to do an unknown access.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_stop_transient_unit" lineno="3342">
<summary>
Tell init to do an unknown access.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_reload_transient_unit" lineno="3360">
<summary>
Tell init to do an unknown access.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_status_transient_unit" lineno="3378">
<summary>
Tell init to do an unknown access.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_manage_transient_unit" lineno="3396">
<summary>
Tell init to do an unknown access.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_filetrans_named_content" lineno="3414">
<summary>
Transition to init named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_read_var_lib_files" lineno="3443">
<summary>
Read systemd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_mmap_read_var_lib_files" lineno="3462">
<summary>
Mmap and read systemd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_search_var_lib_dirs" lineno="3481">
<summary>
Search systemd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_read_var_lib_sock_files" lineno="3500">
<summary>
Read systemd lib sock_files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_read_var_lib_lnk_files" lineno="3519">
<summary>
Read systemd lib lnk_files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_prog_run_bpf" lineno="3538">
<summary>
Allow caller domain to run bpftool.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_watch_dir" lineno="3557">
<summary>
Allow systemd to watch directories of given type.
Intended for systemd path units - see systemd.path(5). (Deprecated)
</summary>
<param name="type">
<summary>
Type allowed to watch.
</summary>
</param>
</interface>
<tunable name="daemons_dontaudit_scheduling" dftval="true">
<desc>
<p>
Dontaudit all daemons scheduling requests (setsched, sys_nice).
</p>
</desc>
</tunable>
<tunable name="daemons_use_tcp_wrapper" dftval="false">
<desc>
<p>
Allow all daemons to use tcp wrappers.
</p>
</desc>
</tunable>
<tunable name="daemons_use_tty" dftval="false">
<desc>
<p>
Allow all daemons the ability to read/write terminals
</p>
</desc>
</tunable>
<tunable name="daemons_dump_core" dftval="false">
<desc>
<p>
Allow all daemons to write corefiles to /
</p>
</desc>
</tunable>
<tunable name="daemons_enable_cluster_mode" dftval="false">
<desc>
<p>
Enable cluster mode for daemons.
</p>
</desc>
</tunable>
<tunable name="init_create_dirs" dftval="true">
<desc>
<p>
Enable init create, setattr, mounton on non_security_file_type
</p>
</desc>
</tunable>
<tunable name="init_audit_control" dftval="false">
<desc>
<p>
Allow init audit_control capability
</p>
</desc>
</tunable>
</module>
<module name="ipsec" filename="policy/modules/system/ipsec.if">
<summary>TCP/IP encryption</summary>
<interface name="ipsec_domtrans" lineno="13">
<summary>
Execute ipsec in the ipsec domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ipsec_rw_inherited_pipes" lineno="31">
<summary>
Allow read/write ipsec pipes
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_stream_connect" lineno="49">
<summary>
Connect to IPSEC using a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_domtrans_mgmt" lineno="68">
<summary>
Execute ipsec in the ipsec mgmt domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_filetrans_key_file" lineno="86">
<summary>
Allow to create OBJECT in /etc with ipsec_key_file_t.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_manage_key_file" lineno="104">
<summary>
Allow to manage ipsec key files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_mgmt_read_pid" lineno="123">
<summary>
Read the ipsec_mgmt_var_run_t files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_stream_connect_racoon" lineno="144">
<summary>
Connect to racoon using a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_getattr_key_sockets" lineno="163">
<summary>
Get the attributes of an IPSEC key socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_exec_mgmt" lineno="181">
<summary>
Execute the IPSEC management program in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_signal_mgmt" lineno="199">
<summary>
Send ipsec mgmt a general signal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_signull_mgmt" lineno="217">
<summary>
Send ipsec mgmt a null signal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_kill_mgmt" lineno="235">
<summary>
Send ipsec mgmt a kill signal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_signal" lineno="253">
<summary>
Send ipsec  a general signal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_signull" lineno="271">
<summary>
Send ipsec  a null signal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_kill" lineno="289">
<summary>
Send ipsec  a kill signal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_mgmt_dbus_chat" lineno="308">
<summary>
Send and receive messages from
ipsec-mgmt over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_read_config" lineno="329">
<summary>
Read the IPSEC configuration
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ipsec_match_default_spd" lineno="349">
<summary>
Match the default SPD entry.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_setcontext_default_spd" lineno="370">
<summary>
Set the context of a SPD entry to
the default context.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_write_pid" lineno="388">
<summary>
write the ipsec_var_run_t files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_read_pid" lineno="407">
<summary>
Allow read the IPSEC pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_manage_pid" lineno="427">
<summary>
Create, read, write, and delete the IPSEC pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_domtrans_racoon" lineno="446">
<summary>
Execute racoon in the racoon domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ipsec_run_racoon" lineno="470">
<summary>
Execute racoon and allow the specified role the domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ipsec_domtrans_setkey" lineno="489">
<summary>
Execute setkey in the setkey domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ipsec_run_setkey" lineno="513">
<summary>
Execute setkey and allow the specified role the domains.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access..
</summary>
</param>
<rolecap/>
</interface>
<interface name="ipsec_mgmt_systemctl" lineno="532">
<summary>
Execute strongswan in the ipsec_mgmt domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<tunable name="racoon_read_shadow" dftval="false">
<desc>
<p>
Allow racoon to read shadow
</p>
</desc>
</tunable>
</module>
<module name="iptables" filename="policy/modules/system/iptables.if">
<summary>Policy for iptables.</summary>
<interface name="iptables_domtrans" lineno="13">
<summary>
Execute iptables in the iptables domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="iptables_run" lineno="40">
<summary>
Execute iptables in the iptables domain, and
allow the specified role the iptables domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="iptables_exec" lineno="59">
<summary>
Execute iptables in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="iptables_initrc_domtrans" lineno="78">
<summary>
Execute iptables in the iptables domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="iptables_systemctl" lineno="96">
<summary>
Execute iptables server in the iptables domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="iptables_setattr_config" lineno="120">
<summary>
Set the attributes of iptables config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="iptables_read_config" lineno="139">
<summary>
Read iptables config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="iptables_etc_filetrans_config" lineno="160">
<summary>
Create files in /etc with the type used for
the iptables config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="iptables_manage_config" lineno="178">
<summary>
Manage iptables config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="iptables_filetrans_named_content" lineno="198">
<summary>
Transition to iptables named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="iptables_read_var_run" lineno="216">
<summary>
Read iptables run files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="libraries" filename="policy/modules/system/libraries.if">
<summary>Policy for system libraries.</summary>
<interface name="libs_domtrans_ldconfig" lineno="13">
<summary>
Execute ldconfig in the ldconfig domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="libs_run_ldconfig" lineno="38">
<summary>
Execute ldconfig in the ldconfig domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to allow the ldconfig domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="libs_exec_ldconfig" lineno="58">
<summary>
Execute ldconfig in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="libs_ldconfig_exec_entry_type" lineno="78">
<summary>
Make ldconfig_exec_t entrypoint for
the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which bin_t is an entrypoint.
</summary>
</param>
</interface>
<interface name="libs_use_ld_so" lineno="97">
<summary>
Use the dynamic link/loader for automatic loading
of shared libraries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_legacy_use_ld_so" lineno="122">
<summary>
Use the dynamic link/loader for automatic loading
of shared libraries with legacy support.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_exec_ld_so" lineno="142">
<summary>
Execute the dynamic link/loader in the caller's domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_manage_ld_so" lineno="164">
<summary>
Create, read, write, and delete the
dynamic link/loader.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_relabel_ld_so" lineno="185">
<summary>
Relabel to and from the type used for
the dynamic link/loader.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_rw_ld_so_cache" lineno="204">
<summary>
Modify the dynamic link/loader's cached listing
of shared libraries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_search_lib" lineno="223">
<summary>
Search library directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_dontaudit_setattr_lib_files" lineno="241">
<summary>
dontaudit attempts to setattr on library files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="libs_dontaudit_setattr_lib_dirs" lineno="259">
<summary>
dontaudit attempts to setattr on library dirs
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="libs_dontaudit_write_lib_dirs" lineno="284">
<summary>
Do not audit attempts to write to library directories.
</summary>
<desc>
<p>
Do not audit attempts to write to library directories.
Typically this is used to quiet attempts to recompile
python byte code.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="libs_manage_lib_dirs" lineno="302">
<summary>
Create, read, write, and delete library directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_watch_lib_dirs" lineno="321">
<summary>
Watch library directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_read_lib_files" lineno="340">
<summary>
Read files in the library directories, such
as static libraries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_exec_lib_files" lineno="361">
<summary>
Execute library scripts in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_use_lib_files" lineno="383">
<summary>
Load and execute functions from generic
lib files as shared libraries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_manage_lib_files" lineno="400">
<summary>
Create, read, write, and delete generic
files in library directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_relabelto_lib_files" lineno="419">
<summary>
Relabel files to the type used in library directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_relabel_lib_files" lineno="439">
<summary>
Relabel to and from the type used
for generic lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_delete_lib_symlinks" lineno="458">
<summary>
Delete generic symlinks in library directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_manage_shared_libs" lineno="477">
<summary>
Create, read, write, and delete shared libraries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_use_shared_libs" lineno="496">
<summary>
Load and execute functions from shared libraries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_legacy_use_shared_libs" lineno="520">
<summary>
Load and execute functions from shared libraries,
with legacy support.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_relabel_shared_libs" lineno="541">
<summary>
Relabel to and from the type used for
shared libraries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lib_filetrans_shared_lib" lineno="565">
<summary>
Create an object in lib directories, with
the shared libraries type using a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
</interface>
<interface name="files_lib_filetrans_shared_lib" lineno="594">
<summary>
Create an object in lib directories, with
the shared libraries type using a type transition.  (Deprecated)
</summary>
<desc>
<p>
Create an object in lib directories, with
the shared libraries type using a type transition.  (Deprecated)
</p>
<p>
lib_filetrans_shared_lib() should be used instead.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
</interface>
<interface name="libs_filetrans_named_content" lineno="608">
<summary>
Transition to lib named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="locallogin" filename="policy/modules/system/locallogin.if">
<summary>Policy for local logins.</summary>
<interface name="locallogin_domtrans" lineno="13">
<summary>
Execute local logins in the local login domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="locallogin_use_fds" lineno="35">
<summary>
Allow processes to inherit local login file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="locallogin_dontaudit_use_fds" lineno="53">
<summary>
Do not audit attempts to inherit local login file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="locallogin_signull" lineno="71">
<summary>
Send a null signal to local login processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="locallogin_search_keys" lineno="89">
<summary>
Search for key.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="locallogin_link_keys" lineno="107">
<summary>
Allow link to the local_login key ring.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="locallogin_domtrans_sulogin" lineno="125">
<summary>
Execute local logins in the local login domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="locallogin_getattr_home_content" lineno="143">
<summary>
Allow domain to gettatr local login home content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="locallogin_filetrans_admin_home_content" lineno="162">
<summary>
create local login content in the  in the /root directory
with an correct label.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="locallogin_filetrans_home_content" lineno="180">
<summary>
Transition to local login named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="logging" filename="policy/modules/system/logging.if">
<summary>Policy for the kernel message logger and system logging daemon.</summary>
<interface name="logging_log_file" lineno="41">
<summary>
Make the specified type usable for log files
in a filesystem.
</summary>
<desc>
<p>
Make the specified type usable for log files in a filesystem.
This will also make the type usable for files, making
calls to files_type() redundant.  Failure to use this interface
for a log file type may result in problems with log
rotation, log analysis, and log monitoring programs.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>logging_log_filetrans()</li>
</ul>
<p>
Example usage with a domain that can create
and append to a private log file stored in the
general directories (e.g., /var/log):
</p>
<p>
type mylogfile_t;
logging_log_file(mylogfile_t)
allow mydomain_t mylogfile_t:file { create_file_perms append_file_perms };
logging_log_filetrans(mydomain_t, mylogfile_t, file)
</p>
</desc>
<param name="type">
<summary>
Type to be used for files.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="logging_send_audit_msgs" lineno="62">
<summary>
Send audit messages.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_dontaudit_send_audit_msgs" lineno="77">
<summary>
dontaudit attempts to send audit messages.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="logging_create_syslog_netlink_audit_socket" lineno="92">
<summary>
Create netlink audit socket
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_set_loginuid" lineno="110">
<summary>
Set login uid
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_set_tty_audit" lineno="125">
<summary>
Set tty auditing
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_set_audit_parameters" lineno="139">
<summary>
Set up audit
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_read_audit_log" lineno="155">
<summary>
Read the audit log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_watch_audit_log_files" lineno="177">
<summary>
Watch the audit log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_watch_audit_log_dirs" lineno="196">
<summary>
Watch the audit log directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_map_audit_log" lineno="216">
<summary>
Map the audit log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_domtrans_auditctl" lineno="233">
<summary>
Execute auditctl in the auditctl domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="logging_run_auditctl" lineno="258">
<summary>
Execute auditctl in the auditctl domain, and
allow the specified role the auditctl domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_domtrans_auditd" lineno="277">
<summary>
Execute auditd in the auditd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="logging_run_auditd" lineno="301">
<summary>
Execute auditd in the auditd domain, and
allow the specified role the auditd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="logging_stream_connect_auditd" lineno="320">
<summary>
Connect to auditdstored over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_domtrans_dispatcher" lineno="335">
<summary>
Execute a domain transition to run the audit dispatcher.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="logging_signal_dispatcher" lineno="353">
<summary>
Signal the audit dispatcher.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_dispatcher_domain" lineno="377">
<summary>
Create a domain for processes
which can be started by the system audit dispatcher
</summary>
<param name="domain">
<summary>
Type to be used as a domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
</interface>
<interface name="logging_stream_connect_dispatcher" lineno="407">
<summary>
Connect to the audit dispatcher over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_manage_audit_config" lineno="427">
<summary>
Manage the auditd configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_manage_audit_log" lineno="447">
<summary>
Manage the audit log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_domtrans_klog" lineno="467">
<summary>
Execute klogd in the klog domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="logging_check_exec_syslog" lineno="486">
<summary>
Check if syslogd is executable.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_domtrans_syslog" lineno="506">
<summary>
Execute syslogd in the syslog domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="logging_log_filetrans" lineno="568">
<summary>
Create an object in the log directory, with a private type.
</summary>
<desc>
<p>
Allow the specified domain to create an object
in the general system log directories (e.g., /var/log)
with a private type.  Typically this is used for creating
private log files in /var/log with the private type instead
of the general system log type. To accomplish this goal,
either the program must be SELinux-aware, or use this interface.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>logging_log_file()</li>
</ul>
<p>
Example usage with a domain that can create
and append to a private log file stored in the
general directories (e.g., /var/log):
</p>
<p>
type mylogfile_t;
logging_log_file(mylogfile_t)
allow mydomain_t mylogfile_t:file { create_file_perms append_file_perms };
logging_log_filetrans(mydomain_t, mylogfile_t, file)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="logging_log_named_filetrans" lineno="630">
<summary>
Create an object in the log directory, with a private type.
</summary>
<desc>
<p>
Allow the specified domain to create an object
in the general system log directories (e.g., /var/log)
with a private type.  Typically this is used for creating
private log files in /var/log with the private type instead
of the general system log type. To accomplish this goal,
either the program must be SELinux-aware, or use this interface.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>logging_log_file()</li>
</ul>
<p>
Example usage with a domain that can create
and append to a private log file stored in the
general directories (e.g., /var/log):
</p>
<p>
type mylogfile_t;
logging_log_file(mylogfile_t)
allow mydomain_t mylogfile_t:file { create_file_perms append_file_perms };
logging_log_filetrans(mydomain_t, mylogfile_t, file)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="logging_send_syslog_msg" lineno="671">
<summary>
Send system log messages.
</summary>
<desc>
<p>
Allow the specified domain to connect to the
system log service (syslog), to send messages be added to
the system logs. Typically this is used by services
that do not have their own log file in /var/log.
</p>
<p>
This does not allow messages to be sent to
the auditing system.
</p>
<p>
Programs which use the libc function syslog() will
require this access.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>logging_send_audit_msgs()</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_create_devlog_dev" lineno="689">
<summary>
Connect to the syslog control unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_relabel_devlog_dev" lineno="711">
<summary>
Relabel the devlog sock_file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_read_syslog_pid" lineno="730">
<summary>
Allow domain to read the syslog pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_relabel_syslog_pid_socket" lineno="749">
<summary>
Relabel the syslog pid sock_file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_write_syslog_pid_socket" lineno="767">
<summary>
Allow domain to write the syslog pid sock_file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_stream_connect_syslog" lineno="785">
<summary>
Connect to the syslog control unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_read_audit_config" lineno="805">
<summary>
Read the auditd configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_map_audit_config" lineno="826">
<summary>
Map the auditd configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_dontaudit_search_audit_logs" lineno="845">
<summary>
dontaudit search of auditd log files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_dontaudit_search_audit_config" lineno="864">
<summary>
dontaudit search of auditd configuration files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_read_syslog_config" lineno="883">
<summary>
Read syslog configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_manage_syslog_config" lineno="902">
<summary>
Manage syslog configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_search_logs" lineno="922">
<summary>
Allows the domain to open a file in the
log directory, but does not allow the listing
of the contents of the log directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_dontaudit_search_logs" lineno="941">
<summary>
Do not audit attempts to search the var log directory.
</summary>
<param name="domain">
<summary>
Domain not to audit.
</summary>
</param>
</interface>
<interface name="logging_list_logs" lineno="959">
<summary>
List the contents of the generic log directory (/var/log).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_rw_generic_log_dirs" lineno="978">
<summary>
Read and write the generic log directory (/var/log).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_watch_generic_log_dirs" lineno="997">
<summary>
Watch the generic log directory (/var/log).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_search_all_logs" lineno="1017">
<summary>
Search through all log dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_setattr_all_log_dirs" lineno="1036">
<summary>
Set attributes on all log dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_relabel_all_log_dirs" lineno="1055">
<summary>
Relabel on all log dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_dontaudit_getattr_all_logs" lineno="1074">
<summary>
Do not audit attempts to get the attributes
of any log files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="logging_getattr_all_logs" lineno="1092">
<summary>
Read the atttributes of any log file
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="logging_append_all_logs" lineno="1110">
<summary>
Append to all log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_inherit_append_all_logs" lineno="1130">
<summary>
Append to all log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_read_all_logs" lineno="1149">
<summary>
Read all log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_exec_all_logs" lineno="1173">
<summary>
Execute all log files in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_rw_all_logs" lineno="1193">
<summary>
read/write to all log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_manage_all_logs" lineno="1213">
<summary>
Create, read, write, and delete all log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_watch_all_log_dirs_path" lineno="1235">
<summary>
Watch all directories in the path for log directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_read_generic_logs" lineno="1257">
<summary>
Read generic log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_create_generic_logs" lineno="1280">
<summary>
Create generic log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_link_generic_logs" lineno="1300">
<summary>
Link generic log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_delete_generic_logs" lineno="1319">
<summary>
Delete generic log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_mmap_generic_logs" lineno="1338">
<summary>
Map generic log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_write_generic_logs" lineno="1356">
<summary>
Write generic log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_manage_var_log_symlinks" lineno="1378">
<summary>
Create, read, write, and delete symbolic
links in the /var/log directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_write_var_log_dirs" lineno="1396">
<summary>
Allow attempts to write to /var/log
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_dontaudit_rw_inherited_generic_logs" lineno="1414">
<summary>
Dontaudit read/Write inherited generic log files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="logging_dontaudit_write_generic_logs" lineno="1432">
<summary>
Dontaudit Write generic log files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="logging_rw_generic_logs" lineno="1450">
<summary>
Read and write generic log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_manage_generic_logs" lineno="1472">
<summary>
Create, read, write, and delete
generic log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_admin_audit" lineno="1499">
<summary>
All of the rules required to administrate
the audit environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
User role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_systemctl_audit" lineno="1545">
<summary>
Execute auditd server in the auditd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="logging_systemctl_syslogd" lineno="1567">
<summary>
Execute auditd server in the auditd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="logging_admin_syslog" lineno="1597">
<summary>
All of the rules required to administrate
the syslog environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
User role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_admin" lineno="1662">
<summary>
All of the rules required to administrate
the logging environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
User role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_filetrans_named_conf" lineno="1677">
<summary>
Transition to syslog.conf
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_filetrans_named_content" lineno="1696">
<summary>
Transition to logging named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_syslogd_pid_filetrans" lineno="1746">
<summary>
Create objects in /run/systemd/journal/ directory
with an automatic type transition to
a specified private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to create.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="logging_mmap_journal" lineno="1765">
<summary>
Map files in /run/log/journal/ directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_watch_journal_dir" lineno="1783">
<summary>
Watch the /run/log/journal directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_dgram_send" lineno="1802">
<summary>
Send a message to syslogd over a unix domain
datagram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="logging_syslogd_append_public_content" dftval="false">
<desc>
<p>
Allow syslogd daemon append public content files
</p>
</desc>
</tunable>
<tunable name="logging_syslogd_can_sendmail" dftval="false">
<desc>
<p>
Allow syslogd daemon to send mail
</p>
</desc>
</tunable>
<tunable name="logging_syslogd_list_non_security_dirs" dftval="false">
<desc>
<p>
Allow syslogd daemon list non security directories
</p>
</desc>
</tunable>
<tunable name="logging_syslogd_use_tty" dftval="true">
<desc>
<p>
Allow syslogd the ability to read/write terminals
</p>
</desc>
</tunable>
<tunable name="logging_syslogd_run_nagios_plugins" dftval="false">
<desc>
<p>
Allow syslogd the ability to call nagios plugins. It is
turned on by omprog rsyslog plugin.
</p>
</desc>
</tunable>
<tunable name="logging_syslogd_run_unconfined" dftval="false">
<desc>
<p>
Allow syslog to run unconfined scripts
</p>
</desc>
</tunable>
</module>
<module name="lvm" filename="policy/modules/system/lvm.if">
<summary>Policy for logical volume management programs.</summary>
<interface name="lvm_stub" lineno="14">
<summary>
lvm stub domain interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="lvm_getattr_exec_files" lineno="30">
<summary>
Get the attribute of lvm entrypoint files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lvm_domtrans" lineno="49">
<summary>
Execute lvm programs in the lvm domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="lvm_exec" lineno="68">
<summary>
Execute lvm programs in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lvm_run" lineno="93">
<summary>
Execute lvm programs in the lvm domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to allow the LVM domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="lvm_read_config" lineno="113">
<summary>
Read LVM configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="lvm_map_config" lineno="134">
<summary>
Mmap LVM configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="lvm_read_metadata" lineno="153">
<summary>
Read LVM configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="lvm_write_metadata" lineno="175">
<summary>
Read LVM configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="lvm_manage_metadata" lineno="197">
<summary>
Manage LVM metadata files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="lvm_manage_config" lineno="218">
<summary>
Manage LVM configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="lvm_stream_connect" lineno="238">
<summary>
Connect to lvm using a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lvm_domtrans_clvmd" lineno="257">
<summary>
Execute a domain transition to run clvmd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="lvm_rw_clvmd_tmpfs_files" lineno="276">
<summary>
Read and write to lvm temporary file system.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lvm_delete_clvmd_tmpfs_files" lineno="294">
<summary>
Delete lvm temporary file system.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lvm_signull" lineno="312">
<summary>
Send lvm a null signal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lvm_sigkill" lineno="330">
<summary>
Send lvm the kill signal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lvm_signal" lineno="348">
<summary>
Send lvm a generic signal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lvm_dgram_send" lineno="367">
<summary>
Send a message to lvm over the
datagram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lvm_rw_pipes" lineno="385">
<summary>
Read and write a lvm unnamed pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lvm_dontaudit_rw_pipes" lineno="403">
<summary>
Dontaudit Read and write a lvm unnamed pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lvm_dontaudit_access_check_lock" lineno="422">
<summary>
Do not audit attempts to access check cert dirs/files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="lvm_dontaudit_rw_lock_dir" lineno="440">
<summary>
Dontaudit read and write to lvm_lock_t dir.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lvm_read_state" lineno="458">
<summary>
Read the process state (/proc/pid) of lvm.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lvm_manage_lock" lineno="477">
<summary>
Create, read, write, and delete
lvm lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lvm_dbus_send_msg" lineno="501">
<summary>
Allow dbus send for lvm dbus API (only send needed)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lvm_rw_var_run" lineno="520">
<summary>
Allow lvm hints file access
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lvm_manage_var_run" lineno="540">
<summary>
Create, read, write, and delete
lvm var run files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lvm_var_run_filetrans" lineno="559">
<summary>
Create directory cryptsetup in the /var/run
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="miscfiles" filename="policy/modules/system/miscfiles.if">
<summary>Miscelaneous files.</summary>
<interface name="miscfiles_cert_type" lineno="38">
<summary>
Make the specified type usable as a cert file.
</summary>
<desc>
<p>
Make the specified type usable for cert files.
This will also make the type usable for files, making
calls to files_type() redundant.  Failure to use this interface
for a temporary file may result in problems with
cert management tools.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>files_type()</li>
</ul>
<p>
Example:
</p>
<p>
type mycertfile_t;
cert_type(mycertfile_t)
allow mydomain_t mycertfile_t:file read_file_perms;
files_search_etc(mydomain_t)
</p>
</desc>
<param name="type">
<summary>
Type to be used for files.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="miscfiles_read_all_certs" lineno="58">
<summary>
Read all SSL certificates.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_manage_all_certs" lineno="79">
<summary>
Read all SSL certificates.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_read_generic_certs" lineno="100">
<summary>
Read generic SSL certificates.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_map_generic_certs" lineno="121">
<summary>
mmap generic SSL certificates.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_dontaudit_map_generic_certs" lineno="140">
<summary>
Do not audit attempts to mmap generic SSL certificates.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_manage_generic_cert_dirs" lineno="158">
<summary>
Manage generic SSL certificates.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_watch_generic_cert_dirs" lineno="177">
<summary>
Watch generic SSL certificate dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_relabel_generic_cert" lineno="195">
<summary>
Allow process to relabel cert_t
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_dontaudit_write_generic_cert_files" lineno="215">
<summary>
Dontaudit attempts to write generic SSL certificates.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_manage_generic_cert_files" lineno="234">
<summary>
Manage generic SSL certificates.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_read_certs" lineno="253">
<summary>
Read SSL certificates.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_manage_cert_dirs" lineno="268">
<summary>
Manage SSL certificates.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_dontaudit_access_check_cert" lineno="283">
<summary>
Do not audit attempts to access check cert dirs/files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="miscfiles_manage_cert_files" lineno="303">
<summary>
Manage SSL certificates.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_search_generic_cert_dirs" lineno="318">
<summary>
Search generic SSL certificates dirs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_read_fonts" lineno="338">
<summary>
Read fonts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_setattr_fonts_dirs" lineno="369">
<summary>
Set the attributes on a fonts directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_dontaudit_setattr_fonts_dirs" lineno="389">
<summary>
Do not audit attempts to set the attributes
on a fonts directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_dontaudit_write_fonts" lineno="408">
<summary>
Do not audit attempts to write fonts.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_watch_fonts_dirs" lineno="428">
<summary>
Watch fonts directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_manage_fonts" lineno="447">
<summary>
Create, read, write, and delete fonts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_setattr_fonts_cache_dirs" lineno="471">
<summary>
Set the attributes on a fonts cache directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_dontaudit_setattr_fonts_cache_dirs" lineno="490">
<summary>
Do not audit attempts to set the attributes
on a fonts cache directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="miscfiles_manage_fonts_cache" lineno="509">
<summary>
Create, read, write, and delete fonts cache.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_read_hwdata" lineno="531">
<summary>
Read hardware identification data.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_setattr_localization" lineno="551">
<summary>
Allow process to setattr localization info
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_read_localization" lineno="583">
<summary>
Allow process to read localization information.
</summary>
<desc>
<p>
Allow the specified domain to read the localization files.
This is typically for time zone configuration files, such as
/etc/localtime and files in /usr/share/zoneinfo.
Typically, any domain which needs to know the GMT/UTC
offset of the current timezone will need access
to these files. Generally, it should be safe for any
domain to read these files.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="miscfiles_watch_localization_dirs" lineno="612">
<summary>
Allow process to watch localization directories.
</summary>
<desc>
<p>
Allow the specified domain to watch localization directories
(e.g. /usr/share/zoneinfo/) for changes.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_watch_localization_files" lineno="636">
<summary>
Allow process to watch localization files.
</summary>
<desc>
<p>
Allow the specified domain to watch localization files
(e.g. /usr/share/zoneinfo/UTC) for changes.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_watch_localization_symlinks" lineno="660">
<summary>
Allow process to watch localization symlinks.
</summary>
<desc>
<p>
Allow the specified domain to watch localization symlinks
(e.g. /etc/localtime) for changes.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_rw_localization" lineno="678">
<summary>
Allow process to write localization info
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_relabel_localization" lineno="699">
<summary>
Allow process to relabel localization info
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_legacy_read_localization" lineno="719">
<summary>
Allow process to read legacy time localization info
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_search_man_pages" lineno="737">
<summary>
Search man pages.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_dontaudit_search_man_pages" lineno="756">
<summary>
Do not audit attempts to search man pages.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="miscfiles_read_man_pages" lineno="775">
<summary>
Read man pages
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_delete_man_pages" lineno="801">
<summary>
Delete man pages
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_setattr_man_pages" lineno="826">
<summary>
Create, read, write, and delete man pages
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_manage_man_pages" lineno="846">
<summary>
Create, read, write, and delete man pages
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_read_man_cache" lineno="867">
<summary>
Read man cache content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_manage_man_cache" lineno="889">
<summary>
Create, read, write, and delete
man cache content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_relabel_man_pages" lineno="910">
<summary>
Allow process to relabel man_pages info
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_read_public_files" lineno="936">
<summary>
Read public files used for file
transfer services.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_manage_public_files" lineno="959">
<summary>
Create, read, write, and delete public files
and directories used for file transfer services.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_append_public_files" lineno="980">
<summary>
Append to public files used for file transfer services
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_read_tetex_data" lineno="998">
<summary>
Read TeX data
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_exec_tetex_data" lineno="1022">
<summary>
Execute TeX data programs in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_domain_entry_test_files" lineno="1047">
<summary>
Let test files be an entry point for
a specified domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_read_test_files" lineno="1065">
<summary>
Read test files and directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_exec_test_files" lineno="1084">
<summary>
Execute test files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_etc_filetrans_localization" lineno="1103">
<summary>
Execute test files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_manage_localization" lineno="1126">
<summary>
Create, read, write, and delete localization
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_filetrans_locale_named_content" lineno="1146">
<summary>
Transition to miscfiles locale named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_filetrans_named_content" lineno="1171">
<summary>
Transition to miscfiles named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_filetrans_named_content_letsencrypt" lineno="1207">
<summary>
Transition to miscfiles named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_read_pkcs11_modules" lineno="1226">
<summary>
Read all pkcs11 modules configurations.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="modutils" filename="policy/modules/system/modutils.if">
<summary>Policy for kernel module utilities</summary>
<interface name="modutils_getattr_module_deps" lineno="13">
<summary>
Getattr the dependencies of kernel modules.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modutils_read_module_deps_files" lineno="30">
<summary>
Read the dependencies of kernel modules.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modutils_read_module_deps" lineno="48">
<summary>
Read the dependencies of kernel modules.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modutils_delete_module_deps" lineno="68">
<summary>
Read the dependencies of kernel modules.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modutils_list_module_config" lineno="88">
<summary>
list the configuration options used when
loading modules.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="modutils_read_module_config" lineno="108">
<summary>
Read the configuration options used when
loading modules.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="modutils_rename_module_config" lineno="134">
<summary>
Rename a file with the configuration options used when
loading modules.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modutils_delete_module_config" lineno="153">
<summary>
Unlink a file with the configuration options used when
loading modules.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modutils_manage_module_config" lineno="172">
<summary>
Manage files with the configuration options used when
loading modules.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modutils_domtrans_kmod" lineno="190">
<summary>
Execute insmod in the kmod domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="modutils_domtrans_insmod_uncond" lineno="213">
<summary>
Unconditionally execute insmod in the insmod domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="modutils_domtrans_insmod" lineno="227">
<summary>
Execute insmod in the insmod domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="modutils_domtrans_depmod" lineno="241">
<summary>
Execute depmod in the depmod domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="modutils_domtrans_update_mods" lineno="255">
<summary>
Execute depmod in the depmod domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="modutils_signal_kmod" lineno="269">
<summary>
Allow send signal to insmod.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="modutils_signal_insmod" lineno="287">
<summary>
Allow send signal to insmod.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="modutils_run_kmod" lineno="310">
<summary>
Execute insmod in the insmod domain, and
allow the specified role the insmod domain,
and use the caller's terminal.  Has a sigchld
backchannel.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="modutils_run_insmod" lineno="338">
<summary>
Execute insmod in the insmod domain, and
allow the specified role the insmod domain,
and use the caller's terminal.  Has a sigchld
backchannel.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="modutils_run_depmod" lineno="358">
<summary>
Execute depmod in the depmod domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="modutils_run_update_mods" lineno="378">
<summary>
Execute update_modules in the update_modules domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="modutils_exec_kmod" lineno="392">
<summary>
Execute insmod in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modutils_exec_insmod" lineno="411">
<summary>
Execute insmod in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modutils_exec_depmod" lineno="425">
<summary>
Execute depmod in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modutils_exec_update_mods" lineno="439">
<summary>
Execute update_modules in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modutils_dontaudit_exec_kmod" lineno="453">
<summary>
Don't audit execute insmod in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modutils_dontaudit_exec_insmod" lineno="471">
<summary>
Don't audit execute insmod in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modules_filetrans_named_content" lineno="485">
<summary>
Transition to modutils named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="mount" filename="policy/modules/system/mount.if">
<summary>Policy for mount.</summary>
<interface name="mount_domtrans" lineno="13">
<summary>
Execute mount in the mount domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mount_run" lineno="46">
<summary>
Execute mount in the mount domain, and
allow the specified role the mount domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mount_run_fusermount" lineno="74">
<summary>
Execute fusermount in the mount domain, and
allow the specified role the mount domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the mount domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mount_read_pid_files" lineno="95">
<summary>
Read mount PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mount_rw_pid_files" lineno="115">
<summary>
Read/write mount PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mount_dontaudit_write_mount_pid" lineno="134">
<summary>
Do not audit attemps to write mount PID files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="mount_manage_pid_files" lineno="152">
<summary>
Manage mount PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mount_watch_pid_dirs" lineno="171">
<summary>
Watch mount PID directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mount_watch_reads_pid_dirs" lineno="190">
<summary>
Watch_reads mount PID directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mount_watch_pid_files" lineno="210">
<summary>
Watch mount PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mount_watch_reads_pid_files" lineno="229">
<summary>
Watch_reads mount PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mount_exec" lineno="248">
<summary>
Execute mount in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mount_signal" lineno="270">
<summary>
Send a generic signal to mount.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mount_sigkill" lineno="288">
<summary>
Send a generic sigkill to mount.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mount_use_fds" lineno="306">
<summary>
Use file descriptors for mount.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mount_send_nfs_client_request" lineno="336">
<summary>
Allow the mount domain to send nfs requests for mounting
network drives
</summary>
<desc>
<p>
Allow the mount domain to send nfs requests for mounting
network drives
</p>
<p>
This interface has been deprecated as these rules were
a side effect of leaked mount file descriptors.  This
interface has no effect.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mount_list_tmp" lineno="350">
<summary>
Read the mount tmp directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mount_domtrans_fusermount" lineno="368">
<summary>
Execute fusermount in the mount domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mount_exec_fusermount" lineno="390">
<summary>
Execute fusermount.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mount_dontaudit_exec_fusermount" lineno="408">
<summary>
dontaudit Execute fusermount.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="mount_domtrans_showmount" lineno="426">
<summary>
Execute a domain transition to run showmount.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mount_run_showmount" lineno="450">
<summary>
Execute showmount in the showmount domain, and
allow the specified role the showmount domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the showmount domain.
</summary>
</param>
</interface>
<interface name="mount_domtrans_ecryptmount" lineno="469">
<summary>
Transition to ecryptmount.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mount_run_ecryptmount" lineno="494">
<summary>
Execute ecryptmount in the ecryptmount domain, and
allow the specified role the ecryptmount domain,
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="mount_domtrans_unconfined" lineno="513">
<summary>
Execute mount in the unconfined mount domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mount_run_unconfined" lineno="539">
<summary>
Execute mount in the unconfined mount domain, and
allow the specified role the unconfined mount domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mount_entry_type" lineno="559">
<summary>
Allow mount programs to be an entrypoint for
the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which mount programs is an entrypoint.
</summary>
</param>
</interface>
</module>
<module name="netlabel" filename="policy/modules/system/netlabel.if">
<summary>NetLabel/CIPSO labeled networking management</summary>
<interface name="netlabel_domtrans_mgmt" lineno="13">
<summary>
Execute netlabel_mgmt in the netlabel_mgmt domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="netlabel_run_mgmt" lineno="39">
<summary>
Execute netlabel_mgmt in the netlabel_mgmt domain, and
allow the specified role the netlabel_mgmt domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="selinuxutil" filename="policy/modules/system/selinuxutil.if">
<summary>Policy for SELinux policy and userland applications.</summary>
<interface name="seutil_domtrans_checkpolicy" lineno="13">
<summary>
Execute checkpolicy in the checkpolicy domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="seutil_run_checkpolicy" lineno="41">
<summary>
Execute checkpolicy in the checkpolicy domain, and
allow the specified role the checkpolicy domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_exec_checkpolicy" lineno="61">
<summary>
Execute checkpolicy in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_domtrans_loadpolicy" lineno="81">
<summary>
Execute load_policy in the load_policy domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="seutil_run_loadpolicy" lineno="108">
<summary>
Execute load_policy in the load_policy domain, and
allow the specified role the load_policy domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_exec_loadpolicy" lineno="127">
<summary>
Execute load_policy in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_access_check_load_policy" lineno="146">
<summary>
Allow access check on load_policy.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_dontaudit_access_check_load_policy" lineno="164">
<summary>
Dontaudit access check on load_policy.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_read_loadpolicy" lineno="182">
<summary>
Read the load_policy program file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_domtrans_newrole" lineno="201">
<summary>
Execute newrole in the newole domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="seutil_run_newrole" lineno="229">
<summary>
Execute newrole in the newrole domain, and
allow the specified role the newrole domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_exec_newrole" lineno="259">
<summary>
Execute newrole in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_dontaudit_signal_newrole" lineno="280">
<summary>
Do not audit the caller attempts to send
a signal to newrole.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="seutil_sigchld_newrole" lineno="308">
<summary>
Send a SIGCHLD signal to newrole.
</summary>
<desc>
<p>
Allow the specified domain to send a SIGCHLD
signal to newrole.  This signal is automatically
sent from a process that is terminating to
its parent.  This may be needed by domains
that are executed from newrole.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="1"/>
</interface>
<interface name="seutil_use_newrole_fds" lineno="326">
<summary>
Inherit and use newrole file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_dontaudit_use_newrole_fds" lineno="345">
<summary>
Do not audit attempts to inherit and use
newrole file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="seutil_domtrans_restorecon" lineno="363">
<summary>
Execute restorecon in the restorecon domain.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="seutil_run_restorecon" lineno="386">
<summary>
Execute restorecon in the restorecon domain, and
allow the specified role the restorecon domain,
and use the caller's terminal.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_exec_restorecon" lineno="402">
<summary>
Execute restorecon in the caller domain.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_exec_restorecond" lineno="418">
<summary>
Execute restorecond in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_domtrans_runinit" lineno="438">
<summary>
Execute run_init in the run_init domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="seutil_init_script_domtrans_runinit" lineno="464">
<summary>
Execute init scripts in the run_init domain.
</summary>
<desc>
<p>
Execute init scripts in the run_init domain.
This is used for the Gentoo integrated run_init.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="seutil_run_runinit" lineno="494">
<summary>
Execute run_init in the run_init domain, and
allow the specified role the run_init domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_init_script_run_runinit" lineno="539">
<summary>
Execute init scripts in the run_init domain, and
allow the specified role the run_init domain,
and use the caller's terminal.
</summary>
<desc>
<p>
Execute init scripts in the run_init domain, and
allow the specified role the run_init domain,
and use the caller's terminal.
</p>
<p>
This is used for the Gentoo integrated run_init.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="seutil_use_runinit_fds" lineno="566">
<summary>
Inherit and use run_init file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_domtrans_setfiles" lineno="584">
<summary>
Execute setfiles in the setfiles domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="seutil_run_setfiles" lineno="612">
<summary>
Execute setfiles in the setfiles domain, and
allow the specified role the setfiles domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_domtrans_setfiles_mac" lineno="631">
<summary>
Execute setfiles in the setfiles domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_nnp_domtrans_setfiles_mac" lineno="651">
<summary>
Allow caller nnp_transition and nosuid_transition to setfiles_mac_t
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_run_setfiles_mac" lineno="677">
<summary>
Execute setfiles in the setfiles_mac domain, and
allow the specified role the setfiles_mac domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the setfiles_mac domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_exec_setfiles" lineno="696">
<summary>
Execute setfiles in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_access_check_setfiles" lineno="716">
<summary>
Allow access check on setfiles.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_dontaudit_access_check_setfiles" lineno="734">
<summary>
Dontaudit access check on setfiles.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_dontaudit_search_config" lineno="753">
<summary>
Do not audit attempts to search the SELinux
configuration directory (/etc/selinux).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="seutil_search_config" lineno="772">
<summary>
Allow attempts to search the SELinux
configuration directory (/etc/selinux).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_dontaudit_read_config" lineno="791">
<summary>
Do not audit attempts to read the SELinux
userland configuration (/etc/selinux).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="seutil_read_config" lineno="811">
<summary>
Read the general SELinux configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_watch_config" lineno="832">
<summary>
Watch the general SELinux configuration files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_rw_config" lineno="852">
<summary>
Read and write the general SELinux configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_manage_selinux_config" lineno="884">
<summary>
Create, read, write, and delete
the general selinux configuration files.  (Deprecated)
</summary>
<desc>
<p>
Create, read, write, and delete
the general selinux configuration files.
</p>
<p>
This interface has been deprecated, please
use the seutil_manage_config() interface instead.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_manage_config" lineno="901">
<summary>
Create, read, write, and delete
the general selinux configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_manage_config_dirs" lineno="924">
<summary>
Create, read, write, and delete
the general selinux configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_dontaudit_search_login_config" lineno="944">
<summary>
Do not audit attempts to search the SELinux
login configuration directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="seutil_dontaudit_read_login_config" lineno="963">
<summary>
Do not audit attempts to read the SELinux
login configuration.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="seutil_read_login_config" lineno="981">
<summary>
Read the  SELinux login configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_rw_login_config" lineno="1004">
<summary>
Read and write the SELinux login configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_rw_login_config_dirs" lineno="1027">
<summary>
Create, read, write, and delete
the general selinux configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_manage_login_config" lineno="1049">
<summary>
Create, read, write, and delete
the general selinux configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_manage_login_config_files" lineno="1072">
<summary>
manage the login selinux configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_search_default_contexts" lineno="1094">
<summary>
Search the policy directory with default_context files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_read_default_contexts" lineno="1114">
<summary>
Read the default_contexts files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_rw_default_contexts" lineno="1136">
<summary>
Read and write the default_contexts files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_manage_default_contexts" lineno="1158">
<summary>
Create, read, write, and delete the default_contexts files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_read_file_contexts" lineno="1179">
<summary>
Read the file_contexts files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_dontaudit_read_file_contexts" lineno="1203">
<summary>
Do not audit attempts to read the file_contexts files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_rw_file_contexts" lineno="1223">
<summary>
Read and write the file_contexts files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_manage_file_contexts" lineno="1245">
<summary>
Create, read, write, and delete the file_contexts files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_read_bin_policy" lineno="1267">
<summary>
Read the SELinux binary policy.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_create_bin_policy" lineno="1288">
<summary>
Create the SELinux binary policy.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_relabelto_bin_policy" lineno="1311">
<summary>
Allow the caller to relabel a file to the binary policy type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_manage_bin_policy" lineno="1332">
<summary>
Create, read, write, and delete the SELinux
binary policy.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_read_src_policy" lineno="1354">
<summary>
Read SELinux policy source files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_manage_src_policy" lineno="1376">
<summary>
Create, read, write, and delete SELinux
policy source files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_domtrans_semanage" lineno="1397">
<summary>
Execute a domain transition to run semanage.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="seutil_domtrans_setsebool" lineno="1417">
<summary>
Execute a domain transition to run setsebool.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="seutil_run_semanage" lineno="1445">
<summary>
Execute semanage in the semanage domain, and
allow the specified role the semanage domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_run_setsebool" lineno="1479">
<summary>
Execute setsebool in the semanage domain, and
allow the specified role the semanage domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the setsebool domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_access_check_module_store" lineno="1499">
<summary>
List of the semanage
module store.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_read_module_store" lineno="1519">
<summary>
Full management of the semanage
module store.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_dontaudit_read_module_store" lineno="1541">
<summary>
Dontaudit read selinux module store
module store.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_dontaudit_access_check_semanage_module_store" lineno="1560">
<summary>
Dontaudit access check on module store
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_manage_module_store" lineno="1579">
<summary>
Full management of the semanage
module store.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_get_semanage_read_lock" lineno="1606">
<summary>
Get read lock on module store
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_dontaudit_access_check_semanage_read_lock" lineno="1625">
<summary>
Dontaudit access check on module store
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_get_semanage_trans_lock" lineno="1643">
<summary>
Get trans lock on module store
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_libselinux_linked" lineno="1671">
<summary>
SELinux-enabled program access for
libselinux-linked programs.
</summary>
<desc>
<p>
SELinux-enabled programs are typically
linked to the libselinux library.  This
interface will allow access required for
the libselinux constructor to function.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_dontaudit_libselinux_linked" lineno="1701">
<summary>
Do not audit SELinux-enabled program access for
libselinux-linked programs.
</summary>
<desc>
<p>
SELinux-enabled programs are typically
linked to the libselinux library.  This
interface will dontaudit access required for
the libselinux constructor to function.
</p>
<p>
Generally this should not be used on anything
but simple SELinux-enabled programs that do not
rely on data initialized by the libselinux
constructor.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="seutil_semanage_policy" lineno="1716">
<summary>
All rules necessary to run semanage command
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_setfiles" lineno="1749">
<summary>
All rules necessary to run setfiles command
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_filetrans_named_content" lineno="1782">
<summary>
File name transition for selinux utility content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_dbus_chat_semanage" lineno="1812">
<summary>
Send and receive messages from
semanage dbus server over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="setrans" filename="policy/modules/system/setrans.if">
<summary>SELinux MLS/MCS label translation service.</summary>
<interface name="setrans_initrc_domtrans" lineno="14">
<summary>
Execute setrans server in the setrans domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="setrans_translate_context" lineno="32">
<summary>
Allow a domain to translate contexts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="setrans_manage_pid_files" lineno="53">
<summary>
Allow a domain to manage pid files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="sysnetwork" filename="policy/modules/system/sysnetwork.if">
<summary>Policy for network configuration: ifconfig and dhcp client.</summary>
<interface name="sysnet_domtrans_dhcpc" lineno="13">
<summary>
Execute dhcp client in dhcpc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sysnet_run_dhcpc" lineno="40">
<summary>
Execute DHCP clients in the dhcpc domain, and
allow the specified role the dhcpc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sysnet_dontaudit_rw_dhcpc_udp_sockets" lineno="79">
<summary>
Do not audit attempts to read and
write dhcpc udp socket descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="sysnet_dontaudit_use_dhcpc_fds" lineno="98">
<summary>
Do not audit attempts to use
the dhcp file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="sysnet_dontaudit_rw_dhcpc_unix_stream_sockets" lineno="117">
<summary>
Do not audit attempts to read/write to the
dhcp unix stream socket descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="sysnet_sigchld_dhcpc" lineno="135">
<summary>
Send a SIGCHLD signal to the dhcp client.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_kill_dhcpc" lineno="154">
<summary>
Send a kill signal to the dhcp client.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sysnet_sigstop_dhcpc" lineno="172">
<summary>
Send a SIGSTOP signal to the dhcp client.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_signull_dhcpc" lineno="190">
<summary>
Send a null signal to the dhcp client.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_signal_dhcpc" lineno="209">
<summary>
Send a generic signal to the dhcp client.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sysnet_dbus_chat_dhcpc" lineno="228">
<summary>
Send and receive messages from
dhcpc over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_rw_dhcp_config" lineno="248">
<summary>
Read and write dhcp configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_search_dhcpc_state" lineno="268">
<summary>
Search the DHCP client state
directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_read_dhcpc_state" lineno="287">
<summary>
Read dhcp client state files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_delete_dhcpc_state" lineno="306">
<summary>
Delete the dhcp client state files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_relabelfrom_dhcpc_state" lineno="324">
<summary>
Allow caller to relabel dhcpc_state files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_manage_dhcpc_state" lineno="343">
<summary>
Manage the dhcp client state files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_setattr_config" lineno="361">
<summary>
Set the attributes of network config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_relabelfrom_net_conf" lineno="380">
<summary>
Allow caller to relabel net_conf files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_relabelto_net_conf" lineno="399">
<summary>
Allow caller to relabel net_conf files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_read_config" lineno="439">
<summary>
Read network config files.
</summary>
<desc>
<p>
Allow the specified domain to read the
general network configuration files.  A
common example of this is the
/etc/resolv.conf file, which has domain
name system (DNS) server IP addresses.
Typically, most networking processes will
require	the access provided by this interface.
</p>
<p>
Higher-level interfaces which involve
networking will generally call this interface,
for example:
</p>
<ul>
<li>sysnet_dns_name_resolve()</li>
<li>sysnet_use_ldap()</li>
<li>sysnet_use_portmap()</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_dontaudit_read_config" lineno="470">
<summary>
Do not audit attempts to read network config files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="sysnet_write_config" lineno="489">
<summary>
Write network config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_create_config" lineno="508">
<summary>
Create network config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_watch_config" lineno="528">
<summary>
Watch network config files and lnk_files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_etc_filetrans_config" lineno="554">
<summary>
Create files in /etc with the type used for
the network config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="sysnet_filetrans_config_fromdir" lineno="590">
<summary>
Transition content to the type used for
the network config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the directory to which the object will be created.
</summary>
</param>
<param name="object_class">
<summary>
The object class.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="sysnet_manage_config" lineno="608">
<summary>
Create, read, write, and delete network config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_manage_config_dirs" lineno="628">
<summary>
Create, read, write, and delete network config dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_manage_config_pipes" lineno="648">
<summary>
Create, read, write and delete
network config pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_read_dhcpc_pid" lineno="666">
<summary>
Read the dhcp client pid file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_delete_dhcpc_pid" lineno="685">
<summary>
Delete the dhcp client pid file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_manage_dhcpc_pid" lineno="704">
<summary>
Manage the dhcp client pid file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_filetrans_dhcpc_pid" lineno="729">
<summary>
Create specified objects in generic
pid directories with the dhcpc pid file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="sysnet_domtrans_ifconfig" lineno="747">
<summary>
Execute ifconfig in the ifconfig domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sysnet_nnp_domtrans_ifconfig" lineno="766">
<summary>
NNP Transition to ifconfig_t.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sysnet_run_ifconfig" lineno="792">
<summary>
Execute ifconfig in the ifconfig domain, and
allow the specified role the ifconfig domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sysnet_exec_ifconfig" lineno="812">
<summary>
Execute ifconfig in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_signal_ifconfig" lineno="832">
<summary>
Send a generic signal to ifconfig.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sysnet_signull_ifconfig" lineno="851">
<summary>
Send null signals to ifconfig.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sysnet_kill_ifconfig" lineno="870">
<summary>
Send a kill signal to iconfig.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sysnet_read_dhcp_config" lineno="888">
<summary>
Read the DHCP configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_search_dhcp_state" lineno="910">
<summary>
Search the DHCP state data directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_setattr_dhcp_state" lineno="929">
<summary>
Set the attributes of network config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_dhcp_state_filetrans" lineno="974">
<summary>
Create DHCP state data.
</summary>
<desc>
<p>
Create DHCP state data.
</p>
<p>
This is added for DHCP server, as
the server and client put their state
files in the same directory.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file_type">
<summary>
The type of the object to be created
</summary>
</param>
<param name="object_class">
<summary>
The object class.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="sysnet_dns_name_resolve" lineno="994">
<summary>
Perform a DNS name resolution.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sysnet_use_ldap" lineno="1043">
<summary>
Connect and use a LDAP server.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_use_portmap" lineno="1078">
<summary>
Connect and use remote port mappers.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_dontaudit_dhcpc_use_fds" lineno="1110">
<summary>
Do not audit attempts to use
the dhcp file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="sysnet_role_transition_dhcpc" lineno="1137">
<summary>
Transition to system_r when execute an dhclient script
</summary>
<desc>
<p>
Execute dhclient script in a specified role
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="source_role">
<summary>
Role to transition from.
</summary>
</param>
</interface>
<interface name="sysnet_filetrans_systemd_resolved" lineno="1156">
<summary>
Set up filename transitions for systemd-resolved network
configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_filetrans_named_content" lineno="1179">
<summary>
Transition to sysnet named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_manage_ifconfig_run" lineno="1218">
<summary>
Transition to sysnet ifconfig named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_watch_ifconfig_run_dirs" lineno="1238">
<summary>
Watch ifconfig_var_run_t directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_read_ifconfig_run_files" lineno="1256">
<summary>
Read ifconfig_var_run_t files and link files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_filetrans_named_content_ifconfig" lineno="1276">
<summary>
Transition to sysnet ifconfig named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_filetrans_net_conf" lineno="1294">
<summary>
Transition to sysnet ifconfig named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_filetrans_cloud_net_conf" lineno="1312">
<summary>
Transition to cloud-init  named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="dhcpc_exec_iptables" dftval="false">
<desc>
<p>
Allow dhcpc client applications to execute iptables commands
</p>
</desc>
</tunable>
</module>
<module name="systemd" filename="policy/modules/system/systemd.if">
<summary>SELinux policy for systemd components</summary>
<template name="systemd_domain_template" lineno="14">
<summary>
Creates types and rules for a basic
systemd domains.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="systemd_stub_unit_file" lineno="41">
<summary>
Create a domain for processes which are started
exuting systemctl.
</summary>
<param name="domain_prefix">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_systemctl_domain" lineno="58">
<summary>
Create a domain for processes which are started
exuting systemctl.
</summary>
<param name="domain_prefix">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_exec_systemctl" lineno="84">
<summary>
Execute systemctl in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_systemctl_entrypoint" lineno="122">
<summary>
Allow systemd_systemctl_exec_t to be an entrypoint
of the specified domain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="systemd_domtrans_systemctl" lineno="144">
<summary>
Execute systemctl in the specified domain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="target_domain">
<summary>
Domain to transition to.
</summary>
</param>
</interface>
<interface name="systemd_unit_file" lineno="162">
<summary>
Create a file type used for systemd unit files.
</summary>
<param name="script_file">
<summary>
Type to be used for an unit file.
</summary>
</param>
</interface>
<interface name="systemd_search_unit_dirs" lineno="181">
<summary>
Allow domain to search systemd unit dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_list_unit_dirs" lineno="200">
<summary>
Allow domain to list systemd unit dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_create_unit_dirs" lineno="219">
<summary>
Allow domain to list systemd unit dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_getattr_unit_files" lineno="238">
<summary>
Allow domain to getattr all systemd unit files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_getattr_unit_dirs" lineno="257">
<summary>
Allow domain to getattr all systemd unit directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_read_unit_files" lineno="275">
<summary>
Allow domain to read all systemd unit files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_dontaudit_read_unit_files" lineno="296">
<summary>
Dontaudit domain to read all systemd unit files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="systemd_login_read_pid_files" lineno="315">
<summary>
Read systemd_login PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_resolved_read_pid" lineno="334">
<summary>
Read systemd_resolved PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_resolved_write_pid_sock_files" lineno="355">
<summary>
Write to systemd_resolved PID socket files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_resolved_watch_pid_dirs" lineno="374">
<summary>
Watch systemd_resolved PID directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_resolved_pid_filetrans" lineno="409">
<summary>
Create objects in /var/run/systemd/resolve with a private
type using a type_transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file_type">
<summary>
Private file type.
</summary>
</param>
<param name="class">
<summary>
Object classes to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="systemd_login_manage_pid_files" lineno="427">
<summary>
Read systemd_login PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_login_filetrans_pid_files" lineno="447">
<summary>
Read systemd_login PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_login_list_pid_dirs" lineno="465">
<summary>
Read systemd_login PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_login_watch_pid_dirs" lineno="484">
<summary>
Watch systemd_login PID directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_login_watch_session_dirs" lineno="503">
<summary>
Watch systemd_login session directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_login_mounton_pid_dirs" lineno="522">
<summary>
Mounton systemd_login PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_use_fds_logind" lineno="541">
<summary>
Use and and inherited systemd
logind file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_logind_read_state" lineno="559">
<summary>
Read the process state (/proc/pid) of systemd_logind_t.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_read_logind_sessions_files" lineno="579">
<summary>
Read logind sessions files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_mounton_inherited_logind_sessions_dirs" lineno="599">
<summary>
Mounton inherited logind sessions pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_write_inherited_logind_sessions_pipes" lineno="617">
<summary>
Write inherited logind sessions pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_dontaudit_write_inherited_logind_sessions_pipes" lineno="637">
<summary>
Dontaudit attempts to write inherited logind sessions pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="systemd_write_inhibit_pipes" lineno="655">
<summary>
Write systemd inhibit pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_mounton_inhibit_dir" lineno="674">
<summary>
Allow process to mount directory with inhibit pipes
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="systemd_dbus_chat_logind" lineno="693">
<summary>
Send and receive messages from
systemd logind over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_domtrans_sysctl" lineno="716">
<summary>
Execute a domain transition to run systemd-sysctl.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_exec_sysctl" lineno="734">
<summary>
Allow a domain to execute systemd-sysctl in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_tmpfiles_exec" lineno="753">
<summary>
Allow a domain to execute systemd-tmpfiles in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_tmpfiles_domtrans" lineno="772">
<summary>
Execute a domain transition to run systemd-tmpfiles.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_tmpfiles_nnp_domtrans" lineno="790">
<summary>
Allow caller nnp_transition to systemd_tmpfiles_t
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_localed_domtrans" lineno="808">
<summary>
Execute a domain transition to run systemd-localed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_passwd_agent_domtrans" lineno="826">
<summary>
Execute a domain transition to run systemd-tty-ask-password-agent.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_passwd_agent_exec" lineno="844">
<summary>
Execute systemd-tty-ask-password-agent in the caller domain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_rfkill_domtrans" lineno="863">
<summary>
Execute a domain transition to run systemd_rfkill.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_rfkill_mounton_var_lib" lineno="881">
<summary>
Mounton rfkill lib  directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_rfkill_setattr_lib" lineno="899">
<summary>
Read systemd-rfkill lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_rfkill_read_lib_dirs" lineno="918">
<summary>
read systemd rfkill dir
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_rfkill_manage_lib_dirs" lineno="936">
<summary>
manage systemd rfkill dir
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_timedated_mounton_var_lib" lineno="954">
<summary>
Mounton systemd timesync directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_timedated_status" lineno="972">
<summary>
Get timedated service status
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="systemd_timedated_manage_lib_dirs" lineno="990">
<summary>
manage systemd timesync dir
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_exec_notify" lineno="1009">
<summary>
Execute systemd-notify in the caller domain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_notify_domtrans" lineno="1027">
<summary>
Execute a domain transition to run systemd_notify.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_passwd_agent_run" lineno="1051">
<summary>
Execute systemd-tty-ask-password-agent in the systemd_passwd_agent domain, and
allow the specified role the systemd_passwd_agent domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the systemd_passwd_agent domain.
</summary>
</param>
</interface>
<interface name="systemd_tmpfiles_run" lineno="1076">
<summary>
Execute systemd-tmpfiles in the systemd_tmpfiles_t domain, and
allow the specified role the systemd_tmpfiles domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the systemd_tmpfiles domain.
</summary>
</param>
</interface>
<interface name="systemd_passwd_agent_role" lineno="1100">
<summary>
Role access for systemd_passwd_agent
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="systemd_signal_passwd_agent" lineno="1123">
<summary>
Send generic signals to systemd_passwd_agent processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_read_fifo_file_passwd_run" lineno="1141">
<summary>
Allow to domain to read systemd-passwd pipe
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_relabelto_fifo_file_passwd_run" lineno="1160">
<summary>
Relabel to user home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_passwd_watch_pid_dirs" lineno="1178">
<summary>
Watch systemd-passwd pid dirs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_relabel_unit_dirs" lineno="1196">
<summary>
Relabel systemd unit directories
</summary>
<param name="script_file">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_relabel_unit_files" lineno="1214">
<summary>
Relabel systemd unit files
</summary>
<param name="script_file">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_relabel_unit_symlinks" lineno="1232">
<summary>
Relabel systemd unit link files
</summary>
<param name="script_file">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_manage_passwd_run" lineno="1250">
<summary>
Send generic signals to systemd_passwd_agent processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_passwd_agent_dev_template" lineno="1277">
<summary>
Template for temporary sockets and files in /dev/.systemd/ask-password
which are used by systemd-passwd-agent
</summary>
<param name="userdomain_prefix">
<summary>
The prefix of the domain (e.g., user
is the prefix for user_t).
</summary>
</param>
</interface>
<interface name="systemd_logger_stream_connect" lineno="1308">
<summary>
Allow the specified domain to connect to
systemd_logger with a unix socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_manage_unit_dirs" lineno="1326">
<summary>
manage systemd unit dirs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_manage_unit_symlinks" lineno="1344">
<summary>
manage systemd unit link files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_manage_all_unit_files" lineno="1362">
<summary>
manage all systemd unit files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_manage_all_unit_lnk_files" lineno="1381">
<summary>
manage all systemd unit lnk_files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_start_all_services" lineno="1399">
<summary>
Allow the specified domain to start all systemd services.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_reload_all_services" lineno="1417">
<summary>
Allow the specified domain to reload all systemd services.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_config_all_services" lineno="1436">
<summary>
Allow the specified domain to modify the systemd configuration of
all systemd services
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_start_systemd_services" lineno="1455">
<summary>
Allow the specified domain to start systemd services.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_stop_systemd_services" lineno="1473">
<summary>
Allow the specified domain to stop systemd services.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_status_systemd_services" lineno="1491">
<summary>
Allow the specified domain to status systemd services.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_reload_systemd_services" lineno="1509">
<summary>
Allow the specified domain to reload all systemd services.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_config_systemd_services" lineno="1528">
<summary>
Allow the specified domain to modify the systemd configuration of
all systemd services
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_manage_random_seed" lineno="1547">
<summary>
manage all systemd random seed file
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_hostnamed_read_config" lineno="1567">
<summary>
Allow process to read hostname config file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="systemd_hostnamed_manage_config" lineno="1587">
<summary>
Allow process to manage hostname config file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="systemd_hostnamed_delete_config" lineno="1607">
<summary>
Allow process to delete hostname config file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_unit_file_filetrans" lineno="1643">
<summary>
Create objects in /run/systemd/generator directory
with an automatic type transition to
a specified private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to create.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="systemd_getattr_generic_unit_files" lineno="1662">
<summary>
Get attributes of generic systemd unit files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_create_unit_file_dirs" lineno="1680">
<summary>
Create a directory in the /usr/lib/systemd/system directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_create_unit_file_lnk" lineno="1698">
<summary>
Create a link in the /usr/lib/systemd/system directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_filetrans_named_content" lineno="1716">
<summary>
Transition to systemd named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_read_home_content" lineno="1745">
<summary>
read systemd homedir content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_manage_home_content" lineno="1767">
<summary>
Manage systemd homedir content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_filetrans_home_content" lineno="1792">
<summary>
Transition to systemd named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_filetrans_named_hostname" lineno="1812">
<summary>
Transition to systemd named content for /etc/hostname
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_login_status" lineno="1831">
<summary>
Get the system status information from systemd_login
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_login_signull" lineno="1849">
<summary>
Send systemd_login a null signal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_hostnamed_signull" lineno="1867">
<summary>
Send systemd_hostnamed a null signal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_login_reboot" lineno="1885">
<summary>
Tell systemd_login to reboot the system.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_login_halt" lineno="1903">
<summary>
Tell systemd_login to halt the system.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_login_undefined" lineno="1921">
<summary>
Tell systemd_login to do an unknown access.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_config_generic_services" lineno="1939">
<summary>
Configure generic unit files domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="systemd_config_power_services" lineno="1959">
<summary>
Configure power unit files domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="systemd_start_power_services" lineno="1979">
<summary>
Start power unit files domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="systemd_status_power_services" lineno="1998">
<summary>
Status power unit files domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="systemd_start_all_unit_files" lineno="2017">
<summary>
Start power unit files domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="systemd_status_all_unit_files" lineno="2036">
<summary>
Start power unit files domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="systemd_dbus_chat_timedated" lineno="2056">
<summary>
Send and receive messages from
systemd timedated over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_dbus_chat_hostnamed" lineno="2078">
<summary>
Send and receive messages from
systemd hostnamed over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_dbus_chat_localed" lineno="2100">
<summary>
Send and receive messages from
systemd localed over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_dontaudit_dbus_chat" lineno="2121">
<summary>
Dontaudit attempts to send dbus domains chat messages
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="systemd_machined_read_pid_files" lineno="2140">
<summary>
Read systemd-machined PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_machined_manage_pid_files" lineno="2160">
<summary>
Manage systemd-machined PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_machined_list_pid_dirs" lineno="2180">
<summary>
List systemd-machined PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_machined_watch_pid_dirs" lineno="2199">
<summary>
Watch systemd-machined PID directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_machined_search_lib" lineno="2220">
<summary>
Search systemd-machined lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_machined_read_lib_files" lineno="2239">
<summary>
Read systemd-machined lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_machined_manage_lib_files" lineno="2258">
<summary>
Manage systemd-machined lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_machined_rw_devpts_chr_files" lineno="2278">
<summary>
Read and write systemd-machined devpts character nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_machined_stream_connect" lineno="2297">
<summary>
Allow the specified domain to connect to
systemd_machined with a unix socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_dbus_chat_machined" lineno="2316">
<summary>
Send and receive messages from
systemd machined over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_coredump_domtrans" lineno="2337">
<summary>
Execute a domain transition to run systemd-coredump.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_map_coredump_tmpfs_files" lineno="2355">
<summary>
Mmap to systemd-coredump temporary file system.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_rw_coredump_tmpfs_files" lineno="2373">
<summary>
Read and write to systemd-coredump temporary file system.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_map_bootchart_tmpfs_files" lineno="2391">
<summary>
Mmap to systemd-bootchart temporary file system.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_rw_bootchart_tmpfs_files" lineno="2409">
<summary>
Read and write to systemd-bootchart temporary file system.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_hwdb_read_config" lineno="2428">
<summary>
Allow process to read hwdb config file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="systemd_hwdb_mmap_config" lineno="2448">
<summary>
Allow process to mmap hwdb config file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="systemd_hwdb_manage_config" lineno="2467">
<summary>
Allow process to manage hwdb config file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="systemd_allow_mount_dir" lineno="2491">
<summary>
Allow process to mount directory configured in a
systemd unit as ReadWriteDirectory or ReadOnlyDirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="systemd_allow_create_mount_dir" lineno="2511">
<summary>
Allow process to create directory configured in a
systemd unit as ReadWriteDirectory or ReadOnlyDirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="systemd_mount_dir" lineno="2530">
<summary>
Mark the following type as mountable by systemd.
</summary>
<param name="type">
<summary>
Type to be authorized to be mounted
</summary>
</param>
<rolecap/>
</interface>
<interface name="systemd_map_networkd_exec_files" lineno="2549">
<summary>
Mmap systemd_networkd_exec_t files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_networkd_watch_pid_dirs" lineno="2567">
<summary>
Watch systemd_networkd PID directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_map_resolved_exec_files" lineno="2586">
<summary>
Mmap systemd_resolved_exec_t files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_chat_resolved" lineno="2605">
<summary>
Exchange messages with
systemd resolved over dbus or varlink.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_dbus_chat_resolved" lineno="2628">
<summary>
Exchange messages with
systemd resolved over dbus (deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_private_tmp" lineno="2643">
<summary>
Make the specified type usable as a systemd private tmp type.
</summary>
<param name="domain">
<summary>
Type to be used as a private tmp type.
</summary>
</param>
</interface>
<interface name="systemd_delete_private_tmp" lineno="2661">
<summary>
Delete filesystem objects with systemd_delete_private_tmp attribute
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="systemd_read_efivarfs" lineno="2683">
<summary>
Make the specified type usable as a systemd read efivarfs type.
</summary>
<param name="domain">
<summary>
Type to be used as a read efivarfs type.
</summary>
</param>
</interface>
<interface name="systemd_userdbd_runtime_filetrans" lineno="2702">
<summary>
Create objects in the pid directory
with a private type with a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_userdbd_runtime_manage_symlinks" lineno="2721">
<summary>
Manage systemd-userdbd data symlinks.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_userdbd_stream_connect" lineno="2739">
<summary>
Connect to systemd-userdbd with a unix socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_manage_userdbd_runtime_sock_files" lineno="2763">
<summary>
Manage named sockets in userdbd runtime directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_connectto_socket_proxyd_unix_sockets" lineno="2781">
<summary>
Allows connections to the systemd-socket-proxyd's socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="systemd_socket_proxyd_bind_any" dftval="false">
<desc>
<p>
Allow systemd-socket-proxyd to bind any port instead of one labelled
with systemd_socket_proxyd_port_t.
</p>
</desc>
</tunable>
<tunable name="systemd_socket_proxyd_connect_any" dftval="false">
<desc>
<p>
Allow systemd-socket-proxyd to connect to any port instead of
labelled ones.
</p>
</desc>
</tunable>
</module>
<module name="udev" filename="policy/modules/system/udev.if">
<summary>Policy for udev.</summary>
<interface name="udev_signal" lineno="13">
<summary>
Send generic signals to udev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_domtrans" lineno="31">
<summary>
Execute udev in the udev domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="udev_exec" lineno="50">
<summary>
Execute udev in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_helper_domtrans" lineno="68">
<summary>
Execute a udev helper in the udev domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="udev_read_state" lineno="86">
<summary>
Allow process to read udev process state.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_dontaudit_use_fds" lineno="106">
<summary>
Do not audit attempts to inherit a
udev file descriptor.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="udev_dontaudit_rw_dgram_sockets" lineno="125">
<summary>
Do not audit attempts to read or write
to a udev unix datagram socket.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="udev_getattr_rules_chr_files" lineno="143">
<summary>
Getattr udev rules chr files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_manage_rules_files" lineno="161">
<summary>
Manage udev rules files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_dontaudit_search_db" lineno="183">
<summary>
Do not audit search of udev database directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="udev_read_db" lineno="207">
<summary>
Read the udev device table.
</summary>
<desc>
<p>
Allow the specified domain to read the udev device table.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="udev_rw_db" lineno="221">
<summary>
Allow process to modify list of devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_relabelto_db" lineno="241">
<summary>
Allow process to modify relabelto udev database
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_relabel_pid_sockfile" lineno="260">
<summary>
Relabel the udev sock_file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_read_pid_files" lineno="279">
<summary>
Create, read, write, and delete
udev pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_search_pids" lineno="301">
<summary>
Search through udev pid content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_manage_pid_dirs" lineno="321">
<summary>
Create, read, write, and delete
udev pid directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_manage_pid_files" lineno="341">
<summary>
Create, read, write, and delete
udev pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_run" lineno="367">
<summary>
Execute udev in the udev domain, and
allow the specified role the udev domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the iptables domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="udev_create_kobject_uevent_socket" lineno="386">
<summary>
Allow caller to create kobject uevent socket for udev
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_system_domain" lineno="411">
<summary>
Create a domain for processes
which can be started by udev.
</summary>
<param name="domain">
<summary>
Type to be used as a domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
</interface>
<interface name="udev_generic_pid_filetrans_run_dirs" lineno="442">
<summary>
Create directories in the run location with udev_var_run_t type
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="name" optional="true">
<summary>
Name of the directory that is created
</summary>
</param>
</interface>
</module>
<module name="unconfined" filename="policy/modules/system/unconfined.if">
<summary>The unconfined domain.</summary>
<interface name="unconfined_domain_noaudit" lineno="13">
<summary>
Make the specified domain unconfined.
</summary>
<param name="domain">
<summary>
Domain to make unconfined.
</summary>
</param>
</interface>
<interface name="unconfined_domain" lineno="129">
<summary>
Make the specified domain unconfined and
audit executable heap usage.
</summary>
<desc>
<p>
Make the specified domain unconfined and
audit executable heap usage.  With exception
of memory protections, usage of this interface
will result in the level of access the domain has
is like SELinux	was not being used.
</p>
<p>
Only completely trusted domains should use this interface.
</p>
</desc>
<param name="domain">
<summary>
Domain to make unconfined.
</summary>
</param>
</interface>
<interface name="unconfined_alias_domain" lineno="161">
<summary>
Add an alias type to the unconfined domain.  (Deprecated)
</summary>
<desc>
<p>
Add an alias type to the unconfined domain.  (Deprecated)
</p>
<p>
This is added to support targeted policy.  Its
use should be limited.  It has no effect
on the strict policy.
</p>
</desc>
<param name="domain">
<summary>
New alias of the unconfined domain.
</summary>
</param>
</interface>
<interface name="unconfined_execmem_alias_program" lineno="187">
<summary>
Add an alias type to the unconfined execmem
program file type.  (Deprecated)
</summary>
<desc>
<p>
Add an alias type to the unconfined execmem
program file type.  (Deprecated)
</p>
<p>
This is added to support targeted policy.  Its
use should be limited.  It has no effect
on the strict policy.
</p>
</desc>
<param name="domain">
<summary>
New alias of the unconfined execmem program type.
</summary>
</param>
</interface>
<interface name="unconfined_server_stream_connect" lineno="201">
<summary>
Connect to unconfined_server with a unix socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_server_stream_connectto" lineno="221">
<summary>
Connect to unconfined_service_t with a unix socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_server_domtrans" lineno="239">
<summary>
Connect to unconfined_server with a unix socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_server_dbus_chat" lineno="257">
<summary>
Allow caller domain to dbus chat unconfined_server.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_server_signull" lineno="277">
<summary>
Send signull to unconfined_service_t.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_server_siginh" lineno="295">
<summary>
Allow inherit signal state
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_server_noatsecure" lineno="313">
<summary>
Allow noatsecure.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_server_create_tcp_sockets" lineno="331">
<summary>
Create unconfined_service_t TCP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_server_create_udp_sockets" lineno="349">
<summary>
Create unconfined_service_t UDP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_server_create_unix_sockets" lineno="367">
<summary>
Create unconfined_service_t UNIX sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_server_dontaudit_rw_pipes" lineno="387">
<summary>
Do not audit attempts to read and write
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="unconfined_server_create_shm" lineno="405">
<summary>
Create and use unconfined service shared memory
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="unconfined_server_read_semaphores" lineno="423">
<summary>
Allow the specified domain read unconfined service semaphores
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_server_read_state" lineno="441">
<summary>
Allow the specified domain read unconfined service process state
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="userdomain" filename="policy/modules/system/userdomain.if">
<summary>Policy for user domains</summary>
<template name="userdom_base_user_template" lineno="24">
<summary>
The template containing the most basic rules common to all users.
</summary>
<desc>
<p>
The template containing the most basic rules common to all users.
</p>
<p>
This template creates a user domain, types, and
rules for the user's tty and pty.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<rolebase/>
</template>
<interface name="userdom_ro_home_role" lineno="202">
<summary>
Allow a home directory for which the
role has read-only access.
</summary>
<desc>
<p>
Allow a home directory for which the
role has read-only access.
</p>
<p>
This does not allow execute access.
</p>
</desc>
<param name="role">
<summary>
The user role
</summary>
</param>
<param name="userdomain">
<summary>
The user domain
</summary>
</param>
<rolebase/>
</interface>
<interface name="userdom_manage_home_role" lineno="254">
<summary>
Allow a home directory for which the
role has full access.
</summary>
<desc>
<p>
Allow a home directory for which the
role has full access.
</p>
<p>
This does not allow execute access.
</p>
</desc>
<param name="role">
<summary>
The user role
</summary>
</param>
<param name="userdomain">
<summary>
The user domain
</summary>
</param>
<rolebase/>
</interface>
<interface name="userdom_manage_tmp_files" lineno="324">
<summary>
Manage user temporary files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolebase/>
</interface>
<interface name="userdom_watch_tmp_dirs" lineno="342">
<summary>
Watch user temporary directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_watch_sb_tmp_dirs" lineno="360">
<summary>
Watch_sb user temporary directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_watch_mount_tmp_dirs" lineno="378">
<summary>
Watch_mount user temporary directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_watch_with_perm_tmp_dirs" lineno="396">
<summary>
Watch_with_perm user temporary directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_map_tmp_files" lineno="415">
<summary>
Mmap user temporary files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolebase/>
</interface>
<interface name="userdom_manage_tmp_sockets" lineno="434">
<summary>
Manage user temporary sockets
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolebase/>
</interface>
<interface name="userdom_manage_tmp_dirs" lineno="453">
<summary>
Manage user temporary directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolebase/>
</interface>
<interface name="userdom_mounton_tmp_dirs" lineno="472">
<summary>
Manage user temporary directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolebase/>
</interface>
<interface name="userdom_mounton_tmp_sockets" lineno="491">
<summary>
Mounton user temporary socket files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolebase/>
</interface>
<interface name="userdom_manage_tmp_role" lineno="515">
<summary>
Manage user temporary files
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolebase/>
</interface>
<interface name="userdom_dontaudit_search_user_bin_dirs" lineno="551">
<summary>
Dontaudit search of user bin dirs.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_exec_user_bin_files" lineno="569">
<summary>
Execute user bin files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_exec_user_tmp_files" lineno="590">
<summary>
The execute access user temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolebase/>
</interface>
<interface name="userdom_manage_tmpfs_files" lineno="612">
<summary>
Manage user temporary file system files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolebase/>
</interface>
<interface name="userdom_manage_tmpfs_role" lineno="646">
<summary>
Role access for the user tmpfs type
that the user has full access.
</summary>
<desc>
<p>
Role access for the user tmpfs type
that the user has full access.
</p>
<p>
This does not allow execute access.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="userdom_basic_networking" lineno="663">
<summary>
The interface allowing the user basic
network permissions
</summary>
<param name="userdomain">
<summary>
The user domain
</summary>
</param>
<rolebase/>
</interface>
<template name="userdom_xwindows_client_template" lineno="700">
<summary>
The template for creating a user xwindows client.  (Deprecated)
</summary>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<rolebase/>
</template>
<template name="userdom_change_password_template" lineno="745">
<summary>
The template for allowing the user to change passwords.
NOTE! This template also allows the user to change shell.
If you want to only allow changing passwords, you should
use usermanage_run_passwd() instead.
</summary>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<rolebase/>
</template>
<template name="userdom_common_user_template" lineno="775">
<summary>
The template containing rules common to unprivileged
users and administrative users.
</summary>
<desc>
<p>
This template creates a user domain, types, and
rules for the user's tty, pty, tmp, and tmpfs files.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
</template>
<template name="userdom_login_user_template" lineno="1090">
<summary>
The template for creating a login user.
</summary>
<desc>
<p>
This template creates a user domain, types, and
rules for the user's tty, pty, home directories,
tmp, and tmpfs files.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
</template>
<template name="userdom_restricted_user_template" lineno="1266">
<summary>
The template for creating a unprivileged login user.
</summary>
<desc>
<p>
This template creates a user domain, types, and
rules for the user's tty, pty, home directories,
tmp, and tmpfs files.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
</template>
<template name="userdom_restricted_xwindows_user_template" lineno="1313">
<summary>
The template for creating a unprivileged xwindows login user.
</summary>
<desc>
<p>
The template for creating a unprivileged xwindows login user.
</p>
<p>
This template creates a user domain, types, and
rules for the user's tty, pty, home directories,
tmp, and tmpfs files.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
</template>
<template name="userdom_unpriv_user_template" lineno="1483">
<summary>
The template for creating a unprivileged user roughly
equivalent to a regular linux user.
</summary>
<desc>
<p>
The template for creating a unprivileged user roughly
equivalent to a regular linux user.
</p>
<p>
This template creates a user domain, types, and
rules for the user's tty, pty, home directories,
tmp, and tmpfs files.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
</template>
<template name="userdom_admin_user_template" lineno="1649">
<summary>
The template for creating an administrative user.
</summary>
<desc>
<p>
This template creates a user domain, types, and
rules for the user's tty, pty, home directories,
tmp, and tmpfs files.
</p>
<p>
The privileges given to administrative users are:
<ul>
<li>Raw disk access</li>
<li>Set all sysctls</li>
<li>All kernel ring buffer controls</li>
<li>Create, read, write, and delete all files but shadow</li>
<li>Manage source and binary format SELinux policy</li>
<li>Run insmod</li>
</ul>
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., sysadm
is the prefix for sysadm_t).
</summary>
</param>
</template>
<template name="userdom_security_admin" lineno="1870">
<summary>
Allow user to run as a secadm
</summary>
<desc>
<p>
Create objects in a user home directory
with an automatic type transition to
a specified private type.
</p>
<p>
This is a templated interface, and should only
be called from a per-userdomain template.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role  of the object to create.
</summary>
</param>
</template>
<interface name="userdom_user_application_type" lineno="1953">
<summary>
Make the specified type usable as
a user application domain type.
</summary>
<param name="type">
<summary>
Type to be used as a user application domain.
</summary>
</param>
</interface>
<interface name="userdom_user_application_domain" lineno="1974">
<summary>
Make the specified type usable as
a user application domain.
</summary>
<param name="type">
<summary>
Type to be used as a user application domain.
</summary>
</param>
<param name="type">
<summary>
Type to be used as the domain entry point.
</summary>
</param>
</interface>
<interface name="userdom_user_home_content" lineno="1991">
<summary>
Make the specified type usable in a
user home directory.
</summary>
<param name="type">
<summary>
Type to be used as a file in the
user home directory.
</summary>
</param>
</interface>
<interface name="userdom_user_tmp_file" lineno="2020">
<summary>
Make the specified type usable as a
user temporary file.
</summary>
<param name="type">
<summary>
Type to be used as a file in the
temporary directories.
</summary>
</param>
</interface>
<interface name="userdom_user_tmpfs_file" lineno="2037">
<summary>
Make the specified type usable as a
user tmpfs file.
</summary>
<param name="type">
<summary>
Type to be used as a file in
tmpfs directories.
</summary>
</param>
</interface>
<interface name="userdom_user_tmp_content" lineno="2054">
<summary>
Make the specified type usable as
user temporary content.
</summary>
<param name="type">
<summary>
Type to be used as a file in the
generic temporary directory.
</summary>
</param>
</interface>
<interface name="userdom_user_tmpfs_content" lineno="2077">
<summary>
Make the specified type usable in a
generic tmpfs_t directory.
</summary>
<param name="type">
<summary>
Type to be used as a file in the
generic temporary directory.
</summary>
</param>
</interface>
<interface name="userdom_attach_admin_tun_iface" lineno="2092">
<summary>
Allow domain to attach to TUN devices created by administrative users.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_setattr_user_ptys" lineno="2111">
<summary>
Set the attributes of a user pty.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_create_user_pty" lineno="2129">
<summary>
Create a user pty.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_getattr_user_home_dirs" lineno="2147">
<summary>
Get the attributes of user home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_getattr_user_home_dirs" lineno="2166">
<summary>
Do not audit attempts to get the attributes of user home directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_search_user_home_dirs" lineno="2184">
<summary>
Search user home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_search_user_tmp_dirs" lineno="2204">
<summary>
Search user tmp directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_search_user_home_dirs" lineno="2231">
<summary>
Do not audit attempts to search user home directories.
</summary>
<desc>
<p>
Do not audit attempts to search user home directories.
This will supress SELinux denial messages when the specified
domain is denied the permission to search these directories.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="userdom_list_user_home_dirs" lineno="2249">
<summary>
List user home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_list_user_home_dirs" lineno="2276">
<summary>
Do not audit attempts to list user home subdirectories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_create_user_home_dirs" lineno="2296">
<summary>
Create user home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_watch_user_home_dirs" lineno="2314">
<summary>
Watch user home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_home_dirs" lineno="2332">
<summary>
Create user home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_manage_user_home_dirs" lineno="2350">
<summary>
Create user home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_relabelto_user_home_dirs" lineno="2368">
<summary>
Relabel to user home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_relabelto_user_home_files" lineno="2386">
<summary>
Relabel to user home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_relabel_user_home_files" lineno="2403">
<summary>
Relabel user home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_relabel_user_home_dirs" lineno="2421">
<summary>
Relabel user home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_home_filetrans_user_home_dir" lineno="2445">
<summary>
Create directories in the home dir root with
the user home directory type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="userdom_user_home_domtrans" lineno="2482">
<summary>
Do a domain transition to the specified
domain when executing a program in the
user home directory.
</summary>
<desc>
<p>
Do a domain transition to the specified
domain when executing a program in the
user home directory.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="source_domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
Domain to transition to.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_search_user_home_content" lineno="2502">
<summary>
Do not audit attempts to search user home content directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_list_all_user_home_content" lineno="2522">
<summary>
List all users home content directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_list_user_home_content" lineno="2541">
<summary>
List contents of users home directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_home_content_dirs" lineno="2562">
<summary>
Create, read, write, and delete directories
in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_user_home_content_dirs" lineno="2581">
<summary>
Delete directories in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_user_home_content_files" lineno="2599">
<summary>
Delete files in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_all_user_home_content_dirs" lineno="2617">
<summary>
Delete all directories in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_setattr_user_home_content_files" lineno="2636">
<summary>
Set the attributes of user home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="userdom_setattr_user_tmp_files" lineno="2655">
<summary>
Set the attributes of user tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="userdom_create_user_tmp_sockets" lineno="2673">
<summary>
Create a user tmp sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="usedom_dontaudit_user_getattr_tmp_sockets" lineno="2693">
<summary>
Dontaudit getattr on user tmp sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_user_getattr_tmp_sockets" lineno="2708">
<summary>
Dontaudit getattr on user tmp sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_relabel_user_tmp_files" lineno="2727">
<summary>
Relabel user tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="userdom_relabel_user_tmp_dirs" lineno="2746">
<summary>
Relabel user tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="userdom_dontaudit_setattr_user_home_content_files" lineno="2765">
<summary>
Do not audit attempts to set the
attributes of user home files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_setattr_all_user_home_content_dirs" lineno="2784">
<summary>
Set the attributes of all user home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="userdom_mmap_user_home_content_files" lineno="2802">
<summary>
Mmap user home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_map_user_home_files" lineno="2821">
<summary>
map user home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_read_user_home_content_files" lineno="2839">
<summary>
Read user home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_getattr_user_home_content" lineno="2861">
<summary>
Do not audit attempts to getattr user home files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_read_user_home_content_files" lineno="2880">
<summary>
Do not audit attempts to read user home files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_mmap_user_home_content_files" lineno="2902">
<summary>
Do not audit attempts to mmap user home files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_append_user_home_content_files" lineno="2920">
<summary>
Do not audit attempts to append user home files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_write_user_home_content_files" lineno="2938">
<summary>
Do not audit attempts to write user home files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_delete_all_user_home_content_files" lineno="2956">
<summary>
Delete all files in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_user_home_content_sock_files" lineno="2974">
<summary>
Delete sock files in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_all_user_home_content_sock_files" lineno="2992">
<summary>
Delete all sock files in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_all_user_home_content" lineno="3010">
<summary>
Delete all files in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_relabel_user_home_content_files" lineno="3028">
<summary>
Do not audit attempts to write user home files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_read_user_home_content_symlinks" lineno="3046">
<summary>
Read user home subdirectory symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_exec_user_home_content_files" lineno="3065">
<summary>
Execute user home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="userdom_dontaudit_exec_user_home_content_files" lineno="3086">
<summary>
Do not audit attempts to execute user home files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_home_content_files" lineno="3105">
<summary>
Create, read, write, and delete files
in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_manage_user_home_content_dirs" lineno="3127">
<summary>
Do not audit attempts to create, read, write, and delete directories
in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_home_content_symlinks" lineno="3146">
<summary>
Create, read, write, and delete symbolic links
in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_user_home_content_symlinks" lineno="3166">
<summary>
Delete symbolic links in a user home directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_all_user_home_content_symlinks" lineno="3184">
<summary>
Delete all symbolic links in a user home directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_home_content_pipes" lineno="3203">
<summary>
Create, read, write, and delete named pipes
in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_home_content_sockets" lineno="3224">
<summary>
Create, read, write, and delete named sockets
in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_user_home_dir_filetrans" lineno="3261">
<summary>
Create objects in a user home directory
with an automatic type transition to
a specified private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to create.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="userdom_user_home_content_filetrans" lineno="3297">
<summary>
Create objects in a user home directory
with an automatic type transition to
a specified private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to create.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="userdom_user_home_dir_filetrans_user_home_content" lineno="3329">
<summary>
Create objects in a user home directory
with an automatic type transition to
the user home file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="userdom_write_user_tmp_sockets" lineno="3348">
<summary>
Write to user temporary named sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_list_user_tmp" lineno="3367">
<summary>
List user temporary directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_list_user_tmp" lineno="3387">
<summary>
Do not audit attempts to list user
temporary directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_manage_user_tmp_dirs" lineno="3406">
<summary>
Do not audit attempts to manage users
temporary directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_getattr_user_tmp_files" lineno="3424">
<summary>
Read user temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_read_user_tmp_files" lineno="3443">
<summary>
Read user temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_append_user_tmp_files" lineno="3463">
<summary>
Read user temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_read_user_tmp_files" lineno="3481">
<summary>
Do not audit attempts to read users
temporary files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_append_user_tmp_files" lineno="3500">
<summary>
Do not audit attempts to append users
temporary files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_rw_user_tmp_files" lineno="3518">
<summary>
Read and write user temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_rw_user_tmp_sock_files" lineno="3537">
<summary>
Read and write user temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_manage_user_tmp_files" lineno="3558">
<summary>
Do not audit attempts to manage users
temporary files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_read_user_tmp_symlinks" lineno="3576">
<summary>
Read user temporary symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_tmp_dirs" lineno="3597">
<summary>
Create, read, write, and delete user
temporary directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_tmp_files" lineno="3617">
<summary>
Create, read, write, and delete user
temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_filetrans_named_user_tmp_files" lineno="3637">
<summary>
Create, read, write, and delete user
temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_tmp_symlinks" lineno="3657">
<summary>
Create, read, write, and delete user
temporary symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_rw_inherited_user_tmp_pipes" lineno="3677">
<summary>
Create, read, write, and delete user
temporary named pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_tmp_pipes" lineno="3698">
<summary>
Create, read, write, and delete user
temporary named pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_tmp_sockets" lineno="3718">
<summary>
Create, read, write, and delete user
temporary named sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_user_tmp_filetrans" lineno="3754">
<summary>
Create objects in a user temporary directory
with an automatic type transition to
a specified private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to create.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="userdom_tmp_filetrans_user_tmp" lineno="3785">
<summary>
Create objects in the temporary directory
with an automatic type transition to
the user temporary type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="userdom_getattr_user_tmpfs_files" lineno="3803">
<summary>
Getattr user tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_read_user_tmpfs_files" lineno="3818">
<summary>
Read user tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_rw_user_tmpfs_files" lineno="3833">
<summary>
Read/Write user tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_tmpfs_files" lineno="3848">
<summary>
Manage user tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_rw_inherited_user_tmpfs_files" lineno="3863">
<summary>
Read/Write inherited user tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_execute_user_tmpfs_files" lineno="3878">
<summary>
Execute user tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_execute_user_tmp_files" lineno="3893">
<summary>
Execute user tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_getattr_user_ttys" lineno="3911">
<summary>
Get the attributes of a user domain tty.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_getattr_user_ttys" lineno="3929">
<summary>
Do not audit attempts to get the attributes of a user domain tty.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_setattr_user_ttys" lineno="3947">
<summary>
Set the attributes of a user domain tty.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_setattr_user_ttys" lineno="3965">
<summary>
Do not audit attempts to set the attributes of a user domain tty.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_use_user_ttys" lineno="3983">
<summary>
Read and write a user domain tty.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_use_inherited_user_ttys" lineno="4001">
<summary>
Read and write a inherited user domain tty.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_use_user_ptys" lineno="4019">
<summary>
Read and write a user domain pty.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_watch_user_ptys" lineno="4037">
<summary>
Watch a user pty.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_watch_reads_user_ptys" lineno="4055">
<summary>
Watch_reads a user pty.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_use_inherited_user_ptys" lineno="4073">
<summary>
Read and write a inherited user domain pty.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_use_inherited_user_terminals" lineno="4101">
<summary>
Read and write a inherited user TTYs and PTYs.
</summary>
<desc>
<p>
Allow the specified domain to read and write inherited user
TTYs and PTYs. This will allow the domain to
interact with the user via the terminal. Typically
all interactive applications will require this
access.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="userdom_use_user_terminals" lineno="4121">
<summary>
Allow attempts to read and write
a user domain tty and pty.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_use_user_terminals" lineno="4141">
<summary>
Do not audit attempts to read and write
a user domain tty and pty.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_getattr_user_terminals" lineno="4161">
<summary>
Get attributes of user domain tty and pty.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_spec_domtrans_all_users" lineno="4181">
<summary>
Execute a shell in all user domains.  This
is an explicit transition, requiring the
caller to use setexeccon().
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="userdom_xsession_spec_domtrans_all_users" lineno="4204">
<summary>
Execute an Xserver session in all unprivileged user domains.  This
is an explicit transition, requiring the
caller to use setexeccon().
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="userdom_spec_domtrans_unpriv_users" lineno="4227">
<summary>
Execute a shell in all unprivileged user domains.  This
is an explicit transition, requiring the
caller to use setexeccon().
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="userdom_spec_domtrans_admin_users" lineno="4250">
<summary>
Execute a shell in all admin user domains.  This
is an explicit transition, requiring the
caller to use setexeccon().
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="userdom_spec_domtrans_confined_admin_users" lineno="4273">
<summary>
Execute a shell in all confined admin user domains.  This
is an explicit transition, requiring the
caller to use setexeccon().
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="userdom_dyntransition_unpriv_users" lineno="4294">
<summary>
Allow domain dyntrans to unpriv userdomain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dyntransition_admin_users" lineno="4312">
<summary>
Allow domain dyntrans to admin userdomain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_xsession_spec_domtrans_unpriv_users" lineno="4332">
<summary>
Execute an Xserver session in all unprivileged user domains.  This
is an explicit transition, requiring the
caller to use setexeccon().
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="userdom_manage_unpriv_user_semaphores" lineno="4353">
<summary>
Manage unpriviledged user SysV sempaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_unpriv_user_shared_mem" lineno="4372">
<summary>
Manage unpriviledged user SysV shared
memory segments.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_destroy_unpriv_user_shared_mem" lineno="4391">
<summary>
Destroy unpriviledged user SysV shared
memory segments.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_destroy_unpriv_user_msgq" lineno="4409">
<summary>
Destroy unpriviledged user's message queue entries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_bin_spec_domtrans_unpriv_users" lineno="4429">
<summary>
Execute bin_t in the unprivileged user domains. This
is an explicit transition, requiring the
caller to use setexeccon().
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="userdom_entry_spec_domtrans_unpriv_users" lineno="4452">
<summary>
Execute all entrypoint files in unprivileged user
domains. This is an explicit transition, requiring the
caller to use setexeccon().
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_search_user_home_content" lineno="4473">
<summary>
Search users home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_signal_unpriv_users" lineno="4494">
<summary>
Send general signals to unprivileged user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_use_unpriv_users_fds" lineno="4512">
<summary>
Inherit the file descriptors from unprivileged user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_use_unpriv_user_fds" lineno="4540">
<summary>
Do not audit attempts to inherit the file descriptors
from unprivileged user domains.
</summary>
<desc>
<p>
Do not audit attempts to inherit the file descriptors
from unprivileged user domains. This will supress
SELinux denial messages when the specified domain is denied
the permission to inherit these file descriptors.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="userdom_dontaudit_use_user_ptys" lineno="4558">
<summary>
Do not audit attempts to use user ptys.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_open_user_ptys" lineno="4576">
<summary>
Do not audit attempts to open user ptys.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_relabelto_user_ptys" lineno="4594">
<summary>
Relabel files to unprivileged user pty types.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_relabelfrom_user_ptys" lineno="4613">
<summary>
Do not audit attempts to relabel files from
user pty types.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_write_user_tmp_files" lineno="4631">
<summary>
Write all users files in /tmp
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_write_user_tmp_files" lineno="4650">
<summary>
Do not audit attempts to write users
temporary files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_delete_user_tmp_files" lineno="4669">
<summary>
Do not audit attempts to delete users
temporary files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_rw_user_tmp_pipes" lineno="4688">
<summary>
Do not audit attempts to read/write users
temporary fifo files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_rw_inherited_user_pipes" lineno="4707">
<summary>
Allow domain to read/write inherited users
fifo files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_use_user_ttys" lineno="4725">
<summary>
Do not audit attempts to use user ttys.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_read_all_users_state" lineno="4743">
<summary>
Read the process state of all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_getattr_all_users" lineno="4763">
<summary>
Get the attributes of all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_use_all_users_fds" lineno="4781">
<summary>
Inherit the file descriptors from all user domains
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_use_all_users_fds" lineno="4800">
<summary>
Do not audit attempts to inherit the file
descriptors from any user domains.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_signal_all_users" lineno="4818">
<summary>
Send general signals to all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_signull_all_users" lineno="4836">
<summary>
Send signull to all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_kill_all_users" lineno="4854">
<summary>
Send kill signals to all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_sigchld_all_users" lineno="4872">
<summary>
Send a SIGCHLD signal to all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_read_all_users_keys" lineno="4890">
<summary>
Read keys for all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_view_all_users_keys" lineno="4908">
<summary>
View keys for all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_write_all_users_keys" lineno="4926">
<summary>
Write keys for all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_rw_all_users_keys" lineno="4944">
<summary>
Read and write keys for all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_create_all_users_keys" lineno="4962">
<summary>
Create keys for all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dbus_send_all_users" lineno="4980">
<summary>
Send a dbus message to all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_set_rlimitnh" lineno="5001">
<summary>
Allow apps to set rlimits on userdomain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="userdom_unpriv_usertype" lineno="5025">
<summary>
Define this type as a Allow apps to set rlimits on userdomain
</summary>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</template>
<template name="userdom_unpriv_type" lineno="5048">
<summary>
Define this type as a Allow apps to set rlimits on userdomain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</template>
<interface name="userdom_stream_connect" lineno="5068">
<summary>
Connect to users over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_ptrace_all_users" lineno="5087">
<summary>
Ptrace user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_search_admin_dir" lineno="5107">
<summary>
dontaudit Search /root
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_list_admin_dir" lineno="5126">
<summary>
dontaudit list /root
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_list_admin_dir" lineno="5145">
<summary>
Allow domain to  list /root
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_search_admin_dir" lineno="5164">
<summary>
Allow Search /root
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_create_admin_dir" lineno="5183">
<summary>
dontaudit create dirs /root
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_manage_admin_dirs" lineno="5202">
<summary>
allow manage dirs /root
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_manage_admin_files" lineno="5220">
<summary>
allow manage files /root
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_manage_admin_dir" lineno="5238">
<summary>
dontaudit manage dirs /root
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_manage_admin_files" lineno="5256">
<summary>
dontaudit manage files /root
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_rw_semaphores" lineno="5274">
<summary>
RW unpriviledged user SysV sempaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dgram_send" lineno="5293">
<summary>
Send a message to unpriv users over a unix domain
datagram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_users_dgram_send" lineno="5312">
<summary>
Send a message to users over a unix domain
datagram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_execmod_user_home_files" lineno="5331">
<summary>
Allow execmod on files in homedirectory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolebase/>
</interface>
<interface name="userdom_read_admin_home_files" lineno="5350">
<summary>
Read admin home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="userdom_delete_admin_home_files" lineno="5370">
<summary>
Delete admin home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="userdom_exec_admin_home_files" lineno="5390">
<summary>
Execute admin home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="userdom_inherit_append_admin_home_files" lineno="5410">
<summary>
Append files inherited
in the /root directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_home_content" lineno="5430">
<summary>
Manage all files/directories in the homedir
</summary>
<param name="userdomain">
<summary>
The user domain
</summary>
</param>
<rolebase/>
</interface>
<interface name="userdom_manage_all_user_home_type_dirs" lineno="5456">
<summary>
Manage all dirs in the homedir
</summary>
<param name="userdomain">
<summary>
The user domain
</summary>
</param>
</interface>
<interface name="userdom_manage_all_user_home_type_files" lineno="5476">
<summary>
Manage all files in the homedir
</summary>
<param name="userdomain">
<summary>
The user domain
</summary>
</param>
</interface>
<interface name="userdom_user_home_dir_filetrans_pattern" lineno="5504">
<summary>
Create objects in a user home directory
with an automatic type transition to
the user home file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
</interface>
<interface name="userdom_admin_home_dir_filetrans" lineno="5539">
<summary>
Create objects in the /root directory
with an automatic type transition to
a specified private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to create.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="userdom_signull_unpriv_users" lineno="5558">
<summary>
Send signull to unprivileged user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_write_user_tmp_dirs" lineno="5576">
<summary>
Write all users files in /tmp
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_all_users_keys" lineno="5596">
<summary>
Manage keys for all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_rw_stream" lineno="5616">
<summary>
Do not audit attempts to read and write
userdomain stream.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_rw_stream" lineno="5634">
<summary>
Read and write	userdomain stream.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_connectto_stream" lineno="5652">
<summary>
Read and write	userdomain stream.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_rw_dgram_socket" lineno="5671">
<summary>
Do not audit attempts to read and write
unserdomain datagram socket.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_append_user_home_content_files" lineno="5690">
<summary>
Append files
in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_read_inherited_user_home_content_files" lineno="5711">
<summary>
Read files inherited
in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_read_inherited_admin_home_files" lineno="5729">
<summary>
Dontaudit Read files inherited from the admin home dir.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_append_inherited_admin_home_file" lineno="5747">
<summary>
Dontaudit append files inherited from the admin home dir.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_rw_inherited_user_home_content_files" lineno="5766">
<summary>
Read/Write files inherited
in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_inherit_append_user_home_content_files" lineno="5785">
<summary>
Append files inherited
in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_inherit_append_user_tmp_files" lineno="5804">
<summary>
Append files inherited
in a user tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_read_home_audio_files" lineno="5823">
<summary>
Read audio files in the users homedir.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="userdom_manage_home_texlive" lineno="5845">
<summary>
Manage texlive content in the users homedir.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="userdom_dontaudit_write_all_user_home_content_files" lineno="5870">
<summary>
Do not audit attempts to write all user home content files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_write_all_user_tmp_content_files" lineno="5888">
<summary>
Do not audit attempts to write all user tmp content files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_manage_all_user_tmp_content" lineno="5906">
<summary>
Manage all user temporary content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_list_all_user_tmp_content" lineno="5929">
<summary>
List all user temporary content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_all_user_tmpfs_content" lineno="5953">
<summary>
Manage all user tmpfs content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_all_user_tmp_content" lineno="5968">
<summary>
Delete all user temporary content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_read_home_certs" lineno="5993">
<summary>
Read system SSL certificates in the users homedir.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_map_home_certs" lineno="6011">
<summary>
mmap system SSL certificates in the users homedir.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_home_certs" lineno="6029">
<summary>
Manage system SSL certificates in the users homedir.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_write_home_certs" lineno="6055">
<summary>
Dontaudit Write system SSL certificates in the users homedir.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_getattr_admin_home_files" lineno="6073">
<summary>
dontaudit Search getatrr /root files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_read_admin_home_lnk_files" lineno="6091">
<summary>
dontaudit read /root lnk files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_read_admin_home_files" lineno="6109">
<summary>
dontaudit read /root files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_tmp_chr_files" lineno="6129">
<summary>
Create, read, write, and delete user
temporary chr files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_tmp_blk_files" lineno="6149">
<summary>
Create, read, write, and delete user
temporary blk files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_setattr_user_tmp" lineno="6168">
<summary>
Dontaudit attempt to set attributes on  user temporary directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_setattr_user_tmpfs" lineno="6186">
<summary>
Dontaudit attempt to set attributes on  user temporary file system files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_read_inherited_user_tmp_files" lineno="6201">
<summary>
Read all inherited users files in /tmp
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_mmap_rw_inherited_user_tmp_files" lineno="6219">
<summary>
Read/write/mmap all inherited users files in /tmp
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_rw_inherited_user_tmp_files" lineno="6237">
<summary>
Read/write all inherited users files in /tmp
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_write_inherited_user_tmp_files" lineno="6255">
<summary>
Write all inherited users files in /tmp
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_rw_inherited_user_home_sock_files" lineno="6273">
<summary>
Write all inherited users home files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_user_tmp_files" lineno="6291">
<summary>
Delete all users files in /tmp
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_user_tmpfs_files" lineno="6309">
<summary>
Delete user tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_rw_unpriv_user_shared_mem" lineno="6325">
<summary>
Read/Write unpriviledged user SysV shared
memory segments.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_search_user_tmp" lineno="6344">
<summary>
Do not audit attempts to search user
temporary directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_domtrans_user_home" lineno="6379">
<summary>
Execute a file in a user home directory
in the specified domain.
</summary>
<desc>
<p>
Execute a file in a user home directory
in the specified domain.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="userdom_domtrans_user_tmp" lineno="6416">
<summary>
Execute a file in a user tmp directory
in the specified domain.
</summary>
<desc>
<p>
Execute a file in a user tmp directory
in the specified domain.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_read_all_user_home_content_files" lineno="6437">
<summary>
Do not audit attempts to read all user home content files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_read_all_user_tmp_content_files" lineno="6455">
<summary>
Do not audit attempts to read all user tmp content files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_rw_unpriv_user_semaphores" lineno="6473">
<summary>
Read and write unpriviledged user SysV sempaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_filetrans_home_content" lineno="6491">
<summary>
Transition to userdom named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_home_reader" lineno="6509">
<summary>
Make the specified type able to read content in user home dirs
</summary>
<param name="type">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_home_manager" lineno="6528">
<summary>
Make the specified type able to manage content in user home dirs
</summary>
<param name="type">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_tmpfs_filetrans" lineno="6558">
<summary>
Create objects in the temporary filesystem directory
with an automatic type transition to
the user temporary filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="userdom_tmpfs_filetrans_to" lineno="6594">
<summary>
Create objects in the temporary filesystem directory
with an automatic type transition to
the user temporary filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="userdom_filetrans_generic_home_content" lineno="6612">
<summary>
File name transition for generic home content files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_transition" lineno="6644">
<summary>
Allow caller to transition to any userdomain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_nnp_transition_login_userdomain" lineno="6662">
<summary>
Allow caller to nnp_transition to login userdomain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_transition_login_userdomain" lineno="6680">
<summary>
Allow caller to transition to login userdomain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_noatsecure_login_userdomain" lineno="6698">
<summary>
Allow caller noatsecure permission.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_sigchld_login_userdomain" lineno="6716">
<summary>
Allow caller to send sigchld to login userdomain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_login_userdomain" lineno="6734">
<summary>
Add caller login userdomain attribute.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_append_stream_userdomain" lineno="6752">
<summary>
Append to login_userdomain stream.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_access_check_user_content" lineno="6771">
<summary>
Do not audit attempts to check the
access on user content files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<template name="userdom_confined_admin_template" lineno="6800">
<summary>
The template containing the most basic rules common to confined admin.
</summary>
<desc>
<p>
The template containing the most basic rules common to all users.
</p>
<p>
This template creates a user domain, types, and
rules for the user's tty and pty.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<rolebase/>
</template>
<template name="userdom_security_admin_template" lineno="6861">
<summary>
Allow user to run as a secadm
</summary>
<desc>
<p>
Create objects in a user home directory
with an automatic type transition to
a specified private type.
</p>
<p>
This is a templated interface, and should only
be called from a per-userdomain template.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role  of the object to create.
</summary>
</param>
</template>
<interface name="userdom_prog_run_bpf_userdomain" lineno="6943">
<summary>
Allow caller domain to run bpftool on userdomain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="selinuxuser_mysql_connect_enabled" dftval="false">
<desc>
<p>
Allow users to connect to the local mysql server
</p>
</desc>
</tunable>
<tunable name="selinuxuser_postgresql_connect_enabled" dftval="false">
<desc>
<p>
Allow users to connect to PostgreSQL
</p>
</desc>
</tunable>
<tunable name="selinuxuser_rw_noexattrfile" dftval="false">
<desc>
<p>
Allow user to r/w files on filesystems
that do not have extended attributes (FAT, CDROM, FLOPPY)
</p>
</desc>
</tunable>
<tunable name="selinuxuser_share_music" dftval="false">
<desc>
<p>
Allow user music sharing
</p>
</desc>
</tunable>
<tunable name="selinuxuser_use_ssh_chroot" dftval="false">
<desc>
<p>
Allow user  to use ssh chroot environment.
</p>
</desc>
</tunable>
</module>
</layer>
<tunable name="deny_ptrace" dftval="false">
<desc>
<p>
Deny any process from ptracing or debugging any other processes.
</p>
</desc>
</tunable>
<tunable name="selinuxuser_execheap" dftval="false">
<desc>
<p>
Allow unconfined executables to make their heap memory executable.  Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla
</p>
</desc>
</tunable>
<tunable name="deny_execmem" dftval="false">
<desc>
<p>
Deny user domains applications to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla
</p>
</desc>
</tunable>
<tunable name="selinuxuser_execmod" dftval="false">
<desc>
<p>
Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t
</p>
</desc>
</tunable>
<tunable name="selinuxuser_execstack" dftval="false">
<desc>
<p>
Allow unconfined executables to make their stack executable.  This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla
</p>
</desc>
</tunable>
<tunable name="polyinstantiation_enabled" dftval="false">
<desc>
<p>
Enable polyinstantiated directory support.
</p>
</desc>
</tunable>
<tunable name="nis_enabled" dftval="false">
<desc>
<p>
Allow system to run with NIS
</p>
</desc>
</tunable>
<tunable name="login_console_enabled" dftval="true">
<desc>
<p>
Allow logging in and using the system from /dev/console.
</p>
</desc>
</tunable>
<tunable name="global_ssp" dftval="false">
<desc>
<p>
Enable reading of urandom for all domains.
</p>
<p>
This should be enabled when all programs
are compiled with ProPolice/SSP
stack smashing protection.  All domains will
be allowed to read from /dev/urandom.
</p>
</desc>
</tunable>
<tunable name="nfs_export_all_rw" dftval="false">
<desc>
<p>
Allow any files/directories to be exported read/write via NFS.
</p>
</desc>
</tunable>
<tunable name="nfs_export_all_ro" dftval="false">
<desc>
<p>
Allow any files/directories to be exported read/only via NFS.
</p>
</desc>
</tunable>
<tunable name="use_nfs_home_dirs" dftval="false">
<desc>
<p>
Support NFS home directories
</p>
</desc>
</tunable>
<tunable name="use_samba_home_dirs" dftval="false">
<desc>
<p>
Support SAMBA home directories
</p>
</desc>
</tunable>
<tunable name="use_ecryptfs_home_dirs" dftval="false">
<desc>
<p>
Support ecryptfs home directories
</p>
</desc>
</tunable>
<tunable name="use_fusefs_home_dirs" dftval="false">
<desc>
<p>
Support fusefs home directories
</p>
</desc>
</tunable>
<tunable name="selinuxuser_tcp_server" dftval="false">
<desc>
<p>
Allow users to run TCP servers (bind to ports and accept connection from
the same domain and outside users)  disabling this forces FTP passive mode
and may change other protocols.
</p>
</desc>
</tunable>
<tunable name="selinuxuser_udp_server" dftval="false">
<desc>
<p>
Allow users to run UDP servers (bind to ports and accept connection from
the same domain and outside users)  disabling this may break avahi
discovering services on the network and other udp related services.
</p>
</desc>
</tunable>
<tunable name="mount_anyfile" dftval="false">
<desc>
<p>
Allow the mount commands to mount any directory or file.
</p>
</desc>
</tunable>
<tunable name="use_virtualbox" dftval="false">
<desc>
<p>
Allow create vbox modules during startup new kernel.
</p>
</desc>
</tunable>
<tunable name="deny_bluetooth" dftval="false">
<desc>
<p>
Deny all system processes and Linux users to use bluetooth wireless technology.
</p>
</desc>
</tunable>
<bool name="secure_mode" dftval="false">
<desc>
<p>
disallow programs, such as
newrole, from transitioning to administrative
user domains.
</p>
</desc>
</bool>
</policy>